-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Google Binary Authorization SDK.
--   
--   The management interface for Binary Authorization, a system providing
--   policy control for images deployed to Kubernetes Engine clusters.
--   
--   <i>Warning:</i> This is an experimental prototype/preview release
--   which is still under exploratory development and not intended for
--   public use, caveat emptor!
--   
--   This library is compatible with version <tt>v1beta1</tt> of the API.
@package gogol-binaryauthorization
@version 0.5.0


module Network.Google.BinaryAuthorization.Types

-- | Default request referring to version <tt>v1beta1</tt> of the Binary
--   Authorization API. This contains the host and root path used as a
--   starting point for constructing service requests.
binaryAuthorizationService :: ServiceConfig

-- | View and manage your data across Google Cloud Platform services
cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"]

-- | A public key in the PkixPublicKey format (see
--   https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
--   Public keys of this type are typically textually encoded using the PEM
--   format.
--   
--   <i>See:</i> <a>pkixPublicKey</a> smart constructor.
data PkixPublicKey

-- | Creates a value of <a>PkixPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ppkPublicKeyPem</a></li>
--   <li><a>ppkSignatureAlgorithm</a></li>
--   </ul>
pkixPublicKey :: PkixPublicKey

-- | A PEM-encoded public key, as described in
--   https://tools.ietf.org/html/rfc7468#section-13
ppkPublicKeyPem :: Lens' PkixPublicKey (Maybe Text)

-- | The signature algorithm used to verify a message against a signature
--   using this key. These signature algorithm must match the structure and
--   any object identifiers encoded in `public_key_pem` (i.e. this
--   algorithm must match that of the public key).
ppkSignatureAlgorithm :: Lens' PkixPublicKey (Maybe PkixPublicKeySignatureAlgorithm)

-- | Represents an expression text. Example: title: "User account presence"
--   description: "Determines whether the request has a user account"
--   expression: "size(request.user) &gt; 0"
--   
--   <i>See:</i> <a>expr</a> smart constructor.
data Expr

-- | Creates a value of <a>Expr</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>eLocation</a></li>
--   <li><a>eExpression</a></li>
--   <li><a>eTitle</a></li>
--   <li><a>eDescription</a></li>
--   </ul>
expr :: Expr

-- | An optional string indicating the location of the expression for error
--   reporting, e.g. a file name and a position in the file.
eLocation :: Lens' Expr (Maybe Text)

-- | Textual representation of an expression in Common Expression Language
--   syntax. The application context of the containing message determines
--   which well-known feature set of CEL is supported.
eExpression :: Lens' Expr (Maybe Text)

-- | An optional title for the expression, i.e. a short string describing
--   its purpose. This can be used e.g. in UIs which allow to enter the
--   expression.
eTitle :: Lens' Expr (Maybe Text)

-- | An optional description of the expression. This is a longer text which
--   describes the expression, e.g. when hovered over it in a UI.
eDescription :: Lens' Expr (Maybe Text)

-- | An user owned drydock note references a Drydock ATTESTATION_AUTHORITY
--   Note created by the user.
--   
--   <i>See:</i> <a>userOwnedDrydockNote</a> smart constructor.
data UserOwnedDrydockNote

-- | Creates a value of <a>UserOwnedDrydockNote</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uodnDelegationServiceAccountEmail</a></li>
--   <li><a>uodnPublicKeys</a></li>
--   <li><a>uodnNoteReference</a></li>
--   </ul>
userOwnedDrydockNote :: UserOwnedDrydockNote

-- | Output only. This field will contain the service account email address
--   that this Attestor will use as the principal when querying Container
--   Analysis. Attestor administrators must grant this service account the
--   IAM role needed to read attestations from the note_reference in
--   Container Analysis (`containeranalysis.notes.occurrences.viewer`).
--   This email address is fixed for the lifetime of the Attestor, but
--   callers should not make any other assumptions about the service
--   account email; future versions may use an email based on a different
--   naming pattern.
uodnDelegationServiceAccountEmail :: Lens' UserOwnedDrydockNote (Maybe Text)

-- | Optional. Public keys that verify attestations signed by this
--   attestor. This field may be updated. If this field is non-empty, one
--   of the specified public keys must verify that an attestation was
--   signed by this attestor for the image specified in the admission
--   request. If this field is empty, this attestor always returns that no
--   valid attestations exist.
uodnPublicKeys :: Lens' UserOwnedDrydockNote [AttestorPublicKey]

-- | Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
--   created by the user, in the format: `projects/*/notes/*` (or the
--   legacy `providers/*/notes/*`). This field may not be updated. An
--   attestation by this attestor is stored as a Drydock
--   ATTESTATION_AUTHORITY Occurrence that names a container image and that
--   links to this Note. Drydock is an external dependency.
uodnNoteReference :: Lens' UserOwnedDrydockNote (Maybe Text)

-- | A generic empty message that you can re-use to avoid defining
--   duplicated empty messages in your APIs. A typical example is to use it
--   as the request or the response type of an API method. For instance:
--   service Foo { rpc Bar(google.protobuf.Empty) returns
--   (google.protobuf.Empty); } The JSON representation for `Empty` is
--   empty JSON object `{}`.
--   
--   <i>See:</i> <a>empty</a> smart constructor.
data Empty

-- | Creates a value of <a>Empty</a> with the minimum fields required to
--   make a request.
empty :: Empty

-- | Required. The action when a pod creation is denied by the admission
--   rule.
data AdmissionRuleEnforcementMode

-- | <tt>ENFORCEMENT_MODE_UNSPECIFIED</tt> Do not use.
EnforcementModeUnspecified :: AdmissionRuleEnforcementMode

-- | <tt>ENFORCED_BLOCK_AND_AUDIT_LOG</tt> Enforce the admission rule by
--   blocking the pod creation.
EnforcedBlockAndAuditLog :: AdmissionRuleEnforcementMode

-- | <tt>DRYRUN_AUDIT_LOG_ONLY</tt> Dryrun mode: Audit logging only. This
--   will allow the pod creation as if the admission request had specified
--   break-glass.
DryrunAuditLogOnly :: AdmissionRuleEnforcementMode

-- | Optional. Controls the evaluation of a Google-maintained global
--   admission policy for common system-level images. Images not covered by
--   the global policy will be subject to the project admission policy.
--   This setting has no effect when specified inside a global admission
--   policy.
data PolicyGlobalPolicyEvaluationMode

-- | <tt>GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED</tt> Not specified:
--   DISABLE is assumed.
GlobalPolicyEvaluationModeUnspecified :: PolicyGlobalPolicyEvaluationMode

-- | <tt>ENABLE</tt> Enables global policy evaluation.
Enable :: PolicyGlobalPolicyEvaluationMode

-- | <tt>DISABLE</tt> Disables global policy evaluation.
Disable :: PolicyGlobalPolicyEvaluationMode

-- | Request message for `SetIamPolicy` method.
--   
--   <i>See:</i> <a>setIAMPolicyRequest</a> smart constructor.
data SetIAMPolicyRequest

-- | Creates a value of <a>SetIAMPolicyRequest</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>siprPolicy</a></li>
--   </ul>
setIAMPolicyRequest :: SetIAMPolicyRequest

-- | REQUIRED: The complete policy to be applied to the `resource`. The
--   size of the policy is limited to a few 10s of KB. An empty policy is a
--   valid policy but certain Cloud Platform services (such as Projects)
--   might reject them.
siprPolicy :: Lens' SetIAMPolicyRequest (Maybe IAMPolicy)

-- | Response message for BinauthzManagementService.ListAttestors.
--   
--   <i>See:</i> <a>listAttestorsResponse</a> smart constructor.
data ListAttestorsResponse

-- | Creates a value of <a>ListAttestorsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>larNextPageToken</a></li>
--   <li><a>larAttestors</a></li>
--   </ul>
listAttestorsResponse :: ListAttestorsResponse

-- | A token to retrieve the next page of results. Pass this value in the
--   ListAttestorsRequest.page_token field in the subsequent call to the
--   `ListAttestors` method to retrieve the next page of results.
larNextPageToken :: Lens' ListAttestorsResponse (Maybe Text)

-- | The list of attestors.
larAttestors :: Lens' ListAttestorsResponse [Attestor]

-- | An admission whitelist pattern exempts images from checks by admission
--   rules.
--   
--   <i>See:</i> <a>admissionWhiteListPattern</a> smart constructor.
data AdmissionWhiteListPattern

-- | Creates a value of <a>AdmissionWhiteListPattern</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>awlpNamePattern</a></li>
--   </ul>
admissionWhiteListPattern :: AdmissionWhiteListPattern

-- | An image name pattern to whitelist, in the form
--   `registry/path/to/image`. This supports a trailing `*` as a wildcard,
--   but this is allowed only in text after the `registry/` part.
awlpNamePattern :: Lens' AdmissionWhiteListPattern (Maybe Text)

-- | The signature algorithm used to verify a message against a signature
--   using this key. These signature algorithm must match the structure and
--   any object identifiers encoded in `public_key_pem` (i.e. this
--   algorithm must match that of the public key).
data PkixPublicKeySignatureAlgorithm

-- | <tt>SIGNATURE_ALGORITHM_UNSPECIFIED</tt> Not specified.
SignatureAlgorithmUnspecified :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_2048_SHA256</tt> RSASSA-PSS 2048 bit key with a SHA256
--   digest.
RsaPss2048SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_3072_SHA256</tt> RSASSA-PSS 3072 bit key with a SHA256
--   digest.
RsaPss3072SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_4096_SHA256</tt> RSASSA-PSS 4096 bit key with a SHA256
--   digest.
RsaPss4096SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_4096_SHA512</tt> RSASSA-PSS 4096 bit key with a SHA512
--   digest.
RsaPss4096SHA512 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_2048_SHA256</tt> RSASSA-PKCS1-v1_5 with a 2048 bit
--   key and a SHA256 digest.
RsaSignPKCS12048SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_3072_SHA256</tt> RSASSA-PKCS1-v1_5 with a 3072 bit
--   key and a SHA256 digest.
RsaSignPKCS13072SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_4096_SHA256</tt> RSASSA-PKCS1-v1_5 with a 4096 bit
--   key and a SHA256 digest.
RsaSignPKCS14096SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_4096_SHA512</tt> RSASSA-PKCS1-v1_5 with a 4096 bit
--   key and a SHA512 digest.
RsaSignPKCS14096SHA512 :: PkixPublicKeySignatureAlgorithm

-- | <tt>ECDSA_P256_SHA256</tt> ECDSA on the NIST P-256 curve with a SHA256
--   digest.
EcdsaP256SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>ECDSA_P384_SHA384</tt> ECDSA on the NIST P-384 curve with a SHA384
--   digest.
EcdsaP384SHA384 :: PkixPublicKeySignatureAlgorithm

-- | <tt>ECDSA_P521_SHA512</tt> ECDSA on the NIST P-521 curve with a SHA512
--   digest.
EcdsaP521SHA512 :: PkixPublicKeySignatureAlgorithm

-- | An admission rule specifies either that all container images used in a
--   pod creation request must be attested to by one or more attestors,
--   that all pod creations will be allowed, or that all pod creations will
--   be denied. Images matching an admission whitelist pattern are exempted
--   from admission rules and will never block a pod creation.
--   
--   <i>See:</i> <a>admissionRule</a> smart constructor.
data AdmissionRule

-- | Creates a value of <a>AdmissionRule</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>arEnforcementMode</a></li>
--   <li><a>arEvaluationMode</a></li>
--   <li><a>arRequireAttestationsBy</a></li>
--   </ul>
admissionRule :: AdmissionRule

-- | Required. The action when a pod creation is denied by the admission
--   rule.
arEnforcementMode :: Lens' AdmissionRule (Maybe AdmissionRuleEnforcementMode)

-- | Required. How this admission rule will be evaluated.
arEvaluationMode :: Lens' AdmissionRule (Maybe AdmissionRuleEvaluationMode)

-- | Optional. The resource names of the attestors that must attest to a
--   container image, in the format `projects/*/attestors/*`. Each attestor
--   must exist before a policy can reference it. To add an attestor to a
--   policy the principal issuing the policy change request must be able to
--   read the attestor resource. Note: this field must be non-empty when
--   the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it
--   must be empty.
arRequireAttestationsBy :: Lens' AdmissionRule [Text]

-- | Required. How this admission rule will be evaluated.
data AdmissionRuleEvaluationMode

-- | <tt>EVALUATION_MODE_UNSPECIFIED</tt> Do not use.
EvaluationModeUnspecified :: AdmissionRuleEvaluationMode

-- | <tt>ALWAYS_ALLOW</tt> This rule allows all all pod creations.
AlwaysAllow :: AdmissionRuleEvaluationMode

-- | <tt>REQUIRE_ATTESTATION</tt> This rule allows a pod creation if all
--   the attestors listed in 'require_attestations_by' have valid
--   attestations for all of the images in the pod spec.
RequireAttestation :: AdmissionRuleEvaluationMode

-- | <tt>ALWAYS_DENY</tt> This rule denies all pod creations.
AlwaysDeny :: AdmissionRuleEvaluationMode

-- | V1 error format.
data Xgafv

-- | <tt>1</tt> v1 error format
X1 :: Xgafv

-- | <tt>2</tt> v2 error format
X2 :: Xgafv

-- | Request message for `TestIamPermissions` method.
--   
--   <i>See:</i> <a>testIAMPermissionsRequest</a> smart constructor.
data TestIAMPermissionsRequest

-- | Creates a value of <a>TestIAMPermissionsRequest</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tiprPermissions</a></li>
--   </ul>
testIAMPermissionsRequest :: TestIAMPermissionsRequest

-- | The set of permissions to check for the `resource`. Permissions with
--   wildcards (such as '*' or 'storage.*') are not allowed. For more
--   information see <a>IAM Overview</a>.
tiprPermissions :: Lens' TestIAMPermissionsRequest [Text]

-- | Defines an Identity and Access Management (IAM) policy. It is used to
--   specify access control policies for Cloud Platform resources. A
--   `Policy` consists of a list of `bindings`. A `binding` binds a list of
--   `members` to a `role`, where the members can be user accounts, Google
--   groups, Google domains, and service accounts. A `role` is a named list
--   of permissions defined by IAM. **JSON Example** { "bindings": [ {
--   "role": "roles/owner", "members": [ "user:mike'example.com",
--   "group:admins'example.com", "domain:google.com",
--   "serviceAccount:my-other-app'appspot.gserviceaccount.com" ] }, {
--   "role": "roles/viewer", "members": ["user:sean'example.com"] } ] }
--   **YAML Example** bindings: - members: - user:mike'example.com -
--   group:admins'example.com - domain:google.com -
--   serviceAccount:my-other-app'appspot.gserviceaccount.com role:
--   roles/owner - members: - user:sean'example.com role: roles/viewer For
--   a description of IAM and its features, see the <a>IAM developer's
--   guide</a>.
--   
--   <i>See:</i> <a>iamPolicy</a> smart constructor.
data IAMPolicy

-- | Creates a value of <a>IAMPolicy</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipEtag</a></li>
--   <li><a>ipVersion</a></li>
--   <li><a>ipBindings</a></li>
--   </ul>
iamPolicy :: IAMPolicy

-- | `etag` is used for optimistic concurrency control as a way to help
--   prevent simultaneous updates of a policy from overwriting each other.
--   It is strongly suggested that systems make use of the `etag` in the
--   read-modify-write cycle to perform policy updates in order to avoid
--   race conditions: An `etag` is returned in the response to
--   `getIamPolicy`, and systems are expected to put that etag in the
--   request to `setIamPolicy` to ensure that their change will be applied
--   to the same version of the policy. If no `etag` is provided in the
--   call to `setIamPolicy`, then the existing policy is overwritten
--   blindly.
ipEtag :: Lens' IAMPolicy (Maybe ByteString)

-- | Deprecated.
ipVersion :: Lens' IAMPolicy (Maybe Int32)

-- | Associates a list of `members` to a `role`. `bindings` with no members
--   will result in an error.
ipBindings :: Lens' IAMPolicy [Binding]

-- | An attestor public key that will be used to verify attestations signed
--   by this attestor.
--   
--   <i>See:</i> <a>attestorPublicKey</a> smart constructor.
data AttestorPublicKey

-- | Creates a value of <a>AttestorPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>apkPkixPublicKey</a></li>
--   <li><a>apkAsciiArmoredPgpPublicKey</a></li>
--   <li><a>apkId</a></li>
--   <li><a>apkComment</a></li>
--   </ul>
attestorPublicKey :: AttestorPublicKey

-- | A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be
--   explicitly provided by the caller when using this type of public key,
--   but it MUST be a valid RFC3986 URI. If `id` is left blank, a default
--   one will be computed based on the digest of the DER encoding of the
--   public key.
apkPkixPublicKey :: Lens' AttestorPublicKey (Maybe PkixPublicKey)

-- | ASCII-armored representation of a PGP public key, as the entire output
--   by the command `gpg --export --armor foo'example.com` (either LF or
--   CRLF line endings). When using this field, `id` should be left blank.
--   The BinAuthz API handlers will calculate the ID and fill it in
--   automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4
--   fingerprint, represented as upper-case hex. If `id` is provided by the
--   caller, it will be overwritten by the API-calculated ID.
apkAsciiArmoredPgpPublicKey :: Lens' AttestorPublicKey (Maybe Text)

-- | The ID of this public key. Signatures verified by BinAuthz must
--   include the ID of the public key that can be used to verify them, and
--   that ID must match the contents of this field exactly. Additional
--   restrictions on this field can be imposed based on which public key
--   type is encapsulated. See the documentation on `public_key` cases
--   below for details.
apkId :: Lens' AttestorPublicKey (Maybe Text)

-- | Optional. A descriptive comment. This field may be updated.
apkComment :: Lens' AttestorPublicKey (Maybe Text)

-- | Response message for `TestIamPermissions` method.
--   
--   <i>See:</i> <a>testIAMPermissionsResponse</a> smart constructor.
data TestIAMPermissionsResponse

-- | Creates a value of <a>TestIAMPermissionsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tiamprPermissions</a></li>
--   </ul>
testIAMPermissionsResponse :: TestIAMPermissionsResponse

-- | A subset of `TestPermissionsRequest.permissions` that the caller is
--   allowed.
tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text]

-- | A policy for container image binary authorization.
--   
--   <i>See:</i> <a>policy</a> smart constructor.
data Policy

-- | Creates a value of <a>Policy</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pDefaultAdmissionRule</a></li>
--   <li><a>pAdmissionWhiteListPatterns</a></li>
--   <li><a>pClusterAdmissionRules</a></li>
--   <li><a>pUpdateTime</a></li>
--   <li><a>pName</a></li>
--   <li><a>pGlobalPolicyEvaluationMode</a></li>
--   <li><a>pDescription</a></li>
--   </ul>
policy :: Policy

-- | Required. Default admission rule for a cluster without a per-cluster,
--   per- kubernetes-service-account, or per-istio-service-identity
--   admission rule.
pDefaultAdmissionRule :: Lens' Policy (Maybe AdmissionRule)

-- | Optional. Admission policy whitelisting. A matching admission request
--   will always be permitted. This feature is typically used to exclude
--   Google or third-party infrastructure images from Binary Authorization
--   policies.
pAdmissionWhiteListPatterns :: Lens' Policy [AdmissionWhiteListPattern]

-- | Optional. Per-cluster admission rules. Cluster spec format:
--   `location.clusterId`. There can be at most one admission rule per
--   cluster spec. A `location` is either a compute zone (e.g.
--   us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax
--   restrictions see
--   https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
pClusterAdmissionRules :: Lens' Policy (Maybe PolicyClusterAdmissionRules)

-- | Output only. Time when the policy was last updated.
pUpdateTime :: Lens' Policy (Maybe UTCTime)

-- | Output only. The resource name, in the format `projects/*/policy`.
--   There is at most one policy per project.
pName :: Lens' Policy (Maybe Text)

-- | Optional. Controls the evaluation of a Google-maintained global
--   admission policy for common system-level images. Images not covered by
--   the global policy will be subject to the project admission policy.
--   This setting has no effect when specified inside a global admission
--   policy.
pGlobalPolicyEvaluationMode :: Lens' Policy (Maybe PolicyGlobalPolicyEvaluationMode)

-- | Optional. A descriptive comment.
pDescription :: Lens' Policy (Maybe Text)

-- | Optional. Per-cluster admission rules. Cluster spec format:
--   `location.clusterId`. There can be at most one admission rule per
--   cluster spec. A `location` is either a compute zone (e.g.
--   us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax
--   restrictions see
--   https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
--   
--   <i>See:</i> <a>policyClusterAdmissionRules</a> smart constructor.
data PolicyClusterAdmissionRules

-- | Creates a value of <a>PolicyClusterAdmissionRules</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pcarAddtional</a></li>
--   </ul>
policyClusterAdmissionRules :: HashMap Text AdmissionRule -> PolicyClusterAdmissionRules
pcarAddtional :: Lens' PolicyClusterAdmissionRules (HashMap Text AdmissionRule)

-- | An attestor that attests to container image artifacts. An existing
--   attestor cannot be modified except where indicated.
--   
--   <i>See:</i> <a>attestor</a> smart constructor.
data Attestor

-- | Creates a value of <a>Attestor</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>aUserOwnedDrydockNote</a></li>
--   <li><a>aUpdateTime</a></li>
--   <li><a>aName</a></li>
--   <li><a>aDescription</a></li>
--   </ul>
attestor :: Attestor

-- | A Drydock ATTESTATION_AUTHORITY Note, created by the user.
aUserOwnedDrydockNote :: Lens' Attestor (Maybe UserOwnedDrydockNote)

-- | Output only. Time when the attestor was last updated.
aUpdateTime :: Lens' Attestor (Maybe UTCTime)

-- | Required. The resource name, in the format: `projects/*/attestors/*`.
--   This field may not be updated.
aName :: Lens' Attestor (Maybe Text)

-- | Optional. A descriptive comment. This field may be updated. The field
--   may be displayed in chooser dialogs.
aDescription :: Lens' Attestor (Maybe Text)

-- | Associates `members` with a `role`.
--   
--   <i>See:</i> <a>binding</a> smart constructor.
data Binding

-- | Creates a value of <a>Binding</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>bMembers</a></li>
--   <li><a>bRole</a></li>
--   <li><a>bCondition</a></li>
--   </ul>
binding :: Binding

-- | Specifies the identities requesting access for a Cloud Platform
--   resource. `members` can have the following values: * `allUsers`: A
--   special identifier that represents anyone who is on the internet; with
--   or without a Google account. * `allAuthenticatedUsers`: A special
--   identifier that represents anyone who is authenticated with a Google
--   account or a service account. * `user:{emailid}`: An email address
--   that represents a specific Google account. For example,
--   `alice'gmail.com` . * `serviceAccount:{emailid}`: An email address
--   that represents a service account. For example,
--   `my-other-app'appspot.gserviceaccount.com`. * `group:{emailid}`: An
--   email address that represents a Google group. For example,
--   `admins'example.com`. * `domain:{domain}`: The G Suite domain
--   (primary) that represents all the users of that domain. For example,
--   `google.com` or `example.com`.
bMembers :: Lens' Binding [Text]

-- | Role that is assigned to `members`. For example, `roles/viewer`,
--   `roles/editor`, or `roles/owner`.
bRole :: Lens' Binding (Maybe Text)

-- | The condition that is associated with this binding. NOTE: An
--   unsatisfied condition will not allow user access via current binding.
--   Different bindings, including their conditions, are examined
--   independently.
bCondition :: Lens' Binding (Maybe Expr)


-- | Creates an attestor, and returns a copy of the new attestor. Returns
--   NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
--   request is malformed, ALREADY_EXISTS if the attestor already exists.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.create</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.create</tt> method which
--   the <a>ProjectsAttestorsCreate</a> request conforms to.
type ProjectsAttestorsCreateResource = "v1beta1" :> Capture "parent" Text :> "attestors" :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "attestorId" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] Attestor :> Post '[JSON] Attestor

-- | Creates a value of <a>ProjectsAttestorsCreate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pacParent</a></li>
--   <li><a>pacXgafv</a></li>
--   <li><a>pacUploadProtocol</a></li>
--   <li><a>pacAccessToken</a></li>
--   <li><a>pacUploadType</a></li>
--   <li><a>pacPayload</a></li>
--   <li><a>pacAttestorId</a></li>
--   <li><a>pacCallback</a></li>
--   </ul>
projectsAttestorsCreate :: Text -> Attestor -> ProjectsAttestorsCreate

-- | Creates an attestor, and returns a copy of the new attestor. Returns
--   NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
--   request is malformed, ALREADY_EXISTS if the attestor already exists.
--   
--   <i>See:</i> <a>projectsAttestorsCreate</a> smart constructor.
data ProjectsAttestorsCreate

-- | Required. The parent of this attestor.
pacParent :: Lens' ProjectsAttestorsCreate Text

-- | V1 error format.
pacXgafv :: Lens' ProjectsAttestorsCreate (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pacUploadProtocol :: Lens' ProjectsAttestorsCreate (Maybe Text)

-- | OAuth access token.
pacAccessToken :: Lens' ProjectsAttestorsCreate (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pacUploadType :: Lens' ProjectsAttestorsCreate (Maybe Text)

-- | Multipart request metadata.
pacPayload :: Lens' ProjectsAttestorsCreate Attestor

-- | Required. The attestors ID.
pacAttestorId :: Lens' ProjectsAttestorsCreate (Maybe Text)

-- | JSONP
pacCallback :: Lens' ProjectsAttestorsCreate (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create.ProjectsAttestorsCreate
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create.ProjectsAttestorsCreate
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create.ProjectsAttestorsCreate
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create.ProjectsAttestorsCreate
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Create.ProjectsAttestorsCreate


-- | Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.delete</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.delete</tt> method which
--   the <a>ProjectsAttestorsDelete</a> request conforms to.
type ProjectsAttestorsDeleteResource = "v1beta1" :> Capture "name" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> Delete '[JSON] Empty

-- | Creates a value of <a>ProjectsAttestorsDelete</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>padXgafv</a></li>
--   <li><a>padUploadProtocol</a></li>
--   <li><a>padAccessToken</a></li>
--   <li><a>padUploadType</a></li>
--   <li><a>padName</a></li>
--   <li><a>padCallback</a></li>
--   </ul>
projectsAttestorsDelete :: Text -> ProjectsAttestorsDelete

-- | Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
--   
--   <i>See:</i> <a>projectsAttestorsDelete</a> smart constructor.
data ProjectsAttestorsDelete

-- | V1 error format.
padXgafv :: Lens' ProjectsAttestorsDelete (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
padUploadProtocol :: Lens' ProjectsAttestorsDelete (Maybe Text)

-- | OAuth access token.
padAccessToken :: Lens' ProjectsAttestorsDelete (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
padUploadType :: Lens' ProjectsAttestorsDelete (Maybe Text)

-- | Required. The name of the attestors to delete, in the format
--   `projects/*/attestors/*`.
padName :: Lens' ProjectsAttestorsDelete Text

-- | JSONP
padCallback :: Lens' ProjectsAttestorsDelete (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete.ProjectsAttestorsDelete
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete.ProjectsAttestorsDelete
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete.ProjectsAttestorsDelete
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete.ProjectsAttestorsDelete
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Delete.ProjectsAttestorsDelete


-- | Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.get</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.get</tt> method which the
--   <a>ProjectsAttestorsGet</a> request conforms to.
type ProjectsAttestorsGetResource = "v1beta1" :> Capture "name" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> Get '[JSON] Attestor

-- | Creates a value of <a>ProjectsAttestorsGet</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pagXgafv</a></li>
--   <li><a>pagUploadProtocol</a></li>
--   <li><a>pagAccessToken</a></li>
--   <li><a>pagUploadType</a></li>
--   <li><a>pagName</a></li>
--   <li><a>pagCallback</a></li>
--   </ul>
projectsAttestorsGet :: Text -> ProjectsAttestorsGet

-- | Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
--   
--   <i>See:</i> <a>projectsAttestorsGet</a> smart constructor.
data ProjectsAttestorsGet

-- | V1 error format.
pagXgafv :: Lens' ProjectsAttestorsGet (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pagUploadProtocol :: Lens' ProjectsAttestorsGet (Maybe Text)

-- | OAuth access token.
pagAccessToken :: Lens' ProjectsAttestorsGet (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pagUploadType :: Lens' ProjectsAttestorsGet (Maybe Text)

-- | Required. The name of the attestor to retrieve, in the format
--   `projects/*/attestors/*`.
pagName :: Lens' ProjectsAttestorsGet Text

-- | JSONP
pagCallback :: Lens' ProjectsAttestorsGet (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get.ProjectsAttestorsGet
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get.ProjectsAttestorsGet
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get.ProjectsAttestorsGet
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get.ProjectsAttestorsGet
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Get.ProjectsAttestorsGet


-- | Gets the access control policy for a resource. Returns an empty policy
--   if the resource exists and does not have a policy set.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.getIamPolicy</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.getIamPolicy</tt> method
--   which the <a>ProjectsAttestorsGetIAMPolicy</a> request conforms to.
type ProjectsAttestorsGetIAMPolicyResource = "v1beta1" :> CaptureMode "resource" "getIamPolicy" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> Get '[JSON] IAMPolicy

-- | Creates a value of <a>ProjectsAttestorsGetIAMPolicy</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pagipXgafv</a></li>
--   <li><a>pagipUploadProtocol</a></li>
--   <li><a>pagipAccessToken</a></li>
--   <li><a>pagipUploadType</a></li>
--   <li><a>pagipResource</a></li>
--   <li><a>pagipCallback</a></li>
--   </ul>
projectsAttestorsGetIAMPolicy :: Text -> ProjectsAttestorsGetIAMPolicy

-- | Gets the access control policy for a resource. Returns an empty policy
--   if the resource exists and does not have a policy set.
--   
--   <i>See:</i> <a>projectsAttestorsGetIAMPolicy</a> smart constructor.
data ProjectsAttestorsGetIAMPolicy

-- | V1 error format.
pagipXgafv :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pagipUploadProtocol :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)

-- | OAuth access token.
pagipAccessToken :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pagipUploadType :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)

-- | REQUIRED: The resource for which the policy is being requested. See
--   the operation documentation for the appropriate value for this field.
pagipResource :: Lens' ProjectsAttestorsGetIAMPolicy Text

-- | JSONP
pagipCallback :: Lens' ProjectsAttestorsGetIAMPolicy (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy.ProjectsAttestorsGetIAMPolicy
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy.ProjectsAttestorsGetIAMPolicy
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy.ProjectsAttestorsGetIAMPolicy
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy.ProjectsAttestorsGetIAMPolicy
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.GetIAMPolicy.ProjectsAttestorsGetIAMPolicy


-- | Lists attestors. Returns INVALID_ARGUMENT if the project does not
--   exist.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.list</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.list</tt> method which the
--   <a>ProjectsAttestorsList</a> request conforms to.
type ProjectsAttestorsListResource = "v1beta1" :> Capture "parent" Text :> "attestors" :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "pageToken" Text :> QueryParam "pageSize" (Textual Int32) :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> Get '[JSON] ListAttestorsResponse

-- | Creates a value of <a>ProjectsAttestorsList</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>palParent</a></li>
--   <li><a>palXgafv</a></li>
--   <li><a>palUploadProtocol</a></li>
--   <li><a>palAccessToken</a></li>
--   <li><a>palUploadType</a></li>
--   <li><a>palPageToken</a></li>
--   <li><a>palPageSize</a></li>
--   <li><a>palCallback</a></li>
--   </ul>
projectsAttestorsList :: Text -> ProjectsAttestorsList

-- | Lists attestors. Returns INVALID_ARGUMENT if the project does not
--   exist.
--   
--   <i>See:</i> <a>projectsAttestorsList</a> smart constructor.
data ProjectsAttestorsList

-- | Required. The resource name of the project associated with the
--   attestors, in the format `projects/*`.
palParent :: Lens' ProjectsAttestorsList Text

-- | V1 error format.
palXgafv :: Lens' ProjectsAttestorsList (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
palUploadProtocol :: Lens' ProjectsAttestorsList (Maybe Text)

-- | OAuth access token.
palAccessToken :: Lens' ProjectsAttestorsList (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
palUploadType :: Lens' ProjectsAttestorsList (Maybe Text)

-- | A token identifying a page of results the server should return.
--   Typically, this is the value of ListAttestorsResponse.next_page_token
--   returned from the previous call to the `ListAttestors` method.
palPageToken :: Lens' ProjectsAttestorsList (Maybe Text)

-- | Requested page size. The server may return fewer results than
--   requested. If unspecified, the server will pick an appropriate
--   default.
palPageSize :: Lens' ProjectsAttestorsList (Maybe Int32)

-- | JSONP
palCallback :: Lens' ProjectsAttestorsList (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List.ProjectsAttestorsList
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List.ProjectsAttestorsList
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List.ProjectsAttestorsList
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List.ProjectsAttestorsList
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.List.ProjectsAttestorsList


-- | Sets the access control policy on the specified resource. Replaces any
--   existing policy.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.setIamPolicy</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.setIamPolicy</tt> method
--   which the <a>ProjectsAttestorsSetIAMPolicy</a> request conforms to.
type ProjectsAttestorsSetIAMPolicyResource = "v1beta1" :> CaptureMode "resource" "setIamPolicy" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] SetIAMPolicyRequest :> Post '[JSON] IAMPolicy

-- | Creates a value of <a>ProjectsAttestorsSetIAMPolicy</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pasipXgafv</a></li>
--   <li><a>pasipUploadProtocol</a></li>
--   <li><a>pasipAccessToken</a></li>
--   <li><a>pasipUploadType</a></li>
--   <li><a>pasipPayload</a></li>
--   <li><a>pasipResource</a></li>
--   <li><a>pasipCallback</a></li>
--   </ul>
projectsAttestorsSetIAMPolicy :: SetIAMPolicyRequest -> Text -> ProjectsAttestorsSetIAMPolicy

-- | Sets the access control policy on the specified resource. Replaces any
--   existing policy.
--   
--   <i>See:</i> <a>projectsAttestorsSetIAMPolicy</a> smart constructor.
data ProjectsAttestorsSetIAMPolicy

-- | V1 error format.
pasipXgafv :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pasipUploadProtocol :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)

-- | OAuth access token.
pasipAccessToken :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pasipUploadType :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)

-- | Multipart request metadata.
pasipPayload :: Lens' ProjectsAttestorsSetIAMPolicy SetIAMPolicyRequest

-- | REQUIRED: The resource for which the policy is being specified. See
--   the operation documentation for the appropriate value for this field.
pasipResource :: Lens' ProjectsAttestorsSetIAMPolicy Text

-- | JSONP
pasipCallback :: Lens' ProjectsAttestorsSetIAMPolicy (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy.ProjectsAttestorsSetIAMPolicy
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy.ProjectsAttestorsSetIAMPolicy
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy.ProjectsAttestorsSetIAMPolicy
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy.ProjectsAttestorsSetIAMPolicy
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.SetIAMPolicy.ProjectsAttestorsSetIAMPolicy


-- | Returns permissions that a caller has on the specified resource. If
--   the resource does not exist, this will return an empty set of
--   permissions, not a NOT_FOUND error. Note: This operation is designed
--   to be used for building permission-aware UIs and command-line tools,
--   not for authorization checking. This operation may "fail open" without
--   warning.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.testIamPermissions</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.testIamPermissions</tt>
--   method which the <a>ProjectsAttestorsTestIAMPermissions</a> request
--   conforms to.
type ProjectsAttestorsTestIAMPermissionsResource = "v1beta1" :> CaptureMode "resource" "testIamPermissions" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] TestIAMPermissionsRequest :> Post '[JSON] TestIAMPermissionsResponse

-- | Creates a value of <a>ProjectsAttestorsTestIAMPermissions</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>patipXgafv</a></li>
--   <li><a>patipUploadProtocol</a></li>
--   <li><a>patipAccessToken</a></li>
--   <li><a>patipUploadType</a></li>
--   <li><a>patipPayload</a></li>
--   <li><a>patipResource</a></li>
--   <li><a>patipCallback</a></li>
--   </ul>
projectsAttestorsTestIAMPermissions :: TestIAMPermissionsRequest -> Text -> ProjectsAttestorsTestIAMPermissions

-- | Returns permissions that a caller has on the specified resource. If
--   the resource does not exist, this will return an empty set of
--   permissions, not a NOT_FOUND error. Note: This operation is designed
--   to be used for building permission-aware UIs and command-line tools,
--   not for authorization checking. This operation may "fail open" without
--   warning.
--   
--   <i>See:</i> <a>projectsAttestorsTestIAMPermissions</a> smart
--   constructor.
data ProjectsAttestorsTestIAMPermissions

-- | V1 error format.
patipXgafv :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
patipUploadProtocol :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)

-- | OAuth access token.
patipAccessToken :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
patipUploadType :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)

-- | Multipart request metadata.
patipPayload :: Lens' ProjectsAttestorsTestIAMPermissions TestIAMPermissionsRequest

-- | REQUIRED: The resource for which the policy detail is being requested.
--   See the operation documentation for the appropriate value for this
--   field.
patipResource :: Lens' ProjectsAttestorsTestIAMPermissions Text

-- | JSONP
patipCallback :: Lens' ProjectsAttestorsTestIAMPermissions (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions.ProjectsAttestorsTestIAMPermissions
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions.ProjectsAttestorsTestIAMPermissions
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions.ProjectsAttestorsTestIAMPermissions
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions.ProjectsAttestorsTestIAMPermissions
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.TestIAMPermissions.ProjectsAttestorsTestIAMPermissions


-- | Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.attestors.update</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update

-- | A resource alias for
--   <tt>binaryauthorization.projects.attestors.update</tt> method which
--   the <a>ProjectsAttestorsUpdate</a> request conforms to.
type ProjectsAttestorsUpdateResource = "v1beta1" :> Capture "name" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] Attestor :> Put '[JSON] Attestor

-- | Creates a value of <a>ProjectsAttestorsUpdate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pauXgafv</a></li>
--   <li><a>pauUploadProtocol</a></li>
--   <li><a>pauAccessToken</a></li>
--   <li><a>pauUploadType</a></li>
--   <li><a>pauPayload</a></li>
--   <li><a>pauName</a></li>
--   <li><a>pauCallback</a></li>
--   </ul>
projectsAttestorsUpdate :: Attestor -> Text -> ProjectsAttestorsUpdate

-- | Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
--   
--   <i>See:</i> <a>projectsAttestorsUpdate</a> smart constructor.
data ProjectsAttestorsUpdate

-- | V1 error format.
pauXgafv :: Lens' ProjectsAttestorsUpdate (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pauUploadProtocol :: Lens' ProjectsAttestorsUpdate (Maybe Text)

-- | OAuth access token.
pauAccessToken :: Lens' ProjectsAttestorsUpdate (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pauUploadType :: Lens' ProjectsAttestorsUpdate (Maybe Text)

-- | Multipart request metadata.
pauPayload :: Lens' ProjectsAttestorsUpdate Attestor

-- | Required. The resource name, in the format: `projects/*/attestors/*`.
--   This field may not be updated.
pauName :: Lens' ProjectsAttestorsUpdate Text

-- | JSONP
pauCallback :: Lens' ProjectsAttestorsUpdate (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update.ProjectsAttestorsUpdate
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update.ProjectsAttestorsUpdate
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update.ProjectsAttestorsUpdate
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update.ProjectsAttestorsUpdate
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Attestors.Update.ProjectsAttestorsUpdate


-- | Gets the policy for this project. Returns a default policy if the
--   project does not have one.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.getPolicy</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy

-- | A resource alias for <tt>binaryauthorization.projects.getPolicy</tt>
--   method which the <a>ProjectsGetPolicy</a> request conforms to.
type ProjectsGetPolicyResource = "v1beta1" :> Capture "name" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> Get '[JSON] Policy

-- | Creates a value of <a>ProjectsGetPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pgpXgafv</a></li>
--   <li><a>pgpUploadProtocol</a></li>
--   <li><a>pgpAccessToken</a></li>
--   <li><a>pgpUploadType</a></li>
--   <li><a>pgpName</a></li>
--   <li><a>pgpCallback</a></li>
--   </ul>
projectsGetPolicy :: Text -> ProjectsGetPolicy

-- | Gets the policy for this project. Returns a default policy if the
--   project does not have one.
--   
--   <i>See:</i> <a>projectsGetPolicy</a> smart constructor.
data ProjectsGetPolicy

-- | V1 error format.
pgpXgafv :: Lens' ProjectsGetPolicy (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pgpUploadProtocol :: Lens' ProjectsGetPolicy (Maybe Text)

-- | OAuth access token.
pgpAccessToken :: Lens' ProjectsGetPolicy (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pgpUploadType :: Lens' ProjectsGetPolicy (Maybe Text)

-- | Required. The resource name of the policy to retrieve, in the format
--   `projects/*/policy`.
pgpName :: Lens' ProjectsGetPolicy Text

-- | JSONP
pgpCallback :: Lens' ProjectsGetPolicy (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy.ProjectsGetPolicy
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy.ProjectsGetPolicy
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy.ProjectsGetPolicy
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy.ProjectsGetPolicy
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.GetPolicy.ProjectsGetPolicy


-- | Gets the access control policy for a resource. Returns an empty policy
--   if the resource exists and does not have a policy set.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.policy.getIamPolicy</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy

-- | A resource alias for
--   <tt>binaryauthorization.projects.policy.getIamPolicy</tt> method which
--   the <a>ProjectsPolicyGetIAMPolicy</a> request conforms to.
type ProjectsPolicyGetIAMPolicyResource = "v1beta1" :> CaptureMode "resource" "getIamPolicy" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> Get '[JSON] IAMPolicy

-- | Creates a value of <a>ProjectsPolicyGetIAMPolicy</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ppgipXgafv</a></li>
--   <li><a>ppgipUploadProtocol</a></li>
--   <li><a>ppgipAccessToken</a></li>
--   <li><a>ppgipUploadType</a></li>
--   <li><a>ppgipResource</a></li>
--   <li><a>ppgipCallback</a></li>
--   </ul>
projectsPolicyGetIAMPolicy :: Text -> ProjectsPolicyGetIAMPolicy

-- | Gets the access control policy for a resource. Returns an empty policy
--   if the resource exists and does not have a policy set.
--   
--   <i>See:</i> <a>projectsPolicyGetIAMPolicy</a> smart constructor.
data ProjectsPolicyGetIAMPolicy

-- | V1 error format.
ppgipXgafv :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
ppgipUploadProtocol :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)

-- | OAuth access token.
ppgipAccessToken :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
ppgipUploadType :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)

-- | REQUIRED: The resource for which the policy is being requested. See
--   the operation documentation for the appropriate value for this field.
ppgipResource :: Lens' ProjectsPolicyGetIAMPolicy Text

-- | JSONP
ppgipCallback :: Lens' ProjectsPolicyGetIAMPolicy (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy.ProjectsPolicyGetIAMPolicy
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy.ProjectsPolicyGetIAMPolicy
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy.ProjectsPolicyGetIAMPolicy
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy.ProjectsPolicyGetIAMPolicy
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Policy.GetIAMPolicy.ProjectsPolicyGetIAMPolicy


-- | Sets the access control policy on the specified resource. Replaces any
--   existing policy.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.policy.setIamPolicy</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy

-- | A resource alias for
--   <tt>binaryauthorization.projects.policy.setIamPolicy</tt> method which
--   the <a>ProjectsPolicySetIAMPolicy</a> request conforms to.
type ProjectsPolicySetIAMPolicyResource = "v1beta1" :> CaptureMode "resource" "setIamPolicy" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] SetIAMPolicyRequest :> Post '[JSON] IAMPolicy

-- | Creates a value of <a>ProjectsPolicySetIAMPolicy</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ppsipXgafv</a></li>
--   <li><a>ppsipUploadProtocol</a></li>
--   <li><a>ppsipAccessToken</a></li>
--   <li><a>ppsipUploadType</a></li>
--   <li><a>ppsipPayload</a></li>
--   <li><a>ppsipResource</a></li>
--   <li><a>ppsipCallback</a></li>
--   </ul>
projectsPolicySetIAMPolicy :: SetIAMPolicyRequest -> Text -> ProjectsPolicySetIAMPolicy

-- | Sets the access control policy on the specified resource. Replaces any
--   existing policy.
--   
--   <i>See:</i> <a>projectsPolicySetIAMPolicy</a> smart constructor.
data ProjectsPolicySetIAMPolicy

-- | V1 error format.
ppsipXgafv :: Lens' ProjectsPolicySetIAMPolicy (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
ppsipUploadProtocol :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)

-- | OAuth access token.
ppsipAccessToken :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
ppsipUploadType :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)

-- | Multipart request metadata.
ppsipPayload :: Lens' ProjectsPolicySetIAMPolicy SetIAMPolicyRequest

-- | REQUIRED: The resource for which the policy is being specified. See
--   the operation documentation for the appropriate value for this field.
ppsipResource :: Lens' ProjectsPolicySetIAMPolicy Text

-- | JSONP
ppsipCallback :: Lens' ProjectsPolicySetIAMPolicy (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy.ProjectsPolicySetIAMPolicy
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy.ProjectsPolicySetIAMPolicy
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy.ProjectsPolicySetIAMPolicy
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy.ProjectsPolicySetIAMPolicy
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Policy.SetIAMPolicy.ProjectsPolicySetIAMPolicy


-- | Returns permissions that a caller has on the specified resource. If
--   the resource does not exist, this will return an empty set of
--   permissions, not a NOT_FOUND error. Note: This operation is designed
--   to be used for building permission-aware UIs and command-line tools,
--   not for authorization checking. This operation may "fail open" without
--   warning.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.policy.testIamPermissions</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions

-- | A resource alias for
--   <tt>binaryauthorization.projects.policy.testIamPermissions</tt> method
--   which the <a>ProjectsPolicyTestIAMPermissions</a> request conforms to.
type ProjectsPolicyTestIAMPermissionsResource = "v1beta1" :> CaptureMode "resource" "testIamPermissions" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] TestIAMPermissionsRequest :> Post '[JSON] TestIAMPermissionsResponse

-- | Creates a value of <a>ProjectsPolicyTestIAMPermissions</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pptipXgafv</a></li>
--   <li><a>pptipUploadProtocol</a></li>
--   <li><a>pptipAccessToken</a></li>
--   <li><a>pptipUploadType</a></li>
--   <li><a>pptipPayload</a></li>
--   <li><a>pptipResource</a></li>
--   <li><a>pptipCallback</a></li>
--   </ul>
projectsPolicyTestIAMPermissions :: TestIAMPermissionsRequest -> Text -> ProjectsPolicyTestIAMPermissions

-- | Returns permissions that a caller has on the specified resource. If
--   the resource does not exist, this will return an empty set of
--   permissions, not a NOT_FOUND error. Note: This operation is designed
--   to be used for building permission-aware UIs and command-line tools,
--   not for authorization checking. This operation may "fail open" without
--   warning.
--   
--   <i>See:</i> <a>projectsPolicyTestIAMPermissions</a> smart constructor.
data ProjectsPolicyTestIAMPermissions

-- | V1 error format.
pptipXgafv :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pptipUploadProtocol :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)

-- | OAuth access token.
pptipAccessToken :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pptipUploadType :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)

-- | Multipart request metadata.
pptipPayload :: Lens' ProjectsPolicyTestIAMPermissions TestIAMPermissionsRequest

-- | REQUIRED: The resource for which the policy detail is being requested.
--   See the operation documentation for the appropriate value for this
--   field.
pptipResource :: Lens' ProjectsPolicyTestIAMPermissions Text

-- | JSONP
pptipCallback :: Lens' ProjectsPolicyTestIAMPermissions (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions.ProjectsPolicyTestIAMPermissions
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions.ProjectsPolicyTestIAMPermissions
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions.ProjectsPolicyTestIAMPermissions
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions.ProjectsPolicyTestIAMPermissions
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.Policy.TestIAMPermissions.ProjectsPolicyTestIAMPermissions


-- | Creates or updates a project's policy, and returns a copy of the new
--   policy. A policy is always updated as a whole, to avoid race
--   conditions with concurrent policy enforcement (or management!)
--   requests. Returns NOT_FOUND if the project does not exist,
--   INVALID_ARGUMENT if the request is malformed.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a> for
--   <tt>binaryauthorization.projects.updatePolicy</tt>.
module Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy

-- | A resource alias for
--   <tt>binaryauthorization.projects.updatePolicy</tt> method which the
--   <a>ProjectsUpdatePolicy</a> request conforms to.
type ProjectsUpdatePolicyResource = "v1beta1" :> Capture "name" Text :> QueryParam "$.xgafv" Xgafv :> QueryParam "upload_protocol" Text :> QueryParam "access_token" Text :> QueryParam "uploadType" Text :> QueryParam "callback" Text :> QueryParam "alt" AltJSON :> ReqBody '[JSON] Policy :> Put '[JSON] Policy

-- | Creates a value of <a>ProjectsUpdatePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pupXgafv</a></li>
--   <li><a>pupUploadProtocol</a></li>
--   <li><a>pupAccessToken</a></li>
--   <li><a>pupUploadType</a></li>
--   <li><a>pupPayload</a></li>
--   <li><a>pupName</a></li>
--   <li><a>pupCallback</a></li>
--   </ul>
projectsUpdatePolicy :: Policy -> Text -> ProjectsUpdatePolicy

-- | Creates or updates a project's policy, and returns a copy of the new
--   policy. A policy is always updated as a whole, to avoid race
--   conditions with concurrent policy enforcement (or management!)
--   requests. Returns NOT_FOUND if the project does not exist,
--   INVALID_ARGUMENT if the request is malformed.
--   
--   <i>See:</i> <a>projectsUpdatePolicy</a> smart constructor.
data ProjectsUpdatePolicy

-- | V1 error format.
pupXgafv :: Lens' ProjectsUpdatePolicy (Maybe Xgafv)

-- | Upload protocol for media (e.g. "raw", "multipart").
pupUploadProtocol :: Lens' ProjectsUpdatePolicy (Maybe Text)

-- | OAuth access token.
pupAccessToken :: Lens' ProjectsUpdatePolicy (Maybe Text)

-- | Legacy upload protocol for media (e.g. "media", "multipart").
pupUploadType :: Lens' ProjectsUpdatePolicy (Maybe Text)

-- | Multipart request metadata.
pupPayload :: Lens' ProjectsUpdatePolicy Policy

-- | Output only. The resource name, in the format `projects/*/policy`.
--   There is at most one policy per project.
pupName :: Lens' ProjectsUpdatePolicy Text

-- | JSONP
pupCallback :: Lens' ProjectsUpdatePolicy (Maybe Text)
instance GHC.Generics.Generic Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy.ProjectsUpdatePolicy
instance Data.Data.Data Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy.ProjectsUpdatePolicy
instance GHC.Show.Show Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy.ProjectsUpdatePolicy
instance GHC.Classes.Eq Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy.ProjectsUpdatePolicy
instance Network.Google.Types.GoogleRequest Network.Google.Resource.BinaryAuthorization.Projects.UpdatePolicy.ProjectsUpdatePolicy


-- | The management interface for Binary Authorization, a system providing
--   policy control for images deployed to Kubernetes Engine clusters.
--   
--   <i>See:</i> <a>Binary Authorization API Reference</a>
module Network.Google.BinaryAuthorization

-- | Default request referring to version <tt>v1beta1</tt> of the Binary
--   Authorization API. This contains the host and root path used as a
--   starting point for constructing service requests.
binaryAuthorizationService :: ServiceConfig

-- | View and manage your data across Google Cloud Platform services
cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"]

-- | Represents the entirety of the methods and resources available for the
--   Binary Authorization API service.
type BinaryAuthorizationAPI = ProjectsAttestorsListResource :<|> ProjectsAttestorsGetIAMPolicyResource :<|> ProjectsAttestorsGetResource :<|> ProjectsAttestorsCreateResource :<|> ProjectsAttestorsSetIAMPolicyResource :<|> ProjectsAttestorsTestIAMPermissionsResource :<|> ProjectsAttestorsDeleteResource :<|> ProjectsAttestorsUpdateResource :<|> ProjectsPolicyGetIAMPolicyResource :<|> ProjectsPolicySetIAMPolicyResource :<|> ProjectsPolicyTestIAMPermissionsResource :<|> ProjectsUpdatePolicyResource :<|> ProjectsGetPolicyResource

-- | A public key in the PkixPublicKey format (see
--   https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
--   Public keys of this type are typically textually encoded using the PEM
--   format.
--   
--   <i>See:</i> <a>pkixPublicKey</a> smart constructor.
data PkixPublicKey

-- | Creates a value of <a>PkixPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ppkPublicKeyPem</a></li>
--   <li><a>ppkSignatureAlgorithm</a></li>
--   </ul>
pkixPublicKey :: PkixPublicKey

-- | A PEM-encoded public key, as described in
--   https://tools.ietf.org/html/rfc7468#section-13
ppkPublicKeyPem :: Lens' PkixPublicKey (Maybe Text)

-- | The signature algorithm used to verify a message against a signature
--   using this key. These signature algorithm must match the structure and
--   any object identifiers encoded in `public_key_pem` (i.e. this
--   algorithm must match that of the public key).
ppkSignatureAlgorithm :: Lens' PkixPublicKey (Maybe PkixPublicKeySignatureAlgorithm)

-- | Represents an expression text. Example: title: "User account presence"
--   description: "Determines whether the request has a user account"
--   expression: "size(request.user) &gt; 0"
--   
--   <i>See:</i> <a>expr</a> smart constructor.
data Expr

-- | Creates a value of <a>Expr</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>eLocation</a></li>
--   <li><a>eExpression</a></li>
--   <li><a>eTitle</a></li>
--   <li><a>eDescription</a></li>
--   </ul>
expr :: Expr

-- | An optional string indicating the location of the expression for error
--   reporting, e.g. a file name and a position in the file.
eLocation :: Lens' Expr (Maybe Text)

-- | Textual representation of an expression in Common Expression Language
--   syntax. The application context of the containing message determines
--   which well-known feature set of CEL is supported.
eExpression :: Lens' Expr (Maybe Text)

-- | An optional title for the expression, i.e. a short string describing
--   its purpose. This can be used e.g. in UIs which allow to enter the
--   expression.
eTitle :: Lens' Expr (Maybe Text)

-- | An optional description of the expression. This is a longer text which
--   describes the expression, e.g. when hovered over it in a UI.
eDescription :: Lens' Expr (Maybe Text)

-- | An user owned drydock note references a Drydock ATTESTATION_AUTHORITY
--   Note created by the user.
--   
--   <i>See:</i> <a>userOwnedDrydockNote</a> smart constructor.
data UserOwnedDrydockNote

-- | Creates a value of <a>UserOwnedDrydockNote</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uodnDelegationServiceAccountEmail</a></li>
--   <li><a>uodnPublicKeys</a></li>
--   <li><a>uodnNoteReference</a></li>
--   </ul>
userOwnedDrydockNote :: UserOwnedDrydockNote

-- | Output only. This field will contain the service account email address
--   that this Attestor will use as the principal when querying Container
--   Analysis. Attestor administrators must grant this service account the
--   IAM role needed to read attestations from the note_reference in
--   Container Analysis (`containeranalysis.notes.occurrences.viewer`).
--   This email address is fixed for the lifetime of the Attestor, but
--   callers should not make any other assumptions about the service
--   account email; future versions may use an email based on a different
--   naming pattern.
uodnDelegationServiceAccountEmail :: Lens' UserOwnedDrydockNote (Maybe Text)

-- | Optional. Public keys that verify attestations signed by this
--   attestor. This field may be updated. If this field is non-empty, one
--   of the specified public keys must verify that an attestation was
--   signed by this attestor for the image specified in the admission
--   request. If this field is empty, this attestor always returns that no
--   valid attestations exist.
uodnPublicKeys :: Lens' UserOwnedDrydockNote [AttestorPublicKey]

-- | Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
--   created by the user, in the format: `projects/*/notes/*` (or the
--   legacy `providers/*/notes/*`). This field may not be updated. An
--   attestation by this attestor is stored as a Drydock
--   ATTESTATION_AUTHORITY Occurrence that names a container image and that
--   links to this Note. Drydock is an external dependency.
uodnNoteReference :: Lens' UserOwnedDrydockNote (Maybe Text)

-- | A generic empty message that you can re-use to avoid defining
--   duplicated empty messages in your APIs. A typical example is to use it
--   as the request or the response type of an API method. For instance:
--   service Foo { rpc Bar(google.protobuf.Empty) returns
--   (google.protobuf.Empty); } The JSON representation for `Empty` is
--   empty JSON object `{}`.
--   
--   <i>See:</i> <a>empty</a> smart constructor.
data Empty

-- | Creates a value of <a>Empty</a> with the minimum fields required to
--   make a request.
empty :: Empty

-- | Required. The action when a pod creation is denied by the admission
--   rule.
data AdmissionRuleEnforcementMode

-- | <tt>ENFORCEMENT_MODE_UNSPECIFIED</tt> Do not use.
EnforcementModeUnspecified :: AdmissionRuleEnforcementMode

-- | <tt>ENFORCED_BLOCK_AND_AUDIT_LOG</tt> Enforce the admission rule by
--   blocking the pod creation.
EnforcedBlockAndAuditLog :: AdmissionRuleEnforcementMode

-- | <tt>DRYRUN_AUDIT_LOG_ONLY</tt> Dryrun mode: Audit logging only. This
--   will allow the pod creation as if the admission request had specified
--   break-glass.
DryrunAuditLogOnly :: AdmissionRuleEnforcementMode

-- | Optional. Controls the evaluation of a Google-maintained global
--   admission policy for common system-level images. Images not covered by
--   the global policy will be subject to the project admission policy.
--   This setting has no effect when specified inside a global admission
--   policy.
data PolicyGlobalPolicyEvaluationMode

-- | <tt>GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED</tt> Not specified:
--   DISABLE is assumed.
GlobalPolicyEvaluationModeUnspecified :: PolicyGlobalPolicyEvaluationMode

-- | <tt>ENABLE</tt> Enables global policy evaluation.
Enable :: PolicyGlobalPolicyEvaluationMode

-- | <tt>DISABLE</tt> Disables global policy evaluation.
Disable :: PolicyGlobalPolicyEvaluationMode

-- | Request message for `SetIamPolicy` method.
--   
--   <i>See:</i> <a>setIAMPolicyRequest</a> smart constructor.
data SetIAMPolicyRequest

-- | Creates a value of <a>SetIAMPolicyRequest</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>siprPolicy</a></li>
--   </ul>
setIAMPolicyRequest :: SetIAMPolicyRequest

-- | REQUIRED: The complete policy to be applied to the `resource`. The
--   size of the policy is limited to a few 10s of KB. An empty policy is a
--   valid policy but certain Cloud Platform services (such as Projects)
--   might reject them.
siprPolicy :: Lens' SetIAMPolicyRequest (Maybe IAMPolicy)

-- | Response message for BinauthzManagementService.ListAttestors.
--   
--   <i>See:</i> <a>listAttestorsResponse</a> smart constructor.
data ListAttestorsResponse

-- | Creates a value of <a>ListAttestorsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>larNextPageToken</a></li>
--   <li><a>larAttestors</a></li>
--   </ul>
listAttestorsResponse :: ListAttestorsResponse

-- | A token to retrieve the next page of results. Pass this value in the
--   ListAttestorsRequest.page_token field in the subsequent call to the
--   `ListAttestors` method to retrieve the next page of results.
larNextPageToken :: Lens' ListAttestorsResponse (Maybe Text)

-- | The list of attestors.
larAttestors :: Lens' ListAttestorsResponse [Attestor]

-- | An admission whitelist pattern exempts images from checks by admission
--   rules.
--   
--   <i>See:</i> <a>admissionWhiteListPattern</a> smart constructor.
data AdmissionWhiteListPattern

-- | Creates a value of <a>AdmissionWhiteListPattern</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>awlpNamePattern</a></li>
--   </ul>
admissionWhiteListPattern :: AdmissionWhiteListPattern

-- | An image name pattern to whitelist, in the form
--   `registry/path/to/image`. This supports a trailing `*` as a wildcard,
--   but this is allowed only in text after the `registry/` part.
awlpNamePattern :: Lens' AdmissionWhiteListPattern (Maybe Text)

-- | The signature algorithm used to verify a message against a signature
--   using this key. These signature algorithm must match the structure and
--   any object identifiers encoded in `public_key_pem` (i.e. this
--   algorithm must match that of the public key).
data PkixPublicKeySignatureAlgorithm

-- | <tt>SIGNATURE_ALGORITHM_UNSPECIFIED</tt> Not specified.
SignatureAlgorithmUnspecified :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_2048_SHA256</tt> RSASSA-PSS 2048 bit key with a SHA256
--   digest.
RsaPss2048SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_3072_SHA256</tt> RSASSA-PSS 3072 bit key with a SHA256
--   digest.
RsaPss3072SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_4096_SHA256</tt> RSASSA-PSS 4096 bit key with a SHA256
--   digest.
RsaPss4096SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_PSS_4096_SHA512</tt> RSASSA-PSS 4096 bit key with a SHA512
--   digest.
RsaPss4096SHA512 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_2048_SHA256</tt> RSASSA-PKCS1-v1_5 with a 2048 bit
--   key and a SHA256 digest.
RsaSignPKCS12048SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_3072_SHA256</tt> RSASSA-PKCS1-v1_5 with a 3072 bit
--   key and a SHA256 digest.
RsaSignPKCS13072SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_4096_SHA256</tt> RSASSA-PKCS1-v1_5 with a 4096 bit
--   key and a SHA256 digest.
RsaSignPKCS14096SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>RSA_SIGN_PKCS1_4096_SHA512</tt> RSASSA-PKCS1-v1_5 with a 4096 bit
--   key and a SHA512 digest.
RsaSignPKCS14096SHA512 :: PkixPublicKeySignatureAlgorithm

-- | <tt>ECDSA_P256_SHA256</tt> ECDSA on the NIST P-256 curve with a SHA256
--   digest.
EcdsaP256SHA256 :: PkixPublicKeySignatureAlgorithm

-- | <tt>ECDSA_P384_SHA384</tt> ECDSA on the NIST P-384 curve with a SHA384
--   digest.
EcdsaP384SHA384 :: PkixPublicKeySignatureAlgorithm

-- | <tt>ECDSA_P521_SHA512</tt> ECDSA on the NIST P-521 curve with a SHA512
--   digest.
EcdsaP521SHA512 :: PkixPublicKeySignatureAlgorithm

-- | An admission rule specifies either that all container images used in a
--   pod creation request must be attested to by one or more attestors,
--   that all pod creations will be allowed, or that all pod creations will
--   be denied. Images matching an admission whitelist pattern are exempted
--   from admission rules and will never block a pod creation.
--   
--   <i>See:</i> <a>admissionRule</a> smart constructor.
data AdmissionRule

-- | Creates a value of <a>AdmissionRule</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>arEnforcementMode</a></li>
--   <li><a>arEvaluationMode</a></li>
--   <li><a>arRequireAttestationsBy</a></li>
--   </ul>
admissionRule :: AdmissionRule

-- | Required. The action when a pod creation is denied by the admission
--   rule.
arEnforcementMode :: Lens' AdmissionRule (Maybe AdmissionRuleEnforcementMode)

-- | Required. How this admission rule will be evaluated.
arEvaluationMode :: Lens' AdmissionRule (Maybe AdmissionRuleEvaluationMode)

-- | Optional. The resource names of the attestors that must attest to a
--   container image, in the format `projects/*/attestors/*`. Each attestor
--   must exist before a policy can reference it. To add an attestor to a
--   policy the principal issuing the policy change request must be able to
--   read the attestor resource. Note: this field must be non-empty when
--   the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it
--   must be empty.
arRequireAttestationsBy :: Lens' AdmissionRule [Text]

-- | Required. How this admission rule will be evaluated.
data AdmissionRuleEvaluationMode

-- | <tt>EVALUATION_MODE_UNSPECIFIED</tt> Do not use.
EvaluationModeUnspecified :: AdmissionRuleEvaluationMode

-- | <tt>ALWAYS_ALLOW</tt> This rule allows all all pod creations.
AlwaysAllow :: AdmissionRuleEvaluationMode

-- | <tt>REQUIRE_ATTESTATION</tt> This rule allows a pod creation if all
--   the attestors listed in 'require_attestations_by' have valid
--   attestations for all of the images in the pod spec.
RequireAttestation :: AdmissionRuleEvaluationMode

-- | <tt>ALWAYS_DENY</tt> This rule denies all pod creations.
AlwaysDeny :: AdmissionRuleEvaluationMode

-- | V1 error format.
data Xgafv

-- | <tt>1</tt> v1 error format
X1 :: Xgafv

-- | <tt>2</tt> v2 error format
X2 :: Xgafv

-- | Request message for `TestIamPermissions` method.
--   
--   <i>See:</i> <a>testIAMPermissionsRequest</a> smart constructor.
data TestIAMPermissionsRequest

-- | Creates a value of <a>TestIAMPermissionsRequest</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tiprPermissions</a></li>
--   </ul>
testIAMPermissionsRequest :: TestIAMPermissionsRequest

-- | The set of permissions to check for the `resource`. Permissions with
--   wildcards (such as '*' or 'storage.*') are not allowed. For more
--   information see <a>IAM Overview</a>.
tiprPermissions :: Lens' TestIAMPermissionsRequest [Text]

-- | Defines an Identity and Access Management (IAM) policy. It is used to
--   specify access control policies for Cloud Platform resources. A
--   `Policy` consists of a list of `bindings`. A `binding` binds a list of
--   `members` to a `role`, where the members can be user accounts, Google
--   groups, Google domains, and service accounts. A `role` is a named list
--   of permissions defined by IAM. **JSON Example** { "bindings": [ {
--   "role": "roles/owner", "members": [ "user:mike'example.com",
--   "group:admins'example.com", "domain:google.com",
--   "serviceAccount:my-other-app'appspot.gserviceaccount.com" ] }, {
--   "role": "roles/viewer", "members": ["user:sean'example.com"] } ] }
--   **YAML Example** bindings: - members: - user:mike'example.com -
--   group:admins'example.com - domain:google.com -
--   serviceAccount:my-other-app'appspot.gserviceaccount.com role:
--   roles/owner - members: - user:sean'example.com role: roles/viewer For
--   a description of IAM and its features, see the <a>IAM developer's
--   guide</a>.
--   
--   <i>See:</i> <a>iamPolicy</a> smart constructor.
data IAMPolicy

-- | Creates a value of <a>IAMPolicy</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipEtag</a></li>
--   <li><a>ipVersion</a></li>
--   <li><a>ipBindings</a></li>
--   </ul>
iamPolicy :: IAMPolicy

-- | `etag` is used for optimistic concurrency control as a way to help
--   prevent simultaneous updates of a policy from overwriting each other.
--   It is strongly suggested that systems make use of the `etag` in the
--   read-modify-write cycle to perform policy updates in order to avoid
--   race conditions: An `etag` is returned in the response to
--   `getIamPolicy`, and systems are expected to put that etag in the
--   request to `setIamPolicy` to ensure that their change will be applied
--   to the same version of the policy. If no `etag` is provided in the
--   call to `setIamPolicy`, then the existing policy is overwritten
--   blindly.
ipEtag :: Lens' IAMPolicy (Maybe ByteString)

-- | Deprecated.
ipVersion :: Lens' IAMPolicy (Maybe Int32)

-- | Associates a list of `members` to a `role`. `bindings` with no members
--   will result in an error.
ipBindings :: Lens' IAMPolicy [Binding]

-- | An attestor public key that will be used to verify attestations signed
--   by this attestor.
--   
--   <i>See:</i> <a>attestorPublicKey</a> smart constructor.
data AttestorPublicKey

-- | Creates a value of <a>AttestorPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>apkPkixPublicKey</a></li>
--   <li><a>apkAsciiArmoredPgpPublicKey</a></li>
--   <li><a>apkId</a></li>
--   <li><a>apkComment</a></li>
--   </ul>
attestorPublicKey :: AttestorPublicKey

-- | A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be
--   explicitly provided by the caller when using this type of public key,
--   but it MUST be a valid RFC3986 URI. If `id` is left blank, a default
--   one will be computed based on the digest of the DER encoding of the
--   public key.
apkPkixPublicKey :: Lens' AttestorPublicKey (Maybe PkixPublicKey)

-- | ASCII-armored representation of a PGP public key, as the entire output
--   by the command `gpg --export --armor foo'example.com` (either LF or
--   CRLF line endings). When using this field, `id` should be left blank.
--   The BinAuthz API handlers will calculate the ID and fill it in
--   automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4
--   fingerprint, represented as upper-case hex. If `id` is provided by the
--   caller, it will be overwritten by the API-calculated ID.
apkAsciiArmoredPgpPublicKey :: Lens' AttestorPublicKey (Maybe Text)

-- | The ID of this public key. Signatures verified by BinAuthz must
--   include the ID of the public key that can be used to verify them, and
--   that ID must match the contents of this field exactly. Additional
--   restrictions on this field can be imposed based on which public key
--   type is encapsulated. See the documentation on `public_key` cases
--   below for details.
apkId :: Lens' AttestorPublicKey (Maybe Text)

-- | Optional. A descriptive comment. This field may be updated.
apkComment :: Lens' AttestorPublicKey (Maybe Text)

-- | Response message for `TestIamPermissions` method.
--   
--   <i>See:</i> <a>testIAMPermissionsResponse</a> smart constructor.
data TestIAMPermissionsResponse

-- | Creates a value of <a>TestIAMPermissionsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tiamprPermissions</a></li>
--   </ul>
testIAMPermissionsResponse :: TestIAMPermissionsResponse

-- | A subset of `TestPermissionsRequest.permissions` that the caller is
--   allowed.
tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text]

-- | A policy for container image binary authorization.
--   
--   <i>See:</i> <a>policy</a> smart constructor.
data Policy

-- | Creates a value of <a>Policy</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pDefaultAdmissionRule</a></li>
--   <li><a>pAdmissionWhiteListPatterns</a></li>
--   <li><a>pClusterAdmissionRules</a></li>
--   <li><a>pUpdateTime</a></li>
--   <li><a>pName</a></li>
--   <li><a>pGlobalPolicyEvaluationMode</a></li>
--   <li><a>pDescription</a></li>
--   </ul>
policy :: Policy

-- | Required. Default admission rule for a cluster without a per-cluster,
--   per- kubernetes-service-account, or per-istio-service-identity
--   admission rule.
pDefaultAdmissionRule :: Lens' Policy (Maybe AdmissionRule)

-- | Optional. Admission policy whitelisting. A matching admission request
--   will always be permitted. This feature is typically used to exclude
--   Google or third-party infrastructure images from Binary Authorization
--   policies.
pAdmissionWhiteListPatterns :: Lens' Policy [AdmissionWhiteListPattern]

-- | Optional. Per-cluster admission rules. Cluster spec format:
--   `location.clusterId`. There can be at most one admission rule per
--   cluster spec. A `location` is either a compute zone (e.g.
--   us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax
--   restrictions see
--   https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
pClusterAdmissionRules :: Lens' Policy (Maybe PolicyClusterAdmissionRules)

-- | Output only. Time when the policy was last updated.
pUpdateTime :: Lens' Policy (Maybe UTCTime)

-- | Output only. The resource name, in the format `projects/*/policy`.
--   There is at most one policy per project.
pName :: Lens' Policy (Maybe Text)

-- | Optional. Controls the evaluation of a Google-maintained global
--   admission policy for common system-level images. Images not covered by
--   the global policy will be subject to the project admission policy.
--   This setting has no effect when specified inside a global admission
--   policy.
pGlobalPolicyEvaluationMode :: Lens' Policy (Maybe PolicyGlobalPolicyEvaluationMode)

-- | Optional. A descriptive comment.
pDescription :: Lens' Policy (Maybe Text)

-- | Optional. Per-cluster admission rules. Cluster spec format:
--   `location.clusterId`. There can be at most one admission rule per
--   cluster spec. A `location` is either a compute zone (e.g.
--   us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax
--   restrictions see
--   https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
--   
--   <i>See:</i> <a>policyClusterAdmissionRules</a> smart constructor.
data PolicyClusterAdmissionRules

-- | Creates a value of <a>PolicyClusterAdmissionRules</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pcarAddtional</a></li>
--   </ul>
policyClusterAdmissionRules :: HashMap Text AdmissionRule -> PolicyClusterAdmissionRules
pcarAddtional :: Lens' PolicyClusterAdmissionRules (HashMap Text AdmissionRule)

-- | An attestor that attests to container image artifacts. An existing
--   attestor cannot be modified except where indicated.
--   
--   <i>See:</i> <a>attestor</a> smart constructor.
data Attestor

-- | Creates a value of <a>Attestor</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>aUserOwnedDrydockNote</a></li>
--   <li><a>aUpdateTime</a></li>
--   <li><a>aName</a></li>
--   <li><a>aDescription</a></li>
--   </ul>
attestor :: Attestor

-- | A Drydock ATTESTATION_AUTHORITY Note, created by the user.
aUserOwnedDrydockNote :: Lens' Attestor (Maybe UserOwnedDrydockNote)

-- | Output only. Time when the attestor was last updated.
aUpdateTime :: Lens' Attestor (Maybe UTCTime)

-- | Required. The resource name, in the format: `projects/*/attestors/*`.
--   This field may not be updated.
aName :: Lens' Attestor (Maybe Text)

-- | Optional. A descriptive comment. This field may be updated. The field
--   may be displayed in chooser dialogs.
aDescription :: Lens' Attestor (Maybe Text)

-- | Associates `members` with a `role`.
--   
--   <i>See:</i> <a>binding</a> smart constructor.
data Binding

-- | Creates a value of <a>Binding</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>bMembers</a></li>
--   <li><a>bRole</a></li>
--   <li><a>bCondition</a></li>
--   </ul>
binding :: Binding

-- | Specifies the identities requesting access for a Cloud Platform
--   resource. `members` can have the following values: * `allUsers`: A
--   special identifier that represents anyone who is on the internet; with
--   or without a Google account. * `allAuthenticatedUsers`: A special
--   identifier that represents anyone who is authenticated with a Google
--   account or a service account. * `user:{emailid}`: An email address
--   that represents a specific Google account. For example,
--   `alice'gmail.com` . * `serviceAccount:{emailid}`: An email address
--   that represents a service account. For example,
--   `my-other-app'appspot.gserviceaccount.com`. * `group:{emailid}`: An
--   email address that represents a Google group. For example,
--   `admins'example.com`. * `domain:{domain}`: The G Suite domain
--   (primary) that represents all the users of that domain. For example,
--   `google.com` or `example.com`.
bMembers :: Lens' Binding [Text]

-- | Role that is assigned to `members`. For example, `roles/viewer`,
--   `roles/editor`, or `roles/owner`.
bRole :: Lens' Binding (Maybe Text)

-- | The condition that is associated with this binding. NOTE: An
--   unsatisfied condition will not allow user access via current binding.
--   Different bindings, including their conditions, are examined
--   independently.
bCondition :: Lens' Binding (Maybe Expr)