{-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE NoImplicitPrelude #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} -- | -- Module : Network.Google.IAM.Types.Product -- Copyright : (c) 2015-2016 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- module Network.Google.IAM.Types.Product where import Network.Google.IAM.Types.Sum import Network.Google.Prelude -- | The response of a lint operation. An empty response indicates the -- operation was able to fully execute and no lint issue was found. -- -- /See:/ 'lintPolicyResponse' smart constructor. newtype LintPolicyResponse = LintPolicyResponse' { _lprLintResults :: Maybe [LintResult] } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'LintPolicyResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lprLintResults' lintPolicyResponse :: LintPolicyResponse lintPolicyResponse = LintPolicyResponse' {_lprLintResults = Nothing} -- | List of lint results sorted by a composite key, descending order of -- severity and ascending order of binding_ordinal. There is no certain -- order among the same keys. For cross-binding results (only if the input -- object to lint is instance of google.iam.v1.Policy), there will be a -- google.iam.admin.v1.LintResult for each of the involved bindings, and -- the associated debug_message may enumerate the other involved binding -- ordinal number(s). lprLintResults :: Lens' LintPolicyResponse [LintResult] lprLintResults = lens _lprLintResults (\ s a -> s{_lprLintResults = a}) . _Default . _Coerce instance FromJSON LintPolicyResponse where parseJSON = withObject "LintPolicyResponse" (\ o -> LintPolicyResponse' <$> (o .:? "lintResults" .!= mempty)) instance ToJSON LintPolicyResponse where toJSON LintPolicyResponse'{..} = object (catMaybes [("lintResults" .=) <$> _lprLintResults]) -- | The request to undelete an existing role. -- -- /See:/ 'undeleteRoleRequest' smart constructor. newtype UndeleteRoleRequest = UndeleteRoleRequest' { _urrEtag :: Maybe Bytes } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'UndeleteRoleRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'urrEtag' undeleteRoleRequest :: UndeleteRoleRequest undeleteRoleRequest = UndeleteRoleRequest' {_urrEtag = Nothing} -- | Used to perform a consistent read-modify-write. urrEtag :: Lens' UndeleteRoleRequest (Maybe ByteString) urrEtag = lens _urrEtag (\ s a -> s{_urrEtag = a}) . mapping _Bytes instance FromJSON UndeleteRoleRequest where parseJSON = withObject "UndeleteRoleRequest" (\ o -> UndeleteRoleRequest' <$> (o .:? "etag")) instance ToJSON UndeleteRoleRequest where toJSON UndeleteRoleRequest'{..} = object (catMaybes [("etag" .=) <$> _urrEtag]) -- | Specifies the audit configuration for a service. The configuration -- determines which permission types are logged, and what identities, if -- any, are exempted from logging. An AuditConfig must have one or more -- AuditLogConfigs. If there are AuditConfigs for both \`allServices\` and -- a specific service, the union of the two AuditConfigs is used for that -- service: the log_types specified in each AuditConfig are enabled, and -- the exempted_members in each AuditLogConfig are exempted. Example Policy -- with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": -- \"allServices\" \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", -- \"exempted_members\": [ \"user:foo\'gmail.com\" ] }, { \"log_type\": -- \"DATA_WRITE\", }, { \"log_type\": \"ADMIN_READ\", } ] }, { \"service\": -- \"fooservice.googleapis.com\" \"audit_log_configs\": [ { \"log_type\": -- \"DATA_READ\", }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": -- [ \"user:bar\'gmail.com\" ] } ] } ] } For fooservice, this policy -- enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts -- foo\'gmail.com from DATA_READ logging, and bar\'gmail.com from -- DATA_WRITE logging. -- -- /See:/ 'auditConfig' smart constructor. data AuditConfig = AuditConfig' { _acService :: !(Maybe Text) , _acAuditLogConfigs :: !(Maybe [AuditLogConfig]) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'AuditConfig' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'acService' -- -- * 'acAuditLogConfigs' auditConfig :: AuditConfig auditConfig = AuditConfig' {_acService = Nothing, _acAuditLogConfigs = Nothing} -- | Specifies a service that will be enabled for audit logging. For example, -- \`storage.googleapis.com\`, \`cloudsql.googleapis.com\`. \`allServices\` -- is a special value that covers all services. acService :: Lens' AuditConfig (Maybe Text) acService = lens _acService (\ s a -> s{_acService = a}) -- | The configuration for logging of each type of permission. acAuditLogConfigs :: Lens' AuditConfig [AuditLogConfig] acAuditLogConfigs = lens _acAuditLogConfigs (\ s a -> s{_acAuditLogConfigs = a}) . _Default . _Coerce instance FromJSON AuditConfig where parseJSON = withObject "AuditConfig" (\ o -> AuditConfig' <$> (o .:? "service") <*> (o .:? "auditLogConfigs" .!= mempty)) instance ToJSON AuditConfig where toJSON AuditConfig'{..} = object (catMaybes [("service" .=) <$> _acService, ("auditLogConfigs" .=) <$> _acAuditLogConfigs]) -- | Represents an expression text. Example: title: \"User account presence\" -- description: \"Determines whether the request has a user account\" -- expression: \"size(request.user) > 0\" -- -- /See:/ 'expr' smart constructor. data Expr = Expr' { _eLocation :: !(Maybe Text) , _eExpression :: !(Maybe Text) , _eTitle :: !(Maybe Text) , _eDescription :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'Expr' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'eLocation' -- -- * 'eExpression' -- -- * 'eTitle' -- -- * 'eDescription' expr :: Expr expr = Expr' { _eLocation = Nothing , _eExpression = Nothing , _eTitle = Nothing , _eDescription = Nothing } -- | An optional string indicating the location of the expression for error -- reporting, e.g. a file name and a position in the file. eLocation :: Lens' Expr (Maybe Text) eLocation = lens _eLocation (\ s a -> s{_eLocation = a}) -- | Textual representation of an expression in Common Expression Language -- syntax. The application context of the containing message determines -- which well-known feature set of CEL is supported. eExpression :: Lens' Expr (Maybe Text) eExpression = lens _eExpression (\ s a -> s{_eExpression = a}) -- | An optional title for the expression, i.e. a short string describing its -- purpose. This can be used e.g. in UIs which allow to enter the -- expression. eTitle :: Lens' Expr (Maybe Text) eTitle = lens _eTitle (\ s a -> s{_eTitle = a}) -- | An optional description of the expression. This is a longer text which -- describes the expression, e.g. when hovered over it in a UI. eDescription :: Lens' Expr (Maybe Text) eDescription = lens _eDescription (\ s a -> s{_eDescription = a}) instance FromJSON Expr where parseJSON = withObject "Expr" (\ o -> Expr' <$> (o .:? "location") <*> (o .:? "expression") <*> (o .:? "title") <*> (o .:? "description")) instance ToJSON Expr where toJSON Expr'{..} = object (catMaybes [("location" .=) <$> _eLocation, ("expression" .=) <$> _eExpression, ("title" .=) <$> _eTitle, ("description" .=) <$> _eDescription]) -- | The service account undelete request. -- -- /See:/ 'undeleteServiceAccountRequest' smart constructor. data UndeleteServiceAccountRequest = UndeleteServiceAccountRequest' deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'UndeleteServiceAccountRequest' with the minimum fields required to make a request. -- undeleteServiceAccountRequest :: UndeleteServiceAccountRequest undeleteServiceAccountRequest = UndeleteServiceAccountRequest' instance FromJSON UndeleteServiceAccountRequest where parseJSON = withObject "UndeleteServiceAccountRequest" (\ o -> pure UndeleteServiceAccountRequest') instance ToJSON UndeleteServiceAccountRequest where toJSON = const emptyObject -- | Contains information about an auditable service. -- -- /See:/ 'auditableService' smart constructor. newtype AuditableService = AuditableService' { _asName :: Maybe Text } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'AuditableService' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'asName' auditableService :: AuditableService auditableService = AuditableService' {_asName = Nothing} -- | Public name of the service. For example, the service name for Cloud IAM -- is \'iam.googleapis.com\'. asName :: Lens' AuditableService (Maybe Text) asName = lens _asName (\ s a -> s{_asName = a}) instance FromJSON AuditableService where parseJSON = withObject "AuditableService" (\ o -> AuditableService' <$> (o .:? "name")) instance ToJSON AuditableService where toJSON AuditableService'{..} = object (catMaybes [("name" .=) <$> _asName]) -- | A request to get the list of auditable services for a resource. -- -- /See:/ 'queryAuditableServicesRequest' smart constructor. newtype QueryAuditableServicesRequest = QueryAuditableServicesRequest' { _qasrFullResourceName :: Maybe Text } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'QueryAuditableServicesRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'qasrFullResourceName' queryAuditableServicesRequest :: QueryAuditableServicesRequest queryAuditableServicesRequest = QueryAuditableServicesRequest' {_qasrFullResourceName = Nothing} -- | Required. The full resource name to query from the list of auditable -- services. The name follows the Google Cloud Platform resource format. -- For example, a Cloud Platform project with id \`my-project\` will be -- named \`\/\/cloudresourcemanager.googleapis.com\/projects\/my-project\`. qasrFullResourceName :: Lens' QueryAuditableServicesRequest (Maybe Text) qasrFullResourceName = lens _qasrFullResourceName (\ s a -> s{_qasrFullResourceName = a}) instance FromJSON QueryAuditableServicesRequest where parseJSON = withObject "QueryAuditableServicesRequest" (\ o -> QueryAuditableServicesRequest' <$> (o .:? "fullResourceName")) instance ToJSON QueryAuditableServicesRequest where toJSON QueryAuditableServicesRequest'{..} = object (catMaybes [("fullResourceName" .=) <$> _qasrFullResourceName]) -- | A generic empty message that you can re-use to avoid defining duplicated -- empty messages in your APIs. A typical example is to use it as the -- request or the response type of an API method. For instance: service Foo -- { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The -- JSON representation for \`Empty\` is empty JSON object \`{}\`. -- -- /See:/ 'empty' smart constructor. data Empty = Empty' deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'Empty' with the minimum fields required to make a request. -- empty :: Empty empty = Empty' instance FromJSON Empty where parseJSON = withObject "Empty" (\ o -> pure Empty') instance ToJSON Empty where toJSON = const emptyObject -- | The response containing permissions which can be tested on a resource. -- -- /See:/ 'queryTestablePermissionsResponse' smart constructor. data QueryTestablePermissionsResponse = QueryTestablePermissionsResponse' { _qtprNextPageToken :: !(Maybe Text) , _qtprPermissions :: !(Maybe [Permission]) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'QueryTestablePermissionsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'qtprNextPageToken' -- -- * 'qtprPermissions' queryTestablePermissionsResponse :: QueryTestablePermissionsResponse queryTestablePermissionsResponse = QueryTestablePermissionsResponse' {_qtprNextPageToken = Nothing, _qtprPermissions = Nothing} -- | To retrieve the next page of results, set -- \`QueryTestableRolesRequest.page_token\` to this value. qtprNextPageToken :: Lens' QueryTestablePermissionsResponse (Maybe Text) qtprNextPageToken = lens _qtprNextPageToken (\ s a -> s{_qtprNextPageToken = a}) -- | The Permissions testable on the requested resource. qtprPermissions :: Lens' QueryTestablePermissionsResponse [Permission] qtprPermissions = lens _qtprPermissions (\ s a -> s{_qtprPermissions = a}) . _Default . _Coerce instance FromJSON QueryTestablePermissionsResponse where parseJSON = withObject "QueryTestablePermissionsResponse" (\ o -> QueryTestablePermissionsResponse' <$> (o .:? "nextPageToken") <*> (o .:? "permissions" .!= mempty)) instance ToJSON QueryTestablePermissionsResponse where toJSON QueryTestablePermissionsResponse'{..} = object (catMaybes [("nextPageToken" .=) <$> _qtprNextPageToken, ("permissions" .=) <$> _qtprPermissions]) -- | Audit log information specific to Cloud IAM. This message is serialized -- as an \`Any\` type in the \`ServiceData\` message of an \`AuditLog\` -- message. -- -- /See:/ 'auditData' smart constructor. newtype AuditData = AuditData' { _adPolicyDelta :: Maybe PolicyDelta } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'AuditData' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'adPolicyDelta' auditData :: AuditData auditData = AuditData' {_adPolicyDelta = Nothing} -- | Policy delta between the original policy and the newly set policy. adPolicyDelta :: Lens' AuditData (Maybe PolicyDelta) adPolicyDelta = lens _adPolicyDelta (\ s a -> s{_adPolicyDelta = a}) instance FromJSON AuditData where parseJSON = withObject "AuditData" (\ o -> AuditData' <$> (o .:? "policyDelta")) instance ToJSON AuditData where toJSON AuditData'{..} = object (catMaybes [("policyDelta" .=) <$> _adPolicyDelta]) -- | A response containing a list of auditable services for a resource. -- -- /See:/ 'queryAuditableServicesResponse' smart constructor. newtype QueryAuditableServicesResponse = QueryAuditableServicesResponse' { _qasrServices :: Maybe [AuditableService] } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'QueryAuditableServicesResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'qasrServices' queryAuditableServicesResponse :: QueryAuditableServicesResponse queryAuditableServicesResponse = QueryAuditableServicesResponse' {_qasrServices = Nothing} -- | The auditable services for a resource. qasrServices :: Lens' QueryAuditableServicesResponse [AuditableService] qasrServices = lens _qasrServices (\ s a -> s{_qasrServices = a}) . _Default . _Coerce instance FromJSON QueryAuditableServicesResponse where parseJSON = withObject "QueryAuditableServicesResponse" (\ o -> QueryAuditableServicesResponse' <$> (o .:? "services" .!= mempty)) instance ToJSON QueryAuditableServicesResponse where toJSON QueryAuditableServicesResponse'{..} = object (catMaybes [("services" .=) <$> _qasrServices]) -- | Represents a service account key. A service account has two sets of -- key-pairs: user-managed, and system-managed. User-managed key-pairs can -- be created and deleted by users. Users are responsible for rotating -- these keys periodically to ensure security of their service accounts. -- Users retain the private key of these key-pairs, and Google retains ONLY -- the public key. System-managed keys are automatically rotated by Google, -- and are used for signing for a maximum of two weeks. The rotation -- process is probabilistic, and usage of the new key will gradually ramp -- up and down over the key\'s lifetime. We recommend caching the public -- key set for a service account for no more than 24 hours to ensure you -- have access to the latest keys. Public keys for all service accounts are -- also published at the OAuth2 Service Account API. -- -- /See:/ 'serviceAccountKey' smart constructor. data ServiceAccountKey = ServiceAccountKey' { _sakValidAfterTime :: !(Maybe DateTime') , _sakPrivateKeyData :: !(Maybe Bytes) , _sakPublicKeyData :: !(Maybe Bytes) , _sakName :: !(Maybe Text) , _sakPrivateKeyType :: !(Maybe ServiceAccountKeyPrivateKeyType) , _sakValidBeforeTime :: !(Maybe DateTime') , _sakKeyAlgorithm :: !(Maybe ServiceAccountKeyKeyAlgorithm) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'ServiceAccountKey' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'sakValidAfterTime' -- -- * 'sakPrivateKeyData' -- -- * 'sakPublicKeyData' -- -- * 'sakName' -- -- * 'sakPrivateKeyType' -- -- * 'sakValidBeforeTime' -- -- * 'sakKeyAlgorithm' serviceAccountKey :: ServiceAccountKey serviceAccountKey = ServiceAccountKey' { _sakValidAfterTime = Nothing , _sakPrivateKeyData = Nothing , _sakPublicKeyData = Nothing , _sakName = Nothing , _sakPrivateKeyType = Nothing , _sakValidBeforeTime = Nothing , _sakKeyAlgorithm = Nothing } -- | The key can be used after this timestamp. sakValidAfterTime :: Lens' ServiceAccountKey (Maybe UTCTime) sakValidAfterTime = lens _sakValidAfterTime (\ s a -> s{_sakValidAfterTime = a}) . mapping _DateTime -- | The private key data. Only provided in \`CreateServiceAccountKey\` -- responses. Make sure to keep the private key data secure because it -- allows for the assertion of the service account identity. When base64 -- decoded, the private key data can be used to authenticate with Google -- API client libraries and with -- . sakPrivateKeyData :: Lens' ServiceAccountKey (Maybe ByteString) sakPrivateKeyData = lens _sakPrivateKeyData (\ s a -> s{_sakPrivateKeyData = a}) . mapping _Bytes -- | The public key data. Only provided in \`GetServiceAccountKey\` -- responses. sakPublicKeyData :: Lens' ServiceAccountKey (Maybe ByteString) sakPublicKeyData = lens _sakPublicKeyData (\ s a -> s{_sakPublicKeyData = a}) . mapping _Bytes -- | The resource name of the service account key in the following format -- \`projects\/{PROJECT_ID}\/serviceAccounts\/{ACCOUNT}\/keys\/{key}\`. sakName :: Lens' ServiceAccountKey (Maybe Text) sakName = lens _sakName (\ s a -> s{_sakName = a}) -- | The output format for the private key. Only provided in -- \`CreateServiceAccountKey\` responses, not in \`GetServiceAccountKey\` -- or \`ListServiceAccountKey\` responses. Google never exposes -- system-managed private keys, and never retains user-managed private -- keys. sakPrivateKeyType :: Lens' ServiceAccountKey (Maybe ServiceAccountKeyPrivateKeyType) sakPrivateKeyType = lens _sakPrivateKeyType (\ s a -> s{_sakPrivateKeyType = a}) -- | The key can be used before this timestamp. sakValidBeforeTime :: Lens' ServiceAccountKey (Maybe UTCTime) sakValidBeforeTime = lens _sakValidBeforeTime (\ s a -> s{_sakValidBeforeTime = a}) . mapping _DateTime -- | Specifies the algorithm (and possibly key size) for the key. sakKeyAlgorithm :: Lens' ServiceAccountKey (Maybe ServiceAccountKeyKeyAlgorithm) sakKeyAlgorithm = lens _sakKeyAlgorithm (\ s a -> s{_sakKeyAlgorithm = a}) instance FromJSON ServiceAccountKey where parseJSON = withObject "ServiceAccountKey" (\ o -> ServiceAccountKey' <$> (o .:? "validAfterTime") <*> (o .:? "privateKeyData") <*> (o .:? "publicKeyData") <*> (o .:? "name") <*> (o .:? "privateKeyType") <*> (o .:? "validBeforeTime") <*> (o .:? "keyAlgorithm")) instance ToJSON ServiceAccountKey where toJSON ServiceAccountKey'{..} = object (catMaybes [("validAfterTime" .=) <$> _sakValidAfterTime, ("privateKeyData" .=) <$> _sakPrivateKeyData, ("publicKeyData" .=) <$> _sakPublicKeyData, ("name" .=) <$> _sakName, ("privateKeyType" .=) <$> _sakPrivateKeyType, ("validBeforeTime" .=) <$> _sakValidBeforeTime, ("keyAlgorithm" .=) <$> _sakKeyAlgorithm]) -- | Structured response of a single validation unit. -- -- /See:/ 'lintResult' smart constructor. data LintResult = LintResult' { _lrValidationUnitName :: !(Maybe Text) , _lrDebugMessage :: !(Maybe Text) , _lrLocationOffSet :: !(Maybe (Textual Int32)) , _lrSeverity :: !(Maybe LintResultSeverity) , _lrBindingOrdinal :: !(Maybe (Textual Int32)) , _lrFieldName :: !(Maybe Text) , _lrLevel :: !(Maybe LintResultLevel) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'LintResult' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lrValidationUnitName' -- -- * 'lrDebugMessage' -- -- * 'lrLocationOffSet' -- -- * 'lrSeverity' -- -- * 'lrBindingOrdinal' -- -- * 'lrFieldName' -- -- * 'lrLevel' lintResult :: LintResult lintResult = LintResult' { _lrValidationUnitName = Nothing , _lrDebugMessage = Nothing , _lrLocationOffSet = Nothing , _lrSeverity = Nothing , _lrBindingOrdinal = Nothing , _lrFieldName = Nothing , _lrLevel = Nothing } -- | The validation unit name, for instance -- “lintValidationUnits\/ConditionComplexityCheck”. lrValidationUnitName :: Lens' LintResult (Maybe Text) lrValidationUnitName = lens _lrValidationUnitName (\ s a -> s{_lrValidationUnitName = a}) -- | Human readable debug message associated with the issue. lrDebugMessage :: Lens' LintResult (Maybe Text) lrDebugMessage = lens _lrDebugMessage (\ s a -> s{_lrDebugMessage = a}) -- | 0-based character position of problematic construct within the object -- identified by \`field_name\`. Currently, this is populated only for -- condition expression. lrLocationOffSet :: Lens' LintResult (Maybe Int32) lrLocationOffSet = lens _lrLocationOffSet (\ s a -> s{_lrLocationOffSet = a}) . mapping _Coerce -- | The validation unit severity. lrSeverity :: Lens' LintResult (Maybe LintResultSeverity) lrSeverity = lens _lrSeverity (\ s a -> s{_lrSeverity = a}) -- | 0-based index ordinality of the binding in the input object associated -- with this result. This field is populated only if the input object to -- lint is of type google.iam.v1.Policy, which can comprise more than one -- binding. It is set to -1 if the result is not associated with any -- particular binding and only targets the policy as a whole, such as -- results about policy size violations. lrBindingOrdinal :: Lens' LintResult (Maybe Int32) lrBindingOrdinal = lens _lrBindingOrdinal (\ s a -> s{_lrBindingOrdinal = a}) . mapping _Coerce -- | The name of the field for which this lint result is about. For nested -- messages, \`field_name\` consists of names of the embedded fields -- separated by period character. The top-level qualifier is the input -- object to lint in the request. For instance, if the lint request is on a -- google.iam.v1.Policy and this lint result is about a condition -- expression of one of the input policy bindings, the field would be -- populated as \`policy.bindings.condition.expression\`. This field does -- not identify the ordinality of the repetitive fields (for instance -- bindings in a policy). lrFieldName :: Lens' LintResult (Maybe Text) lrFieldName = lens _lrFieldName (\ s a -> s{_lrFieldName = a}) -- | The validation unit level. lrLevel :: Lens' LintResult (Maybe LintResultLevel) lrLevel = lens _lrLevel (\ s a -> s{_lrLevel = a}) instance FromJSON LintResult where parseJSON = withObject "LintResult" (\ o -> LintResult' <$> (o .:? "validationUnitName") <*> (o .:? "debugMessage") <*> (o .:? "locationOffset") <*> (o .:? "severity") <*> (o .:? "bindingOrdinal") <*> (o .:? "fieldName") <*> (o .:? "level")) instance ToJSON LintResult where toJSON LintResult'{..} = object (catMaybes [("validationUnitName" .=) <$> _lrValidationUnitName, ("debugMessage" .=) <$> _lrDebugMessage, ("locationOffset" .=) <$> _lrLocationOffSet, ("severity" .=) <$> _lrSeverity, ("bindingOrdinal" .=) <$> _lrBindingOrdinal, ("fieldName" .=) <$> _lrFieldName, ("level" .=) <$> _lrLevel]) -- | The service account key create request. -- -- /See:/ 'createServiceAccountKeyRequest' smart constructor. data CreateServiceAccountKeyRequest = CreateServiceAccountKeyRequest' { _csakrPrivateKeyType :: !(Maybe CreateServiceAccountKeyRequestPrivateKeyType) , _csakrKeyAlgorithm :: !(Maybe CreateServiceAccountKeyRequestKeyAlgorithm) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'CreateServiceAccountKeyRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'csakrPrivateKeyType' -- -- * 'csakrKeyAlgorithm' createServiceAccountKeyRequest :: CreateServiceAccountKeyRequest createServiceAccountKeyRequest = CreateServiceAccountKeyRequest' {_csakrPrivateKeyType = Nothing, _csakrKeyAlgorithm = Nothing} -- | The output format of the private key. The default value is -- \`TYPE_GOOGLE_CREDENTIALS_FILE\`, which is the Google Credentials File -- format. csakrPrivateKeyType :: Lens' CreateServiceAccountKeyRequest (Maybe CreateServiceAccountKeyRequestPrivateKeyType) csakrPrivateKeyType = lens _csakrPrivateKeyType (\ s a -> s{_csakrPrivateKeyType = a}) -- | Which type of key and algorithm to use for the key. The default is -- currently a 2K RSA key. However this may change in the future. csakrKeyAlgorithm :: Lens' CreateServiceAccountKeyRequest (Maybe CreateServiceAccountKeyRequestKeyAlgorithm) csakrKeyAlgorithm = lens _csakrKeyAlgorithm (\ s a -> s{_csakrKeyAlgorithm = a}) instance FromJSON CreateServiceAccountKeyRequest where parseJSON = withObject "CreateServiceAccountKeyRequest" (\ o -> CreateServiceAccountKeyRequest' <$> (o .:? "privateKeyType") <*> (o .:? "keyAlgorithm")) instance ToJSON CreateServiceAccountKeyRequest where toJSON CreateServiceAccountKeyRequest'{..} = object (catMaybes [("privateKeyType" .=) <$> _csakrPrivateKeyType, ("keyAlgorithm" .=) <$> _csakrKeyAlgorithm]) -- | Request message for \`SetIamPolicy\` method. -- -- /See:/ 'setIAMPolicyRequest' smart constructor. data SetIAMPolicyRequest = SetIAMPolicyRequest' { _siprUpdateMask :: !(Maybe GFieldMask) , _siprPolicy :: !(Maybe Policy) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'SetIAMPolicyRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'siprUpdateMask' -- -- * 'siprPolicy' setIAMPolicyRequest :: SetIAMPolicyRequest setIAMPolicyRequest = SetIAMPolicyRequest' {_siprUpdateMask = Nothing, _siprPolicy = Nothing} -- | OPTIONAL: A FieldMask specifying which fields of the policy to modify. -- Only the fields in the mask will be modified. If no mask is provided, -- the following default mask is used: paths: \"bindings, etag\" This field -- is only used by Cloud IAM. siprUpdateMask :: Lens' SetIAMPolicyRequest (Maybe GFieldMask) siprUpdateMask = lens _siprUpdateMask (\ s a -> s{_siprUpdateMask = a}) -- | REQUIRED: The complete policy to be applied to the \`resource\`. The -- size of the policy is limited to a few 10s of KB. An empty policy is a -- valid policy but certain Cloud Platform services (such as Projects) -- might reject them. siprPolicy :: Lens' SetIAMPolicyRequest (Maybe Policy) siprPolicy = lens _siprPolicy (\ s a -> s{_siprPolicy = a}) instance FromJSON SetIAMPolicyRequest where parseJSON = withObject "SetIAMPolicyRequest" (\ o -> SetIAMPolicyRequest' <$> (o .:? "updateMask") <*> (o .:? "policy")) instance ToJSON SetIAMPolicyRequest where toJSON SetIAMPolicyRequest'{..} = object (catMaybes [("updateMask" .=) <$> _siprUpdateMask, ("policy" .=) <$> _siprPolicy]) -- | The service account sign JWT response. -- -- /See:/ 'signJwtResponse' smart constructor. data SignJwtResponse = SignJwtResponse' { _sjrKeyId :: !(Maybe Text) , _sjrSignedJwt :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'SignJwtResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'sjrKeyId' -- -- * 'sjrSignedJwt' signJwtResponse :: SignJwtResponse signJwtResponse = SignJwtResponse' {_sjrKeyId = Nothing, _sjrSignedJwt = Nothing} -- | The id of the key used to sign the JWT. sjrKeyId :: Lens' SignJwtResponse (Maybe Text) sjrKeyId = lens _sjrKeyId (\ s a -> s{_sjrKeyId = a}) -- | The signed JWT. sjrSignedJwt :: Lens' SignJwtResponse (Maybe Text) sjrSignedJwt = lens _sjrSignedJwt (\ s a -> s{_sjrSignedJwt = a}) instance FromJSON SignJwtResponse where parseJSON = withObject "SignJwtResponse" (\ o -> SignJwtResponse' <$> (o .:? "keyId") <*> (o .:? "signedJwt")) instance ToJSON SignJwtResponse where toJSON SignJwtResponse'{..} = object (catMaybes [("keyId" .=) <$> _sjrKeyId, ("signedJwt" .=) <$> _sjrSignedJwt]) -- | One delta entry for Binding. Each individual change (only one member in -- each entry) to a binding will be a separate entry. -- -- /See:/ 'bindingDelta' smart constructor. data BindingDelta = BindingDelta' { _bdAction :: !(Maybe BindingDeltaAction) , _bdRole :: !(Maybe Text) , _bdMember :: !(Maybe Text) , _bdCondition :: !(Maybe Expr) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'BindingDelta' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'bdAction' -- -- * 'bdRole' -- -- * 'bdMember' -- -- * 'bdCondition' bindingDelta :: BindingDelta bindingDelta = BindingDelta' { _bdAction = Nothing , _bdRole = Nothing , _bdMember = Nothing , _bdCondition = Nothing } -- | The action that was performed on a Binding. Required bdAction :: Lens' BindingDelta (Maybe BindingDeltaAction) bdAction = lens _bdAction (\ s a -> s{_bdAction = a}) -- | Role that is assigned to \`members\`. For example, \`roles\/viewer\`, -- \`roles\/editor\`, or \`roles\/owner\`. Required bdRole :: Lens' BindingDelta (Maybe Text) bdRole = lens _bdRole (\ s a -> s{_bdRole = a}) -- | A single identity requesting access for a Cloud Platform resource. -- Follows the same format of Binding.members. Required bdMember :: Lens' BindingDelta (Maybe Text) bdMember = lens _bdMember (\ s a -> s{_bdMember = a}) -- | Unimplemented. The condition that is associated with this binding. This -- field is logged only for Cloud Audit Logging. bdCondition :: Lens' BindingDelta (Maybe Expr) bdCondition = lens _bdCondition (\ s a -> s{_bdCondition = a}) instance FromJSON BindingDelta where parseJSON = withObject "BindingDelta" (\ o -> BindingDelta' <$> (o .:? "action") <*> (o .:? "role") <*> (o .:? "member") <*> (o .:? "condition")) instance ToJSON BindingDelta where toJSON BindingDelta'{..} = object (catMaybes [("action" .=) <$> _bdAction, ("role" .=) <$> _bdRole, ("member" .=) <$> _bdMember, ("condition" .=) <$> _bdCondition]) -- | \`context\` contains additional *permission-controlled* data that any -- lint unit may depend on, in form of \`{key: value}\` pairs. Currently, -- this field is non-operational and it will not be used during the lint -- operation. -- -- /See:/ 'lintPolicyRequestContext' smart constructor. newtype LintPolicyRequestContext = LintPolicyRequestContext' { _lprcAddtional :: HashMap Text JSONValue } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'LintPolicyRequestContext' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lprcAddtional' lintPolicyRequestContext :: HashMap Text JSONValue -- ^ 'lprcAddtional' -> LintPolicyRequestContext lintPolicyRequestContext pLprcAddtional_ = LintPolicyRequestContext' {_lprcAddtional = _Coerce # pLprcAddtional_} -- | Properties of the object. lprcAddtional :: Lens' LintPolicyRequestContext (HashMap Text JSONValue) lprcAddtional = lens _lprcAddtional (\ s a -> s{_lprcAddtional = a}) . _Coerce instance FromJSON LintPolicyRequestContext where parseJSON = withObject "LintPolicyRequestContext" (\ o -> LintPolicyRequestContext' <$> (parseJSONObject o)) instance ToJSON LintPolicyRequestContext where toJSON = toJSON . _lprcAddtional -- | The service account sign blob request. -- -- /See:/ 'signBlobRequest' smart constructor. newtype SignBlobRequest = SignBlobRequest' { _sbrBytesToSign :: Maybe Bytes } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'SignBlobRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'sbrBytesToSign' signBlobRequest :: SignBlobRequest signBlobRequest = SignBlobRequest' {_sbrBytesToSign = Nothing} -- | The bytes to sign. sbrBytesToSign :: Lens' SignBlobRequest (Maybe ByteString) sbrBytesToSign = lens _sbrBytesToSign (\ s a -> s{_sbrBytesToSign = a}) . mapping _Bytes instance FromJSON SignBlobRequest where parseJSON = withObject "SignBlobRequest" (\ o -> SignBlobRequest' <$> (o .:? "bytesToSign")) instance ToJSON SignBlobRequest where toJSON SignBlobRequest'{..} = object (catMaybes [("bytesToSign" .=) <$> _sbrBytesToSign]) -- | The service account keys list response. -- -- /See:/ 'listServiceAccountKeysResponse' smart constructor. newtype ListServiceAccountKeysResponse = ListServiceAccountKeysResponse' { _lsakrKeys :: Maybe [ServiceAccountKey] } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'ListServiceAccountKeysResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lsakrKeys' listServiceAccountKeysResponse :: ListServiceAccountKeysResponse listServiceAccountKeysResponse = ListServiceAccountKeysResponse' {_lsakrKeys = Nothing} -- | The public keys for the service account. lsakrKeys :: Lens' ListServiceAccountKeysResponse [ServiceAccountKey] lsakrKeys = lens _lsakrKeys (\ s a -> s{_lsakrKeys = a}) . _Default . _Coerce instance FromJSON ListServiceAccountKeysResponse where parseJSON = withObject "ListServiceAccountKeysResponse" (\ o -> ListServiceAccountKeysResponse' <$> (o .:? "keys" .!= mempty)) instance ToJSON ListServiceAccountKeysResponse where toJSON ListServiceAccountKeysResponse'{..} = object (catMaybes [("keys" .=) <$> _lsakrKeys]) -- | The service account enable request. -- -- /See:/ 'enableServiceAccountRequest' smart constructor. data EnableServiceAccountRequest = EnableServiceAccountRequest' deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'EnableServiceAccountRequest' with the minimum fields required to make a request. -- enableServiceAccountRequest :: EnableServiceAccountRequest enableServiceAccountRequest = EnableServiceAccountRequest' instance FromJSON EnableServiceAccountRequest where parseJSON = withObject "EnableServiceAccountRequest" (\ o -> pure EnableServiceAccountRequest') instance ToJSON EnableServiceAccountRequest where toJSON = const emptyObject -- | A role in the Identity and Access Management API. -- -- /See:/ 'role'' smart constructor. data Role = Role' { _rStage :: !(Maybe RoleStage) , _rEtag :: !(Maybe Bytes) , _rIncludedPermissions :: !(Maybe [Text]) , _rName :: !(Maybe Text) , _rDeleted :: !(Maybe Bool) , _rTitle :: !(Maybe Text) , _rDescription :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'Role' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'rStage' -- -- * 'rEtag' -- -- * 'rIncludedPermissions' -- -- * 'rName' -- -- * 'rDeleted' -- -- * 'rTitle' -- -- * 'rDescription' role' :: Role role' = Role' { _rStage = Nothing , _rEtag = Nothing , _rIncludedPermissions = Nothing , _rName = Nothing , _rDeleted = Nothing , _rTitle = Nothing , _rDescription = Nothing } -- | The current launch stage of the role. If the \`ALPHA\` launch stage has -- been selected for a role, the \`stage\` field will not be included in -- the returned definition for the role. rStage :: Lens' Role (Maybe RoleStage) rStage = lens _rStage (\ s a -> s{_rStage = a}) -- | Used to perform a consistent read-modify-write. rEtag :: Lens' Role (Maybe ByteString) rEtag = lens _rEtag (\ s a -> s{_rEtag = a}) . mapping _Bytes -- | The names of the permissions this role grants when bound in an IAM -- policy. rIncludedPermissions :: Lens' Role [Text] rIncludedPermissions = lens _rIncludedPermissions (\ s a -> s{_rIncludedPermissions = a}) . _Default . _Coerce -- | The name of the role. When Role is used in CreateRole, the role name -- must not be set. When Role is used in output and other input such as -- UpdateRole, the role name is the complete path, e.g., -- roles\/logging.viewer for curated roles and -- organizations\/{ORGANIZATION_ID}\/roles\/logging.viewer for custom -- roles. rName :: Lens' Role (Maybe Text) rName = lens _rName (\ s a -> s{_rName = a}) -- | The current deleted state of the role. This field is read only. It will -- be ignored in calls to CreateRole and UpdateRole. rDeleted :: Lens' Role (Maybe Bool) rDeleted = lens _rDeleted (\ s a -> s{_rDeleted = a}) -- | Optional. A human-readable title for the role. Typically this is limited -- to 100 UTF-8 bytes. rTitle :: Lens' Role (Maybe Text) rTitle = lens _rTitle (\ s a -> s{_rTitle = a}) -- | Optional. A human-readable description for the role. rDescription :: Lens' Role (Maybe Text) rDescription = lens _rDescription (\ s a -> s{_rDescription = a}) instance FromJSON Role where parseJSON = withObject "Role" (\ o -> Role' <$> (o .:? "stage") <*> (o .:? "etag") <*> (o .:? "includedPermissions" .!= mempty) <*> (o .:? "name") <*> (o .:? "deleted") <*> (o .:? "title") <*> (o .:? "description")) instance ToJSON Role where toJSON Role'{..} = object (catMaybes [("stage" .=) <$> _rStage, ("etag" .=) <$> _rEtag, ("includedPermissions" .=) <$> _rIncludedPermissions, ("name" .=) <$> _rName, ("deleted" .=) <$> _rDeleted, ("title" .=) <$> _rTitle, ("description" .=) <$> _rDescription]) -- | A service account in the Identity and Access Management API. To create a -- service account, specify the \`project_id\` and the \`account_id\` for -- the account. The \`account_id\` is unique within the project, and is -- used to generate the service account email address and a stable -- \`unique_id\`. If the account already exists, the account\'s resource -- name is returned in the format of -- projects\/{PROJECT_ID}\/serviceAccounts\/{ACCOUNT}. The caller can use -- the name in other methods to access the account. All other methods can -- identify the service account using the format -- \`projects\/{PROJECT_ID}\/serviceAccounts\/{ACCOUNT}\`. Using \`-\` as a -- wildcard for the \`PROJECT_ID\` will infer the project from the account. -- The \`ACCOUNT\` value can be the \`email\` address or the \`unique_id\` -- of the service account. -- -- /See:/ 'serviceAccount' smart constructor. data ServiceAccount = ServiceAccount' { _saEmail :: !(Maybe Text) , _saEtag :: !(Maybe Bytes) , _saDisabled :: !(Maybe Bool) , _saUniqueId :: !(Maybe Text) , _saName :: !(Maybe Text) , _saDisplayName :: !(Maybe Text) , _saProjectId :: !(Maybe Text) , _saDescription :: !(Maybe Text) , _saOAuth2ClientId :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'ServiceAccount' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'saEmail' -- -- * 'saEtag' -- -- * 'saDisabled' -- -- * 'saUniqueId' -- -- * 'saName' -- -- * 'saDisplayName' -- -- * 'saProjectId' -- -- * 'saDescription' -- -- * 'saOAuth2ClientId' serviceAccount :: ServiceAccount serviceAccount = ServiceAccount' { _saEmail = Nothing , _saEtag = Nothing , _saDisabled = Nothing , _saUniqueId = Nothing , _saName = Nothing , _saDisplayName = Nothing , _saProjectId = Nothing , _saDescription = Nothing , _saOAuth2ClientId = Nothing } -- | \'OutputOnly The email address of the service account. saEmail :: Lens' ServiceAccount (Maybe Text) saEmail = lens _saEmail (\ s a -> s{_saEmail = a}) -- | Optional. Note: \`etag\` is an inoperable legacy field that is only -- returned for backwards compatibility. saEtag :: Lens' ServiceAccount (Maybe ByteString) saEtag = lens _saEtag (\ s a -> s{_saEtag = a}) . mapping _Bytes -- | \'OutputOnly A bool indicate if the service account is disabled. The -- field is currently in alpha phase. saDisabled :: Lens' ServiceAccount (Maybe Bool) saDisabled = lens _saDisabled (\ s a -> s{_saDisabled = a}) -- | \'OutputOnly The unique and stable id of the service account. saUniqueId :: Lens' ServiceAccount (Maybe Text) saUniqueId = lens _saUniqueId (\ s a -> s{_saUniqueId = a}) -- | The resource name of the service account in the following format: -- \`projects\/{PROJECT_ID}\/serviceAccounts\/{ACCOUNT}\`. Requests using -- \`-\` as a wildcard for the \`PROJECT_ID\` will infer the project from -- the \`account\` and the \`ACCOUNT\` value can be the \`email\` address -- or the \`unique_id\` of the service account. In responses the resource -- name will always be in the format -- \`projects\/{PROJECT_ID}\/serviceAccounts\/{ACCOUNT}\`. saName :: Lens' ServiceAccount (Maybe Text) saName = lens _saName (\ s a -> s{_saName = a}) -- | Optional. A user-specified name for the service account. Must be less -- than or equal to 100 UTF-8 bytes. saDisplayName :: Lens' ServiceAccount (Maybe Text) saDisplayName = lens _saDisplayName (\ s a -> s{_saDisplayName = a}) -- | \'OutputOnly The id of the project that owns the service account. saProjectId :: Lens' ServiceAccount (Maybe Text) saProjectId = lens _saProjectId (\ s a -> s{_saProjectId = a}) -- | Optional. A user-specified opaque description of the service account. -- Must be less than or equal to 256 UTF-8 bytes. saDescription :: Lens' ServiceAccount (Maybe Text) saDescription = lens _saDescription (\ s a -> s{_saDescription = a}) -- | \'OutputOnly The OAuth2 client id for the service account. This is used -- in conjunction with the OAuth2 clientconfig API to make three legged -- OAuth2 (3LO) flows to access the data of Google users. saOAuth2ClientId :: Lens' ServiceAccount (Maybe Text) saOAuth2ClientId = lens _saOAuth2ClientId (\ s a -> s{_saOAuth2ClientId = a}) instance FromJSON ServiceAccount where parseJSON = withObject "ServiceAccount" (\ o -> ServiceAccount' <$> (o .:? "email") <*> (o .:? "etag") <*> (o .:? "disabled") <*> (o .:? "uniqueId") <*> (o .:? "name") <*> (o .:? "displayName") <*> (o .:? "projectId") <*> (o .:? "description") <*> (o .:? "oauth2ClientId")) instance ToJSON ServiceAccount where toJSON ServiceAccount'{..} = object (catMaybes [("email" .=) <$> _saEmail, ("etag" .=) <$> _saEtag, ("disabled" .=) <$> _saDisabled, ("uniqueId" .=) <$> _saUniqueId, ("name" .=) <$> _saName, ("displayName" .=) <$> _saDisplayName, ("projectId" .=) <$> _saProjectId, ("description" .=) <$> _saDescription, ("oauth2ClientId" .=) <$> _saOAuth2ClientId]) -- | A request to get permissions which can be tested on a resource. -- -- /See:/ 'queryTestablePermissionsRequest' smart constructor. data QueryTestablePermissionsRequest = QueryTestablePermissionsRequest' { _qtprFullResourceName :: !(Maybe Text) , _qtprPageToken :: !(Maybe Text) , _qtprPageSize :: !(Maybe (Textual Int32)) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'QueryTestablePermissionsRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'qtprFullResourceName' -- -- * 'qtprPageToken' -- -- * 'qtprPageSize' queryTestablePermissionsRequest :: QueryTestablePermissionsRequest queryTestablePermissionsRequest = QueryTestablePermissionsRequest' { _qtprFullResourceName = Nothing , _qtprPageToken = Nothing , _qtprPageSize = Nothing } -- | Required. The full resource name to query from the list of testable -- permissions. The name follows the Google Cloud Platform resource format. -- For example, a Cloud Platform project with id \`my-project\` will be -- named \`\/\/cloudresourcemanager.googleapis.com\/projects\/my-project\`. qtprFullResourceName :: Lens' QueryTestablePermissionsRequest (Maybe Text) qtprFullResourceName = lens _qtprFullResourceName (\ s a -> s{_qtprFullResourceName = a}) -- | Optional pagination token returned in an earlier -- QueryTestablePermissionsRequest. qtprPageToken :: Lens' QueryTestablePermissionsRequest (Maybe Text) qtprPageToken = lens _qtprPageToken (\ s a -> s{_qtprPageToken = a}) -- | Optional limit on the number of permissions to include in the response. qtprPageSize :: Lens' QueryTestablePermissionsRequest (Maybe Int32) qtprPageSize = lens _qtprPageSize (\ s a -> s{_qtprPageSize = a}) . mapping _Coerce instance FromJSON QueryTestablePermissionsRequest where parseJSON = withObject "QueryTestablePermissionsRequest" (\ o -> QueryTestablePermissionsRequest' <$> (o .:? "fullResourceName") <*> (o .:? "pageToken") <*> (o .:? "pageSize")) instance ToJSON QueryTestablePermissionsRequest where toJSON QueryTestablePermissionsRequest'{..} = object (catMaybes [("fullResourceName" .=) <$> _qtprFullResourceName, ("pageToken" .=) <$> _qtprPageToken, ("pageSize" .=) <$> _qtprPageSize]) -- | The grantable role query response. -- -- /See:/ 'queryGrantableRolesResponse' smart constructor. data QueryGrantableRolesResponse = QueryGrantableRolesResponse' { _qgrrRoles :: !(Maybe [Role]) , _qgrrNextPageToken :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'QueryGrantableRolesResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'qgrrRoles' -- -- * 'qgrrNextPageToken' queryGrantableRolesResponse :: QueryGrantableRolesResponse queryGrantableRolesResponse = QueryGrantableRolesResponse' {_qgrrRoles = Nothing, _qgrrNextPageToken = Nothing} -- | The list of matching roles. qgrrRoles :: Lens' QueryGrantableRolesResponse [Role] qgrrRoles = lens _qgrrRoles (\ s a -> s{_qgrrRoles = a}) . _Default . _Coerce -- | To retrieve the next page of results, set -- \`QueryGrantableRolesRequest.page_token\` to this value. qgrrNextPageToken :: Lens' QueryGrantableRolesResponse (Maybe Text) qgrrNextPageToken = lens _qgrrNextPageToken (\ s a -> s{_qgrrNextPageToken = a}) instance FromJSON QueryGrantableRolesResponse where parseJSON = withObject "QueryGrantableRolesResponse" (\ o -> QueryGrantableRolesResponse' <$> (o .:? "roles" .!= mempty) <*> (o .:? "nextPageToken")) instance ToJSON QueryGrantableRolesResponse where toJSON QueryGrantableRolesResponse'{..} = object (catMaybes [("roles" .=) <$> _qgrrRoles, ("nextPageToken" .=) <$> _qgrrNextPageToken]) -- | Request message for \`TestIamPermissions\` method. -- -- /See:/ 'testIAMPermissionsRequest' smart constructor. newtype TestIAMPermissionsRequest = TestIAMPermissionsRequest' { _tiprPermissions :: Maybe [Text] } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'TestIAMPermissionsRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'tiprPermissions' testIAMPermissionsRequest :: TestIAMPermissionsRequest testIAMPermissionsRequest = TestIAMPermissionsRequest' {_tiprPermissions = Nothing} -- | The set of permissions to check for the \`resource\`. Permissions with -- wildcards (such as \'*\' or \'storage.*\') are not allowed. For more -- information see [IAM -- Overview](https:\/\/cloud.google.com\/iam\/docs\/overview#permissions). tiprPermissions :: Lens' TestIAMPermissionsRequest [Text] tiprPermissions = lens _tiprPermissions (\ s a -> s{_tiprPermissions = a}) . _Default . _Coerce instance FromJSON TestIAMPermissionsRequest where parseJSON = withObject "TestIAMPermissionsRequest" (\ o -> TestIAMPermissionsRequest' <$> (o .:? "permissions" .!= mempty)) instance ToJSON TestIAMPermissionsRequest where toJSON TestIAMPermissionsRequest'{..} = object (catMaybes [("permissions" .=) <$> _tiprPermissions]) -- -- /See:/ 'undeleteServiceAccountResponse' smart constructor. newtype UndeleteServiceAccountResponse = UndeleteServiceAccountResponse' { _usarRestoredAccount :: Maybe ServiceAccount } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'UndeleteServiceAccountResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'usarRestoredAccount' undeleteServiceAccountResponse :: UndeleteServiceAccountResponse undeleteServiceAccountResponse = UndeleteServiceAccountResponse' {_usarRestoredAccount = Nothing} -- | Metadata for the restored service account. usarRestoredAccount :: Lens' UndeleteServiceAccountResponse (Maybe ServiceAccount) usarRestoredAccount = lens _usarRestoredAccount (\ s a -> s{_usarRestoredAccount = a}) instance FromJSON UndeleteServiceAccountResponse where parseJSON = withObject "UndeleteServiceAccountResponse" (\ o -> UndeleteServiceAccountResponse' <$> (o .:? "restoredAccount")) instance ToJSON UndeleteServiceAccountResponse where toJSON UndeleteServiceAccountResponse'{..} = object (catMaybes [("restoredAccount" .=) <$> _usarRestoredAccount]) -- | Response message for \`TestIamPermissions\` method. -- -- /See:/ 'testIAMPermissionsResponse' smart constructor. newtype TestIAMPermissionsResponse = TestIAMPermissionsResponse' { _tiamprPermissions :: Maybe [Text] } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'TestIAMPermissionsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'tiamprPermissions' testIAMPermissionsResponse :: TestIAMPermissionsResponse testIAMPermissionsResponse = TestIAMPermissionsResponse' {_tiamprPermissions = Nothing} -- | A subset of \`TestPermissionsRequest.permissions\` that the caller is -- allowed. tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text] tiamprPermissions = lens _tiamprPermissions (\ s a -> s{_tiamprPermissions = a}) . _Default . _Coerce instance FromJSON TestIAMPermissionsResponse where parseJSON = withObject "TestIAMPermissionsResponse" (\ o -> TestIAMPermissionsResponse' <$> (o .:? "permissions" .!= mempty)) instance ToJSON TestIAMPermissionsResponse where toJSON TestIAMPermissionsResponse'{..} = object (catMaybes [("permissions" .=) <$> _tiamprPermissions]) -- | Defines an Identity and Access Management (IAM) policy. It is used to -- specify access control policies for Cloud Platform resources. A -- \`Policy\` consists of a list of \`bindings\`. A \`binding\` binds a -- list of \`members\` to a \`role\`, where the members can be user -- accounts, Google groups, Google domains, and service accounts. A -- \`role\` is a named list of permissions defined by IAM. **JSON Example** -- { \"bindings\": [ { \"role\": \"roles\/owner\", \"members\": [ -- \"user:mike\'example.com\", \"group:admins\'example.com\", -- \"domain:google.com\", -- \"serviceAccount:my-other-app\'appspot.gserviceaccount.com\" ] }, { -- \"role\": \"roles\/viewer\", \"members\": [\"user:sean\'example.com\"] } -- ] } **YAML Example** bindings: - members: - user:mike\'example.com - -- group:admins\'example.com - domain:google.com - -- serviceAccount:my-other-app\'appspot.gserviceaccount.com role: -- roles\/owner - members: - user:sean\'example.com role: roles\/viewer For -- a description of IAM and its features, see the [IAM developer\'s -- guide](https:\/\/cloud.google.com\/iam\/docs). -- -- /See:/ 'policy' smart constructor. data Policy = Policy' { _pAuditConfigs :: !(Maybe [AuditConfig]) , _pEtag :: !(Maybe Bytes) , _pVersion :: !(Maybe (Textual Int32)) , _pBindings :: !(Maybe [Binding]) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'Policy' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'pAuditConfigs' -- -- * 'pEtag' -- -- * 'pVersion' -- -- * 'pBindings' policy :: Policy policy = Policy' { _pAuditConfigs = Nothing , _pEtag = Nothing , _pVersion = Nothing , _pBindings = Nothing } -- | Specifies cloud audit logging configuration for this policy. pAuditConfigs :: Lens' Policy [AuditConfig] pAuditConfigs = lens _pAuditConfigs (\ s a -> s{_pAuditConfigs = a}) . _Default . _Coerce -- | \`etag\` is used for optimistic concurrency control as a way to help -- prevent simultaneous updates of a policy from overwriting each other. It -- is strongly suggested that systems make use of the \`etag\` in the -- read-modify-write cycle to perform policy updates in order to avoid race -- conditions: An \`etag\` is returned in the response to \`getIamPolicy\`, -- and systems are expected to put that etag in the request to -- \`setIamPolicy\` to ensure that their change will be applied to the same -- version of the policy. If no \`etag\` is provided in the call to -- \`setIamPolicy\`, then the existing policy is overwritten blindly. pEtag :: Lens' Policy (Maybe ByteString) pEtag = lens _pEtag (\ s a -> s{_pEtag = a}) . mapping _Bytes -- | Deprecated. pVersion :: Lens' Policy (Maybe Int32) pVersion = lens _pVersion (\ s a -> s{_pVersion = a}) . mapping _Coerce -- | Associates a list of \`members\` to a \`role\`. \`bindings\` with no -- members will result in an error. pBindings :: Lens' Policy [Binding] pBindings = lens _pBindings (\ s a -> s{_pBindings = a}) . _Default . _Coerce instance FromJSON Policy where parseJSON = withObject "Policy" (\ o -> Policy' <$> (o .:? "auditConfigs" .!= mempty) <*> (o .:? "etag") <*> (o .:? "version") <*> (o .:? "bindings" .!= mempty)) instance ToJSON Policy where toJSON Policy'{..} = object (catMaybes [("auditConfigs" .=) <$> _pAuditConfigs, ("etag" .=) <$> _pEtag, ("version" .=) <$> _pVersion, ("bindings" .=) <$> _pBindings]) -- | The difference delta between two policies. -- -- /See:/ 'policyDelta' smart constructor. newtype PolicyDelta = PolicyDelta' { _pdBindingDeltas :: Maybe [BindingDelta] } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'PolicyDelta' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'pdBindingDeltas' policyDelta :: PolicyDelta policyDelta = PolicyDelta' {_pdBindingDeltas = Nothing} -- | The delta for Bindings between two policies. pdBindingDeltas :: Lens' PolicyDelta [BindingDelta] pdBindingDeltas = lens _pdBindingDeltas (\ s a -> s{_pdBindingDeltas = a}) . _Default . _Coerce instance FromJSON PolicyDelta where parseJSON = withObject "PolicyDelta" (\ o -> PolicyDelta' <$> (o .:? "bindingDeltas" .!= mempty)) instance ToJSON PolicyDelta where toJSON PolicyDelta'{..} = object (catMaybes [("bindingDeltas" .=) <$> _pdBindingDeltas]) -- | The grantable role query request. -- -- /See:/ 'queryGrantableRolesRequest' smart constructor. data QueryGrantableRolesRequest = QueryGrantableRolesRequest' { _qgrrFullResourceName :: !(Maybe Text) , _qgrrView :: !(Maybe QueryGrantableRolesRequestView) , _qgrrPageToken :: !(Maybe Text) , _qgrrPageSize :: !(Maybe (Textual Int32)) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'QueryGrantableRolesRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'qgrrFullResourceName' -- -- * 'qgrrView' -- -- * 'qgrrPageToken' -- -- * 'qgrrPageSize' queryGrantableRolesRequest :: QueryGrantableRolesRequest queryGrantableRolesRequest = QueryGrantableRolesRequest' { _qgrrFullResourceName = Nothing , _qgrrView = Nothing , _qgrrPageToken = Nothing , _qgrrPageSize = Nothing } -- | Required. The full resource name to query from the list of grantable -- roles. The name follows the Google Cloud Platform resource format. For -- example, a Cloud Platform project with id \`my-project\` will be named -- \`\/\/cloudresourcemanager.googleapis.com\/projects\/my-project\`. qgrrFullResourceName :: Lens' QueryGrantableRolesRequest (Maybe Text) qgrrFullResourceName = lens _qgrrFullResourceName (\ s a -> s{_qgrrFullResourceName = a}) qgrrView :: Lens' QueryGrantableRolesRequest (Maybe QueryGrantableRolesRequestView) qgrrView = lens _qgrrView (\ s a -> s{_qgrrView = a}) -- | Optional pagination token returned in an earlier -- QueryGrantableRolesResponse. qgrrPageToken :: Lens' QueryGrantableRolesRequest (Maybe Text) qgrrPageToken = lens _qgrrPageToken (\ s a -> s{_qgrrPageToken = a}) -- | Optional limit on the number of roles to include in the response. qgrrPageSize :: Lens' QueryGrantableRolesRequest (Maybe Int32) qgrrPageSize = lens _qgrrPageSize (\ s a -> s{_qgrrPageSize = a}) . mapping _Coerce instance FromJSON QueryGrantableRolesRequest where parseJSON = withObject "QueryGrantableRolesRequest" (\ o -> QueryGrantableRolesRequest' <$> (o .:? "fullResourceName") <*> (o .:? "view") <*> (o .:? "pageToken") <*> (o .:? "pageSize")) instance ToJSON QueryGrantableRolesRequest where toJSON QueryGrantableRolesRequest'{..} = object (catMaybes [("fullResourceName" .=) <$> _qgrrFullResourceName, ("view" .=) <$> _qgrrView, ("pageToken" .=) <$> _qgrrPageToken, ("pageSize" .=) <$> _qgrrPageSize]) -- | The service account sign JWT request. -- -- /See:/ 'signJwtRequest' smart constructor. newtype SignJwtRequest = SignJwtRequest' { _sjrPayload :: Maybe Text } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'SignJwtRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'sjrPayload' signJwtRequest :: SignJwtRequest signJwtRequest = SignJwtRequest' {_sjrPayload = Nothing} -- | The JWT payload to sign, a JSON JWT Claim set. sjrPayload :: Lens' SignJwtRequest (Maybe Text) sjrPayload = lens _sjrPayload (\ s a -> s{_sjrPayload = a}) instance FromJSON SignJwtRequest where parseJSON = withObject "SignJwtRequest" (\ o -> SignJwtRequest' <$> (o .:? "payload")) instance ToJSON SignJwtRequest where toJSON SignJwtRequest'{..} = object (catMaybes [("payload" .=) <$> _sjrPayload]) -- | The patch service account request. -- -- /See:/ 'patchServiceAccountRequest' smart constructor. data PatchServiceAccountRequest = PatchServiceAccountRequest' { _psarUpdateMask :: !(Maybe GFieldMask) , _psarServiceAccount :: !(Maybe ServiceAccount) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'PatchServiceAccountRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'psarUpdateMask' -- -- * 'psarServiceAccount' patchServiceAccountRequest :: PatchServiceAccountRequest patchServiceAccountRequest = PatchServiceAccountRequest' {_psarUpdateMask = Nothing, _psarServiceAccount = Nothing} psarUpdateMask :: Lens' PatchServiceAccountRequest (Maybe GFieldMask) psarUpdateMask = lens _psarUpdateMask (\ s a -> s{_psarUpdateMask = a}) psarServiceAccount :: Lens' PatchServiceAccountRequest (Maybe ServiceAccount) psarServiceAccount = lens _psarServiceAccount (\ s a -> s{_psarServiceAccount = a}) instance FromJSON PatchServiceAccountRequest where parseJSON = withObject "PatchServiceAccountRequest" (\ o -> PatchServiceAccountRequest' <$> (o .:? "updateMask") <*> (o .:? "serviceAccount")) instance ToJSON PatchServiceAccountRequest where toJSON PatchServiceAccountRequest'{..} = object (catMaybes [("updateMask" .=) <$> _psarUpdateMask, ("serviceAccount" .=) <$> _psarServiceAccount]) -- | Provides the configuration for logging a type of permissions. Example: { -- \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", -- \"exempted_members\": [ \"user:foo\'gmail.com\" ] }, { \"log_type\": -- \"DATA_WRITE\", } ] } This enables \'DATA_READ\' and \'DATA_WRITE\' -- logging, while exempting foo\'gmail.com from DATA_READ logging. -- -- /See:/ 'auditLogConfig' smart constructor. data AuditLogConfig = AuditLogConfig' { _alcLogType :: !(Maybe AuditLogConfigLogType) , _alcExemptedMembers :: !(Maybe [Text]) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'AuditLogConfig' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'alcLogType' -- -- * 'alcExemptedMembers' auditLogConfig :: AuditLogConfig auditLogConfig = AuditLogConfig' {_alcLogType = Nothing, _alcExemptedMembers = Nothing} -- | The log type that this config enables. alcLogType :: Lens' AuditLogConfig (Maybe AuditLogConfigLogType) alcLogType = lens _alcLogType (\ s a -> s{_alcLogType = a}) -- | Specifies the identities that do not cause logging for this type of -- permission. Follows the same format of Binding.members. alcExemptedMembers :: Lens' AuditLogConfig [Text] alcExemptedMembers = lens _alcExemptedMembers (\ s a -> s{_alcExemptedMembers = a}) . _Default . _Coerce instance FromJSON AuditLogConfig where parseJSON = withObject "AuditLogConfig" (\ o -> AuditLogConfig' <$> (o .:? "logType") <*> (o .:? "exemptedMembers" .!= mempty)) instance ToJSON AuditLogConfig where toJSON AuditLogConfig'{..} = object (catMaybes [("logType" .=) <$> _alcLogType, ("exemptedMembers" .=) <$> _alcExemptedMembers]) -- | A permission which can be included by a role. -- -- /See:/ 'permission' smart constructor. data Permission = Permission' { _perStage :: !(Maybe PermissionStage) , _perOnlyInPredefinedRoles :: !(Maybe Bool) , _perCustomRolesSupportLevel :: !(Maybe PermissionCustomRolesSupportLevel) , _perName :: !(Maybe Text) , _perTitle :: !(Maybe Text) , _perAPIdisabled :: !(Maybe Bool) , _perDescription :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'Permission' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'perStage' -- -- * 'perOnlyInPredefinedRoles' -- -- * 'perCustomRolesSupportLevel' -- -- * 'perName' -- -- * 'perTitle' -- -- * 'perAPIdisabled' -- -- * 'perDescription' permission :: Permission permission = Permission' { _perStage = Nothing , _perOnlyInPredefinedRoles = Nothing , _perCustomRolesSupportLevel = Nothing , _perName = Nothing , _perTitle = Nothing , _perAPIdisabled = Nothing , _perDescription = Nothing } -- | The current launch stage of the permission. perStage :: Lens' Permission (Maybe PermissionStage) perStage = lens _perStage (\ s a -> s{_perStage = a}) -- | This permission can ONLY be used in predefined roles. perOnlyInPredefinedRoles :: Lens' Permission (Maybe Bool) perOnlyInPredefinedRoles = lens _perOnlyInPredefinedRoles (\ s a -> s{_perOnlyInPredefinedRoles = a}) -- | The current custom role support level. perCustomRolesSupportLevel :: Lens' Permission (Maybe PermissionCustomRolesSupportLevel) perCustomRolesSupportLevel = lens _perCustomRolesSupportLevel (\ s a -> s{_perCustomRolesSupportLevel = a}) -- | The name of this Permission. perName :: Lens' Permission (Maybe Text) perName = lens _perName (\ s a -> s{_perName = a}) -- | The title of this Permission. perTitle :: Lens' Permission (Maybe Text) perTitle = lens _perTitle (\ s a -> s{_perTitle = a}) -- | The service API associated with the permission is not enabled. perAPIdisabled :: Lens' Permission (Maybe Bool) perAPIdisabled = lens _perAPIdisabled (\ s a -> s{_perAPIdisabled = a}) -- | A brief description of what this Permission is used for. perDescription :: Lens' Permission (Maybe Text) perDescription = lens _perDescription (\ s a -> s{_perDescription = a}) instance FromJSON Permission where parseJSON = withObject "Permission" (\ o -> Permission' <$> (o .:? "stage") <*> (o .:? "onlyInPredefinedRoles") <*> (o .:? "customRolesSupportLevel") <*> (o .:? "name") <*> (o .:? "title") <*> (o .:? "apiDisabled") <*> (o .:? "description")) instance ToJSON Permission where toJSON Permission'{..} = object (catMaybes [("stage" .=) <$> _perStage, ("onlyInPredefinedRoles" .=) <$> _perOnlyInPredefinedRoles, ("customRolesSupportLevel" .=) <$> _perCustomRolesSupportLevel, ("name" .=) <$> _perName, ("title" .=) <$> _perTitle, ("apiDisabled" .=) <$> _perAPIdisabled, ("description" .=) <$> _perDescription]) -- | The service account sign blob response. -- -- /See:/ 'signBlobResponse' smart constructor. data SignBlobResponse = SignBlobResponse' { _sbrSignature :: !(Maybe Bytes) , _sbrKeyId :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'SignBlobResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'sbrSignature' -- -- * 'sbrKeyId' signBlobResponse :: SignBlobResponse signBlobResponse = SignBlobResponse' {_sbrSignature = Nothing, _sbrKeyId = Nothing} -- | The signed blob. sbrSignature :: Lens' SignBlobResponse (Maybe ByteString) sbrSignature = lens _sbrSignature (\ s a -> s{_sbrSignature = a}) . mapping _Bytes -- | The id of the key used to sign the blob. sbrKeyId :: Lens' SignBlobResponse (Maybe Text) sbrKeyId = lens _sbrKeyId (\ s a -> s{_sbrKeyId = a}) instance FromJSON SignBlobResponse where parseJSON = withObject "SignBlobResponse" (\ o -> SignBlobResponse' <$> (o .:? "signature") <*> (o .:? "keyId")) instance ToJSON SignBlobResponse where toJSON SignBlobResponse'{..} = object (catMaybes [("signature" .=) <$> _sbrSignature, ("keyId" .=) <$> _sbrKeyId]) -- | The service account list response. -- -- /See:/ 'listServiceAccountsResponse' smart constructor. data ListServiceAccountsResponse = ListServiceAccountsResponse' { _lsarNextPageToken :: !(Maybe Text) , _lsarAccounts :: !(Maybe [ServiceAccount]) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'ListServiceAccountsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lsarNextPageToken' -- -- * 'lsarAccounts' listServiceAccountsResponse :: ListServiceAccountsResponse listServiceAccountsResponse = ListServiceAccountsResponse' {_lsarNextPageToken = Nothing, _lsarAccounts = Nothing} -- | To retrieve the next page of results, set -- ListServiceAccountsRequest.page_token to this value. lsarNextPageToken :: Lens' ListServiceAccountsResponse (Maybe Text) lsarNextPageToken = lens _lsarNextPageToken (\ s a -> s{_lsarNextPageToken = a}) -- | The list of matching service accounts. lsarAccounts :: Lens' ListServiceAccountsResponse [ServiceAccount] lsarAccounts = lens _lsarAccounts (\ s a -> s{_lsarAccounts = a}) . _Default . _Coerce instance FromJSON ListServiceAccountsResponse where parseJSON = withObject "ListServiceAccountsResponse" (\ o -> ListServiceAccountsResponse' <$> (o .:? "nextPageToken") <*> (o .:? "accounts" .!= mempty)) instance ToJSON ListServiceAccountsResponse where toJSON ListServiceAccountsResponse'{..} = object (catMaybes [("nextPageToken" .=) <$> _lsarNextPageToken, ("accounts" .=) <$> _lsarAccounts]) -- | The request to lint a Cloud IAM policy object. LintPolicy is currently -- functional only for \`lint_object\` of type \`condition\`. -- -- /See:/ 'lintPolicyRequest' smart constructor. data LintPolicyRequest = LintPolicyRequest' { _lprContext :: !(Maybe LintPolicyRequestContext) , _lprFullResourceName :: !(Maybe Text) , _lprPolicy :: !(Maybe Policy) , _lprCondition :: !(Maybe Expr) , _lprBinding :: !(Maybe Binding) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'LintPolicyRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lprContext' -- -- * 'lprFullResourceName' -- -- * 'lprPolicy' -- -- * 'lprCondition' -- -- * 'lprBinding' lintPolicyRequest :: LintPolicyRequest lintPolicyRequest = LintPolicyRequest' { _lprContext = Nothing , _lprFullResourceName = Nothing , _lprPolicy = Nothing , _lprCondition = Nothing , _lprBinding = Nothing } -- | \`context\` contains additional *permission-controlled* data that any -- lint unit may depend on, in form of \`{key: value}\` pairs. Currently, -- this field is non-operational and it will not be used during the lint -- operation. lprContext :: Lens' LintPolicyRequest (Maybe LintPolicyRequestContext) lprContext = lens _lprContext (\ s a -> s{_lprContext = a}) -- | The full resource name of the policy this lint request is about. The -- name follows the Google Cloud Platform (GCP) resource format. For -- example, a GCP project with ID \`my-project\` will be named -- \`\/\/cloudresourcemanager.googleapis.com\/projects\/my-project\`. The -- resource name is not used to read the policy instance from the Cloud IAM -- database. The candidate policy for lint has to be provided in the same -- request object. lprFullResourceName :: Lens' LintPolicyRequest (Maybe Text) lprFullResourceName = lens _lprFullResourceName (\ s a -> s{_lprFullResourceName = a}) -- | Policy object to be linted. The functionality of linting a policy is not -- yet implemented and if this field is set, it returns NOT_IMPLEMENTED -- error. lprPolicy :: Lens' LintPolicyRequest (Maybe Policy) lprPolicy = lens _lprPolicy (\ s a -> s{_lprPolicy = a}) -- | google.iam.v1.Binding.condition object to be linted. lprCondition :: Lens' LintPolicyRequest (Maybe Expr) lprCondition = lens _lprCondition (\ s a -> s{_lprCondition = a}) -- | Binding object to be linted. The functionality of linting a binding is -- not yet implemented and if this field is set, it returns NOT_IMPLEMENTED -- error. lprBinding :: Lens' LintPolicyRequest (Maybe Binding) lprBinding = lens _lprBinding (\ s a -> s{_lprBinding = a}) instance FromJSON LintPolicyRequest where parseJSON = withObject "LintPolicyRequest" (\ o -> LintPolicyRequest' <$> (o .:? "context") <*> (o .:? "fullResourceName") <*> (o .:? "policy") <*> (o .:? "condition") <*> (o .:? "binding")) instance ToJSON LintPolicyRequest where toJSON LintPolicyRequest'{..} = object (catMaybes [("context" .=) <$> _lprContext, ("fullResourceName" .=) <$> _lprFullResourceName, ("policy" .=) <$> _lprPolicy, ("condition" .=) <$> _lprCondition, ("binding" .=) <$> _lprBinding]) -- | The response containing the roles defined under a resource. -- -- /See:/ 'listRolesResponse' smart constructor. data ListRolesResponse = ListRolesResponse' { _lrrRoles :: !(Maybe [Role]) , _lrrNextPageToken :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'ListRolesResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lrrRoles' -- -- * 'lrrNextPageToken' listRolesResponse :: ListRolesResponse listRolesResponse = ListRolesResponse' {_lrrRoles = Nothing, _lrrNextPageToken = Nothing} -- | The Roles defined on this resource. lrrRoles :: Lens' ListRolesResponse [Role] lrrRoles = lens _lrrRoles (\ s a -> s{_lrrRoles = a}) . _Default . _Coerce -- | To retrieve the next page of results, set -- \`ListRolesRequest.page_token\` to this value. lrrNextPageToken :: Lens' ListRolesResponse (Maybe Text) lrrNextPageToken = lens _lrrNextPageToken (\ s a -> s{_lrrNextPageToken = a}) instance FromJSON ListRolesResponse where parseJSON = withObject "ListRolesResponse" (\ o -> ListRolesResponse' <$> (o .:? "roles" .!= mempty) <*> (o .:? "nextPageToken")) instance ToJSON ListRolesResponse where toJSON ListRolesResponse'{..} = object (catMaybes [("roles" .=) <$> _lrrRoles, ("nextPageToken" .=) <$> _lrrNextPageToken]) -- | The service account create request. -- -- /See:/ 'createServiceAccountRequest' smart constructor. data CreateServiceAccountRequest = CreateServiceAccountRequest' { _csarServiceAccount :: !(Maybe ServiceAccount) , _csarAccountId :: !(Maybe Text) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'CreateServiceAccountRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'csarServiceAccount' -- -- * 'csarAccountId' createServiceAccountRequest :: CreateServiceAccountRequest createServiceAccountRequest = CreateServiceAccountRequest' {_csarServiceAccount = Nothing, _csarAccountId = Nothing} -- | The ServiceAccount resource to create. Currently, only the following -- values are user assignable: \`display_name\` . csarServiceAccount :: Lens' CreateServiceAccountRequest (Maybe ServiceAccount) csarServiceAccount = lens _csarServiceAccount (\ s a -> s{_csarServiceAccount = a}) -- | Required. The account id that is used to generate the service account -- email address and a stable unique id. It is unique within a project, -- must be 6-30 characters long, and match the regular expression -- \`[a-z]([-a-z0-9]*[a-z0-9])\` to comply with RFC1035. csarAccountId :: Lens' CreateServiceAccountRequest (Maybe Text) csarAccountId = lens _csarAccountId (\ s a -> s{_csarAccountId = a}) instance FromJSON CreateServiceAccountRequest where parseJSON = withObject "CreateServiceAccountRequest" (\ o -> CreateServiceAccountRequest' <$> (o .:? "serviceAccount") <*> (o .:? "accountId")) instance ToJSON CreateServiceAccountRequest where toJSON CreateServiceAccountRequest'{..} = object (catMaybes [("serviceAccount" .=) <$> _csarServiceAccount, ("accountId" .=) <$> _csarAccountId]) -- | The request to create a new role. -- -- /See:/ 'createRoleRequest' smart constructor. data CreateRoleRequest = CreateRoleRequest' { _crrRoleId :: !(Maybe Text) , _crrRole :: !(Maybe Role) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'CreateRoleRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'crrRoleId' -- -- * 'crrRole' createRoleRequest :: CreateRoleRequest createRoleRequest = CreateRoleRequest' {_crrRoleId = Nothing, _crrRole = Nothing} -- | The role id to use for this role. crrRoleId :: Lens' CreateRoleRequest (Maybe Text) crrRoleId = lens _crrRoleId (\ s a -> s{_crrRoleId = a}) -- | The Role resource to create. crrRole :: Lens' CreateRoleRequest (Maybe Role) crrRole = lens _crrRole (\ s a -> s{_crrRole = a}) instance FromJSON CreateRoleRequest where parseJSON = withObject "CreateRoleRequest" (\ o -> CreateRoleRequest' <$> (o .:? "roleId") <*> (o .:? "role")) instance ToJSON CreateRoleRequest where toJSON CreateRoleRequest'{..} = object (catMaybes [("roleId" .=) <$> _crrRoleId, ("role" .=) <$> _crrRole]) -- | Associates \`members\` with a \`role\`. -- -- /See:/ 'binding' smart constructor. data Binding = Binding' { _bMembers :: !(Maybe [Text]) , _bRole :: !(Maybe Text) , _bCondition :: !(Maybe Expr) } deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'Binding' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'bMembers' -- -- * 'bRole' -- -- * 'bCondition' binding :: Binding binding = Binding' {_bMembers = Nothing, _bRole = Nothing, _bCondition = Nothing} -- | Specifies the identities requesting access for a Cloud Platform -- resource. \`members\` can have the following values: * \`allUsers\`: A -- special identifier that represents anyone who is on the internet; with -- or without a Google account. * \`allAuthenticatedUsers\`: A special -- identifier that represents anyone who is authenticated with a Google -- account or a service account. * \`user:{emailid}\`: An email address -- that represents a specific Google account. For example, -- \`alice\'gmail.com\` . * \`serviceAccount:{emailid}\`: An email address -- that represents a service account. For example, -- \`my-other-app\'appspot.gserviceaccount.com\`. * \`group:{emailid}\`: An -- email address that represents a Google group. For example, -- \`admins\'example.com\`. * \`domain:{domain}\`: The G Suite domain -- (primary) that represents all the users of that domain. For example, -- \`google.com\` or \`example.com\`. bMembers :: Lens' Binding [Text] bMembers = lens _bMembers (\ s a -> s{_bMembers = a}) . _Default . _Coerce -- | Role that is assigned to \`members\`. For example, \`roles\/viewer\`, -- \`roles\/editor\`, or \`roles\/owner\`. bRole :: Lens' Binding (Maybe Text) bRole = lens _bRole (\ s a -> s{_bRole = a}) -- | The condition that is associated with this binding. NOTE: an unsatisfied -- condition will not allow user access via current binding. Different -- bindings, including their conditions, are examined independently. bCondition :: Lens' Binding (Maybe Expr) bCondition = lens _bCondition (\ s a -> s{_bCondition = a}) instance FromJSON Binding where parseJSON = withObject "Binding" (\ o -> Binding' <$> (o .:? "members" .!= mempty) <*> (o .:? "role") <*> (o .:? "condition")) instance ToJSON Binding where toJSON Binding'{..} = object (catMaybes [("members" .=) <$> _bMembers, ("role" .=) <$> _bRole, ("condition" .=) <$> _bCondition]) -- | The service account disable request. -- -- /See:/ 'disableServiceAccountRequest' smart constructor. data DisableServiceAccountRequest = DisableServiceAccountRequest' deriving (Eq, Show, Data, Typeable, Generic) -- | Creates a value of 'DisableServiceAccountRequest' with the minimum fields required to make a request. -- disableServiceAccountRequest :: DisableServiceAccountRequest disableServiceAccountRequest = DisableServiceAccountRequest' instance FromJSON DisableServiceAccountRequest where parseJSON = withObject "DisableServiceAccountRequest" (\ o -> pure DisableServiceAccountRequest') instance ToJSON DisableServiceAccountRequest where toJSON = const emptyObject