From 7100057f65e8529103ac85f331d93131839cbd2b Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Tue, 14 Mar 2017 12:20:19 -0400 Subject: [PATCH 1/7] Delay creating of IAM clients until they're needed --- src/PubSub/Subscription.php | 8 +++++--- src/PubSub/Topic.php | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/PubSub/Subscription.php b/src/PubSub/Subscription.php index 5c6ee7128b10..e24d54955299 100644 --- a/src/PubSub/Subscription.php +++ b/src/PubSub/Subscription.php @@ -137,9 +137,6 @@ public function __construct( ? $this->formatName('topic', $topicName, $projectId) : null; } - - $iamConnection = new IamSubscription($this->connection); - $this->iam = new Iam($iamConnection, $this->name); } /** @@ -556,6 +553,11 @@ public function modifyPushConfig(array $pushConfig, array $options = []) */ public function iam() { + if (!$this->iam) { + $iamConnection = new IamSubscription($this->connection); + $this->iam = new Iam($iamConnection, $this->name); + } + return $this->iam; } diff --git a/src/PubSub/Topic.php b/src/PubSub/Topic.php index 5a689b03819f..0b83d85085f7 100644 --- a/src/PubSub/Topic.php +++ b/src/PubSub/Topic.php @@ -105,9 +105,6 @@ public function __construct( } else { $this->name = $this->formatName('topic', $name, $projectId); } - - $iamConnection = new IamTopic($this->connection); - $this->iam = new Iam($iamConnection, $this->name); } /** @@ -441,6 +438,11 @@ function ($subscription) { */ public function iam() { + if (!$this->iam) { + $iamConnection = new IamTopic($this->connection); + $this->iam = new Iam($iamConnection, $this->name); + } + return $this->iam; } From 40ff3f151587314f0c5410942ba8761b5ce6f556 Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Tue, 21 Mar 2017 17:02:06 -0400 Subject: [PATCH 2/7] Add IAM to Storage Objects and Buckets --- .gitignore | 2 +- src/Core/Iam/Iam.php | 78 +- src/Core/Iam/PolicyBuilder.php | 20 - src/Storage/Bucket.php | 40 +- .../Connection/ConnectionInterface.php | 30 + src/Storage/Connection/IamBucket.php | 60 + src/Storage/Connection/IamObject.php | 60 + src/Storage/Connection/Rest.php | 48 + .../ServiceDefinition/storage-v1.json | 5954 +++++++++-------- src/Storage/Iam.php | 126 + src/Storage/StorageObject.php | 41 + tests/unit/Core/Iam/IamTest.php | 26 + tests/unit/Core/Iam/PolicyBuilderTest.php | 11 - tests/unit/Core/RequestBuilderTest.php | 5 +- tests/unit/Storage/BucketTest.php | 13 + tests/unit/Storage/StorageObjectTest.php | 10 +- tests/unit/fixtures/service-fixture.json | 6 + 17 files changed, 3652 insertions(+), 2878 deletions(-) create mode 100644 src/Storage/Connection/IamBucket.php create mode 100644 src/Storage/Connection/IamObject.php create mode 100644 src/Storage/Iam.php diff --git a/.gitignore b/.gitignore index ff6640ed343f..d1b6b70fde75 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ build/ composer.phar composer.lock -docs/json/* +docs/json/**/* vendor/ diff --git a/src/Core/Iam/Iam.php b/src/Core/Iam/Iam.php index 50c708dcdffe..e80083361c0b 100644 --- a/src/Core/Iam/Iam.php +++ b/src/Core/Iam/Iam.php @@ -53,16 +53,16 @@ class Iam /** * @var string */ - private $resource; + protected $resource; /** * @var array */ - private $policy; + protected $policy; /** - * @param IamConnectionInterface $connection - * @param string $resource + * @param IamConnectionInterface $connection + * @param string $resource * @access private */ public function __construct(IamConnectionInterface $connection, $resource) @@ -109,16 +109,23 @@ public function policy(array $options = []) * $policy = $iam->setPolicy($oldPolicy); * ``` * - * @param array $policy A new policy array + * @param array|PolicyBuilder $policy The new policy, as an array or an + * instance of {@see Google\Cloud\Core\PolicyBuilder}. * @param array $options Configuration Options * @return array An array of policy data + * @throws BadMethodCallException If the given policy is not an array or PolicyBuilder. */ - public function setPolicy(array $policy, array $options = []) + public function setPolicy($policy, array $options = []) { - return $this->policy = $this->connection->setPolicy($options + [ - 'policy' => $policy, - 'resource' => $this->resource - ]); + if ($policy instanceof PolicyBuilder) { + $policy = $policy->result(); + } + + if (!is_array($policy)) { + throw new \BadMethodCallException('Given policy data must be an array or an instance of PolicyBuilder.'); + } + + return $this->policy = $this->sendSetPolicyRequest($policy, $options); } /** @@ -143,10 +150,7 @@ public function setPolicy(array $policy, array $options = []) */ public function testPermissions(array $permissions, array $options = []) { - return $this->connection->testPermissions($options + [ - 'permissions' => $permissions, - 'resource' => $this->resource - ]); + return $this->sendTestPermissionsRequest($permissions, $options); } /** @@ -162,7 +166,51 @@ public function testPermissions(array $permissions, array $options = []) */ public function reload(array $options = []) { - return $this->policy = $this->connection->getPolicy($options + [ + return $this->policy = $this->sendGetPolicyRequest($options); + } + + /** + * For APIs with non-standard IAM APIs, implementing clients may extend this + * class and override this method. + * + * @param array $policy + * @param array $options + * @return array + */ + protected function sendSetPolicyRequest(array $policy, array $options) + { + return $this->connection->setPolicy($options + [ + 'policy' => $policy, + 'resource' => $this->resource + ]); + } + + /** + * For APIs with non-standard IAM APIs, implementing clients may extend this + * class and override this method. + * + * @param array $options + * @return array + */ + protected function sendGetPolicyRequest(array $options) + { + return $this->connection->getPolicy($options + [ + 'resource' => $this->resource + ]); + } + + /** + * For APIs with non-standard IAM APIs, implementing clients may extend this + * class and override this method. + * + * @param array $permissions + * @param array $options + * @return array + */ + protected function sendTestPermissionsRequest(array $permissions, array $options) + { + return $this->connection->testPermissions($options + [ + 'permissions' => $permissions, 'resource' => $this->resource ]); } diff --git a/src/Core/Iam/PolicyBuilder.php b/src/Core/Iam/PolicyBuilder.php index 405b37ee90b2..86fbba4b445a 100644 --- a/src/Core/Iam/PolicyBuilder.php +++ b/src/Core/Iam/PolicyBuilder.php @@ -33,8 +33,6 @@ */ class PolicyBuilder { - const MEMBER_REGEX = '/^((user\:|serviceAccount\:|group\:|domain\:).)|allUsers|allAuthenticatedUsers/'; - /** * @var array */ @@ -117,10 +115,6 @@ public function setBindings(array $bindings = []) */ public function addBinding($role, array $members) { - foreach ($members as $member) { - $this->validateMember($member); - } - $this->bindings[] = [ 'role' => $role, 'members' => $members @@ -185,18 +179,4 @@ public function result() 'version' => $this->version ]); } - - /** - * Validate that each member is in the correct format. - * - * @param string $member - * @throws InvalidArgumentException - * @return void - */ - private function validateMember($member) - { - if (preg_match(self::MEMBER_REGEX, $member) === 0) { - throw new InvalidArgumentException('member name is not a valid value.'); - } - } } diff --git a/src/Storage/Bucket.php b/src/Storage/Bucket.php index d8ae359c49dc..978ced47efa1 100644 --- a/src/Storage/Bucket.php +++ b/src/Storage/Bucket.php @@ -18,11 +18,12 @@ namespace Google\Cloud\Storage; use Google\Cloud\Core\ArrayTrait; +use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Core\Exception\ServiceException; use Google\Cloud\Core\Upload\ResumableUploader; use Google\Cloud\Core\Upload\StreamableUploader; -use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Storage\Connection\ConnectionInterface; +use Google\Cloud\Storage\Connection\IamBucket; use GuzzleHttp\Psr7; use Psr\Http\Message\StreamInterface; @@ -69,6 +70,11 @@ class Bucket */ private $info; + /** + * @var Iam + */ + private $iam; + /** * @param ConnectionInterface $connection Represents a connection to Cloud * Storage. @@ -771,4 +777,36 @@ public function isWritable($file = null) return true; } + + /** + * Manage the IAM policy for the current Bucket. + * + * Example: + * ``` + * $iam = $bucket->iam(); + * ``` + * + * @codingStandardsIgnoreStart + * @see https://cloud.google.com/storage/docs/access-control/iam-with-json-and-xml Storage Access Control Documentation + * @see https://cloud.google.com/storage/docs/json_api/v1/buckets/getIamPolicy Get Bucket IAM Policy + * @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy Set Bucket IAM Policy + * @see https://cloud.google.com/storage/docs/json_api/v1/buckets/testIamPermissions Test Bucket Permissions + * @codingStandardsIgnoreEnd + * + * @return Iam + */ + public function iam() + { + if (!$this->iam) { + $iamConnection = new IamBucket($this->connection); + $this->iam = new Iam( + $iamConnection, + $this->identity['bucket'], + ['bucket' => $this->identity['bucket']], + 'bucket' + ); + } + + return $this->iam; + } } diff --git a/src/Storage/Connection/ConnectionInterface.php b/src/Storage/Connection/ConnectionInterface.php index 6e272169bac3..0662c5e7cea8 100644 --- a/src/Storage/Connection/ConnectionInterface.php +++ b/src/Storage/Connection/ConnectionInterface.php @@ -68,6 +68,21 @@ public function listBuckets(array $args = []); */ public function insertBucket(array $args = []); + /** + * @param array $args + */ + public function getBucketIamPolicy(array $args); + + /** + * @param array $args + */ + public function setBucketIamPolicy(array $args); + + /** + * @param array $args + */ + public function testBucketIamPermissions(array $args); + /** * @param array $args */ @@ -117,4 +132,19 @@ public function downloadObject(array $args = []); * @param array $args */ public function insertObject(array $args = []); + + /** + * @param array $args + */ + public function getObjectIamPolicy(array $args); + + /** + * @param array $args + */ + public function setObjectIamPolicy(array $args); + + /** + * @param array $args + */ + public function testObjectIamPermissions(array $args); } diff --git a/src/Storage/Connection/IamBucket.php b/src/Storage/Connection/IamBucket.php new file mode 100644 index 000000000000..27cc23a3cb13 --- /dev/null +++ b/src/Storage/Connection/IamBucket.php @@ -0,0 +1,60 @@ +connection = $connection; + } + + /** + * @param array $args + */ + public function getPolicy(array $args) + { + return $this->connection->getBucketIamPolicy($args); + } + + /** + * @param array $args + */ + public function setPolicy(array $args) + { + return $this->connection->setBucketIamPolicy($args); + } + + /** + * @param array $args + */ + public function testPermissions(array $args) + { + return $this->connection->testBucketIamPermissions($args); + } +} diff --git a/src/Storage/Connection/IamObject.php b/src/Storage/Connection/IamObject.php new file mode 100644 index 000000000000..7469620ff74d --- /dev/null +++ b/src/Storage/Connection/IamObject.php @@ -0,0 +1,60 @@ +connection = $connection; + } + + /** + * @param array $args + */ + public function getPolicy(array $args) + { + return $this->connection->getObjectIamPolicy($args); + } + + /** + * @param array $args + */ + public function setPolicy(array $args) + { + return $this->connection->setObjectIamPolicy($args); + } + + /** + * @param array $args + */ + public function testPermissions(array $args) + { + return $this->connection->testObjectIamPermissions($args); + } +} diff --git a/src/Storage/Connection/Rest.php b/src/Storage/Connection/Rest.php index 11c6f843ef64..51fa4c5b4282 100644 --- a/src/Storage/Connection/Rest.php +++ b/src/Storage/Connection/Rest.php @@ -310,4 +310,52 @@ private function resolveUploadOptions(array $args) return $args; } + + /** + * @param array $args + */ + public function getBucketIamPolicy(array $args) + { + return $this->send('buckets', 'getIamPolicy', $args); + } + + /** + * @param array $args + */ + public function setBucketIamPolicy(array $args) + { + return $this->send('buckets', 'setIamPolicy', $args); + } + + /** + * @param array $args + */ + public function testBucketIamPermissions(array $args) + { + return $this->send('buckets', 'testIamPermissions', $args); + } + + /** + * @param array $args + */ + public function getObjectIamPolicy(array $args) + { + return $this->send('objects', 'getIamPolicy', $args); + } + + /** + * @param array $args + */ + public function setObjectIamPolicy(array $args) + { + return $this->send('objects', 'setIamPolicy', $args); + } + + /** + * @param array $args + */ + public function testObjectIamPermissions(array $args) + { + return $this->send('objects', 'testIamPermissions', $args); + } } diff --git a/src/Storage/Connection/ServiceDefinition/storage-v1.json b/src/Storage/Connection/ServiceDefinition/storage-v1.json index a689ca629d0d..9a8597124c0b 100644 --- a/src/Storage/Connection/ServiceDefinition/storage-v1.json +++ b/src/Storage/Connection/ServiceDefinition/storage-v1.json @@ -1,2889 +1,3189 @@ { - "kind": "discovery#restDescription", - "etag": "\"tbys6C40o18GZwyMen5GMkdK-3s/HgbrZgh9zgUkvtwaM_qfO-xyD4k\"", - "discoveryVersion": "v1", - "id": "storage:v1", - "name": "storage", - "version": "v1", - "revision": "20170208", - "title": "Cloud Storage JSON API", - "description": "Stores and retrieves potentially large, immutable data objects.", - "ownerDomain": "google.com", - "ownerName": "Google", - "icons": { - "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", - "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" - }, - "documentationLink": "https://developers.google.com/storage/docs/json_api/", - "labels": [ - "labs" - ], - "protocol": "rest", - "baseUrl": "https://www.googleapis.com/storage/v1/", - "basePath": "/storage/v1/", - "rootUrl": "https://www.googleapis.com/", - "servicePath": "storage/v1/", - "batchPath": "batch", - "parameters": { - "alt": { - "type": "string", - "description": "Data format for the response.", - "default": "json", - "enum": [ - "json" - ], - "enumDescriptions": [ - "Responses with Content-Type of application/json" - ], - "location": "query" + "kind": "discovery#restDescription", + "etag": "\"tbys6C40o18GZwyMen5GMkdK-3s/z5yry82uiiVbT8ZegvP6VogRacg\"", + "discoveryVersion": "v1", + "id": "storage:v1", + "name": "storage", + "version": "v1", + "revision": "20170224", + "title": "Cloud Storage JSON API", + "description": "Stores and retrieves potentially large, immutable data objects.", + "ownerDomain": "google.com", + "ownerName": "Google", + "icons": { + "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", + "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" }, - "fields": { - "type": "string", - "description": "Selector specifying which fields to include in a partial response.", - "location": "query" - }, - "key": { - "type": "string", - "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", - "location": "query" - }, - "oauth_token": { - "type": "string", - "description": "OAuth 2.0 token for the current user.", - "location": "query" - }, - "prettyPrint": { - "type": "boolean", - "description": "Returns response with indentations and line breaks.", - "default": "true", - "location": "query" - }, - "quotaUser": { - "type": "string", - "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", - "location": "query" - }, - "userIp": { - "type": "string", - "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", - "location": "query" - } - }, - "auth": { - "oauth2": { - "scopes": { - "https://www.googleapis.com/auth/cloud-platform": { - "description": "View and manage your data across Google Cloud Platform services" + "documentationLink": "https://developers.google.com/storage/docs/json_api/", + "labels": [ + "labs" + ], + "protocol": "rest", + "baseUrl": "https://www.googleapis.com/storage/v1/", + "basePath": "/storage/v1/", + "rootUrl": "https://www.googleapis.com/", + "servicePath": "storage/v1/", + "batchPath": "batch", + "parameters": { + "alt": { + "type": "string", + "description": "Data format for the response.", + "default": "json", + "enum": [ + "json" + ], + "enumDescriptions": [ + "Responses with Content-Type of application/json" + ], + "location": "query" }, - "https://www.googleapis.com/auth/cloud-platform.read-only": { - "description": "View your data across Google Cloud Platform services" + "fields": { + "type": "string", + "description": "Selector specifying which fields to include in a partial response.", + "location": "query" }, - "https://www.googleapis.com/auth/devstorage.full_control": { - "description": "Manage your data and permissions in Google Cloud Storage" + "key": { + "type": "string", + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", + "location": "query" }, - "https://www.googleapis.com/auth/devstorage.read_only": { - "description": "View your data in Google Cloud Storage" + "oauth_token": { + "type": "string", + "description": "OAuth 2.0 token for the current user.", + "location": "query" }, - "https://www.googleapis.com/auth/devstorage.read_write": { - "description": "Manage your data in Google Cloud Storage" - } - } - } - }, - "schemas": { - "Bucket": { - "id": "Bucket", - "type": "object", - "description": "A bucket.", - "properties": { - "acl": { - "type": "array", - "description": "Access controls on the bucket.", - "items": { - "$ref": "BucketAccessControl" - }, - "annotations": { - "required": [ - "storage.buckets.update" - ] - } + "prettyPrint": { + "type": "boolean", + "description": "Returns response with indentations and line breaks.", + "default": "true", + "location": "query" }, - "cors": { - "type": "array", - "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.", - "items": { - "type": "object", - "properties": { - "maxAgeSeconds": { - "type": "integer", - "description": "The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.", - "format": "int32" - }, - "method": { - "type": "array", - "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".", - "items": { - "type": "string" - } - }, - "origin": { - "type": "array", - "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".", - "items": { - "type": "string" - } - }, - "responseHeader": { - "type": "array", - "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.", - "items": { - "type": "string" + "quotaUser": { + "type": "string", + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. Overrides userIp if both are provided.", + "location": "query" + }, + "userIp": { + "type": "string", + "description": "IP address of the site where the request originates. Use this if you want to enforce per-user limits.", + "location": "query" + } + }, + "auth": { + "oauth2": { + "scopes": { + "https://www.googleapis.com/auth/cloud-platform": { + "description": "View and manage your data across Google Cloud Platform services" + }, + "https://www.googleapis.com/auth/cloud-platform.read-only": { + "description": "View your data across Google Cloud Platform services" + }, + "https://www.googleapis.com/auth/devstorage.full_control": { + "description": "Manage your data and permissions in Google Cloud Storage" + }, + "https://www.googleapis.com/auth/devstorage.read_only": { + "description": "View your data in Google Cloud Storage" + }, + "https://www.googleapis.com/auth/devstorage.read_write": { + "description": "Manage your data in Google Cloud Storage" } - } } - } - }, - "defaultObjectAcl": { - "type": "array", - "description": "Default access controls to apply to new objects when no ACL is provided.", - "items": { - "$ref": "ObjectAccessControl" - } - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the bucket." - }, - "id": { - "type": "string", - "description": "The ID of the bucket. For buckets, the id and name properities are the same." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For buckets, this is always storage#bucket.", - "default": "storage#bucket" - }, - "lifecycle": { - "type": "object", - "description": "The bucket's lifecycle configuration. See lifecycle management for more information.", - "properties": { - "rule": { - "type": "array", - "description": "A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.", - "items": { - "type": "object", - "properties": { - "action": { + } + }, + "schemas": { + "Bucket": { + "id": "Bucket", + "type": "object", + "description": "A bucket.", + "properties": { + "acl": { + "type": "array", + "description": "Access controls on the bucket.", + "items": { + "$ref": "BucketAccessControl" + }, + "annotations": { + "required": [ + "storage.buckets.update" + ] + } + }, + "cors": { + "type": "array", + "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.", + "items": { + "type": "object", + "properties": { + "maxAgeSeconds": { + "type": "integer", + "description": "The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.", + "format": "int32" + }, + "method": { + "type": "array", + "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".", + "items": { + "type": "string" + } + }, + "origin": { + "type": "array", + "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".", + "items": { + "type": "string" + } + }, + "responseHeader": { + "type": "array", + "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.", + "items": { + "type": "string" + } + } + } + } + }, + "defaultObjectAcl": { + "type": "array", + "description": "Default access controls to apply to new objects when no ACL is provided.", + "items": { + "$ref": "ObjectAccessControl" + } + }, + "etag": { + "type": "string", + "description": "HTTP 1.1 Entity tag for the bucket." + }, + "id": { + "type": "string", + "description": "The ID of the bucket. For buckets, the id and name properities are the same." + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For buckets, this is always storage#bucket.", + "default": "storage#bucket" + }, + "lifecycle": { "type": "object", - "description": "The action to take.", + "description": "The bucket's lifecycle configuration. See lifecycle management for more information.", "properties": { - "storageClass": { - "type": "string", - "description": "Target storage class. Required iff the type of the action is SetStorageClass." - }, - "type": { - "type": "string", - "description": "Type of the action. Currently, only Delete and SetStorageClass are supported." - } + "rule": { + "type": "array", + "description": "A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.", + "items": { + "type": "object", + "properties": { + "action": { + "type": "object", + "description": "The action to take.", + "properties": { + "storageClass": { + "type": "string", + "description": "Target storage class. Required iff the type of the action is SetStorageClass." + }, + "type": { + "type": "string", + "description": "Type of the action. Currently, only Delete and SetStorageClass are supported." + } + } + }, + "condition": { + "type": "object", + "description": "The condition(s) under which the action will be taken.", + "properties": { + "age": { + "type": "integer", + "description": "Age of an object (in days). This condition is satisfied when an object reaches the specified age.", + "format": "int32" + }, + "createdBefore": { + "type": "string", + "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when an object is created before midnight of the specified date in UTC.", + "format": "date" + }, + "isLive": { + "type": "boolean", + "description": "Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects." + }, + "matchesStorageClass": { + "type": "array", + "description": "Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.", + "items": { + "type": "string" + } + }, + "numNewerVersions": { + "type": "integer", + "description": "Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.", + "format": "int32" + } + } + } + } + } + } } - }, - "condition": { + }, + "location": { + "type": "string", + "description": "The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list." + }, + "logging": { "type": "object", - "description": "The condition(s) under which the action will be taken.", + "description": "The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.", "properties": { - "age": { - "type": "integer", - "description": "Age of an object (in days). This condition is satisfied when an object reaches the specified age.", - "format": "int32" - }, - "createdBefore": { - "type": "string", - "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when an object is created before midnight of the specified date in UTC.", - "format": "date" - }, - "isLive": { - "type": "boolean", - "description": "Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects." - }, - "matchesStorageClass": { - "type": "array", - "description": "Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.", - "items": { - "type": "string" + "logBucket": { + "type": "string", + "description": "The destination bucket where the current bucket's logs should be placed." + }, + "logObjectPrefix": { + "type": "string", + "description": "A prefix for log object names." + } + } + }, + "metageneration": { + "type": "string", + "description": "The metadata generation of this bucket.", + "format": "int64" + }, + "name": { + "type": "string", + "description": "The name of the bucket.", + "annotations": { + "required": [ + "storage.buckets.insert" + ] + } + }, + "owner": { + "type": "object", + "description": "The owner of the bucket. This is always the project team's owner group.", + "properties": { + "entity": { + "type": "string", + "description": "The entity, in the form project-owner-projectId." + }, + "entityId": { + "type": "string", + "description": "The ID for the entity." + } + } + }, + "projectNumber": { + "type": "string", + "description": "The project number of the project the bucket belongs to.", + "format": "uint64" + }, + "selfLink": { + "type": "string", + "description": "The URI of this bucket." + }, + "storageClass": { + "type": "string", + "description": "The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes." + }, + "timeCreated": { + "type": "string", + "description": "The creation time of the bucket in RFC 3339 format.", + "format": "date-time" + }, + "updated": { + "type": "string", + "description": "The modification time of the bucket in RFC 3339 format.", + "format": "date-time" + }, + "versioning": { + "type": "object", + "description": "The bucket's versioning configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "While set to true, versioning is fully enabled for this bucket." + } + } + }, + "website": { + "type": "object", + "description": "The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.", + "properties": { + "mainPageSuffix": { + "type": "string", + "description": "If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages." + }, + "notFoundPage": { + "type": "string", + "description": "If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result." } - }, - "numNewerVersions": { - "type": "integer", - "description": "Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.", - "format": "int32" - } } - } } - } } - } - }, - "location": { - "type": "string", - "description": "The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list." - }, - "logging": { - "type": "object", - "description": "The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.", - "properties": { - "logBucket": { - "type": "string", - "description": "The destination bucket where the current bucket's logs should be placed." - }, - "logObjectPrefix": { - "type": "string", - "description": "A prefix for log object names." - } - } - }, - "metageneration": { - "type": "string", - "description": "The metadata generation of this bucket.", - "format": "int64" - }, - "name": { - "type": "string", - "description": "The name of the bucket.", - "annotations": { - "required": [ - "storage.buckets.insert" - ] - } - }, - "owner": { - "type": "object", - "description": "The owner of the bucket. This is always the project team's owner group.", - "properties": { - "entity": { - "type": "string", - "description": "The entity, in the form project-owner-projectId." - }, - "entityId": { - "type": "string", - "description": "The ID for the entity." - } - } - }, - "projectNumber": { - "type": "string", - "description": "The project number of the project the bucket belongs to.", - "format": "uint64" - }, - "selfLink": { - "type": "string", - "description": "The URI of this bucket." - }, - "storageClass": { - "type": "string", - "description": "The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes." }, - "timeCreated": { - "type": "string", - "description": "The creation time of the bucket in RFC 3339 format.", - "format": "date-time" - }, - "updated": { - "type": "string", - "description": "The modification time of the bucket in RFC 3339 format.", - "format": "date-time" - }, - "versioning": { - "type": "object", - "description": "The bucket's versioning configuration.", - "properties": { - "enabled": { - "type": "boolean", - "description": "While set to true, versioning is fully enabled for this bucket." + "BucketAccessControl": { + "id": "BucketAccessControl", + "type": "object", + "description": "An access-control entry.", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket." + }, + "domain": { + "type": "string", + "description": "The domain associated with the entity, if any." + }, + "email": { + "type": "string", + "description": "The email address associated with the entity, if any." + }, + "entity": { + "type": "string", + "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", + "annotations": { + "required": [ + "storage.bucketAccessControls.insert" + ] + } + }, + "entityId": { + "type": "string", + "description": "The ID for the entity, if any." + }, + "etag": { + "type": "string", + "description": "HTTP 1.1 Entity tag for the access-control entry." + }, + "id": { + "type": "string", + "description": "The ID of the access-control entry." + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.", + "default": "storage#bucketAccessControl" + }, + "projectTeam": { + "type": "object", + "description": "The project team associated with the entity, if any.", + "properties": { + "projectNumber": { + "type": "string", + "description": "The project number." + }, + "team": { + "type": "string", + "description": "The team." + } + } + }, + "role": { + "type": "string", + "description": "The access permission for the entity.", + "annotations": { + "required": [ + "storage.bucketAccessControls.insert" + ] + } + }, + "selfLink": { + "type": "string", + "description": "The link to this access-control entry." + } } - } }, - "website": { - "type": "object", - "description": "The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.", - "properties": { - "mainPageSuffix": { - "type": "string", - "description": "If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages." - }, - "notFoundPage": { - "type": "string", - "description": "If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result." + "BucketAccessControls": { + "id": "BucketAccessControls", + "type": "object", + "description": "An access-control list.", + "properties": { + "items": { + "type": "array", + "description": "The list of items.", + "items": { + "$ref": "BucketAccessControl" + } + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For lists of bucket access control entries, this is always storage#bucketAccessControls.", + "default": "storage#bucketAccessControls" + } } - } - } - } - }, - "BucketAccessControl": { - "id": "BucketAccessControl", - "type": "object", - "description": "An access-control entry.", - "properties": { - "bucket": { - "type": "string", - "description": "The name of the bucket." - }, - "domain": { - "type": "string", - "description": "The domain associated with the entity, if any." - }, - "email": { - "type": "string", - "description": "The email address associated with the entity, if any." - }, - "entity": { - "type": "string", - "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", - "annotations": { - "required": [ - "storage.bucketAccessControls.insert" - ] - } - }, - "entityId": { - "type": "string", - "description": "The ID for the entity, if any." }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the access-control entry." - }, - "id": { - "type": "string", - "description": "The ID of the access-control entry." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.", - "default": "storage#bucketAccessControl" - }, - "projectTeam": { - "type": "object", - "description": "The project team associated with the entity, if any.", - "properties": { - "projectNumber": { - "type": "string", - "description": "The project number." - }, - "team": { - "type": "string", - "description": "The team." + "Buckets": { + "id": "Buckets", + "type": "object", + "description": "A list of buckets.", + "properties": { + "items": { + "type": "array", + "description": "The list of items.", + "items": { + "$ref": "Bucket" + } + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For lists of buckets, this is always storage#buckets.", + "default": "storage#buckets" + }, + "nextPageToken": { + "type": "string", + "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results." + } } - } - }, - "role": { - "type": "string", - "description": "The access permission for the entity.", - "annotations": { - "required": [ - "storage.bucketAccessControls.insert" - ] - } - }, - "selfLink": { - "type": "string", - "description": "The link to this access-control entry." - } - } - }, - "BucketAccessControls": { - "id": "BucketAccessControls", - "type": "object", - "description": "An access-control list.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "BucketAccessControl" - } - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of bucket access control entries, this is always storage#bucketAccessControls.", - "default": "storage#bucketAccessControls" - } - } - }, - "Buckets": { - "id": "Buckets", - "type": "object", - "description": "A list of buckets.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "Bucket" - } - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of buckets, this is always storage#buckets.", - "default": "storage#buckets" - }, - "nextPageToken": { - "type": "string", - "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results." - } - } - }, - "Channel": { - "id": "Channel", - "type": "object", - "description": "An notification channel used to watch for resource changes.", - "properties": { - "address": { - "type": "string", - "description": "The address where notifications are delivered for this channel." - }, - "expiration": { - "type": "string", - "description": "Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "A UUID or similar unique string that identifies this channel." - }, - "kind": { - "type": "string", - "description": "Identifies this as a notification channel used to watch for changes to a resource. Value: the fixed string \"api#channel\".", - "default": "api#channel" - }, - "params": { - "type": "object", - "description": "Additional parameters controlling delivery channel behavior. Optional.", - "additionalProperties": { - "type": "string", - "description": "Declares a new parameter by name." - } - }, - "payload": { - "type": "boolean", - "description": "A Boolean value to indicate whether payload is wanted. Optional." - }, - "resourceId": { - "type": "string", - "description": "An opaque ID that identifies the resource being watched on this channel. Stable across different API versions." - }, - "resourceUri": { - "type": "string", - "description": "A version-specific identifier for the watched resource." - }, - "token": { - "type": "string", - "description": "An arbitrary string delivered to the target address with each notification delivered over this channel. Optional." - }, - "type": { - "type": "string", - "description": "The type of delivery mechanism used for this channel." - } - } - }, - "ComposeRequest": { - "id": "ComposeRequest", - "type": "object", - "description": "A Compose request.", - "properties": { - "destination": { - "$ref": "Object", - "description": "Properties of the resulting object." - }, - "kind": { - "type": "string", - "description": "The kind of item this is.", - "default": "storage#composeRequest" }, - "sourceObjects": { - "type": "array", - "description": "The list of source objects that will be concatenated into a single object.", - "items": { + "Channel": { + "id": "Channel", "type": "object", + "description": "An notification channel used to watch for resource changes.", "properties": { - "generation": { - "type": "string", - "description": "The generation of this object to use as the source.", - "format": "int64" - }, - "name": { - "type": "string", - "description": "The source object's name. The source object's bucket is implicitly the destination bucket.", - "annotations": { - "required": [ - "storage.objects.compose" - ] - } - }, - "objectPreconditions": { - "type": "object", - "description": "Conditions that must be met for this operation to execute.", - "properties": { - "ifGenerationMatch": { - "type": "string", - "description": "Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.", + "address": { + "type": "string", + "description": "The address where notifications are delivered for this channel." + }, + "expiration": { + "type": "string", + "description": "Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.", "format": "int64" - } + }, + "id": { + "type": "string", + "description": "A UUID or similar unique string that identifies this channel." + }, + "kind": { + "type": "string", + "description": "Identifies this as a notification channel used to watch for changes to a resource. Value: the fixed string \"api#channel\".", + "default": "api#channel" + }, + "params": { + "type": "object", + "description": "Additional parameters controlling delivery channel behavior. Optional.", + "additionalProperties": { + "type": "string", + "description": "Declares a new parameter by name." + } + }, + "payload": { + "type": "boolean", + "description": "A Boolean value to indicate whether payload is wanted. Optional." + }, + "resourceId": { + "type": "string", + "description": "An opaque ID that identifies the resource being watched on this channel. Stable across different API versions." + }, + "resourceUri": { + "type": "string", + "description": "A version-specific identifier for the watched resource." + }, + "token": { + "type": "string", + "description": "An arbitrary string delivered to the target address with each notification delivered over this channel. Optional." + }, + "type": { + "type": "string", + "description": "The type of delivery mechanism used for this channel." } - } - } - }, - "annotations": { - "required": [ - "storage.objects.compose" - ] - } - } - } - }, - "Object": { - "id": "Object", - "type": "object", - "description": "An object.", - "properties": { - "acl": { - "type": "array", - "description": "Access controls on the object.", - "items": { - "$ref": "ObjectAccessControl" - }, - "annotations": { - "required": [ - "storage.objects.update" - ] - } - }, - "bucket": { - "type": "string", - "description": "The name of the bucket containing this object." - }, - "cacheControl": { - "type": "string", - "description": "Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600." - }, - "componentCount": { - "type": "integer", - "description": "Number of underlying components that make up this object. Components are accumulated by compose operations.", - "format": "int32" - }, - "contentDisposition": { - "type": "string", - "description": "Content-Disposition of the object data." - }, - "contentEncoding": { - "type": "string", - "description": "Content-Encoding of the object data." - }, - "contentLanguage": { - "type": "string", - "description": "Content-Language of the object data." - }, - "contentType": { - "type": "string", - "description": "Content-Type of the object data. If contentType is not specified, object downloads will be served as application/octet-stream." - }, - "crc32c": { - "type": "string", - "description": "CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices." - }, - "customerEncryption": { - "type": "object", - "description": "Metadata of customer-supplied encryption key, if the object is encrypted by such a key.", - "properties": { - "encryptionAlgorithm": { - "type": "string", - "description": "The encryption algorithm." - }, - "keySha256": { - "type": "string", - "description": "SHA256 hash value of the encryption key." - } - } - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the object." - }, - "generation": { - "type": "string", - "description": "The content generation of this object. Used for object versioning.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "The ID of the object, including the bucket name, object name, and generation number." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For objects, this is always storage#object.", - "default": "storage#object" - }, - "md5Hash": { - "type": "string", - "description": "MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices." - }, - "mediaLink": { - "type": "string", - "description": "Media download link." - }, - "metadata": { - "type": "object", - "description": "User-provided metadata, in key/value pairs.", - "additionalProperties": { - "type": "string", - "description": "An individual metadata entry." - } - }, - "metageneration": { - "type": "string", - "description": "The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.", - "format": "int64" - }, - "name": { - "type": "string", - "description": "The name of the object. Required if not specified by URL parameter." - }, - "owner": { - "type": "object", - "description": "The owner of the object. This will always be the uploader of the object.", - "properties": { - "entity": { - "type": "string", - "description": "The entity, in the form user-userId." - }, - "entityId": { - "type": "string", - "description": "The ID for the entity." - } - } - }, - "selfLink": { - "type": "string", - "description": "The link to this object." - }, - "size": { - "type": "string", - "description": "Content-Length of the data in bytes.", - "format": "uint64" - }, - "storageClass": { - "type": "string", - "description": "Storage class of the object." - }, - "timeCreated": { - "type": "string", - "description": "The creation time of the object in RFC 3339 format.", - "format": "date-time" - }, - "timeDeleted": { - "type": "string", - "description": "The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.", - "format": "date-time" - }, - "timeStorageClassUpdated": { - "type": "string", - "description": "The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.", - "format": "date-time" - }, - "updated": { - "type": "string", - "description": "The modification time of the object metadata in RFC 3339 format.", - "format": "date-time" - } - } - }, - "ObjectAccessControl": { - "id": "ObjectAccessControl", - "type": "object", - "description": "An access-control entry.", - "properties": { - "bucket": { - "type": "string", - "description": "The name of the bucket." - }, - "domain": { - "type": "string", - "description": "The domain associated with the entity, if any." - }, - "email": { - "type": "string", - "description": "The email address associated with the entity, if any." - }, - "entity": { - "type": "string", - "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", - "annotations": { - "required": [ - "storage.defaultObjectAccessControls.insert", - "storage.objectAccessControls.insert" - ] - } - }, - "entityId": { - "type": "string", - "description": "The ID for the entity, if any." - }, - "etag": { - "type": "string", - "description": "HTTP 1.1 Entity tag for the access-control entry." - }, - "generation": { - "type": "string", - "description": "The content generation of the object, if applied to an object.", - "format": "int64" - }, - "id": { - "type": "string", - "description": "The ID of the access-control entry." - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For object access control entries, this is always storage#objectAccessControl.", - "default": "storage#objectAccessControl" - }, - "object": { - "type": "string", - "description": "The name of the object, if applied to an object." - }, - "projectTeam": { - "type": "object", - "description": "The project team associated with the entity, if any.", - "properties": { - "projectNumber": { - "type": "string", - "description": "The project number." - }, - "team": { - "type": "string", - "description": "The team." } - } - }, - "role": { - "type": "string", - "description": "The access permission for the entity.", - "annotations": { - "required": [ - "storage.defaultObjectAccessControls.insert", - "storage.objectAccessControls.insert" - ] - } - }, - "selfLink": { - "type": "string", - "description": "The link to this access-control entry." - } - } - }, - "ObjectAccessControls": { - "id": "ObjectAccessControls", - "type": "object", - "description": "An access-control list.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "ObjectAccessControl" - } - }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of object access control entries, this is always storage#objectAccessControls.", - "default": "storage#objectAccessControls" - } - } - }, - "Objects": { - "id": "Objects", - "type": "object", - "description": "A list of objects.", - "properties": { - "items": { - "type": "array", - "description": "The list of items.", - "items": { - "$ref": "Object" - } }, - "kind": { - "type": "string", - "description": "The kind of item this is. For lists of objects, this is always storage#objects.", - "default": "storage#objects" - }, - "nextPageToken": { - "type": "string", - "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results." - }, - "prefixes": { - "type": "array", - "description": "The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.", - "items": { - "type": "string" - } - } - } - }, - "RewriteResponse": { - "id": "RewriteResponse", - "type": "object", - "description": "A rewrite response.", - "properties": { - "done": { - "type": "boolean", - "description": "true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response." - }, - "kind": { - "type": "string", - "description": "The kind of item this is.", - "default": "storage#rewriteResponse" - }, - "objectSize": { - "type": "string", - "description": "The total size of the object being copied in bytes. This property is always present in the response.", - "format": "uint64" - }, - "resource": { - "$ref": "Object", - "description": "A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes." - }, - "rewriteToken": { - "type": "string", - "description": "A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy." - }, - "totalBytesRewritten": { - "type": "string", - "description": "The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.", - "format": "uint64" - } - } - } - }, - "resources": { - "bucketAccessControls": { - "methods": { - "delete": { - "id": "storage.bucketAccessControls.delete", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "DELETE", - "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "get": { - "id": "storage.bucketAccessControls.get", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "GET", - "description": "Returns the ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "insert": { - "id": "storage.bucketAccessControls.insert", - "path": "b/{bucket}/acl", - "httpMethod": "POST", - "description": "Creates a new ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "BucketAccessControl" - }, - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "list": { - "id": "storage.bucketAccessControls.list", - "path": "b/{bucket}/acl", - "httpMethod": "GET", - "description": "Retrieves ACL entries on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "BucketAccessControls" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "patch": { - "id": "storage.bucketAccessControls.patch", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "PATCH", - "description": "Updates an ACL entry on the specified bucket. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "BucketAccessControl" - }, - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "update": { - "id": "storage.bucketAccessControls.update", - "path": "b/{bucket}/acl/{entity}", - "httpMethod": "PUT", - "description": "Updates an ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "BucketAccessControl" - }, - "response": { - "$ref": "BucketAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "buckets": { - "methods": { - "delete": { - "id": "storage.buckets.delete", - "path": "b/{bucket}", - "httpMethod": "DELETE", - "description": "Permanently deletes an empty bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "If set, only deletes the bucket if its metageneration matches this value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "If set, only deletes the bucket if its metageneration does not match this value.", - "format": "int64", - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "get": { - "id": "storage.buckets.get", - "path": "b/{bucket}", - "httpMethod": "GET", - "description": "Returns metadata for the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "insert": { - "id": "storage.buckets.insert", - "path": "b", - "httpMethod": "POST", - "description": "Creates a new bucket.", - "parameters": { - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this bucket.", - "enum": [ - "authenticatedRead", - "private", - "projectPrivate", - "publicRead", - "publicReadWrite" - ], - "enumDescriptions": [ - "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", - "Project team owners get OWNER access.", - "Project team members get access according to their roles.", - "Project team owners get OWNER access, and allUsers get READER access.", - "Project team owners get OWNER access, and allUsers get WRITER access." - ], - "location": "query" - }, - "predefinedDefaultObjectAcl": { - "type": "string", - "description": "Apply a predefined set of default object access controls to this bucket.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "project": { - "type": "string", - "description": "A valid API project identifier.", - "required": true, - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "request": { - "$ref": "Bucket" - }, - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "list": { - "id": "storage.buckets.list", - "path": "b", - "httpMethod": "GET", - "description": "Retrieves a list of buckets for a given project.", - "parameters": { - "maxResults": { - "type": "integer", - "description": "Maximum number of buckets to return.", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "A previously-returned page token representing part of the larger set of results to view.", - "location": "query" - }, - "prefix": { - "type": "string", - "description": "Filter results to buckets whose names begin with this prefix.", - "location": "query" - }, - "project": { - "type": "string", - "description": "A valid API project identifier.", - "required": true, - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - } - }, - "parameterOrder": [ - "project" - ], - "response": { - "$ref": "Buckets" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "patch": { - "id": "storage.buckets.patch", - "path": "b/{bucket}", - "httpMethod": "PATCH", - "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this bucket.", - "enum": [ - "authenticatedRead", - "private", - "projectPrivate", - "publicRead", - "publicReadWrite" - ], - "enumDescriptions": [ - "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", - "Project team owners get OWNER access.", - "Project team members get access according to their roles.", - "Project team owners get OWNER access, and allUsers get READER access.", - "Project team owners get OWNER access, and allUsers get WRITER access." - ], - "location": "query" - }, - "predefinedDefaultObjectAcl": { - "type": "string", - "description": "Apply a predefined set of default object access controls to this bucket.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Bucket" - }, - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "update": { - "id": "storage.buckets.update", - "path": "b/{bucket}", - "httpMethod": "PUT", - "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this bucket.", - "enum": [ - "authenticatedRead", - "private", - "projectPrivate", - "publicRead", - "publicReadWrite" - ], - "enumDescriptions": [ - "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", - "Project team owners get OWNER access.", - "Project team members get access according to their roles.", - "Project team owners get OWNER access, and allUsers get READER access.", - "Project team owners get OWNER access, and allUsers get WRITER access." - ], - "location": "query" - }, - "predefinedDefaultObjectAcl": { - "type": "string", - "description": "Apply a predefined set of default object access controls to this bucket.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit owner, acl and defaultObjectAcl properties." - ], - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Bucket" - }, - "response": { - "$ref": "Bucket" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "channels": { - "methods": { - "stop": { - "id": "storage.channels.stop", - "path": "channels/stop", - "httpMethod": "POST", - "description": "Stop watching resources through this channel", - "request": { - "$ref": "Channel", - "parameterName": "resource" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - } - } - }, - "defaultObjectAccessControls": { - "methods": { - "delete": { - "id": "storage.defaultObjectAccessControls.delete", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "DELETE", - "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "get": { - "id": "storage.defaultObjectAccessControls.get", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "GET", - "description": "Returns the default object ACL entry for the specified entity on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "insert": { - "id": "storage.defaultObjectAccessControls.insert", - "path": "b/{bucket}/defaultObjectAcl", - "httpMethod": "POST", - "description": "Creates a new default object ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - }, - "list": { - "id": "storage.defaultObjectAccessControls.list", - "path": "b/{bucket}/defaultObjectAcl", - "httpMethod": "GET", - "description": "Retrieves default object ACL entries on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.", - "format": "int64", - "location": "query" + "ComposeRequest": { + "id": "ComposeRequest", + "type": "object", + "description": "A Compose request.", + "properties": { + "destination": { + "$ref": "Object", + "description": "Properties of the resulting object." + }, + "kind": { + "type": "string", + "description": "The kind of item this is.", + "default": "storage#composeRequest" + }, + "sourceObjects": { + "type": "array", + "description": "The list of source objects that will be concatenated into a single object.", + "items": { + "type": "object", + "properties": { + "generation": { + "type": "string", + "description": "The generation of this object to use as the source.", + "format": "int64" + }, + "name": { + "type": "string", + "description": "The source object's name. The source object's bucket is implicitly the destination bucket.", + "annotations": { + "required": [ + "storage.objects.compose" + ] + } + }, + "objectPreconditions": { + "type": "object", + "description": "Conditions that must be met for this operation to execute.", + "properties": { + "ifGenerationMatch": { + "type": "string", + "description": "Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.", + "format": "int64" + } + } + } + } + }, + "annotations": { + "required": [ + "storage.objects.compose" + ] + } + } } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "ObjectAccessControls" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "patch": { - "id": "storage.defaultObjectAccessControls.patch", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "PATCH", - "description": "Updates a default object ACL entry on the specified bucket. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" + "Object": { + "id": "Object", + "type": "object", + "description": "An object.", + "properties": { + "acl": { + "type": "array", + "description": "Access controls on the object.", + "items": { + "$ref": "ObjectAccessControl" + }, + "annotations": { + "required": [ + "storage.objects.update" + ] + } + }, + "bucket": { + "type": "string", + "description": "The name of the bucket containing this object." + }, + "cacheControl": { + "type": "string", + "description": "Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600." + }, + "componentCount": { + "type": "integer", + "description": "Number of underlying components that make up this object. Components are accumulated by compose operations.", + "format": "int32" + }, + "contentDisposition": { + "type": "string", + "description": "Content-Disposition of the object data." + }, + "contentEncoding": { + "type": "string", + "description": "Content-Encoding of the object data." + }, + "contentLanguage": { + "type": "string", + "description": "Content-Language of the object data." + }, + "contentType": { + "type": "string", + "description": "Content-Type of the object data. If contentType is not specified, object downloads will be served as application/octet-stream." + }, + "crc32c": { + "type": "string", + "description": "CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices." + }, + "customerEncryption": { + "type": "object", + "description": "Metadata of customer-supplied encryption key, if the object is encrypted by such a key.", + "properties": { + "encryptionAlgorithm": { + "type": "string", + "description": "The encryption algorithm." + }, + "keySha256": { + "type": "string", + "description": "SHA256 hash value of the encryption key." + } + } + }, + "etag": { + "type": "string", + "description": "HTTP 1.1 Entity tag for the object." + }, + "generation": { + "type": "string", + "description": "The content generation of this object. Used for object versioning.", + "format": "int64" + }, + "id": { + "type": "string", + "description": "The ID of the object, including the bucket name, object name, and generation number." + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For objects, this is always storage#object.", + "default": "storage#object" + }, + "md5Hash": { + "type": "string", + "description": "MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices." + }, + "mediaLink": { + "type": "string", + "description": "Media download link." + }, + "metadata": { + "type": "object", + "description": "User-provided metadata, in key/value pairs.", + "additionalProperties": { + "type": "string", + "description": "An individual metadata entry." + } + }, + "metageneration": { + "type": "string", + "description": "The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.", + "format": "int64" + }, + "name": { + "type": "string", + "description": "The name of the object. Required if not specified by URL parameter." + }, + "owner": { + "type": "object", + "description": "The owner of the object. This will always be the uploader of the object.", + "properties": { + "entity": { + "type": "string", + "description": "The entity, in the form user-userId." + }, + "entityId": { + "type": "string", + "description": "The ID for the entity." + } + } + }, + "selfLink": { + "type": "string", + "description": "The link to this object." + }, + "size": { + "type": "string", + "description": "Content-Length of the data in bytes.", + "format": "uint64" + }, + "storageClass": { + "type": "string", + "description": "Storage class of the object." + }, + "timeCreated": { + "type": "string", + "description": "The creation time of the object in RFC 3339 format.", + "format": "date-time" + }, + "timeDeleted": { + "type": "string", + "description": "The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.", + "format": "date-time" + }, + "timeStorageClassUpdated": { + "type": "string", + "description": "The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.", + "format": "date-time" + }, + "updated": { + "type": "string", + "description": "The modification time of the object metadata in RFC 3339 format.", + "format": "date-time" + } } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "update": { - "id": "storage.defaultObjectAccessControls.update", - "path": "b/{bucket}/defaultObjectAcl/{entity}", - "httpMethod": "PUT", - "description": "Updates a default object ACL entry on the specified bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] - } - } - }, - "objectAccessControls": { - "methods": { - "delete": { - "id": "storage.objectAccessControls.delete", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "DELETE", - "description": "Permanently deletes the ACL entry for the specified entity on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "ObjectAccessControl": { + "id": "ObjectAccessControl", + "type": "object", + "description": "An access-control entry.", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket." + }, + "domain": { + "type": "string", + "description": "The domain associated with the entity, if any." + }, + "email": { + "type": "string", + "description": "The email address associated with the entity, if any." + }, + "entity": { + "type": "string", + "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.", + "annotations": { + "required": [ + "storage.defaultObjectAccessControls.insert", + "storage.objectAccessControls.insert" + ] + } + }, + "entityId": { + "type": "string", + "description": "The ID for the entity, if any." + }, + "etag": { + "type": "string", + "description": "HTTP 1.1 Entity tag for the access-control entry." + }, + "generation": { + "type": "string", + "description": "The content generation of the object, if applied to an object.", + "format": "int64" + }, + "id": { + "type": "string", + "description": "The ID of the access-control entry." + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For object access control entries, this is always storage#objectAccessControl.", + "default": "storage#objectAccessControl" + }, + "object": { + "type": "string", + "description": "The name of the object, if applied to an object." + }, + "projectTeam": { + "type": "object", + "description": "The project team associated with the entity, if any.", + "properties": { + "projectNumber": { + "type": "string", + "description": "The project number." + }, + "team": { + "type": "string", + "description": "The team." + } + } + }, + "role": { + "type": "string", + "description": "The access permission for the entity.", + "annotations": { + "required": [ + "storage.defaultObjectAccessControls.insert", + "storage.objectAccessControls.insert" + ] + } + }, + "selfLink": { + "type": "string", + "description": "The link to this access-control entry." + } } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "get": { - "id": "storage.objectAccessControls.get", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "GET", - "description": "Returns the ACL entry for the specified entity on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "ObjectAccessControls": { + "id": "ObjectAccessControls", + "type": "object", + "description": "An access-control list.", + "properties": { + "items": { + "type": "array", + "description": "The list of items.", + "items": { + "$ref": "ObjectAccessControl" + } + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For lists of object access control entries, this is always storage#objectAccessControls.", + "default": "storage#objectAccessControls" + } } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "insert": { - "id": "storage.objectAccessControls.insert", - "path": "b/{bucket}/o/{object}/acl", - "httpMethod": "POST", - "description": "Creates a new ACL entry on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "Objects": { + "id": "Objects", + "type": "object", + "description": "A list of objects.", + "properties": { + "items": { + "type": "array", + "description": "The list of items.", + "items": { + "$ref": "Object" + } + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For lists of objects, this is always storage#objects.", + "default": "storage#objects" + }, + "nextPageToken": { + "type": "string", + "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results." + }, + "prefixes": { + "type": "array", + "description": "The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.", + "items": { + "type": "string" + } + } } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "list": { - "id": "storage.objectAccessControls.list", - "path": "b/{bucket}/o/{object}/acl", - "httpMethod": "GET", - "description": "Retrieves ACL entries on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "Policy": { + "id": "Policy", + "type": "object", + "description": "A bucket/object IAM policy.", + "properties": { + "bindings": { + "type": "array", + "description": "An association between a role, which comes with a set of permissions, and members who may assume that role.", + "items": { + "type": "object", + "properties": { + "members": { + "type": "array", + "description": "A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows: \n- allUsers — A special identifier that represents anyone on the internet; with or without a Google account. \n- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account. \n- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com. \n- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com . \n- group:emailid — An email address that represents a Google group. For example, group:admins@example.com. \n- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com. \n- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project \n- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project \n- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project", + "items": { + "type": "string" + }, + "annotations": { + "required": [ + "storage.buckets.setIamPolicy", + "storage.objects.setIamPolicy" + ] + } + }, + "role": { + "type": "string", + "description": "The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.\nThe new IAM roles are: \n- roles/storage.admin — Full control of Google Cloud Storage resources. \n- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects. \n- roles/storage.objectCreator — Access to create objects in Google Cloud Storage. \n- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are: \n- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role. \n- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role. \n- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role. \n- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role. \n- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.", + "annotations": { + "required": [ + "storage.buckets.setIamPolicy", + "storage.objects.setIamPolicy" + ] + } + } + } + }, + "annotations": { + "required": [ + "storage.buckets.setIamPolicy", + "storage.objects.setIamPolicy" + ] + } + }, + "etag": { + "type": "string", + "description": "HTTP 1.1 Entity tag for the policy.", + "format": "byte" + }, + "kind": { + "type": "string", + "description": "The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.", + "default": "storage#policy" + }, + "resourceId": { + "type": "string", + "description": "The ID of the resource to which this policy belongs. Will be of the form buckets/bucket for buckets, and buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input." + } } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "response": { - "$ref": "ObjectAccessControls" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "patch": { - "id": "storage.objectAccessControls.patch", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "PATCH", - "description": "Updates an ACL entry on the specified object. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "RewriteResponse": { + "id": "RewriteResponse", + "type": "object", + "description": "A rewrite response.", + "properties": { + "done": { + "type": "boolean", + "description": "true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response." + }, + "kind": { + "type": "string", + "description": "The kind of item this is.", + "default": "storage#rewriteResponse" + }, + "objectSize": { + "type": "string", + "description": "The total size of the object being copied in bytes. This property is always present in the response.", + "format": "uint64" + }, + "resource": { + "$ref": "Object", + "description": "A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes." + }, + "rewriteToken": { + "type": "string", + "description": "A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy." + }, + "totalBytesRewritten": { + "type": "string", + "description": "The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.", + "format": "uint64" + } } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "update": { - "id": "storage.objectAccessControls.update", - "path": "b/{bucket}/o/{object}/acl/{entity}", - "httpMethod": "PUT", - "description": "Updates an ACL entry on the specified object.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of a bucket.", - "required": true, - "location": "path" - }, - "entity": { - "type": "string", - "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "TestIamPermissionsResponse": { + "id": "TestIamPermissionsResponse", + "type": "object", + "description": "A storage.(buckets|objects).testIamPermissions response.", + "properties": { + "kind": { + "type": "string", + "description": "The kind of item this is.", + "default": "storage#testIamPermissionsResponse" + }, + "permissions": { + "type": "array", + "description": "The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets or objects. The supported permissions are as follows: \n- storage.buckets.delete — Delete bucket. \n- storage.buckets.get — Read bucket metadata. \n- storage.buckets.getIamPolicy — Read bucket IAM policy. \n- storage.buckets.create — Create bucket. \n- storage.buckets.list — List buckets. \n- storage.buckets.setIamPolicy — Update bucket IAM policy. \n- storage.buckets.update — Update bucket metadata. \n- storage.objects.delete — Delete object. \n- storage.objects.get — Read object data and metadata. \n- storage.objects.getIamPolicy — Read object IAM policy. \n- storage.objects.create — Create object. \n- storage.objects.list — List objects. \n- storage.objects.setIamPolicy — Update object IAM policy. \n- storage.objects.update — Update object metadata.", + "items": { + "type": "string" + } + } } - }, - "parameterOrder": [ - "bucket", - "object", - "entity" - ], - "request": { - "$ref": "ObjectAccessControl" - }, - "response": { - "$ref": "ObjectAccessControl" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] } - } }, - "objects": { - "methods": { - "compose": { - "id": "storage.objects.compose", - "path": "b/{destinationBucket}/o/{destinationObject}/compose", - "httpMethod": "POST", - "description": "Concatenates a list of existing objects into a new object in the same bucket.", - "parameters": { - "destinationBucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object.", - "required": true, - "location": "path" - }, - "destinationObject": { - "type": "string", - "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "destinationPredefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to the destination object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - } - }, - "parameterOrder": [ - "destinationBucket", - "destinationObject" - ], - "request": { - "$ref": "ComposeRequest" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsMediaDownload": true, - "useMediaDownloadService": true - }, - "copy": { - "id": "storage.objects.copy", - "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}", - "httpMethod": "POST", - "description": "Copies a source object to a destination object. Optionally overrides metadata.", - "parameters": { - "destinationBucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "destinationObject": { - "type": "string", - "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.", - "required": true, - "location": "path" - }, - "destinationPredefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to the destination object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "sourceBucket": { - "type": "string", - "description": "Name of the bucket in which to find the source object.", - "required": true, - "location": "path" - }, - "sourceGeneration": { - "type": "string", - "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "sourceObject": { - "type": "string", - "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "sourceBucket", - "sourceObject", - "destinationBucket", - "destinationObject" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsMediaDownload": true, - "useMediaDownloadService": true - }, - "delete": { - "id": "storage.objects.delete", - "path": "b/{bucket}/o/{object}", - "httpMethod": "DELETE", - "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] - }, - "get": { - "id": "storage.objects.get", - "path": "b/{bucket}/o/{object}", - "httpMethod": "GET", - "description": "Retrieves an object or its metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsMediaDownload": true, - "useMediaDownloadService": true - }, - "insert": { - "id": "storage.objects.insert", - "path": "b/{bucket}/o", - "httpMethod": "POST", - "description": "Stores a new object and metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", - "required": true, - "location": "path" - }, - "contentEncoding": { - "type": "string", - "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "name": { - "type": "string", - "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "location": "query" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsMediaDownload": true, - "useMediaDownloadService": true, - "supportsMediaUpload": true, - "mediaUpload": { - "accept": [ - "*/*" - ], - "protocols": { - "simple": { - "multipart": true, - "path": "/upload/storage/v1/b/{bucket}/o" - }, - "resumable": { - "multipart": true, - "path": "/resumable/upload/storage/v1/b/{bucket}/o" - } + "resources": { + "bucketAccessControls": { + "methods": { + "delete": { + "id": "storage.bucketAccessControls.delete", + "path": "b/{bucket}/acl/{entity}", + "httpMethod": "DELETE", + "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "get": { + "id": "storage.bucketAccessControls.get", + "path": "b/{bucket}/acl/{entity}", + "httpMethod": "GET", + "description": "Returns the ACL entry for the specified entity on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "insert": { + "id": "storage.bucketAccessControls.insert", + "path": "b/{bucket}/acl", + "httpMethod": "POST", + "description": "Creates a new ACL entry on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "BucketAccessControl" + }, + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "list": { + "id": "storage.bucketAccessControls.list", + "path": "b/{bucket}/acl", + "httpMethod": "GET", + "description": "Retrieves ACL entries on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket" + ], + "response": { + "$ref": "BucketAccessControls" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "patch": { + "id": "storage.bucketAccessControls.patch", + "path": "b/{bucket}/acl/{entity}", + "httpMethod": "PATCH", + "description": "Updates an ACL entry on the specified bucket. This method supports patch semantics.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "request": { + "$ref": "BucketAccessControl" + }, + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "update": { + "id": "storage.bucketAccessControls.update", + "path": "b/{bucket}/acl/{entity}", + "httpMethod": "PUT", + "description": "Updates an ACL entry on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "request": { + "$ref": "BucketAccessControl" + }, + "response": { + "$ref": "BucketAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + } } - } }, - "list": { - "id": "storage.objects.list", - "path": "b/{bucket}/o", - "httpMethod": "GET", - "description": "Retrieves a list of objects matching the criteria.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which to look for objects.", - "required": true, - "location": "path" - }, - "delimiter": { - "type": "string", - "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "Maximum number of items plus prefixes to return. As duplicate prefixes are omitted, fewer total results may be returned than requested. The default value of this parameter is 1,000 items.", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "A previously-returned page token representing part of the larger set of results to view.", - "location": "query" - }, - "prefix": { - "type": "string", - "description": "Filter results to objects whose names begin with this prefix.", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "versions": { - "type": "boolean", - "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", - "location": "query" + "buckets": { + "methods": { + "delete": { + "id": "storage.buckets.delete", + "path": "b/{bucket}", + "httpMethod": "DELETE", + "description": "Permanently deletes an empty bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "If set, only deletes the bucket if its metageneration matches this value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "If set, only deletes the bucket if its metageneration does not match this value.", + "format": "int64", + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "get": { + "id": "storage.buckets.get", + "path": "b/{bucket}", + "httpMethod": "GET", + "description": "Returns metadata for the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "getIamPolicy": { + "id": "storage.buckets.getIamPolicy", + "path": "b/{bucket}/iam", + "httpMethod": "GET", + "description": "Returns an IAM policy for the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket" + ], + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "insert": { + "id": "storage.buckets.insert", + "path": "b", + "httpMethod": "POST", + "description": "Creates a new bucket.", + "parameters": { + "predefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to this bucket.", + "enum": [ + "authenticatedRead", + "private", + "projectPrivate", + "publicRead", + "publicReadWrite" + ], + "enumDescriptions": [ + "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", + "Project team owners get OWNER access.", + "Project team members get access according to their roles.", + "Project team owners get OWNER access, and allUsers get READER access.", + "Project team owners get OWNER access, and allUsers get WRITER access." + ], + "location": "query" + }, + "predefinedDefaultObjectAcl": { + "type": "string", + "description": "Apply a predefined set of default object access controls to this bucket.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "project": { + "type": "string", + "description": "A valid API project identifier.", + "required": true, + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query" + } + }, + "parameterOrder": [ + "project" + ], + "request": { + "$ref": "Bucket" + }, + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "list": { + "id": "storage.buckets.list", + "path": "b", + "httpMethod": "GET", + "description": "Retrieves a list of buckets for a given project.", + "parameters": { + "maxResults": { + "type": "integer", + "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.", + "default": "1000", + "format": "uint32", + "minimum": "0", + "location": "query" + }, + "pageToken": { + "type": "string", + "description": "A previously-returned page token representing part of the larger set of results to view.", + "location": "query" + }, + "prefix": { + "type": "string", + "description": "Filter results to buckets whose names begin with this prefix.", + "location": "query" + }, + "project": { + "type": "string", + "description": "A valid API project identifier.", + "required": true, + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query" + } + }, + "parameterOrder": [ + "project" + ], + "response": { + "$ref": "Buckets" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "patch": { + "id": "storage.buckets.patch", + "path": "b/{bucket}", + "httpMethod": "PATCH", + "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate. This method supports patch semantics.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "predefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to this bucket.", + "enum": [ + "authenticatedRead", + "private", + "projectPrivate", + "publicRead", + "publicReadWrite" + ], + "enumDescriptions": [ + "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", + "Project team owners get OWNER access.", + "Project team members get access according to their roles.", + "Project team owners get OWNER access, and allUsers get READER access.", + "Project team owners get OWNER access, and allUsers get WRITER access." + ], + "location": "query" + }, + "predefinedDefaultObjectAcl": { + "type": "string", + "description": "Apply a predefined set of default object access controls to this bucket.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "Bucket" + }, + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "setIamPolicy": { + "id": "storage.buckets.setIamPolicy", + "path": "b/{bucket}/iam", + "httpMethod": "PUT", + "description": "Updates an IAM policy for the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "Policy" + }, + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "testIamPermissions": { + "id": "storage.buckets.testIamPermissions", + "path": "b/{bucket}/iam/testPermissions", + "httpMethod": "GET", + "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "permissions": { + "type": "string", + "description": "Permissions to test.", + "required": true, + "repeated": true, + "location": "query" + } + }, + "parameterOrder": [ + "bucket", + "permissions" + ], + "response": { + "$ref": "TestIamPermissionsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "update": { + "id": "storage.buckets.update", + "path": "b/{bucket}", + "httpMethod": "PUT", + "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "predefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to this bucket.", + "enum": [ + "authenticatedRead", + "private", + "projectPrivate", + "publicRead", + "publicReadWrite" + ], + "enumDescriptions": [ + "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.", + "Project team owners get OWNER access.", + "Project team members get access according to their roles.", + "Project team owners get OWNER access, and allUsers get READER access.", + "Project team owners get OWNER access, and allUsers get WRITER access." + ], + "location": "query" + }, + "predefinedDefaultObjectAcl": { + "type": "string", + "description": "Apply a predefined set of default object access controls to this bucket.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit owner, acl and defaultObjectAcl properties." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "Bucket" + }, + "response": { + "$ref": "Bucket" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + } } - }, - "parameterOrder": [ - "bucket" - ], - "response": { - "$ref": "Objects" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsSubscription": true }, - "patch": { - "id": "storage.objects.patch", - "path": "b/{bucket}/o/{object}", - "httpMethod": "PATCH", - "description": "Updates an object's metadata. This method supports patch semantics.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" + "channels": { + "methods": { + "stop": { + "id": "storage.channels.stop", + "path": "channels/stop", + "httpMethod": "POST", + "description": "Stop watching resources through this channel", + "request": { + "$ref": "Channel", + "parameterName": "resource" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + } } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ] }, - "rewrite": { - "id": "storage.objects.rewrite", - "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}", - "httpMethod": "POST", - "description": "Rewrites a source object to a destination object. Optionally overrides metadata.", - "parameters": { - "destinationBucket": { - "type": "string", - "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", - "required": true, - "location": "path" - }, - "destinationObject": { - "type": "string", - "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "destinationPredefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to the destination object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifSourceMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "maxBytesRewrittenPerCall": { - "type": "string", - "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.", - "format": "int64", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "rewriteToken": { - "type": "string", - "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.", - "location": "query" - }, - "sourceBucket": { - "type": "string", - "description": "Name of the bucket in which to find the source object.", - "required": true, - "location": "path" - }, - "sourceGeneration": { - "type": "string", - "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "sourceObject": { - "type": "string", - "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" + "defaultObjectAccessControls": { + "methods": { + "delete": { + "id": "storage.defaultObjectAccessControls.delete", + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "httpMethod": "DELETE", + "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "get": { + "id": "storage.defaultObjectAccessControls.get", + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "httpMethod": "GET", + "description": "Returns the default object ACL entry for the specified entity on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "insert": { + "id": "storage.defaultObjectAccessControls.insert", + "path": "b/{bucket}/defaultObjectAcl", + "httpMethod": "POST", + "description": "Creates a new default object ACL entry on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "list": { + "id": "storage.defaultObjectAccessControls.list", + "path": "b/{bucket}/defaultObjectAcl", + "httpMethod": "GET", + "description": "Retrieves default object ACL entries on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "response": { + "$ref": "ObjectAccessControls" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "patch": { + "id": "storage.defaultObjectAccessControls.patch", + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "httpMethod": "PATCH", + "description": "Updates a default object ACL entry on the specified bucket. This method supports patch semantics.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "update": { + "id": "storage.defaultObjectAccessControls.update", + "path": "b/{bucket}/defaultObjectAcl/{entity}", + "httpMethod": "PUT", + "description": "Updates a default object ACL entry on the specified bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "entity" + ], + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + } } - }, - "parameterOrder": [ - "sourceBucket", - "sourceObject", - "destinationBucket", - "destinationObject" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "RewriteResponse" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_write" - ] }, - "update": { - "id": "storage.objects.update", - "path": "b/{bucket}/o/{object}", - "httpMethod": "PUT", - "description": "Updates an object's metadata.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which the object resides.", - "required": true, - "location": "path" - }, - "generation": { - "type": "string", - "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", - "format": "int64", - "location": "query" - }, - "ifGenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation matches the given value.", - "format": "int64", - "location": "query" - }, - "ifGenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", - "format": "int64", - "location": "query" - }, - "ifMetagenerationNotMatch": { - "type": "string", - "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", - "format": "int64", - "location": "query" - }, - "object": { - "type": "string", - "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", - "required": true, - "location": "path" - }, - "predefinedAcl": { - "type": "string", - "description": "Apply a predefined set of access controls to this object.", - "enum": [ - "authenticatedRead", - "bucketOwnerFullControl", - "bucketOwnerRead", - "private", - "projectPrivate", - "publicRead" - ], - "enumDescriptions": [ - "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", - "Object owner gets OWNER access, and project team owners get OWNER access.", - "Object owner gets OWNER access, and project team owners get READER access.", - "Object owner gets OWNER access.", - "Object owner gets OWNER access, and project team members get access according to their roles.", - "Object owner gets OWNER access, and allUsers get READER access." - ], - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to full.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" + "objectAccessControls": { + "methods": { + "delete": { + "id": "storage.objectAccessControls.delete", + "path": "b/{bucket}/o/{object}/acl/{entity}", + "httpMethod": "DELETE", + "description": "Permanently deletes the ACL entry for the specified entity on the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "get": { + "id": "storage.objectAccessControls.get", + "path": "b/{bucket}/o/{object}/acl/{entity}", + "httpMethod": "GET", + "description": "Returns the ACL entry for the specified entity on the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "insert": { + "id": "storage.objectAccessControls.insert", + "path": "b/{bucket}/o/{object}/acl", + "httpMethod": "POST", + "description": "Creates a new ACL entry on the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "list": { + "id": "storage.objectAccessControls.list", + "path": "b/{bucket}/o/{object}/acl", + "httpMethod": "GET", + "description": "Retrieves ACL entries on the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "response": { + "$ref": "ObjectAccessControls" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "patch": { + "id": "storage.objectAccessControls.patch", + "path": "b/{bucket}/o/{object}/acl/{entity}", + "httpMethod": "PATCH", + "description": "Updates an ACL entry on the specified object. This method supports patch semantics.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "update": { + "id": "storage.objectAccessControls.update", + "path": "b/{bucket}/o/{object}/acl/{entity}", + "httpMethod": "PUT", + "description": "Updates an ACL entry on the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of a bucket.", + "required": true, + "location": "path" + }, + "entity": { + "type": "string", + "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object", + "entity" + ], + "request": { + "$ref": "ObjectAccessControl" + }, + "response": { + "$ref": "ObjectAccessControl" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + } } - }, - "parameterOrder": [ - "bucket", - "object" - ], - "request": { - "$ref": "Object" - }, - "response": { - "$ref": "Object" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/devstorage.full_control" - ], - "supportsMediaDownload": true, - "useMediaDownloadService": true }, - "watchAll": { - "id": "storage.objects.watchAll", - "path": "b/{bucket}/o/watch", - "httpMethod": "POST", - "description": "Watch for changes on all objects in a bucket.", - "parameters": { - "bucket": { - "type": "string", - "description": "Name of the bucket in which to look for objects.", - "required": true, - "location": "path" - }, - "delimiter": { - "type": "string", - "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", - "location": "query" - }, - "maxResults": { - "type": "integer", - "description": "Maximum number of items plus prefixes to return. As duplicate prefixes are omitted, fewer total results may be returned than requested. The default value of this parameter is 1,000 items.", - "format": "uint32", - "minimum": "0", - "location": "query" - }, - "pageToken": { - "type": "string", - "description": "A previously-returned page token representing part of the larger set of results to view.", - "location": "query" - }, - "prefix": { - "type": "string", - "description": "Filter results to objects whose names begin with this prefix.", - "location": "query" - }, - "projection": { - "type": "string", - "description": "Set of properties to return. Defaults to noAcl.", - "enum": [ - "full", - "noAcl" - ], - "enumDescriptions": [ - "Include all properties.", - "Omit the owner, acl property." - ], - "location": "query" - }, - "versions": { - "type": "boolean", - "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", - "location": "query" + "objects": { + "methods": { + "compose": { + "id": "storage.objects.compose", + "path": "b/{destinationBucket}/o/{destinationObject}/compose", + "httpMethod": "POST", + "description": "Concatenates a list of existing objects into a new object in the same bucket.", + "parameters": { + "destinationBucket": { + "type": "string", + "description": "Name of the bucket in which to store the new object.", + "required": true, + "location": "path" + }, + "destinationObject": { + "type": "string", + "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "destinationPredefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to the destination object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + } + }, + "parameterOrder": [ + "destinationBucket", + "destinationObject" + ], + "request": { + "$ref": "ComposeRequest" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsMediaDownload": true, + "useMediaDownloadService": true + }, + "copy": { + "id": "storage.objects.copy", + "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}", + "httpMethod": "POST", + "description": "Copies a source object to a destination object. Optionally overrides metadata.", + "parameters": { + "destinationBucket": { + "type": "string", + "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "destinationObject": { + "type": "string", + "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.", + "required": true, + "location": "path" + }, + "destinationPredefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to the destination object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + }, + "sourceBucket": { + "type": "string", + "description": "Name of the bucket in which to find the source object.", + "required": true, + "location": "path" + }, + "sourceGeneration": { + "type": "string", + "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "sourceObject": { + "type": "string", + "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "sourceBucket", + "sourceObject", + "destinationBucket", + "destinationObject" + ], + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsMediaDownload": true, + "useMediaDownloadService": true + }, + "delete": { + "id": "storage.objects.delete", + "path": "b/{bucket}/o/{object}", + "httpMethod": "DELETE", + "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "get": { + "id": "storage.objects.get", + "path": "b/{bucket}/o/{object}", + "httpMethod": "GET", + "description": "Retrieves an object or its metadata.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsMediaDownload": true, + "useMediaDownloadService": true + }, + "getIamPolicy": { + "id": "storage.objects.getIamPolicy", + "path": "b/{bucket}/o/{object}/iam", + "httpMethod": "GET", + "description": "Returns an IAM policy for the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "insert": { + "id": "storage.objects.insert", + "path": "b/{bucket}/o", + "httpMethod": "POST", + "description": "Stores a new object and metadata.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", + "required": true, + "location": "path" + }, + "contentEncoding": { + "type": "string", + "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.", + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "name": { + "type": "string", + "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "location": "query" + }, + "predefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to this object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsMediaDownload": true, + "useMediaDownloadService": true, + "supportsMediaUpload": true, + "mediaUpload": { + "accept": [ + "*/*" + ], + "protocols": { + "simple": { + "multipart": true, + "path": "/upload/storage/v1/b/{bucket}/o" + }, + "resumable": { + "multipart": true, + "path": "/resumable/upload/storage/v1/b/{bucket}/o" + } + } + } + }, + "list": { + "id": "storage.objects.list", + "path": "b/{bucket}/o", + "httpMethod": "GET", + "description": "Retrieves a list of objects matching the criteria.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which to look for objects.", + "required": true, + "location": "path" + }, + "delimiter": { + "type": "string", + "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", + "location": "query" + }, + "maxResults": { + "type": "integer", + "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.", + "default": "1000", + "format": "uint32", + "minimum": "0", + "location": "query" + }, + "pageToken": { + "type": "string", + "description": "A previously-returned page token representing part of the larger set of results to view.", + "location": "query" + }, + "prefix": { + "type": "string", + "description": "Filter results to objects whose names begin with this prefix.", + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + }, + "versions": { + "type": "boolean", + "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "response": { + "$ref": "Objects" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsSubscription": true + }, + "patch": { + "id": "storage.objects.patch", + "path": "b/{bucket}/o/{object}", + "httpMethod": "PATCH", + "description": "Updates an object's metadata. This method supports patch semantics.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "predefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to this object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ] + }, + "rewrite": { + "id": "storage.objects.rewrite", + "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}", + "httpMethod": "POST", + "description": "Rewrites a source object to a destination object. Optionally overrides metadata.", + "parameters": { + "destinationBucket": { + "type": "string", + "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.", + "required": true, + "location": "path" + }, + "destinationObject": { + "type": "string", + "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "destinationPredefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to the destination object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifSourceMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "maxBytesRewrittenPerCall": { + "type": "string", + "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.", + "format": "int64", + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + }, + "rewriteToken": { + "type": "string", + "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.", + "location": "query" + }, + "sourceBucket": { + "type": "string", + "description": "Name of the bucket in which to find the source object.", + "required": true, + "location": "path" + }, + "sourceGeneration": { + "type": "string", + "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "sourceObject": { + "type": "string", + "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "sourceBucket", + "sourceObject", + "destinationBucket", + "destinationObject" + ], + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "RewriteResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "setIamPolicy": { + "id": "storage.objects.setIamPolicy", + "path": "b/{bucket}/o/{object}/iam", + "httpMethod": "PUT", + "description": "Updates an IAM policy for the specified object.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "request": { + "$ref": "Policy" + }, + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "testIamPermissions": { + "id": "storage.objects.testIamPermissions", + "path": "b/{bucket}/o/{object}/iam/testPermissions", + "httpMethod": "GET", + "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "permissions": { + "type": "string", + "description": "Permissions to test.", + "required": true, + "repeated": true, + "location": "query" + } + }, + "parameterOrder": [ + "bucket", + "object", + "permissions" + ], + "response": { + "$ref": "TestIamPermissionsResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ] + }, + "update": { + "id": "storage.objects.update", + "path": "b/{bucket}/o/{object}", + "httpMethod": "PUT", + "description": "Updates an object's metadata.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which the object resides.", + "required": true, + "location": "path" + }, + "generation": { + "type": "string", + "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).", + "format": "int64", + "location": "query" + }, + "ifGenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation matches the given value.", + "format": "int64", + "location": "query" + }, + "ifGenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current generation does not match the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.", + "format": "int64", + "location": "query" + }, + "ifMetagenerationNotMatch": { + "type": "string", + "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.", + "format": "int64", + "location": "query" + }, + "object": { + "type": "string", + "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.", + "required": true, + "location": "path" + }, + "predefinedAcl": { + "type": "string", + "description": "Apply a predefined set of access controls to this object.", + "enum": [ + "authenticatedRead", + "bucketOwnerFullControl", + "bucketOwnerRead", + "private", + "projectPrivate", + "publicRead" + ], + "enumDescriptions": [ + "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.", + "Object owner gets OWNER access, and project team owners get OWNER access.", + "Object owner gets OWNER access, and project team owners get READER access.", + "Object owner gets OWNER access.", + "Object owner gets OWNER access, and project team members get access according to their roles.", + "Object owner gets OWNER access, and allUsers get READER access." + ], + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to full.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + } + }, + "parameterOrder": [ + "bucket", + "object" + ], + "request": { + "$ref": "Object" + }, + "response": { + "$ref": "Object" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/devstorage.full_control" + ], + "supportsMediaDownload": true, + "useMediaDownloadService": true + }, + "watchAll": { + "id": "storage.objects.watchAll", + "path": "b/{bucket}/o/watch", + "httpMethod": "POST", + "description": "Watch for changes on all objects in a bucket.", + "parameters": { + "bucket": { + "type": "string", + "description": "Name of the bucket in which to look for objects.", + "required": true, + "location": "path" + }, + "delimiter": { + "type": "string", + "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.", + "location": "query" + }, + "maxResults": { + "type": "integer", + "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.", + "default": "1000", + "format": "uint32", + "minimum": "0", + "location": "query" + }, + "pageToken": { + "type": "string", + "description": "A previously-returned page token representing part of the larger set of results to view.", + "location": "query" + }, + "prefix": { + "type": "string", + "description": "Filter results to objects whose names begin with this prefix.", + "location": "query" + }, + "projection": { + "type": "string", + "description": "Set of properties to return. Defaults to noAcl.", + "enum": [ + "full", + "noAcl" + ], + "enumDescriptions": [ + "Include all properties.", + "Omit the owner, acl property." + ], + "location": "query" + }, + "versions": { + "type": "boolean", + "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.", + "location": "query" + } + }, + "parameterOrder": [ + "bucket" + ], + "request": { + "$ref": "Channel", + "parameterName": "resource" + }, + "response": { + "$ref": "Channel" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloud-platform.read-only", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/devstorage.read_write" + ], + "supportsSubscription": true + } } - }, - "parameterOrder": [ - "bucket" - ], - "request": { - "$ref": "Channel", - "parameterName": "resource" - }, - "response": { - "$ref": "Channel" - }, - "scopes": [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloud-platform.read-only", - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/devstorage.read_write" - ], - "supportsSubscription": true } - } } - } } diff --git a/src/Storage/Iam.php b/src/Storage/Iam.php new file mode 100644 index 000000000000..6a1134429704 --- /dev/null +++ b/src/Storage/Iam.php @@ -0,0 +1,126 @@ +resourceArgs = $resourceArgs; + + parent::__construct($connection, $resource); + } + + /** + * Google Cloud Storage uses a different IAM implementation than other APIs + * such as Pub/Sub and Spanner. This method overrides the default setPolicy + * API call to provide a storage-compatible request. + * + * For the benefit of users with experience using Google Cloud PHP, Storage + * IAM in GCP is formatted to match the resources used by other IAM + * implementors. + * + * @param array $policy The IAM Policy as an array. Must have a `bindings` + * key which is of the correct format. + * @param array $options Configuration Options + * @return array + */ + protected function sendSetPolicyRequest(array $policy, array $options) + { + $args = [ + 'kind' => self::KIND, + 'bindings' => $policy['bindings'], + 'resourceId' => $this->resourceId() + ] + $this->resourceArgs + $options; + + return $this->connection->setPolicy($args); + } + + /** + * Google Cloud Storage uses a different IAM implementation than other APIs + * such as Pub/Sub and Spanner. This method overrides the default getPolicy + * API call to provide a storage-compatible request. + * + * @param array $options Configuration Options + * @return array + */ + protected function sendGetPolicyRequest(array $options) + { + return $this->connection->getPolicy($this->resourceArgs + $options); + } + + /** + * Google Cloud Storage uses a different IAM implementation than other APIs + * such as Pub/Sub and Spanner. This method overrides the default + * testPermissions API call to provide a storage-compatible request. + * + * @param array $permissions The permissions to test. + * @param array $options Configuration Options + * @return array + */ + protected function sendTestPermissionsRequest(array $permissions, array $options) + { + return $this->connection->testPermissions([ + 'permissions' => $permissions + ] + $this->resourceArgs + $options); + } + + /** + * Creates a resource ID to identify the resource which is being targeted. + * For Buckets, the return will be of format `buckets/`. For + * objects, the return will be of format `buckets//objects/`. + * + * The template is filled based on the value of `$resourceArgs` provided in + * the class constructor. + * + * @return string + */ + private function resourceId() + { + $args = $this->resourceArgs; + if (isset($args['object'])) { + return sprintf(self::OBJECT_IAM_RESOURCE, $args['bucket'], $args['object']); + } + + return sprintf(self::BUCKET_IAM_RESOURCE, $args['bucket']); + } +} diff --git a/src/Storage/StorageObject.php b/src/Storage/StorageObject.php index ab41c74289b3..717b19e1e81d 100644 --- a/src/Storage/StorageObject.php +++ b/src/Storage/StorageObject.php @@ -19,6 +19,7 @@ use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Storage\Connection\ConnectionInterface; +use Google\Cloud\Storage\Connection\IamObject; use GuzzleHttp\Psr7; use Psr\Http\Message\StreamInterface; @@ -64,6 +65,11 @@ class StorageObject */ private $info; + /** + * @var Iam + */ + private $iam; + /** * @param ConnectionInterface $connection Represents a connection to Cloud * Storage. @@ -779,6 +785,41 @@ public function gcsUri() ); } + /** + * Manage the IAM policy for the current Object. + * + * Example: + * ``` + * $iam = $object->iam(); + * ``` + * + * @codingStandardsIgnoreStart + * @see https://cloud.google.com/storage/docs/access-control/iam-with-json-and-xml Storage Access Control Documentation + * @see https://cloud.google.com/storage/docs/json_api/v1/objects/getIamPolicy Get Object IAM Policy + * @see https://cloud.google.com/storage/docs/json_api/v1/objects/setIamPolicy Set Object IAM Policy + * @see https://cloud.google.com/storage/docs/json_api/v1/objects/testIamPermissions Test Object Permissions + * @codingStandardsIgnoreEnd + * + * @return Iam + */ + public function iam() + { + if (!$this->iam) { + $iamConnection = new IamObject($this->connection); + $this->iam = new Iam( + $iamConnection, + $this->name(), + [ + 'bucket' => $this->identity['bucket'], + 'object' => $this->identity['object'] + ], + 'bucket' + ); + } + + return $this->iam; + } + /** * Formats a destination based request, such as copy or rewrite. * diff --git a/tests/unit/Core/Iam/IamTest.php b/tests/unit/Core/Iam/IamTest.php index 58d9218a3469..5a74c8827fc5 100644 --- a/tests/unit/Core/Iam/IamTest.php +++ b/tests/unit/Core/Iam/IamTest.php @@ -19,6 +19,7 @@ use Google\Cloud\Core\Iam\Iam; use Google\Cloud\Core\Iam\IamConnectionInterface; +use Google\Cloud\Core\Iam\PolicyBuilder; use Prophecy\Argument; /** @@ -83,6 +84,31 @@ public function testSetPolicy() $this->assertEquals($iam->policy(), $policies[1]); } + public function testSetPolicyWithPolicyBuilder() + { + $policies = $this->policies(); + + $pb = $this->prophesize(PolicyBuilder::class); + $pb->result()->willReturn($policies[1]); + + $this->connection->setPolicy(Argument::withEntry('policy', $policies[1])) + ->willReturn($policies[1]); + + $iam = new Iam($this->connection->reveal(), self::RESOURCE); + $res = $iam->setPolicy($pb->reveal()); + + $this->assertEquals($policies[1], $res); + } + + /** + * @expectedException BadMethodCallException + */ + public function testSetPolicyWithInvalidPolicy() + { + $iam = new Iam($this->connection->reveal(), self::RESOURCE); + $res = $iam->setPolicy('foo'); + } + public function testTestPermissions() { $permissions = [ diff --git a/tests/unit/Core/Iam/PolicyBuilderTest.php b/tests/unit/Core/Iam/PolicyBuilderTest.php index e271bae45923..3b3c3ec6a40d 100644 --- a/tests/unit/Core/Iam/PolicyBuilderTest.php +++ b/tests/unit/Core/Iam/PolicyBuilderTest.php @@ -69,17 +69,6 @@ public function testInvalidPolicy() $builder = new PolicyBuilder($policy); } - /** - * @expectedException InvalidArgumentException - */ - public function testInvalidMember() - { - $builder = new PolicyBuilder; - $builder->addBinding('test', [ - 'test@test.com' - ]); - } - public function testSetBindings() { $role = 'test'; diff --git a/tests/unit/Core/RequestBuilderTest.php b/tests/unit/Core/RequestBuilderTest.php index 7d7d8ce66497..fbabb5e7d3ae 100644 --- a/tests/unit/Core/RequestBuilderTest.php +++ b/tests/unit/Core/RequestBuilderTest.php @@ -38,14 +38,15 @@ public function testBuildsRequest() $parameters = [ 'queryParam' => 'query', 'pathParam' => 'path', - 'referenceProp' => 'reference' + 'referenceProp' => 'reference', + 'repeatedParam' => ['foo','bar'] ]; $request = $this->builder->build('myResource', 'myMethod', $parameters); $uri = $request->getUri(); $this->assertEquals('/path', $uri->getPath()); - $this->assertEquals('queryParam=query', $uri->getQuery()); + $this->assertEquals('queryParam=query&repeatedParam=foo&repeatedParam=bar', $uri->getQuery()); $this->assertEquals('{"referenceProp":"reference"}', (string) $request->getBody()); } diff --git a/tests/unit/Storage/BucketTest.php b/tests/unit/Storage/BucketTest.php index 2860989467ee..d8320117f11f 100644 --- a/tests/unit/Storage/BucketTest.php +++ b/tests/unit/Storage/BucketTest.php @@ -24,6 +24,7 @@ use Google\Cloud\Storage\Acl; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; +use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\StorageObject; use Prophecy\Argument; @@ -350,4 +351,16 @@ public function testIsWritableServerException() $bucket = new Bucket($this->connection->reveal(), $name = 'bucket'); $bucket->isWritable(); // raises exception } + + public function testIam() + { + $bucketInfo = [ + 'name' => 'bucket', + 'etag' => 'ABC', + 'kind' => 'storage#bucket' + ]; + $bucket = new Bucket($this->connection->reveal(), 'bucket', $bucketInfo); + + $this->assertInstanceOf(Iam::class, $bucket->iam()); + } } diff --git a/tests/unit/Storage/StorageObjectTest.php b/tests/unit/Storage/StorageObjectTest.php index 4befeecb9486..c40da8f7080c 100644 --- a/tests/unit/Storage/StorageObjectTest.php +++ b/tests/unit/Storage/StorageObjectTest.php @@ -18,8 +18,9 @@ namespace Google\Cloud\Tests\Unit\Storage; use Google\Cloud\Core\Exception\NotFoundException; -use Google\Cloud\Storage\Connection\ConnectionInterface; use Google\Cloud\Storage\Bucket; +use Google\Cloud\Storage\Connection\ConnectionInterface; +use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\StorageObject; use GuzzleHttp\Psr7; use Prophecy\Argument; @@ -519,4 +520,11 @@ public function testGetsGcsUri() $expectedUri = sprintf('gs://%s/%s', $bucketName, $name); $this->assertEquals($expectedUri, $object->gcsUri()); } + + public function testIam() + { + $object = new StorageObject($this->connection->reveal(), $name = 'object.txt', $bucketName = 'bucket'); + + $this->assertInstanceOf(Iam::class, $object->iam()); + } } diff --git a/tests/unit/fixtures/service-fixture.json b/tests/unit/fixtures/service-fixture.json index c4e31f0ddf4f..bb8478b867e3 100644 --- a/tests/unit/fixtures/service-fixture.json +++ b/tests/unit/fixtures/service-fixture.json @@ -24,6 +24,12 @@ "type": "string", "required": true, "location": "path" + }, + "repeatedParam": { + "type": "string", + "required": true, + "repeated": true, + "location": "query" } }, "request": { From 24147b3279ab5aa0621e700dc3d59a20544b3cca Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Fri, 24 Mar 2017 23:21:36 -0400 Subject: [PATCH 3/7] Implement IAM for GCS --- src/Core/Iam/Iam.php | 10 +- .../Connection/ConnectionInterface.php | 15 --- src/Storage/Connection/IamObject.php | 60 --------- src/Storage/Connection/Rest.php | 24 ---- src/Storage/Iam.php | 16 ++- src/Storage/StorageObject.php | 40 ------ tests/snippets/Core/Iam/IamTest.php | 2 +- tests/snippets/Storage/BucketTest.php | 18 ++- tests/snippets/Storage/StorageObjectTest.php | 1 + tests/system/Storage/ManageBucketsTest.php | 36 +++++ tests/unit/Core/Iam/IamTest.php | 2 +- .../PubSub/Connection/IamSubscriptionTest.php | 31 +++-- tests/unit/PubSub/Connection/IamTopicTest.php | 31 +++-- .../unit/Storage/Connection/IamBucketTest.php | 52 ++++++++ tests/unit/Storage/Connection/RestTest.php | 28 +++- tests/unit/Storage/IamTest.php | 123 ++++++++++++++++++ tests/unit/Storage/StorageObjectTest.php | 7 - 17 files changed, 309 insertions(+), 187 deletions(-) delete mode 100644 src/Storage/Connection/IamObject.php create mode 100644 tests/unit/Storage/Connection/IamBucketTest.php create mode 100644 tests/unit/Storage/IamTest.php diff --git a/src/Core/Iam/Iam.php b/src/Core/Iam/Iam.php index e80083361c0b..03ee87b94d29 100644 --- a/src/Core/Iam/Iam.php +++ b/src/Core/Iam/Iam.php @@ -146,11 +146,17 @@ public function setPolicy($policy, array $options = []) * * @param array $permissions A list of permissions to test * @param array $options Configuration Options - * @return array A subset of $permissions, with only those allowed included. + * @return array|null A subset of $permissions, with only those allowed + * included, or null. */ public function testPermissions(array $permissions, array $options = []) { - return $this->sendTestPermissionsRequest($permissions, $options); + $res = $this->sendTestPermissionsRequest($permissions, $options); + if (isset($res['permissions'])) { + return $res['permissions']; + } + + return null; } /** diff --git a/src/Storage/Connection/ConnectionInterface.php b/src/Storage/Connection/ConnectionInterface.php index 0662c5e7cea8..b3e67212e85b 100644 --- a/src/Storage/Connection/ConnectionInterface.php +++ b/src/Storage/Connection/ConnectionInterface.php @@ -132,19 +132,4 @@ public function downloadObject(array $args = []); * @param array $args */ public function insertObject(array $args = []); - - /** - * @param array $args - */ - public function getObjectIamPolicy(array $args); - - /** - * @param array $args - */ - public function setObjectIamPolicy(array $args); - - /** - * @param array $args - */ - public function testObjectIamPermissions(array $args); } diff --git a/src/Storage/Connection/IamObject.php b/src/Storage/Connection/IamObject.php deleted file mode 100644 index 7469620ff74d..000000000000 --- a/src/Storage/Connection/IamObject.php +++ /dev/null @@ -1,60 +0,0 @@ -connection = $connection; - } - - /** - * @param array $args - */ - public function getPolicy(array $args) - { - return $this->connection->getObjectIamPolicy($args); - } - - /** - * @param array $args - */ - public function setPolicy(array $args) - { - return $this->connection->setObjectIamPolicy($args); - } - - /** - * @param array $args - */ - public function testPermissions(array $args) - { - return $this->connection->testObjectIamPermissions($args); - } -} diff --git a/src/Storage/Connection/Rest.php b/src/Storage/Connection/Rest.php index 51fa4c5b4282..7dae6370daa9 100644 --- a/src/Storage/Connection/Rest.php +++ b/src/Storage/Connection/Rest.php @@ -334,28 +334,4 @@ public function testBucketIamPermissions(array $args) { return $this->send('buckets', 'testIamPermissions', $args); } - - /** - * @param array $args - */ - public function getObjectIamPolicy(array $args) - { - return $this->send('objects', 'getIamPolicy', $args); - } - - /** - * @param array $args - */ - public function setObjectIamPolicy(array $args) - { - return $this->send('objects', 'setIamPolicy', $args); - } - - /** - * @param array $args - */ - public function testObjectIamPermissions(array $args) - { - return $this->send('objects', 'testIamPermissions', $args); - } } diff --git a/src/Storage/Iam.php b/src/Storage/Iam.php index 6a1134429704..1c7a076b927f 100644 --- a/src/Storage/Iam.php +++ b/src/Storage/Iam.php @@ -21,7 +21,9 @@ use Google\Cloud\Core\Iam\IamConnectionInterface; /** - * IAM implementation for Google Cloud Storage + * IAM implementation for Google Cloud Storage. + * + * For usage, see {@see Google\Cloud\Core\Iam\Iam}. * * @see https://cloud.google.com/storage/docs/access-control/iam-with-json-and-xml IAM with JSON and XML */ @@ -35,9 +37,11 @@ class Iam extends IamBase private $resourceArgs; /** - * @param IamConnectionInterface $connection - * @param string $resource - * @param string $resourceArgumentName + * @param IamConnectionInterface $connection A connection to the GCS IAM API. + * @param string $resource The resource managed by this IAM instance. + * @param string $resourceArgs An array, containing a key named `bucket`, + * and optionally a key named 'object' referring to the bucket or + * storage object managed by this instance. * @access private */ public function __construct( @@ -66,6 +70,10 @@ public function __construct( */ protected function sendSetPolicyRequest(array $policy, array $options) { + if (!isset($policy['bindings'])) { + throw new \BadMethodCallException('Policy must supply bindings.'); + } + $args = [ 'kind' => self::KIND, 'bindings' => $policy['bindings'], diff --git a/src/Storage/StorageObject.php b/src/Storage/StorageObject.php index 717b19e1e81d..932c63a86563 100644 --- a/src/Storage/StorageObject.php +++ b/src/Storage/StorageObject.php @@ -65,11 +65,6 @@ class StorageObject */ private $info; - /** - * @var Iam - */ - private $iam; - /** * @param ConnectionInterface $connection Represents a connection to Cloud * Storage. @@ -785,41 +780,6 @@ public function gcsUri() ); } - /** - * Manage the IAM policy for the current Object. - * - * Example: - * ``` - * $iam = $object->iam(); - * ``` - * - * @codingStandardsIgnoreStart - * @see https://cloud.google.com/storage/docs/access-control/iam-with-json-and-xml Storage Access Control Documentation - * @see https://cloud.google.com/storage/docs/json_api/v1/objects/getIamPolicy Get Object IAM Policy - * @see https://cloud.google.com/storage/docs/json_api/v1/objects/setIamPolicy Set Object IAM Policy - * @see https://cloud.google.com/storage/docs/json_api/v1/objects/testIamPermissions Test Object Permissions - * @codingStandardsIgnoreEnd - * - * @return Iam - */ - public function iam() - { - if (!$this->iam) { - $iamConnection = new IamObject($this->connection); - $this->iam = new Iam( - $iamConnection, - $this->name(), - [ - 'bucket' => $this->identity['bucket'], - 'object' => $this->identity['object'] - ], - 'bucket' - ); - } - - return $this->iam; - } - /** * Formats a destination based request, such as copy or rewrite. * diff --git a/tests/snippets/Core/Iam/IamTest.php b/tests/snippets/Core/Iam/IamTest.php index de025c4b774e..efec040851ed 100644 --- a/tests/snippets/Core/Iam/IamTest.php +++ b/tests/snippets/Core/Iam/IamTest.php @@ -114,7 +114,7 @@ public function testTestPermissions() 'resource' => $this->resource ]) ->shouldBeCalled() - ->willReturn($permissions); + ->willReturn(['permissions' => $permissions]); $this->iam->setConnection($this->connection->reveal()); diff --git a/tests/snippets/Storage/BucketTest.php b/tests/snippets/Storage/BucketTest.php index 4731dea3be3a..add354b3b8d7 100644 --- a/tests/snippets/Storage/BucketTest.php +++ b/tests/snippets/Storage/BucketTest.php @@ -17,16 +17,17 @@ namespace Google\Cloud\Tests\Snippets\Storage; -use Google\Cloud\Dev\Snippet\SnippetTestCase; use Google\Cloud\Core\Exception\GoogleException; +use Google\Cloud\Core\Upload\MultipartUploader; +use Google\Cloud\Core\Upload\ResumableUploader; +use Google\Cloud\Core\Upload\StreamableUploader; +use Google\Cloud\Dev\Snippet\SnippetTestCase; use Google\Cloud\Storage\Acl; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; +use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\ObjectIterator; use Google\Cloud\Storage\StorageObject; -use Google\Cloud\Core\Upload\MultipartUploader; -use Google\Cloud\Core\Upload\ResumableUploader; -use Google\Cloud\Core\Upload\StreamableUploader; use Prophecy\Argument; /** @@ -369,4 +370,13 @@ public function testName() $res = $snippet->invoke(); $this->assertEquals(self::BUCKET, $res->output()); } + + public function testIam() + { + $snippet = $this->snippetFromMethod(Bucket::class, 'iam'); + $snippet->addLocal('bucket', $this->bucket); + + $res = $snippet->invoke('iam'); + $this->assertInstanceOf(Iam::class, $res->returnVal()); + } } diff --git a/tests/snippets/Storage/StorageObjectTest.php b/tests/snippets/Storage/StorageObjectTest.php index 0cd7f6e5fdd6..b9a31373b37c 100644 --- a/tests/snippets/Storage/StorageObjectTest.php +++ b/tests/snippets/Storage/StorageObjectTest.php @@ -21,6 +21,7 @@ use Google\Cloud\Storage\Acl; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; +use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\StorageClient; use Google\Cloud\Storage\StorageObject; use Prophecy\Argument; diff --git a/tests/system/Storage/ManageBucketsTest.php b/tests/system/Storage/ManageBucketsTest.php index 8faf3e2b6883..001539118604 100644 --- a/tests/system/Storage/ManageBucketsTest.php +++ b/tests/system/Storage/ManageBucketsTest.php @@ -86,4 +86,40 @@ public function testReloadBucket() { $this->assertEquals('storage#bucket', self::$bucket->reload()['kind']); } + + /** + * @group storageiam + */ + public function testIam() + { + $iam = self::$bucket->iam(); + $policy = $iam->policy(); + + // pop the version off the resourceId to make the assertion below more robust. + $resourceId = explode('#', $policy['resourceId'])[0]; + + $bucketName = self::$bucket->name(); + $this->assertEquals($resourceId, sprintf('buckets/%s', $bucketName)); + + $role = 'roles/storage.admin'; + + $policy['bindings'][] = [ + 'role' => $role, + 'members' => ['projectOwner:gcloud-php-integration-tests'] + ]; + + $iam->setPolicy($policy); + + $policy = $iam->reload(); + + $newBinding = array_filter($policy['bindings'], function ($binding) use ($role) { + return ($binding['role'] === $role); + }); + + $this->assertEquals(1, count($newBinding)); + + $permissions = ['storage.buckets.get']; + $test = $iam->testPermissions($permissions); + $this->assertEquals($permissions, $test); + } } diff --git a/tests/unit/Core/Iam/IamTest.php b/tests/unit/Core/Iam/IamTest.php index 5a74c8827fc5..cdd435d1ff06 100644 --- a/tests/unit/Core/Iam/IamTest.php +++ b/tests/unit/Core/Iam/IamTest.php @@ -116,7 +116,7 @@ public function testTestPermissions() ]; $this->connection->testPermissions(Argument::withEntry('permissions', $permissions)) - ->willReturn($permissions); + ->willReturn(['permissions' => $permissions]); $iam = new Iam($this->connection->reveal(), self::RESOURCE); $this->assertEquals($permissions, $iam->testPermissions($permissions)); diff --git a/tests/unit/PubSub/Connection/IamSubscriptionTest.php b/tests/unit/PubSub/Connection/IamSubscriptionTest.php index cb7cfc6aa910..9d3271a76430 100644 --- a/tests/unit/PubSub/Connection/IamSubscriptionTest.php +++ b/tests/unit/PubSub/Connection/IamSubscriptionTest.php @@ -26,25 +26,28 @@ */ class IamSubscriptionTest extends \PHPUnit_Framework_TestCase { - public function testProxies() + /** + * @dataProvider methodProvider + */ + public function testProxies($methodName, $proxyName, $args) { $connection = $this->prophesize(ConnectionInterface::class); - $connection->getSubscriptionIamPolicy(Argument::withEntry('foo', 'bar')) - ->willReturn('test') + $connection->$proxyName($args) + ->willReturn($args) ->shouldBeCalledTimes(1); - $connection->setSubscriptionIamPolicy(Argument::withEntry('foo', 'bar')) - ->willReturn('test') - ->shouldBeCalledTimes(1); - - $connection->testSubscriptionIamPermissions(Argument::withEntry('foo', 'bar')) - ->willReturn('test') - ->shouldBeCalledTimes(1); + $iam = new IamSubscription($connection->reveal()); - $iamSubscription = new IamSubscription($connection->reveal()); + $this->assertEquals($args, $iam->$methodName($args)); + } - $this->assertEquals('test', $iamSubscription->getPolicy(['foo' => 'bar'])); - $this->assertEquals('test', $iamSubscription->setPolicy(['foo' => 'bar'])); - $this->assertEquals('test', $iamSubscription->testPermissions(['foo' => 'bar'])); + public function methodProvider() + { + $args = ['foo' => 'bar']; + return [ + ['getPolicy', 'getSubscriptionIamPolicy', $args], + ['setPolicy', 'setSubscriptionIamPolicy', $args], + ['testPermissions', 'testSubscriptionIamPermissions', $args], + ]; } } diff --git a/tests/unit/PubSub/Connection/IamTopicTest.php b/tests/unit/PubSub/Connection/IamTopicTest.php index 1f751d5e18ad..e9cc927a9d90 100644 --- a/tests/unit/PubSub/Connection/IamTopicTest.php +++ b/tests/unit/PubSub/Connection/IamTopicTest.php @@ -26,25 +26,28 @@ */ class IamTopicTest extends \PHPUnit_Framework_TestCase { - public function testProxies() + /** + * @dataProvider methodProvider + */ + public function testProxies($methodName, $proxyName, $args) { $connection = $this->prophesize(ConnectionInterface::class); - $connection->getTopicIamPolicy(Argument::withEntry('foo', 'bar')) - ->willReturn('test') - ->shouldBeCalledTimes(1); - - $connection->setTopicIamPolicy(Argument::withEntry('foo', 'bar')) - ->willReturn('test') - ->shouldBeCalledTimes(1); - - $connection->testTopicIamPermissions(Argument::withEntry('foo', 'bar')) - ->willReturn('test') + $connection->$proxyName($args) + ->willReturn($args) ->shouldBeCalledTimes(1); $iamTopic = new IamTopic($connection->reveal()); - $this->assertEquals('test', $iamTopic->getPolicy(['foo' => 'bar'])); - $this->assertEquals('test', $iamTopic->setPolicy(['foo' => 'bar'])); - $this->assertEquals('test', $iamTopic->testPermissions(['foo' => 'bar'])); + $this->assertEquals($args, $iamTopic->$methodName($args)); + } + + public function methodProvider() + { + $args = ['foo' => 'bar']; + return [ + ['getPolicy', 'getTopicIamPolicy', $args], + ['setPolicy', 'setTopicIamPolicy', $args], + ['testPermissions', 'testTopicIamPermissions', $args], + ]; } } diff --git a/tests/unit/Storage/Connection/IamBucketTest.php b/tests/unit/Storage/Connection/IamBucketTest.php new file mode 100644 index 000000000000..27aed3c4ebbd --- /dev/null +++ b/tests/unit/Storage/Connection/IamBucketTest.php @@ -0,0 +1,52 @@ +prophesize(ConnectionInterface::class); + $connection->$proxyName($args) + ->willReturn($args) + ->shouldBeCalledTimes(1); + + $iam = new IamBucket($connection->reveal()); + + $this->assertEquals($args, $iam->$methodName($args)); + } + + public function methodProvider() + { + $args = ['foo' => 'bar']; + return [ + ['getPolicy', 'getBucketIamPolicy', $args], + ['setPolicy', 'setBucketIamPolicy', $args], + ['testPermissions', 'testBucketIamPermissions', $args], + ]; + } +} diff --git a/tests/unit/Storage/Connection/RestTest.php b/tests/unit/Storage/Connection/RestTest.php index d3c1813a93f4..8e662a7ed9e4 100644 --- a/tests/unit/Storage/Connection/RestTest.php +++ b/tests/unit/Storage/Connection/RestTest.php @@ -21,6 +21,7 @@ use Google\Cloud\Core\RequestWrapper; use Google\Cloud\Core\Upload\MultipartUploader; use Google\Cloud\Core\Upload\ResumableUploader; +use Google\Cloud\Core\Upload\StreamableUploader; use Google\Cloud\Storage\Connection\Rest; use Google\Cloud\Storage\StorageClient; use GuzzleHttp\Psr7; @@ -96,7 +97,10 @@ public function methodProvider() ['listObjects'], ['patchObject'], ['rewriteObject'], - ['composeObject'] + ['composeObject'], + ['getBucketIamPolicy'], + ['setBucketIamPolicy'], + ['testBucketIamPermissions'], ]; } @@ -228,6 +232,28 @@ public function insertObjectProvider() 'here' => 'wego' ] ] + ], + [ + [ + 'data' => 'abcdefg', + 'name' => 'file.ext', + 'streamable' => true, + 'validate' => false, + 'metadata' => [ + 'contentType' => 'text/plain', + 'metadata' => [ + 'here' => 'wego' + ] + ] + ], + StreamableUploader::class, + 'text/plain', + [ + 'name' => 'file.ext', + 'metadata' => [ + 'here' => 'wego' + ] + ] ] ]; } diff --git a/tests/unit/Storage/IamTest.php b/tests/unit/Storage/IamTest.php new file mode 100644 index 000000000000..a73d969c648b --- /dev/null +++ b/tests/unit/Storage/IamTest.php @@ -0,0 +1,123 @@ + 'bar']; + + public function setUp() + { + $this->resourceArgs = ['bucket' => self::BUCKET, 'object' => self::OBJECT]; + $this->connection = $this->prophesize(IamConnectionInterface::class); + } + + public function testSetPolicy() + { + $this->connection->setPolicy([ + 'kind' => 'storage#policy', + 'bindings' => [], + 'resourceId' => sprintf('buckets/%s/objects/%s', self::BUCKET, self::OBJECT), + 'bucket' => self::BUCKET, + 'object' => self::OBJECT, + ])->shouldBeCalled()->willReturn($this->return); + + $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); + $res = $iam->setPolicy(['bindings' => []]); + + $this->assertEquals($this->return, $res); + } + + public function testSetObjectPolicy() + { + $this->connection->setPolicy([ + 'kind' => 'storage#policy', + 'bindings' => [], + 'resourceId' => sprintf('buckets/%s', self::BUCKET), + 'bucket' => self::BUCKET, + ])->shouldBeCalled()->willReturn($this->return); + + $args = $this->resourceArgs; + unset($args['object']); + $iam = $this->createStub($this->connection->reveal(), $args); + $res = $iam->setPolicy(['bindings' => []]); + + $this->assertEquals($this->return, $res); + } + + /** + * @expectedException BadMethodCallException + */ + public function testSetPolicyMissingBindings() + { + $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); + $iam->setPolicy([]); + } + + public function testGetPolicy() + { + $this->connection->getPolicy([ + 'bucket' => self::BUCKET, + 'object' => self::OBJECT + ])->shouldBeCalled()->willReturn($this->return); + + $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); + $res = $iam->policy(); + + $this->assertEquals($this->return, $res); + } + + public function testTestPermissions() + { + $permissions = ['foo', 'bar']; + $this->connection->testPermissions([ + 'permissions' => $permissions, + 'bucket' => self::BUCKET, + 'object' => self::OBJECT + ])->shouldBeCalled()->willReturn(['permissions' => $this->return]); + + $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); + $res = $iam->testPermissions($permissions); + + $this->assertEquals($this->return, $res); + } + + private function createStub($connection, array $resourceArgs) + { + return new Iam( + $this->connection->reveal(), + self::RESOURCE, + $resourceArgs + ); + } +} diff --git a/tests/unit/Storage/StorageObjectTest.php b/tests/unit/Storage/StorageObjectTest.php index c40da8f7080c..34fdd5117ef0 100644 --- a/tests/unit/Storage/StorageObjectTest.php +++ b/tests/unit/Storage/StorageObjectTest.php @@ -520,11 +520,4 @@ public function testGetsGcsUri() $expectedUri = sprintf('gs://%s/%s', $bucketName, $name); $this->assertEquals($expectedUri, $object->gcsUri()); } - - public function testIam() - { - $object = new StorageObject($this->connection->reveal(), $name = 'object.txt', $bucketName = 'bucket'); - - $this->assertInstanceOf(Iam::class, $object->iam()); - } } From b0912bd8fe486e0530f558b37849327280bc4f68 Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Fri, 24 Mar 2017 23:45:45 -0400 Subject: [PATCH 4/7] Fix docs errors --- src/Core/Iam/Iam.php | 5 +---- src/Storage/Connection/IamBucket.php | 3 +++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Core/Iam/Iam.php b/src/Core/Iam/Iam.php index 03ee87b94d29..c640f28c355f 100644 --- a/src/Core/Iam/Iam.php +++ b/src/Core/Iam/Iam.php @@ -23,9 +23,6 @@ * This class is not meant to be used directly. It should be accessed * through other objects which support IAM. * - * Note that examples make use of the PubSub API, and the - * {@see Google\Cloud\PubSub\Topic} class. - * * Policies can be created using the {@see Google\Cloud\Core\Iam\PolicyBuilder} * to help ensure their validity. * @@ -110,7 +107,7 @@ public function policy(array $options = []) * ``` * * @param array|PolicyBuilder $policy The new policy, as an array or an - * instance of {@see Google\Cloud\Core\PolicyBuilder}. + * instance of {@see Google\Cloud\Core\Iam\PolicyBuilder}. * @param array $options Configuration Options * @return array An array of policy data * @throws BadMethodCallException If the given policy is not an array or PolicyBuilder. diff --git a/src/Storage/Connection/IamBucket.php b/src/Storage/Connection/IamBucket.php index 27cc23a3cb13..beb8fc2c43b1 100644 --- a/src/Storage/Connection/IamBucket.php +++ b/src/Storage/Connection/IamBucket.php @@ -19,6 +19,9 @@ use Google\Cloud\Core\Iam\IamConnectionInterface; +/** + * IAM Implementation for GCS Buckets + */ class IamBucket implements IamConnectionInterface { /** From a313e8bb8e4e0f683f1fabb94c3e5cdec5b7e390 Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Mon, 27 Mar 2017 11:23:43 -0400 Subject: [PATCH 5/7] Remove null from testPermissions --- src/Core/Iam/Iam.php | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/Core/Iam/Iam.php b/src/Core/Iam/Iam.php index c640f28c355f..c7a889f6f77f 100644 --- a/src/Core/Iam/Iam.php +++ b/src/Core/Iam/Iam.php @@ -143,17 +143,12 @@ public function setPolicy($policy, array $options = []) * * @param array $permissions A list of permissions to test * @param array $options Configuration Options - * @return array|null A subset of $permissions, with only those allowed - * included, or null. + * @return array A subset of $permissions, with only those allowed included. */ public function testPermissions(array $permissions, array $options = []) { $res = $this->sendTestPermissionsRequest($permissions, $options); - if (isset($res['permissions'])) { - return $res['permissions']; - } - - return null; + return (isset($res['permissions'])) ? $res['permissions'] : []; } /** From dd80af517649a1a5955bf636c3417a2664336195 Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Mon, 27 Mar 2017 12:17:44 -0400 Subject: [PATCH 6/7] Refactor IAM --- src/Core/Iam/Iam.php | 94 ++++++------- src/Storage/Bucket.php | 12 +- src/Storage/Connection/IamBucket.php | 2 + src/Storage/Iam.php | 134 ------------------- src/Storage/StorageObject.php | 1 - tests/snippets/Storage/BucketTest.php | 2 +- tests/snippets/Storage/StorageObjectTest.php | 1 - tests/unit/Storage/BucketTest.php | 2 +- tests/unit/Storage/IamTest.php | 123 ----------------- tests/unit/Storage/StorageObjectTest.php | 1 - 10 files changed, 54 insertions(+), 318 deletions(-) delete mode 100644 src/Storage/Iam.php delete mode 100644 tests/unit/Storage/IamTest.php diff --git a/src/Core/Iam/Iam.php b/src/Core/Iam/Iam.php index c7a889f6f77f..c3458e09c152 100644 --- a/src/Core/Iam/Iam.php +++ b/src/Core/Iam/Iam.php @@ -45,27 +45,47 @@ class Iam /** * @var IamConnectionInterface */ - protected $connection; + private $connection; /** * @var string */ - protected $resource; + private $resource; /** * @var array */ - protected $policy; + private $policy; + + /** + * @var array + */ + private $args; /** * @param IamConnectionInterface $connection * @param string $resource + * @param array $options [optional] { + * Configuration Options + * + * @type string|null $parent The parent request parameter for the policy. + * If set, policy data will be sent as `request.{$parent}`. + * Otherwise, policy will be sent in request root. **Defaults to** + * `policy`. + * @type array $args Arbitrary data to be sent with the request. + * } * @access private */ - public function __construct(IamConnectionInterface $connection, $resource) + public function __construct(IamConnectionInterface $connection, $resource, array $options = []) { + $options += [ + 'parent' => 'policy', + 'args' => [] + ]; + $this->connection = $connection; $this->resource = $resource; + $this->options = $options; } /** @@ -122,7 +142,17 @@ public function setPolicy($policy, array $options = []) throw new \BadMethodCallException('Given policy data must be an array or an instance of PolicyBuilder.'); } - return $this->policy = $this->sendSetPolicyRequest($policy, $options); + $request = []; + if ($this->options['parent']) { + $parent = $this->options['parent']; + $request[$parent] = $policy; + } else { + $request = $policy; + } + + return $this->policy = $this->connection->setPolicy([ + 'resource' => $this->resource + ] + $request + $options + $this->options['args']); } /** @@ -147,7 +177,11 @@ public function setPolicy($policy, array $options = []) */ public function testPermissions(array $permissions, array $options = []) { - $res = $this->sendTestPermissionsRequest($permissions, $options); + $res = $this->connection->testPermissions([ + 'permissions' => $permissions, + 'resource' => $this->resource + ] + $options + $this->options['args']); + return (isset($res['permissions'])) ? $res['permissions'] : []; } @@ -164,52 +198,8 @@ public function testPermissions(array $permissions, array $options = []) */ public function reload(array $options = []) { - return $this->policy = $this->sendGetPolicyRequest($options); - } - - /** - * For APIs with non-standard IAM APIs, implementing clients may extend this - * class and override this method. - * - * @param array $policy - * @param array $options - * @return array - */ - protected function sendSetPolicyRequest(array $policy, array $options) - { - return $this->connection->setPolicy($options + [ - 'policy' => $policy, - 'resource' => $this->resource - ]); - } - - /** - * For APIs with non-standard IAM APIs, implementing clients may extend this - * class and override this method. - * - * @param array $options - * @return array - */ - protected function sendGetPolicyRequest(array $options) - { - return $this->connection->getPolicy($options + [ - 'resource' => $this->resource - ]); - } - - /** - * For APIs with non-standard IAM APIs, implementing clients may extend this - * class and override this method. - * - * @param array $permissions - * @param array $options - * @return array - */ - protected function sendTestPermissionsRequest(array $permissions, array $options) - { - return $this->connection->testPermissions($options + [ - 'permissions' => $permissions, + return $this->policy = $this->connection->getPolicy([ 'resource' => $this->resource - ]); + ] + $options + $this->options['args']); } } diff --git a/src/Storage/Bucket.php b/src/Storage/Bucket.php index 978ced47efa1..1580471dce5b 100644 --- a/src/Storage/Bucket.php +++ b/src/Storage/Bucket.php @@ -20,6 +20,7 @@ use Google\Cloud\Core\ArrayTrait; use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Core\Exception\ServiceException; +use Google\Cloud\Core\Iam\Iam; use Google\Cloud\Core\Upload\ResumableUploader; use Google\Cloud\Core\Upload\StreamableUploader; use Google\Cloud\Storage\Connection\ConnectionInterface; @@ -798,12 +799,15 @@ public function isWritable($file = null) public function iam() { if (!$this->iam) { - $iamConnection = new IamBucket($this->connection); $this->iam = new Iam( - $iamConnection, + new IamBucket($this->connection), $this->identity['bucket'], - ['bucket' => $this->identity['bucket']], - 'bucket' + [ + 'parent' => null, + 'args' => [ + 'bucket' => $this->identity['bucket'] + ] + ] ); } diff --git a/src/Storage/Connection/IamBucket.php b/src/Storage/Connection/IamBucket.php index beb8fc2c43b1..b7b9b982931e 100644 --- a/src/Storage/Connection/IamBucket.php +++ b/src/Storage/Connection/IamBucket.php @@ -50,6 +50,7 @@ public function getPolicy(array $args) */ public function setPolicy(array $args) { + unset($args['resource']); return $this->connection->setBucketIamPolicy($args); } @@ -58,6 +59,7 @@ public function setPolicy(array $args) */ public function testPermissions(array $args) { + unset($args['resource']); return $this->connection->testBucketIamPermissions($args); } } diff --git a/src/Storage/Iam.php b/src/Storage/Iam.php deleted file mode 100644 index 1c7a076b927f..000000000000 --- a/src/Storage/Iam.php +++ /dev/null @@ -1,134 +0,0 @@ -resourceArgs = $resourceArgs; - - parent::__construct($connection, $resource); - } - - /** - * Google Cloud Storage uses a different IAM implementation than other APIs - * such as Pub/Sub and Spanner. This method overrides the default setPolicy - * API call to provide a storage-compatible request. - * - * For the benefit of users with experience using Google Cloud PHP, Storage - * IAM in GCP is formatted to match the resources used by other IAM - * implementors. - * - * @param array $policy The IAM Policy as an array. Must have a `bindings` - * key which is of the correct format. - * @param array $options Configuration Options - * @return array - */ - protected function sendSetPolicyRequest(array $policy, array $options) - { - if (!isset($policy['bindings'])) { - throw new \BadMethodCallException('Policy must supply bindings.'); - } - - $args = [ - 'kind' => self::KIND, - 'bindings' => $policy['bindings'], - 'resourceId' => $this->resourceId() - ] + $this->resourceArgs + $options; - - return $this->connection->setPolicy($args); - } - - /** - * Google Cloud Storage uses a different IAM implementation than other APIs - * such as Pub/Sub and Spanner. This method overrides the default getPolicy - * API call to provide a storage-compatible request. - * - * @param array $options Configuration Options - * @return array - */ - protected function sendGetPolicyRequest(array $options) - { - return $this->connection->getPolicy($this->resourceArgs + $options); - } - - /** - * Google Cloud Storage uses a different IAM implementation than other APIs - * such as Pub/Sub and Spanner. This method overrides the default - * testPermissions API call to provide a storage-compatible request. - * - * @param array $permissions The permissions to test. - * @param array $options Configuration Options - * @return array - */ - protected function sendTestPermissionsRequest(array $permissions, array $options) - { - return $this->connection->testPermissions([ - 'permissions' => $permissions - ] + $this->resourceArgs + $options); - } - - /** - * Creates a resource ID to identify the resource which is being targeted. - * For Buckets, the return will be of format `buckets/`. For - * objects, the return will be of format `buckets//objects/`. - * - * The template is filled based on the value of `$resourceArgs` provided in - * the class constructor. - * - * @return string - */ - private function resourceId() - { - $args = $this->resourceArgs; - if (isset($args['object'])) { - return sprintf(self::OBJECT_IAM_RESOURCE, $args['bucket'], $args['object']); - } - - return sprintf(self::BUCKET_IAM_RESOURCE, $args['bucket']); - } -} diff --git a/src/Storage/StorageObject.php b/src/Storage/StorageObject.php index 932c63a86563..ab41c74289b3 100644 --- a/src/Storage/StorageObject.php +++ b/src/Storage/StorageObject.php @@ -19,7 +19,6 @@ use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Storage\Connection\ConnectionInterface; -use Google\Cloud\Storage\Connection\IamObject; use GuzzleHttp\Psr7; use Psr\Http\Message\StreamInterface; diff --git a/tests/snippets/Storage/BucketTest.php b/tests/snippets/Storage/BucketTest.php index add354b3b8d7..5340699587ae 100644 --- a/tests/snippets/Storage/BucketTest.php +++ b/tests/snippets/Storage/BucketTest.php @@ -18,6 +18,7 @@ namespace Google\Cloud\Tests\Snippets\Storage; use Google\Cloud\Core\Exception\GoogleException; +use Google\Cloud\Core\Iam\Iam; use Google\Cloud\Core\Upload\MultipartUploader; use Google\Cloud\Core\Upload\ResumableUploader; use Google\Cloud\Core\Upload\StreamableUploader; @@ -25,7 +26,6 @@ use Google\Cloud\Storage\Acl; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; -use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\ObjectIterator; use Google\Cloud\Storage\StorageObject; use Prophecy\Argument; diff --git a/tests/snippets/Storage/StorageObjectTest.php b/tests/snippets/Storage/StorageObjectTest.php index b9a31373b37c..0cd7f6e5fdd6 100644 --- a/tests/snippets/Storage/StorageObjectTest.php +++ b/tests/snippets/Storage/StorageObjectTest.php @@ -21,7 +21,6 @@ use Google\Cloud\Storage\Acl; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; -use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\StorageClient; use Google\Cloud\Storage\StorageObject; use Prophecy\Argument; diff --git a/tests/unit/Storage/BucketTest.php b/tests/unit/Storage/BucketTest.php index d8320117f11f..1c3ff9ea1e32 100644 --- a/tests/unit/Storage/BucketTest.php +++ b/tests/unit/Storage/BucketTest.php @@ -20,11 +20,11 @@ use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Core\Exception\ServerException; use Google\Cloud\Core\Exception\ServiceException; +use Google\Cloud\Core\Iam\Iam; use Google\Cloud\Core\Upload\ResumableUploader; use Google\Cloud\Storage\Acl; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; -use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\StorageObject; use Prophecy\Argument; diff --git a/tests/unit/Storage/IamTest.php b/tests/unit/Storage/IamTest.php deleted file mode 100644 index a73d969c648b..000000000000 --- a/tests/unit/Storage/IamTest.php +++ /dev/null @@ -1,123 +0,0 @@ - 'bar']; - - public function setUp() - { - $this->resourceArgs = ['bucket' => self::BUCKET, 'object' => self::OBJECT]; - $this->connection = $this->prophesize(IamConnectionInterface::class); - } - - public function testSetPolicy() - { - $this->connection->setPolicy([ - 'kind' => 'storage#policy', - 'bindings' => [], - 'resourceId' => sprintf('buckets/%s/objects/%s', self::BUCKET, self::OBJECT), - 'bucket' => self::BUCKET, - 'object' => self::OBJECT, - ])->shouldBeCalled()->willReturn($this->return); - - $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); - $res = $iam->setPolicy(['bindings' => []]); - - $this->assertEquals($this->return, $res); - } - - public function testSetObjectPolicy() - { - $this->connection->setPolicy([ - 'kind' => 'storage#policy', - 'bindings' => [], - 'resourceId' => sprintf('buckets/%s', self::BUCKET), - 'bucket' => self::BUCKET, - ])->shouldBeCalled()->willReturn($this->return); - - $args = $this->resourceArgs; - unset($args['object']); - $iam = $this->createStub($this->connection->reveal(), $args); - $res = $iam->setPolicy(['bindings' => []]); - - $this->assertEquals($this->return, $res); - } - - /** - * @expectedException BadMethodCallException - */ - public function testSetPolicyMissingBindings() - { - $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); - $iam->setPolicy([]); - } - - public function testGetPolicy() - { - $this->connection->getPolicy([ - 'bucket' => self::BUCKET, - 'object' => self::OBJECT - ])->shouldBeCalled()->willReturn($this->return); - - $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); - $res = $iam->policy(); - - $this->assertEquals($this->return, $res); - } - - public function testTestPermissions() - { - $permissions = ['foo', 'bar']; - $this->connection->testPermissions([ - 'permissions' => $permissions, - 'bucket' => self::BUCKET, - 'object' => self::OBJECT - ])->shouldBeCalled()->willReturn(['permissions' => $this->return]); - - $iam = $this->createStub($this->connection->reveal(), $this->resourceArgs); - $res = $iam->testPermissions($permissions); - - $this->assertEquals($this->return, $res); - } - - private function createStub($connection, array $resourceArgs) - { - return new Iam( - $this->connection->reveal(), - self::RESOURCE, - $resourceArgs - ); - } -} diff --git a/tests/unit/Storage/StorageObjectTest.php b/tests/unit/Storage/StorageObjectTest.php index 34fdd5117ef0..c385a2c7dd5c 100644 --- a/tests/unit/Storage/StorageObjectTest.php +++ b/tests/unit/Storage/StorageObjectTest.php @@ -20,7 +20,6 @@ use Google\Cloud\Core\Exception\NotFoundException; use Google\Cloud\Storage\Bucket; use Google\Cloud\Storage\Connection\ConnectionInterface; -use Google\Cloud\Storage\Iam; use Google\Cloud\Storage\StorageObject; use GuzzleHttp\Psr7; use Prophecy\Argument; From 7ff0ed1b389fc604a5621d81128f30a05c7ddca7 Mon Sep 17 00:00:00 2001 From: jdpedrie Date: Mon, 27 Mar 2017 15:14:07 -0400 Subject: [PATCH 7/7] Address code review --- src/Core/Iam/Iam.php | 4 ++-- tests/unit/Core/Iam/IamTest.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Core/Iam/Iam.php b/src/Core/Iam/Iam.php index c3458e09c152..508f37e58b4f 100644 --- a/src/Core/Iam/Iam.php +++ b/src/Core/Iam/Iam.php @@ -130,7 +130,7 @@ public function policy(array $options = []) * instance of {@see Google\Cloud\Core\Iam\PolicyBuilder}. * @param array $options Configuration Options * @return array An array of policy data - * @throws BadMethodCallException If the given policy is not an array or PolicyBuilder. + * @throws \InvalidArgumentException If the given policy is not an array or PolicyBuilder. */ public function setPolicy($policy, array $options = []) { @@ -139,7 +139,7 @@ public function setPolicy($policy, array $options = []) } if (!is_array($policy)) { - throw new \BadMethodCallException('Given policy data must be an array or an instance of PolicyBuilder.'); + throw new \InvalidArgumentException('Given policy data must be an array or an instance of PolicyBuilder.'); } $request = []; diff --git a/tests/unit/Core/Iam/IamTest.php b/tests/unit/Core/Iam/IamTest.php index cdd435d1ff06..e0a601eb7198 100644 --- a/tests/unit/Core/Iam/IamTest.php +++ b/tests/unit/Core/Iam/IamTest.php @@ -101,7 +101,7 @@ public function testSetPolicyWithPolicyBuilder() } /** - * @expectedException BadMethodCallException + * @expectedException InvalidArgumentException */ public function testSetPolicyWithInvalidPolicy() {