@@ -755,12 +755,20 @@ def update!(**args)
755755 class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters
756756 include Google ::Apis ::Core ::Hashable
757757
758- # Optional. The filter used to request specific records from IdP. In case of
759- # attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to
760- # request specific groups for users from IdP. By default, all of the groups
761- # associated with the user are fetched. The groups should be mail enabled and
762- # security enabled. See https://learn.microsoft.com/en-us/graph/search-query-
763- # parameter for more details.
758+ # Optional. The filter used to request specific records from the IdP. By default,
759+ # all of the groups that are associated with a user are fetched. For Microsoft
760+ # Entra ID, you can add `$search` query parameters using [Keyword Query Language]
761+ # (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-
762+ # query-language-kql-syntax-reference). To learn more about `$search` querying
763+ # in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.
764+ # microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce
765+ # Identity Federation automatically adds the following [`$filter` query
766+ # parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter),
767+ # based on the value of `attributes_type`. Values passed to `filter` are
768+ # converted to `$search` query parameters. Additional `$filter` query parameters
769+ # cannot be added using this field. * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `
770+ # securityEnabled` filters are applied. * `AZURE_AD_GROUPS_ID`: `securityEnabled`
771+ # filter is applied.
764772 # Corresponds to the JSON property `filter`
765773 # @return [String]
766774 attr_accessor :filter
@@ -944,34 +952,35 @@ def update!(**args)
944952 class InlineCertificateIssuanceConfig
945953 include Google ::Apis ::Core ::Hashable
946954
947- # Optional. A required mapping of a cloud region to the CA pool resource located
948- # in that region used for certificate issuance, adhering to these constraints: *
949- # Key format: A supported cloud region name equivalent to the location
950- # identifier in the corresponding map entry's value. * Value format: A valid CA
951- # pool resource path format like: "projects/`project`/locations/`location `/
952- # caPools/`ca_pool`" * Region Matching: Workloads are ONLY issued certificates
953- # from CA pools within the same region. Also the CA pool region (in value) must
954- # match the workload's region (key).
955+ # Optional. A required mapping of a Google Cloud region to the CA pool resource
956+ # located in that region. The CA pool is used for certificate issuance, adhering
957+ # to the following constraints: * Key format: A supported cloud region name
958+ # equivalent to the location identifier in the corresponding map entry's value. *
959+ # Value format: A valid CA pool resource path format like: "projects/`project`/
960+ # locations/`location`/ caPools/`ca_pool`" * Region Matching: Workloads are ONLY
961+ # issued certificates from CA pools within the same region. Also the CA pool
962+ # region (in value) must match the workload's region (key).
955963 # Corresponds to the JSON property `caPools`
956964 # @return [Hash<String,String>]
957965 attr_accessor :ca_pools
958966
959967 # Optional. Key algorithm to use when generating the key pair. This key pair
960- # will be used to create the certificate. If unspecified , this will default to
968+ # will be used to create the certificate. If not specified , this will default to
961969 # ECDSA_P256.
962970 # Corresponds to the JSON property `keyAlgorithm`
963971 # @return [String]
964972 attr_accessor :key_algorithm
965973
966974 # Optional. Lifetime of the workload certificates issued by the CA pool. Must be
967- # between 10 hours - 30 days. If unspecified, this will be defaulted to 24 hours.
975+ # between 10 hours and 30 days. If not specified, this will be defaulted to 24
976+ # hours.
968977 # Corresponds to the JSON property `lifetime`
969978 # @return [String]
970979 attr_accessor :lifetime
971980
972981 # Optional. Rotation window percentage indicating when certificate rotation
973- # should be initiated based on remaining lifetime. Must be between 10 - 80. If
974- # unspecified , this will be defaulted to 50.
982+ # should be initiated based on remaining lifetime. Must be between 10 and 80. If
983+ # not specified , this will be defaulted to 50.
975984 # Corresponds to the JSON property `rotationWindowPercentage`
976985 # @return [Fixnum]
977986 attr_accessor :rotation_window_percentage
@@ -998,12 +1007,12 @@ class InlineTrustConfig
9981007 include Google ::Apis ::Core ::Hashable
9991008
10001009 # Optional. Maps specific trust domains (e.g., "example.com") to their
1001- # corresponding TrustStore objects , which contain the trusted root certificates
1002- # for that domain. There can be a maximum of 10 trust domain entries in this map.
1003- # Note that a trust domain automatically trusts itself and don't need to be
1004- # specified here. If however, this WorkloadIdentityPool's trust domain contains
1005- # any trust anchors in the additional_trust_bundles map, those trust anchors
1006- # will be * appended to* the Trust Bundle automatically derived from your
1010+ # corresponding TrustStore, which contain the trusted root certificates for that
1011+ # domain. There can be a maximum of 10 trust domain entries in this map. Note
1012+ # that a trust domain automatically trusts itself and don't need to be specified
1013+ # here. If however, this WorkloadIdentityPool's trust domain contains any trust
1014+ # anchors in the additional_trust_bundles map, those trust anchors will be *
1015+ # appended to* the trust bundle automatically derived from your
10071016 # InlineCertificateIssuanceConfig's ca_pools.
10081017 # Corresponds to the JSON property `additionalTrustBundles`
10091018 # @return [Hash<String,Google::Apis::IamV1::TrustStore>]
@@ -1717,10 +1726,10 @@ class Oidc
17171726 # @return [Array<String>]
17181727 attr_accessor :allowed_audiences
17191728
1720- # Required. The OIDC issuer URL. Must be an HTTPS endpoint. Used per OpenID
1721- # Connect Discovery 1.0 spec to locate the provider's public keys (via `jwks_uri`
1722- # ) for verifying tokens like the OIDC ID token. These public key types must be '
1723- # EC' or 'RSA'.
1729+ # Required. The OIDC issuer URL. Must be an HTTPS endpoint. Per OpenID Connect
1730+ # Discovery 1.0 spec, the OIDC issuer URL is used to locate the provider's
1731+ # public keys (via `jwks_uri` ) for verifying tokens like the OIDC ID token.
1732+ # These public key types must be ' EC' or 'RSA'.
17241733 # Corresponds to the JSON property `issuerUri`
17251734 # @return [String]
17261735 attr_accessor :issuer_uri
@@ -2173,9 +2182,9 @@ def update!(**args)
21732182 class QueryGrantableRolesRequest
21742183 include Google ::Apis ::Core ::Hashable
21752184
2176- # Required. The full resource name to query from the list of grantable roles.
2177- # The name follows the Google Cloud Platform resource format. For example, a
2178- # Cloud Platform project with id `my-project` will be named `//
2185+ # Required. Required. The full resource name to query from the list of grantable
2186+ # roles. The name follows the Google Cloud Platform resource format. For example,
2187+ # a Cloud Platform project with id `my-project` will be named `//
21792188 # cloudresourcemanager.googleapis.com/projects/my-project`.
21802189 # Corresponds to the JSON property `fullResourceName`
21812190 # @return [String]
@@ -2945,20 +2954,20 @@ def update!(**args)
29452954 end
29462955
29472956 # Trust store that contains trust anchors and optional intermediate CAs used in
2948- # PKI to build trust chain and verify client's identity.
2957+ # PKI to build trust chain and verify a client's identity.
29492958 class TrustStore
29502959 include Google ::Apis ::Core ::Hashable
29512960
29522961 # Optional. Set of intermediate CA certificates used for building the trust
2953- # chain to trust anchor. IMPORTANT: * Intermediate CAs are only supported when
2954- # configuring x509 federation.
2962+ # chain to the trust anchor. Important: Intermediate CAs are only supported for
2963+ # X.509 federation.
29552964 # Corresponds to the JSON property `intermediateCas`
29562965 # @return [Array<Google::Apis::IamV1::IntermediateCa>]
29572966 attr_accessor :intermediate_cas
29582967
2959- # Required. List of Trust Anchors to be used while performing validation against
2960- # a given TrustStore. The incoming end entity's certificate must be chained up
2961- # to one of the trust anchors here.
2968+ # Required. List of trust anchors to be used while performing validation against
2969+ # a given TrustStore. The incoming end entity's certificate must be in the trust
2970+ # chain of one of the trust anchors here.
29622971 # Corresponds to the JSON property `trustAnchors`
29632972 # @return [Array<Google::Apis::IamV1::TrustAnchor>]
29642973 attr_accessor :trust_anchors
@@ -3338,6 +3347,14 @@ class WorkforcePoolProvider
33383347 # @return [String]
33393348 attr_accessor :description
33403349
3350+ # Optional. If true, populates additional debug information in Cloud Audit Logs
3351+ # for this provider. Logged attribute mappings and values can be found in `sts.
3352+ # googleapis.com` data access logs. Default value is false.
3353+ # Corresponds to the JSON property `detailedAuditLogging`
3354+ # @return [Boolean]
3355+ attr_accessor :detailed_audit_logging
3356+ alias_method :detailed_audit_logging? , :detailed_audit_logging
3357+
33413358 # Optional. Disables the workforce pool provider. You cannot use a disabled
33423359 # provider to exchange tokens. However, existing tokens still grant access.
33433360 # Corresponds to the JSON property `disabled`
@@ -3396,6 +3413,7 @@ def update!(**args)
33963413 @attribute_condition = args [ :attribute_condition ] if args . key? ( :attribute_condition )
33973414 @attribute_mapping = args [ :attribute_mapping ] if args . key? ( :attribute_mapping )
33983415 @description = args [ :description ] if args . key? ( :description )
3416+ @detailed_audit_logging = args [ :detailed_audit_logging ] if args . key? ( :detailed_audit_logging )
33993417 @disabled = args [ :disabled ] if args . key? ( :disabled )
34003418 @display_name = args [ :display_name ] if args . key? ( :display_name )
34013419 @expire_time = args [ :expire_time ] if args . key? ( :expire_time )
@@ -3838,7 +3856,7 @@ class X509
38383856 include Google ::Apis ::Core ::Hashable
38393857
38403858 # Trust store that contains trust anchors and optional intermediate CAs used in
3841- # PKI to build trust chain and verify client's identity.
3859+ # PKI to build trust chain and verify a client's identity.
38423860 # Corresponds to the JSON property `trustStore`
38433861 # @return [Google::Apis::IamV1::TrustStore]
38443862 attr_accessor :trust_store
0 commit comments