SrSSKJr SSKJr SSKJr SSKJr Sr "SS\R5r "S S \R5r "S S \R5r "S S\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS \R5r"S!S"\R5r"S#S$\R5r"S%S&\R5r"S'S(\R5r"S)S*\R5r"S+S,\R5r"S-S.\R5r"S/S0\R5r"S1S2\R5r "S3S4\R5r!"S5S6\R5r""S7S8\R5r#"S9S:\R5r$"S;S<\R5r%"S=S>\R5r&"S?S@\R5r'"SASB\R5r("SCSD\R5r)"SESF\R5r*"SGSH\R5r+"SISJ\R5r,"SKSL\R5r-"SMSN\R5r."SOSP\R5r/"SQSR\R5r0"SSST\R5r1"SUSV\R5r2"SWSX\R5r3"SYSZ\R5r4"S[S\\R5r5"S]S^\R5r6"S_S`\R5r7"SaSb\R5r8"ScSd\R5r9"SeSf\R5r:"SgSh\R5r;"SiSj\R5r<"SkSl\R5r="SmSn\R5r>"SoSp\R5r?"SqSr\R5r@"SsSt\R5rA"SuSv\R5rB"SwSx\R5rC"SySz\R5rD"S{S|\R5rE"S}S~\R5rF"SS\R5rG"SS\R5rH"SS\R5rI"SS\R5rJ"SS\R5rK"SS\R5rL"SS\R5rM"SS\R5rN"SS\R5rO"SS\R5rP"SS\R5rQ"SS\R5rR"SS\R5rS"SS\R5rT"SS\R5rU"SS\R5rV"SS\R5rW"SS\R5rX"SS\R5rY"SS\R5rZ"SS\R5r["SS\R5r\"SS\R5r]"SS\R5r^"SS\R5r_"SS\R5r`"SS\R5ra"SS\R5rb"SS\R5rc"SS\R5rd"SS\R5re"SS\R5rf"SS\R5rg"SS\R5rh"SS\R5ri"SS\R5rj"SS\R5rk"SS\R5rl"SS\R5rm"SS\R5rn"SS\R5ro"SS\R5rp"SS\R5rq"SS\R5rr"SS\R5rs"SS\R5rt"SS\R5ru"SS\R5rv"SS\R5rw"SS\R5rx"SS\R5ry"SS\R5rz"SS\R5r{"SS\R5r|"SS\R5r}"SS\R5r~"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GS GS \R5r"GS GS \R5r"GS GS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS\R5r"GSGS \R5r"GS!GS"\R5r"GS#GS$\R5r"GS%GS&\R5r"GS'GS(\R5r"GS)GS*\R5r"GS+GS,\R5r"GS-GS.\R5r"GS/GS0\R5r"GS1GS2\R5r"GS3GS4\R5r"GS5GS6\R5r"GS7GS8\R5r"GS9GS:\R5r"GS;GS<\R5r"GS=GS>\R5r"GS?GS@\R5r"GSAGSB\R5r"GSCGSD\R5r"GSEGSF\R5r"GSGGSH\R5r"GSIGSJ\R5r"GSKGSL\R5r"GSMGSN\R5r"GSOGSP\R5r"GSQGSR\R5r"GSSGST\R5r"GSUGSV\R5r"GSWGSX\R5r"GSYGSZ\R5r"GS[GS\\R5r"GS]GS^\R5r"GS_GS`\R5r"GSaGSb\R5r"GScGSd\R5r"GSeGSf\R5r"GSgGSh\R5r"GSiGSj\R5r\GRz"\GSkGSl5 \GR|"\GR~GSmGSn5 \GR|"\GR~GSoGSp5 \GRz"\*GSqGSr5 \GRz"\*GSsGSt5 \GRz"\1GSuGSv5 \GRz"\1GSwGSx5 Ggy(zzoGenerated message classes for cloudidentity version v1. API for provisioning and managing identity resources. )absolute_import)messages)encoding) extra_types cloudidentityc<\rSrSrSr\R "S5rSrg)!AddIdpCredentialOperationMetadataaMLRO response metadata for InboundSamlSsoProfilesService.AddIdpCredential. Fields: state: State of this Operation Will be "awaiting-multi-party-approval" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448). N __name__ __module__ __qualname____firstlineno____doc__ _messages StringFieldstate__static_attributes__r Wlib/googlecloudsdk/generated_clients/apis/cloudidentity/v1/cloudidentity_v1_messages.pyr r     "%rr c<\rSrSrSr\R "S5rSrg)AddIdpCredentialRequestzThe request for creating an IdpCredential with its associated payload. An InboundSamlSsoProfile can own up to 2 credentials. Fields: pemData: PEM encoded x509 certificate containing the public key for verifying IdP signatures. r r N) rrrrrrrpemDatarr rrrrs  ! !! $'rrc\rSrSrSrSrg)CancelUserInvitationRequest+zERequest to cancel sent invitation for target email in UserInvitation.r Nrrrrrrr rrrr+sNrrc<\rSrSrSr\R "S5rSrg)!CheckTransitiveMembershipResponse/amThe response message for MembershipsService.CheckTransitiveMembership. Fields: hasMembership: Response does not include the possible roles of a member since the behavior of this rpc is not all-or-nothing unlike the other rpcs. So, it may not be possible to list all the roles definitively, due to possible lack of authorization in some of the paths. r r N) rrrrrr BooleanField hasMembershiprr rrr#r#/s((+-rr#c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) 2CloudidentityCustomersUserinvitationsCancelRequest<a(A CloudidentityCustomersUserinvitationsCancelRequest object. Fields: cancelUserInvitationRequest: A CancelUserInvitationRequest resource to be passed as the request body. name: Required. `UserInvitation` name in the format `customers/{customer}/userinvitations/{user_email_address}` rr Trequiredr N) rrrrrr MessageFieldcancelUserInvitationRequestrnamerr rrr(r(<s0!* 6 67TVW X   q4 0$rr(c:\rSrSrSr\R "SSS9rSrg)/CloudidentityCustomersUserinvitationsGetRequestJzA CloudidentityCustomersUserinvitationsGetRequest object. Fields: name: Required. `UserInvitation` name in the format `customers/{customer}/userinvitations/{user_email_address}` r Tr+r N rrrrrrrr/rr rrr1r1J   q4 0$rr1c:\rSrSrSr\R "SSS9rSrg);CloudidentityCustomersUserinvitationsIsInvitableUserRequestUzA CloudidentityCustomersUserinvitationsIsInvitableUserRequest object. Fields: name: Required. `UserInvitation` name in the format `customers/{customer}/userinvitations/{user_email_address}` r Tr+r Nr3r rrr6r6Ur4rr6c\rSrSrSr\R "S5r\R "S5r\R"S\RRS9r \R "S5r \R "SS S 9rS rg ) 0CloudidentityCustomersUserinvitationsListRequest`aA CloudidentityCustomersUserinvitationsListRequest object. Fields: filter: Optional. A query string for filtering `UserInvitation` results by their current state, in the format: `"state=='invited'"`. orderBy: Optional. The sort order of the list results. You can sort the results in descending order based on either email or last update timestamp but not both, using `order_by="email desc"`. Currently, sorting is supported for `update_time asc`, `update_time desc`, `email asc`, and `email desc`. If not specified, results will be returned based on `email asc` order. pageSize: Optional. The maximum number of UserInvitation resources to return. If unspecified, at most 100 resources will be returned. The maximum value is 200; values above 200 will be set to 200. pageToken: Optional. A page token, received from a previous `ListUserInvitations` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListBooks` must match the call that provided the page token. parent: Required. The customer ID of the Google Workspace or Cloud Identity account the UserInvitation resources are associated with. r r*variantTr+r N)rrrrrrrfilterorderBy IntegerFieldVariantINT32pageSize pageTokenparentrr rrr9r9`si,   #&  ! !! $'  # #Ay/@/@/F/F G(##A&)  T 2&rr9c`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) 0CloudidentityCustomersUserinvitationsSendRequest~a"A CloudidentityCustomersUserinvitationsSendRequest object. Fields: name: Required. `UserInvitation` name in the format `customers/{customer}/userinvitations/{user_email_address}` sendUserInvitationRequest: A SendUserInvitationRequest resource to be passed as the request body. r Tr+SendUserInvitationRequestr*r N) rrrrrrrr/r-sendUserInvitationRequestrr rrrIrI~s0   q4 0$'445PRSTrrIc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) %CloudidentityDevicesCancelWipeRequestaA CloudidentityDevicesCancelWipeRequest object. Fields: googleAppsCloudidentityDevicesV1CancelWipeDeviceRequest: A GoogleAppsCloudidentityDevicesV1CancelWipeDeviceRequest resource to be passed as the request body. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in format: `devices/{device}`, where device is the unique ID assigned to the Device. 7GoogleAppsCloudidentityDevicesV1CancelWipeDeviceRequestr r*Tr+r N) rrrrrrr-7googleAppsCloudidentityDevicesV1CancelWipeDeviceRequestrr/rr rrrNrNs< =FG=S=SUOQR>S:   q4 0$rr]c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) +CloudidentityDevicesDeviceUsersBlockRequestaA CloudidentityDevicesDeviceUsersBlockRequest object. Fields: googleAppsCloudidentityDevicesV1BlockDeviceUserRequest: A GoogleAppsCloudidentityDevicesV1BlockDeviceUserRequest resource to be passed as the request body. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in format: `devices/{device}/deviceUsers/{device_user}`, where device is the unique ID assigned to the Device, and device_user is the unique ID assigned to the User. 6GoogleAppsCloudidentityDevicesV1BlockDeviceUserRequestr r*Tr+r N) rrrrrrr-6googleAppsCloudidentityDevicesV1BlockDeviceUserRequestrr/rr rrrbrbs<  AJ@V@VXUWXAY=   q4 0$rrgc^\rSrSrSr\R "S5r\R "SSS9rSr g) 5CloudidentityDevicesDeviceUsersClientStatesGetRequestanA CloudidentityDevicesDeviceUsersClientStatesGetRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the ClientState in format: `devices/{device}/deviceUsers/{device_user}/clientStates/{partner}`, where `device` is the unique ID assigned to the Device, `device_user` is the unique ID assigned to the User and `partner` identifies the partner storing the data. To get the client state for devices belonging to your own organization, the `partnerId` is in the format: `customerId-*anystring*`. Where the `customerId` is your organization's customer ID and `anystring` is any suffix. This suffix is used in setting up Custom Access Levels in Context-Aware Access. You may use `my_customer` instead of the customer ID for devices managed by your own organization. You may specify `-` in place of the `{device}`, so the ClientState resource name can be: `devices/-/deviceUsers/{device_user_resource}/clientStates/{partner}`. r r*Tr+r Nr[r rrrlrls+4 " "1 %(   q4 0$rrlc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "SSS 9r S r g ) 6CloudidentityDevicesDeviceUsersClientStatesListRequestiaGA CloudidentityDevicesDeviceUsersClientStatesListRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. filter: Optional. Additional restrictions when fetching list of client states. orderBy: Optional. Order specification for client states in the response. pageToken: Optional. A page token, received from a previous `ListClientStates` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListClientStates` must match the call that provided the page token. parent: Required. To list all ClientStates, set this to "devices/-/deviceUsers/-". To list all ClientStates owned by a DeviceUser, set this to the resource name of the DeviceUser. Format: devices/{device}/deviceUsers/{deviceUser} r r*r;r>r?Tr+r N) rrrrrrrrVr@rArFrGrr rrroros[, " "1 %(   #&  ! !! $'##A&)  T 2&rroc\rSrSrSr\R "S5r\R"SS5r \R "SSS9r \R "S 5r S r g ) 7CloudidentityDevicesDeviceUsersClientStatesPatchRequesti7aA CloudidentityDevicesDeviceUsersClientStatesPatchRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. googleAppsCloudidentityDevicesV1ClientState: A GoogleAppsCloudidentityDevicesV1ClientState resource to be passed as the request body. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the ClientState in format: `devices/{device}/deviceUsers/{device_user}/clientState/{partner}`, where partner corresponds to the partner storing the data. For partners belonging to the "BeyondCorp Alliance", this is the partner ID specified to you by Google. For all other callers, this is a string of the form: `{customer}-suffix`, where `customer` is your customer ID. The *suffix* is any string the caller specifies. This string will be displayed verbatim in the administration console. This suffix is used in setting up Custom Access Levels in Context-Aware Access. Your organization's customer ID can be obtained from the URL: `GET https://www.googleapis.com/admin/directory/v1/customers/my_customer` The `id` field in the response contains the customer ID starting with the letter 'C'. The customer ID to be used in this API is the string after the letter 'C' (not including 'C') updateMask: Optional. Comma-separated list of fully qualified names of fields to be updated. If not specified, all updatable fields in ClientState are updated. r +GoogleAppsCloudidentityDevicesV1ClientStater*r;Tr+r>r N) rrrrrrrrVr-+googleAppsCloudidentityDevicesV1ClientStater/ updateMaskrr rrrqrq7sQB " "1 %(090F0FGtvw0x-   q4 0$$$Q'*rrqc^\rSrSrSr\R "S5r\R "SSS9rSr g) ,CloudidentityDevicesDeviceUsersDeleteRequesti_aA CloudidentityDevicesDeviceUsersDeleteRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in format: `devices/{device}/deviceUsers/{device_user}`, where device is the unique ID assigned to the Device, and device_user is the unique ID assigned to the User. r r*Tr+r Nr[r rrrvrv_+  " "1 %(   q4 0$rrvc^\rSrSrSr\R "S5r\R "SSS9rSr g) )CloudidentityDevicesDeviceUsersGetRequestitaA CloudidentityDevicesDeviceUsersGetRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in format: `devices/{device}/deviceUsers/{device_user}`, where device is the unique ID assigned to the Device, and device_user is the unique ID assigned to the User. r r*Tr+r Nr[r rrryrytrwrryc\rSrSrSr\R "S5r\R "S5r\R "S5r \R"S\RRS9r \R "S5r\R "S S S 9rS rg )*CloudidentityDevicesDeviceUsersListRequestiaA CloudidentityDevicesDeviceUsersListRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. filter: Optional. Additional restrictions when fetching list of devices. For a list of search fields, refer to [Mobile device search fields](https://developers.google.com/admin-sdk/directory/v1/search- operators). Multiple search fields are separated by the space character. orderBy: Optional. Order specification for devices in the response. pageSize: Optional. The maximum number of DeviceUsers to return. If unspecified, at most 5 DeviceUsers will be returned. The maximum value is 20; values above 20 will be coerced to 20. pageToken: Optional. A page token, received from a previous `ListDeviceUsers` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListBooks` must match the call that provided the page token. parent: Required. To list all DeviceUsers, set this to "devices/-". To list all DeviceUsers owned by a device, set this to the resource name of the device. Format: devices/{device} r r*r;r>r<r?Tr+r N)rrrrrrrrVr@rArBrCrDrErFrGrr rrr{r{sy4 " "1 %(   #&  ! !! $'  # #Ay/@/@/F/F G(##A&)  T 2&rr{c\\rSrSrSr\R "S5r\R "S5r\R"S\RRS9r \R "S5r \R "SS S 9r\R "S 5r\R "S 5r\R "S 5rSrg),CloudidentityDevicesDeviceUsersLookupRequestiaA CloudidentityDevicesDeviceUsersLookupRequest object. Fields: androidId: Android Id returned by [Settings.Secure#ANDROID_ID](https://dev eloper.android.com/reference/android/provider/Settings.Secure.html#ANDRO ID_ID). iosDeviceId: Optional. The partner-specified device identifier assigned to the iOS device that initiated the Lookup API call. This string must match the value of the iosDeviceId key in the app config dictionary provided to Google Workspace apps. pageSize: The maximum number of DeviceUsers to return. If unspecified, at most 20 DeviceUsers will be returned. The maximum value is 20; values above 20 will be coerced to 20. pageToken: A page token, received from a previous `LookupDeviceUsers` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `LookupDeviceUsers` must match the call that provided the page token. parent: Must be set to "devices/-/deviceUsers" to search across all DeviceUser belonging to the user. partner: Optional. The partner ID of the calling iOS app. This string must match the value of the partner key within the app configuration dictionary provided to Google Workspace apps. rawResourceId: Raw Resource Id used by Google Endpoint Verification. If the user is enrolled into Google Endpoint Verification, this id will be saved as the 'device_resource_id' field in the following platform dependent files. Mac: ~/.secureConnect/context_aware_config.json Windows: C:\\Users\%USERPROFILE%\.secureConnect\context_aware_config.json Linux: ~/.secureConnect/context_aware_config.json userId: The user whose DeviceUser's resource name will be fetched. Must be set to 'me' to fetch the DeviceUser's resource name for the calling user. r r*r;r<r>r?Tr+r|r N)rrrrrrr androidId iosDeviceIdrBrCrDrErFrGpartner rawResourceIduserIdrr rrr~r~s D##A&)%%a(+  # #Ay/@/@/F/F G(##A&)  T 2&  ! !! $'''*-   #&rr~c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) *CloudidentityDevicesDeviceUsersWipeRequestiaA CloudidentityDevicesDeviceUsersWipeRequest object. Fields: googleAppsCloudidentityDevicesV1WipeDeviceUserRequest: A GoogleAppsCloudidentityDevicesV1WipeDeviceUserRequest resource to be passed as the request body. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in format: `devices/{device}/deviceUsers/{device_user}`, where device is the unique ID assigned to the Device, and device_user is the unique ID assigned to the User. 5GoogleAppsCloudidentityDevicesV1WipeDeviceUserRequestr r*Tr+r N) rrrrrrr-5googleAppsCloudidentityDevicesV1WipeDeviceUserRequestrr/rr rrrrs< ;D:P:PRIKL;M7   q4 0$rrc^\rSrSrSr\R "S5r\R "SSS9rSr g) CloudidentityDevicesGetRequestiaA CloudidentityDevicesGetRequest object. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Customer in the format: `customers/{customer}`, where customer is the customer to whom the device belongs. If you're using this API for your own organization, use `customers/my_customer`. If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in the format: `devices/{device}`, where device is the unique ID assigned to the Device. r r*Tr+r Nr[r rrrrrwrrcB\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"S\RRS 9r\R"S 5r\R""SS 5rS rg )CloudidentityDevicesListRequestiaA CloudidentityDevicesListRequest object. Enums: ViewValueValuesEnum: Optional. The view to use for the List request. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer in the format: `customers/{customer}`, where customer is the customer to whom the device belongs. If you're using this API for your own organization, use `customers/my_customer`. If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. filter: Optional. Additional restrictions when fetching list of devices. For a list of search fields, refer to [Mobile device search fields](https://developers.google.com/admin-sdk/directory/v1/search- operators). Multiple search fields are separated by the space character. orderBy: Optional. Order specification for devices in the response. Only one of the following field names may be used to specify the order: `create_time`, `last_sync_time`, `model`, `os_version`, `device_type` and `serial_number`. `desc` may be specified optionally at the end to specify results to be sorted in descending order. Default order is ascending. pageSize: Optional. The maximum number of Devices to return. If unspecified, at most 20 Devices will be returned. The maximum value is 100; values above 100 will be coerced to 100. pageToken: Optional. A page token, received from a previous `ListDevices` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListDevices` must match the call that provided the page token. view: Optional. The view to use for the List request. c$\rSrSrSrSrSrSrSrg)3CloudidentityDevicesListRequest.ViewValueValuesEnumi"a]Optional. The view to use for the List request. Values: VIEW_UNSPECIFIED: Default value. The value is unused. COMPANY_INVENTORY: This view contains all devices imported by the company admin. Each device in the response contains all information specified by the company admin when importing the device (i.e. asset tags). This includes devices that may be unassigned or assigned to users. USER_ASSIGNED_DEVICES: This view contains all devices with at least one user registered on the device. Each device in the response contains all device information, except for asset tags. rr r*r N) rrrrrVIEW_UNSPECIFIEDCOMPANY_INVENTORYUSER_ASSIGNED_DEVICESrr rrViewValueValuesEnumr"s rrr r*r;r>r<r?r|r N)rrrrrrEnumrrrVr@rArBrCrDrErF EnumFieldviewrr rrrrsBINN$ " "1 %(   #&  ! !! $'  # #Ay/@/@/F/F G(##A&)   2A 6$rrc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) CloudidentityDevicesWipeRequesti<aA CloudidentityDevicesWipeRequest object. Fields: googleAppsCloudidentityDevicesV1WipeDeviceRequest: A GoogleAppsCloudidentityDevicesV1WipeDeviceRequest resource to be passed as the request body. name: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Device in format: `devices/{device}/deviceUsers/{device_user}`, where device is the unique ID assigned to the Device, and device_user is the unique ID assigned to the User. 1GoogleAppsCloudidentityDevicesV1WipeDeviceRequestr r*Tr+r N) rrrrrrr-1googleAppsCloudidentityDevicesV1WipeDeviceRequestrr/rr rrrr<s< 7@6L6LNACD7E3   q4 0$rrc\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r Sr g ) CloudidentityGroupsCreateRequestiNa3A CloudidentityGroupsCreateRequest object. Enums: InitialGroupConfigValueValuesEnum: Optional. The initial configuration option for the `Group`. Fields: group: A Group resource to be passed as the request body. initialGroupConfig: Optional. The initial configuration option for the `Group`. c$\rSrSrSrSrSrSrSrg)BCloudidentityGroupsCreateRequest.InitialGroupConfigValueValuesEnumi[aeOptional. The initial configuration option for the `Group`. Values: INITIAL_GROUP_CONFIG_UNSPECIFIED: Default. Should not be used. WITH_INITIAL_OWNER: The end user making the request will be added as the initial owner of the `Group`. EMPTY: An empty group is created without any initial owners. This can only be used by admins of the domain. rr r*r N) rrrrr INITIAL_GROUP_CONFIG_UNSPECIFIEDWITH_INITIAL_OWNEREMPTYrr rr!InitialGroupConfigValueValuesEnumr[s()$ ErrGroupr r*r N) rrrrrrrrr-grouprinitialGroupConfigrr rrrrNs@  )..   ! ,% **+NPQRrrc:\rSrSrSr\R "SSS9rSrg) CloudidentityGroupsDeleteRequestimzA CloudidentityGroupsDeleteRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group` to retrieve. Must be of the form `groups/{group}`. r Tr+r Nr3r rrrrm   q4 0$rrc:\rSrSrSr\R "SSS9rSrg)CloudidentityGroupsGetRequestiyzA CloudidentityGroupsGetRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group` to retrieve. Must be of the form `groups/{group}`. r Tr+r Nr3r rrrryrrrc^\rSrSrSr\R "SSS9r\R "S5rSr g) -CloudidentityGroupsGetSecuritySettingsRequestiaoA CloudidentityGroupsGetSecuritySettingsRequest object. Fields: name: Required. The security settings to retrieve. Format: `groups/{group_id}/securitySettings` readMask: Field-level read mask of which fields to return. "*" returns all fields. If not specified, all fields will be returned. May only contain the following field: `member_restriction`. r Tr+r*r N) rrrrrrrr/readMaskrr rrrrs+   q4 0$  " "1 %(rrc\rSrSrSr"SS\R 5r\R"S\RRS9r \R"S5r \R"S5r\R"SS 5rS rg ) CloudidentityGroupsListRequestiaA CloudidentityGroupsListRequest object. Enums: ViewValueValuesEnum: The level of detail to be returned. If unspecified, defaults to `View.BASIC`. Fields: pageSize: The maximum number of results to return. Note that the number of results returned may be less than this value even if there are more available results. To fetch all results, clients must continue calling this method repeatedly until the response no longer contains a `next_page_token`. If unspecified, defaults to 200 for `View.BASIC` and to 50 for `View.FULL`. Must not be greater than 1000 for `View.BASIC` or 500 for `View.FULL`. pageToken: The `next_page_token` value returned from a previous list request, if any. parent: Required. The parent resource under which to list all `Group` resources. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer_id}` for Google Groups. The `customer_id` must begin with "C" (for example, 'C046psxkn'). [Find your customer ID.] (https://support.google.com/cloudidentity/answer/10070793) view: The level of detail to be returned. If unspecified, defaults to `View.BASIC`. c$\rSrSrSrSrSrSrSrg)2CloudidentityGroupsListRequest.ViewValueValuesEnumiThe level of detail to be returned. If unspecified, defaults to `View.BASIC`. Values: VIEW_UNSPECIFIED: Default. Should not be used. BASIC: Only basic resource information is returned. FULL: All resource information is returned. rr r*r N rrrrrrBASICFULLrr rrrr E Drrr r<r*r;r>r NrrrrrrrrrBrCrDrErrFrGrrrr rrrrsj4  INN   # #Ay/@/@/F/F G(##A&)   #&   2A 6$rrc`\rSrSrSr\R "S5r\R "S5rSr g) CloudidentityGroupsLookupRequestiaxA CloudidentityGroupsLookupRequest object. Fields: groupKey_id: The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. Email addresses need to adhere to [name guidelines for users and groups](https://support.google.com/a/answer/9193374). For external- identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`. groupKey_namespace: The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`. r r*r N) rrrrrrr groupKey_idgroupKey_namespacerr rrrrs*"%%a(+ ,,Q/rrc^\rSrSrSr\R "SSS9r\R "S5rSr g) >CloudidentityGroupsMembershipsCheckTransitiveMembershipRequestiaA CloudidentityGroupsMembershipsCheckTransitiveMembershipRequest object. Fields: parent: [Resource name](https://cloud.google.com/apis/design/resource_names) of the group to check the transitive membership in. Format: `groups/{group}`, where `group` is the unique id assigned to the Group to which the Membership belongs to. query: Required. A CEL expression that MUST include member specification. This is a `required` field. Certain groups are uniquely identified by both a 'member_key_id' and a 'member_key_namespace', which requires an additional query input: 'member_key_namespace'. Example query: `member_key_id == 'member_key_id_value'` r Tr+r*r N rrrrrrrrGqueryrr rrrrs+   T 2&    "%rrc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) +CloudidentityGroupsMembershipsCreateRequestiaA CloudidentityGroupsMembershipsCreateRequest object. Fields: membership: A Membership resource to be passed as the request body. parent: Required. The parent `Group` resource under which to create the `Membership`. Must be of the form `groups/{group}`. Membershipr r*Tr+r N) rrrrrrr- membershiprrGrr rrrrs-%%lA6*  T 2&rrc:\rSrSrSr\R "SSS9rSrg)+CloudidentityGroupsMembershipsDeleteRequestiaA CloudidentityGroupsMembershipsDeleteRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Membership` to delete. Must be of the form `groups/{group}/memberships/{membership}` r Tr+r Nr3r rrrr   q4 0$rrc^\rSrSrSr\R "SSS9r\R "S5rSr g) 7CloudidentityGroupsMembershipsGetMembershipGraphRequestiaA CloudidentityGroupsMembershipsGetMembershipGraphRequest object. Fields: parent: Required. [Resource name](https://cloud.google.com/apis/design/resource_names) of the group to search transitive memberships in. Format: `groups/{group}`, where `group` is the unique ID assigned to the Group to which the Membership belongs to. group can be a wildcard collection id "-". When a group is specified, the membership graph will be constrained to paths between the member (defined in the query) and the parent. If a wildcard collection is provided, all membership paths connected to the member will be returned. query: Required. A CEL expression that MUST include member specification AND label(s). Certain groups are uniquely identified by both a 'member_key_id' and a 'member_key_namespace', which requires an additional query input: 'member_key_namespace'. Example query: `member_key_id == 'member_key_id_value' && in labels` r Tr+r*r Nrr rrrrs+&  T 2&    "%rrc:\rSrSrSr\R "SSS9rSrg)(CloudidentityGroupsMembershipsGetRequestiaA CloudidentityGroupsMembershipsGetRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Membership` to retrieve. Must be of the form `groups/{group}/memberships/{membership}`. r Tr+r Nr3r rrrrrrrc\rSrSrSr"SS\R 5r\R"S\RRS9r \R"S5r \R"SS S 9r\R"SS 5rS rg ))CloudidentityGroupsMembershipsListRequesti+aA CloudidentityGroupsMembershipsListRequest object. Enums: ViewValueValuesEnum: The level of detail to be returned. If unspecified, defaults to `View.BASIC`. Fields: pageSize: The maximum number of results to return. Note that the number of results returned may be less than this value even if there are more available results. To fetch all results, clients must continue calling this method repeatedly until the response no longer contains a `next_page_token`. If unspecified, defaults to 200 for `GroupView.BASIC` and to 50 for `GroupView.FULL`. Must not be greater than 1000 for `GroupView.BASIC` or 500 for `GroupView.FULL`. pageToken: The `next_page_token` value returned from a previous search request, if any. parent: Required. The parent `Group` resource under which to lookup the `Membership` name. Must be of the form `groups/{group}`. view: The level of detail to be returned. If unspecified, defaults to `View.BASIC`. c$\rSrSrSrSrSrSrSrg)=CloudidentityGroupsMembershipsListRequest.ViewValueValuesEnumiBrrr r*r Nrr rrrrBrrrr r<r*r;Tr+r>r Nrr rrrr+sl,  INN   # #Ay/@/@/F/F G(##A&)  T 2&   2A 6$rrc\rSrSrSr\R "S5r\R "S5r\R "SSS9r Sr g ) +CloudidentityGroupsMembershipsLookupRequestiUa A CloudidentityGroupsMembershipsLookupRequest object. Fields: memberKey_id: The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. Email addresses need to adhere to [name guidelines for users and groups](https://support.google.com/a/answer/9193374). For external- identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`. memberKey_namespace: The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`. parent: Required. The parent `Group` resource under which to lookup the `Membership` name. Must be of the form `groups/{group}`. r r*r;Tr+r N) rrrrrrr memberKey_idmemberKey_namespacerGrr rrrrUs<&&&q),!--a0  T 2&rrc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) :CloudidentityGroupsMembershipsModifyMembershipRolesRequestinaA CloudidentityGroupsMembershipsModifyMembershipRolesRequest object. Fields: modifyMembershipRolesRequest: A ModifyMembershipRolesRequest resource to be passed as the request body. name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Membership` whose roles are to be modified. Must be of the form `groups/{group}/memberships/{membership}`. ModifyMembershipRolesRequestr r*Tr+r N) rrrrrrr-modifyMembershipRolesRequestrr/rr rrrrns0 "+!7!78VXY!Z   q4 0$rrc\rSrSrSr\R "S5r\R"S\RRS9r \R "S5r \R "SSS 9r \R "S 5rS rg ) 7CloudidentityGroupsMembershipsSearchDirectGroupsRequesti~aA CloudidentityGroupsMembershipsSearchDirectGroupsRequest object. Fields: orderBy: The ordering of membership relation for the display name or email in the response. The syntax for this field can be found at https://cloud.google.com/apis/design/design_patterns#sorting_order. Example: Sort by the ascending display name: order_by="group_name" or order_by="group_name asc". Sort by the descending display name: order_by="group_name desc". Sort by the ascending group key: order_by="group_key" or order_by="group_key asc". Sort by the descending group key: order_by="group_key desc". pageSize: The default page size is 200 (max 1000). pageToken: The `next_page_token` value returned from a previous list request, if any parent: [Resource name](https://cloud.google.com/apis/design/resource_names) of the group to search transitive memberships in. Format: groups/{group_id}, where group_id is always '-' as this API will search across all groups for a given member. query: Required. A CEL expression that MUST include member specification AND label(s). Users can search on label attributes of groups. CONTAINS match ('in') is supported on labels. Identity-mapped groups are uniquely identified by both a `member_key_id` and a `member_key_namespace`, which requires an additional query input: `member_key_namespace`. Example query: `member_key_id == 'member_key_id_value' && 'label_value' in labels` r r*r<r;r>Tr+r?r N)rrrrrrrrArBrCrDrErFrGrrr rrrr~si8  ! !! $'  # #Ay/@/@/F/F G(##A&)  T 2&    "%rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r \R"S 5r S rg ) ;CloudidentityGroupsMembershipsSearchTransitiveGroupsRequestiaA CloudidentityGroupsMembershipsSearchTransitiveGroupsRequest object. Fields: pageSize: The default page size is 200 (max 1000). pageToken: The `next_page_token` value returned from a previous list request, if any. parent: [Resource name](https://cloud.google.com/apis/design/resource_names) of the group to search transitive memberships in. Format: `groups/{group}`, where `group` is always '-' as this API will search across all groups for a given member. query: Required. A CEL expression that MUST include member specification AND label(s). This is a `required` field. Users can search on label attributes of groups. CONTAINS match ('in') is supported on labels. Identity-mapped groups are uniquely identified by both a `member_key_id` and a `member_key_namespace`, which requires an additional query input: `member_key_namespace`. Example query: `member_key_id == 'member_key_id_value' && in labels` Query may optionally contain equality operators on the parent of the group restricting the search within a particular customer, e.g. `parent == 'customers/{customer_id}'`. The `customer_id` must begin with "C" (for example, 'C046psxkn'). This filtering is only supported for Admins with groups read permissions on the input customer. Example query: `member_key_id == 'member_key_id_value' && in labels && parent == 'customers/C046psxkn'` r r<r*r;Tr+r>r N)rrrrrrrBrCrDrErrFrGrrr rrrrsY6 # #Ay/@/@/F/F G(##A&)  T 2&    "%rrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) @CloudidentityGroupsMembershipsSearchTransitiveMembershipsRequestiaA CloudidentityGroupsMembershipsSearchTransitiveMembershipsRequest object. Fields: pageSize: The default page size is 200 (max 1000). pageToken: The `next_page_token` value returned from a previous list request, if any. parent: [Resource name](https://cloud.google.com/apis/design/resource_names) of the group to search transitive memberships in. Format: `groups/{group}`, where `group` is the unique ID assigned to the Group. r r<r*r;Tr+r NrrrrrrrBrCrDrErrFrGrr rrrrI  # #Ay/@/@/F/F G(##A&)  T 2&rrc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) CloudidentityGroupsPatchRequestiaA CloudidentityGroupsPatchRequest object. Fields: group: A Group resource to be passed as the request body. name: Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`. updateMask: Required. The names of fields to update. May only contain the following field names: `display_name`, `description`, `labels`. rr r*Tr+r;r N) rrrrrrr-rrr/rtrr rrrrs=   ! ,%   q4 0$$$Q'*rrc\rSrSrSr"SS\R 5r\R"S\RRS9r \R"S5r \R"S5r\R"SS 5rS rg ) CloudidentityGroupsSearchRequestiaPA CloudidentityGroupsSearchRequest object. Enums: ViewValueValuesEnum: The level of detail to be returned. If unspecified, defaults to `View.BASIC`. Fields: pageSize: The maximum number of results to return. Note that the number of results returned may be less than this value even if there are more available results. To fetch all results, clients must continue calling this method repeatedly until the response no longer contains a `next_page_token`. If unspecified, defaults to 200 for `GroupView.BASIC` and 50 for `GroupView.FULL`. Must not be greater than 1000 for `GroupView.BASIC` or 500 for `GroupView.FULL`. pageToken: The `next_page_token` value returned from a previous search request, if any. query: Required. The search query. * Must be specified in [Common Expression Language](https://opensource.google/projects/cel). * Must contain equality operators on the parent, e.g. `parent == 'customers/{customer_id}'`. The `customer_id` must begin with "C" (for example, 'C046psxkn'). [Find your customer ID.] (https://support.google.com/cloudidentity/answer/10070793) * Can contain optional inclusion operators on `labels` such as `'cloudidentity.googleapis.com/groups.discussion_forum' in labels`). * Can contain an optional equality operator on `domain_name`. e.g. `domain_name == 'examplepetstore.com'` * Can contain optional `startsWith/contains/equality` operators on `group_key`, e.g. `group_key.startsWith('dev')`, `group_key.contains('dev'), group_key == 'dev@examplepetstore.com'` * Can contain optional `startsWith/contains/equality` operators on `display_name`, such as `display_name.startsWith('dev')` , `display_name.contains('dev')`, `display_name == 'dev'` view: The level of detail to be returned. If unspecified, defaults to `View.BASIC`. c$\rSrSrSrSrSrSrSrg)4CloudidentityGroupsSearchRequest.ViewValueValuesEnumi rrr r*r Nrr rrrr rrrr r<r*r;r>r N)rrrrrrrrrBrCrDrErrFrrrrr rrrrsk"H  INN   # #Ay/@/@/F/F G(##A&)    "%   2A 6$rrc\rSrSrSr\R "SSS9r\R"SS5r \R "S5r S r g ) 0CloudidentityGroupsUpdateSecuritySettingsRequesti aA CloudidentityGroupsUpdateSecuritySettingsRequest object. Fields: name: Output only. The resource name of the security settings. Shall be of the form `groups/{group_id}/securitySettings`. securitySettings: A SecuritySettings resource to be passed as the request body. updateMask: Required. The fully-qualified names of fields to update. May only contain the following field: `member_restriction.query`. r Tr+SecuritySettingsr*r;r N) rrrrrrrr/r-securitySettingsrtrr rrrr s?    q4 0$++,>B$$Q'*rrc:\rSrSrSr\R "SSS9rSrg)0CloudidentityInboundOidcSsoProfilesDeleteRequesti1aA CloudidentityInboundOidcSsoProfilesDeleteRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundOidcSsoProfile to delete. Format: `inboundOidcSsoProfiles/{sso_profile_id}` r Tr+r Nr3r rrrr1rrrc:\rSrSrSr\R "SSS9rSrg)-CloudidentityInboundOidcSsoProfilesGetRequesti>zA CloudidentityInboundOidcSsoProfilesGetRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundOidcSsoProfile to get. Format: `inboundOidcSsoProfiles/{sso_profile_id}` r Tr+r Nr3r rrrr>rrrc\rSrSrSr\R "S5r\R"S\RRS9r \R "S5r Sr g) .CloudidentityInboundOidcSsoProfilesListRequestiKaA CloudidentityInboundOidcSsoProfilesListRequest object. Fields: filter: A [Common Expression Language](https://github.com/google/cel-spec) expression to filter the results. The only supported filter is filtering by customer. For example: `customer=="customers/C0123abc"`. Omitting the filter or specifying a filter of `customer=="customers/my_customer"` will return the profiles for the customer that the caller (authenticated user) belongs to. Specifying a filter of `customer==""` will return the global shared OIDC profiles. pageSize: The maximum number of InboundOidcSsoProfiles to return. The service may return fewer than this value. If omitted (or defaulted to zero) the server will use a sensible default. This default may change over time. The maximum allowed value is 100. Requests with page_size greater than that will be silently interpreted as having this maximum value. pageToken: A page token, received from a previous `ListInboundOidcSsoProfiles` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListInboundOidcSsoProfiles` must match the call that provided the page token. r r*r<r;r Nrrrrrrrr@rBrCrDrErFrr rrrrKsG.   #&  # #Ay/@/@/F/F G(##A&)rrc\rSrSrSr\R "SS5r\R"SSS9r \R"S5r S r g ) /CloudidentityInboundOidcSsoProfilesPatchRequestihaXA CloudidentityInboundOidcSsoProfilesPatchRequest object. Fields: inboundOidcSsoProfile: A InboundOidcSsoProfile resource to be passed as the request body. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the OIDC SSO profile. updateMask: Required. The list of fields to be updated. InboundOidcSsoProfiler r*Tr+r;r N) rrrrrrr-inboundOidcSsoProfilerr/rtrr rrrrh? $001H!L   q4 0$$$Q'*rrc:\rSrSrSr\R "SSS9rSrg)0CloudidentityInboundSamlSsoProfilesDeleteRequestiyaA CloudidentityInboundSamlSsoProfilesDeleteRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundSamlSsoProfile to delete. Format: `inboundSamlSsoProfiles/{sso_profile_id}` r Tr+r Nr3r rrrryrrrc:\rSrSrSr\R "SSS9rSrg)-CloudidentityInboundSamlSsoProfilesGetRequestizA CloudidentityInboundSamlSsoProfilesGetRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundSamlSsoProfile to get. Format: `inboundSamlSsoProfiles/{sso_profile_id}` r Tr+r Nr3r rrrrrrrc`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) ;CloudidentityInboundSamlSsoProfilesIdpCredentialsAddRequestia4A CloudidentityInboundSamlSsoProfilesIdpCredentialsAddRequest object. Fields: addIdpCredentialRequest: A AddIdpCredentialRequest resource to be passed as the request body. parent: Required. The InboundSamlSsoProfile that owns the IdpCredential. Format: `inboundSamlSsoProfiles/{sso_profile_id}` rr r*Tr+r N) rrrrrrr-addIdpCredentialRequestrrGrr rrrrs/&223LaP  T 2&rrc:\rSrSrSr\R "SSS9rSrg)>CloudidentityInboundSamlSsoProfilesIdpCredentialsDeleteRequestia/A CloudidentityInboundSamlSsoProfilesIdpCredentialsDeleteRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the IdpCredential to delete. Format: `inboundSamlSsoProfiles/{sso_profile_id }/idpCredentials/{idp_credential_id}` r Tr+r Nr3r rrrrrrrc:\rSrSrSr\R "SSS9rSrg);CloudidentityInboundSamlSsoProfilesIdpCredentialsGetRequestia.A CloudidentityInboundSamlSsoProfilesIdpCredentialsGetRequest object. Fields: name: Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the IdpCredential to retrieve. Format: `inboundSamlSsoProfiles/{sso_profile_ id}/idpCredentials/{idp_credential_id}` r Tr+r Nr3r rrrrrrrc\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) s !" DrrAr r*r N) rrrrrrrrArrr resourceTyperr rrr6r6s<$ INN     "%$$%BAF,rr6c\rSrSrSr"SS\R 5r\R"SS5r \R"S5r Sr g) r9iaThe current status of a dynamic group along with timestamp. Enums: StatusValueValuesEnum: Status of the dynamic group. Fields: status: Status of the dynamic group. statusTime: The latest time at which the dynamic group is guaranteed to be in the given status. If status is `UP_TO_DATE`, the latest time at which the dynamic group was confirmed to be up-to-date. If status is `UPDATING_MEMBERSHIPS`, the time at which dynamic group was created. c(\rSrSrSrSrSrSrSrSr g) (DynamicGroupStatus.StatusValueValuesEnumia9Status of the dynamic group. Values: STATUS_UNSPECIFIED: Default. UP_TO_DATE: The dynamic group is up-to-date. UPDATING_MEMBERSHIPS: The dynamic group has just been created and memberships are being updated. INVALID_QUERY: Group is in an unrecoverable state and its memberships can't be updated. rr r*r;r N) rrrrrSTATUS_UNSPECIFIED UP_TO_DATEUPDATING_MEMBERSHIPS INVALID_QUERYrr rrStatusValueValuesEnumrEs JMrrJr r*r N) rrrrrrrrJrr;r statusTimerr rrr9r9s< inn   6 :&$$Q'*rr9c`\rSrSrSr\R "S5r\R "S5rSr g) EntityKeyia]A unique identifier for an entity in the Cloud Identity Groups API. An entity can represent either a group with an optional `namespace` or a user without a `namespace`. The combination of `id` and `namespace` must be unique; however, the same `id` can be used with different `namespace`s. Fields: id: The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. Email addresses need to adhere to [name guidelines for users and groups](https://support.google.com/a/answer/9193374). For external- identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`. namespace: The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external- identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`. r r*r N) rrrrrrrid namespacerr rrrMrMs)(Q"##A&)rrMc<\rSrSrSr\R "S5rSrg) ExpiryDetaili1zpThe `MembershipRole` expiry details. Fields: expireTime: The time at which the `MembershipRole` will expire. r r N) rrrrrrr expireTimerr rrrQrQ1s $$Q'*rrQc\rSrSrSrSrg)GetMembershipGraphMetadatai;zdMetadata of GetMembershipGraphResponse LRO. This is currently empty to permit future extensibility. r Nr!r rrrTrT;rrrTc`\rSrSrSr\R "SSSS9r\R "SSSS9rS r g ) GetMembershipGraphResponseiBauThe response message for MembershipsService.GetMembershipGraph. Fields: adjacencyList: The membership graph's path information represented as an adjacency list. groups: The resources representing each group in the adjacency list. Each group in this list can be correlated to a 'group' of the MembershipAdjacencyList using the 'name' of the Group resource. MembershipAdjacencyListr Tr7rr*r N) rrrrrrr- adjacencyListgroupsrr rrrVrVBs3(()BAPTU-  ! !'1t <&rrVcd\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"S5r \R"SS 5r\R"S 5r\R"S 5r\R"S 5rS rg)1GoogleAppsCloudidentityDevicesV1AndroidAttributesiQaResource representing the Android specific attributes of a Device. Enums: OwnershipPrivilegeValueValuesEnum: Ownership privileges on device. Fields: ctsProfileMatch: Whether the device passes Android CTS compliance. enabledUnknownSources: Whether applications from unknown sources can be installed on device. hasPotentiallyHarmfulApps: Whether any potentially harmful apps were detected on the device. ownerProfileAccount: Whether this account is on an owner/primary profile. For phones, only true for owner profiles. Android 4+ devices can have secondary or restricted user profiles. ownershipPrivilege: Ownership privileges on device. supportsWorkProfile: Whether device supports Android work profiles. If false, this service will not block access to corp data even if an administrator turns on the "Enforce Work Profile" policy. verifiedBoot: Whether Android verified boot status is GREEN. verifyAppsEnabled: Whether Google Play Protect Verify Apps is enabled. c(\rSrSrSrSrSrSrSrSr g) SGoogleAppsCloudidentityDevicesV1AndroidAttributes.OwnershipPrivilegeValueValuesEnumihaSOwnership privileges on device. Values: OWNERSHIP_PRIVILEGE_UNSPECIFIED: Ownership privilege is not set. DEVICE_ADMINISTRATOR: Active device administrator privileges on the device. PROFILE_OWNER: Profile Owner privileges. The account is in a managed corporate profile. DEVICE_OWNER: Device Owner privileges on the device. rr r*r;r N) rrrrrOWNERSHIP_PRIVILEGE_UNSPECIFIEDDEVICE_ADMINISTRATOR PROFILE_OWNER DEVICE_OWNERrr rr!OwnershipPrivilegeValueValuesEnumr]hs '(#MLrrbr r*r;r>r?r|rrr N)rrrrrrrrbr%ctsProfileMatchenabledUnknownSourceshasPotentiallyHarmfulAppsownerProfileAccountrownershipPrivilegesupportsWorkProfile verifiedBootverifyAppsEnabledrr rrr[r[Qs,).. **1-/#003'44Q7!..q1 **+NPQR!..q1''*,,,Q/rr[c\rSrSrSrSrg)9GoogleAppsCloudidentityDevicesV1ApproveDeviceUserMetadataiz#Metadata for ApproveDeviceUser LRO.r Nr!r rrrlrl,rrlc<\rSrSrSr\R "S5rSrg)r_iaRequest message for approving the device to access user data. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. r r N rrrrrrrrVrr rrr_r_  " "1 %(rr_c>\rSrSrSr\R "SS5rSrg)9GoogleAppsCloudidentityDevicesV1ApproveDeviceUserResponseizResponse message for approving the device to access user data. Fields: deviceUser: Resultant DeviceUser object for the action. *GoogleAppsCloudidentityDevicesV1DeviceUserr r N rrrrrrr- deviceUserrr rrrrrr %%&RTUV*rrrc\rSrSrSrSrg)7GoogleAppsCloudidentityDevicesV1BlockDeviceUserMetadataiz!Metadata for BlockDeviceUser LRO.r Nr!r rrrxrxs*rrxc<\rSrSrSr\R "S5rSrg)rdiaRequest message for blocking account on device. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. r r Nror rrrdrdrprrdc>\rSrSrSr\R "SS5rSrg)7GoogleAppsCloudidentityDevicesV1BlockDeviceUserResponseizResponse message for blocking the device from accessing user data. Fields: deviceUser: Resultant DeviceUser object for the action. rsr r Nrtr rrr{r{rvrr{c\rSrSrSr\R "SS5r\R"S5r \R"S5r Sr g) 1GoogleAppsCloudidentityDevicesV1BrowserAttributesiaContains information about browser profiles reported by the [Endpoint Verification extension](https://chromewebstore.google.com/detail/endpoint- verification/callobklhcbilhphinckomhgkigmfocg?pli=1). Fields: chromeBrowserInfo: Represents the current state of the [Chrome browser attributes](https://cloud.google.com/access-context- manager/docs/browser-attributes) sent by the [Endpoint Verification extension](https://chromewebstore.google.com/detail/endpoint- verification/callobklhcbilhphinckomhgkigmfocg?pli=1). chromeProfileId: Chrome profile ID that is exposed by the Chrome API. It is unique for each device. lastProfileSyncTime: Timestamp in milliseconds since the Unix epoch when the profile/gcm id was last synced. +GoogleAppsCloudidentityDevicesV1BrowserInfor r*r;r N) rrrrrrr-chromeBrowserInforchromeProfileIdlastProfileSyncTimerr rrr}r}s?  ,,-Z\]^))!,/!--a0rr}c\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r \R"SS 5r \R"S 5r \R"S 5r\R"S 5r\R"S 5r\R"S5r\R"S5r\R"S5r\R"S5r\R"S5r\R"S5r\R"S5r\R"SS5r\R"SS5rSrg)r~iaR Browser-specific fields reported by the [Endpoint Verification extension](https://chromewebstore.google.com/detail/endpoint- verification/callobklhcbilhphinckomhgkigmfocg?pli=1). Enums: BrowserManagementStateValueValuesEnum: Output only. Browser's management state. PasswordProtectionWarningTriggerValueValuesEnum: Current state of [password protection trigger](https://chromeenterprise.google/policies/# PasswordProtectionWarningTrigger). SafeBrowsingProtectionLevelValueValuesEnum: Current state of [Safe Browsing protection level](https://chromeenterprise.google/policies/#Saf eBrowsingProtectionLevel). Fields: browserManagementState: Output only. Browser's management state. browserVersion: Version of the request initiating browser. E.g. `91.0.4442.4`. isBuiltInDnsClientEnabled: Current state of [built-in DNS client](https:// chromeenterprise.google/policies/#BuiltInDnsClientEnabled). isBulkDataEntryAnalysisEnabled: Current state of [bulk data analysis](http s://chromeenterprise.google/policies/#OnBulkDataEntryEnterpriseConnector ). Set to true if provider list from Chrome is non-empty. isChromeCleanupEnabled: Current state of [Chrome Cleanup](https://chromeenterprise.google/policies/#ChromeCleanupEnabled) . isChromeRemoteDesktopAppBlocked: Current state of [Chrome Remote Desktop app](https://chromeenterprise.google/policies/#URLBlocklist). isFileDownloadAnalysisEnabled: Current state of [file download analysis](h ttps://chromeenterprise.google/policies/#OnFileDownloadedEnterpriseConne ctor). Set to true if provider list from Chrome is non-empty. isFileUploadAnalysisEnabled: Current state of [file upload analysis](https ://chromeenterprise.google/policies/#OnFileAttachedEnterpriseConnector). Set to true if provider list from Chrome is non-empty. isRealtimeUrlCheckEnabled: Current state of [real-time URL check](https:// chromeenterprise.google/policies/#EnterpriseRealTimeUrlCheckMode). Set to true if provider list from Chrome is non-empty. isSecurityEventAnalysisEnabled: Current state of [security event analysis] (https://chromeenterprise.google/policies/#OnSecurityEventEnterpriseConn ector). Set to true if provider list from Chrome is non-empty. isSiteIsolationEnabled: Current state of [site isolation](https://chromeen terprise.google/policies/?policy=IsolateOrigins). isThirdPartyBlockingEnabled: Current state of [third-party blocking](https ://chromeenterprise.google/policies/#ThirdPartyBlockingEnabled). passwordProtectionWarningTrigger: Current state of [password protection tr igger](https://chromeenterprise.google/policies/#PasswordProtectionWarni ngTrigger). safeBrowsingProtectionLevel: Current state of [Safe Browsing protection le vel](https://chromeenterprise.google/policies/#SafeBrowsingProtectionLev el). c,\rSrSrSrSrSrSrSrSr Sr g ) QGoogleAppsCloudidentityDevicesV1BrowserInfo.BrowserManagementStateValueValuesEnumia^Output only. Browser's management state. Values: UNSPECIFIED: Management state is not specified. UNMANAGED: Browser/Profile is not managed by any customer. MANAGED_BY_OTHER_DOMAIN: Browser/Profile is managed, but by some other customer. PROFILE_MANAGED: Profile is managed by customer. BROWSER_MANAGED: Browser is managed by customer. rr r*r;r>r N) rrrrr UNSPECIFIED UNMANAGEDMANAGED_BY_OTHER_DOMAINPROFILE_MANAGEDBROWSER_MANAGEDrr rr%BrowserManagementStateValueValuesEnumrs# KIOOrrc(\rSrSrSrSrSrSrSrSr g) [GoogleAppsCloudidentityDevicesV1BrowserInfo.PasswordProtectionWarningTriggerValueValuesEnumiaCurrent state of [password protection trigger](https://chromeenterpris e.google/policies/#PasswordProtectionWarningTrigger). Values: PASSWORD_PROTECTION_TRIGGER_UNSPECIFIED: Password protection is not specified. PROTECTION_OFF: Password reuse is never detected. PASSWORD_REUSE: Warning is shown when the user reuses their protected password on a non-allowed site. PHISHING_REUSE: Warning is shown when the user reuses their protected password on a phishing site. rr r*r;r N) rrrrr'PASSWORD_PROTECTION_TRIGGER_UNSPECIFIEDPROTECTION_OFFPASSWORD_REUSEPHISHING_REUSErr rr/PasswordProtectionWarningTriggerValueValuesEnumrs /0+NNNrrc(\rSrSrSrSrSrSrSrSr g) VGoogleAppsCloudidentityDevicesV1BrowserInfo.SafeBrowsingProtectionLevelValueValuesEnumi*aCurrent state of [Safe Browsing protection level](https://chromeenterp rise.google/policies/#SafeBrowsingProtectionLevel). Values: SAFE_BROWSING_LEVEL_UNSPECIFIED: Browser protection level is not specified. DISABLED: No protection against dangerous websites, downloads, and extensions. STANDARD: Standard protection against websites, downloads, and extensions that are known to be dangerous. ENHANCED: Faster, proactive protection against dangerous websites, downloads, and extensions. rr r*r;r N) rrrrrSAFE_BROWSING_LEVEL_UNSPECIFIEDDISABLEDSTANDARDENHANCEDrr rr*SafeBrowsingProtectionLevelValueValuesEnumr*s '(#HHHrrr r*r;r>r?r|rr r N)rrrrrrrrrrrbrowserManagementStaterbrowserVersionr%isBuiltInDnsClientEnabledisBulkDataEntryAnalysisEnabledisChromeCleanupEnabledisChromeRemoteDesktopAppBlockedisFileDownloadAnalysisEnabledisFileUploadAnalysisEnabledisRealtimeUrlCheckEnabledisSecurityEventAnalysisEnabledisSiteIsolationEnabledisThirdPartyBlockingEnabled passwordProtectionWarningTriggersafeBrowsingProtectionLevelrr rrr~r~s32hinn" $9>>&%../VXYZ((+.'44Q7#,#9#9!#< $11!4$-$:$:1$=!"+"8"8"; ) 6 6q 9'44Q7#,#9#9"#= $11"5 ) 6 6r :%.%8%89jln%o" ) 3 34`bd err~c\rSrSrSrSrg)8GoogleAppsCloudidentityDevicesV1CancelWipeDeviceMetadataiMz"Metadata for CancelWipeDevice LRO.r Nr!r rrrrMr"rrc<\rSrSrSr\R "S5rSrg)rPiQaRequest message for cancelling an unfinished device wipe. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. r r Nror rrrPrPQrprrPc>\rSrSrSr\R "SS5rSrg)8GoogleAppsCloudidentityDevicesV1CancelWipeDeviceResponsei`zResponse message for cancelling an unfinished device wipe. Fields: device: Resultant Device object for the action. Note that asset tags will not be returned in the device object. rUr r N rrrrrrr-devicerr rrrr`  ! !"JA N&rrc\rSrSrSrSrg)\rSrSrSr\R "SS5rSrg)r?r|rrrr N)rrrrrrrrr-certificateTemplater fingerprintissuer serialNumbersubject thumbprintrvalidationStatevalidityExpirationTimevalidityStartTimerr rrrrs$ y~~ "../dfgh%%a(+   #&&&q),  ! !! $'$$Q'*''(H!L/$003++A.rrc\rSrSrSr\R "S5r\R"S\RRS9r \R"S\RRS9r Sr g) riaBCertificateTemplate (v3 Extension in X.509). Fields: id: The template id of the template. Example: "1.3.6.1.4.1.311.21.8.156086 21.11768144.5720724.16068415.6889630.81.2472537.7784047". majorVersion: The Major version of the template. Example: 100. minorVersion: The minor version of the template. Example: 12. r r*r<r;r N)rrrrrrrrNrBrCrD majorVersion minorVersionrr rrrrsUQ"''93D3D3J3JK,''93D3D3J3JK,rrc\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r \ R"S 5"S S \R55r\R"SSS9r\R""SS5r\R"S5r\R"S5r\R"S5r\R""SS5r\R."S S5r\R"S5r\R""SS5r\R"S5r\R""S S5r\R"S5rSrg)rria Represents the state associated with an API client calling the Devices API. Resource representing ClientState and supports updates from API users Enums: ComplianceStateValueValuesEnum: The compliance state of the resource as specified by the API client. HealthScoreValueValuesEnum: The Health score of the resource. The Health score is the callers specification of the condition of the device from a usability point of view. For example, a third-party device management provider may specify a health score based on its compliance with organizational policies. ManagedValueValuesEnum: The management state of the resource as specified by the API client. OwnerTypeValueValuesEnum: Output only. The owner of the ClientState Messages: KeyValuePairsValue: The map of key-value attributes stored by callers specific to a device. The total serialized length of this map may not exceed 10KB. No limit is placed on the number of attributes in a map. Fields: assetTags: The caller can specify asset tags for this resource complianceState: The compliance state of the resource as specified by the API client. createTime: Output only. The time the client state data was created. customId: This field may be used to store a unique identifier for the API resource within which these CustomAttributes are a field. etag: The token that needs to be passed back for concurrency control in updates. Token needs to be passed back in UpdateRequest healthScore: The Health score of the resource. The Health score is the callers specification of the condition of the device from a usability point of view. For example, a third-party device management provider may specify a health score based on its compliance with organizational policies. keyValuePairs: The map of key-value attributes stored by callers specific to a device. The total serialized length of this map may not exceed 10KB. No limit is placed on the number of attributes in a map. lastUpdateTime: Output only. The time the client state data was last updated. managed: The management state of the resource as specified by the API client. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the ClientState in format: `devices/{device}/deviceUsers/{device_user}/clientState/{partner}`, where partner corresponds to the partner storing the data. For partners belonging to the "BeyondCorp Alliance", this is the partner ID specified to you by Google. For all other callers, this is a string of the form: `{customer}-suffix`, where `customer` is your customer ID. The *suffix* is any string the caller specifies. This string will be displayed verbatim in the administration console. This suffix is used in setting up Custom Access Levels in Context-Aware Access. Your organization's customer ID can be obtained from the URL: `GET https://www.googleapis.com/admin/directory/v1/customers/my_customer` The `id` field in the response contains the customer ID starting with the letter 'C'. The customer ID to be used in this API is the string after the letter 'C' (not including 'C') ownerType: Output only. The owner of the ClientState scoreReason: A descriptive cause of the health score. c$\rSrSrSrSrSrSrSrg)JGoogleAppsCloudidentityDevicesV1ClientState.ComplianceStateValueValuesEnumia0The compliance state of the resource as specified by the API client. Values: COMPLIANCE_STATE_UNSPECIFIED: The compliance state of the resource is unknown or unspecified. COMPLIANT: Device is compliant with third party policies NON_COMPLIANT: Device is not compliant with third party policies rr r*r N) rrrrrCOMPLIANCE_STATE_UNSPECIFIED COMPLIANT NON_COMPLIANTrr rrComplianceStateValueValuesEnumrs$% IMrrc0\rSrSrSrSrSrSrSrSr Sr S r g ) FGoogleAppsCloudidentityDevicesV1ClientState.HealthScoreValueValuesEnumi aThe Health score of the resource. The Health score is the callers specification of the condition of the device from a usability point of view. For example, a third-party device management provider may specify a health score based on its compliance with organizational policies. Values: HEALTH_SCORE_UNSPECIFIED: Default value VERY_POOR: The object is in very poor health as defined by the caller. POOR: The object is in poor health as defined by the caller. NEUTRAL: The object health is neither good nor poor, as defined by the caller. GOOD: The object is in good health as defined by the caller. VERY_GOOD: The object is in very good health as defined by the caller. rr r*r;r>r?r N) rrrrrHEALTH_SCORE_UNSPECIFIED VERY_POORPOORNEUTRALGOOD VERY_GOODrr rrHealthScoreValueValuesEnumr s(  !I DG DIrrc$\rSrSrSrSrSrSrSrg)BGoogleAppsCloudidentityDevicesV1ClientState.ManagedValueValuesEnumi"zThe management state of the resource as specified by the API client. Values: MANAGED_STATE_UNSPECIFIED: The management state of the resource is unknown or unspecified. MANAGED: The resource is managed. UNMANAGED: The resource is not managed. rr r*r N) rrrrrMANAGED_STATE_UNSPECIFIEDMANAGEDrrr rrManagedValueValuesEnumr"s!"GIrrc$\rSrSrSrSrSrSrSrg)DGoogleAppsCloudidentityDevicesV1ClientState.OwnerTypeValueValuesEnumi/zOutput only. The owner of the ClientState Values: OWNER_TYPE_UNSPECIFIED: Unknown owner type OWNER_TYPE_CUSTOMER: Customer is the owner OWNER_TYPE_PARTNER: Partner is the owner rr r*r N) rrrrrOWNER_TYPE_UNSPECIFIEDOWNER_TYPE_CUSTOMEROWNER_TYPE_PARTNERrr rrOwnerTypeValueValuesEnumr/srradditionalPropertiescf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) >GoogleAppsCloudidentityDevicesV1ClientState.KeyValuePairsValuei;amThe map of key-value attributes stored by callers specific to a device. The total serialized length of this map may not exceed 10KB. No limit is placed on the number of attributes in a map. Messages: AdditionalProperty: An additional property for a KeyValuePairsValue object. Fields: additionalProperties: Additional properties of type KeyValuePairsValue cb\rSrSrSr\R "S5r\R"SS5r Sr g)QGoogleAppsCloudidentityDevicesV1ClientState.KeyValuePairsValue.AdditionalPropertyiIzAn additional property for a KeyValuePairsValue object. Fields: key: Name of the additional property. value: A GoogleAppsCloudidentityDevicesV1CustomAttributeValue attribute. r 4GoogleAppsCloudidentityDevicesV1CustomAttributeValuer*r N rrrrrrrkeyr-valuerr rrAdditionalPropertyrIs-   ! !! $c$$%[]^_errr Tr7r N rrrrrrMessagerr-rrr rrKeyValuePairsValuer;s4  `Y.. `%112FTXYrrr Tr7r*r;r>r?r|rrrrrrr N)rrrrrrrrrrrrMapUnrecognizedFieldsrrr assetTagsrcomplianceState createTimecustomIdetag healthScorer- keyValuePairslastUpdateTimemanagedr/ ownerType scoreReasonrr rrrrrrsK;z y~~ 9>>, y~~    !!"89Z9,,Z:Z6##A5)''(H!L/$$Q'*  " "1 %(   q !$##$@!D+(()=qA-((+.    8! <'   r "$!!"r?r|rr N)rrrrrDEVICE_TYPE_UNSPECIFIEDANDROIDIOS GOOGLE_SYNCWINDOWSMAC_OSLINUX CHROME_OSrr rrDeviceTypeValueValuesEnumrs2  G CKG F EIrr c(\rSrSrSrSrSrSrSrSr g) EGoogleAppsCloudidentityDevicesV1Device.EncryptionStateValueValuesEnumizOutput only. Device encryption state. Values: ENCRYPTION_STATE_UNSPECIFIED: Encryption Status is not set. UNSUPPORTED_BY_DEVICE: Device doesn't support encryption. ENCRYPTED: Device is encrypted. NOT_ENCRYPTED: Device is not encrypted. rr r*r;r N) rrrrrENCRYPTION_STATE_UNSPECIFIEDUNSUPPORTED_BY_DEVICE ENCRYPTED NOT_ENCRYPTEDrr rrEncryptionStateValueValuesEnumr"s$% IMrr'c4\rSrSrSrSrSrSrSrSr Sr S r S r g ) EGoogleAppsCloudidentityDevicesV1Device.ManagementStateValueValuesEnumiaOutput only. Management state of the device Values: MANAGEMENT_STATE_UNSPECIFIED: Default value. This value is unused. APPROVED: Device is approved. BLOCKED: Device is blocked. PENDING: Device is pending approval. UNPROVISIONED: The device is not provisioned. Device will start from this state until some action is taken (i.e. a user starts using the device). WIPING: Data and settings on the device are being removed. WIPED: All data and settings on the device are removed. rr r*r;r>r?r|r N) rrrrrMANAGEMENT_STATE_UNSPECIFIEDAPPROVEDBLOCKEDPENDING UNPROVISIONEDWIPINGWIPEDrr rrManagementStateValueValuesEnumr)s- $% HGGM F Err1c$\rSrSrSrSrSrSrSrg)?GoogleAppsCloudidentityDevicesV1Device.OwnerTypeValueValuesEnumi zOutput only. Whether the device is owned by the company or an individual Values: DEVICE_OWNERSHIP_UNSPECIFIED: Default value. The value is unused. COMPANY: Company owns the device. BYOD: Bring Your Own Device (i.e. individual owns the device) rr r*r N) rrrrrDEVICE_OWNERSHIP_UNSPECIFIEDCOMPANYBYODrr rrrr3 s$% G Drrr[r r*r;r>r?r|rrrrrrrFGoogleAppsCloudidentityDevicesV1EndpointVerificationSpecificAttributesrr Tr7r r N)1rrrrrrrrr r'r1rr-androidSpecificAttributesrassetTagbasebandVersionbootloaderVersionbrand buildNumberrcompromisedStaterdeviceId deviceTyper%enabledDeveloperOptionsenabledUsbDebuggingencryptionState&endpointVerificationSpecificAttributeshostnameimei kernelVersion lastSyncTimemanagementState manufacturermeidmodelr/networkOperator osVersion otherAccountsrreleaseVersionsecurityPatchTimerunifiedDeviceIdwifiMacAddressesrr rrrUrUsBH   ).., y~~ y~~,    (445hjkl  " "1 %())!,/++A.    "%%%a(+(()JAN$$Q'*  " "1 %(""#>C*%2226!..r2''(H"M/+4+A+ACKMO,P(  " "2 &(   r "$''+-&&r*,''(H"M/&&r*,   r "$    #%   r "$))"-/##B')''T:-!!"r?r|r N) rrrrrr*r/r0r+r,PENDING_APPROVAL UNENROLLEDrr rrr1rie s. $% F EHGJrr1c$\rSrSrSrSrSrSrSrg)GGoogleAppsCloudidentityDevicesV1DeviceUser.PasswordStateValueValuesEnumiz zPassword state of the DeviceUser object Values: PASSWORD_STATE_UNSPECIFIED: Password state not set. PASSWORD_SET: Password set in object. PASSWORD_NOT_SET: Password not set in object. rr r*r N) rrrrrPASSWORD_STATE_UNSPECIFIED PASSWORD_SETPASSWORD_NOT_SETrr rrPasswordStateValueValuesEnumrmz s"#Lrrqr r*r;r>r?r|rrrrr N)rrrrrrrrr1rqrrNrr firstSyncTime languageCoderXrYr/ passwordState userAgent userEmailrr rrrsrs; s8   y~~* Y^^ (()JAN$$Q'*''*-&&q),&&q),''(H!L/   q !$%%&DaH-##A&)##B')rrsc\rSrSrSr\R "S5"SS\R55r \R"SS5r \R"SSS S 9r \R"S S S S 9r S rg)r7i aResource representing the [Endpoint Verification-specific attributes](https://cloud.google.com/endpoint-verification/docs/device- information) of a device. Messages: AdditionalSignalsValue: [Additional signals](https://cloud.google.com/endpoint-verification/docs/device- information) reported by Endpoint Verification. It includes the following attributes: * Non-configurable attributes: hotfixes, av_installed, av_enabled, windows_domain_name, is_os_native_firewall_enabled, and is_secure_boot_enabled. * [Configurable attributes](https://cloud.google.com/endpoint- verification/docs/collect-config-attributes): file, folder, and binary attributes; registry entries; and properties in a plist. Fields: additionalSignals: [Additional signals](https://cloud.google.com/endpoint- verification/docs/device-information) reported by Endpoint Verification. It includes the following attributes: * Non-configurable attributes: hotfixes, av_installed, av_enabled, windows_domain_name, is_os_native_firewall_enabled, and is_secure_boot_enabled. * [Configurable attributes](https://cloud.google.com/endpoint- verification/docs/collect-config-attributes): file, folder, and binary attributes; registry entries; and properties in a plist. browserAttributes: Details of browser profiles reported by Endpoint Verification. certificateAttributes: Details of certificates. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) ]GoogleAppsCloudidentityDevicesV1EndpointVerificationSpecificAttributes.AdditionalSignalsValuei a[Additional signals](https://cloud.google.com/endpoint- verification/docs/device-information) reported by Endpoint Verification. It includes the following attributes: * Non-configurable attributes: hotfixes, av_installed, av_enabled, windows_domain_name, is_os_native_firewall_enabled, and is_secure_boot_enabled. * [Configurable attributes](https://cloud.google.com/endpoint-verification/docs/collect- config-attributes): file, folder, and binary attributes; registry entries; and properties in a plist. Messages: AdditionalProperty: An additional property for a AdditionalSignalsValue object. Fields: additionalProperties: Properties of the object. cb\rSrSrSr\R "S5r\R"SS5r Sr g)pGoogleAppsCloudidentityDevicesV1EndpointVerificationSpecificAttributes.AdditionalSignalsValue.AdditionalPropertyi zAn additional property for a AdditionalSignalsValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r extra_types.JsonValuer*r Nrr rrrr{ ,   ! !! $c$$% ,,-EqI,,-`bcnrs#001hjkvz{rr7c`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) 8GoogleAppsCloudidentityDevicesV1ListClientStatesResponsei zResponse message that is returned in ListClientStates. Fields: clientStates: Client states meeting the list restrictions. nextPageToken: Token to retrieve the next page of results. Empty if there are no more results. rrr Tr7r*r N) rrrrrrr- clientStatesr nextPageTokenrr rrrr s0''(UWXcgh,''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) 7GoogleAppsCloudidentityDevicesV1ListDeviceUsersResponsei zResponse message that is returned from the ListDeviceUsers method. Fields: deviceUsers: Devices meeting the list restrictions. nextPageToken: Token to retrieve the next page of results. Empty if there are no more results. rsr Tr7r*r N) rrrrrrr- deviceUsersrrrr rrrr s0&&'SUVaef+''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) 3GoogleAppsCloudidentityDevicesV1ListDevicesResponsei zResponse message that is returned from the ListDevices method. Fields: devices: Devices meeting the list restrictions. nextPageToken: Token to retrieve the next page of results. Empty if there are no more results. rUr Tr7r*r N) rrrrrrr-devicesrrrr rrrr s/  " "#KQY] ^'''*-rrc\rSrSrSrSrg)8GoogleAppsCloudidentityDevicesV1ListEndpointAppsMetadatai z"Metadata for ListEndpointApps LRO.r Nr!r rrrr r"rrc\rSrSrSr\R "S5r\R "SSS9r\R "S5r Sr g ) =GoogleAppsCloudidentityDevicesV1LookupSelfDeviceUsersResponsei aRResponse containing resource names of the DeviceUsers associated with the caller's credentials. Fields: customer: The customer resource name that may be passed back to other Devices API methods such as List, Get, etc. names: [Resource names](https://cloud.google.com/apis/design/resource_names) of the DeviceUsers in the format: `devices/{device}/deviceUsers/{user_resource}`, where device is the unique ID assigned to a Device and user_resource is the unique user ID nextPageToken: Token to retrieve the next page of results. Empty if there are no more results. r r*Tr7r;r N) rrrrrrrrVnamesrrr rrrr s;  " "1 %(   D 1%''*-rrc\rSrSrSrSrg)9GoogleAppsCloudidentityDevicesV1SignoutDeviceUserMetadatai z#Metadata for SignoutDeviceUser LRO.r Nr!r rrrr rmrrc\rSrSrSrSrg)9GoogleAppsCloudidentityDevicesV1UpdateClientStateMetadatai z#Metadata for UpdateClientState LRO.r Nr!r rrrr rmrrc\rSrSrSrSrg)4GoogleAppsCloudidentityDevicesV1UpdateDeviceMetadatai zMetadata for UpdateDevice LRO.r Nr!r rrrr rrrc\rSrSrSrSrg)2GoogleAppsCloudidentityDevicesV1WipeDeviceMetadatai! zMetadata for WipeDevice LRO.r Nr!r rrrr! s%rrc`\rSrSrSr\R "S5r\R"S5r Sr g)ri% aRequest message for wiping all data on the device. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. removeResetLock: Optional. Specifies if a user is able to factory reset a device after a Device Wipe. On iOS, this is called "Activation Lock", while on Android, this is known as "Factory Reset Protection". If true, this protection will be removed from the device, so that a user can successfully factory reset. If false, the setting is untouched on the device. r r*r N) rrrrrrrrVr%removeResetLockrr rrrr% s)" " "1 %(**1-/rrc>\rSrSrSr\R "SS5rSrg)2GoogleAppsCloudidentityDevicesV1WipeDeviceResponsei; zResponse message for wiping all data on the device. Fields: device: Resultant Device object for the action. Note that asset tags will not be returned in the device object. rUr r Nrr rrrr; rrrc\rSrSrSrSrg)6GoogleAppsCloudidentityDevicesV1WipeDeviceUserMetadataiF z Metadata for WipeDeviceUser LRO.r Nr!r rrrrF s)rrc<\rSrSrSr\R "S5rSrg)riJ aRequest message for starting an account wipe on device. Fields: customer: Optional. [Resource name](https://cloud.google.com/apis/design/resource_names) of the customer. If you're using this API for your own organization, use `customers/my_customer` If you're using this API to manage another organization, use `customers/{customer}`, where customer is the customer to whom the device belongs. r r Nror rrrrJ rprrc>\rSrSrSr\R "SS5rSrg)6GoogleAppsCloudidentityDevicesV1WipeDeviceUserResponseiY zResponse message for wiping the user's account from the device. Fields: deviceUser: Resultant DeviceUser object for the action. rsr r Nrtr rrrrY rvrrc\rSrSrSr\R "S5"SS\R55r \R"SSSS 9r \R"S 5r \R"S 5r\R"S 5r\R"S S5r\R"SS5r\R"SS5r\R"S5r\R"S5r\R"S5rSrg)ric aC A group within the Cloud Identity Groups API. A `Group` is a collection of entities, where each entity is either a user, another group, or a service account. Messages: LabelsValue: Required. One or more label entries that apply to the Group. Labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value. Google Groups can be [locked](https://support.google.com/a?p=locked-groups). To lock a group, add a label with a key of `cloudidentity.googleapis.com/groups.locked` and an empty value. Doing so locks the group. To unlock the group, remove this label. Fields: additionalGroupKeys: Output only. Additional group keys associated with the Group. createTime: Output only. The time when the `Group` was created. description: An extended description to help users determine the purpose of a `Group`. Must not be longer than 4,096 characters. displayName: The display name of the `Group`. dynamicGroupMetadata: Optional. Dynamic group metadata like queries and status. groupKey: Required. The `EntityKey` of the `Group`. labels: Required. One or more label entries that apply to the Group. Labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value. Google Groups can be [locked](https://support.google.com/a?p=locked-groups). To lock a group, add a label with a key of `cloudidentity.googleapis.com/groups.locked` and an empty value. Doing so locks the group. To unlock the group, remove this label. name: Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`. parent: Required. Immutable. The resource name of the entity under which this `Group` resides in the Cloud Identity resource hierarchy. Must be of the form `identitysources/{identity_source}` for external [identity- mapped groups](https://support.google.com/a/answer/9039510) or `customers/{customer_id}` for Google Groups. The `customer_id` must begin with "C" (for example, 'C046psxkn'). [Find your customer ID.] (https://support.google.com/cloudidentity/answer/10070793) updateTime: Output only. The time when the `Group` was last updated. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Group.LabelsValuei aFRequired. One or more label entries that apply to the Group. Labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value. Google Groups can be [locked](https://support.google.com/a?p=locked-groups). To lock a group, add a label with a key of `cloudidentity.googleapis.com/groups.locked` and an empty value. Doing so locks the group. To unlock the group, remove this label. Messages: AdditionalProperty: An additional property for a LabelsValue object. Fields: additionalProperties: Additional properties of type LabelsValue c`\rSrSrSr\R "S5r\R "S5rSr g)$Group.LabelsValue.AdditionalPropertyi An additional property for a LabelsValue object. Fields: key: Name of the additional property. value: A string attribute. r r*r N rrrrrrrrrrr rrrr )   ! !! $c##A&errr Tr7r Nrr rr LabelsValuer s2. 'Y.. '%112FTXYrrrMr Tr7r*r;r>r5r?r|rrrrr N)rrrrrrrrrrr-additionalGroupKeysrr description displayNamedynamicGroupMetadatagroupKeylabelsr/rG updateTimerr rrrrc s9v !!"89#ZI%%#Z:#ZJ"..{AM$$Q'*%%a(+%%a(+"//0FJ  # #K 3(  ! !- 3&   q !$   #&$$R(*rrct\rSrSrSr"SS\R 5r\R"S5"SS\R55r \R"S5r \R"S 5r\R"S S 5r\R"SS 5r\R$"SS 5r\R"SSSS9rSrg) GroupRelationi acMessage representing a transitive group of a user or a group. Enums: RelationTypeValueValuesEnum: The relation between the member and the transitive group. Messages: LabelsValue: Labels for Group resource. Fields: displayName: Display name for this group. group: Resource name for this group. groupKey: Entity key has an id and a namespace. In case of discussion forums, the id will be an email address without a namespace. labels: Labels for Group resource. relationType: The relation between the member and the transitive group. roles: Membership roles of the member for the group. c(\rSrSrSrSrSrSrSrSr g) )GroupRelation.RelationTypeValueValuesEnumi aThe relation between the member and the transitive group. Values: RELATION_TYPE_UNSPECIFIED: The relation type is undefined or undetermined. DIRECT: The two entities have only a direct membership with each other. INDIRECT: The two entities have only an indirect membership with each other. DIRECT_AND_INDIRECT: The two entities have both a direct and an indirect membership with each other. rr r*r;r N rrrrrRELATION_TYPE_UNSPECIFIEDDIRECTINDIRECTDIRECT_AND_INDIRECTrr rrRelationTypeValueValuesEnumr  !" FHrrrcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) GroupRelation.LabelsValuei zLabels for Group resource. Messages: AdditionalProperty: An additional property for a LabelsValue object. Fields: additionalProperties: Additional properties of type LabelsValue c`\rSrSrSr\R "S5r\R "S5rSr g),GroupRelation.LabelsValue.AdditionalPropertyi rr r*r Nrr rrrr rrrr Tr7r Nrr rrrr s2 'Y.. '%112FTXYrrr r*rMr;r>r?TransitiveMembershipRoler|Tr7r N)rrrrrrrrrrrrrrrr-rrr relationTyperolesrr rrrr s&INN" !!"89ZI%%Z:Z.%%a(+    "%  # #K 3(  ! !- 3&$$%BAF,  !;Q N%rrc\rSrSrSr\R "SS5r\R"S5r \R "SS5r \R"S5r S r g ) IdpCredentiali aCredential for verifying signatures produced by the Identity Provider. Fields: dsaKeyInfo: Output only. Information of a DSA public key. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the credential. rsaKeyInfo: Output only. Information of a RSA public key. updateTime: Output only. Time when the `IdpCredential` was last updated. r0r r*RsaPublicKeyInfor;r>r N) rrrrrrr- dsaKeyInforr/ rsaKeyInforrr rrrr sO %%&8!<*   q !$%%&8!<*$$Q'*rrc\rSrSrSr\R "S5r\R "S5r\R"SS5r \R "S5r \R"SS 5r S r g ) ri( aAn [OIDC](https://openid.net/developers/how-connect-works/) federation between a Google enterprise customer and an OIDC identity provider. Fields: customer: Immutable. The customer. For example: `customers/C0123abc`. displayName: Human-readable name of the OIDC SSO profile. idpConfig: OIDC identity provider configuration. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the OIDC SSO profile. rpConfig: OIDC relying party (RP) configuration for this OIDC SSO profile. These are the RP details provided by Google that should be configured on the corresponding identity provider. r r* OidcIdpConfigr;r> OidcRpConfigr?r N)rrrrrrrrVrr- idpConfigr/rpConfigrr rrrr( ]  " "1 %(%%a(+$$_a8)   q !$  # #NA 6(rrc\rSrSrSr\R "S5r\R "S5r\R"SS5r \R "S5r \R"SS 5r S r g ) ri? aA [SAML 2.0](https://www.oasis-open.org/standards#samlv2.0) federation between a Google enterprise customer and a SAML identity provider. Fields: customer: Immutable. The customer. For example: `customers/C0123abc`. displayName: Human-readable name of the SAML SSO profile. idpConfig: SAML identity provider configuration. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the SAML SSO profile. spConfig: SAML service provider configuration for this SAML SSO profile. These are the service provider details provided by Google that should be configured on the corresponding identity provider. r r* SamlIdpConfigr;r> SamlSpConfigr?r N)rrrrrrrrVrr-rr/spConfigrr rrrr? rrrc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S \RRS 9r\R"S S 5r\R"S S5r\R&"SS5r\R"S5r\R"S5rSrg)riV awTargets with "set" SSO assignments and their respective assignments. Enums: SsoModeValueValuesEnum: Inbound SSO behavior. Fields: customer: Immutable. The customer. For example: `customers/C0123abc`. name: Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the Inbound SSO Assignment. oidcSsoInfo: OpenID Connect SSO details. Must be set if and only if `sso_mode` is set to `OIDC_SSO`. rank: Must be zero (which is the default value so it can be omitted) for assignments with `target_org_unit` set and must be greater-than-or- equal-to one for assignments with `target_group` set. samlSsoInfo: SAML SSO details. Must be set if and only if `sso_mode` is set to `SAML_SSO`. signInBehavior: Assertions about users assigned to an IdP will always be accepted from that IdP. This controls whether/when Google should redirect a user to the IdP. Unset (defaults) is the recommended configuration. ssoMode: Inbound SSO behavior. targetGroup: Immutable. Must be of the form `groups/{group}`. targetOrgUnit: Immutable. Must be of the form `orgUnits/{org_unit}`. c,\rSrSrSrSrSrSrSrSr Sr g ) +InboundSsoAssignment.SsoModeValueValuesEnumiq aInbound SSO behavior. Values: SSO_MODE_UNSPECIFIED: Not allowed. SSO_OFF: Disable SSO for the targeted users. SAML_SSO: Use an external SAML Identity Provider for SSO for the targeted users. OIDC_SSO: Use an external OIDC Identity Provider for SSO for the targeted users. DOMAIN_WIDE_SAML_IF_ENABLED: Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to `SSO_OFF`. Note that this will also be equivalent to `SSO_OFF` if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to `SSO_OFF`. rr r*r;r>r N) rrrrrSSO_MODE_UNSPECIFIEDSSO_OFFSAML_SSOOIDC_SSODOMAIN_WIDE_SAML_IF_ENABLEDrr rrSsoModeValueValuesEnumrq s$ GHH"#rrr r* OidcSsoInfor;r>r< SamlSsoInfor?SignInBehaviorr|rrrr N)rrrrrrrrrrVr/r- oidcSsoInforBrCrDrank samlSsoInfosignInBehaviorrssoMode targetGroup targetOrgUnitrr rrrrV s4$y~~$. " "1 %(   q !$&&}a8+   9+<+<+B+B C$&&}a8+))*:A>.    8! <'%%a(+''*-rrc<\rSrSrSr\R "S5rSrg)IsInvitableUserResponsei znResponse for IsInvitableUser RPC. Fields: isInvitableUser: Returns true if the email address is invitable. r r N) rrrrrrr%isInvitableUserrr rrrr s **1-/rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListGroupsResponsei a Response message for ListGroups operation. Fields: groups: Groups returned in response to list request. The results are not sorted. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results available for listing. rr Tr7r*r N rrrrrrr-rYrrrr rrrr s-  ! !'1t <&''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListIdpCredentialsResponsei a9Response of the InboundSamlSsoProfilesService.ListIdpCredentials method. Fields: idpCredentials: The IdpCredentials from the specified InboundSamlSsoProfile. nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages. rr Tr7r*r N) rrrrrrr-idpCredentialsrrrr rrrr s-))/1tL.''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) "ListInboundOidcSsoProfilesResponsei a(Response of the InboundOidcSsoProfilesService.ListInboundOidcSsoProfiles method. Fields: inboundOidcSsoProfiles: List of InboundOidcSsoProfiles. nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages. rr Tr7r*r N) rrrrrrr-inboundOidcSsoProfilesrrrr rrrr 0%112I1W[\''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) "ListInboundSamlSsoProfilesResponsei a(Response of the InboundSamlSsoProfilesService.ListInboundSamlSsoProfiles method. Fields: inboundSamlSsoProfiles: List of InboundSamlSsoProfiles. nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages. rr Tr7r*r N) rrrrrrr-inboundSamlSsoProfilesrrrr rrrr rrrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) !ListInboundSsoAssignmentsResponsei aResponse of the InboundSsoAssignmentsService.ListInboundSsoAssignments method. Fields: inboundSsoAssignments: The assignments. nextPageToken: A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages. rr Tr7r*r N) rrrrrrr-inboundSsoAssignmentsrrrr rrrr s0$001GUYZ''*-rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListMembershipsResponsei aThe response message for MembershipsService.ListMemberships. Fields: memberships: The `Membership`s under the specified `parent`. nextPageToken: A continuation token to retrieve the next page of results, or empty if there are no more results available. rr Tr7r*r N rrrrrrr- membershipsrrrr rrrr s-&&|QF+''*-rrc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListPoliciesResponsei zThe response message for PoliciesService.ListPolicies. Fields: nextPageToken: The pagination token to retrieve the next page of results. If this field is empty, there are no subsequent pages. policies: The results r Policyr*Tr7r N) rrrrrrrrr-policiesrr rrrr s-''*-  # #Ha$ ?(rrc`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListUserInvitationsResponsei aResponse message for UserInvitation listing request. Fields: nextPageToken: The token for the next page. If not empty, indicates that there may be more `UserInvitation` resources that match the listing request; this value can be used in a subsequent ListUserInvitationsRequest to get continued results with the current list call. userInvitations: The list of UserInvitation resources. r UserInvitationr*Tr7r N) rrrrrrrrr-userInvitationsrr rrrr s. ''*-**+;QN/rrc<\rSrSrSr\R "S5rSrg)LookupGroupNameResponsei zThe response message for GroupsService.LookupGroupName. Fields: name: The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up `Group`. r r Nr3r rrrr s   q !$rrc<\rSrSrSr\R "S5rSrg)LookupMembershipNameResponsei aThe response message for MembershipsService.LookupMembershipName. Fields: name: The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up `Membership`. Must be of the form `groups/{group}/memberships/{membership}`. r r Nr3r rrrr s   q !$rrc\rSrSrSr"SS\R 5r\R"S5r \R"SSSS 9r \R"SS 5r \R"S S SS 9rS rg)MemberRelationi& aMessage representing a transitive membership of a group. Enums: RelationTypeValueValuesEnum: The relation between the group and the transitive member. Fields: member: Resource name for this member. preferredMemberKey: Entity key has an id and a namespace. In case of discussion forums, the id will be an email address without a namespace. relationType: The relation between the group and the transitive member. roles: The membership role details (i.e name of role and expiry time). c(\rSrSrSrSrSrSrSrSr g) *MemberRelation.RelationTypeValueValuesEnumi5 aThe relation between the group and the transitive member. Values: RELATION_TYPE_UNSPECIFIED: The relation type is undefined or undetermined. DIRECT: The two entities have only a direct membership with each other. INDIRECT: The two entities have only an indirect membership with each other. DIRECT_AND_INDIRECT: The two entities have both a direct and an indirect membership with each other. rr r*r;r Nrr rrrr 5 rrrr rMr*Tr7r;rr>r N)rrrrrrrrrmemberr-preferredMemberKeyrrrrr rrr r & sf INN"   #& --k1tL$$%BAF,  !;Q N%rr cb\rSrSrSr\R "SS5r\R"S5r Sr g)MemberRestrictioniL aJThe definition of MemberRestriction Fields: evaluation: The evaluated state of this restriction on a group. query: Member Restriction as defined by CEL expression. Supported restrictions are: `member.customer_id` and `member.type`. Valid values for `member.type` are `1`, `2` and `3`. They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively. The value for `member.customer_id` only supports `groupCustomerId()` currently which means the customer id of the group will be used for restriction. Supported operators are `&&`, `||` and `==`, corresponding to AND, OR, and EQUAL. Examples: Allow only service accounts of given customer to be members. `member.type == 2 && member.customer_id == groupCustomerId()` Allow only users or groups to be members. `member.type == 1 || member.type == 3` RestrictionEvaluationr r*r N) rrrrrrr- evaluationrrrr rrrrL s,"%%&=qA*    "%rrcn\rSrSrSr"SS\R 5r"SS\R 5r\R"S5r \R"SS5r \R"S 5r \R"S S 5r\R"S S SS9r\R"SS5r\R"S5rSrg)rib a\A membership within the Cloud Identity Groups API. A `Membership` defines a relationship between a `Group` and an entity belonging to that `Group`, referred to as a "member". Enums: DeliverySettingValueValuesEnum: Output only. Delivery setting associated with the membership. TypeValueValuesEnum: Output only. The type of the membership. Fields: createTime: Output only. The time when the `Membership` was created. deliverySetting: Output only. Delivery setting associated with the membership. name: Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Membership`. Shall be of the form `groups/{group}/memberships/{membership}`. preferredMemberKey: Required. Immutable. The `EntityKey` of the member. roles: The `MembershipRole`s that apply to the `Membership`. If unspecified, defaults to a single `MembershipRole` with `name` `MEMBER`. Must not contain duplicate `MembershipRole`s with the same `name`. type: Output only. The type of the membership. updateTime: Output only. The time when the `Membership` was last updated. c0\rSrSrSrSrSrSrSrSr Sr S r g ) )Membership.DeliverySettingValueValuesEnumi| acOutput only. Delivery setting associated with the membership. Values: DELIVERY_SETTING_UNSPECIFIED: Default. Should not be used. ALL_MAIL: Represents each mail should be delivered DIGEST: Represents 1 email for every 25 messages. DAILY: Represents daily summary of messages. NONE: Represents no delivery. DISABLED: Represents disabled state. rr r*r;r>r?r N) rrrrrDELIVERY_SETTING_UNSPECIFIEDALL_MAILDIGESTDAILYNONErrr rrDeliverySettingValueValuesEnumr| s( $% H F E DHrrc4\rSrSrSrSrSrSrSrSr Sr S r S r g ) Membership.TypeValueValuesEnumi a]Output only. The type of the membership. Values: TYPE_UNSPECIFIED: Default. Should not be used. USER: Represents user type. SERVICE_ACCOUNT: Represents service account type. GROUP: Represents group type. SHARED_DRIVE: Represents Shared drive. CBCM_BROWSER: Represents a CBCM-managed Chrome Browser type. OTHER: Represents other type. rr r*r;r>r?r|r N) rrrrrTYPE_UNSPECIFIEDr@SERVICE_ACCOUNTGROUP SHARED_DRIVE CBCM_BROWSEROTHERrr rrTypeValueValuesEnumr s-  DO ELL Err$r r*r;rMr>MembershipRoler?Tr7r|rr N)rrrrrrrrr$rrrdeliverySettingr/r-rrtyperrr rrrrb s2y~~$INN($$Q'*''(H!L/   q !$ --k1=  !11t D%   2A 6$$$Q'*rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) rWi aMembership graph's path information as an adjacency list. Fields: edges: Each edge contains information about the member that belongs to this group. Note: Fields returned here will help identify the specific Membership resource (e.g `name`, `preferred_member_key` and `role`), but may not be a comprehensive list of all fields. group: Resource name of the group that the members belong to. rr Tr7r*r N) rrrrrrr-edgesrrrr rrrWrW s-  q4 @%    "%rrWcl\rSrSrSr\R "S5"SS\R55r \R"S5r \R"S5r \R"S5r \R"S S 5r\R"SS 5r\R"S 5r\R"S SSS9rSrg)MembershipRelationi aMessage containing membership relation. Messages: LabelsValue: One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Fields: description: An extended description to help users determine the purpose of a `Group`. displayName: The display name of the `Group`. group: The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group_id}`. groupKey: The `EntityKey` of the `Group`. labels: One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. membership: The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Membership`. Shall be of the form `groups/{group_id}/memberships/{membership_id}`. roles: The `MembershipRole`s that apply to the `Membership`. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) MembershipRelation.LabelsValuei aOne or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Messages: AdditionalProperty: An additional property for a LabelsValue object. Fields: additionalProperties: Additional properties of type LabelsValue c`\rSrSrSr\R "S5r\R "S5rSr g)1MembershipRelation.LabelsValue.AdditionalPropertyi rr r*r Nrr rrrr/ rrrr Tr7r Nrr rrrr- s2 'Y.. '%112FTXYrrr r*r;rMr>r?r|r%rTr7r N)rrrrrrrrrrrrrrr-rrrrrr rrr+r+ s. !!"89ZI%%Z:Z0%%a(+%%a(+    "%  # #K 3(  ! !- 3&$$Q'*  !11t D%rr+c\rSrSrSr\R "SS5r\R"S5r \R "SS5r Sr g ) r%i aA membership role within the Cloud Identity Groups API. A `MembershipRole` defines the privileges granted to a `Membership`. Fields: expiryDetail: The expiry details of the `MembershipRole`. Expiry details are only supported for `MEMBER` `MembershipRoles`. May be set if `name` is `MEMBER`. Must not be set if `name` is any other value. name: The name of the `MembershipRole`. Must be one of `OWNER`, `MANAGER`, `MEMBER`. restrictionEvaluations: Evaluations of restrictions applied to parent group on this membership. rQr r*RestrictionEvaluationsr;r N) rrrrrrr- expiryDetailrr/restrictionEvaluationsrr rrr%r% s? '':,   q !$$112JANrr%ch\rSrSrSr"SS\R 5r\R"SS5r Sr g)#MembershipRoleRestrictionEvaluationi The evaluated state of this restriction. Enums: StateValueValuesEnum: Output only. The current state of the restriction Fields: state: Output only. The current state of the restriction c,\rSrSrSrSrSrSrSrSr Sr g ) 8MembershipRoleRestrictionEvaluation.StateValueValuesEnumi a Output only. The current state of the restriction Values: STATE_UNSPECIFIED: Default. Should not be used. COMPLIANT: The member adheres to the parent group's restriction. FORWARD_COMPLIANT: The group-group membership might be currently violating some parent group's restriction but in future, it will never allow any new member in the child group which can violate parent group's restriction. NON_COMPLIANT: The member violates the parent group's restriction. EVALUATING: The state of the membership is under evaluation. rr r*r;r>r N) rrrrrSTATE_UNSPECIFIEDrFORWARD_COMPLIANTr EVALUATINGrr rrStateValueValuesEnumr8 s$ IMJrr<r r N rrrrrrrr<rrrr rrr5r5 s,Y^^&   4a 8%rr5c\rSrSrSr\R "SSSS9r\R"SSS9r \R "SS SS9r S r g ) ri' a_The request message for MembershipsService.ModifyMembershipRoles. Fields: addRoles: The `MembershipRole`s to be added. Adding or removing roles in the same request as updating roles is not supported. Must not be set if `update_roles_params` is set. removeRoles: The `name`s of the `MembershipRole`s to be removed. Adding or removing roles in the same request as updating roles is not supported. It is not possible to remove the `MEMBER` `MembershipRole`. If you wish to delete a `Membership`, call MembershipsService.DeleteMembership instead. Must not contain `MEMBER`. Must not be set if `update_roles_params` is set. updateRolesParams: The `MembershipRole`s to be updated. Updating roles in the same request as adding or removing roles is not supported. Must not be set if either `add_roles` or `remove_roles` is set. r%r Tr7r*UpdateMembershipRolesParamsr;r N) rrrrrrr-addRolesr removeRolesupdateRolesParamsrr rrrr' sG" # #$4a$ G(%%a$7+,,-JAX\]rrc>\rSrSrSr\R "SS5rSrg)ModifyMembershipRolesResponsei> zThe response message for MembershipsService.ModifyMembershipRoles. Fields: membership: The `Membership` resource after modifying its `MembershipRole`s. rr r N) rrrrrrr-rrr rrrDrD> s%%lA6*rrDc`\rSrSrSr\R "S5r\R "S5rSr g)riI a<OIDC IDP (identity provider) configuration. Fields: changePasswordUri: The **Change Password URL** of the identity provider. Users will be sent to this URL when changing their passwords at `myaccount.google.com`. This takes precedence over the change password URL configured at customer-level. Must use `HTTPS`. issuerUri: Required. The Issuer identifier for the IdP. Must be a URL. The discovery URL will be derived from this as described in Section 4 of [the OIDC specification](https://openid.net/specs/openid-connect- discovery-1_0.html). r r*r N) rrrrrrrchangePasswordUri issuerUrirr rrrrI s*  ++A.##A&)rrc\rSrSrSr\R "S5r\R "S5r\R "SSS9r Sr g ) ri[ zOIDC RP (relying party) configuration. Fields: clientId: OAuth2 client ID for OIDC. clientSecret: Input only. OAuth2 client secret for OIDC. redirectUris: Output only. The URL(s) that this client may use in authentication requests. r r*r;Tr7r N) rrrrrrrclientId clientSecret redirectUrisrr rrrr[ s; " "1 %(&&q),&&q48,rrc<\rSrSrSr\R "S5rSrg)rij zDetails that are applicable when `sso_mode` is set to `OIDC_SSO`. Fields: inboundOidcSsoProfile: Required. Name of the `InboundOidcSsoProfile` to use. Must be of the form `inboundOidcSsoProfiles/{inbound_oidc_sso_profile}`. r r N) rrrrrrrrrr rrrrj $//2rrcz\rSrSrSr\R "S5"SS\R55r \R "S5"SS\R55r \R"S5r \R"S S 5r\R"SS 5r\R "S 5r\R"SS 5rSrg) Operationiv aThis resource represents a long-running operation that is the result of a network API call. Messages: MetadataValue: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. ResponseValue: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Fields: done: If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. error: The error result of the operation in case of failure or cancellation. metadata: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. name: The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. response: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.MetadataValuei aService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. Messages: AdditionalProperty: An additional property for a MetadataValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.MetadataValue.AdditionalPropertyi zAn additional property for a MetadataValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r r|r*r Nrr rrrrS r}rrr Tr7r Nrr rr MetadataValuerQ s4  AY.. A%112FTXYrrTcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.ResponseValuei aThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Messages: AdditionalProperty: An additional property for a ResponseValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.ResponseValue.AdditionalPropertyi zAn additional property for a ResponseValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r r|r*r Nrr rrrrX r}rrr Tr7r Nrr rr ResponseValuerV s4 AY.. A%112FTXYrrYr Statusr*r;r>r?r N)rrrrrrrrrrTrYr%doner-errormetadatarr/responserr rrrOrOv s'R !!"89Zi''Z:Z6 !!"89Zi''Z:Z<    "$  1 -%  # #OQ 7(   q !$  # #OQ 7(rrOc\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S S 5r \R"SS 5rS rg )ri a7A Policy resource binds an instance of a single Setting with the scope of a PolicyQuery. The Setting instance will be applied to all entities that satisfy the query. Enums: TypeValueValuesEnum: Output only. The type of the policy. Fields: customer: Immutable. Customer that the Policy belongs to. The value is in the format 'customers/{customerId}'. The `customerId` must begin with "C" To find your customer ID in Admin Console see https://support.google.com/a/answer/10070793. name: Output only. Identifier. The [resource name](https://cloud.google.com/apis/design/resource_names) of the Policy. Format: policies/{policy}. policyQuery: Required. The PolicyQuery the Setting applies to. setting: Required. The Setting configured by this Policy. type: Output only. The type of the policy. c$\rSrSrSrSrSrSrSrg)Policy.TypeValueValuesEnumi zOutput only. The type of the policy. Values: POLICY_TYPE_UNSPECIFIED: Unspecified policy type. SYSTEM: Policy type denoting the system-configured policies. ADMIN: Policy type denoting the admin-configurable policies. rr r*r N) rrrrrPOLICY_TYPE_UNSPECIFIEDSYSTEMADMINrr rrr$ra s  F Err$r r* PolicyQueryr;Settingr>r?r N)rrrrrrrr$rrVr/r- policyQuerysettingrr'rr rrrr sp( INN  " "1 %(   q !$&&}a8+  " "9a 0'   2A 6$rrc\rSrSrSr\R "S5r\R "S5r\R "S5r \R"S5r Sr g) rei a!PolicyQuery Fields: group: Immutable. The group that the query applies to. This field is only set if there is a single value for group that satisfies all clauses of the query. If no group applies, this will be the empty string. orgUnit: Required. Immutable. Non-empty default. The OrgUnit the query applies to. This field is only set if there is a single value for org_unit that satisfies all clauses of the query. query: Immutable. The CEL query that defines which entities the Policy applies to (ex. a User entity). For details about CEL see https://opensource.google.com/projects/cel. The OrgUnits the Policy applies to are represented by a clause like so: entity.org_units.exists(org_unit, org_unit.org_unit_id == orgUnitId('{orgUnitId}')) The Group the Policy applies to are represented by a clause like so: entity.groups.exists(group, group.group_id == groupId('{groupId}')) The Licenses the Policy applies to are represented by a clause like so: entity.licenses.exists(license, license in ['/product/{productId}/sku/{skuId}']) The above clauses can be present in any combination, and used in conjunction with the &&, || and ! operators. The org_unit and group fields below are helper fields that contain the corresponding value(s) as the query to make the query easier to use. sortOrder: Output only. The decimal sort order of this PolicyQuery. The value is relative to all other policies with the same setting type for the customer. (There are no duplicates within this set). r r*r;r>r N) rrrrrrrrorgUnitrr sortOrderrr rrrere sI8    "%  ! !! $'    "%""1%)rrech\rSrSrSr"SS\R 5r\R"SS5r Sr g)ri-r6c,\rSrSrSrSrSrSrSrSr Sr g ) *RestrictionEvaluation.StateValueValuesEnumi7aOutput only. The current state of the restriction Values: STATE_UNSPECIFIED: Default. Should not be used. EVALUATING: The restriction state is currently being evaluated. COMPLIANT: All transitive memberships are adhering to restriction. FORWARD_COMPLIANT: Some transitive memberships violate the restriction. No new violating memberships can be added. NON_COMPLIANT: Some transitive memberships violate the restriction. New violating direct memberships will be denied while indirect memberships may be added. rr r*r;r>r N) rrrrrr9r;rr:rrr rrr<rn7s$ JIMrr<r r Nr=r rrrr-s,Y^^&   4a 8%rrc>\rSrSrSr\R "SS5rSrg)r1iMaEvaluations of restrictions applied to parent group on this membership. Fields: memberRestrictionEvaluation: Evaluation of the member restriction applied to this membership. Empty if the user lacks permission to view the restriction evaluation. r5r r N) rrrrrrr-memberRestrictionEvaluationrr rrr1r1Ms!* 6 67\^_ `rr1cb\rSrSrSr\R "S\RRS9r Sr g)riYz]Information of a RSA public key. Fields: keySize: Key size in bits (size of the modulus). r r<r Nr1r rrrrYr3rrc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) ricaSAML IDP (identity provider) configuration. Fields: changePasswordUri: The **Change Password URL** of the identity provider. Users will be sent to this URL when changing their passwords at `myaccount.google.com`. This takes precedence over the change password URL configured at customer-level. Must use `HTTPS`. entityId: Required. The SAML **Entity ID** of the identity provider. logoutRedirectUri: The **Logout Redirect URL** (sign-out page URL) of the identity provider. When a user clicks the sign-out link on a Google page, they will be redirected to this URL. This is a pure redirect with no attached SAML `LogoutRequest` i.e. SAML single logout is not supported. Must use `HTTPS`. singleSignOnServiceUri: Required. The `SingleSignOnService` endpoint location (sign-in page URL) of the identity provider. This is the URL where the `AuthnRequest` will be sent. Must use `HTTPS`. Assumed to accept the `HTTP-Redirect` binding. r r*r;r>r N) rrrrrrrrFentityIdlogoutRedirectUrisingleSignOnServiceUrirr rrrrcsL& ++A.  " "1 %(++A.$003rrc`\rSrSrSr\R "S5r\R "S5rSr g)ri}aMSAML SP (service provider) configuration. Fields: assertionConsumerServiceUri: Output only. The SAML **Assertion Consumer Service (ACS) URL** to be used for the IDP-initiated login. Assumed to accept response messages via the `HTTP-POST` binding. entityId: Output only. The SAML **Entity ID** for this service provider. r r*r N) rrrrrrrassertionConsumerServiceUrirsrr rrrr}s*!* 5 5a 8  " "1 %(rrc<\rSrSrSr\R "S5rSrg)rizDetails that are applicable when `sso_mode` == `SAML_SSO`. Fields: inboundSamlSsoProfile: Required. Name of the `InboundSamlSsoProfile` to use. Must be of the form `inboundSamlSsoProfiles/{inbound_saml_sso_profile}`. r r N) rrrrrrrrrr rrrrrMrrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) SearchDirectGroupsResponseiaThe response message for MembershipsService.SearchDirectGroups. Fields: memberships: List of direct groups satisfying the query. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results available for listing. r+r Tr7r*r Nrr rrrzrzs.&&';QN+''*-rrzc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) SearchGroupsResponseizThe response message for GroupsService.SearchGroups. Fields: groups: The `Group` resources that match the search query. nextPageToken: A continuation token to retrieve the next page of results, or empty if there are no more results available. rr Tr7r*r Nrr rrr|r|s-  ! !'1t <&''*-rr|c`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) SearchTransitiveGroupsResponseia The response message for MembershipsService.SearchTransitiveGroups. Fields: memberships: List of transitive groups satisfying the query. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results available for listing. rr Tr7r*r Nrr rrr~r~s-&&DI+''*-rr~c`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) #SearchTransitiveMembershipsResponseizThe response message for MembershipsService.SearchTransitiveMemberships. Fields: memberships: List of transitive members satisfying the query. nextPageToken: Token to retrieve the next page of results, or empty if there are no more results. r r Tr7r*r Nrr rrrrs.&&'7TJ+''*-rrcb\rSrSrSr\R "SS5r\R"S5r Sr g)rizThe definition of security settings. Fields: memberRestriction: The Member Restriction value name: Output only. The resource name of the security settings. Shall be of the form `groups/{group_id}/securitySettings`. rr r*r N) rrrrrrr-memberRestrictionrr/rr rrrrs- ,,-@!D   q !$rrc\rSrSrSrSrg)rKizVA request to send email for inviting target user corresponding to the UserInvitation. r Nr!r rrrKrKrrrKc\rSrSrSr\R "S5"SS\R55r \R"S5r \R"SS5r Srg ) rfizSetting Messages: ValueValue: Required. The value of the Setting. Fields: type: Required. Immutable. The type of the Setting. . value: Required. The value of the Setting. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Setting.ValueValueizRequired. The value of the Setting. Messages: AdditionalProperty: An additional property for a ValueValue object. Fields: additionalProperties: Properties of the object. cb\rSrSrSr\R "S5r\R"SS5r Sr g)%Setting.ValueValue.AdditionalPropertyizAn additional property for a ValueValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r r|r*r Nrr rrrrr}rrr Tr7r Nrr rr ValueValuers4 AY.. A%112FTXYrrr r*r N)rrrrrrrrrrrr'r-rrr rrrfrfs[ !!"89Z9$$Z:Z.   q !$  q 1%rrfch\rSrSrSr"SS\R 5r\R"SS5r Sr g)rizControls sign-in behavior. Enums: RedirectConditionValueValuesEnum: When to redirect sign-ins to the IdP. Fields: redirectCondition: When to redirect sign-ins to the IdP. c \rSrSrSrSrSrSrg)/SignInBehavior.RedirectConditionValueValuesEnumiaWhen to redirect sign-ins to the IdP. Values: REDIRECT_CONDITION_UNSPECIFIED: Default and means "always" NEVER: Sign-in flows where the user is prompted for their identity will not redirect to the IdP (so the user will most likely be prompted by Google for a password), but special flows like IdP-initiated SAML and sign-in following automatic redirection to the IdP by domain-specific service URLs will accept the IdP's assertion of the user's identity. rr r N)rrrrrREDIRECT_CONDITION_UNSPECIFIEDNEVERrr rr RedirectConditionValueValuesEnumrs &'" Errr r N) rrrrrrrrrredirectConditionrr rrrrs-   ))*LaPrrc\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S5r \R"SS S S 9r \R"S 5r\R"S 5r\R"S5r\R"S5r\R$"SSS 9r\R"S5r\R"S5r\R"S5r\R"S5rSrg)StandardQueryParametersi!aQuery parameters accepted by all methods. Enums: FXgafvValueValuesEnum: V1 error format. AltValueValuesEnum: Data format for response. Fields: f__xgafv: V1 error format. access_token: OAuth access token. alt: Data format for response. callback: JSONP fields: Selector specifying which fields to include in a partial response. key: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. oauth_token: OAuth 2.0 token for the current user. prettyPrint: Returns response with indentations and line breaks. quotaUser: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. trace: A tracing token of the form "token:" to include in api requests. uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). c$\rSrSrSrSrSrSrSrg)*StandardQueryParameters.AltValueValuesEnumi<zData format for response. Values: json: Responses with Content-Type of application/json media: Media download with context-dependent Content-Type proto: Responses with Content-Type of application/x-protobuf rr r*r N) rrrrrjsonmediaprotorr rrAltValueValuesEnumr<s D E Errc \rSrSrSrSrSrSrg)-StandardQueryParameters.FXgafvValueValuesEnumiHzFV1 error format. Values: _1: v1 error format _2: v2 error format rr r N)rrrrr_1_2rr rrFXgafvValueValuesEnumrHs B Brrr r*r;r)defaultr>r?r|rrTrrrrr N)rrrrrrrrrrf__xgafvr access_tokenaltcallbackfieldsr oauth_tokenr% prettyPrint quotaUsertrace uploadTypeupload_protocolrr rrrr!s4 9>>  inn  !8! <(&&q),0!VD#  " "1 %(   #&a #%%a(+&&q$7+##A&)    #%$$R(*))"-/rrc\rSrSrSr\R "S5"SS\R55r \R"S\RRS9r \R"SSS S 9r\R "S 5rS rg )rZi`aThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). Messages: DetailsValueListEntry: A DetailsValueListEntry object. Fields: code: The status code, which should be an enum value of google.rpc.Code. details: A list of messages that carry the error details. There is a common set of message types for APIs to use. message: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Status.DetailsValueListEntryitzA DetailsValueListEntry object. Messages: AdditionalProperty: An additional property for a DetailsValueListEntry object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)/Status.DetailsValueListEntry.AdditionalPropertyizAn additional property for a DetailsValueListEntry object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. r r|r*r Nrr rrrrr}rrr Tr7r Nrr rrDetailsValueListEntryrts4  AY.. A%112FTXYrrr r<r*Tr7r;r N)rrrrrrrrrrrBrCrDcoder-detailsrmessagerr rrrZrZ`s|& !!"89Zi//Z:Z2   9+<+<+B+B C$  " "#:A M'  ! !! $'rrZc<\rSrSrSr\R "S5rSrg)rizMessage representing the role of a TransitiveMembership. Fields: role: TransitiveMembershipRole in string format. Currently supported TransitiveMembershipRoles: `"MEMBER"`, `"OWNER"`, and `"MANAGER"`. r r N) rrrrrrrrolerr rrrrs   q !$rrc\rSrSrSrSrg)UpdateGroupMetadataizMetadata for UpdateGroup LRO.r Nr!r rrrrrrrc<\rSrSrSr\R "S5rSrg),UpdateInboundOidcSsoProfileOperationMetadataiaXLRO response metadata for InboundOidcSsoProfilesService.UpdateInboundOidcSsoProfile. Fields: state: State of this Operation Will be "awaiting-multi-party-approval" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448). r r Nr r rrrrrrrc<\rSrSrSr\R "S5rSrg),UpdateInboundSamlSsoProfileOperationMetadataiaXLRO response metadata for InboundSamlSsoProfilesService.UpdateInboundSamlSsoProfile. Fields: state: State of this Operation Will be "awaiting-multi-party-approval" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448). r r Nr r rrrrrrrc\rSrSrSrSrg)+UpdateInboundSsoAssignmentOperationMetadataizSLRO response metadata for InboundSsoAssignmentsService.UpdateInboundSsoAssignment. r Nr!r rrrrrrrc\rSrSrSrSrg)UpdateMembershipMetadataiz"Metadata for UpdateMembership LRO.r Nr!r rrrrr"rrcb\rSrSrSr\R "S5r\R"SS5r Sr g)r?ia%The details of an update to a `MembershipRole`. Fields: fieldMask: The fully-qualified names of fields to update. May only contain the field `expiry_detail.expire_time`. membershipRole: The `MembershipRole`s to be updated. Only `MEMBER` `MembershipRole` can currently be updated. r r%r*r N) rrrrrrr fieldMaskr-membershipRolerr rrr?r?s,##A&)))*:A>.rr?c\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"SS5r \R"S5rS rg ) riaThe `UserInvitation` resource represents an email that can be sent to an unmanaged user account inviting them to join the customer's Google Workspace or Cloud Identity account. An unmanaged account shares an email address domain with the Google Workspace or Cloud Identity account but is not managed by it yet. If the user accepts the `UserInvitation`, the user account will become managed. Enums: StateValueValuesEnum: State of the `UserInvitation`. Fields: mailsSentCount: Number of invitation emails sent to the user. name: Shall be of the form `customers/{customer}/userinvitations/{user_email_address}`. state: State of the `UserInvitation`. updateTime: Time when the `UserInvitation` was last updated. c,\rSrSrSrSrSrSrSrSr Sr g ) #UserInvitation.StateValueValuesEnumiaState of the `UserInvitation`. Values: STATE_UNSPECIFIED: The default value. This value is used if the state is omitted. NOT_YET_SENT: The `UserInvitation` has been created and is ready for sending as an email. INVITED: The user has been invited by email. ACCEPTED: The user has accepted the invitation and is part of the organization. DECLINED: The user declined the invitation. rr r*r;r>r N) rrrrrr9 NOT_YET_SENTINVITEDACCEPTEDDECLINEDrr rrr<rs# LGHHrr<r r*r;r>r N)rrrrrrrr<rBmailsSentCountrr/rrrrr rrrrs\$Y^^&))!,.   q !$   4a 8%$$Q'*rrrz$.xgafvr1r2rz groupKey.idrzgroupKey.namespacerz memberKey.idrzmemberKey.namespaceN)r __future__rapitools.base.protorpcliterrapitools.base.pyrrpackagerr rrr#r(r1r6r9rIrNrSrYr]rbrgrlrorqrvryr{r~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr r r rrrrrrrr!r$r&r(r*r,r.r0r5r6r9rMrQrTrVr[rlr_rrrxrdr{r}r~rrPrrrirrrrrrrr rrUrsr7rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrWr+r%r5rrDrrrrOrrerr1rrrrrzr|r~rrrKrfrrrZrrrrrrr?rAddCustomJsonFieldMappingAddCustomJsonEnumMappingrr rrrs  '<%(  # (9(9 # %i// %O)"3"3O , (9(9 , 19J9J 11i6G6G11)BSBS13y7H7H3< Uy7H7H U1I,=,=1"o (9(9o&1 (9(91(1I4E4E1$1)2C2C1$1y7H7H1$1I3Y=N=N3<%(i>O>O%(P193D3D1*1 0A0A1* 31B1B 3F*$93D3D*$Z11B1B1$1Y%6%61*97i&7&797x1i&7&71$Sy'8'8S> 1y'8'8 1 1I$5$5 1 &I4E4E &+7Y%6%6+7\0y'8'80,#YEVEV#( 3)2C2C 3 1)2C2C 1#i>O>O#0 1y/@/@ 1'7 0A0A'7T3)2C2C32 1ARAR 1 !#i>O>O!#H#)BSBS#D3yGXGX3&(i&7&7("57y'8'857p(y7H7H(" 1y7H7H 1 1I4E4E 1'Y5F5F':(i6G6G(" 1y7H7H 1 1I4E4E 1 3)BSBS 3 1YEVEV 1 1)BSBS 139CTCT3&'Y5F5F'8(i6G6G(" 1i6G6G 1 193D3D 1'I4E4E'6(Y5F5F("1i&7&71'y'8'8'D')++' #93D3D # #93D3D #)2C2C,y00,')++'9+<+<93D3D93D3D)2C2C,y00,Gy((G ;9,, ;G ))GB(**(D' !!'2(9$$(!2!2 =!2!2 =.0 8I8I.0b- @Q@Q- &y?P?P &W @Q@QW+i>O>O+ &Y=N=N &Wi>O>OW1 8I8I1,xf)2C2Cxfv,y?P?P, &i>O>O &Oy?P?PO09CTCT0 &)BSBS &W9CTCTW'/IY->->y>xT(1B1BT(n@|YM^M^@|F +y?P?P + +i>O>O + +):K:K +,y?P?P,+IDUDU+*- @Q@Q-- @Q@Q-(9;L;L(&9J9J&. 8I8I.,O9J9JO*Y=N=N* &I!!114>""$m]D""$&: