{-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE NoImplicitPrelude #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} -- | -- Module : Network.Google.BinaryAuthorization.Types.Product -- Copyright : (c) 2015-2016 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- module Network.Google.BinaryAuthorization.Types.Product where import Network.Google.BinaryAuthorization.Types.Sum import Network.Google.Prelude -- | Represents an expression text. Example: title: \"User account presence\" -- description: \"Determines whether the request has a user account\" -- expression: \"size(request.user) > 0\" -- -- /See:/ 'expr' smart constructor. data Expr = Expr' { _eLocation :: !(Maybe Text) , _eExpression :: !(Maybe Text) , _eTitle :: !(Maybe Text) , _eDescription :: !(Maybe Text) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'Expr' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'eLocation' -- -- * 'eExpression' -- -- * 'eTitle' -- -- * 'eDescription' expr :: Expr expr = Expr' { _eLocation = Nothing , _eExpression = Nothing , _eTitle = Nothing , _eDescription = Nothing } -- | An optional string indicating the location of the expression for error -- reporting, e.g. a file name and a position in the file. eLocation :: Lens' Expr (Maybe Text) eLocation = lens _eLocation (\ s a -> s{_eLocation = a}) -- | Textual representation of an expression in Common Expression Language -- syntax. The application context of the containing message determines -- which well-known feature set of CEL is supported. eExpression :: Lens' Expr (Maybe Text) eExpression = lens _eExpression (\ s a -> s{_eExpression = a}) -- | An optional title for the expression, i.e. a short string describing its -- purpose. This can be used e.g. in UIs which allow to enter the -- expression. eTitle :: Lens' Expr (Maybe Text) eTitle = lens _eTitle (\ s a -> s{_eTitle = a}) -- | An optional description of the expression. This is a longer text which -- describes the expression, e.g. when hovered over it in a UI. eDescription :: Lens' Expr (Maybe Text) eDescription = lens _eDescription (\ s a -> s{_eDescription = a}) instance FromJSON Expr where parseJSON = withObject "Expr" (\ o -> Expr' <$> (o .:? "location") <*> (o .:? "expression") <*> (o .:? "title") <*> (o .:? "description")) instance ToJSON Expr where toJSON Expr'{..} = object (catMaybes [("location" .=) <$> _eLocation, ("expression" .=) <$> _eExpression, ("title" .=) <$> _eTitle, ("description" .=) <$> _eDescription]) -- | An user owned drydock note references a Drydock ATTESTATION_AUTHORITY -- Note created by the user. -- -- /See:/ 'userOwnedDrydockNote' smart constructor. data UserOwnedDrydockNote = UserOwnedDrydockNote' { _uodnDelegationServiceAccountEmail :: !(Maybe Text) , _uodnPublicKeys :: !(Maybe [AttestorPublicKey]) , _uodnNoteReference :: !(Maybe Text) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'UserOwnedDrydockNote' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'uodnDelegationServiceAccountEmail' -- -- * 'uodnPublicKeys' -- -- * 'uodnNoteReference' userOwnedDrydockNote :: UserOwnedDrydockNote userOwnedDrydockNote = UserOwnedDrydockNote' { _uodnDelegationServiceAccountEmail = Nothing , _uodnPublicKeys = Nothing , _uodnNoteReference = Nothing } -- | Output only. This field will contain the service account email address -- that this Attestor will use as the principal when querying Container -- Analysis. Attestor administrators must grant this service account the -- IAM role needed to read attestations from the note_reference in -- Container Analysis (\`containeranalysis.notes.occurrences.viewer\`). -- This email address is fixed for the lifetime of the Attestor, but -- callers should not make any other assumptions about the service account -- email; future versions may use an email based on a different naming -- pattern. uodnDelegationServiceAccountEmail :: Lens' UserOwnedDrydockNote (Maybe Text) uodnDelegationServiceAccountEmail = lens _uodnDelegationServiceAccountEmail (\ s a -> s{_uodnDelegationServiceAccountEmail = a}) -- | Optional. Public keys that verify attestations signed by this attestor. -- This field may be updated. If this field is non-empty, one of the -- specified public keys must verify that an attestation was signed by this -- attestor for the image specified in the admission request. If this field -- is empty, this attestor always returns that no valid attestations exist. uodnPublicKeys :: Lens' UserOwnedDrydockNote [AttestorPublicKey] uodnPublicKeys = lens _uodnPublicKeys (\ s a -> s{_uodnPublicKeys = a}) . _Default . _Coerce -- | Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note, -- created by the user, in the format: \`projects\/*\/notes\/*\` (or the -- legacy \`providers\/*\/notes\/*\`). This field may not be updated. An -- attestation by this attestor is stored as a Drydock -- ATTESTATION_AUTHORITY Occurrence that names a container image and that -- links to this Note. Drydock is an external dependency. uodnNoteReference :: Lens' UserOwnedDrydockNote (Maybe Text) uodnNoteReference = lens _uodnNoteReference (\ s a -> s{_uodnNoteReference = a}) instance FromJSON UserOwnedDrydockNote where parseJSON = withObject "UserOwnedDrydockNote" (\ o -> UserOwnedDrydockNote' <$> (o .:? "delegationServiceAccountEmail") <*> (o .:? "publicKeys" .!= mempty) <*> (o .:? "noteReference")) instance ToJSON UserOwnedDrydockNote where toJSON UserOwnedDrydockNote'{..} = object (catMaybes [("delegationServiceAccountEmail" .=) <$> _uodnDelegationServiceAccountEmail, ("publicKeys" .=) <$> _uodnPublicKeys, ("noteReference" .=) <$> _uodnNoteReference]) -- | A generic empty message that you can re-use to avoid defining duplicated -- empty messages in your APIs. A typical example is to use it as the -- request or the response type of an API method. For instance: service Foo -- { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The -- JSON representation for \`Empty\` is empty JSON object \`{}\`. -- -- /See:/ 'empty' smart constructor. data Empty = Empty' deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'Empty' with the minimum fields required to make a request. -- empty :: Empty empty = Empty' instance FromJSON Empty where parseJSON = withObject "Empty" (\ o -> pure Empty') instance ToJSON Empty where toJSON = const emptyObject -- | Request message for \`SetIamPolicy\` method. -- -- /See:/ 'setIAMPolicyRequest' smart constructor. newtype SetIAMPolicyRequest = SetIAMPolicyRequest' { _siprPolicy :: Maybe IAMPolicy } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'SetIAMPolicyRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'siprPolicy' setIAMPolicyRequest :: SetIAMPolicyRequest setIAMPolicyRequest = SetIAMPolicyRequest' { _siprPolicy = Nothing } -- | REQUIRED: The complete policy to be applied to the \`resource\`. The -- size of the policy is limited to a few 10s of KB. An empty policy is a -- valid policy but certain Cloud Platform services (such as Projects) -- might reject them. siprPolicy :: Lens' SetIAMPolicyRequest (Maybe IAMPolicy) siprPolicy = lens _siprPolicy (\ s a -> s{_siprPolicy = a}) instance FromJSON SetIAMPolicyRequest where parseJSON = withObject "SetIAMPolicyRequest" (\ o -> SetIAMPolicyRequest' <$> (o .:? "policy")) instance ToJSON SetIAMPolicyRequest where toJSON SetIAMPolicyRequest'{..} = object (catMaybes [("policy" .=) <$> _siprPolicy]) -- | Response message for BinauthzManagementService.ListAttestors. -- -- /See:/ 'listAttestorsResponse' smart constructor. data ListAttestorsResponse = ListAttestorsResponse' { _larNextPageToken :: !(Maybe Text) , _larAttestors :: !(Maybe [Attestor]) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'ListAttestorsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'larNextPageToken' -- -- * 'larAttestors' listAttestorsResponse :: ListAttestorsResponse listAttestorsResponse = ListAttestorsResponse' { _larNextPageToken = Nothing , _larAttestors = Nothing } -- | A token to retrieve the next page of results. Pass this value in the -- ListAttestorsRequest.page_token field in the subsequent call to the -- \`ListAttestors\` method to retrieve the next page of results. larNextPageToken :: Lens' ListAttestorsResponse (Maybe Text) larNextPageToken = lens _larNextPageToken (\ s a -> s{_larNextPageToken = a}) -- | The list of attestors. larAttestors :: Lens' ListAttestorsResponse [Attestor] larAttestors = lens _larAttestors (\ s a -> s{_larAttestors = a}) . _Default . _Coerce instance FromJSON ListAttestorsResponse where parseJSON = withObject "ListAttestorsResponse" (\ o -> ListAttestorsResponse' <$> (o .:? "nextPageToken") <*> (o .:? "attestors" .!= mempty)) instance ToJSON ListAttestorsResponse where toJSON ListAttestorsResponse'{..} = object (catMaybes [("nextPageToken" .=) <$> _larNextPageToken, ("attestors" .=) <$> _larAttestors]) -- | An admission whitelist pattern exempts images from checks by admission -- rules. -- -- /See:/ 'admissionWhiteListPattern' smart constructor. newtype AdmissionWhiteListPattern = AdmissionWhiteListPattern' { _awlpNamePattern :: Maybe Text } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'AdmissionWhiteListPattern' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'awlpNamePattern' admissionWhiteListPattern :: AdmissionWhiteListPattern admissionWhiteListPattern = AdmissionWhiteListPattern' { _awlpNamePattern = Nothing } -- | An image name pattern to whitelist, in the form -- \`registry\/path\/to\/image\`. This supports a trailing \`*\` as a -- wildcard, but this is allowed only in text after the \`registry\/\` -- part. awlpNamePattern :: Lens' AdmissionWhiteListPattern (Maybe Text) awlpNamePattern = lens _awlpNamePattern (\ s a -> s{_awlpNamePattern = a}) instance FromJSON AdmissionWhiteListPattern where parseJSON = withObject "AdmissionWhiteListPattern" (\ o -> AdmissionWhiteListPattern' <$> (o .:? "namePattern")) instance ToJSON AdmissionWhiteListPattern where toJSON AdmissionWhiteListPattern'{..} = object (catMaybes [("namePattern" .=) <$> _awlpNamePattern]) -- | An admission rule specifies either that all container images used in a -- pod creation request must be attested to by one or more attestors, that -- all pod creations will be allowed, or that all pod creations will be -- denied. Images matching an admission whitelist pattern are exempted from -- admission rules and will never block a pod creation. -- -- /See:/ 'admissionRule' smart constructor. data AdmissionRule = AdmissionRule' { _arEnforcementMode :: !(Maybe AdmissionRuleEnforcementMode) , _arEvaluationMode :: !(Maybe AdmissionRuleEvaluationMode) , _arRequireAttestationsBy :: !(Maybe [Text]) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'AdmissionRule' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'arEnforcementMode' -- -- * 'arEvaluationMode' -- -- * 'arRequireAttestationsBy' admissionRule :: AdmissionRule admissionRule = AdmissionRule' { _arEnforcementMode = Nothing , _arEvaluationMode = Nothing , _arRequireAttestationsBy = Nothing } -- | Required. The action when a pod creation is denied by the admission -- rule. arEnforcementMode :: Lens' AdmissionRule (Maybe AdmissionRuleEnforcementMode) arEnforcementMode = lens _arEnforcementMode (\ s a -> s{_arEnforcementMode = a}) -- | Required. How this admission rule will be evaluated. arEvaluationMode :: Lens' AdmissionRule (Maybe AdmissionRuleEvaluationMode) arEvaluationMode = lens _arEvaluationMode (\ s a -> s{_arEvaluationMode = a}) -- | Optional. The resource names of the attestors that must attest to a -- container image, in the format \`projects\/*\/attestors\/*\`. Each -- attestor must exist before a policy can reference it. To add an attestor -- to a policy the principal issuing the policy change request must be able -- to read the attestor resource. Note: this field must be non-empty when -- the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it -- must be empty. arRequireAttestationsBy :: Lens' AdmissionRule [Text] arRequireAttestationsBy = lens _arRequireAttestationsBy (\ s a -> s{_arRequireAttestationsBy = a}) . _Default . _Coerce instance FromJSON AdmissionRule where parseJSON = withObject "AdmissionRule" (\ o -> AdmissionRule' <$> (o .:? "enforcementMode") <*> (o .:? "evaluationMode") <*> (o .:? "requireAttestationsBy" .!= mempty)) instance ToJSON AdmissionRule where toJSON AdmissionRule'{..} = object (catMaybes [("enforcementMode" .=) <$> _arEnforcementMode, ("evaluationMode" .=) <$> _arEvaluationMode, ("requireAttestationsBy" .=) <$> _arRequireAttestationsBy]) -- | Request message for \`TestIamPermissions\` method. -- -- /See:/ 'testIAMPermissionsRequest' smart constructor. newtype TestIAMPermissionsRequest = TestIAMPermissionsRequest' { _tiprPermissions :: Maybe [Text] } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'TestIAMPermissionsRequest' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'tiprPermissions' testIAMPermissionsRequest :: TestIAMPermissionsRequest testIAMPermissionsRequest = TestIAMPermissionsRequest' { _tiprPermissions = Nothing } -- | The set of permissions to check for the \`resource\`. Permissions with -- wildcards (such as \'*\' or \'storage.*\') are not allowed. For more -- information see [IAM -- Overview](https:\/\/cloud.google.com\/iam\/docs\/overview#permissions). tiprPermissions :: Lens' TestIAMPermissionsRequest [Text] tiprPermissions = lens _tiprPermissions (\ s a -> s{_tiprPermissions = a}) . _Default . _Coerce instance FromJSON TestIAMPermissionsRequest where parseJSON = withObject "TestIAMPermissionsRequest" (\ o -> TestIAMPermissionsRequest' <$> (o .:? "permissions" .!= mempty)) instance ToJSON TestIAMPermissionsRequest where toJSON TestIAMPermissionsRequest'{..} = object (catMaybes [("permissions" .=) <$> _tiprPermissions]) -- | Defines an Identity and Access Management (IAM) policy. It is used to -- specify access control policies for Cloud Platform resources. A -- \`Policy\` consists of a list of \`bindings\`. A \`binding\` binds a -- list of \`members\` to a \`role\`, where the members can be user -- accounts, Google groups, Google domains, and service accounts. A -- \`role\` is a named list of permissions defined by IAM. **JSON Example** -- { \"bindings\": [ { \"role\": \"roles\/owner\", \"members\": [ -- \"user:mike\'example.com\", \"group:admins\'example.com\", -- \"domain:google.com\", -- \"serviceAccount:my-other-app\'appspot.gserviceaccount.com\" ] }, { -- \"role\": \"roles\/viewer\", \"members\": [\"user:sean\'example.com\"] } -- ] } **YAML Example** bindings: - members: - user:mike\'example.com - -- group:admins\'example.com - domain:google.com - -- serviceAccount:my-other-app\'appspot.gserviceaccount.com role: -- roles\/owner - members: - user:sean\'example.com role: roles\/viewer For -- a description of IAM and its features, see the [IAM developer\'s -- guide](https:\/\/cloud.google.com\/iam\/docs). -- -- /See:/ 'iamPolicy' smart constructor. data IAMPolicy = IAMPolicy' { _ipEtag :: !(Maybe Bytes) , _ipVersion :: !(Maybe (Textual Int32)) , _ipBindings :: !(Maybe [Binding]) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'IAMPolicy' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'ipEtag' -- -- * 'ipVersion' -- -- * 'ipBindings' iamPolicy :: IAMPolicy iamPolicy = IAMPolicy' { _ipEtag = Nothing , _ipVersion = Nothing , _ipBindings = Nothing } -- | \`etag\` is used for optimistic concurrency control as a way to help -- prevent simultaneous updates of a policy from overwriting each other. It -- is strongly suggested that systems make use of the \`etag\` in the -- read-modify-write cycle to perform policy updates in order to avoid race -- conditions: An \`etag\` is returned in the response to \`getIamPolicy\`, -- and systems are expected to put that etag in the request to -- \`setIamPolicy\` to ensure that their change will be applied to the same -- version of the policy. If no \`etag\` is provided in the call to -- \`setIamPolicy\`, then the existing policy is overwritten blindly. ipEtag :: Lens' IAMPolicy (Maybe ByteString) ipEtag = lens _ipEtag (\ s a -> s{_ipEtag = a}) . mapping _Bytes -- | Deprecated. ipVersion :: Lens' IAMPolicy (Maybe Int32) ipVersion = lens _ipVersion (\ s a -> s{_ipVersion = a}) . mapping _Coerce -- | Associates a list of \`members\` to a \`role\`. \`bindings\` with no -- members will result in an error. ipBindings :: Lens' IAMPolicy [Binding] ipBindings = lens _ipBindings (\ s a -> s{_ipBindings = a}) . _Default . _Coerce instance FromJSON IAMPolicy where parseJSON = withObject "IAMPolicy" (\ o -> IAMPolicy' <$> (o .:? "etag") <*> (o .:? "version") <*> (o .:? "bindings" .!= mempty)) instance ToJSON IAMPolicy where toJSON IAMPolicy'{..} = object (catMaybes [("etag" .=) <$> _ipEtag, ("version" .=) <$> _ipVersion, ("bindings" .=) <$> _ipBindings]) -- | An attestator public key that will be used to verify attestations signed -- by this attestor. -- -- /See:/ 'attestorPublicKey' smart constructor. data AttestorPublicKey = AttestorPublicKey' { _apkAsciiArmoredPgpPublicKey :: !(Maybe Text) , _apkId :: !(Maybe Text) , _apkComment :: !(Maybe Text) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'AttestorPublicKey' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'apkAsciiArmoredPgpPublicKey' -- -- * 'apkId' -- -- * 'apkComment' attestorPublicKey :: AttestorPublicKey attestorPublicKey = AttestorPublicKey' { _apkAsciiArmoredPgpPublicKey = Nothing , _apkId = Nothing , _apkComment = Nothing } -- | ASCII-armored representation of a PGP public key, as the entire output -- by the command \`gpg --export --armor foo\'example.com\` (either LF or -- CRLF line endings). apkAsciiArmoredPgpPublicKey :: Lens' AttestorPublicKey (Maybe Text) apkAsciiArmoredPgpPublicKey = lens _apkAsciiArmoredPgpPublicKey (\ s a -> s{_apkAsciiArmoredPgpPublicKey = a}) -- | Output only. This field will be overwritten with key ID information, for -- example, an identifier extracted from a PGP public key. This field may -- not be updated. apkId :: Lens' AttestorPublicKey (Maybe Text) apkId = lens _apkId (\ s a -> s{_apkId = a}) -- | Optional. A descriptive comment. This field may be updated. apkComment :: Lens' AttestorPublicKey (Maybe Text) apkComment = lens _apkComment (\ s a -> s{_apkComment = a}) instance FromJSON AttestorPublicKey where parseJSON = withObject "AttestorPublicKey" (\ o -> AttestorPublicKey' <$> (o .:? "asciiArmoredPgpPublicKey") <*> (o .:? "id") <*> (o .:? "comment")) instance ToJSON AttestorPublicKey where toJSON AttestorPublicKey'{..} = object (catMaybes [("asciiArmoredPgpPublicKey" .=) <$> _apkAsciiArmoredPgpPublicKey, ("id" .=) <$> _apkId, ("comment" .=) <$> _apkComment]) -- | Response message for \`TestIamPermissions\` method. -- -- /See:/ 'testIAMPermissionsResponse' smart constructor. newtype TestIAMPermissionsResponse = TestIAMPermissionsResponse' { _tiamprPermissions :: Maybe [Text] } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'TestIAMPermissionsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'tiamprPermissions' testIAMPermissionsResponse :: TestIAMPermissionsResponse testIAMPermissionsResponse = TestIAMPermissionsResponse' { _tiamprPermissions = Nothing } -- | A subset of \`TestPermissionsRequest.permissions\` that the caller is -- allowed. tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text] tiamprPermissions = lens _tiamprPermissions (\ s a -> s{_tiamprPermissions = a}) . _Default . _Coerce instance FromJSON TestIAMPermissionsResponse where parseJSON = withObject "TestIAMPermissionsResponse" (\ o -> TestIAMPermissionsResponse' <$> (o .:? "permissions" .!= mempty)) instance ToJSON TestIAMPermissionsResponse where toJSON TestIAMPermissionsResponse'{..} = object (catMaybes [("permissions" .=) <$> _tiamprPermissions]) -- | A policy for container image binary authorization. -- -- /See:/ 'policy' smart constructor. data Policy = Policy' { _pDefaultAdmissionRule :: !(Maybe AdmissionRule) , _pAdmissionWhiteListPatterns :: !(Maybe [AdmissionWhiteListPattern]) , _pClusterAdmissionRules :: !(Maybe PolicyClusterAdmissionRules) , _pUpdateTime :: !(Maybe DateTime') , _pName :: !(Maybe Text) , _pDescription :: !(Maybe Text) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'Policy' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'pDefaultAdmissionRule' -- -- * 'pAdmissionWhiteListPatterns' -- -- * 'pClusterAdmissionRules' -- -- * 'pUpdateTime' -- -- * 'pName' -- -- * 'pDescription' policy :: Policy policy = Policy' { _pDefaultAdmissionRule = Nothing , _pAdmissionWhiteListPatterns = Nothing , _pClusterAdmissionRules = Nothing , _pUpdateTime = Nothing , _pName = Nothing , _pDescription = Nothing } -- | Required. Default admission rule for a cluster without a per-cluster -- admission rule. pDefaultAdmissionRule :: Lens' Policy (Maybe AdmissionRule) pDefaultAdmissionRule = lens _pDefaultAdmissionRule (\ s a -> s{_pDefaultAdmissionRule = a}) -- | Optional. Admission policy whitelisting. A matching admission request -- will always be permitted. This feature is typically used to exclude -- Google or third-party infrastructure images from Binary Authorization -- policies. pAdmissionWhiteListPatterns :: Lens' Policy [AdmissionWhiteListPattern] pAdmissionWhiteListPatterns = lens _pAdmissionWhiteListPatterns (\ s a -> s{_pAdmissionWhiteListPatterns = a}) . _Default . _Coerce -- | Optional. Per-cluster admission rules. Cluster spec format: -- \`location.clusterId\`. There can be at most one admission rule per -- cluster spec. A \`location\` is either a compute zone (e.g. -- us-central1-a) or a region (e.g. us-central1). For \`clusterId\` syntax -- restrictions see -- https:\/\/cloud.google.com\/container-engine\/reference\/rest\/v1\/projects.zones.clusters. pClusterAdmissionRules :: Lens' Policy (Maybe PolicyClusterAdmissionRules) pClusterAdmissionRules = lens _pClusterAdmissionRules (\ s a -> s{_pClusterAdmissionRules = a}) -- | Output only. Time when the policy was last updated. pUpdateTime :: Lens' Policy (Maybe UTCTime) pUpdateTime = lens _pUpdateTime (\ s a -> s{_pUpdateTime = a}) . mapping _DateTime -- | Output only. The resource name, in the format \`projects\/*\/policy\`. -- There is at most one policy per project. pName :: Lens' Policy (Maybe Text) pName = lens _pName (\ s a -> s{_pName = a}) -- | Optional. A descriptive comment. pDescription :: Lens' Policy (Maybe Text) pDescription = lens _pDescription (\ s a -> s{_pDescription = a}) instance FromJSON Policy where parseJSON = withObject "Policy" (\ o -> Policy' <$> (o .:? "defaultAdmissionRule") <*> (o .:? "admissionWhitelistPatterns" .!= mempty) <*> (o .:? "clusterAdmissionRules") <*> (o .:? "updateTime") <*> (o .:? "name") <*> (o .:? "description")) instance ToJSON Policy where toJSON Policy'{..} = object (catMaybes [("defaultAdmissionRule" .=) <$> _pDefaultAdmissionRule, ("admissionWhitelistPatterns" .=) <$> _pAdmissionWhiteListPatterns, ("clusterAdmissionRules" .=) <$> _pClusterAdmissionRules, ("updateTime" .=) <$> _pUpdateTime, ("name" .=) <$> _pName, ("description" .=) <$> _pDescription]) -- | Optional. Per-cluster admission rules. Cluster spec format: -- \`location.clusterId\`. There can be at most one admission rule per -- cluster spec. A \`location\` is either a compute zone (e.g. -- us-central1-a) or a region (e.g. us-central1). For \`clusterId\` syntax -- restrictions see -- https:\/\/cloud.google.com\/container-engine\/reference\/rest\/v1\/projects.zones.clusters. -- -- /See:/ 'policyClusterAdmissionRules' smart constructor. newtype PolicyClusterAdmissionRules = PolicyClusterAdmissionRules' { _pcarAddtional :: HashMap Text AdmissionRule } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'PolicyClusterAdmissionRules' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'pcarAddtional' policyClusterAdmissionRules :: HashMap Text AdmissionRule -- ^ 'pcarAddtional' -> PolicyClusterAdmissionRules policyClusterAdmissionRules pPcarAddtional_ = PolicyClusterAdmissionRules' { _pcarAddtional = _Coerce # pPcarAddtional_ } pcarAddtional :: Lens' PolicyClusterAdmissionRules (HashMap Text AdmissionRule) pcarAddtional = lens _pcarAddtional (\ s a -> s{_pcarAddtional = a}) . _Coerce instance FromJSON PolicyClusterAdmissionRules where parseJSON = withObject "PolicyClusterAdmissionRules" (\ o -> PolicyClusterAdmissionRules' <$> (parseJSONObject o)) instance ToJSON PolicyClusterAdmissionRules where toJSON = toJSON . _pcarAddtional -- | An attestor that attests to container image artifacts. An existing -- attestor cannot be modified except where indicated. -- -- /See:/ 'attestor' smart constructor. data Attestor = Attestor' { _aUserOwnedDrydockNote :: !(Maybe UserOwnedDrydockNote) , _aUpdateTime :: !(Maybe DateTime') , _aName :: !(Maybe Text) , _aDescription :: !(Maybe Text) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'Attestor' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'aUserOwnedDrydockNote' -- -- * 'aUpdateTime' -- -- * 'aName' -- -- * 'aDescription' attestor :: Attestor attestor = Attestor' { _aUserOwnedDrydockNote = Nothing , _aUpdateTime = Nothing , _aName = Nothing , _aDescription = Nothing } -- | A Drydock ATTESTATION_AUTHORITY Note, created by the user. aUserOwnedDrydockNote :: Lens' Attestor (Maybe UserOwnedDrydockNote) aUserOwnedDrydockNote = lens _aUserOwnedDrydockNote (\ s a -> s{_aUserOwnedDrydockNote = a}) -- | Output only. Time when the attestor was last updated. aUpdateTime :: Lens' Attestor (Maybe UTCTime) aUpdateTime = lens _aUpdateTime (\ s a -> s{_aUpdateTime = a}) . mapping _DateTime -- | Required. The resource name, in the format: -- \`projects\/*\/attestors\/*\`. This field may not be updated. aName :: Lens' Attestor (Maybe Text) aName = lens _aName (\ s a -> s{_aName = a}) -- | Optional. A descriptive comment. This field may be updated. The field -- may be displayed in chooser dialogs. aDescription :: Lens' Attestor (Maybe Text) aDescription = lens _aDescription (\ s a -> s{_aDescription = a}) instance FromJSON Attestor where parseJSON = withObject "Attestor" (\ o -> Attestor' <$> (o .:? "userOwnedDrydockNote") <*> (o .:? "updateTime") <*> (o .:? "name") <*> (o .:? "description")) instance ToJSON Attestor where toJSON Attestor'{..} = object (catMaybes [("userOwnedDrydockNote" .=) <$> _aUserOwnedDrydockNote, ("updateTime" .=) <$> _aUpdateTime, ("name" .=) <$> _aName, ("description" .=) <$> _aDescription]) -- | Associates \`members\` with a \`role\`. -- -- /See:/ 'binding' smart constructor. data Binding = Binding' { _bMembers :: !(Maybe [Text]) , _bRole :: !(Maybe Text) , _bCondition :: !(Maybe Expr) } deriving (Eq,Show,Data,Typeable,Generic) -- | Creates a value of 'Binding' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'bMembers' -- -- * 'bRole' -- -- * 'bCondition' binding :: Binding binding = Binding' { _bMembers = Nothing , _bRole = Nothing , _bCondition = Nothing } -- | Specifies the identities requesting access for a Cloud Platform -- resource. \`members\` can have the following values: * \`allUsers\`: A -- special identifier that represents anyone who is on the internet; with -- or without a Google account. * \`allAuthenticatedUsers\`: A special -- identifier that represents anyone who is authenticated with a Google -- account or a service account. * \`user:{emailid}\`: An email address -- that represents a specific Google account. For example, -- \`alice\'gmail.com\` . * \`serviceAccount:{emailid}\`: An email address -- that represents a service account. For example, -- \`my-other-app\'appspot.gserviceaccount.com\`. * \`group:{emailid}\`: An -- email address that represents a Google group. For example, -- \`admins\'example.com\`. * \`domain:{domain}\`: A Google Apps domain -- name that represents all the users of that domain. For example, -- \`google.com\` or \`example.com\`. bMembers :: Lens' Binding [Text] bMembers = lens _bMembers (\ s a -> s{_bMembers = a}) . _Default . _Coerce -- | Role that is assigned to \`members\`. For example, \`roles\/viewer\`, -- \`roles\/editor\`, or \`roles\/owner\`. bRole :: Lens' Binding (Maybe Text) bRole = lens _bRole (\ s a -> s{_bRole = a}) -- | Unimplemented. The condition that is associated with this binding. NOTE: -- an unsatisfied condition will not allow user access via current binding. -- Different bindings, including their conditions, are examined -- independently. bCondition :: Lens' Binding (Maybe Expr) bCondition = lens _bCondition (\ s a -> s{_bCondition = a}) instance FromJSON Binding where parseJSON = withObject "Binding" (\ o -> Binding' <$> (o .:? "members" .!= mempty) <*> (o .:? "role") <*> (o .:? "condition")) instance ToJSON Binding where toJSON Binding'{..} = object (catMaybes [("members" .=) <$> _bMembers, ("role" .=) <$> _bRole, ("condition" .=) <$> _bCondition])