1<?php
2/*
3 * Copyright 2014 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
6 * use this file except in compliance with the License. You may obtain a copy of
7 * the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 * License for the specific language governing permissions and limitations under
15 * the License.
16 */
17
18namespace Google\Service\CloudIdentity\Resource;
19
20use Google\Service\CloudIdentity\CheckTransitiveMembershipResponse;
21use Google\Service\CloudIdentity\ListMembershipsResponse;
22use Google\Service\CloudIdentity\LookupMembershipNameResponse;
23use Google\Service\CloudIdentity\Membership;
24use Google\Service\CloudIdentity\ModifyMembershipRolesRequest;
25use Google\Service\CloudIdentity\ModifyMembershipRolesResponse;
26use Google\Service\CloudIdentity\Operation;
27use Google\Service\CloudIdentity\SearchTransitiveGroupsResponse;
28use Google\Service\CloudIdentity\SearchTransitiveMembershipsResponse;
29
30/**
31 * The "memberships" collection of methods.
32 * Typical usage is:
33 *  <code>
34 *   $cloudidentityService = new Google\Service\CloudIdentity(...);
35 *   $memberships = $cloudidentityService->memberships;
36 *  </code>
37 */
38class GroupsMemberships extends \Google\Service\Resource
39{
40  /**
41   * Check a potential member for membership in a group. **Note:** This feature is
42   * only available to Google Workspace Enterprise Standard, Enterprise Plus, and
43   * Enterprise for Education; and Cloud Identity Premium accounts. If the account
44   * of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code
45   * will be returned. A member has membership to a group as long as there is a
46   * single viewable transitive membership between the group and the member. The
47   * actor must have view permissions to at least one transitive membership
48   * between the member and group. (memberships.checkTransitiveMembership)
49   *
50   * @param string $parent [Resource
51   * name](https://cloud.google.com/apis/design/resource_names) of the group to
52   * check the transitive membership in. Format: `groups/{group}`, where `group`
53   * is the unique id assigned to the Group to which the Membership belongs to.
54   * @param array $optParams Optional parameters.
55   *
56   * @opt_param string query Required. A CEL expression that MUST include member
57   * specification. This is a `required` field. Certain groups are uniquely
58   * identified by both a 'member_key_id' and a 'member_key_namespace', which
59   * requires an additional query input: 'member_key_namespace'. Example query:
60   * `member_key_id == 'member_key_id_value'`
61   * @return CheckTransitiveMembershipResponse
62   */
63  public function checkTransitiveMembership($parent, $optParams = [])
64  {
65    $params = ['parent' => $parent];
66    $params = array_merge($params, $optParams);
67    return $this->call('checkTransitiveMembership', [$params], CheckTransitiveMembershipResponse::class);
68  }
69  /**
70   * Creates a `Membership`. (memberships.create)
71   *
72   * @param string $parent Required. The parent `Group` resource under which to
73   * create the `Membership`. Must be of the form `groups/{group}`.
74   * @param Membership $postBody
75   * @param array $optParams Optional parameters.
76   * @return Operation
77   */
78  public function create($parent, Membership $postBody, $optParams = [])
79  {
80    $params = ['parent' => $parent, 'postBody' => $postBody];
81    $params = array_merge($params, $optParams);
82    return $this->call('create', [$params], Operation::class);
83  }
84  /**
85   * Deletes a `Membership`. (memberships.delete)
86   *
87   * @param string $name Required. The [resource
88   * name](https://cloud.google.com/apis/design/resource_names) of the
89   * `Membership` to delete. Must be of the form
90   * `groups/{group}/memberships/{membership}`
91   * @param array $optParams Optional parameters.
92   * @return Operation
93   */
94  public function delete($name, $optParams = [])
95  {
96    $params = ['name' => $name];
97    $params = array_merge($params, $optParams);
98    return $this->call('delete', [$params], Operation::class);
99  }
100  /**
101   * Retrieves a `Membership`. (memberships.get)
102   *
103   * @param string $name Required. The [resource
104   * name](https://cloud.google.com/apis/design/resource_names) of the
105   * `Membership` to retrieve. Must be of the form
106   * `groups/{group}/memberships/{membership}`.
107   * @param array $optParams Optional parameters.
108   * @return Membership
109   */
110  public function get($name, $optParams = [])
111  {
112    $params = ['name' => $name];
113    $params = array_merge($params, $optParams);
114    return $this->call('get', [$params], Membership::class);
115  }
116  /**
117   * Get a membership graph of just a member or both a member and a group.
118   * **Note:** This feature is only available to Google Workspace Enterprise
119   * Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity
120   * Premium accounts. If the account of the member is not one of these, a 403
121   * (PERMISSION_DENIED) HTTP status code will be returned. Given a member, the
122   * response will contain all membership paths from the member. Given both a
123   * group and a member, the response will contain all membership paths between
124   * the group and the member. (memberships.getMembershipGraph)
125   *
126   * @param string $parent Required. [Resource
127   * name](https://cloud.google.com/apis/design/resource_names) of the group to
128   * search transitive memberships in. Format: `groups/{group}`, where `group` is
129   * the unique ID assigned to the Group to which the Membership belongs to. group
130   * can be a wildcard collection id "-". When a group is specified, the
131   * membership graph will be constrained to paths between the member (defined in
132   * the query) and the parent. If a wildcard collection is provided, all
133   * membership paths connected to the member will be returned.
134   * @param array $optParams Optional parameters.
135   *
136   * @opt_param string query Required. A CEL expression that MUST include member
137   * specification AND label(s). Certain groups are uniquely identified by both a
138   * 'member_key_id' and a 'member_key_namespace', which requires an additional
139   * query input: 'member_key_namespace'. Example query: `member_key_id ==
140   * 'member_key_id_value' && in labels`
141   * @return Operation
142   */
143  public function getMembershipGraph($parent, $optParams = [])
144  {
145    $params = ['parent' => $parent];
146    $params = array_merge($params, $optParams);
147    return $this->call('getMembershipGraph', [$params], Operation::class);
148  }
149  /**
150   * Lists the `Membership`s within a `Group`. (memberships.listGroupsMemberships)
151   *
152   * @param string $parent Required. The parent `Group` resource under which to
153   * lookup the `Membership` name. Must be of the form `groups/{group}`.
154   * @param array $optParams Optional parameters.
155   *
156   * @opt_param int pageSize The maximum number of results to return. Note that
157   * the number of results returned may be less than this value even if there are
158   * more available results. To fetch all results, clients must continue calling
159   * this method repeatedly until the response no longer contains a
160   * `next_page_token`. If unspecified, defaults to 200 for `GroupView.BASIC` and
161   * to 50 for `GroupView.FULL`. Must not be greater than 1000 for
162   * `GroupView.BASIC` or 500 for `GroupView.FULL`.
163   * @opt_param string pageToken The `next_page_token` value returned from a
164   * previous search request, if any.
165   * @opt_param string view The level of detail to be returned. If unspecified,
166   * defaults to `View.BASIC`.
167   * @return ListMembershipsResponse
168   */
169  public function listGroupsMemberships($parent, $optParams = [])
170  {
171    $params = ['parent' => $parent];
172    $params = array_merge($params, $optParams);
173    return $this->call('list', [$params], ListMembershipsResponse::class);
174  }
175  /**
176   * Looks up the [resource
177   * name](https://cloud.google.com/apis/design/resource_names) of a `Membership`
178   * by its `EntityKey`. (memberships.lookup)
179   *
180   * @param string $parent Required. The parent `Group` resource under which to
181   * lookup the `Membership` name. Must be of the form `groups/{group}`.
182   * @param array $optParams Optional parameters.
183   *
184   * @opt_param string memberKey.id The ID of the entity. For Google-managed
185   * entities, the `id` should be the email address of an existing group or user.
186   * For external-identity-mapped entities, the `id` must be a string conforming
187   * to the Identity Source's requirements. Must be unique within a `namespace`.
188   * @opt_param string memberKey.namespace The namespace in which the entity
189   * exists. If not specified, the `EntityKey` represents a Google-managed entity
190   * such as a Google user or a Google Group. If specified, the `EntityKey`
191   * represents an external-identity-mapped group. The namespace must correspond
192   * to an identity source created in Admin Console and must be in the form of
193   * `identitysources/{identity_source}`.
194   * @return LookupMembershipNameResponse
195   */
196  public function lookup($parent, $optParams = [])
197  {
198    $params = ['parent' => $parent];
199    $params = array_merge($params, $optParams);
200    return $this->call('lookup', [$params], LookupMembershipNameResponse::class);
201  }
202  /**
203   * Modifies the `MembershipRole`s of a `Membership`.
204   * (memberships.modifyMembershipRoles)
205   *
206   * @param string $name Required. The [resource
207   * name](https://cloud.google.com/apis/design/resource_names) of the
208   * `Membership` whose roles are to be modified. Must be of the form
209   * `groups/{group}/memberships/{membership}`.
210   * @param ModifyMembershipRolesRequest $postBody
211   * @param array $optParams Optional parameters.
212   * @return ModifyMembershipRolesResponse
213   */
214  public function modifyMembershipRoles($name, ModifyMembershipRolesRequest $postBody, $optParams = [])
215  {
216    $params = ['name' => $name, 'postBody' => $postBody];
217    $params = array_merge($params, $optParams);
218    return $this->call('modifyMembershipRoles', [$params], ModifyMembershipRolesResponse::class);
219  }
220  /**
221   * Search transitive groups of a member. **Note:** This feature is only
222   * available to Google Workspace Enterprise Standard, Enterprise Plus, and
223   * Enterprise for Education; and Cloud Identity Premium accounts. If the account
224   * of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code
225   * will be returned. A transitive group is any group that has a direct or
226   * indirect membership to the member. Actor must have view permissions all
227   * transitive groups. (memberships.searchTransitiveGroups)
228   *
229   * @param string $parent [Resource
230   * name](https://cloud.google.com/apis/design/resource_names) of the group to
231   * search transitive memberships in. Format: `groups/{group}`, where `group` is
232   * always '-' as this API will search across all groups for a given member.
233   * @param array $optParams Optional parameters.
234   *
235   * @opt_param int pageSize The default page size is 200 (max 1000).
236   * @opt_param string pageToken The next_page_token value returned from a
237   * previous list request, if any.
238   * @opt_param string query Required. A CEL expression that MUST include member
239   * specification AND label(s). This is a `required` field. Users can search on
240   * label attributes of groups. CONTAINS match ('in') is supported on labels.
241   * Identity-mapped groups are uniquely identified by both a `member_key_id` and
242   * a `member_key_namespace`, which requires an additional query input:
243   * `member_key_namespace`. Example query: `member_key_id ==
244   * 'member_key_id_value' && in labels`
245   * @return SearchTransitiveGroupsResponse
246   */
247  public function searchTransitiveGroups($parent, $optParams = [])
248  {
249    $params = ['parent' => $parent];
250    $params = array_merge($params, $optParams);
251    return $this->call('searchTransitiveGroups', [$params], SearchTransitiveGroupsResponse::class);
252  }
253  /**
254   * Search transitive memberships of a group. **Note:** This feature is only
255   * available to Google Workspace Enterprise Standard, Enterprise Plus, and
256   * Enterprise for Education; and Cloud Identity Premium accounts. If the account
257   * of the group is not one of these, a 403 (PERMISSION_DENIED) HTTP status code
258   * will be returned. A transitive membership is any direct or indirect
259   * membership of a group. Actor must have view permissions to all transitive
260   * memberships. (memberships.searchTransitiveMemberships)
261   *
262   * @param string $parent [Resource
263   * name](https://cloud.google.com/apis/design/resource_names) of the group to
264   * search transitive memberships in. Format: `groups/{group}`, where `group` is
265   * the unique ID assigned to the Group.
266   * @param array $optParams Optional parameters.
267   *
268   * @opt_param int pageSize The default page size is 200 (max 1000).
269   * @opt_param string pageToken The next_page_token value returned from a
270   * previous list request, if any.
271   * @return SearchTransitiveMembershipsResponse
272   */
273  public function searchTransitiveMemberships($parent, $optParams = [])
274  {
275    $params = ['parent' => $parent];
276    $params = array_merge($params, $optParams);
277    return $this->call('searchTransitiveMemberships', [$params], SearchTransitiveMembershipsResponse::class);
278  }
279}
280
281// Adding a class alias for backwards compatibility with the previous class name.
282class_alias(GroupsMemberships::class, 'Google_Service_CloudIdentity_Resource_GroupsMemberships');
283