diff options
Diffstat (limited to 'third_party/googleapis/google/iam/v1/iam_policy.proto')
| -rw-r--r-- | third_party/googleapis/google/iam/v1/iam_policy.proto | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/third_party/googleapis/google/iam/v1/iam_policy.proto b/third_party/googleapis/google/iam/v1/iam_policy.proto new file mode 100644 index 0000000000..15e216f194 --- /dev/null +++ b/third_party/googleapis/google/iam/v1/iam_policy.proto @@ -0,0 +1,118 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +import "google/api/annotations.proto"; +import "google/iam/v1/policy.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam"; +option java_multiple_files = true; +option java_outer_classname = "IamPolicyProto"; +option java_package = "com.google.iam.v1"; + + +// ## API Overview +// +// Manages Identity and Access Management (IAM) policies. +// +// Any implementation of an API that offers access control features +// implements the google.iam.v1.IAMPolicy interface. +// +// ## Data model +// +// Access control is applied when a principal (user or service account), takes +// some action on a resource exposed by a service. Resources, identified by +// URI-like names, are the unit of access control specification. Service +// implementations can choose the granularity of access control and the +// supported permissions for their resources. +// For example one database service may allow access control to be +// specified only at the Table level, whereas another might allow access control +// to also be specified at the Column level. +// +// ## Policy Structure +// +// See google.iam.v1.Policy +// +// This is intentionally not a CRUD style API because access control policies +// are created and deleted implicitly with the resources to which they are +// attached. +service IAMPolicy { + // Sets the access control policy on the specified resource. Replaces any + // existing policy. + rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) { + option (google.api.http) = { post: "/v1/{resource=**}:setIamPolicy" body: "*" }; + } + + // Gets the access control policy for a resource. + // Returns an empty policy if the resource exists and does not have a policy + // set. + rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) { + option (google.api.http) = { post: "/v1/{resource=**}:getIamPolicy" body: "*" }; + } + + // Returns permissions that a caller has on the specified resource. + // If the resource does not exist, this will return an empty set of + // permissions, not a NOT_FOUND error. + rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) { + option (google.api.http) = { post: "/v1/{resource=**}:testIamPermissions" body: "*" }; + } +} + +// Request message for `SetIamPolicy` method. +message SetIamPolicyRequest { + // REQUIRED: The resource for which the policy is being specified. + // `resource` is usually specified as a path. For example, a Project + // resource is specified as `projects/{project}`. + string resource = 1; + + // REQUIRED: The complete policy to be applied to the `resource`. The size of + // the policy is limited to a few 10s of KB. An empty policy is a + // valid policy but certain Cloud Platform services (such as Projects) + // might reject them. + Policy policy = 2; +} + +// Request message for `GetIamPolicy` method. +message GetIamPolicyRequest { + // REQUIRED: The resource for which the policy is being requested. + // `resource` is usually specified as a path. For example, a Project + // resource is specified as `projects/{project}`. + string resource = 1; +} + +// Request message for `TestIamPermissions` method. +message TestIamPermissionsRequest { + // REQUIRED: The resource for which the policy detail is being requested. + // `resource` is usually specified as a path. For example, a Project + // resource is specified as `projects/{project}`. + string resource = 1; + + // The set of permissions to check for the `resource`. Permissions with + // wildcards (such as '*' or 'storage.*') are not allowed. For more + // information see + // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + repeated string permissions = 2; +} + +// Response message for `TestIamPermissions` method. +message TestIamPermissionsResponse { + // A subset of `TestPermissionsRequest.permissions` that the caller is + // allowed. + repeated string permissions = 1; +} |