third_party/googleapis/google/iam/v1/policy.proto - bazel - Git at Google

 // Copyright 2016 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 syntax = "proto3";

 package google.iam.v1;

 import "google/api/annotations.proto";

 option cc_enable_arenas = true;
 option csharp_namespace = "Google.Cloud.Iam.V1";
 option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam";
 option java_multiple_files = true;
 option java_outer_classname = "PolicyProto";
 option java_package = "com.google.iam.v1";


 // Defines an Identity and Access Management (IAM) policy. It is used to
 // specify access control policies for Cloud Platform resources.
 //
 //
 // A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
 // `members` to a `role`, where the members can be user accounts, Google groups,
 // Google domains, and service accounts. A `role` is a named list of permissions
 // defined by IAM.
 //
 // **Example**
 //
 //     {
 //       "bindings": [
 //         {
 //           "role": "roles/owner",
 //           "members": [
 //             "user:mike@example.com",
 //             "group:admins@example.com",
 //             "domain:google.com",
 //             "serviceAccount:my-other-app@appspot.gserviceaccount.com",
 //           ]
 //         },
 //         {
 //           "role": "roles/viewer",
 //           "members": ["user:sean@example.com"]
 //         }
 //       ]
 //     }
 //
 // For a description of IAM and its features, see the
 // [IAM developer's guide](https://cloud.google.com/iam).
 message Policy {
   // Version of the `Policy`. The default version is 0.
   int32 version = 1;

   // Associates a list of `members` to a `role`.
   // Multiple `bindings` must not be specified for the same `role`.
   // `bindings` with no members will result in an error.
   repeated Binding bindings = 4;

   // `etag` is used for optimistic concurrency control as a way to help
   // prevent simultaneous updates of a policy from overwriting each other.
   // It is strongly suggested that systems make use of the `etag` in the
   // read-modify-write cycle to perform policy updates in order to avoid race
   // conditions: An `etag` is returned in the response to `getIamPolicy`, and
   // systems are expected to put that etag in the request to `setIamPolicy` to
   // ensure that their change will be applied to the same version of the policy.
   //
   // If no `etag` is provided in the call to `setIamPolicy`, then the existing
   // policy is overwritten blindly.
   bytes etag = 3;
 }

 // Associates `members` with a `role`.
 message Binding {
   // Role that is assigned to `members`.
   // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
   // Required
   string role = 1;

   // Specifies the identities requesting access for a Cloud Platform resource.
   // `members` can have the following values:
   //
   // * `allUsers`: A special identifier that represents anyone who is
   //    on the internet; with or without a Google account.
   //
   // * `allAuthenticatedUsers`: A special identifier that represents anyone
   //    who is authenticated with a Google account or a service account.
   //
   // * `user:{emailid}`: An email address that represents a specific Google
   //    account. For example, `alice@gmail.com` or `joe@example.com`.
   //
   //
   // * `serviceAccount:{emailid}`: An email address that represents a service
   //    account. For example, `my-other-app@appspot.gserviceaccount.com`.
   //
   // * `group:{emailid}`: An email address that represents a Google group.
   //    For example, `admins@example.com`.
   //
   // * `domain:{domain}`: A Google Apps domain name that represents all the
   //    users of that domain. For example, `google.com` or `example.com`.
   //
   //
   repeated string members = 2;
 }

 // The difference delta between two policies.
 message PolicyDelta {
   // The delta for Bindings between two policies.
   repeated BindingDelta binding_deltas = 1;
 }

 // One delta entry for Binding. Each individual change (only one member in each
 // entry) to a binding will be a separate entry.
 message BindingDelta {
   // The type of action performed on a Binding in a policy.
   enum Action {
     // Unspecified.
     ACTION_UNSPECIFIED = 0;

     // Addition of a Binding.
     ADD = 1;

     // Removal of a Binding.
     REMOVE = 2;
   }

   // The action that was performed on a Binding.
   // Required
   Action action = 1;

   // Role that is assigned to `members`.
   // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
   // Required
   string role = 2;

   // A single identity requesting access for a Cloud Platform resource.
   // Follows the same format of Binding.members.
   // Required
   string member = 3;
 }
	// Copyright 2016 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	syntax = "proto3";

	package google.iam.v1;

	import "google/api/annotations.proto";

	option cc_enable_arenas = true;
	option csharp_namespace = "Google.Cloud.Iam.V1";
	option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam";
	option java_multiple_files = true;
	option java_outer_classname = "PolicyProto";
	option java_package = "com.google.iam.v1";


	// Defines an Identity and Access Management (IAM) policy. It is used to
	// specify access control policies for Cloud Platform resources.
	//
	//
	// A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
	// `members` to a `role`, where the members can be user accounts, Google groups,
	// Google domains, and service accounts. A `role` is a named list of permissions
	// defined by IAM.
	//
	// Example
	//
	// {
	// "bindings": [
	// {
	// "role": "roles/owner",
	// "members": [
	// "user:mike@example.com",
	// "group:admins@example.com",
	// "domain:google.com",
	// "serviceAccount:my-other-app@appspot.gserviceaccount.com",
	// ]
	// },
	// {
	// "role": "roles/viewer",
	// "members": ["user:sean@example.com"]
	// }
	// ]
	// }
	//
	// For a description of IAM and its features, see the
	// [IAM developer's guide](https://cloud.google.com/iam).
	message Policy {
	// Version of the `Policy`. The default version is 0.
	int32 version = 1;

	// Associates a list of `members` to a `role`.
	// Multiple `bindings` must not be specified for the same `role`.
	// `bindings` with no members will result in an error.
	repeated Binding bindings = 4;

	// `etag` is used for optimistic concurrency control as a way to help
	// prevent simultaneous updates of a policy from overwriting each other.
	// It is strongly suggested that systems make use of the `etag` in the
	// read-modify-write cycle to perform policy updates in order to avoid race
	// conditions: An `etag` is returned in the response to `getIamPolicy`, and
	// systems are expected to put that etag in the request to `setIamPolicy` to
	// ensure that their change will be applied to the same version of the policy.
	//
	// If no `etag` is provided in the call to `setIamPolicy`, then the existing
	// policy is overwritten blindly.
	bytes etag = 3;
	}

	// Associates `members` with a `role`.
	message Binding {
	// Role that is assigned to `members`.
	// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	// Required
	string role = 1;

	// Specifies the identities requesting access for a Cloud Platform resource.
	// `members` can have the following values:
	//
	// * `allUsers`: A special identifier that represents anyone who is
	// on the internet; with or without a Google account.
	//
	// * `allAuthenticatedUsers`: A special identifier that represents anyone
	// who is authenticated with a Google account or a service account.
	//
	// * `user:{emailid}`: An email address that represents a specific Google
	// account. For example, `alice@gmail.com` or `joe@example.com`.
	//
	//
	// * `serviceAccount:{emailid}`: An email address that represents a service
	// account. For example, `my-other-app@appspot.gserviceaccount.com`.
	//
	// * `group:{emailid}`: An email address that represents a Google group.
	// For example, `admins@example.com`.
	//
	// * `domain:{domain}`: A Google Apps domain name that represents all the
	// users of that domain. For example, `google.com` or `example.com`.
	//
	//
	repeated string members = 2;
	}

	// The difference delta between two policies.
	message PolicyDelta {
	// The delta for Bindings between two policies.
	repeated BindingDelta binding_deltas = 1;
	}

	// One delta entry for Binding. Each individual change (only one member in each
	// entry) to a binding will be a separate entry.
	message BindingDelta {
	// The type of action performed on a Binding in a policy.
	enum Action {
	// Unspecified.
	ACTION_UNSPECIFIED = 0;

	// Addition of a Binding.
	ADD = 1;

	// Removal of a Binding.
	REMOVE = 2;
	}

	// The action that was performed on a Binding.
	// Required
	Action action = 1;

	// Role that is assigned to `members`.
	// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	// Required
	string role = 2;

	// A single identity requesting access for a Cloud Platform resource.
	// Follows the same format of Binding.members.
	// Required
	string member = 3;
	}