third_party/googleapis/google/iam/v1/iam_policy.proto - bazel - Git at Google

 // Copyright 2016 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 syntax = "proto3";

 package google.iam.v1;

 import "google/api/annotations.proto";
 import "google/iam/v1/policy.proto";

 option cc_enable_arenas = true;
 option csharp_namespace = "Google.Cloud.Iam.V1";
 option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam";
 option java_multiple_files = true;
 option java_outer_classname = "IamPolicyProto";
 option java_package = "com.google.iam.v1";


 // ## API Overview
 //
 // Manages Identity and Access Management (IAM) policies.
 //
 // Any implementation of an API that offers access control features
 // implements the google.iam.v1.IAMPolicy interface.
 //
 // ## Data model
 //
 // Access control is applied when a principal (user or service account), takes
 // some action on a resource exposed by a service. Resources, identified by
 // URI-like names, are the unit of access control specification. Service
 // implementations can choose the granularity of access control and the
 // supported permissions for their resources.
 // For example one database service may allow access control to be
 // specified only at the Table level, whereas another might allow access control
 // to also be specified at the Column level.
 //
 // ## Policy Structure
 //
 // See google.iam.v1.Policy
 //
 // This is intentionally not a CRUD style API because access control policies
 // are created and deleted implicitly with the resources to which they are
 // attached.
 service IAMPolicy {
   // Sets the access control policy on the specified resource. Replaces any
   // existing policy.
   rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) {
     option (google.api.http) = { post: "/v1/{resource=**}:setIamPolicy" body: "*" };
   }

   // Gets the access control policy for a resource.
   // Returns an empty policy if the resource exists and does not have a policy
   // set.
   rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) {
     option (google.api.http) = { post: "/v1/{resource=**}:getIamPolicy" body: "*" };
   }

   // Returns permissions that a caller has on the specified resource.
   // If the resource does not exist, this will return an empty set of
   // permissions, not a NOT_FOUND error.
   rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) {
     option (google.api.http) = { post: "/v1/{resource=**}:testIamPermissions" body: "*" };
   }
 }

 // Request message for `SetIamPolicy` method.
 message SetIamPolicyRequest {
   // REQUIRED: The resource for which the policy is being specified.
   // `resource` is usually specified as a path. For example, a Project
   // resource is specified as `projects/{project}`.
   string resource = 1;

   // REQUIRED: The complete policy to be applied to the `resource`. The size of
   // the policy is limited to a few 10s of KB. An empty policy is a
   // valid policy but certain Cloud Platform services (such as Projects)
   // might reject them.
   Policy policy = 2;
 }

 // Request message for `GetIamPolicy` method.
 message GetIamPolicyRequest {
   // REQUIRED: The resource for which the policy is being requested.
   // `resource` is usually specified as a path. For example, a Project
   // resource is specified as `projects/{project}`.
   string resource = 1;
 }

 // Request message for `TestIamPermissions` method.
 message TestIamPermissionsRequest {
   // REQUIRED: The resource for which the policy detail is being requested.
   // `resource` is usually specified as a path. For example, a Project
   // resource is specified as `projects/{project}`.
   string resource = 1;

   // The set of permissions to check for the `resource`. Permissions with
   // wildcards (such as '*' or 'storage.*') are not allowed. For more
   // information see
   // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
   repeated string permissions = 2;
 }

 // Response message for `TestIamPermissions` method.
 message TestIamPermissionsResponse {
   // A subset of `TestPermissionsRequest.permissions` that the caller is
   // allowed.
   repeated string permissions = 1;
 }
	// Copyright 2016 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	syntax = "proto3";

	package google.iam.v1;

	import "google/api/annotations.proto";
	import "google/iam/v1/policy.proto";

	option cc_enable_arenas = true;
	option csharp_namespace = "Google.Cloud.Iam.V1";
	option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam";
	option java_multiple_files = true;
	option java_outer_classname = "IamPolicyProto";
	option java_package = "com.google.iam.v1";


	// ## API Overview
	//
	// Manages Identity and Access Management (IAM) policies.
	//
	// Any implementation of an API that offers access control features
	// implements the google.iam.v1.IAMPolicy interface.
	//
	// ## Data model
	//
	// Access control is applied when a principal (user or service account), takes
	// some action on a resource exposed by a service. Resources, identified by
	// URI-like names, are the unit of access control specification. Service
	// implementations can choose the granularity of access control and the
	// supported permissions for their resources.
	// For example one database service may allow access control to be
	// specified only at the Table level, whereas another might allow access control
	// to also be specified at the Column level.
	//
	// ## Policy Structure
	//
	// See google.iam.v1.Policy
	//
	// This is intentionally not a CRUD style API because access control policies
	// are created and deleted implicitly with the resources to which they are
	// attached.
	service IAMPolicy {
	// Sets the access control policy on the specified resource. Replaces any
	// existing policy.
	rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) {
	option (google.api.http) = { post: "/v1/{resource=*}:setIamPolicy" body: "" };
	}

	// Gets the access control policy for a resource.
	// Returns an empty policy if the resource exists and does not have a policy
	// set.
	rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) {
	option (google.api.http) = { post: "/v1/{resource=*}:getIamPolicy" body: "" };
	}

	// Returns permissions that a caller has on the specified resource.
	// If the resource does not exist, this will return an empty set of
	// permissions, not a NOT_FOUND error.
	rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) {
	option (google.api.http) = { post: "/v1/{resource=*}:testIamPermissions" body: "" };
	}
	}

	// Request message for `SetIamPolicy` method.
	message SetIamPolicyRequest {
	// REQUIRED: The resource for which the policy is being specified.
	// `resource` is usually specified as a path. For example, a Project
	// resource is specified as `projects/{project}`.
	string resource = 1;

	// REQUIRED: The complete policy to be applied to the `resource`. The size of
	// the policy is limited to a few 10s of KB. An empty policy is a
	// valid policy but certain Cloud Platform services (such as Projects)
	// might reject them.
	Policy policy = 2;
	}

	// Request message for `GetIamPolicy` method.
	message GetIamPolicyRequest {
	// REQUIRED: The resource for which the policy is being requested.
	// `resource` is usually specified as a path. For example, a Project
	// resource is specified as `projects/{project}`.
	string resource = 1;
	}

	// Request message for `TestIamPermissions` method.
	message TestIamPermissionsRequest {
	// REQUIRED: The resource for which the policy detail is being requested.
	// `resource` is usually specified as a path. For example, a Project
	// resource is specified as `projects/{project}`.
	string resource = 1;

	// The set of permissions to check for the `resource`. Permissions with
	// wildcards (such as '' or 'storage.') are not allowed. For more
	// information see
	// [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
	repeated string permissions = 2;
	}

	// Response message for `TestIamPermissions` method.
	message TestIamPermissionsResponse {
	// A subset of `TestPermissionsRequest.permissions` that the caller is
	// allowed.
	repeated string permissions = 1;
	}