google.iam.v1.iam_policy.proto Maven / Gradle / Ivy
// Copyright (c) 2015, Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.v1;
import "google/iam/v1/policy.proto";
option java_multiple_files = true;
option java_outer_classname = "IamPolicyProto";
option java_package = "com.google.iam.v1";
// ## API Overview
//
// Any implementation of an API that offers access control features
// implements the google.iam.v1.IAMPolicy interface.
//
// ## Data model
//
// Access control is applied when a principal (user or service account), takes
// some action on a resource exposed by a service. Resources, identified by
// URI-like names, are the unit of access control specification. Service
// implementations can choose the granularity of access control and the
// supported permissions for their resources.
// For example one database service may allow access control to be
// specified only at the Table level, whereas another might allow access control
// to also be specified at the Column level.
//
// ## Policy Structure
//
// See google.iam.v1.Policy
//
// This is intentionally not a CRUD style API because access control policies
// are created and deleted implicitly with the resources to which they are
// attached.
service IAMPolicy {
// Sets the access control policy on the specified resource. Replaces any
// existing policy.
rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy);
// Gets the access control policy for a resource. Is empty if the
// policy or the resource does not exist.
rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy);
// Returns permissions that a caller has on the specified resource.
rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse);
}
// Request message for `SetIamPolicy` method.
message SetIamPolicyRequest {
// REQUIRED: The resource for which policy is being specified.
// Resource is usually specified as a path, such as,
// projects/{project}/zones/{zone}/disks/{disk}.
string resource = 1;
// REQUIRED: The complete policy to be applied to the 'resource'. The size of
// the policy is limited to a few 10s of KB. An empty policy is in general a
// valid policy but certain services (like Projects) might reject them.
Policy policy = 2;
}
// Request message for `GetIamPolicy` method.
message GetIamPolicyRequest {
// REQUIRED: The resource for which policy is being requested. Resource
// is usually specified as a path, such as, projects/{project}.
string resource = 1;
}
// Request message for `TestIamPermissions` method.
message TestIamPermissionsRequest {
// REQUIRED: The resource for which policy detail is being requested.
// Resource is usually specified as a path, such as, projects/{project}.
string resource = 1;
// The set of permissions to check for the 'resource'. Permissions with
// wildcards (such as '*' or 'storage.*') are not allowed.
repeated string permissions = 2;
}
// Response message for `TestIamPermissions` method.
message TestIamPermissionsResponse {
// A subset of `TestPermissionsRequest.permissions` that the caller is
// allowed.
repeated string permissions = 1;
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy