From 9cbb8dc7a5cd634ecb458a89b9fc28b397834774 Mon Sep 17 00:00:00 2001 From: Google APIs Date: Mon, 6 May 2019 12:19:40 -0700 Subject: Synchronize new proto/yaml changes. PiperOrigin-RevId: 246873246 --- google/iam/artman_iam_meta_api.yaml | 34 -------- google/iam/iam_meta_api.yaml | 85 -------------------- google/iam/v1/iam_meta_api_gapic.yaml | 146 ---------------------------------- google/iam/v1/iam_policy.proto | 22 +++-- google/iam/v1/policy.proto | 84 +++---------------- 5 files changed, 20 insertions(+), 351 deletions(-) delete mode 100644 google/iam/artman_iam_meta_api.yaml delete mode 100644 google/iam/iam_meta_api.yaml delete mode 100644 google/iam/v1/iam_meta_api_gapic.yaml (limited to 'google') diff --git a/google/iam/artman_iam_meta_api.yaml b/google/iam/artman_iam_meta_api.yaml deleted file mode 100644 index 5d8c9a83c..000000000 --- a/google/iam/artman_iam_meta_api.yaml +++ /dev/null @@ -1,34 +0,0 @@ -common: - api_name: iam_meta_api - api_version: v1 - organization_name: google-cloud - proto_deps: - - name: google-common-protos - src_proto_paths: - - v1 - service_yaml: iam_meta_api.yaml - gapic_yaml: v1/iam_meta_api_gapic.yaml -artifacts: -- name: gapic_config - type: GAPIC_CONFIG -- name: java_gapic - type: GAPIC - language: JAVA -- name: python_gapic - type: GAPIC - language: PYTHON -- name: nodejs_gapic - type: GAPIC - language: NODEJS -- name: php_gapic - type: GAPIC - language: PHP -- name: go_gapic - type: GAPIC - language: GO -- name: ruby_gapic - type: GAPIC - language: RUBY -- name: csharp_gapic - type: GAPIC - language: CSHARP diff --git a/google/iam/iam_meta_api.yaml b/google/iam/iam_meta_api.yaml deleted file mode 100644 index 939856790..000000000 --- a/google/iam/iam_meta_api.yaml +++ /dev/null @@ -1,85 +0,0 @@ -type: google.api.Service -config_version: 2 -name: iam-meta-api.googleapis.com -title: IAM Meta API - -apis: -- name: google.iam.v1.IAMPolicy - -types: -- name: google.iam.v1.PolicyDelta - -documentation: - summary: Manages access control for Google Cloud Platform resources. - overview: |- - # Google Identity and Access Management (IAM) API - - Documentation of the access control API that will be implemented by all - 1st party services provided by the Google Cloud Platform (like Cloud - Storage, Compute Engine, App Engine). - - Any implementation of an API that offers access control features - will implement the google.iam.v1.IAMPolicy interface. - - ## Data model - - Access control is applied when a principal (user or service account), - takes some action on a resource exposed by a service. Resources, - identified by - URI-like names, are the unit of access control specification. It is up to - the service implementations to choose what granularity of access control - to support and what set of actions (permissions) to support for the - resources - they provide. For example one database service may allow access control to - be specified only at the Table level, whereas another might allow access - control to also be specified at the Column level. - - This is intentionally not a CRUD style API because access control policies - are created and deleted implicitly with the resources to which they are - attached. - - ## Policy - - A `Policy` consists of a list of bindings. A `Binding` binds a set of - members to a role, where the members can include user accounts, user - groups, user - domains, and service accounts. A role is a named set of permissions, - defined by the IAM system. The definition of a role is outside the - policy. - - A permission check involves determining the roles that include the - specified permission, and then determining if the principal specified by - the check is a member of a binding to at least one of these roles. The - membership check is recursive when a group is bound to a role. - rules: - - selector: google.iam.v1.IAMPolicy.GetIamPolicy - description: |- - Gets the access control policy for a resource. Returns an empty policy - if the resource exists and does not have a policy set. - - - selector: google.iam.v1.IAMPolicy.SetIamPolicy - description: |- - Sets the access control policy on the specified resource. Replaces - any existing policy. - - - selector: google.iam.v1.IAMPolicy.TestIamPermissions - description: |- - Returns permissions that a caller has on the specified resource. If the - resource does not exist, this will return an empty set of - permissions, not a NOT_FOUND error. - - Note: This operation is designed to be used for building - permission-aware UIs and command-line tools, not for authorization - checking. This operation may "fail open" without warning. - -http: - rules: - - selector: google.iam.v1.IAMPolicy.GetIamPolicy - post: '/v1/{resource=**}:getIamPolicy' - body: '*' - - selector: google.iam.v1.IAMPolicy.SetIamPolicy - post: '/v1/{resource=**}:setIamPolicy' - body: '*' - - selector: google.iam.v1.IAMPolicy.TestIamPermissions - post: '/v1/{resource=**}:testIamPermissions' - body: '*' diff --git a/google/iam/v1/iam_meta_api_gapic.yaml b/google/iam/v1/iam_meta_api_gapic.yaml deleted file mode 100644 index a386b7d96..000000000 --- a/google/iam/v1/iam_meta_api_gapic.yaml +++ /dev/null @@ -1,146 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 1.0.0 -# The settings of generated code in a specific language. -language_settings: - java: - package_name: com.google.cloud.iam.v1 - python: - package_name: google.cloud.iam_v1.gapic - go: - package_name: cloud.google.com/go/iam/apiv1 - csharp: - package_name: Google.Iam.V1 - ruby: - package_name: Google::Cloud::Iam::V1 - php: - package_name: Google\Cloud\Iam\V1 - nodejs: - package_name: iam.v1 -# The configuration for the license header to put on generated files. -license_header: - # The file containing the copyright line(s). - copyright_file: copyright-google.txt - # The file containing the raw license header without any copyright line(s). - license_file: license-header-apache-2.0.txt -# A list of API interface configurations. -interfaces: -# The fully qualified name of the API interface. -- name: google.iam.v1.IAMPolicy - # A list of resource collection configurations. - # Consists of a name_pattern and an entity_name. - # The name_pattern is a pattern to describe the names of the resources of this - # collection, using the platform's conventions for URI patterns. A generator - # may use this to generate methods to compose and decompose such names. The - # pattern should use named placeholders as in `shelves/{shelf}/books/{book}`; - # those will be taken as hints for the parameter names of the generated - # methods. If empty, no name methods are generated. - # The entity_name is the name to be used as a basis for generated methods and - # classes. - collections: [] - # Definition for retryable codes. - retry_codes_def: - - name: idempotent - retry_codes: - - DEADLINE_EXCEEDED - - UNAVAILABLE - - name: non_idempotent - retry_codes: [] - # Definition for retry/backoff parameters. - retry_params_def: - - name: default - initial_retry_delay_millis: 100 - retry_delay_multiplier: 1.3 - max_retry_delay_millis: 60000 - initial_rpc_timeout_millis: 20000 - rpc_timeout_multiplier: 1 - max_rpc_timeout_millis: 20000 - total_timeout_millis: 600000 - # A list of method configurations. - # Common properties: - # - # name - The simple name of the method. - # - # flattening - Specifies the configuration for parameter flattening. - # Describes the parameter groups for which a generator should produce method - # overloads which allow a client to directly pass request message fields as - # method parameters. This information may or may not be used, depending on - # the target language. - # Consists of groups, which each represent a list of parameters to be - # flattened. Each parameter listed must be a field of the request message. - # - # required_fields - Fields that are always required for a request to be - # valid. - # - # resource_name_treatment - An enum that specifies how to treat the resource - # name formats defined in the field_name_patterns and - # response_field_name_patterns fields. - # UNSET: default value - # NONE: the collection configs will not be used by the generated code. - # VALIDATE: string fields will be validated by the client against the - # specified resource name formats. - # STATIC_TYPES: the client will use generated types for resource names. - # - # page_streaming - Specifies the configuration for paging. - # Describes information for generating a method which transforms a paging - # list RPC into a stream of resources. - # Consists of a request and a response. - # The request specifies request information of the list method. It defines - # which fields match the paging pattern in the request. The request consists - # of a page_size_field and a token_field. The page_size_field is the name of - # the optional field specifying the maximum number of elements to be - # returned in the response. The token_field is the name of the field in the - # request containing the page token. - # The response specifies response information of the list method. It defines - # which fields match the paging pattern in the response. The response - # consists of a token_field and a resources_field. The token_field is the - # name of the field in the response containing the next page token. The - # resources_field is the name of the field in the response containing the - # list of resources belonging to the page. - # - # retry_codes_name - Specifies the configuration for retryable codes. The - # name must be defined in interfaces.retry_codes_def. - # - # retry_params_name - Specifies the configuration for retry/backoff - # parameters. The name must be defined in interfaces.retry_params_def. - # - # field_name_patterns - Maps the field name of the request type to - # entity_name of interfaces.collections. - # Specifies the string pattern that the field must follow. - # - # timeout_millis - Specifies the default timeout for a non-retrying call. If - # the call is retrying, refer to retry_params_name instead. - methods: - - name: SetIamPolicy - flattening: - groups: - - parameters: - - resource - - policy - required_fields: - - resource - - policy - retry_codes_name: non_idempotent - retry_params_name: default - timeout_millis: 60000 - - name: GetIamPolicy - flattening: - groups: - - parameters: - - resource - required_fields: - - resource - retry_codes_name: non_idempotent - retry_params_name: default - timeout_millis: 60000 - - name: TestIamPermissions - flattening: - groups: - - parameters: - - resource - - permissions - required_fields: - - resource - - permissions - retry_codes_name: non_idempotent - retry_params_name: default - timeout_millis: 60000 diff --git a/google/iam/v1/iam_policy.proto b/google/iam/v1/iam_policy.proto index c102ff722..7cd1b0b9b 100644 --- a/google/iam/v1/iam_policy.proto +++ b/google/iam/v1/iam_policy.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2016 Google Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,15 +11,13 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; package google.iam.v1; -import "google/api/resource.proto"; -import "google/iam/v1/policy.proto"; import "google/api/annotations.proto"; +import "google/iam/v1/policy.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.Iam.V1"; @@ -77,11 +75,8 @@ service IAMPolicy { // Returns permissions that a caller has on the specified resource. // If the resource does not exist, this will return an empty set of // permissions, not a NOT_FOUND error. - // - // Note: This operation is designed to be used for building permission-aware - // UIs and command-line tools, not for authorization checking. This operation - // may "fail open" without warning. - rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) { + rpc TestIamPermissions(TestIamPermissionsRequest) + returns (TestIamPermissionsResponse) { option (google.api.http) = { post: "/v1/{resource=**}:testIamPermissions" body: "*" @@ -92,7 +87,8 @@ service IAMPolicy { // Request message for `SetIamPolicy` method. message SetIamPolicyRequest { // REQUIRED: The resource for which the policy is being specified. - // See the operation documentation for the appropriate value for this field. + // `resource` is usually specified as a path. For example, a Project + // resource is specified as `projects/{project}`. string resource = 1; // REQUIRED: The complete policy to be applied to the `resource`. The size of @@ -105,14 +101,16 @@ message SetIamPolicyRequest { // Request message for `GetIamPolicy` method. message GetIamPolicyRequest { // REQUIRED: The resource for which the policy is being requested. - // See the operation documentation for the appropriate value for this field. + // `resource` is usually specified as a path. For example, a Project + // resource is specified as `projects/{project}`. string resource = 1; } // Request message for `TestIamPermissions` method. message TestIamPermissionsRequest { // REQUIRED: The resource for which the policy detail is being requested. - // See the operation documentation for the appropriate value for this field. + // `resource` is usually specified as a path. For example, a Project + // resource is specified as `projects/{project}`. string resource = 1; // The set of permissions to check for the `resource`. Permissions with diff --git a/google/iam/v1/policy.proto b/google/iam/v1/policy.proto index 555b87c8e..78aa5f33c 100644 --- a/google/iam/v1/policy.proto +++ b/google/iam/v1/policy.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2016 Google Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,13 +11,11 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; package google.iam.v1; -import public "google/type/expr.proto"; import "google/api/annotations.proto"; option cc_enable_arenas = true; @@ -32,12 +30,12 @@ option php_namespace = "Google\\Cloud\\Iam\\V1"; // specify access control policies for Cloud Platform resources. // // -// A `Policy` consists of a list of `bindings`. A `binding` binds a list of +// A `Policy` consists of a list of `bindings`. A `Binding` binds a list of // `members` to a `role`, where the members can be user accounts, Google groups, // Google domains, and service accounts. A `role` is a named list of permissions // defined by IAM. // -// **JSON Example** +// **Example** // // { // "bindings": [ @@ -47,7 +45,7 @@ option php_namespace = "Google\\Cloud\\Iam\\V1"; // "user:mike@example.com", // "group:admins@example.com", // "domain:google.com", -// "serviceAccount:my-other-app@appspot.gserviceaccount.com" +// "serviceAccount:my-other-app@appspot.gserviceaccount.com", // ] // }, // { @@ -57,27 +55,14 @@ option php_namespace = "Google\\Cloud\\Iam\\V1"; // ] // } // -// **YAML Example** -// -// bindings: -// - members: -// - user:mike@example.com -// - group:admins@example.com -// - domain:google.com -// - serviceAccount:my-other-app@appspot.gserviceaccount.com -// role: roles/owner -// - members: -// - user:sean@example.com -// role: roles/viewer -// -// // For a description of IAM and its features, see the -// [IAM developer's guide](https://cloud.google.com/iam/docs). +// [IAM developer's guide](https://cloud.google.com/iam). message Policy { - // Deprecated. + // Version of the `Policy`. The default version is 0. int32 version = 1; // Associates a list of `members` to a `role`. + // Multiple `bindings` must not be specified for the same `role`. // `bindings` with no members will result in an error. repeated Binding bindings = 4; @@ -98,6 +83,7 @@ message Policy { message Binding { // Role that is assigned to `members`. // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + // Required string role = 1; // Specifies the identities requesting access for a Cloud Platform resource. @@ -110,7 +96,7 @@ message Binding { // who is authenticated with a Google account or a service account. // // * `user:{emailid}`: An email address that represents a specific Google - // account. For example, `alice@gmail.com` . + // account. For example, `alice@gmail.com` or `joe@example.com`. // // // * `serviceAccount:{emailid}`: An email address that represents a service @@ -119,27 +105,17 @@ message Binding { // * `group:{emailid}`: An email address that represents a Google group. // For example, `admins@example.com`. // - // - // * `domain:{domain}`: The G Suite domain (primary) that represents all the + // * `domain:{domain}`: A Google Apps domain name that represents all the // users of that domain. For example, `google.com` or `example.com`. // // repeated string members = 2; - - // The condition that is associated with this binding. - // NOTE: An unsatisfied condition will not allow user access via current - // binding. Different bindings, including their conditions, are examined - // independently. - google.type.Expr condition = 3; } // The difference delta between two policies. message PolicyDelta { // The delta for Bindings between two policies. repeated BindingDelta binding_deltas = 1; - - // The delta for AuditConfigs between two policies. - repeated AuditConfigDelta audit_config_deltas = 2; } // One delta entry for Binding. Each individual change (only one member in each @@ -170,44 +146,4 @@ message BindingDelta { // Follows the same format of Binding.members. // Required string member = 3; - - // Unimplemented. The condition that is associated with this binding. - // This field is logged only for Cloud Audit Logging. - google.type.Expr condition = 4; -} - -// One delta entry for AuditConfig. Each individual change (only one -// exempted_member in each entry) to a AuditConfig will be a separate entry. -message AuditConfigDelta { - // The type of action performed on an audit configuration in a policy. - enum Action { - // Unspecified. - ACTION_UNSPECIFIED = 0; - - // Addition of an audit configuration. - ADD = 1; - - // Removal of an audit configuration. - REMOVE = 2; - } - - // The action that was performed on an audit configuration in a policy. - // Required - Action action = 1; - - // Specifies a service that was configured for Cloud Audit Logging. - // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. - // `allServices` is a special value that covers all services. - // Required - string service = 2; - - // A single identity that is exempted from "data access" audit - // logging for the `service` specified above. - // Follows the same format of Binding.members. - string exempted_member = 3; - - // Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always - // enabled, and cannot be configured. - // Required - string log_type = 4; } -- cgit v1.2.3