Documentation ¶
Index ¶
- Variables
- func RegisterPoliciesServer(s *grpc.Server, srv PoliciesServer)
- type CreatePolicyRequest
- func (*CreatePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreatePolicyRequest) GetParent() string
- func (x *CreatePolicyRequest) GetPolicy() *Policy
- func (x *CreatePolicyRequest) GetPolicyId() string
- func (*CreatePolicyRequest) ProtoMessage()
- func (x *CreatePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *CreatePolicyRequest) Reset()
- func (x *CreatePolicyRequest) String() string
- type DeletePolicyRequest
- func (*DeletePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DeletePolicyRequest) GetEtag() string
- func (x *DeletePolicyRequest) GetName() string
- func (*DeletePolicyRequest) ProtoMessage()
- func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *DeletePolicyRequest) Reset()
- func (x *DeletePolicyRequest) String() string
- type DenyRule
- func (*DenyRule) Descriptor() ([]byte, []int)deprecated
- func (x *DenyRule) GetDenialCondition() *expr.Expr
- func (x *DenyRule) GetDeniedPermissions() []string
- func (x *DenyRule) GetDeniedPrincipals() []string
- func (x *DenyRule) GetExceptionPermissions() []string
- func (x *DenyRule) GetExceptionPrincipals() []string
- func (*DenyRule) ProtoMessage()
- func (x *DenyRule) ProtoReflect() protoreflect.Message
- func (x *DenyRule) Reset()
- func (x *DenyRule) String() string
- type GetPolicyRequest
- type ListPoliciesRequest
- func (*ListPoliciesRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListPoliciesRequest) GetPageSize() int32
- func (x *ListPoliciesRequest) GetPageToken() string
- func (x *ListPoliciesRequest) GetParent() string
- func (*ListPoliciesRequest) ProtoMessage()
- func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message
- func (x *ListPoliciesRequest) Reset()
- func (x *ListPoliciesRequest) String() string
- type ListPoliciesResponse
- func (*ListPoliciesResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListPoliciesResponse) GetNextPageToken() string
- func (x *ListPoliciesResponse) GetPolicies() []*Policy
- func (*ListPoliciesResponse) ProtoMessage()
- func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message
- func (x *ListPoliciesResponse) Reset()
- func (x *ListPoliciesResponse) String() string
- type PoliciesClient
- type PoliciesServer
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)deprecated
- func (x *Policy) GetAnnotations() map[string]string
- func (x *Policy) GetCreateTime() *timestamppb.Timestamp
- func (x *Policy) GetDeleteTime() *timestamppb.Timestamp
- func (x *Policy) GetDisplayName() string
- func (x *Policy) GetEtag() string
- func (x *Policy) GetKind() string
- func (x *Policy) GetManagingAuthority() string
- func (x *Policy) GetName() string
- func (x *Policy) GetRules() []*PolicyRule
- func (x *Policy) GetUid() string
- func (x *Policy) GetUpdateTime() *timestamppb.Timestamp
- func (*Policy) ProtoMessage()
- func (x *Policy) ProtoReflect() protoreflect.Message
- func (x *Policy) Reset()
- func (x *Policy) String() string
- type PolicyOperationMetadata
- func (*PolicyOperationMetadata) Descriptor() ([]byte, []int)deprecated
- func (x *PolicyOperationMetadata) GetCreateTime() *timestamppb.Timestamp
- func (*PolicyOperationMetadata) ProtoMessage()
- func (x *PolicyOperationMetadata) ProtoReflect() protoreflect.Message
- func (x *PolicyOperationMetadata) Reset()
- func (x *PolicyOperationMetadata) String() string
- type PolicyRule
- func (*PolicyRule) Descriptor() ([]byte, []int)deprecated
- func (x *PolicyRule) GetDenyRule() *DenyRule
- func (x *PolicyRule) GetDescription() string
- func (m *PolicyRule) GetKind() isPolicyRule_Kind
- func (*PolicyRule) ProtoMessage()
- func (x *PolicyRule) ProtoReflect() protoreflect.Message
- func (x *PolicyRule) Reset()
- func (x *PolicyRule) String() string
- type PolicyRule_DenyRule
- type UnimplementedPoliciesServer
- func (*UnimplementedPoliciesServer) CreatePolicy(context.Context, *CreatePolicyRequest) (*longrunningpb.Operation, error)
- func (*UnimplementedPoliciesServer) DeletePolicy(context.Context, *DeletePolicyRequest) (*longrunningpb.Operation, error)
- func (*UnimplementedPoliciesServer) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
- func (*UnimplementedPoliciesServer) ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
- func (*UnimplementedPoliciesServer) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*longrunningpb.Operation, error)
- type UpdatePolicyRequest
- func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdatePolicyRequest) GetPolicy() *Policy
- func (*UpdatePolicyRequest) ProtoMessage()
- func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *UpdatePolicyRequest) Reset()
- func (x *UpdatePolicyRequest) String() string
Constants ¶
This section is empty.
Variables ¶
var File_google_iam_v2_deny_proto protoreflect.FileDescriptor
var File_google_iam_v2_policy_proto protoreflect.FileDescriptor
Functions ¶
func RegisterPoliciesServer ¶
func RegisterPoliciesServer(s *grpc.Server, srv PoliciesServer)
Types ¶
type CreatePolicyRequest ¶
type CreatePolicyRequest struct { // Required. The resource that the policy is attached to, along with the kind of policy // to create. Format: `policies/{attachment_point}/denypolicies` // // // The attachment point is identified by its URL-encoded full resource name, // which means that the forward-slash character, `/`, must be written as // `%2F`. For example, // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. // // For organizations and folders, use the numeric ID in the full resource // name. For projects, you can use the alphanumeric or the numeric ID. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. The policy to create. Policy *Policy `protobuf:"bytes,2,opt,name=policy,proto3" json:"policy,omitempty"` // The ID to use for this policy, which will become the final component of // the policy's resource name. The ID must contain 3 to 63 characters. It can // contain lowercase letters and numbers, as well as dashes (`-`) and periods // (`.`). The first character must be a lowercase letter. PolicyId string `protobuf:"bytes,3,opt,name=policy_id,json=policyId,proto3" json:"policy_id,omitempty"` // contains filtered or unexported fields }
Request message for `CreatePolicy`.
func (*CreatePolicyRequest) Descriptor
deprecated
func (*CreatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreatePolicyRequest.ProtoReflect.Descriptor instead.
func (*CreatePolicyRequest) GetParent ¶
func (x *CreatePolicyRequest) GetParent() string
func (*CreatePolicyRequest) GetPolicy ¶
func (x *CreatePolicyRequest) GetPolicy() *Policy
func (*CreatePolicyRequest) GetPolicyId ¶
func (x *CreatePolicyRequest) GetPolicyId() string
func (*CreatePolicyRequest) ProtoMessage ¶
func (*CreatePolicyRequest) ProtoMessage()
func (*CreatePolicyRequest) ProtoReflect ¶
func (x *CreatePolicyRequest) ProtoReflect() protoreflect.Message
func (*CreatePolicyRequest) Reset ¶
func (x *CreatePolicyRequest) Reset()
func (*CreatePolicyRequest) String ¶
func (x *CreatePolicyRequest) String() string
type DeletePolicyRequest ¶
type DeletePolicyRequest struct { // Required. The resource name of the policy to delete. Format: // `policies/{attachment_point}/denypolicies/{policy_id}` // // // Use the URL-encoded full resource name, which means that the forward-slash // character, `/`, must be written as `%2F`. For example, // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`. // // For organizations and folders, use the numeric ID in the full resource // name. For projects, you can use the alphanumeric or the numeric ID. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Optional. The expected `etag` of the policy to delete. If the value does not match // the value that is stored in IAM, the request fails with a `409` error code // and `ABORTED` status. // // If you omit this field, the policy is deleted regardless of its current // `etag`. Etag string `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"` // contains filtered or unexported fields }
Request message for `DeletePolicy`.
func (*DeletePolicyRequest) Descriptor
deprecated
func (*DeletePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeletePolicyRequest.ProtoReflect.Descriptor instead.
func (*DeletePolicyRequest) GetEtag ¶
func (x *DeletePolicyRequest) GetEtag() string
func (*DeletePolicyRequest) GetName ¶
func (x *DeletePolicyRequest) GetName() string
func (*DeletePolicyRequest) ProtoMessage ¶
func (*DeletePolicyRequest) ProtoMessage()
func (*DeletePolicyRequest) ProtoReflect ¶
func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message
func (*DeletePolicyRequest) Reset ¶
func (x *DeletePolicyRequest) Reset()
func (*DeletePolicyRequest) String ¶
func (x *DeletePolicyRequest) String() string
type DenyRule ¶
type DenyRule struct { // The identities that are prevented from using one or more permissions on // Google Cloud resources. This field can contain the following values: // // * `principalSet://goog/public:all`: A special identifier that represents // any principal that is on the internet, even if they do not have a Google // Account or are not logged in. // // * `principal://goog/subject/{email_id}`: A specific Google Account. // Includes Gmail, Cloud Identity, and Google Workspace user accounts. For // example, `principal://goog/subject/alice@example.com`. // // * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific // Google Account that was deleted recently. For example, // `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If // the Google Account is recovered, this identifier reverts to the standard // identifier for a Google Account. // // * `principalSet://goog/group/{group_id}`: A Google group. For example, // `principalSet://goog/group/admins@example.com`. // // * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group // that was deleted recently. For example, // `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If // the Google group is restored, this identifier reverts to the standard // identifier for a Google group. // // * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: // A Google Cloud service account. For example, // `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`. // // * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`: // A Google Cloud service account that was deleted recently. For example, // `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`. // If the service account is undeleted, this identifier reverts to the // standard identifier for a service account. // // * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the // principals associated with the specified Google Workspace or Cloud // Identity customer ID. For example, // `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. DeniedPrincipals []string `protobuf:"bytes,1,rep,name=denied_principals,json=deniedPrincipals,proto3" json:"denied_principals,omitempty"` // The identities that are excluded from the deny rule, even if they are // listed in the `denied_principals`. For example, you could add a Google // group to the `denied_principals`, then exclude specific users who belong to // that group. // // This field can contain the same values as the `denied_principals` field, // excluding `principalSet://goog/public:all`, which represents all users on // the internet. ExceptionPrincipals []string `protobuf:"bytes,2,rep,name=exception_principals,json=exceptionPrincipals,proto3" json:"exception_principals,omitempty"` // The permissions that are explicitly denied by this rule. Each permission // uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` // is the fully qualified domain name for the service. For example, // `iam.googleapis.com/roles.list`. DeniedPermissions []string `protobuf:"bytes,3,rep,name=denied_permissions,json=deniedPermissions,proto3" json:"denied_permissions,omitempty"` // Specifies the permissions that this rule excludes from the set of denied // permissions given by `denied_permissions`. If a permission appears in // `denied_permissions` _and_ in `exception_permissions` then it will _not_ be // denied. // // The excluded permissions can be specified using the same syntax as // `denied_permissions`. ExceptionPermissions []string `protobuf:"bytes,4,rep,name=exception_permissions,json=exceptionPermissions,proto3" json:"exception_permissions,omitempty"` // The condition that determines whether this deny rule applies to a request. // If the condition expression evaluates to `true`, then the deny rule is // applied; otherwise, the deny rule is not applied. // // Each deny rule is evaluated independently. If this deny rule does not apply // to a request, other deny rules might still apply. // // The condition can use CEL functions that evaluate // [resource // tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other // functions and operators are not supported. DenialCondition *expr.Expr `protobuf:"bytes,5,opt,name=denial_condition,json=denialCondition,proto3" json:"denial_condition,omitempty"` // contains filtered or unexported fields }
A deny rule in an IAM deny policy.
func (*DenyRule) Descriptor
deprecated
func (*DenyRule) GetDenialCondition ¶
func (*DenyRule) GetDeniedPermissions ¶
func (*DenyRule) GetDeniedPrincipals ¶
func (*DenyRule) GetExceptionPermissions ¶
func (*DenyRule) GetExceptionPrincipals ¶
func (*DenyRule) ProtoMessage ¶
func (*DenyRule) ProtoMessage()
func (*DenyRule) ProtoReflect ¶
func (x *DenyRule) ProtoReflect() protoreflect.Message
type GetPolicyRequest ¶
type GetPolicyRequest struct { // Required. The resource name of the policy to retrieve. Format: // `policies/{attachment_point}/denypolicies/{policy_id}` // // // Use the URL-encoded full resource name, which means that the forward-slash // character, `/`, must be written as `%2F`. For example, // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`. // // For organizations and folders, use the numeric ID in the full resource // name. For projects, you can use the alphanumeric or the numeric ID. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for `GetPolicy`.
func (*GetPolicyRequest) Descriptor
deprecated
func (*GetPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName ¶
func (x *GetPolicyRequest) GetName() string
func (*GetPolicyRequest) ProtoMessage ¶
func (*GetPolicyRequest) ProtoMessage()
func (*GetPolicyRequest) ProtoReflect ¶
func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetPolicyRequest) Reset ¶
func (x *GetPolicyRequest) Reset()
func (*GetPolicyRequest) String ¶
func (x *GetPolicyRequest) String() string
type ListPoliciesRequest ¶
type ListPoliciesRequest struct { // Required. The resource that the policy is attached to, along with the kind of policy // to list. Format: // `policies/{attachment_point}/denypolicies` // // // The attachment point is identified by its URL-encoded full resource name, // which means that the forward-slash character, `/`, must be written as // `%2F`. For example, // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. // // For organizations and folders, use the numeric ID in the full resource // name. For projects, you can use the alphanumeric or the numeric ID. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // The maximum number of policies to return. IAM ignores this value and uses // the value 1000. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // A page token received in a [ListPoliciesResponse][google.iam.v2.ListPoliciesResponse]. Provide this token to // retrieve the next page. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // contains filtered or unexported fields }
Request message for `ListPolicies`.
func (*ListPoliciesRequest) Descriptor
deprecated
func (*ListPoliciesRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListPoliciesRequest) GetPageSize ¶
func (x *ListPoliciesRequest) GetPageSize() int32
func (*ListPoliciesRequest) GetPageToken ¶
func (x *ListPoliciesRequest) GetPageToken() string
func (*ListPoliciesRequest) GetParent ¶
func (x *ListPoliciesRequest) GetParent() string
func (*ListPoliciesRequest) ProtoMessage ¶
func (*ListPoliciesRequest) ProtoMessage()
func (*ListPoliciesRequest) ProtoReflect ¶
func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message
func (*ListPoliciesRequest) Reset ¶
func (x *ListPoliciesRequest) Reset()
func (*ListPoliciesRequest) String ¶
func (x *ListPoliciesRequest) String() string
type ListPoliciesResponse ¶
type ListPoliciesResponse struct { // Metadata for the policies that are attached to the resource. Policies []*Policy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"` // A page token that you can use in a [ListPoliciesRequest][google.iam.v2.ListPoliciesRequest] to retrieve the // next page. If this field is omitted, there are no additional pages. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // contains filtered or unexported fields }
Response message for `ListPolicies`.
func (*ListPoliciesResponse) Descriptor
deprecated
func (*ListPoliciesResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListPoliciesResponse) GetNextPageToken ¶
func (x *ListPoliciesResponse) GetNextPageToken() string
func (*ListPoliciesResponse) GetPolicies ¶
func (x *ListPoliciesResponse) GetPolicies() []*Policy
func (*ListPoliciesResponse) ProtoMessage ¶
func (*ListPoliciesResponse) ProtoMessage()
func (*ListPoliciesResponse) ProtoReflect ¶
func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message
func (*ListPoliciesResponse) Reset ¶
func (x *ListPoliciesResponse) Reset()
func (*ListPoliciesResponse) String ¶
func (x *ListPoliciesResponse) String() string
type PoliciesClient ¶
type PoliciesClient interface { // Retrieves the policies of the specified kind that are attached to a // resource. // // The response lists only policy metadata. In particular, policy rules are // omitted. ListPolicies(ctx context.Context, in *ListPoliciesRequest, opts ...grpc.CallOption) (*ListPoliciesResponse, error) // Gets a policy. GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Creates a policy. CreatePolicy(ctx context.Context, in *CreatePolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error) // Updates the specified policy. // // You can update only the rules and the display name for the policy. // // To update a policy, you should use a read-modify-write loop: // // 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the current version of the policy. // 2. Modify the policy as needed. // 3. Use `UpdatePolicy` to write the updated policy. // // This pattern helps prevent conflicts between concurrent updates. UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error) // Deletes a policy. This action is permanent. DeletePolicy(ctx context.Context, in *DeletePolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error) }
PoliciesClient is the client API for Policies service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewPoliciesClient ¶
func NewPoliciesClient(cc grpc.ClientConnInterface) PoliciesClient
type PoliciesServer ¶
type PoliciesServer interface { // Retrieves the policies of the specified kind that are attached to a // resource. // // The response lists only policy metadata. In particular, policy rules are // omitted. ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error) // Gets a policy. GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error) // Creates a policy. CreatePolicy(context.Context, *CreatePolicyRequest) (*longrunningpb.Operation, error) // Updates the specified policy. // // You can update only the rules and the display name for the policy. // // To update a policy, you should use a read-modify-write loop: // // 1. Use [GetPolicy][google.iam.v2.Policies.GetPolicy] to read the current version of the policy. // 2. Modify the policy as needed. // 3. Use `UpdatePolicy` to write the updated policy. // // This pattern helps prevent conflicts between concurrent updates. UpdatePolicy(context.Context, *UpdatePolicyRequest) (*longrunningpb.Operation, error) // Deletes a policy. This action is permanent. DeletePolicy(context.Context, *DeletePolicyRequest) (*longrunningpb.Operation, error) }
PoliciesServer is the server API for Policies service.
type Policy ¶
type Policy struct { // Immutable. The resource name of the `Policy`, which must be unique. Format: // `policies/{attachment_point}/denypolicies/{policy_id}` // // // The attachment point is identified by its URL-encoded full resource name, // which means that the forward-slash character, `/`, must be written as // `%2F`. For example, // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`. // // For organizations and folders, use the numeric ID in the full resource // name. For projects, requests can use the alphanumeric or the numeric ID. // Responses always contain the numeric ID. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Immutable. The globally unique ID of the `Policy`. Assigned automatically when the // `Policy` is created. Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"` // Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`. Kind string `protobuf:"bytes,3,opt,name=kind,proto3" json:"kind,omitempty"` // A user-specified description of the `Policy`. This value can be up to 63 // characters. DisplayName string `protobuf:"bytes,4,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // A key-value map to store arbitrary metadata for the `Policy`. Keys // can be up to 63 characters. Values can be up to 255 characters. Annotations map[string]string `` /* 163-byte string literal not displayed */ // An opaque tag that identifies the current version of the `Policy`. IAM uses // this value to help manage concurrent updates, so they do not cause one // update to be overwritten by another. // // If this field is present in a [CreatePolicy][] request, the value is // ignored. Etag string `protobuf:"bytes,6,opt,name=etag,proto3" json:"etag,omitempty"` // Output only. The time when the `Policy` was created. CreateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"` // Output only. The time when the `Policy` was last updated. UpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"` // Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted. DeleteTime *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty"` // A list of rules that specify the behavior of the `Policy`. All of the rules // should be of the `kind` specified in the `Policy`. Rules []*PolicyRule `protobuf:"bytes,10,rep,name=rules,proto3" json:"rules,omitempty"` // Immutable. Specifies that this policy is managed by an authority and can only be // modified by that authority. Usage is restricted. ManagingAuthority string `protobuf:"bytes,11,opt,name=managing_authority,json=managingAuthority,proto3" json:"managing_authority,omitempty"` // contains filtered or unexported fields }
Data for an IAM policy.
func (*Policy) Descriptor
deprecated
func (*Policy) GetAnnotations ¶
func (*Policy) GetCreateTime ¶
func (x *Policy) GetCreateTime() *timestamppb.Timestamp
func (*Policy) GetDeleteTime ¶
func (x *Policy) GetDeleteTime() *timestamppb.Timestamp
func (*Policy) GetDisplayName ¶
func (*Policy) GetManagingAuthority ¶
func (*Policy) GetRules ¶
func (x *Policy) GetRules() []*PolicyRule
func (*Policy) GetUpdateTime ¶
func (x *Policy) GetUpdateTime() *timestamppb.Timestamp
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect ¶
func (x *Policy) ProtoReflect() protoreflect.Message
type PolicyOperationMetadata ¶
type PolicyOperationMetadata struct { // Timestamp when the `google.longrunning.Operation` was created. CreateTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"` // contains filtered or unexported fields }
Metadata for long-running `Policy` operations.
func (*PolicyOperationMetadata) Descriptor
deprecated
func (*PolicyOperationMetadata) Descriptor() ([]byte, []int)
Deprecated: Use PolicyOperationMetadata.ProtoReflect.Descriptor instead.
func (*PolicyOperationMetadata) GetCreateTime ¶
func (x *PolicyOperationMetadata) GetCreateTime() *timestamppb.Timestamp
func (*PolicyOperationMetadata) ProtoMessage ¶
func (*PolicyOperationMetadata) ProtoMessage()
func (*PolicyOperationMetadata) ProtoReflect ¶
func (x *PolicyOperationMetadata) ProtoReflect() protoreflect.Message
func (*PolicyOperationMetadata) Reset ¶
func (x *PolicyOperationMetadata) Reset()
func (*PolicyOperationMetadata) String ¶
func (x *PolicyOperationMetadata) String() string
type PolicyRule ¶
type PolicyRule struct { // Types that are assignable to Kind: // *PolicyRule_DenyRule Kind isPolicyRule_Kind `protobuf_oneof:"kind"` // A user-specified description of the rule. This value can be up to 256 // characters. Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"` // contains filtered or unexported fields }
A single rule in a `Policy`.
func (*PolicyRule) Descriptor
deprecated
func (*PolicyRule) Descriptor() ([]byte, []int)
Deprecated: Use PolicyRule.ProtoReflect.Descriptor instead.
func (*PolicyRule) GetDenyRule ¶
func (x *PolicyRule) GetDenyRule() *DenyRule
func (*PolicyRule) GetDescription ¶
func (x *PolicyRule) GetDescription() string
func (*PolicyRule) GetKind ¶
func (m *PolicyRule) GetKind() isPolicyRule_Kind
func (*PolicyRule) ProtoMessage ¶
func (*PolicyRule) ProtoMessage()
func (*PolicyRule) ProtoReflect ¶
func (x *PolicyRule) ProtoReflect() protoreflect.Message
func (*PolicyRule) Reset ¶
func (x *PolicyRule) Reset()
func (*PolicyRule) String ¶
func (x *PolicyRule) String() string
type PolicyRule_DenyRule ¶
type PolicyRule_DenyRule struct { // A rule for a deny policy. DenyRule *DenyRule `protobuf:"bytes,2,opt,name=deny_rule,json=denyRule,proto3,oneof"` }
type UnimplementedPoliciesServer ¶
type UnimplementedPoliciesServer struct { }
UnimplementedPoliciesServer can be embedded to have forward compatible implementations.
func (*UnimplementedPoliciesServer) CreatePolicy ¶
func (*UnimplementedPoliciesServer) CreatePolicy(context.Context, *CreatePolicyRequest) (*longrunningpb.Operation, error)
func (*UnimplementedPoliciesServer) DeletePolicy ¶
func (*UnimplementedPoliciesServer) DeletePolicy(context.Context, *DeletePolicyRequest) (*longrunningpb.Operation, error)
func (*UnimplementedPoliciesServer) GetPolicy ¶
func (*UnimplementedPoliciesServer) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
func (*UnimplementedPoliciesServer) ListPolicies ¶
func (*UnimplementedPoliciesServer) ListPolicies(context.Context, *ListPoliciesRequest) (*ListPoliciesResponse, error)
func (*UnimplementedPoliciesServer) UpdatePolicy ¶
func (*UnimplementedPoliciesServer) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*longrunningpb.Operation, error)
type UpdatePolicyRequest ¶
type UpdatePolicyRequest struct { // Required. The policy to update. // // To prevent conflicting updates, the `etag` value must match the value that // is stored in IAM. If the `etag` values do not match, the request fails with // a `409` error code and `ABORTED` status. Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"` // contains filtered or unexported fields }
Request message for `UpdatePolicy`.
func (*UpdatePolicyRequest) Descriptor
deprecated
func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy ¶
func (x *UpdatePolicyRequest) GetPolicy() *Policy
func (*UpdatePolicyRequest) ProtoMessage ¶
func (*UpdatePolicyRequest) ProtoMessage()
func (*UpdatePolicyRequest) ProtoReflect ¶
func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
func (*UpdatePolicyRequest) Reset ¶
func (x *UpdatePolicyRequest) Reset()
func (*UpdatePolicyRequest) String ¶
func (x *UpdatePolicyRequest) String() string