Documentation ¶
Overview ¶
Package iam is a generated protocol buffer package.
It is generated from these files:
google/iam/v1/iam_policy.proto google/iam/v1/policy.proto
It has these top-level messages:
SetIamPolicyRequest GetIamPolicyRequest TestIamPermissionsRequest TestIamPermissionsResponse Policy Binding PolicyDelta BindingDelta
Index ¶
- Variables
- func RegisterIAMPolicyServer(s *grpc.Server, srv IAMPolicyServer)
- type Binding
- type BindingDelta
- type BindingDelta_Action
- type GetIamPolicyRequest
- type IAMPolicyClient
- type IAMPolicyServer
- type Policy
- type PolicyDelta
- type SetIamPolicyRequest
- type TestIamPermissionsRequest
- func (*TestIamPermissionsRequest) Descriptor() ([]byte, []int)
- func (m *TestIamPermissionsRequest) GetPermissions() []string
- func (m *TestIamPermissionsRequest) GetResource() string
- func (*TestIamPermissionsRequest) ProtoMessage()
- func (m *TestIamPermissionsRequest) Reset()
- func (m *TestIamPermissionsRequest) String() string
- type TestIamPermissionsResponse
Constants ¶
This section is empty.
Variables ¶
var BindingDelta_Action_name = map[int32]string{
0: "ACTION_UNSPECIFIED",
1: "ADD",
2: "REMOVE",
}
var BindingDelta_Action_value = map[string]int32{
"ACTION_UNSPECIFIED": 0,
"ADD": 1,
"REMOVE": 2,
}
Functions ¶
func RegisterIAMPolicyServer ¶
func RegisterIAMPolicyServer(s *grpc.Server, srv IAMPolicyServer)
Types ¶
type Binding ¶
type Binding struct { // Role that is assigned to `members`. // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. // Required Role string `protobuf:"bytes,1,opt,name=role" json:"role,omitempty"` // Specifies the identities requesting access for a Cloud Platform resource. // `members` can have the following values: // // * `allUsers`: A special identifier that represents anyone who is // on the internet; with or without a Google account. // // * `allAuthenticatedUsers`: A special identifier that represents anyone // who is authenticated with a Google account or a service account. // // * `user:{emailid}`: An email address that represents a specific Google // account. For example, `alice@gmail.com` or `joe@example.com`. // // // * `serviceAccount:{emailid}`: An email address that represents a service // account. For example, `my-other-app@appspot.gserviceaccount.com`. // // * `group:{emailid}`: An email address that represents a Google group. // For example, `admins@example.com`. // // * `domain:{domain}`: A Google Apps domain name that represents all the // users of that domain. For example, `google.com` or `example.com`. // // Members []string `protobuf:"bytes,2,rep,name=members" json:"members,omitempty"` }
Associates `members` with a `role`.
func (*Binding) Descriptor ¶
func (*Binding) GetMembers ¶
func (*Binding) ProtoMessage ¶
func (*Binding) ProtoMessage()
type BindingDelta ¶
type BindingDelta struct { // The action that was performed on a Binding. // Required Action BindingDelta_Action `protobuf:"varint,1,opt,name=action,enum=google.iam.v1.BindingDelta_Action" json:"action,omitempty"` // Role that is assigned to `members`. // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. // Required Role string `protobuf:"bytes,2,opt,name=role" json:"role,omitempty"` // A single identity requesting access for a Cloud Platform resource. // Follows the same format of Binding.members. // Required Member string `protobuf:"bytes,3,opt,name=member" json:"member,omitempty"` }
One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.
func (*BindingDelta) Descriptor ¶
func (*BindingDelta) Descriptor() ([]byte, []int)
func (*BindingDelta) GetAction ¶
func (m *BindingDelta) GetAction() BindingDelta_Action
func (*BindingDelta) GetMember ¶
func (m *BindingDelta) GetMember() string
func (*BindingDelta) GetRole ¶
func (m *BindingDelta) GetRole() string
func (*BindingDelta) ProtoMessage ¶
func (*BindingDelta) ProtoMessage()
func (*BindingDelta) Reset ¶
func (m *BindingDelta) Reset()
func (*BindingDelta) String ¶
func (m *BindingDelta) String() string
type BindingDelta_Action ¶
type BindingDelta_Action int32
The type of action performed on a Binding in a policy.
const ( // Unspecified. BindingDelta_ACTION_UNSPECIFIED BindingDelta_Action = 0 // Addition of a Binding. BindingDelta_ADD BindingDelta_Action = 1 // Removal of a Binding. BindingDelta_REMOVE BindingDelta_Action = 2 )
func (BindingDelta_Action) EnumDescriptor ¶
func (BindingDelta_Action) EnumDescriptor() ([]byte, []int)
func (BindingDelta_Action) String ¶
func (x BindingDelta_Action) String() string
type GetIamPolicyRequest ¶
type GetIamPolicyRequest struct { // REQUIRED: The resource for which the policy is being requested. // `resource` is usually specified as a path. For example, a Project // resource is specified as `projects/{project}`. Resource string `protobuf:"bytes,1,opt,name=resource" json:"resource,omitempty"` }
Request message for `GetIamPolicy` method.
func (*GetIamPolicyRequest) Descriptor ¶
func (*GetIamPolicyRequest) Descriptor() ([]byte, []int)
func (*GetIamPolicyRequest) GetResource ¶
func (m *GetIamPolicyRequest) GetResource() string
func (*GetIamPolicyRequest) ProtoMessage ¶
func (*GetIamPolicyRequest) ProtoMessage()
func (*GetIamPolicyRequest) Reset ¶
func (m *GetIamPolicyRequest) Reset()
func (*GetIamPolicyRequest) String ¶
func (m *GetIamPolicyRequest) String() string
type IAMPolicyClient ¶
type IAMPolicyClient interface { // Sets the access control policy on the specified resource. Replaces any // existing policy. SetIamPolicy(ctx context.Context, in *SetIamPolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Gets the access control policy for a resource. // Returns an empty policy if the resource exists and does not have a policy // set. GetIamPolicy(ctx context.Context, in *GetIamPolicyRequest, opts ...grpc.CallOption) (*Policy, error) // Returns permissions that a caller has on the specified resource. // If the resource does not exist, this will return an empty set of // permissions, not a NOT_FOUND error. TestIamPermissions(ctx context.Context, in *TestIamPermissionsRequest, opts ...grpc.CallOption) (*TestIamPermissionsResponse, error) }
func NewIAMPolicyClient ¶
func NewIAMPolicyClient(cc *grpc.ClientConn) IAMPolicyClient
type IAMPolicyServer ¶
type IAMPolicyServer interface { // Sets the access control policy on the specified resource. Replaces any // existing policy. SetIamPolicy(context.Context, *SetIamPolicyRequest) (*Policy, error) // Gets the access control policy for a resource. // Returns an empty policy if the resource exists and does not have a policy // set. GetIamPolicy(context.Context, *GetIamPolicyRequest) (*Policy, error) // Returns permissions that a caller has on the specified resource. // If the resource does not exist, this will return an empty set of // permissions, not a NOT_FOUND error. TestIamPermissions(context.Context, *TestIamPermissionsRequest) (*TestIamPermissionsResponse, error) }
type Policy ¶
type Policy struct { // Version of the `Policy`. The default version is 0. Version int32 `protobuf:"varint,1,opt,name=version" json:"version,omitempty"` // Associates a list of `members` to a `role`. // Multiple `bindings` must not be specified for the same `role`. // `bindings` with no members will result in an error. Bindings []*Binding `protobuf:"bytes,4,rep,name=bindings" json:"bindings,omitempty"` // `etag` is used for optimistic concurrency control as a way to help // prevent simultaneous updates of a policy from overwriting each other. // It is strongly suggested that systems make use of the `etag` in the // read-modify-write cycle to perform policy updates in order to avoid race // conditions: An `etag` is returned in the response to `getIamPolicy`, and // systems are expected to put that etag in the request to `setIamPolicy` to // ensure that their change will be applied to the same version of the policy. // // If no `etag` is provided in the call to `setIamPolicy`, then the existing // policy is overwritten blindly. Etag []byte `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"` }
Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM.
**Example**
{ "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] }
For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam).
func (*Policy) Descriptor ¶
func (*Policy) GetBindings ¶
func (*Policy) GetVersion ¶
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
type PolicyDelta ¶
type PolicyDelta struct { // The delta for Bindings between two policies. BindingDeltas []*BindingDelta `protobuf:"bytes,1,rep,name=binding_deltas,json=bindingDeltas" json:"binding_deltas,omitempty"` }
The difference delta between two policies.
func (*PolicyDelta) Descriptor ¶
func (*PolicyDelta) Descriptor() ([]byte, []int)
func (*PolicyDelta) GetBindingDeltas ¶
func (m *PolicyDelta) GetBindingDeltas() []*BindingDelta
func (*PolicyDelta) ProtoMessage ¶
func (*PolicyDelta) ProtoMessage()
func (*PolicyDelta) Reset ¶
func (m *PolicyDelta) Reset()
func (*PolicyDelta) String ¶
func (m *PolicyDelta) String() string
type SetIamPolicyRequest ¶
type SetIamPolicyRequest struct { // REQUIRED: The resource for which the policy is being specified. // `resource` is usually specified as a path. For example, a Project // resource is specified as `projects/{project}`. Resource string `protobuf:"bytes,1,opt,name=resource" json:"resource,omitempty"` // REQUIRED: The complete policy to be applied to the `resource`. The size of // the policy is limited to a few 10s of KB. An empty policy is a // valid policy but certain Cloud Platform services (such as Projects) // might reject them. Policy *Policy `protobuf:"bytes,2,opt,name=policy" json:"policy,omitempty"` }
Request message for `SetIamPolicy` method.
func (*SetIamPolicyRequest) Descriptor ¶
func (*SetIamPolicyRequest) Descriptor() ([]byte, []int)
func (*SetIamPolicyRequest) GetPolicy ¶
func (m *SetIamPolicyRequest) GetPolicy() *Policy
func (*SetIamPolicyRequest) GetResource ¶
func (m *SetIamPolicyRequest) GetResource() string
func (*SetIamPolicyRequest) ProtoMessage ¶
func (*SetIamPolicyRequest) ProtoMessage()
func (*SetIamPolicyRequest) Reset ¶
func (m *SetIamPolicyRequest) Reset()
func (*SetIamPolicyRequest) String ¶
func (m *SetIamPolicyRequest) String() string
type TestIamPermissionsRequest ¶
type TestIamPermissionsRequest struct { // REQUIRED: The resource for which the policy detail is being requested. // `resource` is usually specified as a path. For example, a Project // resource is specified as `projects/{project}`. Resource string `protobuf:"bytes,1,opt,name=resource" json:"resource,omitempty"` // The set of permissions to check for the `resource`. Permissions with // wildcards (such as '*' or 'storage.*') are not allowed. For more // information see // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). Permissions []string `protobuf:"bytes,2,rep,name=permissions" json:"permissions,omitempty"` }
Request message for `TestIamPermissions` method.
func (*TestIamPermissionsRequest) Descriptor ¶
func (*TestIamPermissionsRequest) Descriptor() ([]byte, []int)
func (*TestIamPermissionsRequest) GetPermissions ¶
func (m *TestIamPermissionsRequest) GetPermissions() []string
func (*TestIamPermissionsRequest) GetResource ¶
func (m *TestIamPermissionsRequest) GetResource() string
func (*TestIamPermissionsRequest) ProtoMessage ¶
func (*TestIamPermissionsRequest) ProtoMessage()
func (*TestIamPermissionsRequest) Reset ¶
func (m *TestIamPermissionsRequest) Reset()
func (*TestIamPermissionsRequest) String ¶
func (m *TestIamPermissionsRequest) String() string
type TestIamPermissionsResponse ¶
type TestIamPermissionsResponse struct { // A subset of `TestPermissionsRequest.permissions` that the caller is // allowed. Permissions []string `protobuf:"bytes,1,rep,name=permissions" json:"permissions,omitempty"` }
Response message for `TestIamPermissions` method.
func (*TestIamPermissionsResponse) Descriptor ¶
func (*TestIamPermissionsResponse) Descriptor() ([]byte, []int)
func (*TestIamPermissionsResponse) GetPermissions ¶
func (m *TestIamPermissionsResponse) GetPermissions() []string
func (*TestIamPermissionsResponse) ProtoMessage ¶
func (*TestIamPermissionsResponse) ProtoMessage()
func (*TestIamPermissionsResponse) Reset ¶
func (m *TestIamPermissionsResponse) Reset()
func (*TestIamPermissionsResponse) String ¶
func (m *TestIamPermissionsResponse) String() string