You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
3.1 KiB
74 lines
3.1 KiB
// Copyright 2019 Google LLC. |
|
// |
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
|
// you may not use this file except in compliance with the License. |
|
// You may obtain a copy of the License at |
|
// |
|
// http://www.apache.org/licenses/LICENSE-2.0 |
|
// |
|
// Unless required by applicable law or agreed to in writing, software |
|
// distributed under the License is distributed on an "AS IS" BASIS, |
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
// See the License for the specific language governing permissions and |
|
// limitations under the License. |
|
// |
|
|
|
syntax = "proto3"; |
|
|
|
package google.cloud.policytroubleshooter.v1; |
|
|
|
import public "google/cloud/policytroubleshooter/v1/explanations.proto"; |
|
import "google/api/annotations.proto"; |
|
import "google/api/client.proto"; |
|
|
|
option cc_enable_arenas = true; |
|
option csharp_namespace = "Google.Cloud.PolicyTroubleshooter.V1"; |
|
option go_package = "google.golang.org/genproto/googleapis/cloud/policytroubleshooter/v1;policytroubleshooter"; |
|
option java_multiple_files = true; |
|
option java_outer_classname = "IAMCheckerProto"; |
|
option java_package = "com.google.cloud.policytroubleshooter.v1"; |
|
option php_namespace = "Google\\Cloud\\PolicyTroubleshooter\\V1"; |
|
option ruby_package = "Google::Cloud::PolicyTroubleshooter::V1"; |
|
|
|
// IAM Policy Troubleshooter service. |
|
// |
|
// This service helps you troubleshoot access issues for Google Cloud resources. |
|
service IamChecker { |
|
option (google.api.default_host) = "policytroubleshooter.googleapis.com"; |
|
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; |
|
|
|
// Checks whether a member has a specific permission for a specific resource, |
|
// and explains why the member does or does not have that permission. |
|
rpc TroubleshootIamPolicy(TroubleshootIamPolicyRequest) returns (TroubleshootIamPolicyResponse) { |
|
option (google.api.http) = { |
|
post: "/v1/iam:troubleshoot" |
|
body: "*" |
|
}; |
|
} |
|
} |
|
|
|
// Request for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. |
|
message TroubleshootIamPolicyRequest { |
|
// The information to use for checking whether a member has a permission for a |
|
// resource. |
|
AccessTuple access_tuple = 1; |
|
} |
|
|
|
// Response for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. |
|
message TroubleshootIamPolicyResponse { |
|
// Indicates whether the member has the specified permission for the specified |
|
// resource, based on evaluating all of the applicable IAM policies. |
|
AccessState access = 1; |
|
|
|
// List of IAM policies that were evaluated to check the member's permissions, |
|
// with annotations to indicate how each policy contributed to the final |
|
// result. |
|
// |
|
// The list of policies can include the policy for the resource itself. It can |
|
// also include policies that are inherited from higher levels of the resource |
|
// hierarchy, including the organization, the folder, and the project. |
|
// |
|
// To learn more about the resource hierarchy, see |
|
// https://cloud.google.com/iam/help/resource-hierarchy. |
|
repeated ExplainedPolicy explained_policies = 2; |
|
}
|
|
|