HuQiong
/
grpc_3rd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
grpc 第三方依赖 就是grpc的 third_party 文件夹
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
3 Tags
127 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 1297acf91b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1297acf91b'
${ noResults }
grpc_3rd/googleapis/google/cloud/asset/v1p4beta1/assets.proto

167 lines
6.8 KiB
Raw Blame History

// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.asset.v1p4beta1;
import "google/iam/v1/policy.proto";
import "google/rpc/code.proto";
import "google/api/annotations.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Asset.V1P4Beta1";
option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p4beta1;asset";
option java_multiple_files = true;
option java_outer_classname = "AssetProto";
option java_package = "com.google.cloud.asset.v1p4beta1";
option php_namespace = "Google\\Cloud\\Asset\\V1p4beta1";
// IAM Policy analysis result, consisting of one IAM policy binding and derived
// access control lists.
message IamPolicyAnalysisResult {
// Represents analysis state of each node in the result graph or non-critical
// errors in the response.
message AnalysisState {
// The Google standard error code that best describes the state.
// For example:
// - OK means the node has been successfully explored;
// - PERMISSION_DENIED means an access denied error is encountered;
// - DEADLINE_EXCEEDED means the node hasn't been explored in time;
google.rpc.Code code = 1;
// The human-readable description of the cause of failure.
string cause = 2;
}
// A GCP resource that appears in an access control list.
message Resource {
// The [full resource name](https://aip.dev/122#full-resource-names).
string full_resource_name = 1;
// The analysis state of this resource node.
AnalysisState analysis_state = 2;
}
// A role or permission that appears in an access control list.
message Access {
oneof oneof_access {
// The role.
string role = 1;
// The permission.
string permission = 2;
}
// The analysis state of this access node.
AnalysisState analysis_state = 3;
}
// A directional edge.
message Edge {
// The source node of the edge.
string source_node = 1;
// The target node of the edge.
string target_node = 2;
}
// An identity that appears in an access control list.
message Identity {
// The identity name in any form of members appear in
// [IAM policy
// binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
// as:
// - user:foo@google.com
// - group:group1@google.com
// - serviceAccount:s1@prj1.iam.gserviceaccount.com
// - projectOwner:some_project_id
// - domain:google.com
// - allUsers
// - etc.
string name = 1;
// The analysis state of this identity node.
AnalysisState analysis_state = 2;
}
// An access control list, derived from the above IAM policy binding, which
// contains a set of resources and accesses. May include one
// item from each set to compose an access control entry.
//
// NOTICE that there could be multiple access control lists for one IAM policy
// binding. The access control lists are created based on resource and access
// combinations.
//
// For example, assume we have the following cases in one IAM policy binding:
// - Permission P1 and P2 apply to resource R1 and R2;
// - Permission P3 applies to resource R2 and R3;
//
// This will result in the following access control lists:
// - AccessControlList 1: [R1, R2], [P1, P2]
// - AccessControlList 2: [R2, R3], [P3]
message AccessControlList {
// The resources that match one of the following conditions:
// - The resource_selector, if it is specified in request;
// - Otherwise, resources reachable from the policy attached resource.
repeated Resource resources = 1;
// The accesses that match one of the following conditions:
// - The access_selector, if it is specified in request;
// - Otherwise, access specifiers reachable from the policy binding's role.
repeated Access accesses = 2;
// Resource edges of the graph starting from the policy attached
// resource to any descendant resources. The [Edge.source_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.source_node] contains
// the full resource name of a parent resource and [Edge.target_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.target_node]
// contains the full resource name of a child resource. This field is
// present only if the output_resource_edges option is enabled in request.
repeated Edge resource_edges = 3;
}
message IdentityList {
// Only the identities that match one of the following conditions will be
// presented:
// - The identity_selector, if it is specified in request;
// - Otherwise, identities reachable from the policy binding's members.
repeated Identity identities = 1;
// Group identity edges of the graph starting from the binding's
// group members to any node of the [identities][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.IdentityList.identities]. The [Edge.source_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.source_node]
// contains a group, such as "group:parent@google.com". The
// [Edge.target_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.target_node] contains a member of the group,
// such as "group:child@google.com" or "user:foo@google.com".
// This field is present only if the output_group_edges option is enabled in
// request.
repeated Edge group_edges = 2;
}
// The full name of the resource to which the [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] policy attaches.
string attached_resource_full_name = 1;
// The Cloud IAM policy binding under analysis.
google.iam.v1.Binding iam_binding = 2;
// The access control lists derived from the [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] that match or
// potentially match resource and access selectors specified in the request.
repeated AccessControlList access_control_lists = 3;
// The identity list derived from members of the [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] that match or
// potentially match identity selector specified in the request.
IdentityList identity_list = 4;
// Represents whether all nodes in the transitive closure of the
// [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] node have been explored.
bool fully_explored = 5;
}