75 lines
3.1 KiB
Protocol Buffer
75 lines
3.1 KiB
Protocol Buffer
// Copyright 2019 Google LLC.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
syntax = "proto3";
|
|
|
|
package google.cloud.policytroubleshooter.v1;
|
|
|
|
import public "google/cloud/policytroubleshooter/v1/explanations.proto";
|
|
import "google/api/annotations.proto";
|
|
import "google/api/client.proto";
|
|
|
|
option cc_enable_arenas = true;
|
|
option csharp_namespace = "Google.Cloud.PolicyTroubleshooter.V1";
|
|
option go_package = "google.golang.org/genproto/googleapis/cloud/policytroubleshooter/v1;policytroubleshooter";
|
|
option java_multiple_files = true;
|
|
option java_outer_classname = "IAMCheckerProto";
|
|
option java_package = "com.google.cloud.policytroubleshooter.v1";
|
|
option php_namespace = "Google\\Cloud\\PolicyTroubleshooter\\V1";
|
|
option ruby_package = "Google::Cloud::PolicyTroubleshooter::V1";
|
|
|
|
// IAM Policy Troubleshooter service.
|
|
//
|
|
// This service helps you troubleshoot access issues for Google Cloud resources.
|
|
service IamChecker {
|
|
option (google.api.default_host) = "policytroubleshooter.googleapis.com";
|
|
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
|
|
|
|
// Checks whether a member has a specific permission for a specific resource,
|
|
// and explains why the member does or does not have that permission.
|
|
rpc TroubleshootIamPolicy(TroubleshootIamPolicyRequest) returns (TroubleshootIamPolicyResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/iam:troubleshoot"
|
|
body: "*"
|
|
};
|
|
}
|
|
}
|
|
|
|
// Request for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy].
|
|
message TroubleshootIamPolicyRequest {
|
|
// The information to use for checking whether a member has a permission for a
|
|
// resource.
|
|
AccessTuple access_tuple = 1;
|
|
}
|
|
|
|
// Response for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy].
|
|
message TroubleshootIamPolicyResponse {
|
|
// Indicates whether the member has the specified permission for the specified
|
|
// resource, based on evaluating all of the applicable IAM policies.
|
|
AccessState access = 1;
|
|
|
|
// List of IAM policies that were evaluated to check the member's permissions,
|
|
// with annotations to indicate how each policy contributed to the final
|
|
// result.
|
|
//
|
|
// The list of policies can include the policy for the resource itself. It can
|
|
// also include policies that are inherited from higher levels of the resource
|
|
// hierarchy, including the organization, the folder, and the project.
|
|
//
|
|
// To learn more about the resource hierarchy, see
|
|
// https://cloud.google.com/iam/help/resource-hierarchy.
|
|
repeated ExplainedPolicy explained_policies = 2;
|
|
}
|