Enum value maps for ServiceAccountKeyAlgorithm.
var (
ServiceAccountKeyAlgorithm_name = map[int32]string{
0: "KEY_ALG_UNSPECIFIED",
1: "KEY_ALG_RSA_1024",
2: "KEY_ALG_RSA_2048",
}
ServiceAccountKeyAlgorithm_value = map[string]int32{
"KEY_ALG_UNSPECIFIED": 0,
"KEY_ALG_RSA_1024": 1,
"KEY_ALG_RSA_2048": 2,
}
)
Enum value maps for ServiceAccountPrivateKeyType.
var (
ServiceAccountPrivateKeyType_name = map[int32]string{
0: "TYPE_UNSPECIFIED",
1: "TYPE_PKCS12_FILE",
2: "TYPE_GOOGLE_CREDENTIALS_FILE",
}
ServiceAccountPrivateKeyType_value = map[string]int32{
"TYPE_UNSPECIFIED": 0,
"TYPE_PKCS12_FILE": 1,
"TYPE_GOOGLE_CREDENTIALS_FILE": 2,
}
)
Enum value maps for ServiceAccountPublicKeyType.
var (
ServiceAccountPublicKeyType_name = map[int32]string{
0: "TYPE_NONE",
1: "TYPE_X509_PEM_FILE",
2: "TYPE_RAW_PUBLIC_KEY",
}
ServiceAccountPublicKeyType_value = map[string]int32{
"TYPE_NONE": 0,
"TYPE_X509_PEM_FILE": 1,
"TYPE_RAW_PUBLIC_KEY": 2,
}
)
Enum value maps for ServiceAccountKeyOrigin.
var (
ServiceAccountKeyOrigin_name = map[int32]string{
0: "ORIGIN_UNSPECIFIED",
1: "USER_PROVIDED",
2: "GOOGLE_PROVIDED",
}
ServiceAccountKeyOrigin_value = map[string]int32{
"ORIGIN_UNSPECIFIED": 0,
"USER_PROVIDED": 1,
"GOOGLE_PROVIDED": 2,
}
)
Enum value maps for RoleView.
var (
RoleView_name = map[int32]string{
0: "BASIC",
1: "FULL",
}
RoleView_value = map[string]int32{
"BASIC": 0,
"FULL": 1,
}
)
Enum value maps for ListServiceAccountKeysRequest_KeyType.
var (
ListServiceAccountKeysRequest_KeyType_name = map[int32]string{
0: "KEY_TYPE_UNSPECIFIED",
1: "USER_MANAGED",
2: "SYSTEM_MANAGED",
}
ListServiceAccountKeysRequest_KeyType_value = map[string]int32{
"KEY_TYPE_UNSPECIFIED": 0,
"USER_MANAGED": 1,
"SYSTEM_MANAGED": 2,
}
)
Enum value maps for Role_RoleLaunchStage.
var (
Role_RoleLaunchStage_name = map[int32]string{
0: "ALPHA",
1: "BETA",
2: "GA",
4: "DEPRECATED",
5: "DISABLED",
6: "EAP",
}
Role_RoleLaunchStage_value = map[string]int32{
"ALPHA": 0,
"BETA": 1,
"GA": 2,
"DEPRECATED": 4,
"DISABLED": 5,
"EAP": 6,
}
)
Enum value maps for Permission_PermissionLaunchStage.
var (
Permission_PermissionLaunchStage_name = map[int32]string{
0: "ALPHA",
1: "BETA",
2: "GA",
3: "DEPRECATED",
}
Permission_PermissionLaunchStage_value = map[string]int32{
"ALPHA": 0,
"BETA": 1,
"GA": 2,
"DEPRECATED": 3,
}
)
Enum value maps for Permission_CustomRolesSupportLevel.
var (
Permission_CustomRolesSupportLevel_name = map[int32]string{
0: "SUPPORTED",
1: "TESTING",
2: "NOT_SUPPORTED",
}
Permission_CustomRolesSupportLevel_value = map[string]int32{
"SUPPORTED": 0,
"TESTING": 1,
"NOT_SUPPORTED": 2,
}
)
Enum value maps for LintResult_Level.
var (
LintResult_Level_name = map[int32]string{
0: "LEVEL_UNSPECIFIED",
3: "CONDITION",
}
LintResult_Level_value = map[string]int32{
"LEVEL_UNSPECIFIED": 0,
"CONDITION": 3,
}
)
Enum value maps for LintResult_Severity.
var (
LintResult_Severity_name = map[int32]string{
0: "SEVERITY_UNSPECIFIED",
1: "ERROR",
2: "WARNING",
3: "NOTICE",
4: "INFO",
5: "DEPRECATED",
}
LintResult_Severity_value = map[string]int32{
"SEVERITY_UNSPECIFIED": 0,
"ERROR": 1,
"WARNING": 2,
"NOTICE": 3,
"INFO": 4,
"DEPRECATED": 5,
}
)
var File_google_iam_admin_v1_audit_data_proto protoreflect.FileDescriptor
var File_google_iam_admin_v1_iam_proto protoreflect.FileDescriptor
func RegisterIAMServer(s *grpc.Server, srv IAMServer)
Audit log information specific to Cloud IAM admin APIs. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.
type AuditData struct {
// The permission_delta when when creating or updating a Role.
PermissionDelta *AuditData_PermissionDelta `protobuf:"bytes,1,opt,name=permission_delta,json=permissionDelta,proto3" json:"permission_delta,omitempty"`
// contains filtered or unexported fields
}
func (*AuditData) Descriptor() ([]byte, []int)
Deprecated: Use AuditData.ProtoReflect.Descriptor instead.
func (x *AuditData) GetPermissionDelta() *AuditData_PermissionDelta
func (*AuditData) ProtoMessage()
func (x *AuditData) ProtoReflect() protoreflect.Message
func (x *AuditData) Reset()
func (x *AuditData) String() string
A PermissionDelta message to record the added_permissions and removed_permissions inside a role.
type AuditData_PermissionDelta struct {
// Added permissions.
AddedPermissions []string `protobuf:"bytes,1,rep,name=added_permissions,json=addedPermissions,proto3" json:"added_permissions,omitempty"`
// Removed permissions.
RemovedPermissions []string `protobuf:"bytes,2,rep,name=removed_permissions,json=removedPermissions,proto3" json:"removed_permissions,omitempty"`
// contains filtered or unexported fields
}
func (*AuditData_PermissionDelta) Descriptor() ([]byte, []int)
Deprecated: Use AuditData_PermissionDelta.ProtoReflect.Descriptor instead.
func (x *AuditData_PermissionDelta) GetAddedPermissions() []string
func (x *AuditData_PermissionDelta) GetRemovedPermissions() []string
func (*AuditData_PermissionDelta) ProtoMessage()
func (x *AuditData_PermissionDelta) ProtoReflect() protoreflect.Message
func (x *AuditData_PermissionDelta) Reset()
func (x *AuditData_PermissionDelta) String() string
The request to create a new role.
type CreateRoleRequest struct {
// The `parent` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `parent` value format is described below:
//
// - [`projects.roles.create()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/create):
// `projects/{PROJECT_ID}`. This method creates project-level
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
//
// - [`organizations.roles.create()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/create):
// `organizations/{ORGANIZATION_ID}`. This method creates organization-level
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// The role ID to use for this role.
//
// A role ID may contain alphanumeric characters, underscores (`_`), and
// periods (`.`). It must contain a minimum of 3 characters and a maximum of
// 64 characters.
RoleId string `protobuf:"bytes,2,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"`
// The Role resource to create.
Role *Role `protobuf:"bytes,3,opt,name=role,proto3" json:"role,omitempty"`
// contains filtered or unexported fields
}
func (*CreateRoleRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateRoleRequest.ProtoReflect.Descriptor instead.
func (x *CreateRoleRequest) GetParent() string
func (x *CreateRoleRequest) GetRole() *Role
func (x *CreateRoleRequest) GetRoleId() string
func (*CreateRoleRequest) ProtoMessage()
func (x *CreateRoleRequest) ProtoReflect() protoreflect.Message
func (x *CreateRoleRequest) Reset()
func (x *CreateRoleRequest) String() string
The service account key create request.
type CreateServiceAccountKeyRequest struct {
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The output format of the private key. The default value is
// `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File
// format.
PrivateKeyType ServiceAccountPrivateKeyType `protobuf:"varint,2,opt,name=private_key_type,json=privateKeyType,proto3,enum=google.iam.admin.v1.ServiceAccountPrivateKeyType" json:"private_key_type,omitempty"`
// Which type of key and algorithm to use for the key.
// The default is currently a 2K RSA key. However this may change in the
// future.
KeyAlgorithm ServiceAccountKeyAlgorithm `protobuf:"varint,3,opt,name=key_algorithm,json=keyAlgorithm,proto3,enum=google.iam.admin.v1.ServiceAccountKeyAlgorithm" json:"key_algorithm,omitempty"`
// contains filtered or unexported fields
}
func (*CreateServiceAccountKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (x *CreateServiceAccountKeyRequest) GetKeyAlgorithm() ServiceAccountKeyAlgorithm
func (x *CreateServiceAccountKeyRequest) GetName() string
func (x *CreateServiceAccountKeyRequest) GetPrivateKeyType() ServiceAccountPrivateKeyType
func (*CreateServiceAccountKeyRequest) ProtoMessage()
func (x *CreateServiceAccountKeyRequest) ProtoReflect() protoreflect.Message
func (x *CreateServiceAccountKeyRequest) Reset()
func (x *CreateServiceAccountKeyRequest) String() string
The service account create request.
type CreateServiceAccountRequest struct {
// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. The account id that is used to generate the service account
// email address and a stable unique id. It is unique within a project,
// must be 6-30 characters long, and match the regular expression
// `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
AccountId string `protobuf:"bytes,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
// The [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to
// create. Currently, only the following values are user assignable:
// `display_name` and `description`.
ServiceAccount *ServiceAccount `protobuf:"bytes,3,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
// contains filtered or unexported fields
}
func (*CreateServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *CreateServiceAccountRequest) GetAccountId() string
func (x *CreateServiceAccountRequest) GetName() string
func (x *CreateServiceAccountRequest) GetServiceAccount() *ServiceAccount
func (*CreateServiceAccountRequest) ProtoMessage()
func (x *CreateServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *CreateServiceAccountRequest) Reset()
func (x *CreateServiceAccountRequest) String() string
The request to delete an existing role.
type DeleteRoleRequest struct {
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`projects.roles.delete()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/delete):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.delete()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/delete):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// deletes only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Used to perform a consistent read-modify-write.
Etag []byte `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}
func (*DeleteRoleRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteRoleRequest.ProtoReflect.Descriptor instead.
func (x *DeleteRoleRequest) GetEtag() []byte
func (x *DeleteRoleRequest) GetName() string
func (*DeleteRoleRequest) ProtoMessage()
func (x *DeleteRoleRequest) ProtoReflect() protoreflect.Message
func (x *DeleteRoleRequest) Reset()
func (x *DeleteRoleRequest) String() string
The service account key delete request.
type DeleteServiceAccountKeyRequest struct {
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*DeleteServiceAccountKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (x *DeleteServiceAccountKeyRequest) GetName() string
func (*DeleteServiceAccountKeyRequest) ProtoMessage()
func (x *DeleteServiceAccountKeyRequest) ProtoReflect() protoreflect.Message
func (x *DeleteServiceAccountKeyRequest) Reset()
func (x *DeleteServiceAccountKeyRequest) String() string
The service account delete request.
type DeleteServiceAccountRequest struct {
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*DeleteServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *DeleteServiceAccountRequest) GetName() string
func (*DeleteServiceAccountRequest) ProtoMessage()
func (x *DeleteServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *DeleteServiceAccountRequest) Reset()
func (x *DeleteServiceAccountRequest) String() string
The service account key disable request.
type DisableServiceAccountKeyRequest struct {
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
//
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*DisableServiceAccountKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use DisableServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (x *DisableServiceAccountKeyRequest) GetName() string
func (*DisableServiceAccountKeyRequest) ProtoMessage()
func (x *DisableServiceAccountKeyRequest) ProtoReflect() protoreflect.Message
func (x *DisableServiceAccountKeyRequest) Reset()
func (x *DisableServiceAccountKeyRequest) String() string
The service account disable request.
type DisableServiceAccountRequest struct {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*DisableServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use DisableServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *DisableServiceAccountRequest) GetName() string
func (*DisableServiceAccountRequest) ProtoMessage()
func (x *DisableServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *DisableServiceAccountRequest) Reset()
func (x *DisableServiceAccountRequest) String() string
The service account key enable request.
type EnableServiceAccountKeyRequest struct {
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
//
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*EnableServiceAccountKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use EnableServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (x *EnableServiceAccountKeyRequest) GetName() string
func (*EnableServiceAccountKeyRequest) ProtoMessage()
func (x *EnableServiceAccountKeyRequest) ProtoReflect() protoreflect.Message
func (x *EnableServiceAccountKeyRequest) Reset()
func (x *EnableServiceAccountKeyRequest) String() string
The service account enable request.
type EnableServiceAccountRequest struct {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*EnableServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use EnableServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *EnableServiceAccountRequest) GetName() string
func (*EnableServiceAccountRequest) ProtoMessage()
func (x *EnableServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *EnableServiceAccountRequest) Reset()
func (x *EnableServiceAccountRequest) String() string
The request to get the definition of an existing role.
type GetRoleRequest struct {
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles),
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles),
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`roles.get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
// This method returns results from all
// [predefined
// roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles)
// in Cloud IAM. Example request URL:
// `https://iam.googleapis.com/v1/roles/{ROLE_NAME}`
//
// - [`projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/get):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/get):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// returns only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*GetRoleRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetRoleRequest.ProtoReflect.Descriptor instead.
func (x *GetRoleRequest) GetName() string
func (*GetRoleRequest) ProtoMessage()
func (x *GetRoleRequest) ProtoReflect() protoreflect.Message
func (x *GetRoleRequest) Reset()
func (x *GetRoleRequest) String() string
The service account key get by id request.
type GetServiceAccountKeyRequest struct {
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
//
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The output format of the public key. The default is `TYPE_NONE`, which
// means that the public key is not returned.
PublicKeyType ServiceAccountPublicKeyType `protobuf:"varint,2,opt,name=public_key_type,json=publicKeyType,proto3,enum=google.iam.admin.v1.ServiceAccountPublicKeyType" json:"public_key_type,omitempty"`
// contains filtered or unexported fields
}
func (*GetServiceAccountKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (x *GetServiceAccountKeyRequest) GetName() string
func (x *GetServiceAccountKeyRequest) GetPublicKeyType() ServiceAccountPublicKeyType
func (*GetServiceAccountKeyRequest) ProtoMessage()
func (x *GetServiceAccountKeyRequest) ProtoReflect() protoreflect.Message
func (x *GetServiceAccountKeyRequest) Reset()
func (x *GetServiceAccountKeyRequest) String() string
The service account get request.
type GetServiceAccountRequest struct {
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*GetServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *GetServiceAccountRequest) GetName() string
func (*GetServiceAccountRequest) ProtoMessage()
func (x *GetServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *GetServiceAccountRequest) Reset()
func (x *GetServiceAccountRequest) String() string
IAMClient is the client API for IAM service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type IAMClient interface {
// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
ListServiceAccounts(ctx context.Context, in *ListServiceAccountsRequest, opts ...grpc.CallOption) (*ListServiceAccountsResponse, error)
// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
GetServiceAccount(ctx context.Context, in *GetServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
CreateServiceAccount(ctx context.Context, in *CreateServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
// **Note:** We are in the process of deprecating this method. Use
// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
//
// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// You can update only the `display_name` field.
UpdateServiceAccount(ctx context.Context, in *ServiceAccount, opts ...grpc.CallOption) (*ServiceAccount, error)
// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
PatchServiceAccount(ctx context.Context, in *PatchServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Warning:** After you delete a service account, you might not be able to
// undelete it. If you know that you need to re-enable the service account in
// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
//
// If you delete a service account, IAM permanently removes the service
// account 30 days later. Google Cloud cannot recover the service account
// after it is permanently removed, even if you file a support request.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
// service account, then wait at least 24 hours and watch for unintended
// consequences. If there are no unintended consequences, you can delete the
// service account.
DeleteServiceAccount(ctx context.Context, in *DeleteServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Important:** It is not always possible to restore a deleted service
// account. Use this method only as a last resort.
//
// After you delete a service account, IAM permanently removes the service
// account 30 days later. There is no way to restore a deleted service account
// that has been permanently removed.
UndeleteServiceAccount(ctx context.Context, in *UndeleteServiceAccountRequest, opts ...grpc.CallOption) (*UndeleteServiceAccountResponse, error)
// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
//
// If the service account is already enabled, then this method has no effect.
//
// If the service account was disabled by other means—for example, if Google
// disabled the service account because it was compromised—you cannot use this
// method to enable the service account.
EnableServiceAccount(ctx context.Context, in *EnableServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
//
// If an application uses the service account to authenticate, that
// application can no longer call Google APIs or access Google Cloud
// resources. Existing access tokens for the service account are rejected, and
// requests for new access tokens will fail.
//
// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
// re-enable the service account, its existing access tokens will be accepted,
// and you can request new access tokens.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use this method to disable the service
// account, then wait at least 24 hours and watch for unintended consequences.
// If there are no unintended consequences, you can delete the service account
// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
DisableServiceAccount(ctx context.Context, in *DisableServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
ListServiceAccountKeys(ctx context.Context, in *ListServiceAccountKeysRequest, opts ...grpc.CallOption) (*ListServiceAccountKeysResponse, error)
// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
GetServiceAccountKey(ctx context.Context, in *GetServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
CreateServiceAccountKey(ctx context.Context, in *CreateServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
// Uploads the public key portion of a key pair that you manage, and
// associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// After you upload the public key, you can use the private key from the key
// pair as a service account key.
UploadServiceAccountKey(ctx context.Context, in *UploadServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
// revoke short-lived credentials that have been issued based on the service
// account key.
DeleteServiceAccountKey(ctx context.Context, in *DeleteServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
// Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be
// re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].
DisableServiceAccountKey(ctx context.Context, in *DisableServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
// Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
EnableServiceAccountKey(ctx context.Context, in *EnableServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a JSON Web Token (JWT) using the system-managed private key for a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error)
// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
// policy specifies which principals have access to the service account.
//
// This method does not tell you whether the service account has been granted
// any roles on other resources. To check whether a service account has role
// grants on a resource, use the `getIamPolicy` method for that resource. For
// example, to view the role grants for a project, call the Resource Manager
// API's
// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
// method.
GetIamPolicy(ctx context.Context, in *v1.GetIamPolicyRequest, opts ...grpc.CallOption) (*v1.Policy, error)
// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// Use this method to grant or revoke access to the service account. For
// example, you could grant a principal the ability to impersonate the service
// account.
//
// This method does not enable the service account to access other resources.
// To grant roles to a service account on a resource, follow these steps:
//
// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
// 2. Edit the policy so that it binds the service account to an IAM role for
// the resource.
// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
//
// For detailed instructions, see
// [Manage access to project, folders, and
// organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
// or [Manage access to other
// resources](https://cloud.google.com/iam/help/access/manage-other-resources).
SetIamPolicy(ctx context.Context, in *v1.SetIamPolicyRequest, opts ...grpc.CallOption) (*v1.Policy, error)
// Tests whether the caller has the specified permissions on a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
TestIamPermissions(ctx context.Context, in *v1.TestIamPermissionsRequest, opts ...grpc.CallOption) (*v1.TestIamPermissionsResponse, error)
// Lists roles that can be granted on a Google Cloud resource. A role is
// grantable if the IAM policy for the resource can contain bindings to the
// role.
QueryGrantableRoles(ctx context.Context, in *QueryGrantableRolesRequest, opts ...grpc.CallOption) (*QueryGrantableRolesResponse, error)
// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
// that is defined for an organization or project.
ListRoles(ctx context.Context, in *ListRolesRequest, opts ...grpc.CallOption) (*ListRolesResponse, error)
// Gets the definition of a [Role][google.iam.admin.v1.Role].
GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*Role, error)
// Creates a new custom [Role][google.iam.admin.v1.Role].
CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*Role, error)
// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*Role, error)
// Deletes a custom [Role][google.iam.admin.v1.Role].
//
// When you delete a custom role, the following changes occur immediately:
//
// * You cannot bind a principal to the custom role in an IAM
// [Policy][google.iam.v1.Policy].
// * Existing bindings to the custom role are not changed, but they have no
// effect.
// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
// role.
//
// You have 7 days to undelete the custom role. After 7 days, the following
// changes occur:
//
// * The custom role is permanently deleted and cannot be recovered.
// * If an IAM policy contains a binding to the custom role, the binding is
// permanently removed.
DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*Role, error)
// Undeletes a custom [Role][google.iam.admin.v1.Role].
UndeleteRole(ctx context.Context, in *UndeleteRoleRequest, opts ...grpc.CallOption) (*Role, error)
// Lists every permission that you can test on a resource. A permission is
// testable if you can check whether a principal has that permission on the
// resource.
QueryTestablePermissions(ctx context.Context, in *QueryTestablePermissionsRequest, opts ...grpc.CallOption) (*QueryTestablePermissionsResponse, error)
// Returns a list of services that allow you to opt into audit logs that are
// not generated by default.
//
// To learn more about audit logs, see the [Logging
// documentation](https://cloud.google.com/logging/docs/audit).
QueryAuditableServices(ctx context.Context, in *QueryAuditableServicesRequest, opts ...grpc.CallOption) (*QueryAuditableServicesResponse, error)
// Lints, or validates, an IAM policy. Currently checks the
// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
// expression for a role binding.
//
// Successful calls to this method always return an HTTP `200 OK` status code,
// even if the linter detects an issue in the IAM policy.
LintPolicy(ctx context.Context, in *LintPolicyRequest, opts ...grpc.CallOption) (*LintPolicyResponse, error)
}
func NewIAMClient(cc grpc.ClientConnInterface) IAMClient
IAMServer is the server API for IAM service.
type IAMServer interface {
// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
ListServiceAccounts(context.Context, *ListServiceAccountsRequest) (*ListServiceAccountsResponse, error)
// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
GetServiceAccount(context.Context, *GetServiceAccountRequest) (*ServiceAccount, error)
// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
CreateServiceAccount(context.Context, *CreateServiceAccountRequest) (*ServiceAccount, error)
// **Note:** We are in the process of deprecating this method. Use
// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
//
// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// You can update only the `display_name` field.
UpdateServiceAccount(context.Context, *ServiceAccount) (*ServiceAccount, error)
// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
PatchServiceAccount(context.Context, *PatchServiceAccountRequest) (*ServiceAccount, error)
// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Warning:** After you delete a service account, you might not be able to
// undelete it. If you know that you need to re-enable the service account in
// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
//
// If you delete a service account, IAM permanently removes the service
// account 30 days later. Google Cloud cannot recover the service account
// after it is permanently removed, even if you file a support request.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
// service account, then wait at least 24 hours and watch for unintended
// consequences. If there are no unintended consequences, you can delete the
// service account.
DeleteServiceAccount(context.Context, *DeleteServiceAccountRequest) (*emptypb.Empty, error)
// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Important:** It is not always possible to restore a deleted service
// account. Use this method only as a last resort.
//
// After you delete a service account, IAM permanently removes the service
// account 30 days later. There is no way to restore a deleted service account
// that has been permanently removed.
UndeleteServiceAccount(context.Context, *UndeleteServiceAccountRequest) (*UndeleteServiceAccountResponse, error)
// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
//
// If the service account is already enabled, then this method has no effect.
//
// If the service account was disabled by other means—for example, if Google
// disabled the service account because it was compromised—you cannot use this
// method to enable the service account.
EnableServiceAccount(context.Context, *EnableServiceAccountRequest) (*emptypb.Empty, error)
// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
//
// If an application uses the service account to authenticate, that
// application can no longer call Google APIs or access Google Cloud
// resources. Existing access tokens for the service account are rejected, and
// requests for new access tokens will fail.
//
// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
// re-enable the service account, its existing access tokens will be accepted,
// and you can request new access tokens.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use this method to disable the service
// account, then wait at least 24 hours and watch for unintended consequences.
// If there are no unintended consequences, you can delete the service account
// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
DisableServiceAccount(context.Context, *DisableServiceAccountRequest) (*emptypb.Empty, error)
// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
ListServiceAccountKeys(context.Context, *ListServiceAccountKeysRequest) (*ListServiceAccountKeysResponse, error)
// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
GetServiceAccountKey(context.Context, *GetServiceAccountKeyRequest) (*ServiceAccountKey, error)
// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
CreateServiceAccountKey(context.Context, *CreateServiceAccountKeyRequest) (*ServiceAccountKey, error)
// Uploads the public key portion of a key pair that you manage, and
// associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// After you upload the public key, you can use the private key from the key
// pair as a service account key.
UploadServiceAccountKey(context.Context, *UploadServiceAccountKeyRequest) (*ServiceAccountKey, error)
// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
// revoke short-lived credentials that have been issued based on the service
// account key.
DeleteServiceAccountKey(context.Context, *DeleteServiceAccountKeyRequest) (*emptypb.Empty, error)
// Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be
// re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].
DisableServiceAccountKey(context.Context, *DisableServiceAccountKeyRequest) (*emptypb.Empty, error)
// Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
EnableServiceAccountKey(context.Context, *EnableServiceAccountKeyRequest) (*emptypb.Empty, error)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a JSON Web Token (JWT) using the system-managed private key for a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
// policy specifies which principals have access to the service account.
//
// This method does not tell you whether the service account has been granted
// any roles on other resources. To check whether a service account has role
// grants on a resource, use the `getIamPolicy` method for that resource. For
// example, to view the role grants for a project, call the Resource Manager
// API's
// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
// method.
GetIamPolicy(context.Context, *v1.GetIamPolicyRequest) (*v1.Policy, error)
// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// Use this method to grant or revoke access to the service account. For
// example, you could grant a principal the ability to impersonate the service
// account.
//
// This method does not enable the service account to access other resources.
// To grant roles to a service account on a resource, follow these steps:
//
// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
// 2. Edit the policy so that it binds the service account to an IAM role for
// the resource.
// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
//
// For detailed instructions, see
// [Manage access to project, folders, and
// organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
// or [Manage access to other
// resources](https://cloud.google.com/iam/help/access/manage-other-resources).
SetIamPolicy(context.Context, *v1.SetIamPolicyRequest) (*v1.Policy, error)
// Tests whether the caller has the specified permissions on a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
TestIamPermissions(context.Context, *v1.TestIamPermissionsRequest) (*v1.TestIamPermissionsResponse, error)
// Lists roles that can be granted on a Google Cloud resource. A role is
// grantable if the IAM policy for the resource can contain bindings to the
// role.
QueryGrantableRoles(context.Context, *QueryGrantableRolesRequest) (*QueryGrantableRolesResponse, error)
// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
// that is defined for an organization or project.
ListRoles(context.Context, *ListRolesRequest) (*ListRolesResponse, error)
// Gets the definition of a [Role][google.iam.admin.v1.Role].
GetRole(context.Context, *GetRoleRequest) (*Role, error)
// Creates a new custom [Role][google.iam.admin.v1.Role].
CreateRole(context.Context, *CreateRoleRequest) (*Role, error)
// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
UpdateRole(context.Context, *UpdateRoleRequest) (*Role, error)
// Deletes a custom [Role][google.iam.admin.v1.Role].
//
// When you delete a custom role, the following changes occur immediately:
//
// * You cannot bind a principal to the custom role in an IAM
// [Policy][google.iam.v1.Policy].
// * Existing bindings to the custom role are not changed, but they have no
// effect.
// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
// role.
//
// You have 7 days to undelete the custom role. After 7 days, the following
// changes occur:
//
// * The custom role is permanently deleted and cannot be recovered.
// * If an IAM policy contains a binding to the custom role, the binding is
// permanently removed.
DeleteRole(context.Context, *DeleteRoleRequest) (*Role, error)
// Undeletes a custom [Role][google.iam.admin.v1.Role].
UndeleteRole(context.Context, *UndeleteRoleRequest) (*Role, error)
// Lists every permission that you can test on a resource. A permission is
// testable if you can check whether a principal has that permission on the
// resource.
QueryTestablePermissions(context.Context, *QueryTestablePermissionsRequest) (*QueryTestablePermissionsResponse, error)
// Returns a list of services that allow you to opt into audit logs that are
// not generated by default.
//
// To learn more about audit logs, see the [Logging
// documentation](https://cloud.google.com/logging/docs/audit).
QueryAuditableServices(context.Context, *QueryAuditableServicesRequest) (*QueryAuditableServicesResponse, error)
// Lints, or validates, an IAM policy. Currently checks the
// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
// expression for a role binding.
//
// Successful calls to this method always return an HTTP `200 OK` status code,
// even if the linter detects an issue in the IAM policy.
LintPolicy(context.Context, *LintPolicyRequest) (*LintPolicyResponse, error)
}
The request to lint a Cloud IAM policy object.
type LintPolicyRequest struct {
// The full resource name of the policy this lint request is about.
//
// The name follows the Google Cloud Platform (GCP) resource format.
// For example, a GCP project with ID `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
//
// The resource name is not used to read the policy instance from the Cloud
// IAM database. The candidate policy for lint has to be provided in the same
// request object.
FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// Required. The Cloud IAM object to be linted.
//
// Types that are assignable to LintObject:
//
// *LintPolicyRequest_Condition
LintObject isLintPolicyRequest_LintObject `protobuf_oneof:"lint_object"`
// contains filtered or unexported fields
}
func (*LintPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use LintPolicyRequest.ProtoReflect.Descriptor instead.
func (x *LintPolicyRequest) GetCondition() *expr.Expr
func (x *LintPolicyRequest) GetFullResourceName() string
func (m *LintPolicyRequest) GetLintObject() isLintPolicyRequest_LintObject
func (*LintPolicyRequest) ProtoMessage()
func (x *LintPolicyRequest) ProtoReflect() protoreflect.Message
func (x *LintPolicyRequest) Reset()
func (x *LintPolicyRequest) String() string
type LintPolicyRequest_Condition struct {
// [google.iam.v1.Binding.condition] [google.iam.v1.Binding.condition] object to be linted.
Condition *expr.Expr `protobuf:"bytes,5,opt,name=condition,proto3,oneof"`
}
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
type LintPolicyResponse struct {
// List of lint results sorted by `severity` in descending order.
LintResults []*LintResult `protobuf:"bytes,1,rep,name=lint_results,json=lintResults,proto3" json:"lint_results,omitempty"`
// contains filtered or unexported fields
}
func (*LintPolicyResponse) Descriptor() ([]byte, []int)
Deprecated: Use LintPolicyResponse.ProtoReflect.Descriptor instead.
func (x *LintPolicyResponse) GetLintResults() []*LintResult
func (*LintPolicyResponse) ProtoMessage()
func (x *LintPolicyResponse) ProtoReflect() protoreflect.Message
func (x *LintPolicyResponse) Reset()
func (x *LintPolicyResponse) String() string
Structured response of a single validation unit.
type LintResult struct {
// The validation unit level.
Level LintResult_Level `protobuf:"varint,1,opt,name=level,proto3,enum=google.iam.admin.v1.LintResult_Level" json:"level,omitempty"`
// The validation unit name, for instance
// "lintValidationUnits/ConditionComplexityCheck".
ValidationUnitName string `protobuf:"bytes,2,opt,name=validation_unit_name,json=validationUnitName,proto3" json:"validation_unit_name,omitempty"`
// The validation unit severity.
Severity LintResult_Severity `protobuf:"varint,3,opt,name=severity,proto3,enum=google.iam.admin.v1.LintResult_Severity" json:"severity,omitempty"`
// The name of the field for which this lint result is about.
//
// For nested messages `field_name` consists of names of the embedded fields
// separated by period character. The top-level qualifier is the input object
// to lint in the request. For example, the `field_name` value
// `condition.expression` identifies a lint result for the `expression` field
// of the provided condition.
FieldName string `protobuf:"bytes,5,opt,name=field_name,json=fieldName,proto3" json:"field_name,omitempty"`
// 0-based character position of problematic construct within the object
// identified by `field_name`. Currently, this is populated only for condition
// expression.
LocationOffset int32 `protobuf:"varint,6,opt,name=location_offset,json=locationOffset,proto3" json:"location_offset,omitempty"`
// Human readable debug message associated with the issue.
DebugMessage string `protobuf:"bytes,7,opt,name=debug_message,json=debugMessage,proto3" json:"debug_message,omitempty"`
// contains filtered or unexported fields
}
func (*LintResult) Descriptor() ([]byte, []int)
Deprecated: Use LintResult.ProtoReflect.Descriptor instead.
func (x *LintResult) GetDebugMessage() string
func (x *LintResult) GetFieldName() string
func (x *LintResult) GetLevel() LintResult_Level
func (x *LintResult) GetLocationOffset() int32
func (x *LintResult) GetSeverity() LintResult_Severity
func (x *LintResult) GetValidationUnitName() string
func (*LintResult) ProtoMessage()
func (x *LintResult) ProtoReflect() protoreflect.Message
func (x *LintResult) Reset()
func (x *LintResult) String() string
Possible Level values of a validation unit corresponding to its domain of discourse.
type LintResult_Level int32
const (
// Level is unspecified.
LintResult_LEVEL_UNSPECIFIED LintResult_Level = 0
// A validation unit which operates on an individual condition within a
// binding.
LintResult_CONDITION LintResult_Level = 3
)
func (LintResult_Level) Descriptor() protoreflect.EnumDescriptor
func (x LintResult_Level) Enum() *LintResult_Level
func (LintResult_Level) EnumDescriptor() ([]byte, []int)
Deprecated: Use LintResult_Level.Descriptor instead.
func (x LintResult_Level) Number() protoreflect.EnumNumber
func (x LintResult_Level) String() string
func (LintResult_Level) Type() protoreflect.EnumType
Possible Severity values of an issued result.
type LintResult_Severity int32
const (
// Severity is unspecified.
LintResult_SEVERITY_UNSPECIFIED LintResult_Severity = 0
// A validation unit returns an error only for critical issues. If an
// attempt is made to set the problematic policy without rectifying the
// critical issue, it causes the `setPolicy` operation to fail.
LintResult_ERROR LintResult_Severity = 1
// Any issue which is severe enough but does not cause an error.
// For example, suspicious constructs in the input object will not
// necessarily fail `setPolicy`, but there is a high likelihood that they
// won't behave as expected during policy evaluation in `checkPolicy`.
// This includes the following common scenarios:
//
// - Unsatisfiable condition: Expired timestamp in date/time condition.
// - Ineffective condition: Condition on a <principal, role> pair which is
// granted unconditionally in another binding of the same policy.
LintResult_WARNING LintResult_Severity = 2
// Reserved for the issues that are not severe as `ERROR`/`WARNING`, but
// need special handling. For instance, messages about skipped validation
// units are issued as `NOTICE`.
LintResult_NOTICE LintResult_Severity = 3
// Any informative statement which is not severe enough to raise
// `ERROR`/`WARNING`/`NOTICE`, like auto-correction recommendations on the
// input content. Note that current version of the linter does not utilize
// `INFO`.
LintResult_INFO LintResult_Severity = 4
// Deprecated severity level.
LintResult_DEPRECATED LintResult_Severity = 5
)
func (LintResult_Severity) Descriptor() protoreflect.EnumDescriptor
func (x LintResult_Severity) Enum() *LintResult_Severity
func (LintResult_Severity) EnumDescriptor() ([]byte, []int)
Deprecated: Use LintResult_Severity.Descriptor instead.
func (x LintResult_Severity) Number() protoreflect.EnumNumber
func (x LintResult_Severity) String() string
func (LintResult_Severity) Type() protoreflect.EnumType
The request to get all roles defined under a resource.
type ListRolesRequest struct {
// The `parent` parameter's value depends on the target resource for the
// request, namely
// [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles),
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles),
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `parent` value format is described below:
//
// - [`roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An empty string.
// This method doesn't require a resource; it simply returns all
// [predefined
// roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles)
// in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles`
//
// - [`projects.roles.list()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/list):
// `projects/{PROJECT_ID}`. This method lists all project-level
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
//
// - [`organizations.roles.list()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/list):
// `organizations/{ORGANIZATION_ID}`. This method lists all
// organization-level [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional limit on the number of roles to include in the response.
//
// The default is 300, and the maximum is 1,000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier ListRolesResponse.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional view for the returned Role objects. When `FULL` is specified,
// the `includedPermissions` field is returned, which includes a list of all
// permissions in the role. The default value is `BASIC`, which does not
// return the `includedPermissions` field.
View RoleView `protobuf:"varint,4,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
// Include Roles that have been deleted.
ShowDeleted bool `protobuf:"varint,6,opt,name=show_deleted,json=showDeleted,proto3" json:"show_deleted,omitempty"`
// contains filtered or unexported fields
}
func (*ListRolesRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListRolesRequest.ProtoReflect.Descriptor instead.
func (x *ListRolesRequest) GetPageSize() int32
func (x *ListRolesRequest) GetPageToken() string
func (x *ListRolesRequest) GetParent() string
func (x *ListRolesRequest) GetShowDeleted() bool
func (x *ListRolesRequest) GetView() RoleView
func (*ListRolesRequest) ProtoMessage()
func (x *ListRolesRequest) ProtoReflect() protoreflect.Message
func (x *ListRolesRequest) Reset()
func (x *ListRolesRequest) String() string
The response containing the roles defined under a resource.
type ListRolesResponse struct {
// The Roles defined on this resource.
Roles []*Role `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
// To retrieve the next page of results, set
// `ListRolesRequest.page_token` to this value.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
func (*ListRolesResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListRolesResponse.ProtoReflect.Descriptor instead.
func (x *ListRolesResponse) GetNextPageToken() string
func (x *ListRolesResponse) GetRoles() []*Role
func (*ListRolesResponse) ProtoMessage()
func (x *ListRolesResponse) ProtoReflect() protoreflect.Message
func (x *ListRolesResponse) Reset()
func (x *ListRolesResponse) String() string
The service account keys list request.
type ListServiceAccountKeysRequest struct {
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
//
// Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Filters the types of keys the user wants to include in the list
// response. Duplicate key types are not allowed. If no key type
// is provided, all keys are returned.
KeyTypes []ListServiceAccountKeysRequest_KeyType `protobuf:"varint,2,rep,packed,name=key_types,json=keyTypes,proto3,enum=google.iam.admin.v1.ListServiceAccountKeysRequest_KeyType" json:"key_types,omitempty"`
// contains filtered or unexported fields
}
func (*ListServiceAccountKeysRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListServiceAccountKeysRequest.ProtoReflect.Descriptor instead.
func (x *ListServiceAccountKeysRequest) GetKeyTypes() []ListServiceAccountKeysRequest_KeyType
func (x *ListServiceAccountKeysRequest) GetName() string
func (*ListServiceAccountKeysRequest) ProtoMessage()
func (x *ListServiceAccountKeysRequest) ProtoReflect() protoreflect.Message
func (x *ListServiceAccountKeysRequest) Reset()
func (x *ListServiceAccountKeysRequest) String() string
`KeyType` filters to selectively retrieve certain varieties of keys.
type ListServiceAccountKeysRequest_KeyType int32
const (
// Unspecified key type. The presence of this in the
// message will immediately result in an error.
ListServiceAccountKeysRequest_KEY_TYPE_UNSPECIFIED ListServiceAccountKeysRequest_KeyType = 0
// User-managed keys (managed and rotated by the user).
ListServiceAccountKeysRequest_USER_MANAGED ListServiceAccountKeysRequest_KeyType = 1
// System-managed keys (managed and rotated by Google).
ListServiceAccountKeysRequest_SYSTEM_MANAGED ListServiceAccountKeysRequest_KeyType = 2
)
func (ListServiceAccountKeysRequest_KeyType) Descriptor() protoreflect.EnumDescriptor
func (x ListServiceAccountKeysRequest_KeyType) Enum() *ListServiceAccountKeysRequest_KeyType
func (ListServiceAccountKeysRequest_KeyType) EnumDescriptor() ([]byte, []int)
Deprecated: Use ListServiceAccountKeysRequest_KeyType.Descriptor instead.
func (x ListServiceAccountKeysRequest_KeyType) Number() protoreflect.EnumNumber
func (x ListServiceAccountKeysRequest_KeyType) String() string
func (ListServiceAccountKeysRequest_KeyType) Type() protoreflect.EnumType
The service account keys list response.
type ListServiceAccountKeysResponse struct {
// The public keys for the service account.
Keys []*ServiceAccountKey `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
// contains filtered or unexported fields
}
func (*ListServiceAccountKeysResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListServiceAccountKeysResponse.ProtoReflect.Descriptor instead.
func (x *ListServiceAccountKeysResponse) GetKeys() []*ServiceAccountKey
func (*ListServiceAccountKeysResponse) ProtoMessage()
func (x *ListServiceAccountKeysResponse) ProtoReflect() protoreflect.Message
func (x *ListServiceAccountKeysResponse) Reset()
func (x *ListServiceAccountKeysResponse) String() string
The service account list request.
type ListServiceAccountsRequest struct {
// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional limit on the number of service accounts to include in the
// response. Further accounts can subsequently be obtained by including the
// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token]
// in a subsequent request.
//
// The default is 20, and the maximum is 100.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier
// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token].
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
func (*ListServiceAccountsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListServiceAccountsRequest.ProtoReflect.Descriptor instead.
func (x *ListServiceAccountsRequest) GetName() string
func (x *ListServiceAccountsRequest) GetPageSize() int32
func (x *ListServiceAccountsRequest) GetPageToken() string
func (*ListServiceAccountsRequest) ProtoMessage()
func (x *ListServiceAccountsRequest) ProtoReflect() protoreflect.Message
func (x *ListServiceAccountsRequest) Reset()
func (x *ListServiceAccountsRequest) String() string
The service account list response.
type ListServiceAccountsResponse struct {
// The list of matching service accounts.
Accounts []*ServiceAccount `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
// To retrieve the next page of results, set
// [ListServiceAccountsRequest.page_token][google.iam.admin.v1.ListServiceAccountsRequest.page_token]
// to this value.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
func (*ListServiceAccountsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListServiceAccountsResponse.ProtoReflect.Descriptor instead.
func (x *ListServiceAccountsResponse) GetAccounts() []*ServiceAccount
func (x *ListServiceAccountsResponse) GetNextPageToken() string
func (*ListServiceAccountsResponse) ProtoMessage()
func (x *ListServiceAccountsResponse) ProtoReflect() protoreflect.Message
func (x *ListServiceAccountsResponse) Reset()
func (x *ListServiceAccountsResponse) String() string
The service account patch request.
You can patch only the `display_name` and `description` fields. You must use the `update_mask` field to specify which of these fields you want to patch.
Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.
type PatchServiceAccountRequest struct {
ServiceAccount *ServiceAccount `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
func (*PatchServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use PatchServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *PatchServiceAccountRequest) GetServiceAccount() *ServiceAccount
func (x *PatchServiceAccountRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*PatchServiceAccountRequest) ProtoMessage()
func (x *PatchServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *PatchServiceAccountRequest) Reset()
func (x *PatchServiceAccountRequest) String() string
A permission which can be included by a role.
type Permission struct {
// The name of this Permission.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The title of this Permission.
Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
// A brief description of what this Permission is used for.
// This permission can ONLY be used in predefined roles.
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// Deprecated: Do not use.
OnlyInPredefinedRoles bool `protobuf:"varint,4,opt,name=only_in_predefined_roles,json=onlyInPredefinedRoles,proto3" json:"only_in_predefined_roles,omitempty"`
// The current launch stage of the permission.
Stage Permission_PermissionLaunchStage `protobuf:"varint,5,opt,name=stage,proto3,enum=google.iam.admin.v1.Permission_PermissionLaunchStage" json:"stage,omitempty"`
// The current custom role support level.
CustomRolesSupportLevel Permission_CustomRolesSupportLevel `protobuf:"varint,6,opt,name=custom_roles_support_level,json=customRolesSupportLevel,proto3,enum=google.iam.admin.v1.Permission_CustomRolesSupportLevel" json:"custom_roles_support_level,omitempty"`
// The service API associated with the permission is not enabled.
ApiDisabled bool `protobuf:"varint,7,opt,name=api_disabled,json=apiDisabled,proto3" json:"api_disabled,omitempty"`
// The preferred name for this permission. If present, then this permission is
// an alias of, and equivalent to, the listed primary_permission.
PrimaryPermission string `protobuf:"bytes,8,opt,name=primary_permission,json=primaryPermission,proto3" json:"primary_permission,omitempty"`
// contains filtered or unexported fields
}
func (*Permission) Descriptor() ([]byte, []int)
Deprecated: Use Permission.ProtoReflect.Descriptor instead.
func (x *Permission) GetApiDisabled() bool
func (x *Permission) GetCustomRolesSupportLevel() Permission_CustomRolesSupportLevel
func (x *Permission) GetDescription() string
func (x *Permission) GetName() string
func (x *Permission) GetOnlyInPredefinedRoles() bool
Deprecated: Do not use.
func (x *Permission) GetPrimaryPermission() string
func (x *Permission) GetStage() Permission_PermissionLaunchStage
func (x *Permission) GetTitle() string
func (*Permission) ProtoMessage()
func (x *Permission) ProtoReflect() protoreflect.Message
func (x *Permission) Reset()
func (x *Permission) String() string
The state of the permission with regards to custom roles.
type Permission_CustomRolesSupportLevel int32
const (
// Default state. Permission is fully supported for custom role use.
Permission_SUPPORTED Permission_CustomRolesSupportLevel = 0
// Permission is being tested to check custom role compatibility.
Permission_TESTING Permission_CustomRolesSupportLevel = 1
// Permission is not supported for custom role use.
Permission_NOT_SUPPORTED Permission_CustomRolesSupportLevel = 2
)
func (Permission_CustomRolesSupportLevel) Descriptor() protoreflect.EnumDescriptor
func (x Permission_CustomRolesSupportLevel) Enum() *Permission_CustomRolesSupportLevel
func (Permission_CustomRolesSupportLevel) EnumDescriptor() ([]byte, []int)
Deprecated: Use Permission_CustomRolesSupportLevel.Descriptor instead.
func (x Permission_CustomRolesSupportLevel) Number() protoreflect.EnumNumber
func (x Permission_CustomRolesSupportLevel) String() string
func (Permission_CustomRolesSupportLevel) Type() protoreflect.EnumType
A stage representing a permission's lifecycle phase.
type Permission_PermissionLaunchStage int32
const (
// The permission is currently in an alpha phase.
Permission_ALPHA Permission_PermissionLaunchStage = 0
// The permission is currently in a beta phase.
Permission_BETA Permission_PermissionLaunchStage = 1
// The permission is generally available.
Permission_GA Permission_PermissionLaunchStage = 2
// The permission is being deprecated.
Permission_DEPRECATED Permission_PermissionLaunchStage = 3
)
func (Permission_PermissionLaunchStage) Descriptor() protoreflect.EnumDescriptor
func (x Permission_PermissionLaunchStage) Enum() *Permission_PermissionLaunchStage
func (Permission_PermissionLaunchStage) EnumDescriptor() ([]byte, []int)
Deprecated: Use Permission_PermissionLaunchStage.Descriptor instead.
func (x Permission_PermissionLaunchStage) Number() protoreflect.EnumNumber
func (x Permission_PermissionLaunchStage) String() string
func (Permission_PermissionLaunchStage) Type() protoreflect.EnumType
A request to get the list of auditable services for a resource.
type QueryAuditableServicesRequest struct {
// Required. The full resource name to query from the list of auditable
// services.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// contains filtered or unexported fields
}
func (*QueryAuditableServicesRequest) Descriptor() ([]byte, []int)
Deprecated: Use QueryAuditableServicesRequest.ProtoReflect.Descriptor instead.
func (x *QueryAuditableServicesRequest) GetFullResourceName() string
func (*QueryAuditableServicesRequest) ProtoMessage()
func (x *QueryAuditableServicesRequest) ProtoReflect() protoreflect.Message
func (x *QueryAuditableServicesRequest) Reset()
func (x *QueryAuditableServicesRequest) String() string
A response containing a list of auditable services for a resource.
type QueryAuditableServicesResponse struct {
// The auditable services for a resource.
Services []*QueryAuditableServicesResponse_AuditableService `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
// contains filtered or unexported fields
}
func (*QueryAuditableServicesResponse) Descriptor() ([]byte, []int)
Deprecated: Use QueryAuditableServicesResponse.ProtoReflect.Descriptor instead.
func (x *QueryAuditableServicesResponse) GetServices() []*QueryAuditableServicesResponse_AuditableService
func (*QueryAuditableServicesResponse) ProtoMessage()
func (x *QueryAuditableServicesResponse) ProtoReflect() protoreflect.Message
func (x *QueryAuditableServicesResponse) Reset()
func (x *QueryAuditableServicesResponse) String() string
Contains information about an auditable service.
type QueryAuditableServicesResponse_AuditableService struct {
// Public name of the service.
// For example, the service name for Cloud IAM is 'iam.googleapis.com'.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*QueryAuditableServicesResponse_AuditableService) Descriptor() ([]byte, []int)
Deprecated: Use QueryAuditableServicesResponse_AuditableService.ProtoReflect.Descriptor instead.
func (x *QueryAuditableServicesResponse_AuditableService) GetName() string
func (*QueryAuditableServicesResponse_AuditableService) ProtoMessage()
func (x *QueryAuditableServicesResponse_AuditableService) ProtoReflect() protoreflect.Message
func (x *QueryAuditableServicesResponse_AuditableService) Reset()
func (x *QueryAuditableServicesResponse_AuditableService) String() string
The grantable role query request.
type QueryGrantableRolesRequest struct {
// Required. The full resource name to query from the list of grantable roles.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
View RoleView `protobuf:"varint,2,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
// Optional limit on the number of roles to include in the response.
//
// The default is 300, and the maximum is 1,000.
PageSize int32 `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier
// QueryGrantableRolesResponse.
PageToken string `protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
func (*QueryGrantableRolesRequest) Descriptor() ([]byte, []int)
Deprecated: Use QueryGrantableRolesRequest.ProtoReflect.Descriptor instead.
func (x *QueryGrantableRolesRequest) GetFullResourceName() string
func (x *QueryGrantableRolesRequest) GetPageSize() int32
func (x *QueryGrantableRolesRequest) GetPageToken() string
func (x *QueryGrantableRolesRequest) GetView() RoleView
func (*QueryGrantableRolesRequest) ProtoMessage()
func (x *QueryGrantableRolesRequest) ProtoReflect() protoreflect.Message
func (x *QueryGrantableRolesRequest) Reset()
func (x *QueryGrantableRolesRequest) String() string
The grantable role query response.
type QueryGrantableRolesResponse struct {
// The list of matching roles.
Roles []*Role `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
// To retrieve the next page of results, set
// `QueryGrantableRolesRequest.page_token` to this value.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
func (*QueryGrantableRolesResponse) Descriptor() ([]byte, []int)
Deprecated: Use QueryGrantableRolesResponse.ProtoReflect.Descriptor instead.
func (x *QueryGrantableRolesResponse) GetNextPageToken() string
func (x *QueryGrantableRolesResponse) GetRoles() []*Role
func (*QueryGrantableRolesResponse) ProtoMessage()
func (x *QueryGrantableRolesResponse) ProtoReflect() protoreflect.Message
func (x *QueryGrantableRolesResponse) Reset()
func (x *QueryGrantableRolesResponse) String() string
A request to get permissions which can be tested on a resource.
type QueryTestablePermissionsRequest struct {
// Required. The full resource name to query from the list of testable
// permissions.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// Optional limit on the number of permissions to include in the response.
//
// The default is 100, and the maximum is 1,000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier
// QueryTestablePermissionsRequest.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
func (*QueryTestablePermissionsRequest) Descriptor() ([]byte, []int)
Deprecated: Use QueryTestablePermissionsRequest.ProtoReflect.Descriptor instead.
func (x *QueryTestablePermissionsRequest) GetFullResourceName() string
func (x *QueryTestablePermissionsRequest) GetPageSize() int32
func (x *QueryTestablePermissionsRequest) GetPageToken() string
func (*QueryTestablePermissionsRequest) ProtoMessage()
func (x *QueryTestablePermissionsRequest) ProtoReflect() protoreflect.Message
func (x *QueryTestablePermissionsRequest) Reset()
func (x *QueryTestablePermissionsRequest) String() string
The response containing permissions which can be tested on a resource.
type QueryTestablePermissionsResponse struct {
// The Permissions testable on the requested resource.
Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
// To retrieve the next page of results, set
// `QueryTestableRolesRequest.page_token` to this value.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
func (*QueryTestablePermissionsResponse) Descriptor() ([]byte, []int)
Deprecated: Use QueryTestablePermissionsResponse.ProtoReflect.Descriptor instead.
func (x *QueryTestablePermissionsResponse) GetNextPageToken() string
func (x *QueryTestablePermissionsResponse) GetPermissions() []*Permission
func (*QueryTestablePermissionsResponse) ProtoMessage()
func (x *QueryTestablePermissionsResponse) ProtoReflect() protoreflect.Message
func (x *QueryTestablePermissionsResponse) Reset()
func (x *QueryTestablePermissionsResponse) String() string
A role in the Identity and Access Management API.
type Role struct {
// The name of the role.
//
// When Role is used in CreateRole, the role name must not be set.
//
// When Role is used in output and other input such as UpdateRole, the role
// name is the complete path, e.g., roles/logging.viewer for predefined roles
// and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. A human-readable title for the role. Typically this
// is limited to 100 UTF-8 bytes.
Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
// Optional. A human-readable description for the role.
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// The names of the permissions this role grants when bound in an IAM policy.
IncludedPermissions []string `protobuf:"bytes,7,rep,name=included_permissions,json=includedPermissions,proto3" json:"included_permissions,omitempty"`
// The current launch stage of the role. If the `ALPHA` launch stage has been
// selected for a role, the `stage` field will not be included in the
// returned definition for the role.
Stage Role_RoleLaunchStage `protobuf:"varint,8,opt,name=stage,proto3,enum=google.iam.admin.v1.Role_RoleLaunchStage" json:"stage,omitempty"`
// Used to perform a consistent read-modify-write.
Etag []byte `protobuf:"bytes,9,opt,name=etag,proto3" json:"etag,omitempty"`
// The current deleted state of the role. This field is read only.
// It will be ignored in calls to CreateRole and UpdateRole.
Deleted bool `protobuf:"varint,11,opt,name=deleted,proto3" json:"deleted,omitempty"`
// contains filtered or unexported fields
}
func (*Role) Descriptor() ([]byte, []int)
Deprecated: Use Role.ProtoReflect.Descriptor instead.
func (x *Role) GetDeleted() bool
func (x *Role) GetDescription() string
func (x *Role) GetEtag() []byte
func (x *Role) GetIncludedPermissions() []string
func (x *Role) GetName() string
func (x *Role) GetStage() Role_RoleLaunchStage
func (x *Role) GetTitle() string
func (*Role) ProtoMessage()
func (x *Role) ProtoReflect() protoreflect.Message
func (x *Role) Reset()
func (x *Role) String() string
A view for Role objects.
type RoleView int32
const (
// Omits the `included_permissions` field.
// This is the default value.
RoleView_BASIC RoleView = 0
// Returns all fields.
RoleView_FULL RoleView = 1
)
func (RoleView) Descriptor() protoreflect.EnumDescriptor
func (x RoleView) Enum() *RoleView
func (RoleView) EnumDescriptor() ([]byte, []int)
Deprecated: Use RoleView.Descriptor instead.
func (x RoleView) Number() protoreflect.EnumNumber
func (x RoleView) String() string
func (RoleView) Type() protoreflect.EnumType
A stage representing a role's lifecycle phase.
type Role_RoleLaunchStage int32
const (
// The user has indicated this role is currently in an Alpha phase. If this
// launch stage is selected, the `stage` field will not be included when
// requesting the definition for a given role.
Role_ALPHA Role_RoleLaunchStage = 0
// The user has indicated this role is currently in a Beta phase.
Role_BETA Role_RoleLaunchStage = 1
// The user has indicated this role is generally available.
Role_GA Role_RoleLaunchStage = 2
// The user has indicated this role is being deprecated.
Role_DEPRECATED Role_RoleLaunchStage = 4
// This role is disabled and will not contribute permissions to any
// principals it is granted to in policies.
Role_DISABLED Role_RoleLaunchStage = 5
// The user has indicated this role is currently in an EAP phase.
Role_EAP Role_RoleLaunchStage = 6
)
func (Role_RoleLaunchStage) Descriptor() protoreflect.EnumDescriptor
func (x Role_RoleLaunchStage) Enum() *Role_RoleLaunchStage
func (Role_RoleLaunchStage) EnumDescriptor() ([]byte, []int)
Deprecated: Use Role_RoleLaunchStage.Descriptor instead.
func (x Role_RoleLaunchStage) Number() protoreflect.EnumNumber
func (x Role_RoleLaunchStage) String() string
func (Role_RoleLaunchStage) Type() protoreflect.EnumType
An IAM service account.
A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the [overview of service accounts](https://cloud.google.com/iam/help/service-accounts/overview).
When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.
type ServiceAccount struct {
// The resource name of the service account.
//
// Use one of the following formats:
//
// * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}`
// * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`
//
// As an alternative, you can use the `-` wildcard character instead of the
// project ID:
//
// * `projects/-/serviceAccounts/{EMAIL_ADDRESS}`
// * `projects/-/serviceAccounts/{UNIQUE_ID}`
//
// When possible, avoid using the `-` wildcard character, because it can cause
// response messages to contain misleading error codes. For example, if you
// try to get the service account
// `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
// response contains an HTTP `403 Forbidden` error instead of a `404 Not
// Found` error.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The ID of the project that owns the service account.
ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
// Output only. The unique, stable numeric ID for the service account.
//
// Each service account retains its unique ID even if you delete the service
// account. For example, if you delete a service account, then create a new
// service account with the same name, the new service account has a different
// unique ID than the deleted service account.
UniqueId string `protobuf:"bytes,4,opt,name=unique_id,json=uniqueId,proto3" json:"unique_id,omitempty"`
// Output only. The email address of the service account.
Email string `protobuf:"bytes,5,opt,name=email,proto3" json:"email,omitempty"`
// Optional. A user-specified, human-readable name for the service account. The maximum
// length is 100 UTF-8 bytes.
DisplayName string `protobuf:"bytes,6,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
// Deprecated. Do not use.
//
// Deprecated: Do not use.
Etag []byte `protobuf:"bytes,7,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. A user-specified, human-readable description of the service account. The
// maximum length is 256 UTF-8 bytes.
Description string `protobuf:"bytes,8,opt,name=description,proto3" json:"description,omitempty"`
// Output only. The OAuth 2.0 client ID for the service account.
Oauth2ClientId string `protobuf:"bytes,9,opt,name=oauth2_client_id,json=oauth2ClientId,proto3" json:"oauth2_client_id,omitempty"`
// Output only. Whether the service account is disabled.
Disabled bool `protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
// contains filtered or unexported fields
}
func (*ServiceAccount) Descriptor() ([]byte, []int)
Deprecated: Use ServiceAccount.ProtoReflect.Descriptor instead.
func (x *ServiceAccount) GetDescription() string
func (x *ServiceAccount) GetDisabled() bool
func (x *ServiceAccount) GetDisplayName() string
func (x *ServiceAccount) GetEmail() string
func (x *ServiceAccount) GetEtag() []byte
Deprecated: Do not use.
func (x *ServiceAccount) GetName() string
func (x *ServiceAccount) GetOauth2ClientId() string
func (x *ServiceAccount) GetProjectId() string
func (x *ServiceAccount) GetUniqueId() string
func (*ServiceAccount) ProtoMessage()
func (x *ServiceAccount) ProtoReflect() protoreflect.Message
func (x *ServiceAccount) Reset()
func (x *ServiceAccount) String() string
Represents a service account key.
A service account has two sets of key-pairs: user-managed, and system-managed.
User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.
System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.
If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.
Public keys for all service accounts are also published at the OAuth2 Service Account API.
type ServiceAccountKey struct {
// The resource name of the service account key in the following format
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The output format for the private key.
// Only provided in `CreateServiceAccountKey` responses, not
// in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
//
// Google never exposes system-managed private keys, and never retains
// user-managed private keys.
PrivateKeyType ServiceAccountPrivateKeyType `protobuf:"varint,2,opt,name=private_key_type,json=privateKeyType,proto3,enum=google.iam.admin.v1.ServiceAccountPrivateKeyType" json:"private_key_type,omitempty"`
// Specifies the algorithm (and possibly key size) for the key.
KeyAlgorithm ServiceAccountKeyAlgorithm `protobuf:"varint,8,opt,name=key_algorithm,json=keyAlgorithm,proto3,enum=google.iam.admin.v1.ServiceAccountKeyAlgorithm" json:"key_algorithm,omitempty"`
// The private key data. Only provided in `CreateServiceAccountKey`
// responses. Make sure to keep the private key data secure because it
// allows for the assertion of the service account identity.
// When base64 decoded, the private key data can be used to authenticate with
// Google API client libraries and with
// <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
// auth activate-service-account</a>.
PrivateKeyData []byte `protobuf:"bytes,3,opt,name=private_key_data,json=privateKeyData,proto3" json:"private_key_data,omitempty"`
// The public key data. Only provided in `GetServiceAccountKey` responses.
PublicKeyData []byte `protobuf:"bytes,7,opt,name=public_key_data,json=publicKeyData,proto3" json:"public_key_data,omitempty"`
// The key can be used after this timestamp.
ValidAfterTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=valid_after_time,json=validAfterTime,proto3" json:"valid_after_time,omitempty"`
// The key can be used before this timestamp.
// For system-managed key pairs, this timestamp is the end time for the
// private key signing operation. The public key could still be used
// for verification for a few hours after this time.
ValidBeforeTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=valid_before_time,json=validBeforeTime,proto3" json:"valid_before_time,omitempty"`
// The key origin.
KeyOrigin ServiceAccountKeyOrigin `protobuf:"varint,9,opt,name=key_origin,json=keyOrigin,proto3,enum=google.iam.admin.v1.ServiceAccountKeyOrigin" json:"key_origin,omitempty"`
// The key type.
KeyType ListServiceAccountKeysRequest_KeyType `protobuf:"varint,10,opt,name=key_type,json=keyType,proto3,enum=google.iam.admin.v1.ListServiceAccountKeysRequest_KeyType" json:"key_type,omitempty"`
// The key status.
Disabled bool `protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
// contains filtered or unexported fields
}
func (*ServiceAccountKey) Descriptor() ([]byte, []int)
Deprecated: Use ServiceAccountKey.ProtoReflect.Descriptor instead.
func (x *ServiceAccountKey) GetDisabled() bool
func (x *ServiceAccountKey) GetKeyAlgorithm() ServiceAccountKeyAlgorithm
func (x *ServiceAccountKey) GetKeyOrigin() ServiceAccountKeyOrigin
func (x *ServiceAccountKey) GetKeyType() ListServiceAccountKeysRequest_KeyType
func (x *ServiceAccountKey) GetName() string
func (x *ServiceAccountKey) GetPrivateKeyData() []byte
func (x *ServiceAccountKey) GetPrivateKeyType() ServiceAccountPrivateKeyType
func (x *ServiceAccountKey) GetPublicKeyData() []byte
func (x *ServiceAccountKey) GetValidAfterTime() *timestamppb.Timestamp
func (x *ServiceAccountKey) GetValidBeforeTime() *timestamppb.Timestamp
func (*ServiceAccountKey) ProtoMessage()
func (x *ServiceAccountKey) ProtoReflect() protoreflect.Message
func (x *ServiceAccountKey) Reset()
func (x *ServiceAccountKey) String() string
Supported key algorithms.
type ServiceAccountKeyAlgorithm int32
const (
// An unspecified key algorithm.
ServiceAccountKeyAlgorithm_KEY_ALG_UNSPECIFIED ServiceAccountKeyAlgorithm = 0
// 1k RSA Key.
ServiceAccountKeyAlgorithm_KEY_ALG_RSA_1024 ServiceAccountKeyAlgorithm = 1
// 2k RSA Key.
ServiceAccountKeyAlgorithm_KEY_ALG_RSA_2048 ServiceAccountKeyAlgorithm = 2
)
func (ServiceAccountKeyAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (x ServiceAccountKeyAlgorithm) Enum() *ServiceAccountKeyAlgorithm
func (ServiceAccountKeyAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use ServiceAccountKeyAlgorithm.Descriptor instead.
func (x ServiceAccountKeyAlgorithm) Number() protoreflect.EnumNumber
func (x ServiceAccountKeyAlgorithm) String() string
func (ServiceAccountKeyAlgorithm) Type() protoreflect.EnumType
Service Account Key Origin.
type ServiceAccountKeyOrigin int32
const (
// Unspecified key origin.
ServiceAccountKeyOrigin_ORIGIN_UNSPECIFIED ServiceAccountKeyOrigin = 0
// Key is provided by user.
ServiceAccountKeyOrigin_USER_PROVIDED ServiceAccountKeyOrigin = 1
// Key is provided by Google.
ServiceAccountKeyOrigin_GOOGLE_PROVIDED ServiceAccountKeyOrigin = 2
)
func (ServiceAccountKeyOrigin) Descriptor() protoreflect.EnumDescriptor
func (x ServiceAccountKeyOrigin) Enum() *ServiceAccountKeyOrigin
func (ServiceAccountKeyOrigin) EnumDescriptor() ([]byte, []int)
Deprecated: Use ServiceAccountKeyOrigin.Descriptor instead.
func (x ServiceAccountKeyOrigin) Number() protoreflect.EnumNumber
func (x ServiceAccountKeyOrigin) String() string
func (ServiceAccountKeyOrigin) Type() protoreflect.EnumType
Supported private key output formats.
type ServiceAccountPrivateKeyType int32
const (
// Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.
ServiceAccountPrivateKeyType_TYPE_UNSPECIFIED ServiceAccountPrivateKeyType = 0
// PKCS12 format.
// The password for the PKCS12 file is `notasecret`.
// For more information, see https://tools.ietf.org/html/rfc7292.
ServiceAccountPrivateKeyType_TYPE_PKCS12_FILE ServiceAccountPrivateKeyType = 1
// Google Credentials File format.
ServiceAccountPrivateKeyType_TYPE_GOOGLE_CREDENTIALS_FILE ServiceAccountPrivateKeyType = 2
)
func (ServiceAccountPrivateKeyType) Descriptor() protoreflect.EnumDescriptor
func (x ServiceAccountPrivateKeyType) Enum() *ServiceAccountPrivateKeyType
func (ServiceAccountPrivateKeyType) EnumDescriptor() ([]byte, []int)
Deprecated: Use ServiceAccountPrivateKeyType.Descriptor instead.
func (x ServiceAccountPrivateKeyType) Number() protoreflect.EnumNumber
func (x ServiceAccountPrivateKeyType) String() string
func (ServiceAccountPrivateKeyType) Type() protoreflect.EnumType
Supported public key output formats.
type ServiceAccountPublicKeyType int32
const (
// Do not return the public key.
ServiceAccountPublicKeyType_TYPE_NONE ServiceAccountPublicKeyType = 0
// X509 PEM format.
ServiceAccountPublicKeyType_TYPE_X509_PEM_FILE ServiceAccountPublicKeyType = 1
// Raw public key.
ServiceAccountPublicKeyType_TYPE_RAW_PUBLIC_KEY ServiceAccountPublicKeyType = 2
)
func (ServiceAccountPublicKeyType) Descriptor() protoreflect.EnumDescriptor
func (x ServiceAccountPublicKeyType) Enum() *ServiceAccountPublicKeyType
func (ServiceAccountPublicKeyType) EnumDescriptor() ([]byte, []int)
Deprecated: Use ServiceAccountPublicKeyType.Descriptor instead.
func (x ServiceAccountPublicKeyType) Number() protoreflect.EnumNumber
func (x ServiceAccountPublicKeyType) String() string
func (ServiceAccountPublicKeyType) Type() protoreflect.EnumType
Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).
The service account sign blob request.
type SignBlobRequest struct {
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
//
// Deprecated: Do not use.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The bytes to sign.
//
// Deprecated: Do not use.
BytesToSign []byte `protobuf:"bytes,2,opt,name=bytes_to_sign,json=bytesToSign,proto3" json:"bytes_to_sign,omitempty"`
// contains filtered or unexported fields
}
func (*SignBlobRequest) Descriptor() ([]byte, []int)
Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.
func (x *SignBlobRequest) GetBytesToSign() []byte
Deprecated: Do not use.
func (x *SignBlobRequest) GetName() string
Deprecated: Do not use.
func (*SignBlobRequest) ProtoMessage()
func (x *SignBlobRequest) ProtoReflect() protoreflect.Message
func (x *SignBlobRequest) Reset()
func (x *SignBlobRequest) String() string
Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).
The service account sign blob response.
type SignBlobResponse struct {
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The id of the key used to sign the blob.
//
// Deprecated: Do not use.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The signed blob.
//
// Deprecated: Do not use.
Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
// contains filtered or unexported fields
}
func (*SignBlobResponse) Descriptor() ([]byte, []int)
Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.
func (x *SignBlobResponse) GetKeyId() string
Deprecated: Do not use.
func (x *SignBlobResponse) GetSignature() []byte
Deprecated: Do not use.
func (*SignBlobResponse) ProtoMessage()
func (x *SignBlobResponse) ProtoReflect() protoreflect.Message
func (x *SignBlobResponse) Reset()
func (x *SignBlobResponse) String() string
Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).
The service account sign JWT request.
type SignJwtRequest struct {
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
//
// Deprecated: Do not use.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The JWT payload to sign. Must be a serialized JSON object that contains a
// JWT Claims Set. For example: `{"sub": "user@example.com", "iat": 313435}`
//
// If the JWT Claims Set contains an expiration time (`exp`) claim, it must be
// an integer timestamp that is not in the past and no more than 12 hours in
// the future.
//
// If the JWT Claims Set does not contain an expiration time (`exp`) claim,
// this claim is added automatically, with a timestamp that is 1 hour in the
// future.
//
// Deprecated: Do not use.
Payload string `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
// contains filtered or unexported fields
}
func (*SignJwtRequest) Descriptor() ([]byte, []int)
Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.
func (x *SignJwtRequest) GetName() string
Deprecated: Do not use.
func (x *SignJwtRequest) GetPayload() string
Deprecated: Do not use.
func (*SignJwtRequest) ProtoMessage()
func (x *SignJwtRequest) ProtoReflect() protoreflect.Message
func (x *SignJwtRequest) Reset()
func (x *SignJwtRequest) String() string
Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).
The service account sign JWT response.
type SignJwtResponse struct {
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The id of the key used to sign the JWT.
//
// Deprecated: Do not use.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The signed JWT.
//
// Deprecated: Do not use.
SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"`
// contains filtered or unexported fields
}
func (*SignJwtResponse) Descriptor() ([]byte, []int)
Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.
func (x *SignJwtResponse) GetKeyId() string
Deprecated: Do not use.
func (x *SignJwtResponse) GetSignedJwt() string
Deprecated: Do not use.
func (*SignJwtResponse) ProtoMessage()
func (x *SignJwtResponse) ProtoReflect() protoreflect.Message
func (x *SignJwtResponse) Reset()
func (x *SignJwtResponse) String() string
The request to undelete an existing role.
type UndeleteRoleRequest struct {
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`projects.roles.undelete()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/undelete):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes
// only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.undelete()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/undelete):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// undeletes only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Used to perform a consistent read-modify-write.
Etag []byte `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}
func (*UndeleteRoleRequest) Descriptor() ([]byte, []int)
Deprecated: Use UndeleteRoleRequest.ProtoReflect.Descriptor instead.
func (x *UndeleteRoleRequest) GetEtag() []byte
func (x *UndeleteRoleRequest) GetName() string
func (*UndeleteRoleRequest) ProtoMessage()
func (x *UndeleteRoleRequest) ProtoReflect() protoreflect.Message
func (x *UndeleteRoleRequest) Reset()
func (x *UndeleteRoleRequest) String() string
The service account undelete request.
type UndeleteServiceAccountRequest struct {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
func (*UndeleteServiceAccountRequest) Descriptor() ([]byte, []int)
Deprecated: Use UndeleteServiceAccountRequest.ProtoReflect.Descriptor instead.
func (x *UndeleteServiceAccountRequest) GetName() string
func (*UndeleteServiceAccountRequest) ProtoMessage()
func (x *UndeleteServiceAccountRequest) ProtoReflect() protoreflect.Message
func (x *UndeleteServiceAccountRequest) Reset()
func (x *UndeleteServiceAccountRequest) String() string
type UndeleteServiceAccountResponse struct {
// Metadata for the restored service account.
RestoredAccount *ServiceAccount `protobuf:"bytes,1,opt,name=restored_account,json=restoredAccount,proto3" json:"restored_account,omitempty"`
// contains filtered or unexported fields
}
func (*UndeleteServiceAccountResponse) Descriptor() ([]byte, []int)
Deprecated: Use UndeleteServiceAccountResponse.ProtoReflect.Descriptor instead.
func (x *UndeleteServiceAccountResponse) GetRestoredAccount() *ServiceAccount
func (*UndeleteServiceAccountResponse) ProtoMessage()
func (x *UndeleteServiceAccountResponse) ProtoReflect() protoreflect.Message
func (x *UndeleteServiceAccountResponse) Reset()
func (x *UndeleteServiceAccountResponse) String() string
UnimplementedIAMServer can be embedded to have forward compatible implementations.
type UnimplementedIAMServer struct {
}
func (*UnimplementedIAMServer) CreateRole(context.Context, *CreateRoleRequest) (*Role, error)
func (*UnimplementedIAMServer) CreateServiceAccount(context.Context, *CreateServiceAccountRequest) (*ServiceAccount, error)
func (*UnimplementedIAMServer) CreateServiceAccountKey(context.Context, *CreateServiceAccountKeyRequest) (*ServiceAccountKey, error)
func (*UnimplementedIAMServer) DeleteRole(context.Context, *DeleteRoleRequest) (*Role, error)
func (*UnimplementedIAMServer) DeleteServiceAccount(context.Context, *DeleteServiceAccountRequest) (*emptypb.Empty, error)
func (*UnimplementedIAMServer) DeleteServiceAccountKey(context.Context, *DeleteServiceAccountKeyRequest) (*emptypb.Empty, error)
func (*UnimplementedIAMServer) DisableServiceAccount(context.Context, *DisableServiceAccountRequest) (*emptypb.Empty, error)
func (*UnimplementedIAMServer) DisableServiceAccountKey(context.Context, *DisableServiceAccountKeyRequest) (*emptypb.Empty, error)
func (*UnimplementedIAMServer) EnableServiceAccount(context.Context, *EnableServiceAccountRequest) (*emptypb.Empty, error)
func (*UnimplementedIAMServer) EnableServiceAccountKey(context.Context, *EnableServiceAccountKeyRequest) (*emptypb.Empty, error)
func (*UnimplementedIAMServer) GetIamPolicy(context.Context, *v1.GetIamPolicyRequest) (*v1.Policy, error)
func (*UnimplementedIAMServer) GetRole(context.Context, *GetRoleRequest) (*Role, error)
func (*UnimplementedIAMServer) GetServiceAccount(context.Context, *GetServiceAccountRequest) (*ServiceAccount, error)
func (*UnimplementedIAMServer) GetServiceAccountKey(context.Context, *GetServiceAccountKeyRequest) (*ServiceAccountKey, error)
func (*UnimplementedIAMServer) LintPolicy(context.Context, *LintPolicyRequest) (*LintPolicyResponse, error)
func (*UnimplementedIAMServer) ListRoles(context.Context, *ListRolesRequest) (*ListRolesResponse, error)
func (*UnimplementedIAMServer) ListServiceAccountKeys(context.Context, *ListServiceAccountKeysRequest) (*ListServiceAccountKeysResponse, error)
func (*UnimplementedIAMServer) ListServiceAccounts(context.Context, *ListServiceAccountsRequest) (*ListServiceAccountsResponse, error)
func (*UnimplementedIAMServer) PatchServiceAccount(context.Context, *PatchServiceAccountRequest) (*ServiceAccount, error)
func (*UnimplementedIAMServer) QueryAuditableServices(context.Context, *QueryAuditableServicesRequest) (*QueryAuditableServicesResponse, error)
func (*UnimplementedIAMServer) QueryGrantableRoles(context.Context, *QueryGrantableRolesRequest) (*QueryGrantableRolesResponse, error)
func (*UnimplementedIAMServer) QueryTestablePermissions(context.Context, *QueryTestablePermissionsRequest) (*QueryTestablePermissionsResponse, error)
func (*UnimplementedIAMServer) SetIamPolicy(context.Context, *v1.SetIamPolicyRequest) (*v1.Policy, error)
func (*UnimplementedIAMServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
func (*UnimplementedIAMServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
func (*UnimplementedIAMServer) TestIamPermissions(context.Context, *v1.TestIamPermissionsRequest) (*v1.TestIamPermissionsResponse, error)
func (*UnimplementedIAMServer) UndeleteRole(context.Context, *UndeleteRoleRequest) (*Role, error)
func (*UnimplementedIAMServer) UndeleteServiceAccount(context.Context, *UndeleteServiceAccountRequest) (*UndeleteServiceAccountResponse, error)
func (*UnimplementedIAMServer) UpdateRole(context.Context, *UpdateRoleRequest) (*Role, error)
func (*UnimplementedIAMServer) UpdateServiceAccount(context.Context, *ServiceAccount) (*ServiceAccount, error)
func (*UnimplementedIAMServer) UploadServiceAccountKey(context.Context, *UploadServiceAccountKeyRequest) (*ServiceAccountKey, error)
The request to update a role.
type UpdateRoleRequest struct {
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`projects.roles.patch()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/patch):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.patch()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/patch):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// updates only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The updated role.
Role *Role `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
// A mask describing which fields in the Role have changed.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
func (*UpdateRoleRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateRoleRequest.ProtoReflect.Descriptor instead.
func (x *UpdateRoleRequest) GetName() string
func (x *UpdateRoleRequest) GetRole() *Role
func (x *UpdateRoleRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*UpdateRoleRequest) ProtoMessage()
func (x *UpdateRoleRequest) ProtoReflect() protoreflect.Message
func (x *UpdateRoleRequest) Reset()
func (x *UpdateRoleRequest) String() string
The service account key upload request.
type UploadServiceAccountKeyRequest struct {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The public key to associate with the service account. Must be an RSA public
// key that is wrapped in an X.509 v3 certificate. Include the first line,
// `-----BEGIN CERTIFICATE-----`, and the last line,
// `-----END CERTIFICATE-----`.
PublicKeyData []byte `protobuf:"bytes,2,opt,name=public_key_data,json=publicKeyData,proto3" json:"public_key_data,omitempty"`
// contains filtered or unexported fields
}
func (*UploadServiceAccountKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UploadServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (x *UploadServiceAccountKeyRequest) GetName() string
func (x *UploadServiceAccountKeyRequest) GetPublicKeyData() []byte
func (*UploadServiceAccountKeyRequest) ProtoMessage()
func (x *UploadServiceAccountKeyRequest) ProtoReflect() protoreflect.Message
func (x *UploadServiceAccountKeyRequest) Reset()
func (x *UploadServiceAccountKeyRequest) String() string