deny.pb.go

Documentation: cloud.google.com/go/iam/apiv2/iampb

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by protoc-gen-go. DO NOT EDIT.
    16  // versions:
    17  // 	protoc-gen-go v1.33.0
    18  // 	protoc        v4.25.3
    19  // source: google/iam/v2/deny.proto
    20  
    21  package iampb
    22  
    23  import (
    24  	reflect "reflect"
    25  	sync "sync"
    26  
    27  	expr "google.golang.org/genproto/googleapis/type/expr"
    28  	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
    29  	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
    30  )
    31  
    32  const (
    33  	// Verify that this generated code is sufficiently up-to-date.
    34  	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
    35  	// Verify that runtime/protoimpl is sufficiently up-to-date.
    36  	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
    37  )
    38  
    39  // A deny rule in an IAM deny policy.
    40  type DenyRule struct {
    41  	state         protoimpl.MessageState
    42  	sizeCache     protoimpl.SizeCache
    43  	unknownFields protoimpl.UnknownFields
    44  
    45  	// The identities that are prevented from using one or more permissions on
    46  	// Google Cloud resources. This field can contain the following values:
    47  	//
    48  	//   - `principalSet://goog/public:all`: A special identifier that represents
    49  	//     any principal that is on the internet, even if they do not have a Google
    50  	//     Account or are not logged in.
    51  	//
    52  	//   - `principal://goog/subject/{email_id}`: A specific Google Account.
    53  	//     Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    54  	//     example, `principal://goog/subject/alice@example.com`.
    55  	//
    56  	//   - `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    57  	//     Google Account that was deleted recently. For example,
    58  	//     `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    59  	//     the Google Account is recovered, this identifier reverts to the standard
    60  	//     identifier for a Google Account.
    61  	//
    62  	//   - `principalSet://goog/group/{group_id}`: A Google group. For example,
    63  	//     `principalSet://goog/group/admins@example.com`.
    64  	//
    65  	//   - `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    66  	//     that was deleted recently. For example,
    67  	//     `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    68  	//     the Google group is restored, this identifier reverts to the standard
    69  	//     identifier for a Google group.
    70  	//
    71  	//   - `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    72  	//     A Google Cloud service account. For example,
    73  	//     `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
    74  	//
    75  	//   - `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    76  	//     A Google Cloud service account that was deleted recently. For example,
    77  	//     `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    78  	//     If the service account is undeleted, this identifier reverts to the
    79  	//     standard identifier for a service account.
    80  	//
    81  	//   - `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    82  	//     principals associated with the specified Google Workspace or Cloud
    83  	//     Identity customer ID. For example,
    84  	//     `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
    85  	DeniedPrincipals []string `protobuf:"bytes,1,rep,name=denied_principals,json=deniedPrincipals,proto3" json:"denied_principals,omitempty"`
    86  	// The identities that are excluded from the deny rule, even if they are
    87  	// listed in the `denied_principals`. For example, you could add a Google
    88  	// group to the `denied_principals`, then exclude specific users who belong to
    89  	// that group.
    90  	//
    91  	// This field can contain the same values as the `denied_principals` field,
    92  	// excluding `principalSet://goog/public:all`, which represents all users on
    93  	// the internet.
    94  	ExceptionPrincipals []string `protobuf:"bytes,2,rep,name=exception_principals,json=exceptionPrincipals,proto3" json:"exception_principals,omitempty"`
    95  	// The permissions that are explicitly denied by this rule. Each permission
    96  	// uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
    97  	// is the fully qualified domain name for the service. For example,
    98  	// `iam.googleapis.com/roles.list`.
    99  	DeniedPermissions []string `protobuf:"bytes,3,rep,name=denied_permissions,json=deniedPermissions,proto3" json:"denied_permissions,omitempty"`
   100  	// Specifies the permissions that this rule excludes from the set of denied
   101  	// permissions given by `denied_permissions`. If a permission appears in
   102  	// `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
   103  	// denied.
   104  	//
   105  	// The excluded permissions can be specified using the same syntax as
   106  	// `denied_permissions`.
   107  	ExceptionPermissions []string `protobuf:"bytes,4,rep,name=exception_permissions,json=exceptionPermissions,proto3" json:"exception_permissions,omitempty"`
   108  	// The condition that determines whether this deny rule applies to a request.
   109  	// If the condition expression evaluates to `true`, then the deny rule is
   110  	// applied; otherwise, the deny rule is not applied.
   111  	//
   112  	// Each deny rule is evaluated independently. If this deny rule does not apply
   113  	// to a request, other deny rules might still apply.
   114  	//
   115  	// The condition can use CEL functions that evaluate
   116  	// [resource
   117  	// tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
   118  	// functions and operators are not supported.
   119  	DenialCondition *expr.Expr `protobuf:"bytes,5,opt,name=denial_condition,json=denialCondition,proto3" json:"denial_condition,omitempty"`
   120  }
   121  
   122  func (x *DenyRule) Reset() {
   123  	*x = DenyRule{}
   124  	if protoimpl.UnsafeEnabled {
   125  		mi := &file_google_iam_v2_deny_proto_msgTypes[0]
   126  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   127  		ms.StoreMessageInfo(mi)
   128  	}
   129  }
   130  
   131  func (x *DenyRule) String() string {
   132  	return protoimpl.X.MessageStringOf(x)
   133  }
   134  
   135  func (*DenyRule) ProtoMessage() {}
   136  
   137  func (x *DenyRule) ProtoReflect() protoreflect.Message {
   138  	mi := &file_google_iam_v2_deny_proto_msgTypes[0]
   139  	if protoimpl.UnsafeEnabled && x != nil {
   140  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   141  		if ms.LoadMessageInfo() == nil {
   142  			ms.StoreMessageInfo(mi)
   143  		}
   144  		return ms
   145  	}
   146  	return mi.MessageOf(x)
   147  }
   148  
   149  // Deprecated: Use DenyRule.ProtoReflect.Descriptor instead.
   150  func (*DenyRule) Descriptor() ([]byte, []int) {
   151  	return file_google_iam_v2_deny_proto_rawDescGZIP(), []int{0}
   152  }
   153  
   154  func (x *DenyRule) GetDeniedPrincipals() []string {
   155  	if x != nil {
   156  		return x.DeniedPrincipals
   157  	}
   158  	return nil
   159  }
   160  
   161  func (x *DenyRule) GetExceptionPrincipals() []string {
   162  	if x != nil {
   163  		return x.ExceptionPrincipals
   164  	}
   165  	return nil
   166  }
   167  
   168  func (x *DenyRule) GetDeniedPermissions() []string {
   169  	if x != nil {
   170  		return x.DeniedPermissions
   171  	}
   172  	return nil
   173  }
   174  
   175  func (x *DenyRule) GetExceptionPermissions() []string {
   176  	if x != nil {
   177  		return x.ExceptionPermissions
   178  	}
   179  	return nil
   180  }
   181  
   182  func (x *DenyRule) GetDenialCondition() *expr.Expr {
   183  	if x != nil {
   184  		return x.DenialCondition
   185  	}
   186  	return nil
   187  }
   188  
   189  var File_google_iam_v2_deny_proto protoreflect.FileDescriptor
   190  
   191  var file_google_iam_v2_deny_proto_rawDesc = []byte{
   192  	0x0a, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76, 0x32, 0x2f,
   193  	0x64, 0x65, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0d, 0x67, 0x6f, 0x6f, 0x67,
   194  	0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x1a, 0x16, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
   195  	0x65, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74,
   196  	0x6f, 0x22, 0x8c, 0x02, 0x0a, 0x08, 0x44, 0x65, 0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x2b,
   197  	0x0a, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70,
   198  	0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x64, 0x65, 0x6e, 0x69, 0x65,
   199  	0x64, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x31, 0x0a, 0x14, 0x65,
   200  	0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70,
   201  	0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x65, 0x78, 0x63, 0x65, 0x70,
   202  	0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x2d,
   203  	0x0a, 0x12, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73,
   204  	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x64, 0x65, 0x6e, 0x69,
   205  	0x65, 0x64, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a,
   206  	0x15, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69,
   207  	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x65, 0x78,
   208  	0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f,
   209  	0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x10, 0x64, 0x65, 0x6e, 0x69, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e,
   210  	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x67,
   211  	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52,
   212  	0x0f, 0x64, 0x65, 0x6e, 0x69, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
   213  	0x42, 0x7b, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69,
   214  	0x61, 0x6d, 0x2e, 0x76, 0x32, 0x42, 0x0d, 0x44, 0x65, 0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x50,
   215  	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f,
   216  	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x69, 0x61, 0x6d, 0x2f,
   217  	0x61, 0x70, 0x69, 0x76, 0x32, 0x2f, 0x69, 0x61, 0x6d, 0x70, 0x62, 0x3b, 0x69, 0x61, 0x6d, 0x70,
   218  	0x62, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64,
   219  	0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x32, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
   220  	0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x32, 0x62, 0x06, 0x70,
   221  	0x72, 0x6f, 0x74, 0x6f, 0x33,
   222  }
   223  
   224  var (
   225  	file_google_iam_v2_deny_proto_rawDescOnce sync.Once
   226  	file_google_iam_v2_deny_proto_rawDescData = file_google_iam_v2_deny_proto_rawDesc
   227  )
   228  
   229  func file_google_iam_v2_deny_proto_rawDescGZIP() []byte {
   230  	file_google_iam_v2_deny_proto_rawDescOnce.Do(func() {
   231  		file_google_iam_v2_deny_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_iam_v2_deny_proto_rawDescData)
   232  	})
   233  	return file_google_iam_v2_deny_proto_rawDescData
   234  }
   235  
   236  var file_google_iam_v2_deny_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
   237  var file_google_iam_v2_deny_proto_goTypes = []interface{}{
   238  	(*DenyRule)(nil),  // 0: google.iam.v2.DenyRule
   239  	(*expr.Expr)(nil), // 1: google.type.Expr
   240  }
   241  var file_google_iam_v2_deny_proto_depIdxs = []int32{
   242  	1, // 0: google.iam.v2.DenyRule.denial_condition:type_name -> google.type.Expr
   243  	1, // [1:1] is the sub-list for method output_type
   244  	1, // [1:1] is the sub-list for method input_type
   245  	1, // [1:1] is the sub-list for extension type_name
   246  	1, // [1:1] is the sub-list for extension extendee
   247  	0, // [0:1] is the sub-list for field type_name
   248  }
   249  
   250  func init() { file_google_iam_v2_deny_proto_init() }
   251  func file_google_iam_v2_deny_proto_init() {
   252  	if File_google_iam_v2_deny_proto != nil {
   253  		return
   254  	}
   255  	if !protoimpl.UnsafeEnabled {
   256  		file_google_iam_v2_deny_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
   257  			switch v := v.(*DenyRule); i {
   258  			case 0:
   259  				return &v.state
   260  			case 1:
   261  				return &v.sizeCache
   262  			case 2:
   263  				return &v.unknownFields
   264  			default:
   265  				return nil
   266  			}
   267  		}
   268  	}
   269  	type x struct{}
   270  	out := protoimpl.TypeBuilder{
   271  		File: protoimpl.DescBuilder{
   272  			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
   273  			RawDescriptor: file_google_iam_v2_deny_proto_rawDesc,
   274  			NumEnums:      0,
   275  			NumMessages:   1,
   276  			NumExtensions: 0,
   277  			NumServices:   0,
   278  		},
   279  		GoTypes:           file_google_iam_v2_deny_proto_goTypes,
   280  		DependencyIndexes: file_google_iam_v2_deny_proto_depIdxs,
   281  		MessageInfos:      file_google_iam_v2_deny_proto_msgTypes,
   282  	}.Build()
   283  	File_google_iam_v2_deny_proto = out.File
   284  	file_google_iam_v2_deny_proto_rawDesc = nil
   285  	file_google_iam_v2_deny_proto_goTypes = nil
   286  	file_google_iam_v2_deny_proto_depIdxs = nil
   287  }
   288
View as plain text