deny.pb.go

Documentation: google.golang.org/genproto/googleapis/iam/v2beta

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by protoc-gen-go. DO NOT EDIT.
    16  // versions:
    17  // 	protoc-gen-go v1.26.0
    18  // 	protoc        v3.12.2
    19  // source: google/iam/v2beta/deny.proto
    20  
    21  package iam
    22  
    23  import (
    24  	reflect "reflect"
    25  	sync "sync"
    26  
    27  	expr "google.golang.org/genproto/googleapis/type/expr"
    28  	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
    29  	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
    30  )
    31  
    32  const (
    33  	// Verify that this generated code is sufficiently up-to-date.
    34  	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
    35  	// Verify that runtime/protoimpl is sufficiently up-to-date.
    36  	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
    37  )
    38  
    39  // A deny rule in an IAM deny policy.
    40  type DenyRule struct {
    41  	state         protoimpl.MessageState
    42  	sizeCache     protoimpl.SizeCache
    43  	unknownFields protoimpl.UnknownFields
    44  
    45  	// The identities that are prevented from using one or more permissions on
    46  	// Google Cloud resources. This field can contain the following values:
    47  	//
    48  	//   - `principalSet://goog/public:all`: A special identifier that represents
    49  	//     any principal that is on the internet, even if they do not have a Google
    50  	//     Account or are not logged in.
    51  	//
    52  	//   - `principal://goog/subject/{email_id}`: A specific Google Account.
    53  	//     Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
    54  	//     example, `principal://goog/subject/alice@example.com`.
    55  	//
    56  	//   - `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
    57  	//     Google Account that was deleted recently. For example,
    58  	//     `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
    59  	//     the Google Account is recovered, this identifier reverts to the standard
    60  	//     identifier for a Google Account.
    61  	//
    62  	//   - `principalSet://goog/group/{group_id}`: A Google group. For example,
    63  	//     `principalSet://goog/group/admins@example.com`.
    64  	//
    65  	//   - `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
    66  	//     that was deleted recently. For example,
    67  	//     `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
    68  	//     the Google group is restored, this identifier reverts to the standard
    69  	//     identifier for a Google group.
    70  	//
    71  	//   - `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
    72  	//     A Google Cloud service account. For example,
    73  	//     `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
    74  	//
    75  	//   - `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
    76  	//     A Google Cloud service account that was deleted recently. For example,
    77  	//     `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
    78  	//     If the service account is undeleted, this identifier reverts to the
    79  	//     standard identifier for a service account.
    80  	//
    81  	//   - `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
    82  	//     principals associated with the specified Google Workspace or Cloud
    83  	//     Identity customer ID. For example,
    84  	//     `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
    85  	DeniedPrincipals []string `protobuf:"bytes,1,rep,name=denied_principals,json=deniedPrincipals,proto3" json:"denied_principals,omitempty"`
    86  	// The identities that are excluded from the deny rule, even if they are
    87  	// listed in the `denied_principals`. For example, you could add a Google
    88  	// group to the `denied_principals`, then exclude specific users who belong to
    89  	// that group.
    90  	//
    91  	// This field can contain the same values as the `denied_principals` field,
    92  	// excluding `principalSet://goog/public:all`, which represents all users on
    93  	// the internet.
    94  	ExceptionPrincipals []string `protobuf:"bytes,2,rep,name=exception_principals,json=exceptionPrincipals,proto3" json:"exception_principals,omitempty"`
    95  	// The permissions that are explicitly denied by this rule. Each permission
    96  	// uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
    97  	// is the fully qualified domain name for the service. For example,
    98  	// `iam.googleapis.com/roles.list`.
    99  	DeniedPermissions []string `protobuf:"bytes,3,rep,name=denied_permissions,json=deniedPermissions,proto3" json:"denied_permissions,omitempty"`
   100  	// Specifies the permissions that this rule excludes from the set of denied
   101  	// permissions given by `denied_permissions`. If a permission appears in
   102  	// `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
   103  	// denied.
   104  	//
   105  	// The excluded permissions can be specified using the same syntax as
   106  	// `denied_permissions`.
   107  	ExceptionPermissions []string `protobuf:"bytes,4,rep,name=exception_permissions,json=exceptionPermissions,proto3" json:"exception_permissions,omitempty"`
   108  	// The condition that determines whether this deny rule applies to a request.
   109  	// If the condition expression evaluates to `true`, then the deny rule is
   110  	// applied; otherwise, the deny rule is not applied.
   111  	//
   112  	// Each deny rule is evaluated independently. If this deny rule does not apply
   113  	// to a request, other deny rules might still apply.
   114  	//
   115  	// The condition can use CEL functions that evaluate
   116  	// [resource
   117  	// tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
   118  	// functions and operators are not supported.
   119  	DenialCondition *expr.Expr `protobuf:"bytes,5,opt,name=denial_condition,json=denialCondition,proto3" json:"denial_condition,omitempty"`
   120  }
   121  
   122  func (x *DenyRule) Reset() {
   123  	*x = DenyRule{}
   124  	if protoimpl.UnsafeEnabled {
   125  		mi := &file_google_iam_v2beta_deny_proto_msgTypes[0]
   126  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   127  		ms.StoreMessageInfo(mi)
   128  	}
   129  }
   130  
   131  func (x *DenyRule) String() string {
   132  	return protoimpl.X.MessageStringOf(x)
   133  }
   134  
   135  func (*DenyRule) ProtoMessage() {}
   136  
   137  func (x *DenyRule) ProtoReflect() protoreflect.Message {
   138  	mi := &file_google_iam_v2beta_deny_proto_msgTypes[0]
   139  	if protoimpl.UnsafeEnabled && x != nil {
   140  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   141  		if ms.LoadMessageInfo() == nil {
   142  			ms.StoreMessageInfo(mi)
   143  		}
   144  		return ms
   145  	}
   146  	return mi.MessageOf(x)
   147  }
   148  
   149  // Deprecated: Use DenyRule.ProtoReflect.Descriptor instead.
   150  func (*DenyRule) Descriptor() ([]byte, []int) {
   151  	return file_google_iam_v2beta_deny_proto_rawDescGZIP(), []int{0}
   152  }
   153  
   154  func (x *DenyRule) GetDeniedPrincipals() []string {
   155  	if x != nil {
   156  		return x.DeniedPrincipals
   157  	}
   158  	return nil
   159  }
   160  
   161  func (x *DenyRule) GetExceptionPrincipals() []string {
   162  	if x != nil {
   163  		return x.ExceptionPrincipals
   164  	}
   165  	return nil
   166  }
   167  
   168  func (x *DenyRule) GetDeniedPermissions() []string {
   169  	if x != nil {
   170  		return x.DeniedPermissions
   171  	}
   172  	return nil
   173  }
   174  
   175  func (x *DenyRule) GetExceptionPermissions() []string {
   176  	if x != nil {
   177  		return x.ExceptionPermissions
   178  	}
   179  	return nil
   180  }
   181  
   182  func (x *DenyRule) GetDenialCondition() *expr.Expr {
   183  	if x != nil {
   184  		return x.DenialCondition
   185  	}
   186  	return nil
   187  }
   188  
   189  var File_google_iam_v2beta_deny_proto protoreflect.FileDescriptor
   190  
   191  var file_google_iam_v2beta_deny_proto_rawDesc = []byte{
   192  	0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76, 0x32, 0x62,
   193  	0x65, 0x74, 0x61, 0x2f, 0x64, 0x65, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11,
   194  	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74,
   195  	0x61, 0x1a, 0x16, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x65,
   196  	0x78, 0x70, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, 0x02, 0x0a, 0x08, 0x44, 0x65,
   197  	0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64,
   198  	0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
   199  	0x09, 0x52, 0x10, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70,
   200  	0x61, 0x6c, 0x73, 0x12, 0x31, 0x0a, 0x14, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e,
   201  	0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
   202  	0x09, 0x52, 0x13, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x69, 0x6e,
   203  	0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x2d, 0x0a, 0x12, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64,
   204  	0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03,
   205  	0x28, 0x09, 0x52, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
   206  	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x15, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69,
   207  	0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04,
   208  	0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50,
   209  	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x10, 0x64, 0x65,
   210  	0x6e, 0x69, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05,
   211  	0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x74, 0x79,
   212  	0x70, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x0f, 0x64, 0x65, 0x6e, 0x69, 0x61, 0x6c, 0x43,
   213  	0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x92, 0x01, 0x0a, 0x15, 0x63, 0x6f, 0x6d,
   214  	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x62, 0x65,
   215  	0x74, 0x61, 0x42, 0x0d, 0x44, 0x65, 0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74,
   216  	0x6f, 0x50, 0x01, 0x5a, 0x34, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61,
   217  	0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
   218  	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76,
   219  	0x32, 0x62, 0x65, 0x74, 0x61, 0x3b, 0x69, 0x61, 0x6d, 0xaa, 0x02, 0x17, 0x47, 0x6f, 0x6f, 0x67,
   220  	0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x32, 0x42,
   221  	0x65, 0x74, 0x61, 0xca, 0x02, 0x17, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f,
   222  	0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x62, 0x06, 0x70,
   223  	0x72, 0x6f, 0x74, 0x6f, 0x33,
   224  }
   225  
   226  var (
   227  	file_google_iam_v2beta_deny_proto_rawDescOnce sync.Once
   228  	file_google_iam_v2beta_deny_proto_rawDescData = file_google_iam_v2beta_deny_proto_rawDesc
   229  )
   230  
   231  func file_google_iam_v2beta_deny_proto_rawDescGZIP() []byte {
   232  	file_google_iam_v2beta_deny_proto_rawDescOnce.Do(func() {
   233  		file_google_iam_v2beta_deny_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_iam_v2beta_deny_proto_rawDescData)
   234  	})
   235  	return file_google_iam_v2beta_deny_proto_rawDescData
   236  }
   237  
   238  var file_google_iam_v2beta_deny_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
   239  var file_google_iam_v2beta_deny_proto_goTypes = []interface{}{
   240  	(*DenyRule)(nil),  // 0: google.iam.v2beta.DenyRule
   241  	(*expr.Expr)(nil), // 1: google.type.Expr
   242  }
   243  var file_google_iam_v2beta_deny_proto_depIdxs = []int32{
   244  	1, // 0: google.iam.v2beta.DenyRule.denial_condition:type_name -> google.type.Expr
   245  	1, // [1:1] is the sub-list for method output_type
   246  	1, // [1:1] is the sub-list for method input_type
   247  	1, // [1:1] is the sub-list for extension type_name
   248  	1, // [1:1] is the sub-list for extension extendee
   249  	0, // [0:1] is the sub-list for field type_name
   250  }
   251  
   252  func init() { file_google_iam_v2beta_deny_proto_init() }
   253  func file_google_iam_v2beta_deny_proto_init() {
   254  	if File_google_iam_v2beta_deny_proto != nil {
   255  		return
   256  	}
   257  	if !protoimpl.UnsafeEnabled {
   258  		file_google_iam_v2beta_deny_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
   259  			switch v := v.(*DenyRule); i {
   260  			case 0:
   261  				return &v.state
   262  			case 1:
   263  				return &v.sizeCache
   264  			case 2:
   265  				return &v.unknownFields
   266  			default:
   267  				return nil
   268  			}
   269  		}
   270  	}
   271  	type x struct{}
   272  	out := protoimpl.TypeBuilder{
   273  		File: protoimpl.DescBuilder{
   274  			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
   275  			RawDescriptor: file_google_iam_v2beta_deny_proto_rawDesc,
   276  			NumEnums:      0,
   277  			NumMessages:   1,
   278  			NumExtensions: 0,
   279  			NumServices:   0,
   280  		},
   281  		GoTypes:           file_google_iam_v2beta_deny_proto_goTypes,
   282  		DependencyIndexes: file_google_iam_v2beta_deny_proto_depIdxs,
   283  		MessageInfos:      file_google_iam_v2beta_deny_proto_msgTypes,
   284  	}.Build()
   285  	File_google_iam_v2beta_deny_proto = out.File
   286  	file_google_iam_v2beta_deny_proto_rawDesc = nil
   287  	file_google_iam_v2beta_deny_proto_goTypes = nil
   288  	file_google_iam_v2beta_deny_proto_depIdxs = nil
   289  }
   290
View as plain text