Constants
AccessContextManager_ListAccessPolicies_FullMethodName, AccessContextManager_GetAccessPolicy_FullMethodName, AccessContextManager_CreateAccessPolicy_FullMethodName, AccessContextManager_UpdateAccessPolicy_FullMethodName, AccessContextManager_DeleteAccessPolicy_FullMethodName, AccessContextManager_ListAccessLevels_FullMethodName, AccessContextManager_GetAccessLevel_FullMethodName, AccessContextManager_CreateAccessLevel_FullMethodName, AccessContextManager_UpdateAccessLevel_FullMethodName, AccessContextManager_DeleteAccessLevel_FullMethodName, AccessContextManager_ReplaceAccessLevels_FullMethodName, AccessContextManager_ListServicePerimeters_FullMethodName, AccessContextManager_GetServicePerimeter_FullMethodName, AccessContextManager_CreateServicePerimeter_FullMethodName, AccessContextManager_UpdateServicePerimeter_FullMethodName, AccessContextManager_DeleteServicePerimeter_FullMethodName, AccessContextManager_ReplaceServicePerimeters_FullMethodName, AccessContextManager_CommitServicePerimeters_FullMethodName, AccessContextManager_ListGcpUserAccessBindings_FullMethodName, AccessContextManager_GetGcpUserAccessBinding_FullMethodName, AccessContextManager_CreateGcpUserAccessBinding_FullMethodName, AccessContextManager_UpdateGcpUserAccessBinding_FullMethodName, AccessContextManager_DeleteGcpUserAccessBinding_FullMethodName, AccessContextManager_SetIamPolicy_FullMethodName, AccessContextManager_GetIamPolicy_FullMethodName, AccessContextManager_TestIamPermissions_FullMethodName
const (
AccessContextManager_ListAccessPolicies_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/ListAccessPolicies"
AccessContextManager_GetAccessPolicy_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/GetAccessPolicy"
AccessContextManager_CreateAccessPolicy_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/CreateAccessPolicy"
AccessContextManager_UpdateAccessPolicy_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/UpdateAccessPolicy"
AccessContextManager_DeleteAccessPolicy_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/DeleteAccessPolicy"
AccessContextManager_ListAccessLevels_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/ListAccessLevels"
AccessContextManager_GetAccessLevel_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/GetAccessLevel"
AccessContextManager_CreateAccessLevel_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/CreateAccessLevel"
AccessContextManager_UpdateAccessLevel_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/UpdateAccessLevel"
AccessContextManager_DeleteAccessLevel_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/DeleteAccessLevel"
AccessContextManager_ReplaceAccessLevels_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/ReplaceAccessLevels"
AccessContextManager_ListServicePerimeters_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/ListServicePerimeters"
AccessContextManager_GetServicePerimeter_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/GetServicePerimeter"
AccessContextManager_CreateServicePerimeter_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/CreateServicePerimeter"
AccessContextManager_UpdateServicePerimeter_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/UpdateServicePerimeter"
AccessContextManager_DeleteServicePerimeter_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/DeleteServicePerimeter"
AccessContextManager_ReplaceServicePerimeters_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/ReplaceServicePerimeters"
AccessContextManager_CommitServicePerimeters_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/CommitServicePerimeters"
AccessContextManager_ListGcpUserAccessBindings_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/ListGcpUserAccessBindings"
AccessContextManager_GetGcpUserAccessBinding_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/GetGcpUserAccessBinding"
AccessContextManager_CreateGcpUserAccessBinding_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/CreateGcpUserAccessBinding"
AccessContextManager_UpdateGcpUserAccessBinding_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/UpdateGcpUserAccessBinding"
AccessContextManager_DeleteGcpUserAccessBinding_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/DeleteGcpUserAccessBinding"
AccessContextManager_SetIamPolicy_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/SetIamPolicy"
AccessContextManager_GetIamPolicy_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/GetIamPolicy"
AccessContextManager_TestIamPermissions_FullMethodName = "/google.identity.accesscontextmanager.v1.AccessContextManager/TestIamPermissions"
)Variables
LevelFormat_name, LevelFormat_value
var (
LevelFormat_name = map[int32]string{
0: "LEVEL_FORMAT_UNSPECIFIED",
1: "AS_DEFINED",
2: "CEL",
}
LevelFormat_value = map[string]int32{
"LEVEL_FORMAT_UNSPECIFIED": 0,
"AS_DEFINED": 1,
"CEL": 2,
}
)Enum value maps for LevelFormat.
BasicLevel_ConditionCombiningFunction_name, BasicLevel_ConditionCombiningFunction_value
var (
BasicLevel_ConditionCombiningFunction_name = map[int32]string{
0: "AND",
1: "OR",
}
BasicLevel_ConditionCombiningFunction_value = map[string]int32{
"AND": 0,
"OR": 1,
}
)Enum value maps for BasicLevel_ConditionCombiningFunction.
ServicePerimeter_PerimeterType_name, ServicePerimeter_PerimeterType_value
var (
ServicePerimeter_PerimeterType_name = map[int32]string{
0: "PERIMETER_TYPE_REGULAR",
1: "PERIMETER_TYPE_BRIDGE",
}
ServicePerimeter_PerimeterType_value = map[string]int32{
"PERIMETER_TYPE_REGULAR": 0,
"PERIMETER_TYPE_BRIDGE": 1,
}
)Enum value maps for ServicePerimeter_PerimeterType.
ServicePerimeterConfig_IdentityType_name, ServicePerimeterConfig_IdentityType_value
var (
ServicePerimeterConfig_IdentityType_name = map[int32]string{
0: "IDENTITY_TYPE_UNSPECIFIED",
1: "ANY_IDENTITY",
2: "ANY_USER_ACCOUNT",
3: "ANY_SERVICE_ACCOUNT",
}
ServicePerimeterConfig_IdentityType_value = map[string]int32{
"IDENTITY_TYPE_UNSPECIFIED": 0,
"ANY_IDENTITY": 1,
"ANY_USER_ACCOUNT": 2,
"ANY_SERVICE_ACCOUNT": 3,
}
)Enum value maps for ServicePerimeterConfig_IdentityType.
AccessContextManager_ServiceDesc
var AccessContextManager_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.identity.accesscontextmanager.v1.AccessContextManager",
HandlerType: (*AccessContextManagerServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ListAccessPolicies",
Handler: _AccessContextManager_ListAccessPolicies_Handler,
},
{
MethodName: "GetAccessPolicy",
Handler: _AccessContextManager_GetAccessPolicy_Handler,
},
{
MethodName: "CreateAccessPolicy",
Handler: _AccessContextManager_CreateAccessPolicy_Handler,
},
{
MethodName: "UpdateAccessPolicy",
Handler: _AccessContextManager_UpdateAccessPolicy_Handler,
},
{
MethodName: "DeleteAccessPolicy",
Handler: _AccessContextManager_DeleteAccessPolicy_Handler,
},
{
MethodName: "ListAccessLevels",
Handler: _AccessContextManager_ListAccessLevels_Handler,
},
{
MethodName: "GetAccessLevel",
Handler: _AccessContextManager_GetAccessLevel_Handler,
},
{
MethodName: "CreateAccessLevel",
Handler: _AccessContextManager_CreateAccessLevel_Handler,
},
{
MethodName: "UpdateAccessLevel",
Handler: _AccessContextManager_UpdateAccessLevel_Handler,
},
{
MethodName: "DeleteAccessLevel",
Handler: _AccessContextManager_DeleteAccessLevel_Handler,
},
{
MethodName: "ReplaceAccessLevels",
Handler: _AccessContextManager_ReplaceAccessLevels_Handler,
},
{
MethodName: "ListServicePerimeters",
Handler: _AccessContextManager_ListServicePerimeters_Handler,
},
{
MethodName: "GetServicePerimeter",
Handler: _AccessContextManager_GetServicePerimeter_Handler,
},
{
MethodName: "CreateServicePerimeter",
Handler: _AccessContextManager_CreateServicePerimeter_Handler,
},
{
MethodName: "UpdateServicePerimeter",
Handler: _AccessContextManager_UpdateServicePerimeter_Handler,
},
{
MethodName: "DeleteServicePerimeter",
Handler: _AccessContextManager_DeleteServicePerimeter_Handler,
},
{
MethodName: "ReplaceServicePerimeters",
Handler: _AccessContextManager_ReplaceServicePerimeters_Handler,
},
{
MethodName: "CommitServicePerimeters",
Handler: _AccessContextManager_CommitServicePerimeters_Handler,
},
{
MethodName: "ListGcpUserAccessBindings",
Handler: _AccessContextManager_ListGcpUserAccessBindings_Handler,
},
{
MethodName: "GetGcpUserAccessBinding",
Handler: _AccessContextManager_GetGcpUserAccessBinding_Handler,
},
{
MethodName: "CreateGcpUserAccessBinding",
Handler: _AccessContextManager_CreateGcpUserAccessBinding_Handler,
},
{
MethodName: "UpdateGcpUserAccessBinding",
Handler: _AccessContextManager_UpdateGcpUserAccessBinding_Handler,
},
{
MethodName: "DeleteGcpUserAccessBinding",
Handler: _AccessContextManager_DeleteGcpUserAccessBinding_Handler,
},
{
MethodName: "SetIamPolicy",
Handler: _AccessContextManager_SetIamPolicy_Handler,
},
{
MethodName: "GetIamPolicy",
Handler: _AccessContextManager_GetIamPolicy_Handler,
},
{
MethodName: "TestIamPermissions",
Handler: _AccessContextManager_TestIamPermissions_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/identity/accesscontextmanager/v1/access_context_manager.proto",
}AccessContextManager_ServiceDesc is the grpc.ServiceDesc for AccessContextManager service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
File_google_identity_accesscontextmanager_v1_access_context_manager_proto
var File_google_identity_accesscontextmanager_v1_access_context_manager_proto protoreflect.FileDescriptorFile_google_identity_accesscontextmanager_v1_access_level_proto
var File_google_identity_accesscontextmanager_v1_access_level_proto protoreflect.FileDescriptorFile_google_identity_accesscontextmanager_v1_access_policy_proto
var File_google_identity_accesscontextmanager_v1_access_policy_proto protoreflect.FileDescriptorFile_google_identity_accesscontextmanager_v1_gcp_user_access_binding_proto
var File_google_identity_accesscontextmanager_v1_gcp_user_access_binding_proto protoreflect.FileDescriptorFile_google_identity_accesscontextmanager_v1_service_perimeter_proto
var File_google_identity_accesscontextmanager_v1_service_perimeter_proto protoreflect.FileDescriptorFunctions
func RegisterAccessContextManagerServer
func RegisterAccessContextManagerServer(s grpc.ServiceRegistrar, srv AccessContextManagerServer)AccessContextManagerClient
type AccessContextManagerClient interface {
// Lists all [access policies]
// [google.identity.accesscontextmanager.v1.AccessPolicy] in an
// organization.
ListAccessPolicies(ctx context.Context, in *ListAccessPoliciesRequest, opts ...grpc.CallOption) (*ListAccessPoliciesResponse, error)
// Returns an [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
GetAccessPolicy(ctx context.Context, in *GetAccessPolicyRequest, opts ...grpc.CallOption) (*AccessPolicy, error)
// Creates an access policy. This method fails if the organization already has
// an access policy. The long-running operation has a successful status
// after the access policy propagates to long-lasting storage.
// Syntactic and basic semantic errors are returned in `metadata` as a
// BadRequest proto.
CreateAccessPolicy(ctx context.Context, in *AccessPolicy, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Updates an [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy]. The
// long-running operation from this RPC has a successful status after the
// changes to the [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
// to long-lasting storage.
UpdateAccessPolicy(ctx context.Context, in *UpdateAccessPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes an [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
// resource name. The long-running operation has a successful status after the
// [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
// is removed from long-lasting storage.
DeleteAccessPolicy(ctx context.Context, in *DeleteAccessPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists all [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] for an access
// policy.
ListAccessLevels(ctx context.Context, in *ListAccessLevelsRequest, opts ...grpc.CallOption) (*ListAccessLevelsResponse, error)
// Gets an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
// name.
GetAccessLevel(ctx context.Context, in *GetAccessLevelRequest, opts ...grpc.CallOption) (*AccessLevel, error)
// Creates an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
// operation from this RPC has a successful status after the [access
// level] [google.identity.accesscontextmanager.v1.AccessLevel]
// propagates to long-lasting storage. If [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] contain
// errors, an error response is returned for the first error encountered.
CreateAccessLevel(ctx context.Context, in *CreateAccessLevelRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Updates an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
// operation from this RPC has a successful status after the changes to
// the [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] propagate
// to long-lasting storage. If [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] contain
// errors, an error response is returned for the first error encountered.
UpdateAccessLevel(ctx context.Context, in *UpdateAccessLevelRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
// name. The long-running operation from this RPC has a successful status
// after the [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
// from long-lasting storage.
DeleteAccessLevel(ctx context.Context, in *DeleteAccessLevelRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Replaces all existing [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
// policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
// the [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
// is done atomically. The long-running operation from this RPC has a
// successful status after all replacements propagate to long-lasting
// storage. If the replacement contains errors, an error response is returned
// for the first error encountered. Upon error, the replacement is cancelled,
// and existing [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] are not
// affected. The Operation.response field contains
// ReplaceAccessLevelsResponse. Removing [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
// [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
// error.
ReplaceAccessLevels(ctx context.Context, in *ReplaceAccessLevelsRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists all [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
// access policy.
ListServicePerimeters(ctx context.Context, in *ListServicePerimetersRequest, opts ...grpc.CallOption) (*ListServicePerimetersResponse, error)
// Gets a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
// resource name.
GetServicePerimeter(ctx context.Context, in *GetServicePerimeterRequest, opts ...grpc.CallOption) (*ServicePerimeter, error)
// Creates a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
// long-running operation from this RPC has a successful status after the
// [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]
// propagates to long-lasting storage. If a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
// errors, an error response is returned for the first error encountered.
CreateServicePerimeter(ctx context.Context, in *CreateServicePerimeterRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Updates a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
// long-running operation from this RPC has a successful status after the
// [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]
// propagates to long-lasting storage. If a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
// errors, an error response is returned for the first error encountered.
UpdateServicePerimeter(ctx context.Context, in *UpdateServicePerimeterRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
// resource name. The long-running operation from this RPC has a successful
// status after the [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
// long-lasting storage.
DeleteServicePerimeter(ctx context.Context, in *DeleteServicePerimeterRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Replace all existing [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
// policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
// [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
// is done atomically. The long-running operation from this RPC has a
// successful status after all replacements propagate to long-lasting storage.
// Replacements containing errors result in an error response for the first
// error encountered. Upon an error, replacement are cancelled and existing
// [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
// affected. The Operation.response field contains
// ReplaceServicePerimetersResponse.
ReplaceServicePerimeters(ctx context.Context, in *ReplaceServicePerimetersRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Commits the dry-run specification for all the [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
// [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
// A commit operation on a service perimeter involves copying its `spec` field
// to the `status` field of the service perimeter. Only [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] with
// `use_explicit_dry_run_spec` field set to true are affected by a commit
// operation. The long-running operation from this RPC has a successful
// status after the dry-run specifications for all the [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
// committed. If a commit fails, it causes the long-running operation to
// return an error response and the entire commit operation is cancelled.
// When successful, the Operation.response field contains
// CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
// cleared after a successful commit operation.
CommitServicePerimeters(ctx context.Context, in *CommitServicePerimetersRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists all [GcpUserAccessBindings]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
// Google Cloud organization.
ListGcpUserAccessBindings(ctx context.Context, in *ListGcpUserAccessBindingsRequest, opts ...grpc.CallOption) (*ListGcpUserAccessBindingsResponse, error)
// Gets the [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with
// the given name.
GetGcpUserAccessBinding(ctx context.Context, in *GetGcpUserAccessBindingRequest, opts ...grpc.CallOption) (*GcpUserAccessBinding, error)
// Creates a [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
// client specifies a [name]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
// the server ignores it. Fails if a resource already exists with the same
// [group_key]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
// Completion of this long-running operation does not necessarily signify that
// the new binding is deployed onto all affected users, which may take more
// time.
CreateGcpUserAccessBinding(ctx context.Context, in *CreateGcpUserAccessBindingRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Updates a [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
// Completion of this long-running operation does not necessarily signify that
// the changed binding is deployed onto all affected users, which may take
// more time.
UpdateGcpUserAccessBinding(ctx context.Context, in *UpdateGcpUserAccessBindingRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes a [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
// Completion of this long-running operation does not necessarily signify that
// the binding deletion is deployed onto all affected users, which may take
// more time.
DeleteGcpUserAccessBinding(ctx context.Context, in *DeleteGcpUserAccessBindingRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Sets the IAM policy for the specified Access Context Manager
// [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
// This method replaces the existing IAM policy on the access policy. The IAM
// policy controls the set of users who can perform specific operations on the
// Access Context Manager [access
// policy][google.identity.accesscontextmanager.v1.AccessPolicy].
SetIamPolicy(ctx context.Context, in *iampb.SetIamPolicyRequest, opts ...grpc.CallOption) (*iampb.Policy, error)
// Gets the IAM policy for the specified Access Context Manager
// [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
GetIamPolicy(ctx context.Context, in *iampb.GetIamPolicyRequest, opts ...grpc.CallOption) (*iampb.Policy, error)
// Returns the IAM permissions that the caller has on the specified Access
// Context Manager resource. The resource can be an
// [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
// [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
// [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
// ]. This method does not support other resources.
TestIamPermissions(ctx context.Context, in *iampb.TestIamPermissionsRequest, opts ...grpc.CallOption) (*iampb.TestIamPermissionsResponse, error)
}AccessContextManagerClient is the client API for AccessContextManager service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewAccessContextManagerClient
func NewAccessContextManagerClient(cc grpc.ClientConnInterface) AccessContextManagerClientAccessContextManagerOperationMetadata
type AccessContextManagerOperationMetadata struct {
// contains filtered or unexported fields
}Metadata of Access Context Manager's Long Running Operations.
func (*AccessContextManagerOperationMetadata) Descriptor
func (*AccessContextManagerOperationMetadata) Descriptor() ([]byte, []int)Deprecated: Use AccessContextManagerOperationMetadata.ProtoReflect.Descriptor instead.
func (*AccessContextManagerOperationMetadata) ProtoMessage
func (*AccessContextManagerOperationMetadata) ProtoMessage()func (*AccessContextManagerOperationMetadata) ProtoReflect
func (x *AccessContextManagerOperationMetadata) ProtoReflect() protoreflect.Messagefunc (*AccessContextManagerOperationMetadata) Reset
func (x *AccessContextManagerOperationMetadata) Reset()func (*AccessContextManagerOperationMetadata) String
func (x *AccessContextManagerOperationMetadata) String() stringAccessContextManagerServer
type AccessContextManagerServer interface {
// Lists all [access policies]
// [google.identity.accesscontextmanager.v1.AccessPolicy] in an
// organization.
ListAccessPolicies(context.Context, *ListAccessPoliciesRequest) (*ListAccessPoliciesResponse, error)
// Returns an [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
GetAccessPolicy(context.Context, *GetAccessPolicyRequest) (*AccessPolicy, error)
// Creates an access policy. This method fails if the organization already has
// an access policy. The long-running operation has a successful status
// after the access policy propagates to long-lasting storage.
// Syntactic and basic semantic errors are returned in `metadata` as a
// BadRequest proto.
CreateAccessPolicy(context.Context, *AccessPolicy) (*longrunningpb.Operation, error)
// Updates an [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy]. The
// long-running operation from this RPC has a successful status after the
// changes to the [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
// to long-lasting storage.
UpdateAccessPolicy(context.Context, *UpdateAccessPolicyRequest) (*longrunningpb.Operation, error)
// Deletes an [access policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
// resource name. The long-running operation has a successful status after the
// [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
// is removed from long-lasting storage.
DeleteAccessPolicy(context.Context, *DeleteAccessPolicyRequest) (*longrunningpb.Operation, error)
// Lists all [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] for an access
// policy.
ListAccessLevels(context.Context, *ListAccessLevelsRequest) (*ListAccessLevelsResponse, error)
// Gets an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
// name.
GetAccessLevel(context.Context, *GetAccessLevelRequest) (*AccessLevel, error)
// Creates an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
// operation from this RPC has a successful status after the [access
// level] [google.identity.accesscontextmanager.v1.AccessLevel]
// propagates to long-lasting storage. If [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] contain
// errors, an error response is returned for the first error encountered.
CreateAccessLevel(context.Context, *CreateAccessLevelRequest) (*longrunningpb.Operation, error)
// Updates an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
// operation from this RPC has a successful status after the changes to
// the [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] propagate
// to long-lasting storage. If [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] contain
// errors, an error response is returned for the first error encountered.
UpdateAccessLevel(context.Context, *UpdateAccessLevelRequest) (*longrunningpb.Operation, error)
// Deletes an [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
// name. The long-running operation from this RPC has a successful status
// after the [access level]
// [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
// from long-lasting storage.
DeleteAccessLevel(context.Context, *DeleteAccessLevelRequest) (*longrunningpb.Operation, error)
// Replaces all existing [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
// policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
// the [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
// is done atomically. The long-running operation from this RPC has a
// successful status after all replacements propagate to long-lasting
// storage. If the replacement contains errors, an error response is returned
// for the first error encountered. Upon error, the replacement is cancelled,
// and existing [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] are not
// affected. The Operation.response field contains
// ReplaceAccessLevelsResponse. Removing [access levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
// [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
// error.
ReplaceAccessLevels(context.Context, *ReplaceAccessLevelsRequest) (*longrunningpb.Operation, error)
// Lists all [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
// access policy.
ListServicePerimeters(context.Context, *ListServicePerimetersRequest) (*ListServicePerimetersResponse, error)
// Gets a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
// resource name.
GetServicePerimeter(context.Context, *GetServicePerimeterRequest) (*ServicePerimeter, error)
// Creates a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
// long-running operation from this RPC has a successful status after the
// [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]
// propagates to long-lasting storage. If a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
// errors, an error response is returned for the first error encountered.
CreateServicePerimeter(context.Context, *CreateServicePerimeterRequest) (*longrunningpb.Operation, error)
// Updates a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
// long-running operation from this RPC has a successful status after the
// [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter]
// propagates to long-lasting storage. If a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
// errors, an error response is returned for the first error encountered.
UpdateServicePerimeter(context.Context, *UpdateServicePerimeterRequest) (*longrunningpb.Operation, error)
// Deletes a [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
// resource name. The long-running operation from this RPC has a successful
// status after the [service perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
// long-lasting storage.
DeleteServicePerimeter(context.Context, *DeleteServicePerimeterRequest) (*longrunningpb.Operation, error)
// Replace all existing [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
// policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
// [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
// is done atomically. The long-running operation from this RPC has a
// successful status after all replacements propagate to long-lasting storage.
// Replacements containing errors result in an error response for the first
// error encountered. Upon an error, replacement are cancelled and existing
// [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
// affected. The Operation.response field contains
// ReplaceServicePerimetersResponse.
ReplaceServicePerimeters(context.Context, *ReplaceServicePerimetersRequest) (*longrunningpb.Operation, error)
// Commits the dry-run specification for all the [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
// [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
// A commit operation on a service perimeter involves copying its `spec` field
// to the `status` field of the service perimeter. Only [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] with
// `use_explicit_dry_run_spec` field set to true are affected by a commit
// operation. The long-running operation from this RPC has a successful
// status after the dry-run specifications for all the [service perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
// committed. If a commit fails, it causes the long-running operation to
// return an error response and the entire commit operation is cancelled.
// When successful, the Operation.response field contains
// CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
// cleared after a successful commit operation.
CommitServicePerimeters(context.Context, *CommitServicePerimetersRequest) (*longrunningpb.Operation, error)
// Lists all [GcpUserAccessBindings]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
// Google Cloud organization.
ListGcpUserAccessBindings(context.Context, *ListGcpUserAccessBindingsRequest) (*ListGcpUserAccessBindingsResponse, error)
// Gets the [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with
// the given name.
GetGcpUserAccessBinding(context.Context, *GetGcpUserAccessBindingRequest) (*GcpUserAccessBinding, error)
// Creates a [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
// client specifies a [name]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
// the server ignores it. Fails if a resource already exists with the same
// [group_key]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
// Completion of this long-running operation does not necessarily signify that
// the new binding is deployed onto all affected users, which may take more
// time.
CreateGcpUserAccessBinding(context.Context, *CreateGcpUserAccessBindingRequest) (*longrunningpb.Operation, error)
// Updates a [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
// Completion of this long-running operation does not necessarily signify that
// the changed binding is deployed onto all affected users, which may take
// more time.
UpdateGcpUserAccessBinding(context.Context, *UpdateGcpUserAccessBindingRequest) (*longrunningpb.Operation, error)
// Deletes a [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
// Completion of this long-running operation does not necessarily signify that
// the binding deletion is deployed onto all affected users, which may take
// more time.
DeleteGcpUserAccessBinding(context.Context, *DeleteGcpUserAccessBindingRequest) (*longrunningpb.Operation, error)
// Sets the IAM policy for the specified Access Context Manager
// [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
// This method replaces the existing IAM policy on the access policy. The IAM
// policy controls the set of users who can perform specific operations on the
// Access Context Manager [access
// policy][google.identity.accesscontextmanager.v1.AccessPolicy].
SetIamPolicy(context.Context, *iampb.SetIamPolicyRequest) (*iampb.Policy, error)
// Gets the IAM policy for the specified Access Context Manager
// [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
GetIamPolicy(context.Context, *iampb.GetIamPolicyRequest) (*iampb.Policy, error)
// Returns the IAM permissions that the caller has on the specified Access
// Context Manager resource. The resource can be an
// [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
// [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
// [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
// ]. This method does not support other resources.
TestIamPermissions(context.Context, *iampb.TestIamPermissionsRequest) (*iampb.TestIamPermissionsResponse, error)
}AccessContextManagerServer is the server API for AccessContextManager service. All implementations should embed UnimplementedAccessContextManagerServer for forward compatibility
AccessLevel
type AccessLevel struct {
// Required. Resource name for the Access Level. The `short_name` component
// must begin with a letter and only include alphanumeric and '_'. Format:
// `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum
// length of the `access_level` component is 50 characters.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Human readable title. Must be unique within the Policy.
Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
// Description of the `AccessLevel` and its use. Does not affect behavior.
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// Required. Describes the necessary conditions for the level to apply.
//
// Types that are assignable to Level:
//
// *AccessLevel_Basic
// *AccessLevel_Custom
Level isAccessLevel_Level `protobuf_oneof:"level"`
// Output only. Time the `AccessLevel` was created in UTC.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. Time the `AccessLevel` was updated in UTC.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// contains filtered or unexported fields
}An AccessLevel is a label that can be applied to requests to Google Cloud
services, along with a list of requirements necessary for the label to be
applied.
func (*AccessLevel) Descriptor
func (*AccessLevel) Descriptor() ([]byte, []int)Deprecated: Use AccessLevel.ProtoReflect.Descriptor instead.
func (*AccessLevel) GetBasic
func (x *AccessLevel) GetBasic() *BasicLevelfunc (*AccessLevel) GetCreateTime
func (x *AccessLevel) GetCreateTime() *timestamppb.Timestampfunc (*AccessLevel) GetCustom
func (x *AccessLevel) GetCustom() *CustomLevelfunc (*AccessLevel) GetDescription
func (x *AccessLevel) GetDescription() stringfunc (*AccessLevel) GetLevel
func (m *AccessLevel) GetLevel() isAccessLevel_Levelfunc (*AccessLevel) GetName
func (x *AccessLevel) GetName() stringfunc (*AccessLevel) GetTitle
func (x *AccessLevel) GetTitle() stringfunc (*AccessLevel) GetUpdateTime
func (x *AccessLevel) GetUpdateTime() *timestamppb.Timestampfunc (*AccessLevel) ProtoMessage
func (*AccessLevel) ProtoMessage()func (*AccessLevel) ProtoReflect
func (x *AccessLevel) ProtoReflect() protoreflect.Messagefunc (*AccessLevel) Reset
func (x *AccessLevel) Reset()func (*AccessLevel) String
func (x *AccessLevel) String() stringAccessLevel_Basic
type AccessLevel_Basic struct {
// A `BasicLevel` composed of `Conditions`.
Basic *BasicLevel `protobuf:"bytes,4,opt,name=basic,proto3,oneof"`
}AccessLevel_Custom
type AccessLevel_Custom struct {
// A `CustomLevel` written in the Common Expression Language.
Custom *CustomLevel `protobuf:"bytes,5,opt,name=custom,proto3,oneof"`
}AccessPolicy
type AccessPolicy struct {
// Output only. Resource name of the `AccessPolicy`. Format:
// `accessPolicies/{access_policy}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. The parent of this `AccessPolicy` in the Cloud Resource
// Hierarchy. Currently immutable once created. Format:
// `organizations/{organization_id}`
Parent string `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. Human readable title. Does not affect behavior.
Title string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"`
// The scopes of a policy define which resources an ACM policy can restrict,
// and where ACM resources can be referenced.
// For example, a policy with scopes=["folders/123"] has the following
// behavior:
// - vpcsc perimeters can only restrict projects within folders/123
// - access levels can only be referenced by resources within folders/123.
// If empty, there are no limitations on which resources can be restricted by
// an ACM policy, and there are no limitations on where ACM resources can be
// referenced.
// Only one policy can include a given scope (attempting to create a second
// policy which includes "folders/123" will result in an error).
// Currently, scopes cannot be modified after a policy is created.
// Currently, policies can only have a single scope.
// Format: list of `folders/{folder_number}` or `projects/{project_number}`
Scopes []string `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"`
// Output only. Time the `AccessPolicy` was created in UTC.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. Time the `AccessPolicy` was updated in UTC.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Output only. An opaque identifier for the current version of the
// `AccessPolicy`. This will always be a strongly validated etag, meaning that
// two Access Polices will be identical if and only if their etags are
// identical. Clients should not expect this to be in any specific format.
Etag string `protobuf:"bytes,6,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}AccessPolicy is a container for AccessLevels (which define the necessary
attributes to use Google Cloud services) and ServicePerimeters (which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
func (*AccessPolicy) Descriptor
func (*AccessPolicy) Descriptor() ([]byte, []int)Deprecated: Use AccessPolicy.ProtoReflect.Descriptor instead.
func (*AccessPolicy) GetCreateTime
func (x *AccessPolicy) GetCreateTime() *timestamppb.Timestampfunc (*AccessPolicy) GetEtag
func (x *AccessPolicy) GetEtag() stringfunc (*AccessPolicy) GetName
func (x *AccessPolicy) GetName() stringfunc (*AccessPolicy) GetParent
func (x *AccessPolicy) GetParent() stringfunc (*AccessPolicy) GetScopes
func (x *AccessPolicy) GetScopes() []stringfunc (*AccessPolicy) GetTitle
func (x *AccessPolicy) GetTitle() stringfunc (*AccessPolicy) GetUpdateTime
func (x *AccessPolicy) GetUpdateTime() *timestamppb.Timestampfunc (*AccessPolicy) ProtoMessage
func (*AccessPolicy) ProtoMessage()func (*AccessPolicy) ProtoReflect
func (x *AccessPolicy) ProtoReflect() protoreflect.Messagefunc (*AccessPolicy) Reset
func (x *AccessPolicy) Reset()func (*AccessPolicy) String
func (x *AccessPolicy) String() stringBasicLevel
type BasicLevel struct {
// Required. A list of requirements for the `AccessLevel` to be granted.
Conditions []*Condition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"`
// How the `conditions` list should be combined to determine if a request is
// granted this `AccessLevel`. If AND is used, each `Condition` in
// `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
// is used, at least one `Condition` in `conditions` must be satisfied for the
// `AccessLevel` to be applied. Default behavior is AND.
CombiningFunction BasicLevel_ConditionCombiningFunction `protobuf:"varint,2,opt,name=combining_function,json=combiningFunction,proto3,enum=google.identity.accesscontextmanager.v1.BasicLevel_ConditionCombiningFunction" json:"combining_function,omitempty"`
// contains filtered or unexported fields
}BasicLevel is an AccessLevel using a set of recommended features.
func (*BasicLevel) Descriptor
func (*BasicLevel) Descriptor() ([]byte, []int)Deprecated: Use BasicLevel.ProtoReflect.Descriptor instead.
func (*BasicLevel) GetCombiningFunction
func (x *BasicLevel) GetCombiningFunction() BasicLevel_ConditionCombiningFunctionfunc (*BasicLevel) GetConditions
func (x *BasicLevel) GetConditions() []*Conditionfunc (*BasicLevel) ProtoMessage
func (*BasicLevel) ProtoMessage()func (*BasicLevel) ProtoReflect
func (x *BasicLevel) ProtoReflect() protoreflect.Messagefunc (*BasicLevel) Reset
func (x *BasicLevel) Reset()func (*BasicLevel) String
func (x *BasicLevel) String() stringBasicLevel_ConditionCombiningFunction
type BasicLevel_ConditionCombiningFunction int32Options for how the conditions list should be combined to determine if
this AccessLevel is applied. Default is AND.
BasicLevel_AND, BasicLevel_OR
const (
// All `Conditions` must be true for the `BasicLevel` to be true.
BasicLevel_AND BasicLevel_ConditionCombiningFunction = 0
// If at least one `Condition` is true, then the `BasicLevel` is true.
BasicLevel_OR BasicLevel_ConditionCombiningFunction = 1
)func (BasicLevel_ConditionCombiningFunction) Descriptor
func (BasicLevel_ConditionCombiningFunction) Descriptor() protoreflect.EnumDescriptorfunc (BasicLevel_ConditionCombiningFunction) Enum
func (BasicLevel_ConditionCombiningFunction) EnumDescriptor
func (BasicLevel_ConditionCombiningFunction) EnumDescriptor() ([]byte, []int)Deprecated: Use BasicLevel_ConditionCombiningFunction.Descriptor instead.
func (BasicLevel_ConditionCombiningFunction) Number
func (x BasicLevel_ConditionCombiningFunction) Number() protoreflect.EnumNumberfunc (BasicLevel_ConditionCombiningFunction) String
func (x BasicLevel_ConditionCombiningFunction) String() stringfunc (BasicLevel_ConditionCombiningFunction) Type
func (BasicLevel_ConditionCombiningFunction) Type() protoreflect.EnumTypeCommitServicePerimetersRequest
type CommitServicePerimetersRequest struct {
// Required. Resource name for the parent [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
// [Service Perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
// the commit operation.
//
// Format: `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. The etag for the version of the [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] that this
// commit operation is to be performed on. If, at the time of commit, the
// etag for the Access Policy stored in Access Context Manager is different
// from the specified etag, then the commit operation will not be performed
// and the call will fail. This field is not required. If etag is not
// provided, the operation will be performed as if a valid etag is provided.
Etag string `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}A request to commit dry-run specs in all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to an [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
func (*CommitServicePerimetersRequest) Descriptor
func (*CommitServicePerimetersRequest) Descriptor() ([]byte, []int)Deprecated: Use CommitServicePerimetersRequest.ProtoReflect.Descriptor instead.
func (*CommitServicePerimetersRequest) GetEtag
func (x *CommitServicePerimetersRequest) GetEtag() stringfunc (*CommitServicePerimetersRequest) GetParent
func (x *CommitServicePerimetersRequest) GetParent() stringfunc (*CommitServicePerimetersRequest) ProtoMessage
func (*CommitServicePerimetersRequest) ProtoMessage()func (*CommitServicePerimetersRequest) ProtoReflect
func (x *CommitServicePerimetersRequest) ProtoReflect() protoreflect.Messagefunc (*CommitServicePerimetersRequest) Reset
func (x *CommitServicePerimetersRequest) Reset()func (*CommitServicePerimetersRequest) String
func (x *CommitServicePerimetersRequest) String() stringCommitServicePerimetersResponse
type CommitServicePerimetersResponse struct {
// List of all the [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances in
// the [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy].
ServicePerimeters []*ServicePerimeter `protobuf:"bytes,1,rep,name=service_perimeters,json=servicePerimeters,proto3" json:"service_perimeters,omitempty"`
// contains filtered or unexported fields
}A response to CommitServicePerimetersRequest. This will be put inside of Operation.response field.
func (*CommitServicePerimetersResponse) Descriptor
func (*CommitServicePerimetersResponse) Descriptor() ([]byte, []int)Deprecated: Use CommitServicePerimetersResponse.ProtoReflect.Descriptor instead.
func (*CommitServicePerimetersResponse) GetServicePerimeters
func (x *CommitServicePerimetersResponse) GetServicePerimeters() []*ServicePerimeterfunc (*CommitServicePerimetersResponse) ProtoMessage
func (*CommitServicePerimetersResponse) ProtoMessage()func (*CommitServicePerimetersResponse) ProtoReflect
func (x *CommitServicePerimetersResponse) ProtoReflect() protoreflect.Messagefunc (*CommitServicePerimetersResponse) Reset
func (x *CommitServicePerimetersResponse) Reset()func (*CommitServicePerimetersResponse) String
func (x *CommitServicePerimetersResponse) String() stringCondition
type Condition struct {
// CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
// a CIDR IP address block, the specified IP address portion must be properly
// truncated (i.e. all the host bits must be zero) or the input is considered
// malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
// not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
// "2001:db8::1/32" is not. The originating IP of a request must be in one of
// the listed subnets in order for this Condition to be true. If empty, all IP
// addresses are allowed.
IpSubnetworks []string `protobuf:"bytes,1,rep,name=ip_subnetworks,json=ipSubnetworks,proto3" json:"ip_subnetworks,omitempty"`
// Device specific restrictions, all restrictions must hold for the
// Condition to be true. If not specified, all devices are allowed.
DevicePolicy *DevicePolicy `protobuf:"bytes,2,opt,name=device_policy,json=devicePolicy,proto3" json:"device_policy,omitempty"`
// A list of other access levels defined in the same `Policy`, referenced by
// resource name. Referencing an `AccessLevel` which does not exist is an
// error. All access levels listed must be granted for the Condition
// to be true. Example:
// "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
RequiredAccessLevels []string `protobuf:"bytes,3,rep,name=required_access_levels,json=requiredAccessLevels,proto3" json:"required_access_levels,omitempty"`
// Whether to negate the Condition. If true, the Condition becomes a NAND over
// its non-empty fields, each field must be false for the Condition overall to
// be satisfied. Defaults to false.
Negate bool `protobuf:"varint,5,opt,name=negate,proto3" json:"negate,omitempty"`
// The request must be made by one of the provided user or service
// accounts. Groups are not supported.
// Syntax:
// `user:{emailid}`
// `serviceAccount:{emailid}`
// If not specified, a request may come from any user.
Members []string `protobuf:"bytes,6,rep,name=members,proto3" json:"members,omitempty"`
// The request must originate from one of the provided countries/regions.
// Must be valid ISO 3166-1 alpha-2 codes.
Regions []string `protobuf:"bytes,7,rep,name=regions,proto3" json:"regions,omitempty"`
// contains filtered or unexported fields
}A condition necessary for an AccessLevel to be granted. The Condition is an
AND over its fields. So a Condition is true if: 1) the request IP is from one
of the listed subnetworks AND 2) the originating device complies with the
listed device policy AND 3) all listed access levels are granted AND 4) the
request was sent at a time allowed by the DateTimeRestriction.
func (*Condition) Descriptor
Deprecated: Use Condition.ProtoReflect.Descriptor instead.
func (*Condition) GetDevicePolicy
func (x *Condition) GetDevicePolicy() *DevicePolicyfunc (*Condition) GetIpSubnetworks
func (*Condition) GetMembers
func (*Condition) GetNegate
func (*Condition) GetRegions
func (*Condition) GetRequiredAccessLevels
func (*Condition) ProtoMessage
func (*Condition) ProtoMessage()func (*Condition) ProtoReflect
func (x *Condition) ProtoReflect() protoreflect.Messagefunc (*Condition) Reset
func (x *Condition) Reset()func (*Condition) String
CreateAccessLevelRequest
type CreateAccessLevelRequest struct {
// Required. Resource name for the access policy which owns this [Access
// Level] [google.identity.accesscontextmanager.v1.AccessLevel].
//
// Format: `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel] to create.
// Syntactic correctness of the [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel] is a
// precondition for creation.
AccessLevel *AccessLevel `protobuf:"bytes,2,opt,name=access_level,json=accessLevel,proto3" json:"access_level,omitempty"`
// contains filtered or unexported fields
}A request to create an AccessLevel.
func (*CreateAccessLevelRequest) Descriptor
func (*CreateAccessLevelRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateAccessLevelRequest.ProtoReflect.Descriptor instead.
func (*CreateAccessLevelRequest) GetAccessLevel
func (x *CreateAccessLevelRequest) GetAccessLevel() *AccessLevelfunc (*CreateAccessLevelRequest) GetParent
func (x *CreateAccessLevelRequest) GetParent() stringfunc (*CreateAccessLevelRequest) ProtoMessage
func (*CreateAccessLevelRequest) ProtoMessage()func (*CreateAccessLevelRequest) ProtoReflect
func (x *CreateAccessLevelRequest) ProtoReflect() protoreflect.Messagefunc (*CreateAccessLevelRequest) Reset
func (x *CreateAccessLevelRequest) Reset()func (*CreateAccessLevelRequest) String
func (x *CreateAccessLevelRequest) String() stringCreateGcpUserAccessBindingRequest
type CreateGcpUserAccessBindingRequest struct {
// Required. Example: "organizations/256"
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
GcpUserAccessBinding *GcpUserAccessBinding `protobuf:"bytes,2,opt,name=gcp_user_access_binding,json=gcpUserAccessBinding,proto3" json:"gcp_user_access_binding,omitempty"`
// contains filtered or unexported fields
}Request of [CreateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
func (*CreateGcpUserAccessBindingRequest) Descriptor
func (*CreateGcpUserAccessBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateGcpUserAccessBindingRequest.ProtoReflect.Descriptor instead.
func (*CreateGcpUserAccessBindingRequest) GetGcpUserAccessBinding
func (x *CreateGcpUserAccessBindingRequest) GetGcpUserAccessBinding() *GcpUserAccessBindingfunc (*CreateGcpUserAccessBindingRequest) GetParent
func (x *CreateGcpUserAccessBindingRequest) GetParent() stringfunc (*CreateGcpUserAccessBindingRequest) ProtoMessage
func (*CreateGcpUserAccessBindingRequest) ProtoMessage()func (*CreateGcpUserAccessBindingRequest) ProtoReflect
func (x *CreateGcpUserAccessBindingRequest) ProtoReflect() protoreflect.Messagefunc (*CreateGcpUserAccessBindingRequest) Reset
func (x *CreateGcpUserAccessBindingRequest) Reset()func (*CreateGcpUserAccessBindingRequest) String
func (x *CreateGcpUserAccessBindingRequest) String() stringCreateServicePerimeterRequest
type CreateServicePerimeterRequest struct {
// Required. Resource name for the access policy which owns this [Service
// Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
//
// Format: `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] to create.
// Syntactic correctness of the [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] is a
// precondition for creation.
ServicePerimeter *ServicePerimeter `protobuf:"bytes,2,opt,name=service_perimeter,json=servicePerimeter,proto3" json:"service_perimeter,omitempty"`
// contains filtered or unexported fields
}A request to create a ServicePerimeter.
func (*CreateServicePerimeterRequest) Descriptor
func (*CreateServicePerimeterRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateServicePerimeterRequest.ProtoReflect.Descriptor instead.
func (*CreateServicePerimeterRequest) GetParent
func (x *CreateServicePerimeterRequest) GetParent() stringfunc (*CreateServicePerimeterRequest) GetServicePerimeter
func (x *CreateServicePerimeterRequest) GetServicePerimeter() *ServicePerimeterfunc (*CreateServicePerimeterRequest) ProtoMessage
func (*CreateServicePerimeterRequest) ProtoMessage()func (*CreateServicePerimeterRequest) ProtoReflect
func (x *CreateServicePerimeterRequest) ProtoReflect() protoreflect.Messagefunc (*CreateServicePerimeterRequest) Reset
func (x *CreateServicePerimeterRequest) Reset()func (*CreateServicePerimeterRequest) String
func (x *CreateServicePerimeterRequest) String() stringCustomLevel
type CustomLevel struct {
// Required. A Cloud CEL expression evaluating to a boolean.
Expr *expr.Expr `protobuf:"bytes,1,opt,name=expr,proto3" json:"expr,omitempty"`
// contains filtered or unexported fields
}CustomLevel is an AccessLevel using the Cloud Common Expression Language
to represent the necessary conditions for the level to apply to a request.
See CEL spec at: https://github.com/google/cel-spec
func (*CustomLevel) Descriptor
func (*CustomLevel) Descriptor() ([]byte, []int)Deprecated: Use CustomLevel.ProtoReflect.Descriptor instead.
func (*CustomLevel) GetExpr
func (x *CustomLevel) GetExpr() *expr.Exprfunc (*CustomLevel) ProtoMessage
func (*CustomLevel) ProtoMessage()func (*CustomLevel) ProtoReflect
func (x *CustomLevel) ProtoReflect() protoreflect.Messagefunc (*CustomLevel) Reset
func (x *CustomLevel) Reset()func (*CustomLevel) String
func (x *CustomLevel) String() stringDeleteAccessLevelRequest
type DeleteAccessLevelRequest struct {
// Required. Resource name for the [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel].
//
// Format:
// `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}A request to delete an AccessLevel.
func (*DeleteAccessLevelRequest) Descriptor
func (*DeleteAccessLevelRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteAccessLevelRequest.ProtoReflect.Descriptor instead.
func (*DeleteAccessLevelRequest) GetName
func (x *DeleteAccessLevelRequest) GetName() stringfunc (*DeleteAccessLevelRequest) ProtoMessage
func (*DeleteAccessLevelRequest) ProtoMessage()func (*DeleteAccessLevelRequest) ProtoReflect
func (x *DeleteAccessLevelRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteAccessLevelRequest) Reset
func (x *DeleteAccessLevelRequest) Reset()func (*DeleteAccessLevelRequest) String
func (x *DeleteAccessLevelRequest) String() stringDeleteAccessPolicyRequest
type DeleteAccessPolicyRequest struct {
// Required. Resource name for the access policy to delete.
//
// Format `accessPolicies/{policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}A request to delete an AccessPolicy.
func (*DeleteAccessPolicyRequest) Descriptor
func (*DeleteAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*DeleteAccessPolicyRequest) GetName
func (x *DeleteAccessPolicyRequest) GetName() stringfunc (*DeleteAccessPolicyRequest) ProtoMessage
func (*DeleteAccessPolicyRequest) ProtoMessage()func (*DeleteAccessPolicyRequest) ProtoReflect
func (x *DeleteAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteAccessPolicyRequest) Reset
func (x *DeleteAccessPolicyRequest) Reset()func (*DeleteAccessPolicyRequest) String
func (x *DeleteAccessPolicyRequest) String() stringDeleteGcpUserAccessBindingRequest
type DeleteGcpUserAccessBindingRequest struct {
// Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request of [DeleteGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
func (*DeleteGcpUserAccessBindingRequest) Descriptor
func (*DeleteGcpUserAccessBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteGcpUserAccessBindingRequest.ProtoReflect.Descriptor instead.
func (*DeleteGcpUserAccessBindingRequest) GetName
func (x *DeleteGcpUserAccessBindingRequest) GetName() stringfunc (*DeleteGcpUserAccessBindingRequest) ProtoMessage
func (*DeleteGcpUserAccessBindingRequest) ProtoMessage()func (*DeleteGcpUserAccessBindingRequest) ProtoReflect
func (x *DeleteGcpUserAccessBindingRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteGcpUserAccessBindingRequest) Reset
func (x *DeleteGcpUserAccessBindingRequest) Reset()func (*DeleteGcpUserAccessBindingRequest) String
func (x *DeleteGcpUserAccessBindingRequest) String() stringDeleteServicePerimeterRequest
type DeleteServicePerimeterRequest struct {
// Required. Resource name for the [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter].
//
// Format:
// `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}A request to delete a ServicePerimeter.
func (*DeleteServicePerimeterRequest) Descriptor
func (*DeleteServicePerimeterRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteServicePerimeterRequest.ProtoReflect.Descriptor instead.
func (*DeleteServicePerimeterRequest) GetName
func (x *DeleteServicePerimeterRequest) GetName() stringfunc (*DeleteServicePerimeterRequest) ProtoMessage
func (*DeleteServicePerimeterRequest) ProtoMessage()func (*DeleteServicePerimeterRequest) ProtoReflect
func (x *DeleteServicePerimeterRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteServicePerimeterRequest) Reset
func (x *DeleteServicePerimeterRequest) Reset()func (*DeleteServicePerimeterRequest) String
func (x *DeleteServicePerimeterRequest) String() stringDevicePolicy
type DevicePolicy struct {
// Whether or not screenlock is required for the DevicePolicy to be true.
// Defaults to `false`.
RequireScreenlock bool `protobuf:"varint,1,opt,name=require_screenlock,json=requireScreenlock,proto3" json:"require_screenlock,omitempty"`
// Allowed encryptions statuses, an empty list allows all statuses.
AllowedEncryptionStatuses []_type.DeviceEncryptionStatus `protobuf:"varint,2,rep,packed,name=allowed_encryption_statuses,json=allowedEncryptionStatuses,proto3,enum=google.identity.accesscontextmanager.type.DeviceEncryptionStatus" json:"allowed_encryption_statuses,omitempty"`
// Allowed OS versions, an empty list allows all types and all versions.
OsConstraints []*OsConstraint `protobuf:"bytes,3,rep,name=os_constraints,json=osConstraints,proto3" json:"os_constraints,omitempty"`
// Allowed device management levels, an empty list allows all management
// levels.
AllowedDeviceManagementLevels []_type.DeviceManagementLevel `protobuf:"varint,6,rep,packed,name=allowed_device_management_levels,json=allowedDeviceManagementLevels,proto3,enum=google.identity.accesscontextmanager.type.DeviceManagementLevel" json:"allowed_device_management_levels,omitempty"`
// Whether the device needs to be approved by the customer admin.
RequireAdminApproval bool `protobuf:"varint,7,opt,name=require_admin_approval,json=requireAdminApproval,proto3" json:"require_admin_approval,omitempty"`
// Whether the device needs to be corp owned.
RequireCorpOwned bool `protobuf:"varint,8,opt,name=require_corp_owned,json=requireCorpOwned,proto3" json:"require_corp_owned,omitempty"`
// contains filtered or unexported fields
}DevicePolicy specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
func (*DevicePolicy) Descriptor
func (*DevicePolicy) Descriptor() ([]byte, []int)Deprecated: Use DevicePolicy.ProtoReflect.Descriptor instead.
func (*DevicePolicy) GetAllowedDeviceManagementLevels
func (x *DevicePolicy) GetAllowedDeviceManagementLevels() []_type.DeviceManagementLevelfunc (*DevicePolicy) GetAllowedEncryptionStatuses
func (x *DevicePolicy) GetAllowedEncryptionStatuses() []_type.DeviceEncryptionStatusfunc (*DevicePolicy) GetOsConstraints
func (x *DevicePolicy) GetOsConstraints() []*OsConstraintfunc (*DevicePolicy) GetRequireAdminApproval
func (x *DevicePolicy) GetRequireAdminApproval() boolfunc (*DevicePolicy) GetRequireCorpOwned
func (x *DevicePolicy) GetRequireCorpOwned() boolfunc (*DevicePolicy) GetRequireScreenlock
func (x *DevicePolicy) GetRequireScreenlock() boolfunc (*DevicePolicy) ProtoMessage
func (*DevicePolicy) ProtoMessage()func (*DevicePolicy) ProtoReflect
func (x *DevicePolicy) ProtoReflect() protoreflect.Messagefunc (*DevicePolicy) Reset
func (x *DevicePolicy) Reset()func (*DevicePolicy) String
func (x *DevicePolicy) String() stringGcpUserAccessBinding
type GcpUserAccessBinding struct {
// Immutable. Assigned by the server during creation. The last segment has an arbitrary
// length and has only URI unreserved characters (as defined by
// [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)).
// Should not be specified by the client during creation.
// Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Immutable. Google Group id whose members are subject to this binding's restrictions.
// See "id" in the [G Suite Directory API's Groups resource]
// (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
// If a group's email address/alias is changed, this resource will continue
// to point at the changed group. This field does not accept group email
// addresses or aliases.
// Example: "01d520gv4vjcrht"
GroupKey string `protobuf:"bytes,2,opt,name=group_key,json=groupKey,proto3" json:"group_key,omitempty"`
// Required. Access level that a user must have to be granted access. Only one access
// level is supported, not multiple. This repeated field must have exactly
// one element.
// Example: "accessPolicies/9522/accessLevels/device_trusted"
AccessLevels []string `protobuf:"bytes,3,rep,name=access_levels,json=accessLevels,proto3" json:"access_levels,omitempty"`
// contains filtered or unexported fields
}Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
func (*GcpUserAccessBinding) Descriptor
func (*GcpUserAccessBinding) Descriptor() ([]byte, []int)Deprecated: Use GcpUserAccessBinding.ProtoReflect.Descriptor instead.
func (*GcpUserAccessBinding) GetAccessLevels
func (x *GcpUserAccessBinding) GetAccessLevels() []stringfunc (*GcpUserAccessBinding) GetGroupKey
func (x *GcpUserAccessBinding) GetGroupKey() stringfunc (*GcpUserAccessBinding) GetName
func (x *GcpUserAccessBinding) GetName() stringfunc (*GcpUserAccessBinding) ProtoMessage
func (*GcpUserAccessBinding) ProtoMessage()func (*GcpUserAccessBinding) ProtoReflect
func (x *GcpUserAccessBinding) ProtoReflect() protoreflect.Messagefunc (*GcpUserAccessBinding) Reset
func (x *GcpUserAccessBinding) Reset()func (*GcpUserAccessBinding) String
func (x *GcpUserAccessBinding) String() stringGcpUserAccessBindingOperationMetadata
type GcpUserAccessBindingOperationMetadata struct {
// contains filtered or unexported fields
}Currently, a completed operation means nothing. In the future, this metadata and a completed operation may indicate that the binding has taken effect and is affecting access decisions for all users.
func (*GcpUserAccessBindingOperationMetadata) Descriptor
func (*GcpUserAccessBindingOperationMetadata) Descriptor() ([]byte, []int)Deprecated: Use GcpUserAccessBindingOperationMetadata.ProtoReflect.Descriptor instead.
func (*GcpUserAccessBindingOperationMetadata) ProtoMessage
func (*GcpUserAccessBindingOperationMetadata) ProtoMessage()func (*GcpUserAccessBindingOperationMetadata) ProtoReflect
func (x *GcpUserAccessBindingOperationMetadata) ProtoReflect() protoreflect.Messagefunc (*GcpUserAccessBindingOperationMetadata) Reset
func (x *GcpUserAccessBindingOperationMetadata) Reset()func (*GcpUserAccessBindingOperationMetadata) String
func (x *GcpUserAccessBindingOperationMetadata) String() stringGetAccessLevelRequest
type GetAccessLevelRequest struct {
// Required. Resource name for the [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel].
//
// Format:
// `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Whether to return `BasicLevels` in the Cloud Common Expression
// Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
// [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
// are returned as `BasicLevels` or `CustomLevels` based on how they were
// created. If set to CEL, all [Access Levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] are returned as
// `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
// `CustomLevels`.
AccessLevelFormat LevelFormat `protobuf:"varint,2,opt,name=access_level_format,json=accessLevelFormat,proto3,enum=google.identity.accesscontextmanager.v1.LevelFormat" json:"access_level_format,omitempty"`
// contains filtered or unexported fields
}A request to get a particular AccessLevel.
func (*GetAccessLevelRequest) Descriptor
func (*GetAccessLevelRequest) Descriptor() ([]byte, []int)Deprecated: Use GetAccessLevelRequest.ProtoReflect.Descriptor instead.
func (*GetAccessLevelRequest) GetAccessLevelFormat
func (x *GetAccessLevelRequest) GetAccessLevelFormat() LevelFormatfunc (*GetAccessLevelRequest) GetName
func (x *GetAccessLevelRequest) GetName() stringfunc (*GetAccessLevelRequest) ProtoMessage
func (*GetAccessLevelRequest) ProtoMessage()func (*GetAccessLevelRequest) ProtoReflect
func (x *GetAccessLevelRequest) ProtoReflect() protoreflect.Messagefunc (*GetAccessLevelRequest) Reset
func (x *GetAccessLevelRequest) Reset()func (*GetAccessLevelRequest) String
func (x *GetAccessLevelRequest) String() stringGetAccessPolicyRequest
type GetAccessPolicyRequest struct {
// Required. Resource name for the access policy to get.
//
// Format `accessPolicies/{policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}A request to get a particular AccessPolicy.
func (*GetAccessPolicyRequest) Descriptor
func (*GetAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use GetAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetAccessPolicyRequest) GetName
func (x *GetAccessPolicyRequest) GetName() stringfunc (*GetAccessPolicyRequest) ProtoMessage
func (*GetAccessPolicyRequest) ProtoMessage()func (*GetAccessPolicyRequest) ProtoReflect
func (x *GetAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*GetAccessPolicyRequest) Reset
func (x *GetAccessPolicyRequest) Reset()func (*GetAccessPolicyRequest) String
func (x *GetAccessPolicyRequest) String() stringGetGcpUserAccessBindingRequest
type GetGcpUserAccessBindingRequest struct {
// Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request of [GetGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
func (*GetGcpUserAccessBindingRequest) Descriptor
func (*GetGcpUserAccessBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use GetGcpUserAccessBindingRequest.ProtoReflect.Descriptor instead.
func (*GetGcpUserAccessBindingRequest) GetName
func (x *GetGcpUserAccessBindingRequest) GetName() stringfunc (*GetGcpUserAccessBindingRequest) ProtoMessage
func (*GetGcpUserAccessBindingRequest) ProtoMessage()func (*GetGcpUserAccessBindingRequest) ProtoReflect
func (x *GetGcpUserAccessBindingRequest) ProtoReflect() protoreflect.Messagefunc (*GetGcpUserAccessBindingRequest) Reset
func (x *GetGcpUserAccessBindingRequest) Reset()func (*GetGcpUserAccessBindingRequest) String
func (x *GetGcpUserAccessBindingRequest) String() stringGetServicePerimeterRequest
type GetServicePerimeterRequest struct {
// Required. Resource name for the [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter].
//
// Format:
// `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}A request to get a particular ServicePerimeter.
func (*GetServicePerimeterRequest) Descriptor
func (*GetServicePerimeterRequest) Descriptor() ([]byte, []int)Deprecated: Use GetServicePerimeterRequest.ProtoReflect.Descriptor instead.
func (*GetServicePerimeterRequest) GetName
func (x *GetServicePerimeterRequest) GetName() stringfunc (*GetServicePerimeterRequest) ProtoMessage
func (*GetServicePerimeterRequest) ProtoMessage()func (*GetServicePerimeterRequest) ProtoReflect
func (x *GetServicePerimeterRequest) ProtoReflect() protoreflect.Messagefunc (*GetServicePerimeterRequest) Reset
func (x *GetServicePerimeterRequest) Reset()func (*GetServicePerimeterRequest) String
func (x *GetServicePerimeterRequest) String() stringLevelFormat
type LevelFormat int32The format used in an AccessLevel.
LevelFormat_LEVEL_FORMAT_UNSPECIFIED, LevelFormat_AS_DEFINED, LevelFormat_CEL
const (
// The format was not specified.
LevelFormat_LEVEL_FORMAT_UNSPECIFIED LevelFormat = 0
// Uses the format the resource was defined in. BasicLevels are returned as
// BasicLevels, CustomLevels are returned as CustomLevels.
LevelFormat_AS_DEFINED LevelFormat = 1
// Use Cloud Common Expression Language when returning the resource. Both
// BasicLevels and CustomLevels are returned as CustomLevels.
LevelFormat_CEL LevelFormat = 2
)func (LevelFormat) Descriptor
func (LevelFormat) Descriptor() protoreflect.EnumDescriptorfunc (LevelFormat) Enum
func (x LevelFormat) Enum() *LevelFormatfunc (LevelFormat) EnumDescriptor
func (LevelFormat) EnumDescriptor() ([]byte, []int)Deprecated: Use LevelFormat.Descriptor instead.
func (LevelFormat) Number
func (x LevelFormat) Number() protoreflect.EnumNumberfunc (LevelFormat) String
func (x LevelFormat) String() stringfunc (LevelFormat) Type
func (LevelFormat) Type() protoreflect.EnumTypeListAccessLevelsRequest
type ListAccessLevelsRequest struct {
// Required. Resource name for the access policy to list [Access Levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] from.
//
// Format:
// `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Number of [Access Levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] to include in
// the list. Default 100.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Next page token for the next batch of [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel] instances.
// Defaults to the first page of results.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Whether to return `BasicLevels` in the Cloud Common Expression language, as
// `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
// `AccessLevels` in the format they were defined.
AccessLevelFormat LevelFormat `protobuf:"varint,4,opt,name=access_level_format,json=accessLevelFormat,proto3,enum=google.identity.accesscontextmanager.v1.LevelFormat" json:"access_level_format,omitempty"`
// contains filtered or unexported fields
}A request to list all AccessLevels in an AccessPolicy.
func (*ListAccessLevelsRequest) Descriptor
func (*ListAccessLevelsRequest) Descriptor() ([]byte, []int)Deprecated: Use ListAccessLevelsRequest.ProtoReflect.Descriptor instead.
func (*ListAccessLevelsRequest) GetAccessLevelFormat
func (x *ListAccessLevelsRequest) GetAccessLevelFormat() LevelFormatfunc (*ListAccessLevelsRequest) GetPageSize
func (x *ListAccessLevelsRequest) GetPageSize() int32func (*ListAccessLevelsRequest) GetPageToken
func (x *ListAccessLevelsRequest) GetPageToken() stringfunc (*ListAccessLevelsRequest) GetParent
func (x *ListAccessLevelsRequest) GetParent() stringfunc (*ListAccessLevelsRequest) ProtoMessage
func (*ListAccessLevelsRequest) ProtoMessage()func (*ListAccessLevelsRequest) ProtoReflect
func (x *ListAccessLevelsRequest) ProtoReflect() protoreflect.Messagefunc (*ListAccessLevelsRequest) Reset
func (x *ListAccessLevelsRequest) Reset()func (*ListAccessLevelsRequest) String
func (x *ListAccessLevelsRequest) String() stringListAccessLevelsResponse
type ListAccessLevelsResponse struct {
// List of the [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel] instances.
AccessLevels []*AccessLevel `protobuf:"bytes,1,rep,name=access_levels,json=accessLevels,proto3" json:"access_levels,omitempty"`
// The pagination token to retrieve the next page of results. If the value is
// empty, no further results remain.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}A response to ListAccessLevelsRequest.
func (*ListAccessLevelsResponse) Descriptor
func (*ListAccessLevelsResponse) Descriptor() ([]byte, []int)Deprecated: Use ListAccessLevelsResponse.ProtoReflect.Descriptor instead.
func (*ListAccessLevelsResponse) GetAccessLevels
func (x *ListAccessLevelsResponse) GetAccessLevels() []*AccessLevelfunc (*ListAccessLevelsResponse) GetNextPageToken
func (x *ListAccessLevelsResponse) GetNextPageToken() stringfunc (*ListAccessLevelsResponse) ProtoMessage
func (*ListAccessLevelsResponse) ProtoMessage()func (*ListAccessLevelsResponse) ProtoReflect
func (x *ListAccessLevelsResponse) ProtoReflect() protoreflect.Messagefunc (*ListAccessLevelsResponse) Reset
func (x *ListAccessLevelsResponse) Reset()func (*ListAccessLevelsResponse) String
func (x *ListAccessLevelsResponse) String() stringListAccessPoliciesRequest
type ListAccessPoliciesRequest struct {
// Required. Resource name for the container to list AccessPolicy instances
// from.
//
// Format:
// `organizations/{org_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Number of AccessPolicy instances to include in the list. Default 100.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Next page token for the next batch of AccessPolicy instances. Defaults to
// the first page of results.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}A request to list all AccessPolicies for a container.
func (*ListAccessPoliciesRequest) Descriptor
func (*ListAccessPoliciesRequest) Descriptor() ([]byte, []int)Deprecated: Use ListAccessPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListAccessPoliciesRequest) GetPageSize
func (x *ListAccessPoliciesRequest) GetPageSize() int32func (*ListAccessPoliciesRequest) GetPageToken
func (x *ListAccessPoliciesRequest) GetPageToken() stringfunc (*ListAccessPoliciesRequest) GetParent
func (x *ListAccessPoliciesRequest) GetParent() stringfunc (*ListAccessPoliciesRequest) ProtoMessage
func (*ListAccessPoliciesRequest) ProtoMessage()func (*ListAccessPoliciesRequest) ProtoReflect
func (x *ListAccessPoliciesRequest) ProtoReflect() protoreflect.Messagefunc (*ListAccessPoliciesRequest) Reset
func (x *ListAccessPoliciesRequest) Reset()func (*ListAccessPoliciesRequest) String
func (x *ListAccessPoliciesRequest) String() stringListAccessPoliciesResponse
type ListAccessPoliciesResponse struct {
// List of the AccessPolicy instances.
AccessPolicies []*AccessPolicy `protobuf:"bytes,1,rep,name=access_policies,json=accessPolicies,proto3" json:"access_policies,omitempty"`
// The pagination token to retrieve the next page of results. If the value is
// empty, no further results remain.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}A response to ListAccessPoliciesRequest.
func (*ListAccessPoliciesResponse) Descriptor
func (*ListAccessPoliciesResponse) Descriptor() ([]byte, []int)Deprecated: Use ListAccessPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListAccessPoliciesResponse) GetAccessPolicies
func (x *ListAccessPoliciesResponse) GetAccessPolicies() []*AccessPolicyfunc (*ListAccessPoliciesResponse) GetNextPageToken
func (x *ListAccessPoliciesResponse) GetNextPageToken() stringfunc (*ListAccessPoliciesResponse) ProtoMessage
func (*ListAccessPoliciesResponse) ProtoMessage()func (*ListAccessPoliciesResponse) ProtoReflect
func (x *ListAccessPoliciesResponse) ProtoReflect() protoreflect.Messagefunc (*ListAccessPoliciesResponse) Reset
func (x *ListAccessPoliciesResponse) Reset()func (*ListAccessPoliciesResponse) String
func (x *ListAccessPoliciesResponse) String() stringListGcpUserAccessBindingsRequest
type ListGcpUserAccessBindingsRequest struct {
// Required. Example: "organizations/256"
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Maximum number of items to return. The server may return fewer items.
// If left blank, the server may return any number of items.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. If left blank, returns the first page. To enumerate all items, use the
// [next_page_token]
// [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
// from your previous list operation.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}Request of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
func (*ListGcpUserAccessBindingsRequest) Descriptor
func (*ListGcpUserAccessBindingsRequest) Descriptor() ([]byte, []int)Deprecated: Use ListGcpUserAccessBindingsRequest.ProtoReflect.Descriptor instead.
func (*ListGcpUserAccessBindingsRequest) GetPageSize
func (x *ListGcpUserAccessBindingsRequest) GetPageSize() int32func (*ListGcpUserAccessBindingsRequest) GetPageToken
func (x *ListGcpUserAccessBindingsRequest) GetPageToken() stringfunc (*ListGcpUserAccessBindingsRequest) GetParent
func (x *ListGcpUserAccessBindingsRequest) GetParent() stringfunc (*ListGcpUserAccessBindingsRequest) ProtoMessage
func (*ListGcpUserAccessBindingsRequest) ProtoMessage()func (*ListGcpUserAccessBindingsRequest) ProtoReflect
func (x *ListGcpUserAccessBindingsRequest) ProtoReflect() protoreflect.Messagefunc (*ListGcpUserAccessBindingsRequest) Reset
func (x *ListGcpUserAccessBindingsRequest) Reset()func (*ListGcpUserAccessBindingsRequest) String
func (x *ListGcpUserAccessBindingsRequest) String() stringListGcpUserAccessBindingsResponse
type ListGcpUserAccessBindingsResponse struct {
// [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
GcpUserAccessBindings []*GcpUserAccessBinding `protobuf:"bytes,1,rep,name=gcp_user_access_bindings,json=gcpUserAccessBindings,proto3" json:"gcp_user_access_bindings,omitempty"`
// Token to get the next page of items. If blank, there are no more items.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
func (*ListGcpUserAccessBindingsResponse) Descriptor
func (*ListGcpUserAccessBindingsResponse) Descriptor() ([]byte, []int)Deprecated: Use ListGcpUserAccessBindingsResponse.ProtoReflect.Descriptor instead.
func (*ListGcpUserAccessBindingsResponse) GetGcpUserAccessBindings
func (x *ListGcpUserAccessBindingsResponse) GetGcpUserAccessBindings() []*GcpUserAccessBindingfunc (*ListGcpUserAccessBindingsResponse) GetNextPageToken
func (x *ListGcpUserAccessBindingsResponse) GetNextPageToken() stringfunc (*ListGcpUserAccessBindingsResponse) ProtoMessage
func (*ListGcpUserAccessBindingsResponse) ProtoMessage()func (*ListGcpUserAccessBindingsResponse) ProtoReflect
func (x *ListGcpUserAccessBindingsResponse) ProtoReflect() protoreflect.Messagefunc (*ListGcpUserAccessBindingsResponse) Reset
func (x *ListGcpUserAccessBindingsResponse) Reset()func (*ListGcpUserAccessBindingsResponse) String
func (x *ListGcpUserAccessBindingsResponse) String() stringListServicePerimetersRequest
type ListServicePerimetersRequest struct {
// Required. Resource name for the access policy to list [Service Perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
//
// Format:
// `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Number of [Service Perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
// in the list. Default 100.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Next page token for the next batch of [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
// Defaults to the first page of results.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}A request to list all ServicePerimeters in an AccessPolicy.
func (*ListServicePerimetersRequest) Descriptor
func (*ListServicePerimetersRequest) Descriptor() ([]byte, []int)Deprecated: Use ListServicePerimetersRequest.ProtoReflect.Descriptor instead.
func (*ListServicePerimetersRequest) GetPageSize
func (x *ListServicePerimetersRequest) GetPageSize() int32func (*ListServicePerimetersRequest) GetPageToken
func (x *ListServicePerimetersRequest) GetPageToken() stringfunc (*ListServicePerimetersRequest) GetParent
func (x *ListServicePerimetersRequest) GetParent() stringfunc (*ListServicePerimetersRequest) ProtoMessage
func (*ListServicePerimetersRequest) ProtoMessage()func (*ListServicePerimetersRequest) ProtoReflect
func (x *ListServicePerimetersRequest) ProtoReflect() protoreflect.Messagefunc (*ListServicePerimetersRequest) Reset
func (x *ListServicePerimetersRequest) Reset()func (*ListServicePerimetersRequest) String
func (x *ListServicePerimetersRequest) String() stringListServicePerimetersResponse
type ListServicePerimetersResponse struct {
// List of the [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
ServicePerimeters []*ServicePerimeter `protobuf:"bytes,1,rep,name=service_perimeters,json=servicePerimeters,proto3" json:"service_perimeters,omitempty"`
// The pagination token to retrieve the next page of results. If the value is
// empty, no further results remain.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}A response to ListServicePerimetersRequest.
func (*ListServicePerimetersResponse) Descriptor
func (*ListServicePerimetersResponse) Descriptor() ([]byte, []int)Deprecated: Use ListServicePerimetersResponse.ProtoReflect.Descriptor instead.
func (*ListServicePerimetersResponse) GetNextPageToken
func (x *ListServicePerimetersResponse) GetNextPageToken() stringfunc (*ListServicePerimetersResponse) GetServicePerimeters
func (x *ListServicePerimetersResponse) GetServicePerimeters() []*ServicePerimeterfunc (*ListServicePerimetersResponse) ProtoMessage
func (*ListServicePerimetersResponse) ProtoMessage()func (*ListServicePerimetersResponse) ProtoReflect
func (x *ListServicePerimetersResponse) ProtoReflect() protoreflect.Messagefunc (*ListServicePerimetersResponse) Reset
func (x *ListServicePerimetersResponse) Reset()func (*ListServicePerimetersResponse) String
func (x *ListServicePerimetersResponse) String() stringOsConstraint
type OsConstraint struct {
// Required. The allowed OS type.
OsType _type.OsType `protobuf:"varint,1,opt,name=os_type,json=osType,proto3,enum=google.identity.accesscontextmanager.type.OsType" json:"os_type,omitempty"`
// The minimum allowed OS version. If not set, any version of this OS
// satisfies the constraint. Format: `"major.minor.patch"`.
// Examples: `"10.5.301"`, `"9.2.1"`.
MinimumVersion string `protobuf:"bytes,2,opt,name=minimum_version,json=minimumVersion,proto3" json:"minimum_version,omitempty"`
// Only allows requests from devices with a verified Chrome OS.
// Verifications includes requirements that the device is enterprise-managed,
// conformant to domain policies, and the caller has permission to call
// the API targeted by the request.
RequireVerifiedChromeOs bool `protobuf:"varint,3,opt,name=require_verified_chrome_os,json=requireVerifiedChromeOs,proto3" json:"require_verified_chrome_os,omitempty"`
// contains filtered or unexported fields
}A restriction on the OS type and version of devices making requests.
func (*OsConstraint) Descriptor
func (*OsConstraint) Descriptor() ([]byte, []int)Deprecated: Use OsConstraint.ProtoReflect.Descriptor instead.
func (*OsConstraint) GetMinimumVersion
func (x *OsConstraint) GetMinimumVersion() stringfunc (*OsConstraint) GetOsType
func (x *OsConstraint) GetOsType() _type.OsTypefunc (*OsConstraint) GetRequireVerifiedChromeOs
func (x *OsConstraint) GetRequireVerifiedChromeOs() boolfunc (*OsConstraint) ProtoMessage
func (*OsConstraint) ProtoMessage()func (*OsConstraint) ProtoReflect
func (x *OsConstraint) ProtoReflect() protoreflect.Messagefunc (*OsConstraint) Reset
func (x *OsConstraint) Reset()func (*OsConstraint) String
func (x *OsConstraint) String() stringReplaceAccessLevelsRequest
type ReplaceAccessLevelsRequest struct {
// Required. Resource name for the access policy which owns these
// [Access Levels]
// [google.identity.accesscontextmanager.v1.AccessLevel].
//
// Format: `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The desired [Access Levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] that should
// replace all existing [Access Levels]
// [google.identity.accesscontextmanager.v1.AccessLevel] in the
// [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy].
AccessLevels []*AccessLevel `protobuf:"bytes,2,rep,name=access_levels,json=accessLevels,proto3" json:"access_levels,omitempty"`
// Optional. The etag for the version of the [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] that this
// replace operation is to be performed on. If, at the time of replace, the
// etag for the Access Policy stored in Access Context Manager is different
// from the specified etag, then the replace operation will not be performed
// and the call will fail. This field is not required. If etag is not
// provided, the operation will be performed as if a valid etag is provided.
Etag string `protobuf:"bytes,4,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.
func (*ReplaceAccessLevelsRequest) Descriptor
func (*ReplaceAccessLevelsRequest) Descriptor() ([]byte, []int)Deprecated: Use ReplaceAccessLevelsRequest.ProtoReflect.Descriptor instead.
func (*ReplaceAccessLevelsRequest) GetAccessLevels
func (x *ReplaceAccessLevelsRequest) GetAccessLevels() []*AccessLevelfunc (*ReplaceAccessLevelsRequest) GetEtag
func (x *ReplaceAccessLevelsRequest) GetEtag() stringfunc (*ReplaceAccessLevelsRequest) GetParent
func (x *ReplaceAccessLevelsRequest) GetParent() stringfunc (*ReplaceAccessLevelsRequest) ProtoMessage
func (*ReplaceAccessLevelsRequest) ProtoMessage()func (*ReplaceAccessLevelsRequest) ProtoReflect
func (x *ReplaceAccessLevelsRequest) ProtoReflect() protoreflect.Messagefunc (*ReplaceAccessLevelsRequest) Reset
func (x *ReplaceAccessLevelsRequest) Reset()func (*ReplaceAccessLevelsRequest) String
func (x *ReplaceAccessLevelsRequest) String() stringReplaceAccessLevelsResponse
type ReplaceAccessLevelsResponse struct {
// List of the [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel] instances.
AccessLevels []*AccessLevel `protobuf:"bytes,1,rep,name=access_levels,json=accessLevels,proto3" json:"access_levels,omitempty"`
// contains filtered or unexported fields
}A response to ReplaceAccessLevelsRequest. This will be put inside of Operation.response field.
func (*ReplaceAccessLevelsResponse) Descriptor
func (*ReplaceAccessLevelsResponse) Descriptor() ([]byte, []int)Deprecated: Use ReplaceAccessLevelsResponse.ProtoReflect.Descriptor instead.
func (*ReplaceAccessLevelsResponse) GetAccessLevels
func (x *ReplaceAccessLevelsResponse) GetAccessLevels() []*AccessLevelfunc (*ReplaceAccessLevelsResponse) ProtoMessage
func (*ReplaceAccessLevelsResponse) ProtoMessage()func (*ReplaceAccessLevelsResponse) ProtoReflect
func (x *ReplaceAccessLevelsResponse) ProtoReflect() protoreflect.Messagefunc (*ReplaceAccessLevelsResponse) Reset
func (x *ReplaceAccessLevelsResponse) Reset()func (*ReplaceAccessLevelsResponse) String
func (x *ReplaceAccessLevelsResponse) String() stringReplaceServicePerimetersRequest
type ReplaceServicePerimetersRequest struct {
// Required. Resource name for the access policy which owns these
// [Service Perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter].
//
// Format: `accessPolicies/{policy_id}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The desired [Service Perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] that should
// replace all existing [Service Perimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] in the
// [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy].
ServicePerimeters []*ServicePerimeter `protobuf:"bytes,2,rep,name=service_perimeters,json=servicePerimeters,proto3" json:"service_perimeters,omitempty"`
// Optional. The etag for the version of the [Access Policy]
// [google.identity.accesscontextmanager.v1.AccessPolicy] that this
// replace operation is to be performed on. If, at the time of replace, the
// etag for the Access Policy stored in Access Context Manager is different
// from the specified etag, then the replace operation will not be performed
// and the call will fail. This field is not required. If etag is not
// provided, the operation will be performed as if a valid etag is provided.
Etag string `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}A request to replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.
func (*ReplaceServicePerimetersRequest) Descriptor
func (*ReplaceServicePerimetersRequest) Descriptor() ([]byte, []int)Deprecated: Use ReplaceServicePerimetersRequest.ProtoReflect.Descriptor instead.
func (*ReplaceServicePerimetersRequest) GetEtag
func (x *ReplaceServicePerimetersRequest) GetEtag() stringfunc (*ReplaceServicePerimetersRequest) GetParent
func (x *ReplaceServicePerimetersRequest) GetParent() stringfunc (*ReplaceServicePerimetersRequest) GetServicePerimeters
func (x *ReplaceServicePerimetersRequest) GetServicePerimeters() []*ServicePerimeterfunc (*ReplaceServicePerimetersRequest) ProtoMessage
func (*ReplaceServicePerimetersRequest) ProtoMessage()func (*ReplaceServicePerimetersRequest) ProtoReflect
func (x *ReplaceServicePerimetersRequest) ProtoReflect() protoreflect.Messagefunc (*ReplaceServicePerimetersRequest) Reset
func (x *ReplaceServicePerimetersRequest) Reset()func (*ReplaceServicePerimetersRequest) String
func (x *ReplaceServicePerimetersRequest) String() stringReplaceServicePerimetersResponse
type ReplaceServicePerimetersResponse struct {
// List of the [Service Perimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
ServicePerimeters []*ServicePerimeter `protobuf:"bytes,1,rep,name=service_perimeters,json=servicePerimeters,proto3" json:"service_perimeters,omitempty"`
// contains filtered or unexported fields
}A response to ReplaceServicePerimetersRequest. This will be put inside of Operation.response field.
func (*ReplaceServicePerimetersResponse) Descriptor
func (*ReplaceServicePerimetersResponse) Descriptor() ([]byte, []int)Deprecated: Use ReplaceServicePerimetersResponse.ProtoReflect.Descriptor instead.
func (*ReplaceServicePerimetersResponse) GetServicePerimeters
func (x *ReplaceServicePerimetersResponse) GetServicePerimeters() []*ServicePerimeterfunc (*ReplaceServicePerimetersResponse) ProtoMessage
func (*ReplaceServicePerimetersResponse) ProtoMessage()func (*ReplaceServicePerimetersResponse) ProtoReflect
func (x *ReplaceServicePerimetersResponse) ProtoReflect() protoreflect.Messagefunc (*ReplaceServicePerimetersResponse) Reset
func (x *ReplaceServicePerimetersResponse) Reset()func (*ReplaceServicePerimetersResponse) String
func (x *ReplaceServicePerimetersResponse) String() stringServicePerimeter
type ServicePerimeter struct {
// Required. Resource name for the ServicePerimeter. The `short_name`
// component must begin with a letter and only include alphanumeric and '_'.
// Format:
// `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Human readable title. Must be unique within the Policy.
Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
// Description of the `ServicePerimeter` and its use. Does not affect
// behavior.
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// Output only. Time the `ServicePerimeter` was created in UTC.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. Time the `ServicePerimeter` was updated in UTC.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Perimeter type indicator. A single project is
// allowed to be a member of single regular perimeter, but multiple service
// perimeter bridges. A project cannot be a included in a perimeter bridge
// without being included in regular perimeter. For perimeter bridges,
// the restricted service list as well as access level lists must be
// empty.
PerimeterType ServicePerimeter_PerimeterType `protobuf:"varint,6,opt,name=perimeter_type,json=perimeterType,proto3,enum=google.identity.accesscontextmanager.v1.ServicePerimeter_PerimeterType" json:"perimeter_type,omitempty"`
// Current ServicePerimeter configuration. Specifies sets of resources,
// restricted services and access levels that determine perimeter
// content and boundaries.
Status *ServicePerimeterConfig `protobuf:"bytes,7,opt,name=status,proto3" json:"status,omitempty"`
// Proposed (or dry run) ServicePerimeter configuration. This configuration
// allows to specify and test ServicePerimeter configuration without enforcing
// actual access restrictions. Only allowed to be set when the
// "use_explicit_dry_run_spec" flag is set.
Spec *ServicePerimeterConfig `protobuf:"bytes,8,opt,name=spec,proto3" json:"spec,omitempty"`
// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
// exists for all Service Perimeters, and that spec is identical to the
// status for those Service Perimeters. When this flag is set, it inhibits the
// generation of the implicit spec, thereby allowing the user to explicitly
// provide a configuration ("spec") to use in a dry-run version of the Service
// Perimeter. This allows the user to test changes to the enforced config
// ("status") without actually enforcing them. This testing is done through
// analyzing the differences between currently enforced and suggested
// restrictions. use_explicit_dry_run_spec must bet set to True if any of the
// fields in the spec are set to non-default values.
UseExplicitDryRunSpec bool `protobuf:"varint,9,opt,name=use_explicit_dry_run_spec,json=useExplicitDryRunSpec,proto3" json:"use_explicit_dry_run_spec,omitempty"`
// contains filtered or unexported fields
}ServicePerimeter describes a set of Google Cloud resources which can freely
import and export data amongst themselves, but not export outside of the
ServicePerimeter. If a request with a source within this ServicePerimeter
has a target outside of the ServicePerimeter, the request will be blocked.
Otherwise the request is allowed. There are two types of Service Perimeter -
Regular and Bridge. Regular Service Perimeters cannot overlap, a single
Google Cloud project can only belong to a single regular Service Perimeter.
Service Perimeter Bridges can contain only Google Cloud projects as members,
a single Google Cloud project may belong to multiple Service Perimeter
Bridges.
func (*ServicePerimeter) Descriptor
func (*ServicePerimeter) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeter.ProtoReflect.Descriptor instead.
func (*ServicePerimeter) GetCreateTime
func (x *ServicePerimeter) GetCreateTime() *timestamppb.Timestampfunc (*ServicePerimeter) GetDescription
func (x *ServicePerimeter) GetDescription() stringfunc (*ServicePerimeter) GetName
func (x *ServicePerimeter) GetName() stringfunc (*ServicePerimeter) GetPerimeterType
func (x *ServicePerimeter) GetPerimeterType() ServicePerimeter_PerimeterTypefunc (*ServicePerimeter) GetSpec
func (x *ServicePerimeter) GetSpec() *ServicePerimeterConfigfunc (*ServicePerimeter) GetStatus
func (x *ServicePerimeter) GetStatus() *ServicePerimeterConfigfunc (*ServicePerimeter) GetTitle
func (x *ServicePerimeter) GetTitle() stringfunc (*ServicePerimeter) GetUpdateTime
func (x *ServicePerimeter) GetUpdateTime() *timestamppb.Timestampfunc (*ServicePerimeter) GetUseExplicitDryRunSpec
func (x *ServicePerimeter) GetUseExplicitDryRunSpec() boolfunc (*ServicePerimeter) ProtoMessage
func (*ServicePerimeter) ProtoMessage()func (*ServicePerimeter) ProtoReflect
func (x *ServicePerimeter) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeter) Reset
func (x *ServicePerimeter) Reset()func (*ServicePerimeter) String
func (x *ServicePerimeter) String() stringServicePerimeterConfig
type ServicePerimeterConfig struct {
// A list of Google Cloud resources that are inside of the service perimeter.
// Currently only projects are allowed. Format: `projects/{project_number}`
Resources []string `protobuf:"bytes,1,rep,name=resources,proto3" json:"resources,omitempty"`
// A list of `AccessLevel` resource names that allow resources within the
// `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
// must be in the same policy as this `ServicePerimeter`. Referencing a
// nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
// listed, resources within the perimeter can only be accessed via Google
// Cloud calls with request origins within the perimeter. Example:
// `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
// For Service Perimeter Bridge, must be empty.
AccessLevels []string `protobuf:"bytes,2,rep,name=access_levels,json=accessLevels,proto3" json:"access_levels,omitempty"`
// Google Cloud services that are subject to the Service Perimeter
// restrictions. For example, if `storage.googleapis.com` is specified, access
// to the storage buckets inside the perimeter must meet the perimeter's
// access restrictions.
RestrictedServices []string `protobuf:"bytes,4,rep,name=restricted_services,json=restrictedServices,proto3" json:"restricted_services,omitempty"`
// Configuration for APIs allowed within Perimeter.
VpcAccessibleServices *ServicePerimeterConfig_VpcAccessibleServices `protobuf:"bytes,10,opt,name=vpc_accessible_services,json=vpcAccessibleServices,proto3" json:"vpc_accessible_services,omitempty"`
// List of [IngressPolicies]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
// to apply to the perimeter. A perimeter may have multiple [IngressPolicies]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy],
// each of which is evaluated separately. Access is granted if any [Ingress
// Policy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
// grants it. Must be empty for a perimeter bridge.
IngressPolicies []*ServicePerimeterConfig_IngressPolicy `protobuf:"bytes,8,rep,name=ingress_policies,json=ingressPolicies,proto3" json:"ingress_policies,omitempty"`
// List of [EgressPolicies]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
// to apply to the perimeter. A perimeter may have multiple [EgressPolicies]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy],
// each of which is evaluated separately. Access is granted if any
// [EgressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
// grants it. Must be empty for a perimeter bridge.
EgressPolicies []*ServicePerimeterConfig_EgressPolicy `protobuf:"bytes,9,rep,name=egress_policies,json=egressPolicies,proto3" json:"egress_policies,omitempty"`
// contains filtered or unexported fields
}ServicePerimeterConfig specifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
func (*ServicePerimeterConfig) Descriptor
func (*ServicePerimeterConfig) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig) GetAccessLevels
func (x *ServicePerimeterConfig) GetAccessLevels() []stringfunc (*ServicePerimeterConfig) GetEgressPolicies
func (x *ServicePerimeterConfig) GetEgressPolicies() []*ServicePerimeterConfig_EgressPolicyfunc (*ServicePerimeterConfig) GetIngressPolicies
func (x *ServicePerimeterConfig) GetIngressPolicies() []*ServicePerimeterConfig_IngressPolicyfunc (*ServicePerimeterConfig) GetResources
func (x *ServicePerimeterConfig) GetResources() []stringfunc (*ServicePerimeterConfig) GetRestrictedServices
func (x *ServicePerimeterConfig) GetRestrictedServices() []stringfunc (*ServicePerimeterConfig) GetVpcAccessibleServices
func (x *ServicePerimeterConfig) GetVpcAccessibleServices() *ServicePerimeterConfig_VpcAccessibleServicesfunc (*ServicePerimeterConfig) ProtoMessage
func (*ServicePerimeterConfig) ProtoMessage()func (*ServicePerimeterConfig) ProtoReflect
func (x *ServicePerimeterConfig) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig) Reset
func (x *ServicePerimeterConfig) Reset()func (*ServicePerimeterConfig) String
func (x *ServicePerimeterConfig) String() stringServicePerimeterConfig_ApiOperation
type ServicePerimeterConfig_ApiOperation struct {
// The name of the API whose methods or permissions the [IngressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
// or [EgressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
// want to allow. A single [ApiOperation]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
// with `service_name` field set to `*` will allow all methods AND
// permissions for all services.
ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
// API methods or permissions to allow. Method or permission must belong to
// the service specified by `service_name` field. A single [MethodSelector]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector]
// entry with `*` specified for the `method` field will allow all methods
// AND permissions for the service specified in `service_name`.
MethodSelectors []*ServicePerimeterConfig_MethodSelector `protobuf:"bytes,2,rep,name=method_selectors,json=methodSelectors,proto3" json:"method_selectors,omitempty"`
// contains filtered or unexported fields
}Identification for an API Operation.
func (*ServicePerimeterConfig_ApiOperation) Descriptor
func (*ServicePerimeterConfig_ApiOperation) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_ApiOperation.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_ApiOperation) GetMethodSelectors
func (x *ServicePerimeterConfig_ApiOperation) GetMethodSelectors() []*ServicePerimeterConfig_MethodSelectorfunc (*ServicePerimeterConfig_ApiOperation) GetServiceName
func (x *ServicePerimeterConfig_ApiOperation) GetServiceName() stringfunc (*ServicePerimeterConfig_ApiOperation) ProtoMessage
func (*ServicePerimeterConfig_ApiOperation) ProtoMessage()func (*ServicePerimeterConfig_ApiOperation) ProtoReflect
func (x *ServicePerimeterConfig_ApiOperation) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_ApiOperation) Reset
func (x *ServicePerimeterConfig_ApiOperation) Reset()func (*ServicePerimeterConfig_ApiOperation) String
func (x *ServicePerimeterConfig_ApiOperation) String() stringServicePerimeterConfig_EgressFrom
type ServicePerimeterConfig_EgressFrom struct {
// A list of identities that are allowed access through this [EgressPolicy].
// Should be in the format of email address. The email address should
// represent individual user or service account only.
Identities []string `protobuf:"bytes,1,rep,name=identities,proto3" json:"identities,omitempty"`
// Specifies the type of identities that are allowed access to outside the
// perimeter. If left unspecified, then members of `identities` field will
// be allowed access.
IdentityType ServicePerimeterConfig_IdentityType `protobuf:"varint,2,opt,name=identity_type,json=identityType,proto3,enum=google.identity.accesscontextmanager.v1.ServicePerimeterConfig_IdentityType" json:"identity_type,omitempty"`
// contains filtered or unexported fields
}Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed.
func (*ServicePerimeterConfig_EgressFrom) Descriptor
func (*ServicePerimeterConfig_EgressFrom) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_EgressFrom.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_EgressFrom) GetIdentities
func (x *ServicePerimeterConfig_EgressFrom) GetIdentities() []stringfunc (*ServicePerimeterConfig_EgressFrom) GetIdentityType
func (x *ServicePerimeterConfig_EgressFrom) GetIdentityType() ServicePerimeterConfig_IdentityTypefunc (*ServicePerimeterConfig_EgressFrom) ProtoMessage
func (*ServicePerimeterConfig_EgressFrom) ProtoMessage()func (*ServicePerimeterConfig_EgressFrom) ProtoReflect
func (x *ServicePerimeterConfig_EgressFrom) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_EgressFrom) Reset
func (x *ServicePerimeterConfig_EgressFrom) Reset()func (*ServicePerimeterConfig_EgressFrom) String
func (x *ServicePerimeterConfig_EgressFrom) String() stringServicePerimeterConfig_EgressPolicy
type ServicePerimeterConfig_EgressPolicy struct {
// Defines conditions on the source of a request causing this [EgressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
// to apply.
EgressFrom *ServicePerimeterConfig_EgressFrom `protobuf:"bytes,1,opt,name=egress_from,json=egressFrom,proto3" json:"egress_from,omitempty"`
// Defines the conditions on the [ApiOperation]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
// and destination resources that cause this [EgressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
// to apply.
EgressTo *ServicePerimeterConfig_EgressTo `protobuf:"bytes,2,opt,name=egress_to,json=egressTo,proto3" json:"egress_to,omitempty"`
// contains filtered or unexported fields
}Policy for egress from perimeter.
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
match requests based on egress_from and egress_to stanzas. For an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to match, both egress_from and egress_to stanzas must be matched. If an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request, the request is allowed to span the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
For example, an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
can be used to allow VMs on networks within the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
defined set of projects outside the perimeter in certain contexts (e.g. to
read data from a Cloud Storage bucket or query against a BigQuery dataset).
[EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] are concerned with the resources that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] and [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
func (*ServicePerimeterConfig_EgressPolicy) Descriptor
func (*ServicePerimeterConfig_EgressPolicy) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_EgressPolicy.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_EgressPolicy) GetEgressFrom
func (x *ServicePerimeterConfig_EgressPolicy) GetEgressFrom() *ServicePerimeterConfig_EgressFromfunc (*ServicePerimeterConfig_EgressPolicy) GetEgressTo
func (x *ServicePerimeterConfig_EgressPolicy) GetEgressTo() *ServicePerimeterConfig_EgressTofunc (*ServicePerimeterConfig_EgressPolicy) ProtoMessage
func (*ServicePerimeterConfig_EgressPolicy) ProtoMessage()func (*ServicePerimeterConfig_EgressPolicy) ProtoReflect
func (x *ServicePerimeterConfig_EgressPolicy) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_EgressPolicy) Reset
func (x *ServicePerimeterConfig_EgressPolicy) Reset()func (*ServicePerimeterConfig_EgressPolicy) String
func (x *ServicePerimeterConfig_EgressPolicy) String() stringServicePerimeterConfig_EgressTo
type ServicePerimeterConfig_EgressTo struct {
// A list of resources, currently only projects in the form
// `projects/Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations AND resources fields in order to be allowed egress out
of the perimeter.
func (*ServicePerimeterConfig_EgressTo) Descriptor
func (*ServicePerimeterConfig_EgressTo) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_EgressTo.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_EgressTo) GetExternalResources
func (x *ServicePerimeterConfig_EgressTo) GetExternalResources() []stringfunc (*ServicePerimeterConfig_EgressTo) GetOperations
func (x *ServicePerimeterConfig_EgressTo) GetOperations() []*ServicePerimeterConfig_ApiOperationfunc (*ServicePerimeterConfig_EgressTo) GetResources
func (x *ServicePerimeterConfig_EgressTo) GetResources() []stringfunc (*ServicePerimeterConfig_EgressTo) ProtoMessage
func (*ServicePerimeterConfig_EgressTo) ProtoMessage()func (*ServicePerimeterConfig_EgressTo) ProtoReflect
func (x *ServicePerimeterConfig_EgressTo) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_EgressTo) Reset
func (x *ServicePerimeterConfig_EgressTo) Reset()func (*ServicePerimeterConfig_EgressTo) String
func (x *ServicePerimeterConfig_EgressTo) String() stringServicePerimeterConfig_IdentityType
type ServicePerimeterConfig_IdentityType int32Specifies the types of identities that are allowed access in either [IngressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom] or [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] rules.
ServicePerimeterConfig_IDENTITY_TYPE_UNSPECIFIED, ServicePerimeterConfig_ANY_IDENTITY, ServicePerimeterConfig_ANY_USER_ACCOUNT, ServicePerimeterConfig_ANY_SERVICE_ACCOUNT
const (
// No blanket identity group specified.
ServicePerimeterConfig_IDENTITY_TYPE_UNSPECIFIED ServicePerimeterConfig_IdentityType = 0
// Authorize access from all identities outside the perimeter.
ServicePerimeterConfig_ANY_IDENTITY ServicePerimeterConfig_IdentityType = 1
// Authorize access from all human users outside the perimeter.
ServicePerimeterConfig_ANY_USER_ACCOUNT ServicePerimeterConfig_IdentityType = 2
// Authorize access from all service accounts outside the perimeter.
ServicePerimeterConfig_ANY_SERVICE_ACCOUNT ServicePerimeterConfig_IdentityType = 3
)func (ServicePerimeterConfig_IdentityType) Descriptor
func (ServicePerimeterConfig_IdentityType) Descriptor() protoreflect.EnumDescriptorfunc (ServicePerimeterConfig_IdentityType) Enum
func (x ServicePerimeterConfig_IdentityType) Enum() *ServicePerimeterConfig_IdentityTypefunc (ServicePerimeterConfig_IdentityType) EnumDescriptor
func (ServicePerimeterConfig_IdentityType) EnumDescriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_IdentityType.Descriptor instead.
func (ServicePerimeterConfig_IdentityType) Number
func (x ServicePerimeterConfig_IdentityType) Number() protoreflect.EnumNumberfunc (ServicePerimeterConfig_IdentityType) String
func (x ServicePerimeterConfig_IdentityType) String() stringfunc (ServicePerimeterConfig_IdentityType) Type
func (ServicePerimeterConfig_IdentityType) Type() protoreflect.EnumTypeServicePerimeterConfig_IngressFrom
type ServicePerimeterConfig_IngressFrom struct {
// Sources that this [IngressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
// authorizes access from.
Sources []*ServicePerimeterConfig_IngressSource `protobuf:"bytes,1,rep,name=sources,proto3" json:"sources,omitempty"`
// A list of identities that are allowed access through this ingress
// policy. Should be in the format of email address. The email address
// should represent individual user or service account only.
Identities []string `protobuf:"bytes,2,rep,name=identities,proto3" json:"identities,omitempty"`
// Specifies the type of identities that are allowed access from outside the
// perimeter. If left unspecified, then members of `identities` field will
// be allowed access.
IdentityType ServicePerimeterConfig_IdentityType `protobuf:"varint,3,opt,name=identity_type,json=identityType,proto3,enum=google.identity.accesscontextmanager.v1.ServicePerimeterConfig_IdentityType" json:"identity_type,omitempty"`
// contains filtered or unexported fields
}Defines the conditions under which an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request. Conditions are based on information about the source of
the request. The request must satisfy what is defined in sources AND
identity related fields in order to match.
func (*ServicePerimeterConfig_IngressFrom) Descriptor
func (*ServicePerimeterConfig_IngressFrom) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_IngressFrom.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_IngressFrom) GetIdentities
func (x *ServicePerimeterConfig_IngressFrom) GetIdentities() []stringfunc (*ServicePerimeterConfig_IngressFrom) GetIdentityType
func (x *ServicePerimeterConfig_IngressFrom) GetIdentityType() ServicePerimeterConfig_IdentityTypefunc (*ServicePerimeterConfig_IngressFrom) GetSources
func (x *ServicePerimeterConfig_IngressFrom) GetSources() []*ServicePerimeterConfig_IngressSourcefunc (*ServicePerimeterConfig_IngressFrom) ProtoMessage
func (*ServicePerimeterConfig_IngressFrom) ProtoMessage()func (*ServicePerimeterConfig_IngressFrom) ProtoReflect
func (x *ServicePerimeterConfig_IngressFrom) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_IngressFrom) Reset
func (x *ServicePerimeterConfig_IngressFrom) Reset()func (*ServicePerimeterConfig_IngressFrom) String
func (x *ServicePerimeterConfig_IngressFrom) String() stringServicePerimeterConfig_IngressPolicy
type ServicePerimeterConfig_IngressPolicy struct {
// Defines the conditions on the source of a request causing this
// [IngressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
// to apply.
IngressFrom *ServicePerimeterConfig_IngressFrom `protobuf:"bytes,1,opt,name=ingress_from,json=ingressFrom,proto3" json:"ingress_from,omitempty"`
// Defines the conditions on the [ApiOperation]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
// and request destination that cause this [IngressPolicy]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
// to apply.
IngressTo *ServicePerimeterConfig_IngressTo `protobuf:"bytes,2,opt,name=ingress_to,json=ingressTo,proto3" json:"ingress_to,omitempty"`
// contains filtered or unexported fields
}Policy for ingress into [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
[IngressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
match requests based on ingress_from and ingress_to stanzas. For an
ingress policy to match, both the ingress_from and ingress_to stanzas
must be matched. If an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request, the request is allowed through the perimeter boundary
from outside the perimeter.
For example, access from the internet can be allowed either based on an [AccessLevel] [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required.
Individual ingress policies can be limited by restricting which
services and/or actions they match using the ingress_to field.
func (*ServicePerimeterConfig_IngressPolicy) Descriptor
func (*ServicePerimeterConfig_IngressPolicy) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_IngressPolicy.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_IngressPolicy) GetIngressFrom
func (x *ServicePerimeterConfig_IngressPolicy) GetIngressFrom() *ServicePerimeterConfig_IngressFromfunc (*ServicePerimeterConfig_IngressPolicy) GetIngressTo
func (x *ServicePerimeterConfig_IngressPolicy) GetIngressTo() *ServicePerimeterConfig_IngressTofunc (*ServicePerimeterConfig_IngressPolicy) ProtoMessage
func (*ServicePerimeterConfig_IngressPolicy) ProtoMessage()func (*ServicePerimeterConfig_IngressPolicy) ProtoReflect
func (x *ServicePerimeterConfig_IngressPolicy) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_IngressPolicy) Reset
func (x *ServicePerimeterConfig_IngressPolicy) Reset()func (*ServicePerimeterConfig_IngressPolicy) String
func (x *ServicePerimeterConfig_IngressPolicy) String() stringServicePerimeterConfig_IngressSource
type ServicePerimeterConfig_IngressSource struct {
// Allowed ingress source. It can be one of [AccessLevel]
// [google.identity.accesscontextmanager.v1.AccessLevel] or Google
// Cloud resource.
//
// Types that are assignable to Source:
//
// *ServicePerimeterConfig_IngressSource_AccessLevel
// *ServicePerimeterConfig_IngressSource_Resource
Source isServicePerimeterConfig_IngressSource_Source `protobuf_oneof:"source"`
// contains filtered or unexported fields
}The source that [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] authorizes access from.
func (*ServicePerimeterConfig_IngressSource) Descriptor
func (*ServicePerimeterConfig_IngressSource) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_IngressSource.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_IngressSource) GetAccessLevel
func (x *ServicePerimeterConfig_IngressSource) GetAccessLevel() stringfunc (*ServicePerimeterConfig_IngressSource) GetResource
func (x *ServicePerimeterConfig_IngressSource) GetResource() stringfunc (*ServicePerimeterConfig_IngressSource) GetSource
func (m *ServicePerimeterConfig_IngressSource) GetSource() isServicePerimeterConfig_IngressSource_Sourcefunc (*ServicePerimeterConfig_IngressSource) ProtoMessage
func (*ServicePerimeterConfig_IngressSource) ProtoMessage()func (*ServicePerimeterConfig_IngressSource) ProtoReflect
func (x *ServicePerimeterConfig_IngressSource) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_IngressSource) Reset
func (x *ServicePerimeterConfig_IngressSource) Reset()func (*ServicePerimeterConfig_IngressSource) String
func (x *ServicePerimeterConfig_IngressSource) String() stringServicePerimeterConfig_IngressSource_AccessLevel
type ServicePerimeterConfig_IngressSource_AccessLevel struct {
// An [AccessLevel]
// [google.identity.accesscontextmanager.v1.AccessLevel] resource
// name that allow resources within the [ServicePerimeters]
// [google.identity.accesscontextmanager.v1.ServicePerimeter] to be
// accessed from the internet. [AccessLevels]
// [google.identity.accesscontextmanager.v1.AccessLevel] listed must
// be in the same policy as this [ServicePerimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter].
// Referencing a nonexistent [AccessLevel]
// [google.identity.accesscontextmanager.v1.AccessLevel] will cause
// an error. If no [AccessLevel]
// [google.identity.accesscontextmanager.v1.AccessLevel] names are
// listed, resources within the perimeter can only be accessed via Google
// Cloud calls with request origins within the perimeter. Example:
// `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is
// specified for `access_level`, then all [IngressSources]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource]
// will be allowed.
AccessLevel string `protobuf:"bytes,1,opt,name=access_level,json=accessLevel,proto3,oneof"`
}ServicePerimeterConfig_IngressSource_Resource
type ServicePerimeterConfig_IngressSource_Resource struct {
// A Google Cloud resource that is allowed to ingress the perimeter.
// Requests from these resources will be allowed to access perimeter data.
// Currently only projects are allowed.
// Format: `projects/{project_number}`
// The project may be in any Google Cloud organization, not just the
// organization that the perimeter is defined in. `*` is not allowed, the
// case of allowing all Google Cloud resources only is not supported.
Resource string `protobuf:"bytes,2,opt,name=resource,proto3,oneof"`
}ServicePerimeterConfig_IngressTo
type ServicePerimeterConfig_IngressTo struct {
// A list of [ApiOperations]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
// allowed to be performed by the sources specified in corresponding
// [IngressFrom]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
// in this [ServicePerimeter]
// [google.identity.accesscontextmanager.v1.ServicePerimeter].
Operations []*ServicePerimeterConfig_ApiOperation `protobuf:"bytes,1,rep,name=operations,proto3" json:"operations,omitempty"`
// A list of resources, currently only projects in the form
// `projects/Defines the conditions under which an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the target resource of the request. The request
must satisfy what is defined in operations AND resources in order to
match.
func (*ServicePerimeterConfig_IngressTo) Descriptor
func (*ServicePerimeterConfig_IngressTo) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_IngressTo.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_IngressTo) GetOperations
func (x *ServicePerimeterConfig_IngressTo) GetOperations() []*ServicePerimeterConfig_ApiOperationfunc (*ServicePerimeterConfig_IngressTo) GetResources
func (x *ServicePerimeterConfig_IngressTo) GetResources() []stringfunc (*ServicePerimeterConfig_IngressTo) ProtoMessage
func (*ServicePerimeterConfig_IngressTo) ProtoMessage()func (*ServicePerimeterConfig_IngressTo) ProtoReflect
func (x *ServicePerimeterConfig_IngressTo) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_IngressTo) Reset
func (x *ServicePerimeterConfig_IngressTo) Reset()func (*ServicePerimeterConfig_IngressTo) String
func (x *ServicePerimeterConfig_IngressTo) String() stringServicePerimeterConfig_MethodSelector
type ServicePerimeterConfig_MethodSelector struct {
// The API method name or Cloud IAM permission name to allow.
//
// Types that are assignable to Kind:
//
// *ServicePerimeterConfig_MethodSelector_Method
// *ServicePerimeterConfig_MethodSelector_Permission
Kind isServicePerimeterConfig_MethodSelector_Kind `protobuf_oneof:"kind"`
// contains filtered or unexported fields
}An allowed method or permission of a service specified in [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
func (*ServicePerimeterConfig_MethodSelector) Descriptor
func (*ServicePerimeterConfig_MethodSelector) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_MethodSelector.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_MethodSelector) GetKind
func (m *ServicePerimeterConfig_MethodSelector) GetKind() isServicePerimeterConfig_MethodSelector_Kindfunc (*ServicePerimeterConfig_MethodSelector) GetMethod
func (x *ServicePerimeterConfig_MethodSelector) GetMethod() stringfunc (*ServicePerimeterConfig_MethodSelector) GetPermission
func (x *ServicePerimeterConfig_MethodSelector) GetPermission() stringfunc (*ServicePerimeterConfig_MethodSelector) ProtoMessage
func (*ServicePerimeterConfig_MethodSelector) ProtoMessage()func (*ServicePerimeterConfig_MethodSelector) ProtoReflect
func (x *ServicePerimeterConfig_MethodSelector) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_MethodSelector) Reset
func (x *ServicePerimeterConfig_MethodSelector) Reset()func (*ServicePerimeterConfig_MethodSelector) String
func (x *ServicePerimeterConfig_MethodSelector) String() stringServicePerimeterConfig_MethodSelector_Method
type ServicePerimeterConfig_MethodSelector_Method struct {
// Value for `method` should be a valid method name for the corresponding
// `service_name` in [ApiOperation]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
// If `*` used as value for `method`, then ALL methods and permissions are
// allowed.
Method string `protobuf:"bytes,1,opt,name=method,proto3,oneof"`
}ServicePerimeterConfig_MethodSelector_Permission
type ServicePerimeterConfig_MethodSelector_Permission struct {
// Value for `permission` should be a valid Cloud IAM permission for the
// corresponding `service_name` in [ApiOperation]
// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
Permission string `protobuf:"bytes,2,opt,name=permission,proto3,oneof"`
}ServicePerimeterConfig_VpcAccessibleServices
type ServicePerimeterConfig_VpcAccessibleServices struct {
// Whether to restrict API calls within the Service Perimeter to the list of
// APIs specified in 'allowed_services'.
EnableRestriction bool `protobuf:"varint,1,opt,name=enable_restriction,json=enableRestriction,proto3" json:"enable_restriction,omitempty"`
// The list of APIs usable within the Service Perimeter. Must be empty
// unless 'enable_restriction' is True. You can specify a list of individual
// services, as well as include the 'RESTRICTED-SERVICES' value, which
// automatically includes all of the services protected by the perimeter.
AllowedServices []string `protobuf:"bytes,2,rep,name=allowed_services,json=allowedServices,proto3" json:"allowed_services,omitempty"`
// contains filtered or unexported fields
}Specifies how APIs are allowed to communicate within the Service Perimeter.
func (*ServicePerimeterConfig_VpcAccessibleServices) Descriptor
func (*ServicePerimeterConfig_VpcAccessibleServices) Descriptor() ([]byte, []int)Deprecated: Use ServicePerimeterConfig_VpcAccessibleServices.ProtoReflect.Descriptor instead.
func (*ServicePerimeterConfig_VpcAccessibleServices) GetAllowedServices
func (x *ServicePerimeterConfig_VpcAccessibleServices) GetAllowedServices() []stringfunc (*ServicePerimeterConfig_VpcAccessibleServices) GetEnableRestriction
func (x *ServicePerimeterConfig_VpcAccessibleServices) GetEnableRestriction() boolfunc (*ServicePerimeterConfig_VpcAccessibleServices) ProtoMessage
func (*ServicePerimeterConfig_VpcAccessibleServices) ProtoMessage()func (*ServicePerimeterConfig_VpcAccessibleServices) ProtoReflect
func (x *ServicePerimeterConfig_VpcAccessibleServices) ProtoReflect() protoreflect.Messagefunc (*ServicePerimeterConfig_VpcAccessibleServices) Reset
func (x *ServicePerimeterConfig_VpcAccessibleServices) Reset()func (*ServicePerimeterConfig_VpcAccessibleServices) String
func (x *ServicePerimeterConfig_VpcAccessibleServices) String() stringServicePerimeter_PerimeterType
type ServicePerimeter_PerimeterType int32Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most ONE regular Service Perimeter.
In addition to being in a regular service perimeter, a resource can also be in zero or more perimeter bridges. A perimeter bridge only contains resources. Cross project operations are permitted if all effected resources share some perimeter (whether bridge or regular). Perimeter Bridge does not contain access levels or services: those are governed entirely by the regular perimeter that resource is in.
Perimeter Bridges are typically useful when building more complex toplogies with many independent perimeters that need to share some data with a common perimeter, but should not be able to share data among themselves.
ServicePerimeter_PERIMETER_TYPE_REGULAR, ServicePerimeter_PERIMETER_TYPE_BRIDGE
const (
// Regular Perimeter.
ServicePerimeter_PERIMETER_TYPE_REGULAR ServicePerimeter_PerimeterType = 0
// Perimeter Bridge.
ServicePerimeter_PERIMETER_TYPE_BRIDGE ServicePerimeter_PerimeterType = 1
)func (ServicePerimeter_PerimeterType) Descriptor
func (ServicePerimeter_PerimeterType) Descriptor() protoreflect.EnumDescriptorfunc (ServicePerimeter_PerimeterType) Enum
func (x ServicePerimeter_PerimeterType) Enum() *ServicePerimeter_PerimeterTypefunc (ServicePerimeter_PerimeterType) EnumDescriptor
func (ServicePerimeter_PerimeterType) EnumDescriptor() ([]byte, []int)Deprecated: Use ServicePerimeter_PerimeterType.Descriptor instead.
func (ServicePerimeter_PerimeterType) Number
func (x ServicePerimeter_PerimeterType) Number() protoreflect.EnumNumberfunc (ServicePerimeter_PerimeterType) String
func (x ServicePerimeter_PerimeterType) String() stringfunc (ServicePerimeter_PerimeterType) Type
func (ServicePerimeter_PerimeterType) Type() protoreflect.EnumTypeUnimplementedAccessContextManagerServer
type UnimplementedAccessContextManagerServer struct {
}UnimplementedAccessContextManagerServer should be embedded to have forward compatible implementations.
func (UnimplementedAccessContextManagerServer) CommitServicePerimeters
func (UnimplementedAccessContextManagerServer) CommitServicePerimeters(context.Context, *CommitServicePerimetersRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) CreateAccessLevel
func (UnimplementedAccessContextManagerServer) CreateAccessLevel(context.Context, *CreateAccessLevelRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) CreateAccessPolicy
func (UnimplementedAccessContextManagerServer) CreateAccessPolicy(context.Context, *AccessPolicy) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) CreateGcpUserAccessBinding
func (UnimplementedAccessContextManagerServer) CreateGcpUserAccessBinding(context.Context, *CreateGcpUserAccessBindingRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) CreateServicePerimeter
func (UnimplementedAccessContextManagerServer) CreateServicePerimeter(context.Context, *CreateServicePerimeterRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) DeleteAccessLevel
func (UnimplementedAccessContextManagerServer) DeleteAccessLevel(context.Context, *DeleteAccessLevelRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) DeleteAccessPolicy
func (UnimplementedAccessContextManagerServer) DeleteAccessPolicy(context.Context, *DeleteAccessPolicyRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) DeleteGcpUserAccessBinding
func (UnimplementedAccessContextManagerServer) DeleteGcpUserAccessBinding(context.Context, *DeleteGcpUserAccessBindingRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) DeleteServicePerimeter
func (UnimplementedAccessContextManagerServer) DeleteServicePerimeter(context.Context, *DeleteServicePerimeterRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) GetAccessLevel
func (UnimplementedAccessContextManagerServer) GetAccessLevel(context.Context, *GetAccessLevelRequest) (*AccessLevel, error)func (UnimplementedAccessContextManagerServer) GetAccessPolicy
func (UnimplementedAccessContextManagerServer) GetAccessPolicy(context.Context, *GetAccessPolicyRequest) (*AccessPolicy, error)func (UnimplementedAccessContextManagerServer) GetGcpUserAccessBinding
func (UnimplementedAccessContextManagerServer) GetGcpUserAccessBinding(context.Context, *GetGcpUserAccessBindingRequest) (*GcpUserAccessBinding, error)func (UnimplementedAccessContextManagerServer) GetIamPolicy
func (UnimplementedAccessContextManagerServer) GetIamPolicy(context.Context, *iampb.GetIamPolicyRequest) (*iampb.Policy, error)func (UnimplementedAccessContextManagerServer) GetServicePerimeter
func (UnimplementedAccessContextManagerServer) GetServicePerimeter(context.Context, *GetServicePerimeterRequest) (*ServicePerimeter, error)func (UnimplementedAccessContextManagerServer) ListAccessLevels
func (UnimplementedAccessContextManagerServer) ListAccessLevels(context.Context, *ListAccessLevelsRequest) (*ListAccessLevelsResponse, error)func (UnimplementedAccessContextManagerServer) ListAccessPolicies
func (UnimplementedAccessContextManagerServer) ListAccessPolicies(context.Context, *ListAccessPoliciesRequest) (*ListAccessPoliciesResponse, error)func (UnimplementedAccessContextManagerServer) ListGcpUserAccessBindings
func (UnimplementedAccessContextManagerServer) ListGcpUserAccessBindings(context.Context, *ListGcpUserAccessBindingsRequest) (*ListGcpUserAccessBindingsResponse, error)func (UnimplementedAccessContextManagerServer) ListServicePerimeters
func (UnimplementedAccessContextManagerServer) ListServicePerimeters(context.Context, *ListServicePerimetersRequest) (*ListServicePerimetersResponse, error)func (UnimplementedAccessContextManagerServer) ReplaceAccessLevels
func (UnimplementedAccessContextManagerServer) ReplaceAccessLevels(context.Context, *ReplaceAccessLevelsRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) ReplaceServicePerimeters
func (UnimplementedAccessContextManagerServer) ReplaceServicePerimeters(context.Context, *ReplaceServicePerimetersRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) SetIamPolicy
func (UnimplementedAccessContextManagerServer) SetIamPolicy(context.Context, *iampb.SetIamPolicyRequest) (*iampb.Policy, error)func (UnimplementedAccessContextManagerServer) TestIamPermissions
func (UnimplementedAccessContextManagerServer) TestIamPermissions(context.Context, *iampb.TestIamPermissionsRequest) (*iampb.TestIamPermissionsResponse, error)func (UnimplementedAccessContextManagerServer) UpdateAccessLevel
func (UnimplementedAccessContextManagerServer) UpdateAccessLevel(context.Context, *UpdateAccessLevelRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) UpdateAccessPolicy
func (UnimplementedAccessContextManagerServer) UpdateAccessPolicy(context.Context, *UpdateAccessPolicyRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) UpdateGcpUserAccessBinding
func (UnimplementedAccessContextManagerServer) UpdateGcpUserAccessBinding(context.Context, *UpdateGcpUserAccessBindingRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessContextManagerServer) UpdateServicePerimeter
func (UnimplementedAccessContextManagerServer) UpdateServicePerimeter(context.Context, *UpdateServicePerimeterRequest) (*longrunningpb.Operation, error)UnsafeAccessContextManagerServer
type UnsafeAccessContextManagerServer interface {
// contains filtered or unexported methods
}UnsafeAccessContextManagerServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AccessContextManagerServer will result in compilation errors.
UpdateAccessLevelRequest
type UpdateAccessLevelRequest struct {
// Required. The updated [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel]. Syntactic
// correctness of the [Access Level]
// [google.identity.accesscontextmanager.v1.AccessLevel] is a
// precondition for creation.
AccessLevel *AccessLevel `protobuf:"bytes,1,opt,name=access_level,json=accessLevel,proto3" json:"access_level,omitempty"`
// Required. Mask to control which fields get updated. Must be non-empty.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}A request to update an AccessLevel.
func (*UpdateAccessLevelRequest) Descriptor
func (*UpdateAccessLevelRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateAccessLevelRequest.ProtoReflect.Descriptor instead.
func (*UpdateAccessLevelRequest) GetAccessLevel
func (x *UpdateAccessLevelRequest) GetAccessLevel() *AccessLevelfunc (*UpdateAccessLevelRequest) GetUpdateMask
func (x *UpdateAccessLevelRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateAccessLevelRequest) ProtoMessage
func (*UpdateAccessLevelRequest) ProtoMessage()func (*UpdateAccessLevelRequest) ProtoReflect
func (x *UpdateAccessLevelRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateAccessLevelRequest) Reset
func (x *UpdateAccessLevelRequest) Reset()func (*UpdateAccessLevelRequest) String
func (x *UpdateAccessLevelRequest) String() stringUpdateAccessPolicyRequest
type UpdateAccessPolicyRequest struct {
// Required. The updated AccessPolicy.
Policy *AccessPolicy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// Required. Mask to control which fields get updated. Must be non-empty.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}A request to update an AccessPolicy.
func (*UpdateAccessPolicyRequest) Descriptor
func (*UpdateAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdateAccessPolicyRequest) GetPolicy
func (x *UpdateAccessPolicyRequest) GetPolicy() *AccessPolicyfunc (*UpdateAccessPolicyRequest) GetUpdateMask
func (x *UpdateAccessPolicyRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateAccessPolicyRequest) ProtoMessage
func (*UpdateAccessPolicyRequest) ProtoMessage()func (*UpdateAccessPolicyRequest) ProtoReflect
func (x *UpdateAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateAccessPolicyRequest) Reset
func (x *UpdateAccessPolicyRequest) Reset()func (*UpdateAccessPolicyRequest) String
func (x *UpdateAccessPolicyRequest) String() stringUpdateGcpUserAccessBindingRequest
type UpdateGcpUserAccessBindingRequest struct {
// Required. [GcpUserAccessBinding]
// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
GcpUserAccessBinding *GcpUserAccessBinding `protobuf:"bytes,1,opt,name=gcp_user_access_binding,json=gcpUserAccessBinding,proto3" json:"gcp_user_access_binding,omitempty"`
// Required. Only the fields specified in this mask are updated. Because name and
// group_key cannot be changed, update_mask is required and must always be:
//
// update_mask {
// paths: "access_levels"
// }
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}Request of [UpdateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
func (*UpdateGcpUserAccessBindingRequest) Descriptor
func (*UpdateGcpUserAccessBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateGcpUserAccessBindingRequest.ProtoReflect.Descriptor instead.
func (*UpdateGcpUserAccessBindingRequest) GetGcpUserAccessBinding
func (x *UpdateGcpUserAccessBindingRequest) GetGcpUserAccessBinding() *GcpUserAccessBindingfunc (*UpdateGcpUserAccessBindingRequest) GetUpdateMask
func (x *UpdateGcpUserAccessBindingRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateGcpUserAccessBindingRequest) ProtoMessage
func (*UpdateGcpUserAccessBindingRequest) ProtoMessage()func (*UpdateGcpUserAccessBindingRequest) ProtoReflect
func (x *UpdateGcpUserAccessBindingRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateGcpUserAccessBindingRequest) Reset
func (x *UpdateGcpUserAccessBindingRequest) Reset()func (*UpdateGcpUserAccessBindingRequest) String
func (x *UpdateGcpUserAccessBindingRequest) String() stringUpdateServicePerimeterRequest
type UpdateServicePerimeterRequest struct {
// Required. The updated `ServicePerimeter`. Syntactic correctness of the
// `ServicePerimeter` is a precondition for creation.
ServicePerimeter *ServicePerimeter `protobuf:"bytes,1,opt,name=service_perimeter,json=servicePerimeter,proto3" json:"service_perimeter,omitempty"`
// Required. Mask to control which fields get updated. Must be non-empty.
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}A request to update a ServicePerimeter.
func (*UpdateServicePerimeterRequest) Descriptor
func (*UpdateServicePerimeterRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateServicePerimeterRequest.ProtoReflect.Descriptor instead.
func (*UpdateServicePerimeterRequest) GetServicePerimeter
func (x *UpdateServicePerimeterRequest) GetServicePerimeter() *ServicePerimeterfunc (*UpdateServicePerimeterRequest) GetUpdateMask
func (x *UpdateServicePerimeterRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdateServicePerimeterRequest) ProtoMessage
func (*UpdateServicePerimeterRequest) ProtoMessage()func (*UpdateServicePerimeterRequest) ProtoReflect
func (x *UpdateServicePerimeterRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateServicePerimeterRequest) Reset
func (x *UpdateServicePerimeterRequest) Reset()func (*UpdateServicePerimeterRequest) String
func (x *UpdateServicePerimeterRequest) String() string