Constants
AccessPolicies_CreateAccessPolicy_FullMethodName, AccessPolicies_GetAccessPolicy_FullMethodName, AccessPolicies_UpdateAccessPolicy_FullMethodName, AccessPolicies_DeleteAccessPolicy_FullMethodName, AccessPolicies_ListAccessPolicies_FullMethodName, AccessPolicies_SearchAccessPolicyBindings_FullMethodName
const (
AccessPolicies_CreateAccessPolicy_FullMethodName = "/google.iam.v3beta.AccessPolicies/CreateAccessPolicy"
AccessPolicies_GetAccessPolicy_FullMethodName = "/google.iam.v3beta.AccessPolicies/GetAccessPolicy"
AccessPolicies_UpdateAccessPolicy_FullMethodName = "/google.iam.v3beta.AccessPolicies/UpdateAccessPolicy"
AccessPolicies_DeleteAccessPolicy_FullMethodName = "/google.iam.v3beta.AccessPolicies/DeleteAccessPolicy"
AccessPolicies_ListAccessPolicies_FullMethodName = "/google.iam.v3beta.AccessPolicies/ListAccessPolicies"
AccessPolicies_SearchAccessPolicyBindings_FullMethodName = "/google.iam.v3beta.AccessPolicies/SearchAccessPolicyBindings"
)PolicyBindings_CreatePolicyBinding_FullMethodName, PolicyBindings_GetPolicyBinding_FullMethodName, PolicyBindings_UpdatePolicyBinding_FullMethodName, PolicyBindings_DeletePolicyBinding_FullMethodName, PolicyBindings_ListPolicyBindings_FullMethodName, PolicyBindings_SearchTargetPolicyBindings_FullMethodName
const (
PolicyBindings_CreatePolicyBinding_FullMethodName = "/google.iam.v3beta.PolicyBindings/CreatePolicyBinding"
PolicyBindings_GetPolicyBinding_FullMethodName = "/google.iam.v3beta.PolicyBindings/GetPolicyBinding"
PolicyBindings_UpdatePolicyBinding_FullMethodName = "/google.iam.v3beta.PolicyBindings/UpdatePolicyBinding"
PolicyBindings_DeletePolicyBinding_FullMethodName = "/google.iam.v3beta.PolicyBindings/DeletePolicyBinding"
PolicyBindings_ListPolicyBindings_FullMethodName = "/google.iam.v3beta.PolicyBindings/ListPolicyBindings"
PolicyBindings_SearchTargetPolicyBindings_FullMethodName = "/google.iam.v3beta.PolicyBindings/SearchTargetPolicyBindings"
)PrincipalAccessBoundaryPolicies_CreatePrincipalAccessBoundaryPolicy_FullMethodName, PrincipalAccessBoundaryPolicies_GetPrincipalAccessBoundaryPolicy_FullMethodName, PrincipalAccessBoundaryPolicies_UpdatePrincipalAccessBoundaryPolicy_FullMethodName, PrincipalAccessBoundaryPolicies_DeletePrincipalAccessBoundaryPolicy_FullMethodName, PrincipalAccessBoundaryPolicies_ListPrincipalAccessBoundaryPolicies_FullMethodName, PrincipalAccessBoundaryPolicies_SearchPrincipalAccessBoundaryPolicyBindings_FullMethodName
const (
PrincipalAccessBoundaryPolicies_CreatePrincipalAccessBoundaryPolicy_FullMethodName = "/google.iam.v3beta.PrincipalAccessBoundaryPolicies/CreatePrincipalAccessBoundaryPolicy"
PrincipalAccessBoundaryPolicies_GetPrincipalAccessBoundaryPolicy_FullMethodName = "/google.iam.v3beta.PrincipalAccessBoundaryPolicies/GetPrincipalAccessBoundaryPolicy"
PrincipalAccessBoundaryPolicies_UpdatePrincipalAccessBoundaryPolicy_FullMethodName = "/google.iam.v3beta.PrincipalAccessBoundaryPolicies/UpdatePrincipalAccessBoundaryPolicy"
PrincipalAccessBoundaryPolicies_DeletePrincipalAccessBoundaryPolicy_FullMethodName = "/google.iam.v3beta.PrincipalAccessBoundaryPolicies/DeletePrincipalAccessBoundaryPolicy"
PrincipalAccessBoundaryPolicies_ListPrincipalAccessBoundaryPolicies_FullMethodName = "/google.iam.v3beta.PrincipalAccessBoundaryPolicies/ListPrincipalAccessBoundaryPolicies"
PrincipalAccessBoundaryPolicies_SearchPrincipalAccessBoundaryPolicyBindings_FullMethodName = "/google.iam.v3beta.PrincipalAccessBoundaryPolicies/SearchPrincipalAccessBoundaryPolicyBindings"
)Variables
AccessPolicyRule_Effect_name, AccessPolicyRule_Effect_value
var (
AccessPolicyRule_Effect_name = map[int32]string{
0: "EFFECT_UNSPECIFIED",
1: "DENY",
2: "ALLOW",
}
AccessPolicyRule_Effect_value = map[string]int32{
"EFFECT_UNSPECIFIED": 0,
"DENY": 1,
"ALLOW": 2,
}
)Enum value maps for AccessPolicyRule_Effect.
PolicyBinding_PolicyKind_name, PolicyBinding_PolicyKind_value
var (
PolicyBinding_PolicyKind_name = map[int32]string{
0: "POLICY_KIND_UNSPECIFIED",
1: "PRINCIPAL_ACCESS_BOUNDARY",
2: "ACCESS",
}
PolicyBinding_PolicyKind_value = map[string]int32{
"POLICY_KIND_UNSPECIFIED": 0,
"PRINCIPAL_ACCESS_BOUNDARY": 1,
"ACCESS": 2,
}
)Enum value maps for PolicyBinding_PolicyKind.
PrincipalAccessBoundaryPolicyRule_Effect_name, PrincipalAccessBoundaryPolicyRule_Effect_value
var (
PrincipalAccessBoundaryPolicyRule_Effect_name = map[int32]string{
0: "EFFECT_UNSPECIFIED",
1: "ALLOW",
}
PrincipalAccessBoundaryPolicyRule_Effect_value = map[string]int32{
"EFFECT_UNSPECIFIED": 0,
"ALLOW": 1,
}
)Enum value maps for PrincipalAccessBoundaryPolicyRule_Effect.
AccessPolicies_ServiceDesc
var AccessPolicies_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.iam.v3beta.AccessPolicies",
HandlerType: (*AccessPoliciesServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "CreateAccessPolicy",
Handler: _AccessPolicies_CreateAccessPolicy_Handler,
},
{
MethodName: "GetAccessPolicy",
Handler: _AccessPolicies_GetAccessPolicy_Handler,
},
{
MethodName: "UpdateAccessPolicy",
Handler: _AccessPolicies_UpdateAccessPolicy_Handler,
},
{
MethodName: "DeleteAccessPolicy",
Handler: _AccessPolicies_DeleteAccessPolicy_Handler,
},
{
MethodName: "ListAccessPolicies",
Handler: _AccessPolicies_ListAccessPolicies_Handler,
},
{
MethodName: "SearchAccessPolicyBindings",
Handler: _AccessPolicies_SearchAccessPolicyBindings_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/iam/v3beta/access_policies_service.proto",
}AccessPolicies_ServiceDesc is the grpc.ServiceDesc for AccessPolicies service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
File_google_iam_v3beta_access_policies_service_proto
var File_google_iam_v3beta_access_policies_service_proto protoreflect.FileDescriptorFile_google_iam_v3beta_access_policy_resources_proto
var File_google_iam_v3beta_access_policy_resources_proto protoreflect.FileDescriptorFile_google_iam_v3beta_operation_metadata_proto
var File_google_iam_v3beta_operation_metadata_proto protoreflect.FileDescriptorFile_google_iam_v3beta_policy_binding_resources_proto
var File_google_iam_v3beta_policy_binding_resources_proto protoreflect.FileDescriptorFile_google_iam_v3beta_policy_bindings_service_proto
var File_google_iam_v3beta_policy_bindings_service_proto protoreflect.FileDescriptorFile_google_iam_v3beta_principal_access_boundary_policies_service_proto
var File_google_iam_v3beta_principal_access_boundary_policies_service_proto protoreflect.FileDescriptorFile_google_iam_v3beta_principal_access_boundary_policy_resources_proto
var File_google_iam_v3beta_principal_access_boundary_policy_resources_proto protoreflect.FileDescriptorPolicyBindings_ServiceDesc
var PolicyBindings_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.iam.v3beta.PolicyBindings",
HandlerType: (*PolicyBindingsServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "CreatePolicyBinding",
Handler: _PolicyBindings_CreatePolicyBinding_Handler,
},
{
MethodName: "GetPolicyBinding",
Handler: _PolicyBindings_GetPolicyBinding_Handler,
},
{
MethodName: "UpdatePolicyBinding",
Handler: _PolicyBindings_UpdatePolicyBinding_Handler,
},
{
MethodName: "DeletePolicyBinding",
Handler: _PolicyBindings_DeletePolicyBinding_Handler,
},
{
MethodName: "ListPolicyBindings",
Handler: _PolicyBindings_ListPolicyBindings_Handler,
},
{
MethodName: "SearchTargetPolicyBindings",
Handler: _PolicyBindings_SearchTargetPolicyBindings_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/iam/v3beta/policy_bindings_service.proto",
}PolicyBindings_ServiceDesc is the grpc.ServiceDesc for PolicyBindings service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
PrincipalAccessBoundaryPolicies_ServiceDesc
var PrincipalAccessBoundaryPolicies_ServiceDesc = grpc.ServiceDesc{
ServiceName: "google.iam.v3beta.PrincipalAccessBoundaryPolicies",
HandlerType: (*PrincipalAccessBoundaryPoliciesServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "CreatePrincipalAccessBoundaryPolicy",
Handler: _PrincipalAccessBoundaryPolicies_CreatePrincipalAccessBoundaryPolicy_Handler,
},
{
MethodName: "GetPrincipalAccessBoundaryPolicy",
Handler: _PrincipalAccessBoundaryPolicies_GetPrincipalAccessBoundaryPolicy_Handler,
},
{
MethodName: "UpdatePrincipalAccessBoundaryPolicy",
Handler: _PrincipalAccessBoundaryPolicies_UpdatePrincipalAccessBoundaryPolicy_Handler,
},
{
MethodName: "DeletePrincipalAccessBoundaryPolicy",
Handler: _PrincipalAccessBoundaryPolicies_DeletePrincipalAccessBoundaryPolicy_Handler,
},
{
MethodName: "ListPrincipalAccessBoundaryPolicies",
Handler: _PrincipalAccessBoundaryPolicies_ListPrincipalAccessBoundaryPolicies_Handler,
},
{
MethodName: "SearchPrincipalAccessBoundaryPolicyBindings",
Handler: _PrincipalAccessBoundaryPolicies_SearchPrincipalAccessBoundaryPolicyBindings_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "google/iam/v3beta/principal_access_boundary_policies_service.proto",
}PrincipalAccessBoundaryPolicies_ServiceDesc is the grpc.ServiceDesc for PrincipalAccessBoundaryPolicies service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions
func RegisterAccessPoliciesServer
func RegisterAccessPoliciesServer(s grpc.ServiceRegistrar, srv AccessPoliciesServer)func RegisterPolicyBindingsServer
func RegisterPolicyBindingsServer(s grpc.ServiceRegistrar, srv PolicyBindingsServer)func RegisterPrincipalAccessBoundaryPoliciesServer
func RegisterPrincipalAccessBoundaryPoliciesServer(s grpc.ServiceRegistrar, srv PrincipalAccessBoundaryPoliciesServer)AccessPoliciesClient
type AccessPoliciesClient interface {
// Creates an access policy, and returns a long running operation.
CreateAccessPolicy(ctx context.Context, in *CreateAccessPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Gets an access policy.
GetAccessPolicy(ctx context.Context, in *GetAccessPolicyRequest, opts ...grpc.CallOption) (*AccessPolicy, error)
// Updates an access policy.
UpdateAccessPolicy(ctx context.Context, in *UpdateAccessPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes an access policy.
DeleteAccessPolicy(ctx context.Context, in *DeleteAccessPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists access policies.
ListAccessPolicies(ctx context.Context, in *ListAccessPoliciesRequest, opts ...grpc.CallOption) (*ListAccessPoliciesResponse, error)
// Returns all policy bindings that bind a specific policy if a user has
// searchPolicyBindings permission on that policy.
SearchAccessPolicyBindings(ctx context.Context, in *SearchAccessPolicyBindingsRequest, opts ...grpc.CallOption) (*SearchAccessPolicyBindingsResponse, error)
}AccessPoliciesClient is the client API for AccessPolicies service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewAccessPoliciesClient
func NewAccessPoliciesClient(cc grpc.ClientConnInterface) AccessPoliciesClientAccessPoliciesServer
type AccessPoliciesServer interface {
// Creates an access policy, and returns a long running operation.
CreateAccessPolicy(context.Context, *CreateAccessPolicyRequest) (*longrunningpb.Operation, error)
// Gets an access policy.
GetAccessPolicy(context.Context, *GetAccessPolicyRequest) (*AccessPolicy, error)
// Updates an access policy.
UpdateAccessPolicy(context.Context, *UpdateAccessPolicyRequest) (*longrunningpb.Operation, error)
// Deletes an access policy.
DeleteAccessPolicy(context.Context, *DeleteAccessPolicyRequest) (*longrunningpb.Operation, error)
// Lists access policies.
ListAccessPolicies(context.Context, *ListAccessPoliciesRequest) (*ListAccessPoliciesResponse, error)
// Returns all policy bindings that bind a specific policy if a user has
// searchPolicyBindings permission on that policy.
SearchAccessPolicyBindings(context.Context, *SearchAccessPolicyBindingsRequest) (*SearchAccessPolicyBindingsResponse, error)
}AccessPoliciesServer is the server API for AccessPolicies service. All implementations should embed UnimplementedAccessPoliciesServer for forward compatibility
AccessPolicy
type AccessPolicy struct {
// Identifier. The resource name of the access policy.
//
// The following formats are supported:
//
// * `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}`
// * `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}`
// * `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}`
// * `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The globally unique ID of the access policy.
Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
// Optional. The etag for the access policy.
// If this is provided on update, it must match the server's etag.
Etag string `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. The description of the access policy. Must be less than
// or equal to 63 characters.
DisplayName string `protobuf:"bytes,4,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
// Optional. User defined annotations. See
// https://google.aip.dev/148#annotations for more details such as format and
// size limitations
Annotations map[string]string `protobuf:"bytes,5,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Output only. The time when the access policy was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time when the access policy was most recently
// updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Optional. The details for the access policy.
Details *AccessPolicyDetails `protobuf:"bytes,8,opt,name=details,proto3" json:"details,omitempty"`
// contains filtered or unexported fields
}An IAM access policy resource.
func (*AccessPolicy) Descriptor
func (*AccessPolicy) Descriptor() ([]byte, []int)Deprecated: Use AccessPolicy.ProtoReflect.Descriptor instead.
func (*AccessPolicy) GetAnnotations
func (x *AccessPolicy) GetAnnotations() map[string]stringfunc (*AccessPolicy) GetCreateTime
func (x *AccessPolicy) GetCreateTime() *timestamppb.Timestampfunc (*AccessPolicy) GetDetails
func (x *AccessPolicy) GetDetails() *AccessPolicyDetailsfunc (*AccessPolicy) GetDisplayName
func (x *AccessPolicy) GetDisplayName() stringfunc (*AccessPolicy) GetEtag
func (x *AccessPolicy) GetEtag() stringfunc (*AccessPolicy) GetName
func (x *AccessPolicy) GetName() stringfunc (*AccessPolicy) GetUid
func (x *AccessPolicy) GetUid() stringfunc (*AccessPolicy) GetUpdateTime
func (x *AccessPolicy) GetUpdateTime() *timestamppb.Timestampfunc (*AccessPolicy) ProtoMessage
func (*AccessPolicy) ProtoMessage()func (*AccessPolicy) ProtoReflect
func (x *AccessPolicy) ProtoReflect() protoreflect.Messagefunc (*AccessPolicy) Reset
func (x *AccessPolicy) Reset()func (*AccessPolicy) String
func (x *AccessPolicy) String() stringAccessPolicyDetails
type AccessPolicyDetails struct {
// Required. A list of access policy rules.
Rules []*AccessPolicyRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
// contains filtered or unexported fields
}Access policy details.
func (*AccessPolicyDetails) Descriptor
func (*AccessPolicyDetails) Descriptor() ([]byte, []int)Deprecated: Use AccessPolicyDetails.ProtoReflect.Descriptor instead.
func (*AccessPolicyDetails) GetRules
func (x *AccessPolicyDetails) GetRules() []*AccessPolicyRulefunc (*AccessPolicyDetails) ProtoMessage
func (*AccessPolicyDetails) ProtoMessage()func (*AccessPolicyDetails) ProtoReflect
func (x *AccessPolicyDetails) ProtoReflect() protoreflect.Messagefunc (*AccessPolicyDetails) Reset
func (x *AccessPolicyDetails) Reset()func (*AccessPolicyDetails) String
func (x *AccessPolicyDetails) String() stringAccessPolicyRule
type AccessPolicyRule struct {
// Optional. Customer specified description of the rule. Must be less than or
// equal to 256 characters.
Description *string `protobuf:"bytes,1,opt,name=description,proto3,oneof" json:"description,omitempty"`
// Required. The effect of the rule.
Effect *AccessPolicyRule_Effect `protobuf:"varint,2,opt,name=effect,proto3,enum=google.iam.v3beta.AccessPolicyRule_Effect,oneof" json:"effect,omitempty"`
// Required. The identities for which this rule's effect governs using one or
// more permissions on Google Cloud resources. This field can contain the
// following values:
//
// * `principal://goog/subject/{email_id}`: A specific Google Account.
// Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
// example, `principal://goog/subject/alice@example.com`.
//
// * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
// A Google Cloud service account. For example,
// `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
//
// * `principalSet://goog/group/{group_id}`: A Google group. For example,
// `principalSet://goog/group/admins@example.com`.
//
// * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
// principals associated with the specified Google Workspace or Cloud
// Identity customer ID. For example,
// `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
//
// If an identifier that was previously set on a policy is soft deleted, then
// calls to read that policy will return the identifier with a deleted
// prefix. Users cannot set identifiers with this syntax.
//
// * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
// Google Account that was deleted recently. For example,
// `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
// the Google Account is recovered, this identifier reverts to the standard
// identifier for a Google Account.
//
// * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
// that was deleted recently. For example,
// `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
// If the Google group is restored, this identifier reverts to the standard
// identifier for a Google group.
//
// * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
// A Google Cloud service account that was deleted recently. For example,
// `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
// If the service account is undeleted, this identifier reverts to the
// standard identifier for a service account.
Principals []string `protobuf:"bytes,3,rep,name=principals,proto3" json:"principals,omitempty"`
// Optional. The identities that are excluded from the access policy rule,
// even if they are listed in the `principals`. For example, you could add a
// Google group to the `principals`, then exclude specific users who belong to
// that group.
ExcludedPrincipals []string `protobuf:"bytes,4,rep,name=excluded_principals,json=excludedPrincipals,proto3" json:"excluded_principals,omitempty"`
// Required. Attributes that are used to determine whether this rule applies
// to a request.
Operation *AccessPolicyRule_Operation `protobuf:"bytes,10,opt,name=operation,proto3" json:"operation,omitempty"`
// Optional. The conditions that determine whether this rule applies to a
// request. Conditions are identified by their key, which is the FQDN of the
// service that they are relevant to. For example:
//
// ```
//
// "conditions": {
// "iam.googleapis.com": {
// "expression": Access Policy Rule that determines the behavior of the policy.
func (*AccessPolicyRule) Descriptor
func (*AccessPolicyRule) Descriptor() ([]byte, []int)Deprecated: Use AccessPolicyRule.ProtoReflect.Descriptor instead.
func (*AccessPolicyRule) GetConditions
func (x *AccessPolicyRule) GetConditions() map[string]*expr.Exprfunc (*AccessPolicyRule) GetDescription
func (x *AccessPolicyRule) GetDescription() stringfunc (*AccessPolicyRule) GetEffect
func (x *AccessPolicyRule) GetEffect() AccessPolicyRule_Effectfunc (*AccessPolicyRule) GetExcludedPrincipals
func (x *AccessPolicyRule) GetExcludedPrincipals() []stringfunc (*AccessPolicyRule) GetOperation
func (x *AccessPolicyRule) GetOperation() *AccessPolicyRule_Operationfunc (*AccessPolicyRule) GetPrincipals
func (x *AccessPolicyRule) GetPrincipals() []stringfunc (*AccessPolicyRule) ProtoMessage
func (*AccessPolicyRule) ProtoMessage()func (*AccessPolicyRule) ProtoReflect
func (x *AccessPolicyRule) ProtoReflect() protoreflect.Messagefunc (*AccessPolicyRule) Reset
func (x *AccessPolicyRule) Reset()func (*AccessPolicyRule) String
func (x *AccessPolicyRule) String() stringAccessPolicyRule_Effect
type AccessPolicyRule_Effect int32An effect to describe the access relationship.
AccessPolicyRule_EFFECT_UNSPECIFIED, AccessPolicyRule_DENY, AccessPolicyRule_ALLOW
const (
// The effect is unspecified.
AccessPolicyRule_EFFECT_UNSPECIFIED AccessPolicyRule_Effect = 0
// The policy will deny access if it evaluates to true.
AccessPolicyRule_DENY AccessPolicyRule_Effect = 1
// The policy will grant access if it evaluates to true.
AccessPolicyRule_ALLOW AccessPolicyRule_Effect = 2
)func (AccessPolicyRule_Effect) Descriptor
func (AccessPolicyRule_Effect) Descriptor() protoreflect.EnumDescriptorfunc (AccessPolicyRule_Effect) Enum
func (x AccessPolicyRule_Effect) Enum() *AccessPolicyRule_Effectfunc (AccessPolicyRule_Effect) EnumDescriptor
func (AccessPolicyRule_Effect) EnumDescriptor() ([]byte, []int)Deprecated: Use AccessPolicyRule_Effect.Descriptor instead.
func (AccessPolicyRule_Effect) Number
func (x AccessPolicyRule_Effect) Number() protoreflect.EnumNumberfunc (AccessPolicyRule_Effect) String
func (x AccessPolicyRule_Effect) String() stringfunc (AccessPolicyRule_Effect) Type
func (AccessPolicyRule_Effect) Type() protoreflect.EnumTypeAccessPolicyRule_Operation
type AccessPolicyRule_Operation struct {
// Optional. The permissions that are explicitly affected by this rule. Each
// permission uses the format `{service_fqdn}/{resource}.{verb}`, where
// `{service_fqdn}` is the fully qualified domain name for the service.
// Currently supported permissions are as follows:
//
// * `eventarc.googleapis.com/messageBuses.publish`.
Permissions []string `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
// Optional. Specifies the permissions that this rule excludes from the set
// of affected permissions given by `permissions`. If a permission appears
// in `permissions` _and_ in `excluded_permissions` then it will _not_ be
// subject to the policy effect.
//
// The excluded permissions can be specified using the same syntax as
// `permissions`.
ExcludedPermissions []string `protobuf:"bytes,2,rep,name=excluded_permissions,json=excludedPermissions,proto3" json:"excluded_permissions,omitempty"`
// contains filtered or unexported fields
}Attributes that are used to determine whether this rule applies to a request.
func (*AccessPolicyRule_Operation) Descriptor
func (*AccessPolicyRule_Operation) Descriptor() ([]byte, []int)Deprecated: Use AccessPolicyRule_Operation.ProtoReflect.Descriptor instead.
func (*AccessPolicyRule_Operation) GetExcludedPermissions
func (x *AccessPolicyRule_Operation) GetExcludedPermissions() []stringfunc (*AccessPolicyRule_Operation) GetPermissions
func (x *AccessPolicyRule_Operation) GetPermissions() []stringfunc (*AccessPolicyRule_Operation) ProtoMessage
func (*AccessPolicyRule_Operation) ProtoMessage()func (*AccessPolicyRule_Operation) ProtoReflect
func (x *AccessPolicyRule_Operation) ProtoReflect() protoreflect.Messagefunc (*AccessPolicyRule_Operation) Reset
func (x *AccessPolicyRule_Operation) Reset()func (*AccessPolicyRule_Operation) String
func (x *AccessPolicyRule_Operation) String() stringCreateAccessPolicyRequest
type CreateAccessPolicyRequest struct {
// Required. The parent resource where this access policy will be created.
//
// Format:
//
// `projects/{project_id}/locations/{location}`
// `projects/{project_number}/locations/{location}`
// `folders/{folder_id}/locations/{location}`
// `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The ID to use for the access policy, which
// will become the final component of the access policy's
// resource name.
//
// This value must start with a lowercase letter followed by up to 62
// lowercase letters, numbers, hyphens, or dots. Pattern,
// /[a-z][a-z0-9-\.]{2,62}/.
//
// This value must be unique among all access policies with the same parent.
AccessPolicyId string `protobuf:"bytes,2,opt,name=access_policy_id,json=accessPolicyId,proto3" json:"access_policy_id,omitempty"`
// Required. The access policy to create.
AccessPolicy *AccessPolicy `protobuf:"bytes,3,opt,name=access_policy,json=accessPolicy,proto3" json:"access_policy,omitempty"`
// Optional. If set, validate the request and preview the creation, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,4,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// contains filtered or unexported fields
}Request message for CreateAccessPolicy method.
func (*CreateAccessPolicyRequest) Descriptor
func (*CreateAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*CreateAccessPolicyRequest) GetAccessPolicy
func (x *CreateAccessPolicyRequest) GetAccessPolicy() *AccessPolicyfunc (*CreateAccessPolicyRequest) GetAccessPolicyId
func (x *CreateAccessPolicyRequest) GetAccessPolicyId() stringfunc (*CreateAccessPolicyRequest) GetParent
func (x *CreateAccessPolicyRequest) GetParent() stringfunc (*CreateAccessPolicyRequest) GetValidateOnly
func (x *CreateAccessPolicyRequest) GetValidateOnly() boolfunc (*CreateAccessPolicyRequest) ProtoMessage
func (*CreateAccessPolicyRequest) ProtoMessage()func (*CreateAccessPolicyRequest) ProtoReflect
func (x *CreateAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*CreateAccessPolicyRequest) Reset
func (x *CreateAccessPolicyRequest) Reset()func (*CreateAccessPolicyRequest) String
func (x *CreateAccessPolicyRequest) String() stringCreatePolicyBindingRequest
type CreatePolicyBindingRequest struct {
// Required. The parent resource where this policy binding will be created.
// The binding parent is the closest Resource Manager resource (project,
// folder or organization) to the binding target.
//
// Format:
//
// * `projects/{project_id}/locations/{location}`
// * `projects/{project_number}/locations/{location}`
// * `folders/{folder_id}/locations/{location}`
// * `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The ID to use for the policy binding, which will become the final
// component of the policy binding's resource name.
//
// This value must start with a lowercase letter followed by up to 62
// lowercase letters, numbers, hyphens, or dots. Pattern,
// /[a-z][a-z0-9-\.]{2,62}/.
PolicyBindingId string `protobuf:"bytes,2,opt,name=policy_binding_id,json=policyBindingId,proto3" json:"policy_binding_id,omitempty"`
// Required. The policy binding to create.
PolicyBinding *PolicyBinding `protobuf:"bytes,3,opt,name=policy_binding,json=policyBinding,proto3" json:"policy_binding,omitempty"`
// Optional. If set, validate the request and preview the creation, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,4,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// contains filtered or unexported fields
}Request message for CreatePolicyBinding method.
func (*CreatePolicyBindingRequest) Descriptor
func (*CreatePolicyBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use CreatePolicyBindingRequest.ProtoReflect.Descriptor instead.
func (*CreatePolicyBindingRequest) GetParent
func (x *CreatePolicyBindingRequest) GetParent() stringfunc (*CreatePolicyBindingRequest) GetPolicyBinding
func (x *CreatePolicyBindingRequest) GetPolicyBinding() *PolicyBindingfunc (*CreatePolicyBindingRequest) GetPolicyBindingId
func (x *CreatePolicyBindingRequest) GetPolicyBindingId() stringfunc (*CreatePolicyBindingRequest) GetValidateOnly
func (x *CreatePolicyBindingRequest) GetValidateOnly() boolfunc (*CreatePolicyBindingRequest) ProtoMessage
func (*CreatePolicyBindingRequest) ProtoMessage()func (*CreatePolicyBindingRequest) ProtoReflect
func (x *CreatePolicyBindingRequest) ProtoReflect() protoreflect.Messagefunc (*CreatePolicyBindingRequest) Reset
func (x *CreatePolicyBindingRequest) Reset()func (*CreatePolicyBindingRequest) String
func (x *CreatePolicyBindingRequest) String() stringCreatePrincipalAccessBoundaryPolicyRequest
type CreatePrincipalAccessBoundaryPolicyRequest struct {
// Required. The parent resource where this principal access boundary policy
// will be created. Only organizations are supported.
//
// Format:
//
// `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The ID to use for the principal access boundary policy, which
// will become the final component of the principal access boundary policy's
// resource name.
//
// This value must start with a lowercase letter followed by up to 62
// lowercase letters, numbers, hyphens, or dots. Pattern,
// /[a-z][a-z0-9-\.]{2,62}/.
PrincipalAccessBoundaryPolicyId string `protobuf:"bytes,2,opt,name=principal_access_boundary_policy_id,json=principalAccessBoundaryPolicyId,proto3" json:"principal_access_boundary_policy_id,omitempty"`
// Required. The principal access boundary policy to create.
PrincipalAccessBoundaryPolicy *PrincipalAccessBoundaryPolicy `protobuf:"bytes,3,opt,name=principal_access_boundary_policy,json=principalAccessBoundaryPolicy,proto3" json:"principal_access_boundary_policy,omitempty"`
// Optional. If set, validate the request and preview the creation, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,4,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// contains filtered or unexported fields
}Request message for CreatePrincipalAccessBoundaryPolicyRequest method.
func (*CreatePrincipalAccessBoundaryPolicyRequest) Descriptor
func (*CreatePrincipalAccessBoundaryPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use CreatePrincipalAccessBoundaryPolicyRequest.ProtoReflect.Descriptor instead.
func (*CreatePrincipalAccessBoundaryPolicyRequest) GetParent
func (x *CreatePrincipalAccessBoundaryPolicyRequest) GetParent() stringfunc (*CreatePrincipalAccessBoundaryPolicyRequest) GetPrincipalAccessBoundaryPolicy
func (x *CreatePrincipalAccessBoundaryPolicyRequest) GetPrincipalAccessBoundaryPolicy() *PrincipalAccessBoundaryPolicyfunc (*CreatePrincipalAccessBoundaryPolicyRequest) GetPrincipalAccessBoundaryPolicyId
func (x *CreatePrincipalAccessBoundaryPolicyRequest) GetPrincipalAccessBoundaryPolicyId() stringfunc (*CreatePrincipalAccessBoundaryPolicyRequest) GetValidateOnly
func (x *CreatePrincipalAccessBoundaryPolicyRequest) GetValidateOnly() boolfunc (*CreatePrincipalAccessBoundaryPolicyRequest) ProtoMessage
func (*CreatePrincipalAccessBoundaryPolicyRequest) ProtoMessage()func (*CreatePrincipalAccessBoundaryPolicyRequest) ProtoReflect
func (x *CreatePrincipalAccessBoundaryPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*CreatePrincipalAccessBoundaryPolicyRequest) Reset
func (x *CreatePrincipalAccessBoundaryPolicyRequest) Reset()func (*CreatePrincipalAccessBoundaryPolicyRequest) String
func (x *CreatePrincipalAccessBoundaryPolicyRequest) String() stringDeleteAccessPolicyRequest
type DeleteAccessPolicyRequest struct {
// Required. The name of the access policy to delete.
//
// Format:
//
// `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
// `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The etag of the access policy. If this is provided, it must match
// the server's etag.
Etag string `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. If set, validate the request and preview the deletion, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,3,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// Optional. If set to true, the request will force the deletion of the Policy
// even if the Policy references PolicyBindings.
Force bool `protobuf:"varint,4,opt,name=force,proto3" json:"force,omitempty"`
// contains filtered or unexported fields
}Request message for DeleteAccessPolicy method.
func (*DeleteAccessPolicyRequest) Descriptor
func (*DeleteAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*DeleteAccessPolicyRequest) GetEtag
func (x *DeleteAccessPolicyRequest) GetEtag() stringfunc (*DeleteAccessPolicyRequest) GetForce
func (x *DeleteAccessPolicyRequest) GetForce() boolfunc (*DeleteAccessPolicyRequest) GetName
func (x *DeleteAccessPolicyRequest) GetName() stringfunc (*DeleteAccessPolicyRequest) GetValidateOnly
func (x *DeleteAccessPolicyRequest) GetValidateOnly() boolfunc (*DeleteAccessPolicyRequest) ProtoMessage
func (*DeleteAccessPolicyRequest) ProtoMessage()func (*DeleteAccessPolicyRequest) ProtoReflect
func (x *DeleteAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteAccessPolicyRequest) Reset
func (x *DeleteAccessPolicyRequest) Reset()func (*DeleteAccessPolicyRequest) String
func (x *DeleteAccessPolicyRequest) String() stringDeletePolicyBindingRequest
type DeletePolicyBindingRequest struct {
// Required. The name of the policy binding to delete.
//
// Format:
//
// * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
// * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
// * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
// * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The etag of the policy binding.
// If this is provided, it must match the server's etag.
Etag string `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. If set, validate the request and preview the deletion, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,3,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// contains filtered or unexported fields
}Request message for DeletePolicyBinding method.
func (*DeletePolicyBindingRequest) Descriptor
func (*DeletePolicyBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use DeletePolicyBindingRequest.ProtoReflect.Descriptor instead.
func (*DeletePolicyBindingRequest) GetEtag
func (x *DeletePolicyBindingRequest) GetEtag() stringfunc (*DeletePolicyBindingRequest) GetName
func (x *DeletePolicyBindingRequest) GetName() stringfunc (*DeletePolicyBindingRequest) GetValidateOnly
func (x *DeletePolicyBindingRequest) GetValidateOnly() boolfunc (*DeletePolicyBindingRequest) ProtoMessage
func (*DeletePolicyBindingRequest) ProtoMessage()func (*DeletePolicyBindingRequest) ProtoReflect
func (x *DeletePolicyBindingRequest) ProtoReflect() protoreflect.Messagefunc (*DeletePolicyBindingRequest) Reset
func (x *DeletePolicyBindingRequest) Reset()func (*DeletePolicyBindingRequest) String
func (x *DeletePolicyBindingRequest) String() stringDeletePrincipalAccessBoundaryPolicyRequest
type DeletePrincipalAccessBoundaryPolicyRequest struct {
// Required. The name of the principal access boundary policy to delete.
//
// Format:
//
// `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The etag of the principal access boundary policy.
// If this is provided, it must match the server's etag.
Etag string `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. If set, validate the request and preview the deletion, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,3,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// Optional. If set to true, the request will force the deletion of the policy
// even if the policy is referenced in policy bindings.
Force bool `protobuf:"varint,4,opt,name=force,proto3" json:"force,omitempty"`
// contains filtered or unexported fields
}Request message for DeletePrincipalAccessBoundaryPolicy method.
func (*DeletePrincipalAccessBoundaryPolicyRequest) Descriptor
func (*DeletePrincipalAccessBoundaryPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use DeletePrincipalAccessBoundaryPolicyRequest.ProtoReflect.Descriptor instead.
func (*DeletePrincipalAccessBoundaryPolicyRequest) GetEtag
func (x *DeletePrincipalAccessBoundaryPolicyRequest) GetEtag() stringfunc (*DeletePrincipalAccessBoundaryPolicyRequest) GetForce
func (x *DeletePrincipalAccessBoundaryPolicyRequest) GetForce() boolfunc (*DeletePrincipalAccessBoundaryPolicyRequest) GetName
func (x *DeletePrincipalAccessBoundaryPolicyRequest) GetName() stringfunc (*DeletePrincipalAccessBoundaryPolicyRequest) GetValidateOnly
func (x *DeletePrincipalAccessBoundaryPolicyRequest) GetValidateOnly() boolfunc (*DeletePrincipalAccessBoundaryPolicyRequest) ProtoMessage
func (*DeletePrincipalAccessBoundaryPolicyRequest) ProtoMessage()func (*DeletePrincipalAccessBoundaryPolicyRequest) ProtoReflect
func (x *DeletePrincipalAccessBoundaryPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*DeletePrincipalAccessBoundaryPolicyRequest) Reset
func (x *DeletePrincipalAccessBoundaryPolicyRequest) Reset()func (*DeletePrincipalAccessBoundaryPolicyRequest) String
func (x *DeletePrincipalAccessBoundaryPolicyRequest) String() stringGetAccessPolicyRequest
type GetAccessPolicyRequest struct {
// Required. The name of the access policy to retrieve.
//
// Format:
//
// `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
// `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for GetAccessPolicy method.
func (*GetAccessPolicyRequest) Descriptor
func (*GetAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use GetAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetAccessPolicyRequest) GetName
func (x *GetAccessPolicyRequest) GetName() stringfunc (*GetAccessPolicyRequest) ProtoMessage
func (*GetAccessPolicyRequest) ProtoMessage()func (*GetAccessPolicyRequest) ProtoReflect
func (x *GetAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*GetAccessPolicyRequest) Reset
func (x *GetAccessPolicyRequest) Reset()func (*GetAccessPolicyRequest) String
func (x *GetAccessPolicyRequest) String() stringGetPolicyBindingRequest
type GetPolicyBindingRequest struct {
// Required. The name of the policy binding to retrieve.
//
// Format:
//
// * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
// * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
// * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
// * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for GetPolicyBinding method.
func (*GetPolicyBindingRequest) Descriptor
func (*GetPolicyBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use GetPolicyBindingRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyBindingRequest) GetName
func (x *GetPolicyBindingRequest) GetName() stringfunc (*GetPolicyBindingRequest) ProtoMessage
func (*GetPolicyBindingRequest) ProtoMessage()func (*GetPolicyBindingRequest) ProtoReflect
func (x *GetPolicyBindingRequest) ProtoReflect() protoreflect.Messagefunc (*GetPolicyBindingRequest) Reset
func (x *GetPolicyBindingRequest) Reset()func (*GetPolicyBindingRequest) String
func (x *GetPolicyBindingRequest) String() stringGetPrincipalAccessBoundaryPolicyRequest
type GetPrincipalAccessBoundaryPolicyRequest struct {
// Required. The name of the principal access boundary policy to retrieve.
//
// Format:
//
// `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for GetPrincipalAccessBoundaryPolicy method.
func (*GetPrincipalAccessBoundaryPolicyRequest) Descriptor
func (*GetPrincipalAccessBoundaryPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use GetPrincipalAccessBoundaryPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPrincipalAccessBoundaryPolicyRequest) GetName
func (x *GetPrincipalAccessBoundaryPolicyRequest) GetName() stringfunc (*GetPrincipalAccessBoundaryPolicyRequest) ProtoMessage
func (*GetPrincipalAccessBoundaryPolicyRequest) ProtoMessage()func (*GetPrincipalAccessBoundaryPolicyRequest) ProtoReflect
func (x *GetPrincipalAccessBoundaryPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*GetPrincipalAccessBoundaryPolicyRequest) Reset
func (x *GetPrincipalAccessBoundaryPolicyRequest) Reset()func (*GetPrincipalAccessBoundaryPolicyRequest) String
func (x *GetPrincipalAccessBoundaryPolicyRequest) String() stringListAccessPoliciesRequest
type ListAccessPoliciesRequest struct {
// Required. The parent resource, which owns the collection of access policy
// resources.
//
// Format:
//
// `projects/{project_id}/locations/{location}`
// `projects/{project_number}/locations/{location}`
// `folders/{folder_id}/locations/{location}`
// `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. The maximum number of access policies to return. The
// service may return fewer than this value.
//
// If unspecified, at most 50 access policies will be returned. Valid value
// ranges from 1 to 1000; values above 1000 will be coerced to 1000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous
// `ListAccessPolicies` call. Provide this to retrieve the
// subsequent page.
//
// When paginating, all other parameters provided to
// `ListAccessPolicies` must match the call that provided the
// page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}Request message for ListAccessPolicies method.
func (*ListAccessPoliciesRequest) Descriptor
func (*ListAccessPoliciesRequest) Descriptor() ([]byte, []int)Deprecated: Use ListAccessPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListAccessPoliciesRequest) GetPageSize
func (x *ListAccessPoliciesRequest) GetPageSize() int32func (*ListAccessPoliciesRequest) GetPageToken
func (x *ListAccessPoliciesRequest) GetPageToken() stringfunc (*ListAccessPoliciesRequest) GetParent
func (x *ListAccessPoliciesRequest) GetParent() stringfunc (*ListAccessPoliciesRequest) ProtoMessage
func (*ListAccessPoliciesRequest) ProtoMessage()func (*ListAccessPoliciesRequest) ProtoReflect
func (x *ListAccessPoliciesRequest) ProtoReflect() protoreflect.Messagefunc (*ListAccessPoliciesRequest) Reset
func (x *ListAccessPoliciesRequest) Reset()func (*ListAccessPoliciesRequest) String
func (x *ListAccessPoliciesRequest) String() stringListAccessPoliciesResponse
type ListAccessPoliciesResponse struct {
// The access policies from the specified parent.
AccessPolicies []*AccessPolicy `protobuf:"bytes,1,rep,name=access_policies,json=accessPolicies,proto3" json:"access_policies,omitempty"`
// Optional. A token, which can be sent as `page_token` to retrieve the next
// page. If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for ListAccessPolicies method.
func (*ListAccessPoliciesResponse) Descriptor
func (*ListAccessPoliciesResponse) Descriptor() ([]byte, []int)Deprecated: Use ListAccessPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListAccessPoliciesResponse) GetAccessPolicies
func (x *ListAccessPoliciesResponse) GetAccessPolicies() []*AccessPolicyfunc (*ListAccessPoliciesResponse) GetNextPageToken
func (x *ListAccessPoliciesResponse) GetNextPageToken() stringfunc (*ListAccessPoliciesResponse) ProtoMessage
func (*ListAccessPoliciesResponse) ProtoMessage()func (*ListAccessPoliciesResponse) ProtoReflect
func (x *ListAccessPoliciesResponse) ProtoReflect() protoreflect.Messagefunc (*ListAccessPoliciesResponse) Reset
func (x *ListAccessPoliciesResponse) Reset()func (*ListAccessPoliciesResponse) String
func (x *ListAccessPoliciesResponse) String() stringListPolicyBindingsRequest
type ListPolicyBindingsRequest struct {
// Required. The parent resource, which owns the collection of policy
// bindings.
//
// Format:
//
// * `projects/{project_id}/locations/{location}`
// * `projects/{project_number}/locations/{location}`
// * `folders/{folder_id}/locations/{location}`
// * `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. The maximum number of policy bindings to return. The service may
// return fewer than this value.
//
// The default value is 50. The maximum value is 1000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous `ListPolicyBindings` call.
// Provide this to retrieve the subsequent page.
//
// When paginating, all other parameters provided to `ListPolicyBindings` must
// match the call that provided the page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional. An expression for filtering the results of the request. Filter
// rules are case insensitive. Some eligible fields for filtering are the
// following:
//
// + `target`
// + `policy`
//
// Some examples of filter queries:
//
// * `target:ex*`: The binding target's name starts with "ex".
// * `target:example`: The binding target's name is `example`.
// * `policy:example`: The binding policy's name is `example`.
Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
// contains filtered or unexported fields
}Request message for ListPolicyBindings method.
func (*ListPolicyBindingsRequest) Descriptor
func (*ListPolicyBindingsRequest) Descriptor() ([]byte, []int)Deprecated: Use ListPolicyBindingsRequest.ProtoReflect.Descriptor instead.
func (*ListPolicyBindingsRequest) GetFilter
func (x *ListPolicyBindingsRequest) GetFilter() stringfunc (*ListPolicyBindingsRequest) GetPageSize
func (x *ListPolicyBindingsRequest) GetPageSize() int32func (*ListPolicyBindingsRequest) GetPageToken
func (x *ListPolicyBindingsRequest) GetPageToken() stringfunc (*ListPolicyBindingsRequest) GetParent
func (x *ListPolicyBindingsRequest) GetParent() stringfunc (*ListPolicyBindingsRequest) ProtoMessage
func (*ListPolicyBindingsRequest) ProtoMessage()func (*ListPolicyBindingsRequest) ProtoReflect
func (x *ListPolicyBindingsRequest) ProtoReflect() protoreflect.Messagefunc (*ListPolicyBindingsRequest) Reset
func (x *ListPolicyBindingsRequest) Reset()func (*ListPolicyBindingsRequest) String
func (x *ListPolicyBindingsRequest) String() stringListPolicyBindingsResponse
type ListPolicyBindingsResponse struct {
// The policy bindings from the specified parent.
PolicyBindings []*PolicyBinding `protobuf:"bytes,1,rep,name=policy_bindings,json=policyBindings,proto3" json:"policy_bindings,omitempty"`
// Optional. A token, which can be sent as `page_token` to retrieve the next
// page. If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for ListPolicyBindings method.
func (*ListPolicyBindingsResponse) Descriptor
func (*ListPolicyBindingsResponse) Descriptor() ([]byte, []int)Deprecated: Use ListPolicyBindingsResponse.ProtoReflect.Descriptor instead.
func (*ListPolicyBindingsResponse) GetNextPageToken
func (x *ListPolicyBindingsResponse) GetNextPageToken() stringfunc (*ListPolicyBindingsResponse) GetPolicyBindings
func (x *ListPolicyBindingsResponse) GetPolicyBindings() []*PolicyBindingfunc (*ListPolicyBindingsResponse) ProtoMessage
func (*ListPolicyBindingsResponse) ProtoMessage()func (*ListPolicyBindingsResponse) ProtoReflect
func (x *ListPolicyBindingsResponse) ProtoReflect() protoreflect.Messagefunc (*ListPolicyBindingsResponse) Reset
func (x *ListPolicyBindingsResponse) Reset()func (*ListPolicyBindingsResponse) String
func (x *ListPolicyBindingsResponse) String() stringListPrincipalAccessBoundaryPoliciesRequest
type ListPrincipalAccessBoundaryPoliciesRequest struct {
// Required. The parent resource, which owns the collection of principal
// access boundary policies.
//
// Format:
//
// `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. The maximum number of principal access boundary policies to
// return. The service may return fewer than this value.
//
// If unspecified, at most 50 principal access boundary policies will be
// returned. The maximum value is 1000; values above 1000 will be coerced to
// 1000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous
// `ListPrincipalAccessBoundaryPolicies` call. Provide this to retrieve the
// subsequent page.
//
// When paginating, all other parameters provided to
// `ListPrincipalAccessBoundaryPolicies` must match the call that provided the
// page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}Request message for ListPrincipalAccessBoundaryPolicies method.
func (*ListPrincipalAccessBoundaryPoliciesRequest) Descriptor
func (*ListPrincipalAccessBoundaryPoliciesRequest) Descriptor() ([]byte, []int)Deprecated: Use ListPrincipalAccessBoundaryPoliciesRequest.ProtoReflect.Descriptor instead.
func (*ListPrincipalAccessBoundaryPoliciesRequest) GetPageSize
func (x *ListPrincipalAccessBoundaryPoliciesRequest) GetPageSize() int32func (*ListPrincipalAccessBoundaryPoliciesRequest) GetPageToken
func (x *ListPrincipalAccessBoundaryPoliciesRequest) GetPageToken() stringfunc (*ListPrincipalAccessBoundaryPoliciesRequest) GetParent
func (x *ListPrincipalAccessBoundaryPoliciesRequest) GetParent() stringfunc (*ListPrincipalAccessBoundaryPoliciesRequest) ProtoMessage
func (*ListPrincipalAccessBoundaryPoliciesRequest) ProtoMessage()func (*ListPrincipalAccessBoundaryPoliciesRequest) ProtoReflect
func (x *ListPrincipalAccessBoundaryPoliciesRequest) ProtoReflect() protoreflect.Messagefunc (*ListPrincipalAccessBoundaryPoliciesRequest) Reset
func (x *ListPrincipalAccessBoundaryPoliciesRequest) Reset()func (*ListPrincipalAccessBoundaryPoliciesRequest) String
func (x *ListPrincipalAccessBoundaryPoliciesRequest) String() stringListPrincipalAccessBoundaryPoliciesResponse
type ListPrincipalAccessBoundaryPoliciesResponse struct {
// The principal access boundary policies from the specified parent.
PrincipalAccessBoundaryPolicies []*PrincipalAccessBoundaryPolicy `protobuf:"bytes,1,rep,name=principal_access_boundary_policies,json=principalAccessBoundaryPolicies,proto3" json:"principal_access_boundary_policies,omitempty"`
// Optional. A token, which can be sent as `page_token` to retrieve the next
// page. If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for ListPrincipalAccessBoundaryPolicies method.
func (*ListPrincipalAccessBoundaryPoliciesResponse) Descriptor
func (*ListPrincipalAccessBoundaryPoliciesResponse) Descriptor() ([]byte, []int)Deprecated: Use ListPrincipalAccessBoundaryPoliciesResponse.ProtoReflect.Descriptor instead.
func (*ListPrincipalAccessBoundaryPoliciesResponse) GetNextPageToken
func (x *ListPrincipalAccessBoundaryPoliciesResponse) GetNextPageToken() stringfunc (*ListPrincipalAccessBoundaryPoliciesResponse) GetPrincipalAccessBoundaryPolicies
func (x *ListPrincipalAccessBoundaryPoliciesResponse) GetPrincipalAccessBoundaryPolicies() []*PrincipalAccessBoundaryPolicyfunc (*ListPrincipalAccessBoundaryPoliciesResponse) ProtoMessage
func (*ListPrincipalAccessBoundaryPoliciesResponse) ProtoMessage()func (*ListPrincipalAccessBoundaryPoliciesResponse) ProtoReflect
func (x *ListPrincipalAccessBoundaryPoliciesResponse) ProtoReflect() protoreflect.Messagefunc (*ListPrincipalAccessBoundaryPoliciesResponse) Reset
func (x *ListPrincipalAccessBoundaryPoliciesResponse) Reset()func (*ListPrincipalAccessBoundaryPoliciesResponse) String
func (x *ListPrincipalAccessBoundaryPoliciesResponse) String() stringOperationMetadata
type OperationMetadata struct {
// Output only. The time the operation was created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time the operation finished running.
EndTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
// Output only. Server-defined resource path for the target of the
Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
// Output only. Name of the verb executed by the operation.
Verb string `protobuf:"bytes,4,opt,name=verb,proto3" json:"verb,omitempty"`
// Output only. Human-readable status of the operation, if any.
StatusMessage string `protobuf:"bytes,5,opt,name=status_message,json=statusMessage,proto3" json:"status_message,omitempty"`
// Output only. Identifies whether the user has requested cancellation
// of the operation. Operations that have successfully been cancelled
// have [Operation.error][] value with a
// [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
// `Code.CANCELLED`.
RequestedCancellation bool `protobuf:"varint,6,opt,name=requested_cancellation,json=requestedCancellation,proto3" json:"requested_cancellation,omitempty"`
// Output only. API version used to start the operation.
ApiVersion string `protobuf:"bytes,7,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
// contains filtered or unexported fields
}Represents the metadata of the long-running operation.
func (*OperationMetadata) Descriptor
func (*OperationMetadata) Descriptor() ([]byte, []int)Deprecated: Use OperationMetadata.ProtoReflect.Descriptor instead.
func (*OperationMetadata) GetApiVersion
func (x *OperationMetadata) GetApiVersion() stringfunc (*OperationMetadata) GetCreateTime
func (x *OperationMetadata) GetCreateTime() *timestamppb.Timestampfunc (*OperationMetadata) GetEndTime
func (x *OperationMetadata) GetEndTime() *timestamppb.Timestampfunc (*OperationMetadata) GetRequestedCancellation
func (x *OperationMetadata) GetRequestedCancellation() boolfunc (*OperationMetadata) GetStatusMessage
func (x *OperationMetadata) GetStatusMessage() stringfunc (*OperationMetadata) GetTarget
func (x *OperationMetadata) GetTarget() stringfunc (*OperationMetadata) GetVerb
func (x *OperationMetadata) GetVerb() stringfunc (*OperationMetadata) ProtoMessage
func (*OperationMetadata) ProtoMessage()func (*OperationMetadata) ProtoReflect
func (x *OperationMetadata) ProtoReflect() protoreflect.Messagefunc (*OperationMetadata) Reset
func (x *OperationMetadata) Reset()func (*OperationMetadata) String
func (x *OperationMetadata) String() stringPolicyBinding
type PolicyBinding struct {
// Identifier. The name of the policy binding, in the format
// `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
// The binding parent is the closest Resource Manager resource (project,
// folder, or organization) to the binding target.
//
// Format:
//
// * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
// * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
// * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
// * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The globally unique ID of the policy binding. Assigned when
// the policy binding is created.
Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
// Optional. The etag for the policy binding.
// If this is provided on update, it must match the server's etag.
Etag string `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. The description of the policy binding. Must be less than or equal
// to 63 characters.
DisplayName string `protobuf:"bytes,4,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
// Optional. User-defined annotations. See
// https://google.aip.dev/148#annotations for more details such as format and
// size limitations
Annotations map[string]string `protobuf:"bytes,5,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Required. Immutable. The full resource name of the resource to which the
// policy will be bound. Immutable once set.
Target *PolicyBinding_Target `protobuf:"bytes,6,opt,name=target,proto3" json:"target,omitempty"`
// Immutable. The kind of the policy to attach in this binding. This field
// must be one of the following:
//
// - Left empty (will be automatically set to the policy kind)
// - The input policy kind
PolicyKind PolicyBinding_PolicyKind `protobuf:"varint,11,opt,name=policy_kind,json=policyKind,proto3,enum=google.iam.v3beta.PolicyBinding_PolicyKind" json:"policy_kind,omitempty"`
// Required. Immutable. The resource name of the policy to be bound. The
// binding parent and policy must belong to the same organization.
Policy string `protobuf:"bytes,7,opt,name=policy,proto3" json:"policy,omitempty"`
// Output only. The globally unique ID of the policy to be bound.
PolicyUid string `protobuf:"bytes,12,opt,name=policy_uid,json=policyUid,proto3" json:"policy_uid,omitempty"`
// Optional. The condition to apply to the policy binding. When set, the
// `expression` field in the `Expr` must include from 1 to 10 subexpressions,
// joined by the
// "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and
// cannot contain more than 250 characters.
//
// The condition is currently only supported when bound to policies of kind
// principal access boundary.
//
// When the bound policy is a principal access boundary policy, the only
// supported attributes in any subexpression are `principal.type` and
// `principal.subject`. An example expression is: "principal.type ==
// 'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
// 'bob@example.com'".
//
// Allowed operations for `principal.subject`:
//
// - `principal.subject == IAM policy binding resource.
func (*PolicyBinding) Descriptor
func (*PolicyBinding) Descriptor() ([]byte, []int)Deprecated: Use PolicyBinding.ProtoReflect.Descriptor instead.
func (*PolicyBinding) GetAnnotations
func (x *PolicyBinding) GetAnnotations() map[string]stringfunc (*PolicyBinding) GetCondition
func (x *PolicyBinding) GetCondition() *expr.Exprfunc (*PolicyBinding) GetCreateTime
func (x *PolicyBinding) GetCreateTime() *timestamppb.Timestampfunc (*PolicyBinding) GetDisplayName
func (x *PolicyBinding) GetDisplayName() stringfunc (*PolicyBinding) GetEtag
func (x *PolicyBinding) GetEtag() stringfunc (*PolicyBinding) GetName
func (x *PolicyBinding) GetName() stringfunc (*PolicyBinding) GetPolicy
func (x *PolicyBinding) GetPolicy() stringfunc (*PolicyBinding) GetPolicyKind
func (x *PolicyBinding) GetPolicyKind() PolicyBinding_PolicyKindfunc (*PolicyBinding) GetPolicyUid
func (x *PolicyBinding) GetPolicyUid() stringfunc (*PolicyBinding) GetTarget
func (x *PolicyBinding) GetTarget() *PolicyBinding_Targetfunc (*PolicyBinding) GetUid
func (x *PolicyBinding) GetUid() stringfunc (*PolicyBinding) GetUpdateTime
func (x *PolicyBinding) GetUpdateTime() *timestamppb.Timestampfunc (*PolicyBinding) ProtoMessage
func (*PolicyBinding) ProtoMessage()func (*PolicyBinding) ProtoReflect
func (x *PolicyBinding) ProtoReflect() protoreflect.Messagefunc (*PolicyBinding) Reset
func (x *PolicyBinding) Reset()func (*PolicyBinding) String
func (x *PolicyBinding) String() stringPolicyBinding_PolicyKind
type PolicyBinding_PolicyKind int32The different policy kinds supported in this binding.
PolicyBinding_POLICY_KIND_UNSPECIFIED, PolicyBinding_PRINCIPAL_ACCESS_BOUNDARY, PolicyBinding_ACCESS
const (
// Unspecified policy kind; Not a valid state
PolicyBinding_POLICY_KIND_UNSPECIFIED PolicyBinding_PolicyKind = 0
// Principal access boundary policy kind
PolicyBinding_PRINCIPAL_ACCESS_BOUNDARY PolicyBinding_PolicyKind = 1
// Access policy kind.
PolicyBinding_ACCESS PolicyBinding_PolicyKind = 2
)func (PolicyBinding_PolicyKind) Descriptor
func (PolicyBinding_PolicyKind) Descriptor() protoreflect.EnumDescriptorfunc (PolicyBinding_PolicyKind) Enum
func (x PolicyBinding_PolicyKind) Enum() *PolicyBinding_PolicyKindfunc (PolicyBinding_PolicyKind) EnumDescriptor
func (PolicyBinding_PolicyKind) EnumDescriptor() ([]byte, []int)Deprecated: Use PolicyBinding_PolicyKind.Descriptor instead.
func (PolicyBinding_PolicyKind) Number
func (x PolicyBinding_PolicyKind) Number() protoreflect.EnumNumberfunc (PolicyBinding_PolicyKind) String
func (x PolicyBinding_PolicyKind) String() stringfunc (PolicyBinding_PolicyKind) Type
func (PolicyBinding_PolicyKind) Type() protoreflect.EnumTypePolicyBinding_Target
type PolicyBinding_Target struct {
// The different types of targets that can be bound to a policy.
//
// Types that are valid to be assigned to Target:
//
// *PolicyBinding_Target_PrincipalSet
// *PolicyBinding_Target_Resource
Target isPolicyBinding_Target_Target `protobuf_oneof:"target"`
// contains filtered or unexported fields
}The full resource name of the resource to which the policy will be bound. Immutable once set.
func (*PolicyBinding_Target) Descriptor
func (*PolicyBinding_Target) Descriptor() ([]byte, []int)Deprecated: Use PolicyBinding_Target.ProtoReflect.Descriptor instead.
func (*PolicyBinding_Target) GetPrincipalSet
func (x *PolicyBinding_Target) GetPrincipalSet() stringfunc (*PolicyBinding_Target) GetResource
func (x *PolicyBinding_Target) GetResource() stringfunc (*PolicyBinding_Target) GetTarget
func (x *PolicyBinding_Target) GetTarget() isPolicyBinding_Target_Targetfunc (*PolicyBinding_Target) ProtoMessage
func (*PolicyBinding_Target) ProtoMessage()func (*PolicyBinding_Target) ProtoReflect
func (x *PolicyBinding_Target) ProtoReflect() protoreflect.Messagefunc (*PolicyBinding_Target) Reset
func (x *PolicyBinding_Target) Reset()func (*PolicyBinding_Target) String
func (x *PolicyBinding_Target) String() stringPolicyBinding_Target_PrincipalSet
type PolicyBinding_Target_PrincipalSet struct {
// Immutable. The full resource name that's used for principal access
// boundary policy bindings. The principal set must be directly parented
// by the policy binding's parent or same as the parent if the target is a
// project, folder, or organization.
//
// Examples:
//
// * For bindings parented by an organization:
// - Organization:
// `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
// - Workforce Identity:
// `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
// - Workspace Identity:
// `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
//
// * For bindings parented by a folder:
// - Folder:
// `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
//
// * For bindings parented by a project:
// - Project:
// - `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
// - `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
// - Workload Identity Pool:
// `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
PrincipalSet string `protobuf:"bytes,1,opt,name=principal_set,json=principalSet,proto3,oneof"`
}PolicyBinding_Target_Resource
type PolicyBinding_Target_Resource struct {
// Immutable. The full resource name that's used for access policy
// bindings.
//
// Examples:
//
// * Organization:
// `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
// * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
// * Project:
// - `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
// - `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
Resource string `protobuf:"bytes,2,opt,name=resource,proto3,oneof"`
}PolicyBindingsClient
type PolicyBindingsClient interface {
// Creates a policy binding and returns a long-running operation.
// Callers will need the IAM permissions on both the policy and target.
// After the binding is created, the policy is applied to the target.
CreatePolicyBinding(ctx context.Context, in *CreatePolicyBindingRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Gets a policy binding.
GetPolicyBinding(ctx context.Context, in *GetPolicyBindingRequest, opts ...grpc.CallOption) (*PolicyBinding, error)
// Updates a policy binding and returns a long-running operation.
// Callers will need the IAM permissions on the policy and target in the
// binding to update. Target and policy are immutable and cannot be updated.
UpdatePolicyBinding(ctx context.Context, in *UpdatePolicyBindingRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes a policy binding and returns a long-running operation.
// Callers will need the IAM permissions on both the policy and target.
// After the binding is deleted, the policy no longer applies to the target.
DeletePolicyBinding(ctx context.Context, in *DeletePolicyBindingRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists policy bindings.
ListPolicyBindings(ctx context.Context, in *ListPolicyBindingsRequest, opts ...grpc.CallOption) (*ListPolicyBindingsResponse, error)
// Search policy bindings by target. Returns all policy binding objects bound
// directly to target.
SearchTargetPolicyBindings(ctx context.Context, in *SearchTargetPolicyBindingsRequest, opts ...grpc.CallOption) (*SearchTargetPolicyBindingsResponse, error)
}PolicyBindingsClient is the client API for PolicyBindings service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewPolicyBindingsClient
func NewPolicyBindingsClient(cc grpc.ClientConnInterface) PolicyBindingsClientPolicyBindingsServer
type PolicyBindingsServer interface {
// Creates a policy binding and returns a long-running operation.
// Callers will need the IAM permissions on both the policy and target.
// After the binding is created, the policy is applied to the target.
CreatePolicyBinding(context.Context, *CreatePolicyBindingRequest) (*longrunningpb.Operation, error)
// Gets a policy binding.
GetPolicyBinding(context.Context, *GetPolicyBindingRequest) (*PolicyBinding, error)
// Updates a policy binding and returns a long-running operation.
// Callers will need the IAM permissions on the policy and target in the
// binding to update. Target and policy are immutable and cannot be updated.
UpdatePolicyBinding(context.Context, *UpdatePolicyBindingRequest) (*longrunningpb.Operation, error)
// Deletes a policy binding and returns a long-running operation.
// Callers will need the IAM permissions on both the policy and target.
// After the binding is deleted, the policy no longer applies to the target.
DeletePolicyBinding(context.Context, *DeletePolicyBindingRequest) (*longrunningpb.Operation, error)
// Lists policy bindings.
ListPolicyBindings(context.Context, *ListPolicyBindingsRequest) (*ListPolicyBindingsResponse, error)
// Search policy bindings by target. Returns all policy binding objects bound
// directly to target.
SearchTargetPolicyBindings(context.Context, *SearchTargetPolicyBindingsRequest) (*SearchTargetPolicyBindingsResponse, error)
}PolicyBindingsServer is the server API for PolicyBindings service. All implementations should embed UnimplementedPolicyBindingsServer for forward compatibility
PrincipalAccessBoundaryPoliciesClient
type PrincipalAccessBoundaryPoliciesClient interface {
// Creates a principal access boundary policy, and returns a long running
// operation.
CreatePrincipalAccessBoundaryPolicy(ctx context.Context, in *CreatePrincipalAccessBoundaryPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Gets a principal access boundary policy.
GetPrincipalAccessBoundaryPolicy(ctx context.Context, in *GetPrincipalAccessBoundaryPolicyRequest, opts ...grpc.CallOption) (*PrincipalAccessBoundaryPolicy, error)
// Updates a principal access boundary policy.
UpdatePrincipalAccessBoundaryPolicy(ctx context.Context, in *UpdatePrincipalAccessBoundaryPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Deletes a principal access boundary policy.
DeletePrincipalAccessBoundaryPolicy(ctx context.Context, in *DeletePrincipalAccessBoundaryPolicyRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Lists principal access boundary policies.
ListPrincipalAccessBoundaryPolicies(ctx context.Context, in *ListPrincipalAccessBoundaryPoliciesRequest, opts ...grpc.CallOption) (*ListPrincipalAccessBoundaryPoliciesResponse, error)
// Returns all policy bindings that bind a specific policy if a user has
// searchPolicyBindings permission on that policy.
SearchPrincipalAccessBoundaryPolicyBindings(ctx context.Context, in *SearchPrincipalAccessBoundaryPolicyBindingsRequest, opts ...grpc.CallOption) (*SearchPrincipalAccessBoundaryPolicyBindingsResponse, error)
}PrincipalAccessBoundaryPoliciesClient is the client API for PrincipalAccessBoundaryPolicies service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewPrincipalAccessBoundaryPoliciesClient
func NewPrincipalAccessBoundaryPoliciesClient(cc grpc.ClientConnInterface) PrincipalAccessBoundaryPoliciesClientPrincipalAccessBoundaryPoliciesServer
type PrincipalAccessBoundaryPoliciesServer interface {
// Creates a principal access boundary policy, and returns a long running
// operation.
CreatePrincipalAccessBoundaryPolicy(context.Context, *CreatePrincipalAccessBoundaryPolicyRequest) (*longrunningpb.Operation, error)
// Gets a principal access boundary policy.
GetPrincipalAccessBoundaryPolicy(context.Context, *GetPrincipalAccessBoundaryPolicyRequest) (*PrincipalAccessBoundaryPolicy, error)
// Updates a principal access boundary policy.
UpdatePrincipalAccessBoundaryPolicy(context.Context, *UpdatePrincipalAccessBoundaryPolicyRequest) (*longrunningpb.Operation, error)
// Deletes a principal access boundary policy.
DeletePrincipalAccessBoundaryPolicy(context.Context, *DeletePrincipalAccessBoundaryPolicyRequest) (*longrunningpb.Operation, error)
// Lists principal access boundary policies.
ListPrincipalAccessBoundaryPolicies(context.Context, *ListPrincipalAccessBoundaryPoliciesRequest) (*ListPrincipalAccessBoundaryPoliciesResponse, error)
// Returns all policy bindings that bind a specific policy if a user has
// searchPolicyBindings permission on that policy.
SearchPrincipalAccessBoundaryPolicyBindings(context.Context, *SearchPrincipalAccessBoundaryPolicyBindingsRequest) (*SearchPrincipalAccessBoundaryPolicyBindingsResponse, error)
}PrincipalAccessBoundaryPoliciesServer is the server API for PrincipalAccessBoundaryPolicies service. All implementations should embed UnimplementedPrincipalAccessBoundaryPoliciesServer for forward compatibility
PrincipalAccessBoundaryPolicy
type PrincipalAccessBoundaryPolicy struct {
// Identifier. The resource name of the principal access boundary policy.
//
// The following format is supported:
// `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The globally unique ID of the principal access boundary
// policy.
Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
// Optional. The etag for the principal access boundary.
// If this is provided on update, it must match the server's etag.
Etag string `protobuf:"bytes,3,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. The description of the principal access boundary policy. Must be
// less than or equal to 63 characters.
DisplayName string `protobuf:"bytes,4,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
// Optional. User defined annotations. See
// https://google.aip.dev/148#annotations for more details such as format and
// size limitations
Annotations map[string]string `protobuf:"bytes,5,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Output only. The time when the principal access boundary policy was
// created.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// Output only. The time when the principal access boundary policy was most
// recently updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// Optional. The details for the principal access boundary policy.
Details *PrincipalAccessBoundaryPolicyDetails `protobuf:"bytes,8,opt,name=details,proto3" json:"details,omitempty"`
// contains filtered or unexported fields
}An IAM principal access boundary policy resource.
func (*PrincipalAccessBoundaryPolicy) Descriptor
func (*PrincipalAccessBoundaryPolicy) Descriptor() ([]byte, []int)Deprecated: Use PrincipalAccessBoundaryPolicy.ProtoReflect.Descriptor instead.
func (*PrincipalAccessBoundaryPolicy) GetAnnotations
func (x *PrincipalAccessBoundaryPolicy) GetAnnotations() map[string]stringfunc (*PrincipalAccessBoundaryPolicy) GetCreateTime
func (x *PrincipalAccessBoundaryPolicy) GetCreateTime() *timestamppb.Timestampfunc (*PrincipalAccessBoundaryPolicy) GetDetails
func (x *PrincipalAccessBoundaryPolicy) GetDetails() *PrincipalAccessBoundaryPolicyDetailsfunc (*PrincipalAccessBoundaryPolicy) GetDisplayName
func (x *PrincipalAccessBoundaryPolicy) GetDisplayName() stringfunc (*PrincipalAccessBoundaryPolicy) GetEtag
func (x *PrincipalAccessBoundaryPolicy) GetEtag() stringfunc (*PrincipalAccessBoundaryPolicy) GetName
func (x *PrincipalAccessBoundaryPolicy) GetName() stringfunc (*PrincipalAccessBoundaryPolicy) GetUid
func (x *PrincipalAccessBoundaryPolicy) GetUid() stringfunc (*PrincipalAccessBoundaryPolicy) GetUpdateTime
func (x *PrincipalAccessBoundaryPolicy) GetUpdateTime() *timestamppb.Timestampfunc (*PrincipalAccessBoundaryPolicy) ProtoMessage
func (*PrincipalAccessBoundaryPolicy) ProtoMessage()func (*PrincipalAccessBoundaryPolicy) ProtoReflect
func (x *PrincipalAccessBoundaryPolicy) ProtoReflect() protoreflect.Messagefunc (*PrincipalAccessBoundaryPolicy) Reset
func (x *PrincipalAccessBoundaryPolicy) Reset()func (*PrincipalAccessBoundaryPolicy) String
func (x *PrincipalAccessBoundaryPolicy) String() stringPrincipalAccessBoundaryPolicyDetails
type PrincipalAccessBoundaryPolicyDetails struct {
// Required. A list of principal access boundary policy rules. The number of
// rules in a policy is limited to 500.
Rules []*PrincipalAccessBoundaryPolicyRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
// Optional.
// The version number (for example, `1` or `latest`) that indicates which
// permissions are able to be blocked by the policy. If empty, the PAB policy
// version will be set to the most recent version number at the time of the
// policy's creation.
EnforcementVersion string `protobuf:"bytes,4,opt,name=enforcement_version,json=enforcementVersion,proto3" json:"enforcement_version,omitempty"`
// contains filtered or unexported fields
}Principal access boundary policy details
func (*PrincipalAccessBoundaryPolicyDetails) Descriptor
func (*PrincipalAccessBoundaryPolicyDetails) Descriptor() ([]byte, []int)Deprecated: Use PrincipalAccessBoundaryPolicyDetails.ProtoReflect.Descriptor instead.
func (*PrincipalAccessBoundaryPolicyDetails) GetEnforcementVersion
func (x *PrincipalAccessBoundaryPolicyDetails) GetEnforcementVersion() stringfunc (*PrincipalAccessBoundaryPolicyDetails) GetRules
func (x *PrincipalAccessBoundaryPolicyDetails) GetRules() []*PrincipalAccessBoundaryPolicyRulefunc (*PrincipalAccessBoundaryPolicyDetails) ProtoMessage
func (*PrincipalAccessBoundaryPolicyDetails) ProtoMessage()func (*PrincipalAccessBoundaryPolicyDetails) ProtoReflect
func (x *PrincipalAccessBoundaryPolicyDetails) ProtoReflect() protoreflect.Messagefunc (*PrincipalAccessBoundaryPolicyDetails) Reset
func (x *PrincipalAccessBoundaryPolicyDetails) Reset()func (*PrincipalAccessBoundaryPolicyDetails) String
func (x *PrincipalAccessBoundaryPolicyDetails) String() stringPrincipalAccessBoundaryPolicyRule
type PrincipalAccessBoundaryPolicyRule struct {
// Optional. The description of the principal access boundary policy rule.
// Must be less than or equal to 256 characters.
Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
// Required. A list of Resource Manager resources. If a resource is listed in
// the rule, then the rule applies for that resource and its descendants. The
// number of resources in a policy is limited to 500 across all rules in the
// policy.
//
// The following resource types are supported:
//
// * Organizations, such as
// `//cloudresourcemanager.googleapis.com/organizations/123`.
// - Folders, such as `//cloudresourcemanager.googleapis.com/folders/123`.
// - Projects, such as `//cloudresourcemanager.googleapis.com/projects/123`
// or `//cloudresourcemanager.googleapis.com/projects/my-project-id`.
Resources []string `protobuf:"bytes,2,rep,name=resources,proto3" json:"resources,omitempty"`
// Required. The access relationship of principals to the resources in this
// rule.
Effect PrincipalAccessBoundaryPolicyRule_Effect `protobuf:"varint,3,opt,name=effect,proto3,enum=google.iam.v3beta.PrincipalAccessBoundaryPolicyRule_Effect" json:"effect,omitempty"`
// contains filtered or unexported fields
}Principal access boundary policy rule that defines the resource boundary.
func (*PrincipalAccessBoundaryPolicyRule) Descriptor
func (*PrincipalAccessBoundaryPolicyRule) Descriptor() ([]byte, []int)Deprecated: Use PrincipalAccessBoundaryPolicyRule.ProtoReflect.Descriptor instead.
func (*PrincipalAccessBoundaryPolicyRule) GetDescription
func (x *PrincipalAccessBoundaryPolicyRule) GetDescription() stringfunc (*PrincipalAccessBoundaryPolicyRule) GetEffect
func (x *PrincipalAccessBoundaryPolicyRule) GetEffect() PrincipalAccessBoundaryPolicyRule_Effectfunc (*PrincipalAccessBoundaryPolicyRule) GetResources
func (x *PrincipalAccessBoundaryPolicyRule) GetResources() []stringfunc (*PrincipalAccessBoundaryPolicyRule) ProtoMessage
func (*PrincipalAccessBoundaryPolicyRule) ProtoMessage()func (*PrincipalAccessBoundaryPolicyRule) ProtoReflect
func (x *PrincipalAccessBoundaryPolicyRule) ProtoReflect() protoreflect.Messagefunc (*PrincipalAccessBoundaryPolicyRule) Reset
func (x *PrincipalAccessBoundaryPolicyRule) Reset()func (*PrincipalAccessBoundaryPolicyRule) String
func (x *PrincipalAccessBoundaryPolicyRule) String() stringPrincipalAccessBoundaryPolicyRule_Effect
type PrincipalAccessBoundaryPolicyRule_Effect int32An effect to describe the access relationship.
PrincipalAccessBoundaryPolicyRule_EFFECT_UNSPECIFIED, PrincipalAccessBoundaryPolicyRule_ALLOW
const (
// Effect unspecified.
PrincipalAccessBoundaryPolicyRule_EFFECT_UNSPECIFIED PrincipalAccessBoundaryPolicyRule_Effect = 0
// Allows access to the resources in this rule.
PrincipalAccessBoundaryPolicyRule_ALLOW PrincipalAccessBoundaryPolicyRule_Effect = 1
)func (PrincipalAccessBoundaryPolicyRule_Effect) Descriptor
func (PrincipalAccessBoundaryPolicyRule_Effect) Descriptor() protoreflect.EnumDescriptorfunc (PrincipalAccessBoundaryPolicyRule_Effect) Enum
func (PrincipalAccessBoundaryPolicyRule_Effect) EnumDescriptor
func (PrincipalAccessBoundaryPolicyRule_Effect) EnumDescriptor() ([]byte, []int)Deprecated: Use PrincipalAccessBoundaryPolicyRule_Effect.Descriptor instead.
func (PrincipalAccessBoundaryPolicyRule_Effect) Number
func (x PrincipalAccessBoundaryPolicyRule_Effect) Number() protoreflect.EnumNumberfunc (PrincipalAccessBoundaryPolicyRule_Effect) String
func (x PrincipalAccessBoundaryPolicyRule_Effect) String() stringfunc (PrincipalAccessBoundaryPolicyRule_Effect) Type
func (PrincipalAccessBoundaryPolicyRule_Effect) Type() protoreflect.EnumTypeSearchAccessPolicyBindingsRequest
type SearchAccessPolicyBindingsRequest struct {
// Required. The name of the access policy.
// Format:
//
// `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}`
// `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The maximum number of policy bindings to return. The service may
// return fewer than this value.
//
// If unspecified, at most 50 policy bindings will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous
// `SearchAccessPolicyBindingsRequest` call. Provide this to
// retrieve the subsequent page.
//
// When paginating, all other parameters provided to
// `SearchAccessPolicyBindingsRequest` must match the call
// that provided the page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}Request message for SearchAccessPolicyBindings rpc.
func (*SearchAccessPolicyBindingsRequest) Descriptor
func (*SearchAccessPolicyBindingsRequest) Descriptor() ([]byte, []int)Deprecated: Use SearchAccessPolicyBindingsRequest.ProtoReflect.Descriptor instead.
func (*SearchAccessPolicyBindingsRequest) GetName
func (x *SearchAccessPolicyBindingsRequest) GetName() stringfunc (*SearchAccessPolicyBindingsRequest) GetPageSize
func (x *SearchAccessPolicyBindingsRequest) GetPageSize() int32func (*SearchAccessPolicyBindingsRequest) GetPageToken
func (x *SearchAccessPolicyBindingsRequest) GetPageToken() stringfunc (*SearchAccessPolicyBindingsRequest) ProtoMessage
func (*SearchAccessPolicyBindingsRequest) ProtoMessage()func (*SearchAccessPolicyBindingsRequest) ProtoReflect
func (x *SearchAccessPolicyBindingsRequest) ProtoReflect() protoreflect.Messagefunc (*SearchAccessPolicyBindingsRequest) Reset
func (x *SearchAccessPolicyBindingsRequest) Reset()func (*SearchAccessPolicyBindingsRequest) String
func (x *SearchAccessPolicyBindingsRequest) String() stringSearchAccessPolicyBindingsResponse
type SearchAccessPolicyBindingsResponse struct {
// The policy bindings that reference the specified policy.
PolicyBindings []*PolicyBinding `protobuf:"bytes,1,rep,name=policy_bindings,json=policyBindings,proto3" json:"policy_bindings,omitempty"`
// Optional. A token, which can be sent as `page_token` to retrieve the next
// page. If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for SearchAccessPolicyBindings rpc.
func (*SearchAccessPolicyBindingsResponse) Descriptor
func (*SearchAccessPolicyBindingsResponse) Descriptor() ([]byte, []int)Deprecated: Use SearchAccessPolicyBindingsResponse.ProtoReflect.Descriptor instead.
func (*SearchAccessPolicyBindingsResponse) GetNextPageToken
func (x *SearchAccessPolicyBindingsResponse) GetNextPageToken() stringfunc (*SearchAccessPolicyBindingsResponse) GetPolicyBindings
func (x *SearchAccessPolicyBindingsResponse) GetPolicyBindings() []*PolicyBindingfunc (*SearchAccessPolicyBindingsResponse) ProtoMessage
func (*SearchAccessPolicyBindingsResponse) ProtoMessage()func (*SearchAccessPolicyBindingsResponse) ProtoReflect
func (x *SearchAccessPolicyBindingsResponse) ProtoReflect() protoreflect.Messagefunc (*SearchAccessPolicyBindingsResponse) Reset
func (x *SearchAccessPolicyBindingsResponse) Reset()func (*SearchAccessPolicyBindingsResponse) String
func (x *SearchAccessPolicyBindingsResponse) String() stringSearchPrincipalAccessBoundaryPolicyBindingsRequest
type SearchPrincipalAccessBoundaryPolicyBindingsRequest struct {
// Required. The name of the principal access boundary policy.
// Format:
//
// `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The maximum number of policy bindings to return. The service may
// return fewer than this value.
//
// If unspecified, at most 50 policy bindings will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
PageSize int32 `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous
// `SearchPrincipalAccessBoundaryPolicyBindingsRequest` call. Provide this to
// retrieve the subsequent page.
//
// When paginating, all other parameters provided to
// `SearchPrincipalAccessBoundaryPolicyBindingsRequest` must match the call
// that provided the page token.
PageToken string `protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}Request message for SearchPrincipalAccessBoundaryPolicyBindings rpc.
func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) Descriptor
func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) Descriptor() ([]byte, []int)Deprecated: Use SearchPrincipalAccessBoundaryPolicyBindingsRequest.ProtoReflect.Descriptor instead.
func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) GetName
func (x *SearchPrincipalAccessBoundaryPolicyBindingsRequest) GetName() stringfunc (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) GetPageSize
func (x *SearchPrincipalAccessBoundaryPolicyBindingsRequest) GetPageSize() int32func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) GetPageToken
func (x *SearchPrincipalAccessBoundaryPolicyBindingsRequest) GetPageToken() stringfunc (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) ProtoMessage
func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) ProtoMessage()func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) ProtoReflect
func (x *SearchPrincipalAccessBoundaryPolicyBindingsRequest) ProtoReflect() protoreflect.Messagefunc (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) Reset
func (x *SearchPrincipalAccessBoundaryPolicyBindingsRequest) Reset()func (*SearchPrincipalAccessBoundaryPolicyBindingsRequest) String
func (x *SearchPrincipalAccessBoundaryPolicyBindingsRequest) String() stringSearchPrincipalAccessBoundaryPolicyBindingsResponse
type SearchPrincipalAccessBoundaryPolicyBindingsResponse struct {
// The policy bindings that reference the specified policy.
PolicyBindings []*PolicyBinding `protobuf:"bytes,1,rep,name=policy_bindings,json=policyBindings,proto3" json:"policy_bindings,omitempty"`
// Optional. A token, which can be sent as `page_token` to retrieve the next
// page. If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for SearchPrincipalAccessBoundaryPolicyBindings rpc.
func (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) Descriptor
func (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) Descriptor() ([]byte, []int)Deprecated: Use SearchPrincipalAccessBoundaryPolicyBindingsResponse.ProtoReflect.Descriptor instead.
func (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) GetNextPageToken
func (x *SearchPrincipalAccessBoundaryPolicyBindingsResponse) GetNextPageToken() stringfunc (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) GetPolicyBindings
func (x *SearchPrincipalAccessBoundaryPolicyBindingsResponse) GetPolicyBindings() []*PolicyBindingfunc (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) ProtoMessage
func (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) ProtoMessage()func (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) ProtoReflect
func (x *SearchPrincipalAccessBoundaryPolicyBindingsResponse) ProtoReflect() protoreflect.Messagefunc (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) Reset
func (x *SearchPrincipalAccessBoundaryPolicyBindingsResponse) Reset()func (*SearchPrincipalAccessBoundaryPolicyBindingsResponse) String
func (x *SearchPrincipalAccessBoundaryPolicyBindingsResponse) String() stringSearchTargetPolicyBindingsRequest
type SearchTargetPolicyBindingsRequest struct {
// Required. The target resource, which is bound to the policy in the binding.
//
// Format:
//
// * `//iam.googleapis.com/locations/global/workforcePools/POOL_ID`
// * `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID`
// * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
// * `//cloudresourcemanager.googleapis.com/projects/{project_number}`
// * `//cloudresourcemanager.googleapis.com/folders/{folder_id}`
// * `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`
Target string `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"`
// Optional. The maximum number of policy bindings to return. The service may
// return fewer than this value.
//
// The default value is 50. The maximum value is 1000.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional. A page token, received from a previous
// `SearchTargetPolicyBindingsRequest` call. Provide this to retrieve the
// subsequent page.
//
// When paginating, all other parameters provided to
// `SearchTargetPolicyBindingsRequest` must match the call that provided the
// page token.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Required. The parent resource where this search will be performed. This
// should be the nearest Resource Manager resource (project, folder, or
// organization) to the target.
//
// Format:
//
// * `projects/{project_id}/locations/{location}`
// * `projects/{project_number}/locations/{location}`
// * `folders/{folder_id}/locations/{location}`
// * `organizations/{organization_id}/locations/{location}`
Parent string `protobuf:"bytes,5,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Filtering currently only supports the kind of policies to return,
// and must be in the format "policy_kind={policy_kind}".
//
// If String is empty, bindings bound to all kinds of policies would be
// returned.
//
// The only supported values are the following:
//
// * "policy_kind=PRINCIPAL_ACCESS_BOUNDARY",
// * "policy_kind=ACCESS"
Filter string `protobuf:"bytes,6,opt,name=filter,proto3" json:"filter,omitempty"`
// contains filtered or unexported fields
}Request message for SearchTargetPolicyBindings method.
func (*SearchTargetPolicyBindingsRequest) Descriptor
func (*SearchTargetPolicyBindingsRequest) Descriptor() ([]byte, []int)Deprecated: Use SearchTargetPolicyBindingsRequest.ProtoReflect.Descriptor instead.
func (*SearchTargetPolicyBindingsRequest) GetFilter
func (x *SearchTargetPolicyBindingsRequest) GetFilter() stringfunc (*SearchTargetPolicyBindingsRequest) GetPageSize
func (x *SearchTargetPolicyBindingsRequest) GetPageSize() int32func (*SearchTargetPolicyBindingsRequest) GetPageToken
func (x *SearchTargetPolicyBindingsRequest) GetPageToken() stringfunc (*SearchTargetPolicyBindingsRequest) GetParent
func (x *SearchTargetPolicyBindingsRequest) GetParent() stringfunc (*SearchTargetPolicyBindingsRequest) GetTarget
func (x *SearchTargetPolicyBindingsRequest) GetTarget() stringfunc (*SearchTargetPolicyBindingsRequest) ProtoMessage
func (*SearchTargetPolicyBindingsRequest) ProtoMessage()func (*SearchTargetPolicyBindingsRequest) ProtoReflect
func (x *SearchTargetPolicyBindingsRequest) ProtoReflect() protoreflect.Messagefunc (*SearchTargetPolicyBindingsRequest) Reset
func (x *SearchTargetPolicyBindingsRequest) Reset()func (*SearchTargetPolicyBindingsRequest) String
func (x *SearchTargetPolicyBindingsRequest) String() stringSearchTargetPolicyBindingsResponse
type SearchTargetPolicyBindingsResponse struct {
// The policy bindings bound to the specified target.
PolicyBindings []*PolicyBinding `protobuf:"bytes,1,rep,name=policy_bindings,json=policyBindings,proto3" json:"policy_bindings,omitempty"`
// Optional. A token, which can be sent as `page_token` to retrieve the next
// page. If this field is omitted, there are no subsequent pages.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for SearchTargetPolicyBindings method.
func (*SearchTargetPolicyBindingsResponse) Descriptor
func (*SearchTargetPolicyBindingsResponse) Descriptor() ([]byte, []int)Deprecated: Use SearchTargetPolicyBindingsResponse.ProtoReflect.Descriptor instead.
func (*SearchTargetPolicyBindingsResponse) GetNextPageToken
func (x *SearchTargetPolicyBindingsResponse) GetNextPageToken() stringfunc (*SearchTargetPolicyBindingsResponse) GetPolicyBindings
func (x *SearchTargetPolicyBindingsResponse) GetPolicyBindings() []*PolicyBindingfunc (*SearchTargetPolicyBindingsResponse) ProtoMessage
func (*SearchTargetPolicyBindingsResponse) ProtoMessage()func (*SearchTargetPolicyBindingsResponse) ProtoReflect
func (x *SearchTargetPolicyBindingsResponse) ProtoReflect() protoreflect.Messagefunc (*SearchTargetPolicyBindingsResponse) Reset
func (x *SearchTargetPolicyBindingsResponse) Reset()func (*SearchTargetPolicyBindingsResponse) String
func (x *SearchTargetPolicyBindingsResponse) String() stringUnimplementedAccessPoliciesServer
type UnimplementedAccessPoliciesServer struct {
}UnimplementedAccessPoliciesServer should be embedded to have forward compatible implementations.
func (UnimplementedAccessPoliciesServer) CreateAccessPolicy
func (UnimplementedAccessPoliciesServer) CreateAccessPolicy(context.Context, *CreateAccessPolicyRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessPoliciesServer) DeleteAccessPolicy
func (UnimplementedAccessPoliciesServer) DeleteAccessPolicy(context.Context, *DeleteAccessPolicyRequest) (*longrunningpb.Operation, error)func (UnimplementedAccessPoliciesServer) GetAccessPolicy
func (UnimplementedAccessPoliciesServer) GetAccessPolicy(context.Context, *GetAccessPolicyRequest) (*AccessPolicy, error)func (UnimplementedAccessPoliciesServer) ListAccessPolicies
func (UnimplementedAccessPoliciesServer) ListAccessPolicies(context.Context, *ListAccessPoliciesRequest) (*ListAccessPoliciesResponse, error)func (UnimplementedAccessPoliciesServer) SearchAccessPolicyBindings
func (UnimplementedAccessPoliciesServer) SearchAccessPolicyBindings(context.Context, *SearchAccessPolicyBindingsRequest) (*SearchAccessPolicyBindingsResponse, error)func (UnimplementedAccessPoliciesServer) UpdateAccessPolicy
func (UnimplementedAccessPoliciesServer) UpdateAccessPolicy(context.Context, *UpdateAccessPolicyRequest) (*longrunningpb.Operation, error)UnimplementedPolicyBindingsServer
type UnimplementedPolicyBindingsServer struct {
}UnimplementedPolicyBindingsServer should be embedded to have forward compatible implementations.
func (UnimplementedPolicyBindingsServer) CreatePolicyBinding
func (UnimplementedPolicyBindingsServer) CreatePolicyBinding(context.Context, *CreatePolicyBindingRequest) (*longrunningpb.Operation, error)func (UnimplementedPolicyBindingsServer) DeletePolicyBinding
func (UnimplementedPolicyBindingsServer) DeletePolicyBinding(context.Context, *DeletePolicyBindingRequest) (*longrunningpb.Operation, error)func (UnimplementedPolicyBindingsServer) GetPolicyBinding
func (UnimplementedPolicyBindingsServer) GetPolicyBinding(context.Context, *GetPolicyBindingRequest) (*PolicyBinding, error)func (UnimplementedPolicyBindingsServer) ListPolicyBindings
func (UnimplementedPolicyBindingsServer) ListPolicyBindings(context.Context, *ListPolicyBindingsRequest) (*ListPolicyBindingsResponse, error)func (UnimplementedPolicyBindingsServer) SearchTargetPolicyBindings
func (UnimplementedPolicyBindingsServer) SearchTargetPolicyBindings(context.Context, *SearchTargetPolicyBindingsRequest) (*SearchTargetPolicyBindingsResponse, error)func (UnimplementedPolicyBindingsServer) UpdatePolicyBinding
func (UnimplementedPolicyBindingsServer) UpdatePolicyBinding(context.Context, *UpdatePolicyBindingRequest) (*longrunningpb.Operation, error)UnimplementedPrincipalAccessBoundaryPoliciesServer
type UnimplementedPrincipalAccessBoundaryPoliciesServer struct {
}UnimplementedPrincipalAccessBoundaryPoliciesServer should be embedded to have forward compatible implementations.
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) CreatePrincipalAccessBoundaryPolicy
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) CreatePrincipalAccessBoundaryPolicy(context.Context, *CreatePrincipalAccessBoundaryPolicyRequest) (*longrunningpb.Operation, error)func (UnimplementedPrincipalAccessBoundaryPoliciesServer) DeletePrincipalAccessBoundaryPolicy
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) DeletePrincipalAccessBoundaryPolicy(context.Context, *DeletePrincipalAccessBoundaryPolicyRequest) (*longrunningpb.Operation, error)func (UnimplementedPrincipalAccessBoundaryPoliciesServer) GetPrincipalAccessBoundaryPolicy
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) GetPrincipalAccessBoundaryPolicy(context.Context, *GetPrincipalAccessBoundaryPolicyRequest) (*PrincipalAccessBoundaryPolicy, error)func (UnimplementedPrincipalAccessBoundaryPoliciesServer) ListPrincipalAccessBoundaryPolicies
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) ListPrincipalAccessBoundaryPolicies(context.Context, *ListPrincipalAccessBoundaryPoliciesRequest) (*ListPrincipalAccessBoundaryPoliciesResponse, error)func (UnimplementedPrincipalAccessBoundaryPoliciesServer) SearchPrincipalAccessBoundaryPolicyBindings
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) SearchPrincipalAccessBoundaryPolicyBindings(context.Context, *SearchPrincipalAccessBoundaryPolicyBindingsRequest) (*SearchPrincipalAccessBoundaryPolicyBindingsResponse, error)func (UnimplementedPrincipalAccessBoundaryPoliciesServer) UpdatePrincipalAccessBoundaryPolicy
func (UnimplementedPrincipalAccessBoundaryPoliciesServer) UpdatePrincipalAccessBoundaryPolicy(context.Context, *UpdatePrincipalAccessBoundaryPolicyRequest) (*longrunningpb.Operation, error)UnsafeAccessPoliciesServer
type UnsafeAccessPoliciesServer interface {
// contains filtered or unexported methods
}UnsafeAccessPoliciesServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AccessPoliciesServer will result in compilation errors.
UnsafePolicyBindingsServer
type UnsafePolicyBindingsServer interface {
// contains filtered or unexported methods
}UnsafePolicyBindingsServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to PolicyBindingsServer will result in compilation errors.
UnsafePrincipalAccessBoundaryPoliciesServer
type UnsafePrincipalAccessBoundaryPoliciesServer interface {
// contains filtered or unexported methods
}UnsafePrincipalAccessBoundaryPoliciesServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to PrincipalAccessBoundaryPoliciesServer will result in compilation errors.
UpdateAccessPolicyRequest
type UpdateAccessPolicyRequest struct {
// Required. The access policy to update.
//
// The access policy's `name` field is used to identify the
// policy to update.
AccessPolicy *AccessPolicy `protobuf:"bytes,1,opt,name=access_policy,json=accessPolicy,proto3" json:"access_policy,omitempty"`
// Optional. If set, validate the request and preview the update, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,2,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// contains filtered or unexported fields
}Request message for UpdateAccessPolicy method.
func (*UpdateAccessPolicyRequest) Descriptor
func (*UpdateAccessPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateAccessPolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdateAccessPolicyRequest) GetAccessPolicy
func (x *UpdateAccessPolicyRequest) GetAccessPolicy() *AccessPolicyfunc (*UpdateAccessPolicyRequest) GetValidateOnly
func (x *UpdateAccessPolicyRequest) GetValidateOnly() boolfunc (*UpdateAccessPolicyRequest) ProtoMessage
func (*UpdateAccessPolicyRequest) ProtoMessage()func (*UpdateAccessPolicyRequest) ProtoReflect
func (x *UpdateAccessPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateAccessPolicyRequest) Reset
func (x *UpdateAccessPolicyRequest) Reset()func (*UpdateAccessPolicyRequest) String
func (x *UpdateAccessPolicyRequest) String() stringUpdatePolicyBindingRequest
type UpdatePolicyBindingRequest struct {
// Required. The policy binding to update.
//
// The policy binding's `name` field is used to identify the policy binding to
// update.
PolicyBinding *PolicyBinding `protobuf:"bytes,1,opt,name=policy_binding,json=policyBinding,proto3" json:"policy_binding,omitempty"`
// Optional. If set, validate the request and preview the update, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,2,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// Optional. The list of fields to update
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}Request message for UpdatePolicyBinding method.
func (*UpdatePolicyBindingRequest) Descriptor
func (*UpdatePolicyBindingRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdatePolicyBindingRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyBindingRequest) GetPolicyBinding
func (x *UpdatePolicyBindingRequest) GetPolicyBinding() *PolicyBindingfunc (*UpdatePolicyBindingRequest) GetUpdateMask
func (x *UpdatePolicyBindingRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdatePolicyBindingRequest) GetValidateOnly
func (x *UpdatePolicyBindingRequest) GetValidateOnly() boolfunc (*UpdatePolicyBindingRequest) ProtoMessage
func (*UpdatePolicyBindingRequest) ProtoMessage()func (*UpdatePolicyBindingRequest) ProtoReflect
func (x *UpdatePolicyBindingRequest) ProtoReflect() protoreflect.Messagefunc (*UpdatePolicyBindingRequest) Reset
func (x *UpdatePolicyBindingRequest) Reset()func (*UpdatePolicyBindingRequest) String
func (x *UpdatePolicyBindingRequest) String() stringUpdatePrincipalAccessBoundaryPolicyRequest
type UpdatePrincipalAccessBoundaryPolicyRequest struct {
// Required. The principal access boundary policy to update.
//
// The principal access boundary policy's `name` field is used to identify the
// policy to update.
PrincipalAccessBoundaryPolicy *PrincipalAccessBoundaryPolicy `protobuf:"bytes,1,opt,name=principal_access_boundary_policy,json=principalAccessBoundaryPolicy,proto3" json:"principal_access_boundary_policy,omitempty"`
// Optional. If set, validate the request and preview the update, but do not
// actually post it.
ValidateOnly bool `protobuf:"varint,2,opt,name=validate_only,json=validateOnly,proto3" json:"validate_only,omitempty"`
// Optional. The list of fields to update
UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}Request message for UpdatePrincipalAccessBoundaryPolicy method.
func (*UpdatePrincipalAccessBoundaryPolicyRequest) Descriptor
func (*UpdatePrincipalAccessBoundaryPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdatePrincipalAccessBoundaryPolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePrincipalAccessBoundaryPolicyRequest) GetPrincipalAccessBoundaryPolicy
func (x *UpdatePrincipalAccessBoundaryPolicyRequest) GetPrincipalAccessBoundaryPolicy() *PrincipalAccessBoundaryPolicyfunc (*UpdatePrincipalAccessBoundaryPolicyRequest) GetUpdateMask
func (x *UpdatePrincipalAccessBoundaryPolicyRequest) GetUpdateMask() *fieldmaskpb.FieldMaskfunc (*UpdatePrincipalAccessBoundaryPolicyRequest) GetValidateOnly
func (x *UpdatePrincipalAccessBoundaryPolicyRequest) GetValidateOnly() boolfunc (*UpdatePrincipalAccessBoundaryPolicyRequest) ProtoMessage
func (*UpdatePrincipalAccessBoundaryPolicyRequest) ProtoMessage()func (*UpdatePrincipalAccessBoundaryPolicyRequest) ProtoReflect
func (x *UpdatePrincipalAccessBoundaryPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*UpdatePrincipalAccessBoundaryPolicyRequest) Reset
func (x *UpdatePrincipalAccessBoundaryPolicyRequest) Reset()func (*UpdatePrincipalAccessBoundaryPolicyRequest) String
func (x *UpdatePrincipalAccessBoundaryPolicyRequest) String() string