github.com/cloudwan/edgelq-sdk@v1.15.4/iam/proto/api-skeleton-v1.yaml (about) 1 name: iam.edgelq.com 2 proto: 3 package: 4 name: ntt.iam 5 currentVersion: v1 6 goPackage: github.com/cloudwan/edgelq/iam 7 protoImportPathPrefix: edgelq/iam/proto 8 service: 9 name: IAM 10 defaultHost: iam.edgelq.com 11 oauthScopes: https://apis.edgelq.com 12 imports: 13 - meta.goten.com 14 15 resources: 16 - name: Permission 17 parents: 18 - meta.goten.com/Service 19 idPattern : "[\\w@!\\\\.|-]{4,256}" 20 21 - name: Role 22 parents: 23 - meta.goten.com/Service 24 - Project 25 - Organization 26 idPattern : "[a-zA-Z0-9-]{1,128}" 27 multiRegion: 28 syncType: ALWAYS_GLOBALLY 29 30 - name: Organization 31 actions: 32 - name: ListMyOrganizations 33 verb: listMy 34 opResourceInfo: 35 isCollection: true 36 isPlural: true 37 responsePaths: 38 resourceBody: [ "organizations" ] 39 withStoreHandle: 40 readOnly: true 41 transaction: NONE 42 multiRegionRouting: 43 skipCodeGenBasedRouting: true 44 - name: SearchMyOrganizations 45 verb: searchMy 46 opResourceInfo: 47 isCollection: true 48 isPlural: true 49 responsePaths: 50 resourceBody: [ "organizations" ] 51 withStoreHandle: 52 readOnly: true 53 transaction: NONE 54 multiRegionRouting: 55 skipCodeGenBasedRouting: true 56 multiRegion: 57 isPolicyHolder: true 58 optIns: 59 searchable: true 60 61 - name: OrganizationInvitation 62 parents: 63 - Organization 64 actions: 65 - name: AcceptOrganizationInvitation 66 verb: accept 67 withStoreHandle: 68 transaction: SNAPSHOT 69 - name: DeclineOrganizationInvitation 70 verb: decline 71 withStoreHandle: 72 transaction: SNAPSHOT 73 - name: ListMyOrganizationInvitations 74 verb: listMy 75 opResourceInfo: 76 isCollection: true 77 isPlural: true 78 responsePaths: 79 resourceBody: [ "organization_invitations" ] 80 withStoreHandle: 81 readOnly: true 82 transaction: NONE 83 84 - name: Project 85 actions: 86 - name: ListMyProjects 87 verb: listMy 88 opResourceInfo: 89 isCollection: true 90 isPlural: true 91 responsePaths: 92 resourceBody: [ "projects" ] 93 withStoreHandle: 94 readOnly: true 95 transaction: NONE 96 multiRegionRouting: 97 skipCodeGenBasedRouting: true 98 - name: SearchMyProjects 99 verb: searchMy 100 opResourceInfo: 101 isCollection: true 102 isPlural: true 103 responsePaths: 104 resourceBody: [ "projects" ] 105 withStoreHandle: 106 readOnly: true 107 transaction: NONE 108 multiRegionRouting: 109 skipCodeGenBasedRouting: true 110 multiRegion: 111 isPolicyHolder: true 112 optIns: 113 searchable: true 114 115 - name: ProjectInvitation 116 parents: 117 - Project 118 actions: 119 - name: AcceptProjectInvitation 120 verb: accept 121 withStoreHandle: 122 transaction: SNAPSHOT 123 - name: DeclineProjectInvitation 124 verb: decline 125 withStoreHandle: 126 transaction: SNAPSHOT 127 - name: ListMyProjectInvitations 128 verb: listMy 129 opResourceInfo: 130 isCollection: true 131 isPlural: true 132 responsePaths: 133 resourceBody: [ "project_invitations" ] 134 withStoreHandle: 135 readOnly: true 136 transaction: NONE 137 - name: ResendProjectInvitation 138 verb: resend 139 opResourceInfo: 140 responsePaths: 141 resourceBody: [ "project_invitation" ] 142 withStoreHandle: 143 transaction: SNAPSHOT 144 145 - name: Group 146 parents: 147 - Project 148 - Organization 149 - meta.goten.com/Service 150 - "" 151 152 - name: GroupMember 153 parents: 154 - Group 155 actions: 156 - name: ListGroupMembersWithMembers 157 opResourceInfo: 158 isPlural: true 159 isCollection: true 160 withStoreHandle: 161 transaction: NONE 162 readOnly: true 163 multiRegionRouting: 164 skipCodeGenBasedRouting: true 165 166 - name: ServiceAccount 167 scopeAttributes: 168 - Region 169 parents: 170 - Project 171 actions: 172 - name: GetMyAgentShard 173 withStoreHandle: 174 transaction: NONE 175 readOnly: true 176 - name: GetShardEndpoints 177 withStoreHandle: 178 transaction: NONE 179 readOnly: true 180 opResourceInfo: 181 skipResourceInRequest: true 182 multiRegionRouting: 183 skipCodeGenBasedRouting: true 184 185 - name: ServiceAccountKey 186 parents: 187 - ServiceAccount 188 189 - name: RoleBinding 190 parents: 191 - Project 192 - Organization 193 - meta.goten.com/Service 194 - "" 195 idPattern : "[\\w.|-]{1,128}" 196 multiRegion: 197 syncType: ALWAYS_IN_SCOPE 198 actions: 199 - name: ListRoleBindingsWithMembers 200 opResourceInfo: 201 isPlural: true 202 isCollection: true 203 withStoreHandle: 204 transaction: NONE 205 readOnly: true 206 multiRegionRouting: 207 skipCodeGenBasedRouting: true 208 209 - name: Condition 210 parents: 211 - Project 212 - Organization 213 - meta.goten.com/Service 214 - "" 215 idPattern : "[a-z][a-z0-9\\\\-]{0,72}[a-z0-9]" 216 multiRegion: 217 syncType: ALWAYS_IN_SCOPE 218 219 - name: AttestationDomain 220 plural: AttestationDomains 221 parents: 222 - Project 223 224 - name: User 225 idPattern : "[\\w.@|_-]{1,128}" 226 actions: 227 - name: GetUserByEmail 228 verb: getByEmail 229 opResourceInfo: 230 skipResourceInRequest: true 231 skipResponseMsgGen: true 232 responseName: User 233 withStoreHandle: 234 readOnly: true 235 transaction: NONE 236 - name: BatchGetUsersByEmail 237 verb: batchGetByEmail 238 opResourceInfo: 239 isPlural: true 240 skipResourceInRequest: true 241 withStoreHandle: 242 readOnly: true 243 transaction: NONE 244 245 - name: GetMySettings 246 verb: getMySettings 247 opResourceInfo: 248 isCollection: true 249 isPlural: false 250 skipResourceInRequest: true 251 withStoreHandle: 252 readOnly: true 253 transaction: NONE 254 - name: SetMySettings 255 verb: setMySettings 256 opResourceInfo: 257 isCollection: true 258 isPlural: false 259 skipResourceInRequest: true 260 withStoreHandle: 261 transaction: SNAPSHOT 262 responseName: google.protobuf.Empty 263 skipResponseMsgGen: true 264 265 - name: RefreshUserFromIdToken 266 verb: refreshUserFromIdToken 267 opResourceInfo: 268 isCollection: true 269 skipResourceInRequest: true 270 multiRegionRouting: 271 executeOnOwningRegion: true 272 withStoreHandle: 273 transaction: MANUAL 274 275 - name: ResendVerificationEmail 276 verb: resendVerificationEmail 277 opResourceInfo: 278 isCollection: true 279 isPlural: false 280 skipResponseMsgGen: true 281 responseName: google.protobuf.Empty 282 withStoreHandle: 283 transaction: MANUAL 284 285 - name: IsUserVerified 286 verb: isUserVerified 287 opResourceInfo: 288 isCollection: true 289 isPlural: false 290 skipResponseMsgGen: true 291 responseName: google.protobuf.Empty 292 withStoreHandle: 293 transaction: MANUAL 294 295 - name: ResetMFAIfRecoveryKeyUsed 296 verb: resetMFAIfRecoveryKeyUsed 297 opResourceInfo: 298 isCollection: true 299 isPlural: false 300 skipResponseMsgGen: true 301 responseName: google.protobuf.Empty 302 withStoreHandle: 303 transaction: SNAPSHOT 304 305 - name: SetUsersNameInAuth0 306 verb: setUsersNameInAuth0 307 opResourceInfo: 308 isCollection: true 309 isPlural: false 310 skipResponseMsgGen: true 311 responseName: google.protobuf.Empty 312 withStoreHandle: 313 transaction: SNAPSHOT 314 315 - name: DeleteUsersByCriteria 316 verb: deleteUsersByCriteria 317 opResourceInfo: 318 skipResourceInRequest: true 319 withStoreHandle: 320 transaction: SNAPSHOT 321 322 - name: MemberAssignment 323 optIns: 324 searchable: true 325 optOuts: 326 basicActions: 327 - CreateMemberAssignment 328 idPattern: ".{1,512}" 329 scopeAttributes: 330 - Region 331 multiRegion: 332 syncType: ALWAYS_GLOBALLY 333 334 apis: 335 - name: Authorization 336 actions: 337 # Special principal actions used by any service to authenticate incoming 338 # requests. These actions protect from unauthorized access - service can 339 # see only principals who are using those services. 340 - name: GetPrincipal 341 verb: getPrincipal 342 withStoreHandle: 343 transaction: MANUAL 344 multiRegionRouting: 345 skipCodeGenBasedRouting: true 346 - name: WatchPrincipalUpdates 347 verb: watchPrincipalUpdates 348 streamingResponse: true 349 withStoreHandle: 350 transaction: NONE 351 multiRegionRouting: 352 skipCodeGenBasedRouting: true 353 # Special actions that can be used by any user to check their own authorization level. 354 - name: CheckMyRoleBindings 355 verb: checkMy 356 opResourceInfo: 357 name: RoleBinding 358 isCollection: true 359 isPlural: true 360 grpcTranscoding: 361 httpBodyField: "*" 362 withStoreHandle: 363 readOnly: true 364 transaction: NONE 365 multiRegionRouting: 366 skipCodeGenBasedRouting: true 367 368 - name: Attestation 369 actions: 370 - name: Verify 371 verb: verify 372 streamingRequest: true 373 streamingResponse: true 374 opResourceInfo: 375 name: AttestationDomain 376 requestPaths: 377 resourceName: [ "ask_for_challenge.attestation_domain" ] 378 withStoreHandle: 379 transaction: NONE 380 readOnly: true 381 382 - name: ServiceProjectsManagement 383 actions: 384 - name: ListMyServiceProjects 385 verb: listMyServiceProjects 386 opResourceInfo: 387 name: Project 388 isCollection: true 389 isPlural: true 390 responsePaths: 391 resourceBody: [ "projects" ] 392 withStoreHandle: 393 readOnly: true 394 transaction: NONE 395 - name: SetupServiceProject 396 verb: setupServiceProject 397 opResourceInfo: 398 name: Project 399 isCollection: true 400 skipResponseMsgGen: true 401 responseName: Project 402 withStoreHandle: 403 transaction: SNAPSHOT 404 multiRegionRouting: 405 executeOnOwningRegion: true 406 - name: ReserveServiceName 407 verb: reserveServiceName 408 opResourceInfo: 409 name: Project 410 withStoreHandle: 411 transaction: SNAPSHOT 412 - name: DeleteServiceReservation 413 verb: deleteServiceReservation 414 responseName: google.protobuf.Empty 415 skipResponseMsgGen: true 416 opResourceInfo: 417 name: Project 418 withStoreHandle: 419 transaction: SNAPSHOT 420 - name: ListServiceReservations 421 verb: listServiceReservations 422 opResourceInfo: 423 name: Project 424 withStoreHandle: 425 transaction: MANUAL 426 - name: ListProjectServices 427 verb: listProjectServices 428 opResourceInfo: 429 name: Project 430 withStoreHandle: 431 transaction: NONE 432 readOnly: true 433 # It is like CreateServiceAccount, but with several other updates. 434 - name: AddRegionalAdminAccountForServices 435 verb: addRegionalAdminAccountForServices 436 opResourceInfo: 437 name: ServiceAccount 438 isCollection: true 439 withStoreHandle: 440 transaction: SNAPSHOT