github.com/cloudwan/edgelq-sdk@v1.15.4/iam/proto/v1/authorization_custom.proto

github.com/cloudwan/edgelq-sdk@v1.15.4/iam/proto/v1/authorization_custom.proto (about)

     1  syntax = "proto3";
     2  
     3  package ntt.iam.v1;
     4  
     5  import "edgelq-sdk/iam/proto/v1/condition.proto";
     6  import "edgelq-sdk/iam/proto/v1/permission.proto";
     7  import "edgelq-sdk/iam/proto/v1/permission_change.proto";
     8  import "edgelq-sdk/iam/proto/v1/role.proto";
     9  import "edgelq-sdk/iam/proto/v1/role_binding.proto";
    10  import "edgelq-sdk/iam/proto/v1/role_binding_change.proto";
    11  import "edgelq-sdk/iam/proto/v1/service_account.proto";
    12  import "edgelq-sdk/iam/proto/v1/service_account_key.proto";
    13  import "edgelq-sdk/iam/proto/v1/user.proto";
    14  import "google/protobuf/field_mask.proto";
    15  import "goten-sdk/types/view.proto";
    16  
    17  option go_package = "github.com/cloudwan/edgelq-sdk/iam/client/v1/authorization;authorization_client";
    18  option java_multiple_files = false;
    19  option java_outer_classname = "AuthorizationCustomProto";
    20  option java_package = "com.ntt.iam.pb.v1";
    21  
    22  // Request message for method [GetPrincipal][ntt.iam.v1.GetPrincipal]
    23  message GetPrincipalRequest {
    24    // Service asking for given principal - IAM verifies if given principal has
    25    // any role bindings in requesting service.
    26    string requesting_service = 1;
    27  
    28    // Principal ID, different for users or service accounts
    29    string principal_key_id = 2;
    30  
    31    // User authorization token
    32    string auth_token = 4;
    33  
    34    reserved 3;
    35  }
    36  
    37  // Response message for method [GetPrincipal][ntt.iam.v1.GetPrincipal]
    38  message GetPrincipalResponse {
    39    // Public json key
    40    string json_key = 1;
    41  
    42    // Key type
    43    string principal_key_type = 2;
    44  
    45    oneof principal {
    46      // User data mapping principal
    47      User user = 3;
    48  
    49      // Service account mapping principal
    50      ServiceAccount service_account = 4;
    51  
    52      // Anonymous principal
    53      bool anonymous = 5;
    54    }
    55  }
    56  
    57  // Request message for method
    58  // [WatchPrincipalUpdates][ntt.iam.v1.WatchPrincipalUpdates]
    59  message WatchPrincipalUpdatesRequest {
    60    string requesting_service = 1;
    61  
    62    // Resume token in case of disconnection
    63    string resume_token = 3;
    64  
    65    reserved 2;
    66  }
    67  
    68  // Response message for method
    69  // [WatchPrincipalUpdates][ntt.iam.v1.WatchPrincipalUpdates]
    70  message WatchPrincipalUpdatesResponse {
    71    // All added or removed principals
    72    repeated CurrentPrincipal current_principals = 1;
    73  
    74    // All removed principals
    75    repeated RemovedPrincipal removed_principals = 2;
    76  
    77    // Whether list of shadows received by client is in sync
    78    bool is_current = 3;
    79  
    80    // Whether current, pending changes should be reset.
    81    bool is_reset = 4;
    82  
    83    // Token to resume from.
    84    string resume_token = 5;
    85  
    86    message CurrentPrincipal {
    87      string principal_key_id = 1;
    88  
    89      string json_key = 2;
    90  
    91      string principal_key_type = 3;
    92  
    93      oneof update {
    94        User user = 4;
    95  
    96        ServiceAccount service_account = 5;
    97      }
    98    }
    99  
   100    message RemovedPrincipal { string principal_key_id = 1; }
   101  }
   102  
   103  // Request message for method
   104  // [CheckMyRoleBindings][ntt.iam.v1.CheckMyRoleBindings]
   105  message CheckMyRoleBindingsRequest {
   106    // Scope determines where roles should be looked from - its either system,
   107    // service, project or organization scope. However, if it contains an
   108    // organization or project, CheckMyRoles will perform check on all ancestry
   109    // path (parent organizations).
   110    string parent = 1;
   111  
   112    // Optional additional filter to apply on role bindings returned
   113    // Simplified SQL-like syntax with following operators:
   114    // <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS
   115    // [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels
   116    // CONTAINS "severity:important" OR (state.last_error_time >
   117    // "2018-11-15T10:00:00Z" AND state.status = "ERROR")'
   118    string filter = 5;
   119  
   120    // Custom field mask to apply on role bindings. By default, is none is
   121    // specified, following is used: [ "name", "role", "scope_params",
   122    // "executable_conditions", "owned_objects" ].
   123    google.protobuf.FieldMask custom_field_mask = 6;
   124  }
   125  
   126  // Response message for method [CheckMyRoles][ntt.iam.v1.CheckMyRoles]
   127  message CheckMyRoleBindingsResponse {
   128    // List of returned role bindings with corresponding grants.
   129    repeated ResolvableGrant resolvable_grants = 1;
   130  
   131    message ResolvableGrant {
   132      // Granted RoleBinding for the scope
   133      RoleBinding role_binding = 1;
   134  
   135      // All grants extracted from the Role
   136      repeated Role.Grant grants = 2;
   137    }
   138  }