github.com/cloudwan/edgelq-sdk@v1.15.4/iam/proto/v1alpha2/authorization_custom.proto (about) 1 syntax = "proto3"; 2 3 package ntt.iam.v1alpha2; 4 5 import "edgelq-sdk/iam/proto/v1alpha2/condition.proto"; 6 import "edgelq-sdk/iam/proto/v1alpha2/permission.proto"; 7 import "edgelq-sdk/iam/proto/v1alpha2/permission_change.proto"; 8 import "edgelq-sdk/iam/proto/v1alpha2/role.proto"; 9 import "google/api/resource.proto"; 10 11 option go_package = "github.com/cloudwan/edgelq-sdk/iam/client/v1alpha2/authorization;authorization_client"; 12 option java_multiple_files = false; 13 option java_outer_classname = "AuthorizationCustomProto"; 14 option java_package = "com.ntt.iam.pb.v1alpha2"; 15 16 // Check contains 17 message Check { 18 // Object resource name, e.g. projects/<project_id>/devices/<device_id> 19 string object = 1; 20 21 // Array of permissions to be verified 22 repeated string permissions = 2 23 [ (google.api.resource_reference) = {type : "Permission"} ]; 24 } 25 26 // ConditionalGrant represents grant on repeated list of permissions if all of 27 // conditions is met. 28 message ConditionalGrant { 29 repeated string permissions = 1 30 [ (google.api.resource_reference) = {type : "Permission"} ]; 31 32 repeated ConditionBinding condition_bindings = 2; 33 } 34 35 message CheckResult { 36 // Object resource name, e.g. projects/<project_id>/devices/<device_id> 37 string object = 1; 38 39 // Granted Permissions 40 repeated string granted_permissions = 2 41 [ (google.api.resource_reference) = {type : "Permission"} ]; 42 43 repeated ConditionalGrant conditionally_granted_permissions = 3; 44 } 45 46 // Request message for method 47 // [CheckPermissions][ntt.iam.v1alpha2.CheckPermissions] 48 message CheckPermissionsRequest { 49 // Acting principal, e.g. user or service account 50 // Format of the string is one of: 51 // - "allUsers" (anyone) 52 // - "allAuthenticatedUsers" (anyone logged in) 53 // - "user:admin.super@example.com" 54 // - "serviceAccount:device_agent@watchdog.serviceaccounts.iam.edgelq.com" 55 // - "group:nice.group@example.com" 56 // - "domain:example.com" (anyone with exact email domain) 57 string member = 1; 58 59 // Checks 60 repeated Check checks = 2; 61 62 // If true, server will skip checking permissions in cache 63 bool skip_cache = 3; 64 } 65 66 // Response message for method 67 // [CheckPermissions][ntt.iam.v1alpha2.CheckPermissions] 68 message CheckPermissionsResponse { repeated CheckResult check_results = 1; } 69 70 // Request message for method 71 // [CheckMyPermissions][ntt.iam.v1alpha2.CheckMyPermissions] 72 message CheckMyPermissionsRequest { 73 // Checks 74 repeated Check checks = 2; 75 76 // If true, server will skip checking permissions in cache 77 bool skip_cache = 3; 78 79 reserved 1; 80 } 81 82 // Response message for method 83 // [CheckMyPermissions][ntt.iam.v1alpha2.CheckMyPermissions] 84 message CheckMyPermissionsResponse { repeated CheckResult check_results = 1; } 85 86 // Request message for method 87 // [CheckMyRoles][ntt.iam.v1alpha2.CheckMyRoles] 88 message CheckMyRolesRequest { 89 // Object name forming scope of the check, for example projects/<project_id> 90 string object = 1; 91 } 92 93 // Response message for method 94 // [CheckMyRoles][ntt.iam.v1alpha2.CheckMyRoles] 95 message CheckMyRolesResponse { 96 // Object with scope 97 string object = 1; 98 99 // All unconditionally granted roles 100 repeated string granted_roles = 2 101 [ (google.api.resource_reference) = {type : "Role"} ]; 102 103 // All conditionally granted roles. Each grant should be checked separately 104 repeated ConditionalGrant conditionally_granted_roles = 3; 105 106 message ConditionalGrant { 107 // Role name 108 string role = 1 [ (google.api.resource_reference) = {type : "Role"} ]; 109 110 // All conditions that must be accepted for role to be granted 111 repeated ConditionBinding condition_bindings = 2; 112 } 113 }