As of January 1, 2020 this library no longer supports Python 2 on the latest released version.
Library versions released prior to that date will continue to be available. For more information please
visit Python 2 support on Google Cloud.
Source code for google.iam.v1.policy_pb2
# -*- coding: utf-8 -*-
# Generated by the protocol buffer compiler. DO NOT EDIT!
# source: google/iam/v1/policy.proto
import sys
_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1'))
from google.protobuf import descriptor as _descriptor
from google.protobuf import message as _message
from google.protobuf import reflection as _reflection
from google.protobuf import symbol_database as _symbol_database
# @@protoc_insertion_point(imports)
_sym_db = _symbol_database.Default()
from google.type import expr_pb2 as google_dot_type_dot_expr__pb2
from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
DESCRIPTOR = _descriptor.FileDescriptor(
name='google/iam/v1/policy.proto',
package='google.iam.v1',
syntax='proto3',
serialized_options=_b('\n\021com.google.iam.v1B\013PolicyProtoP\001Z0google.golang.org/genproto/googleapis/iam/v1;iam\370\001\001\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1'),
serialized_pb=_b('\n\x1agoogle/iam/v1/policy.proto\x12\rgoogle.iam.v1\x1a\x16google/type/expr.proto\x1a\x1cgoogle/api/annotations.proto\"Q\n\x06Policy\x12\x0f\n\x07version\x18\x01 \x01(\x05\x12(\n\x08\x62indings\x18\x04 \x03(\x0b\x32\x16.google.iam.v1.Binding\x12\x0c\n\x04\x65tag\x18\x03 \x01(\x0c\"N\n\x07\x42inding\x12\x0c\n\x04role\x18\x01 \x01(\t\x12\x0f\n\x07members\x18\x02 \x03(\t\x12$\n\tcondition\x18\x03 \x01(\x0b\x32\x11.google.type.Expr\"\x80\x01\n\x0bPolicyDelta\x12\x33\n\x0e\x62inding_deltas\x18\x01 \x03(\x0b\x32\x1b.google.iam.v1.BindingDelta\x12<\n\x13\x61udit_config_deltas\x18\x02 \x03(\x0b\x32\x1f.google.iam.v1.AuditConfigDelta\"\xbd\x01\n\x0c\x42indingDelta\x12\x32\n\x06\x61\x63tion\x18\x01 \x01(\x0e\x32\".google.iam.v1.BindingDelta.Action\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x0e\n\x06member\x18\x03 \x01(\t\x12$\n\tcondition\x18\x04 \x01(\x0b\x32\x11.google.type.Expr\"5\n\x06\x41\x63tion\x12\x16\n\x12\x41\x43TION_UNSPECIFIED\x10\x00\x12\x07\n\x03\x41\x44\x44\x10\x01\x12\n\n\x06REMOVE\x10\x02\"\xbd\x01\n\x10\x41uditConfigDelta\x12\x36\n\x06\x61\x63tion\x18\x01 \x01(\x0e\x32&.google.iam.v1.AuditConfigDelta.Action\x12\x0f\n\x07service\x18\x02 \x01(\t\x12\x17\n\x0f\x65xempted_member\x18\x03 \x01(\t\x12\x10\n\x08log_type\x18\x04 \x01(\t\"5\n\x06\x41\x63tion\x12\x16\n\x12\x41\x43TION_UNSPECIFIED\x10\x00\x12\x07\n\x03\x41\x44\x44\x10\x01\x12\n\n\x06REMOVE\x10\x02\x42\x83\x01\n\x11\x63om.google.iam.v1B\x0bPolicyProtoP\x01Z0google.golang.org/genproto/googleapis/iam/v1;iam\xf8\x01\x01\xaa\x02\x13Google.Cloud.Iam.V1\xca\x02\x13Google\\Cloud\\Iam\\V1b\x06proto3')
,
dependencies=[google_dot_type_dot_expr__pb2.DESCRIPTOR,google_dot_api_dot_annotations__pb2.DESCRIPTOR,])
_BINDINGDELTA_ACTION = _descriptor.EnumDescriptor(
name='Action',
full_name='google.iam.v1.BindingDelta.Action',
filename=None,
file=DESCRIPTOR,
values=[
_descriptor.EnumValueDescriptor(
name='ACTION_UNSPECIFIED', index=0, number=0,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='ADD', index=1, number=1,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='REMOVE', index=2, number=2,
serialized_options=None,
type=None),
],
containing_type=None,
serialized_options=None,
serialized_start=530,
serialized_end=583,
)
_sym_db.RegisterEnumDescriptor(_BINDINGDELTA_ACTION)
_AUDITCONFIGDELTA_ACTION = _descriptor.EnumDescriptor(
name='Action',
full_name='google.iam.v1.AuditConfigDelta.Action',
filename=None,
file=DESCRIPTOR,
values=[
_descriptor.EnumValueDescriptor(
name='ACTION_UNSPECIFIED', index=0, number=0,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='ADD', index=1, number=1,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='REMOVE', index=2, number=2,
serialized_options=None,
type=None),
],
containing_type=None,
serialized_options=None,
serialized_start=530,
serialized_end=583,
)
_sym_db.RegisterEnumDescriptor(_AUDITCONFIGDELTA_ACTION)
_POLICY = _descriptor.Descriptor(
name='Policy',
full_name='google.iam.v1.Policy',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='version', full_name='google.iam.v1.Policy.version', index=0,
number=1, type=5, cpp_type=1, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='bindings', full_name='google.iam.v1.Policy.bindings', index=1,
number=4, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='etag', full_name='google.iam.v1.Policy.etag', index=2,
number=3, type=12, cpp_type=9, label=1,
has_default_value=False, default_value=_b(""),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=99,
serialized_end=180,
)
_BINDING = _descriptor.Descriptor(
name='Binding',
full_name='google.iam.v1.Binding',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='role', full_name='google.iam.v1.Binding.role', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='members', full_name='google.iam.v1.Binding.members', index=1,
number=2, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='condition', full_name='google.iam.v1.Binding.condition', index=2,
number=3, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=182,
serialized_end=260,
)
_POLICYDELTA = _descriptor.Descriptor(
name='PolicyDelta',
full_name='google.iam.v1.PolicyDelta',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='binding_deltas', full_name='google.iam.v1.PolicyDelta.binding_deltas', index=0,
number=1, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='audit_config_deltas', full_name='google.iam.v1.PolicyDelta.audit_config_deltas', index=1,
number=2, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=263,
serialized_end=391,
)
_BINDINGDELTA = _descriptor.Descriptor(
name='BindingDelta',
full_name='google.iam.v1.BindingDelta',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='action', full_name='google.iam.v1.BindingDelta.action', index=0,
number=1, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='role', full_name='google.iam.v1.BindingDelta.role', index=1,
number=2, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='member', full_name='google.iam.v1.BindingDelta.member', index=2,
number=3, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='condition', full_name='google.iam.v1.BindingDelta.condition', index=3,
number=4, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
_BINDINGDELTA_ACTION,
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=394,
serialized_end=583,
)
_AUDITCONFIGDELTA = _descriptor.Descriptor(
name='AuditConfigDelta',
full_name='google.iam.v1.AuditConfigDelta',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='action', full_name='google.iam.v1.AuditConfigDelta.action', index=0,
number=1, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='service', full_name='google.iam.v1.AuditConfigDelta.service', index=1,
number=2, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='exempted_member', full_name='google.iam.v1.AuditConfigDelta.exempted_member', index=2,
number=3, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='log_type', full_name='google.iam.v1.AuditConfigDelta.log_type', index=3,
number=4, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
_AUDITCONFIGDELTA_ACTION,
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=586,
serialized_end=775,
)
_POLICY.fields_by_name['bindings'].message_type = _BINDING
_BINDING.fields_by_name['condition'].message_type = google_dot_type_dot_expr__pb2._EXPR
_POLICYDELTA.fields_by_name['binding_deltas'].message_type = _BINDINGDELTA
_POLICYDELTA.fields_by_name['audit_config_deltas'].message_type = _AUDITCONFIGDELTA
_BINDINGDELTA.fields_by_name['action'].enum_type = _BINDINGDELTA_ACTION
_BINDINGDELTA.fields_by_name['condition'].message_type = google_dot_type_dot_expr__pb2._EXPR
_BINDINGDELTA_ACTION.containing_type = _BINDINGDELTA
_AUDITCONFIGDELTA.fields_by_name['action'].enum_type = _AUDITCONFIGDELTA_ACTION
_AUDITCONFIGDELTA_ACTION.containing_type = _AUDITCONFIGDELTA
DESCRIPTOR.message_types_by_name['Policy'] = _POLICY
DESCRIPTOR.message_types_by_name['Binding'] = _BINDING
DESCRIPTOR.message_types_by_name['PolicyDelta'] = _POLICYDELTA
DESCRIPTOR.message_types_by_name['BindingDelta'] = _BINDINGDELTA
DESCRIPTOR.message_types_by_name['AuditConfigDelta'] = _AUDITCONFIGDELTA
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
Policy = _reflection.GeneratedProtocolMessageType('Policy', (_message.Message,), {
'DESCRIPTOR' : _POLICY,
'__module__' : 'google.iam.v1.policy_pb2'
,
'__doc__' : """Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform resources.
A ``Policy`` consists of a list of ``bindings``. A ``binding`` binds a
list of ``members`` to a ``role``, where the members can be user
accounts, Google groups, Google domains, and service accounts. A
``role`` is a named list of permissions defined by IAM.
**JSON Example**
::
{
"bindings": [
{
"role": "roles/owner",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-other-app@appspot.gserviceaccount.com"
]
},
{
"role": "roles/viewer",
"members": ["user:sean@example.com"]
}
]
}
**YAML Example**
::
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-other-app@appspot.gserviceaccount.com
role: roles/owner
- members:
- user:sean@example.com
role: roles/viewer
For a description of IAM and its features, see the `IAM developer’s
guide <https://cloud.google.com/iam/docs>`__.
Attributes:
version:
Deprecated.
bindings:
Associates a list of ``members`` to a ``role``. ``bindings``
with no members will result in an error.
etag:
``etag`` is used for optimistic concurrency control as a way
to help prevent simultaneous updates of a policy from
overwriting each other. It is strongly suggested that systems
make use of the ``etag`` in the read-modify-write cycle to
perform policy updates in order to avoid race conditions: An
``etag`` is returned in the response to ``getIamPolicy``, and
systems are expected to put that etag in the request to
``setIamPolicy`` to ensure that their change will be applied
to the same version of the policy. If no ``etag`` is provided
in the call to ``setIamPolicy``, then the existing policy is
overwritten blindly.
""",
# @@protoc_insertion_point(class_scope:google.iam.v1.Policy)
})
_sym_db.RegisterMessage(Policy)
Binding = _reflection.GeneratedProtocolMessageType('Binding', (_message.Message,), {
'DESCRIPTOR' : _BINDING,
'__module__' : 'google.iam.v1.policy_pb2'
,
'__doc__' : """Associates ``members`` with a ``role``.
Attributes:
role:
Role that is assigned to ``members``. For example,
``roles/viewer``, ``roles/editor``, or ``roles/owner``.
members:
Specifies the identities requesting access for a Cloud
Platform resource. ``members`` can have the following values:
- ``allUsers``: A special identifier that represents anyone
who is on the internet; with or without a Google account.
- ``allAuthenticatedUsers``: A special identifier that
represents anyone who is authenticated with a Google
account or a service account. - ``user:{emailid}``: An
email address that represents a specific Google account.
For example, ``alice@gmail.com`` . -
``serviceAccount:{emailid}``: An email address that represents
a service account. For example, ``my-other-
app@appspot.gserviceaccount.com``. - ``group:{emailid}``: An
email address that represents a Google group. For example,
``admins@example.com``. - ``domain:{domain}``: The G Suite
domain (primary) that represents all the users of that
domain. For example, ``google.com`` or ``example.com``.
condition:
The condition that is associated with this binding. NOTE: An
unsatisfied condition will not allow user access via current
binding. Different bindings, including their conditions, are
examined independently.
""",
# @@protoc_insertion_point(class_scope:google.iam.v1.Binding)
})
_sym_db.RegisterMessage(Binding)
PolicyDelta = _reflection.GeneratedProtocolMessageType('PolicyDelta', (_message.Message,), {
'DESCRIPTOR' : _POLICYDELTA,
'__module__' : 'google.iam.v1.policy_pb2'
,
'__doc__' : """The difference delta between two policies.
Attributes:
binding_deltas:
The delta for Bindings between two policies.
audit_config_deltas:
The delta for AuditConfigs between two policies.
""",
# @@protoc_insertion_point(class_scope:google.iam.v1.PolicyDelta)
})
_sym_db.RegisterMessage(PolicyDelta)
BindingDelta = _reflection.GeneratedProtocolMessageType('BindingDelta', (_message.Message,), {
'DESCRIPTOR' : _BINDINGDELTA,
'__module__' : 'google.iam.v1.policy_pb2'
,
'__doc__' : """One delta entry for Binding. Each individual change (only one member in
each entry) to a binding will be a separate entry.
Attributes:
action:
The action that was performed on a Binding. Required
role:
Role that is assigned to ``members``. For example,
``roles/viewer``, ``roles/editor``, or ``roles/owner``.
Required
member:
A single identity requesting access for a Cloud Platform
resource. Follows the same format of Binding.members. Required
condition:
Unimplemented. The condition that is associated with this
binding. This field is logged only for Cloud Audit Logging.
""",
# @@protoc_insertion_point(class_scope:google.iam.v1.BindingDelta)
})
_sym_db.RegisterMessage(BindingDelta)
AuditConfigDelta = _reflection.GeneratedProtocolMessageType('AuditConfigDelta', (_message.Message,), {
'DESCRIPTOR' : _AUDITCONFIGDELTA,
'__module__' : 'google.iam.v1.policy_pb2'
,
'__doc__' : """One delta entry for AuditConfig. Each individual change (only one
exempted_member in each entry) to a AuditConfig will be a separate
entry.
Attributes:
action:
The action that was performed on an audit configuration in a
policy. Required
service:
Specifies a service that was configured for Cloud Audit
Logging. For example, ``storage.googleapis.com``,
``cloudsql.googleapis.com``. ``allServices`` is a special
value that covers all services. Required
exempted_member:
A single identity that is exempted from “data access” audit
logging for the ``service`` specified above. Follows the same
format of Binding.members.
log_type:
Specifies the log_type that was be enabled. ADMIN_ACTIVITY is
always enabled, and cannot be configured. Required
""",
# @@protoc_insertion_point(class_scope:google.iam.v1.AuditConfigDelta)
})
_sym_db.RegisterMessage(AuditConfigDelta)
DESCRIPTOR._options = None
# @@protoc_insertion_point(module_scope)
