1*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.policytroubleshooter.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport public "google/cloud/policytroubleshooter/v1/explanations.proto"; 20*d5c09012SAndroid Build Coastguard Worker 21*d5c09012SAndroid Build Coastguard Workerimport "google/api/annotations.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/api/client.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "google/rpc/status.proto"; 24*d5c09012SAndroid Build Coastguard Worker 25*d5c09012SAndroid Build Coastguard Workeroption cc_enable_arenas = true; 26*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.PolicyTroubleshooter.V1"; 27*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/policytroubleshooter/apiv1/policytroubleshooterpb;policytroubleshooterpb"; 28*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 29*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "IAMCheckerProto"; 30*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.policytroubleshooter.v1"; 31*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\PolicyTroubleshooter\\V1"; 32*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::PolicyTroubleshooter::V1"; 33*d5c09012SAndroid Build Coastguard Worker 34*d5c09012SAndroid Build Coastguard Worker// IAM Policy Troubleshooter service. 35*d5c09012SAndroid Build Coastguard Worker// 36*d5c09012SAndroid Build Coastguard Worker// This service helps you troubleshoot access issues for Google Cloud resources. 37*d5c09012SAndroid Build Coastguard Workerservice IamChecker { 38*d5c09012SAndroid Build Coastguard Worker option (google.api.default_host) = "policytroubleshooter.googleapis.com"; 39*d5c09012SAndroid Build Coastguard Worker option (google.api.oauth_scopes) = 40*d5c09012SAndroid Build Coastguard Worker "https://www.googleapis.com/auth/cloud-platform"; 41*d5c09012SAndroid Build Coastguard Worker 42*d5c09012SAndroid Build Coastguard Worker // Checks whether a principal has a specific permission for a specific 43*d5c09012SAndroid Build Coastguard Worker // resource, and explains why the principal does or does not have that 44*d5c09012SAndroid Build Coastguard Worker // permission. 45*d5c09012SAndroid Build Coastguard Worker rpc TroubleshootIamPolicy(TroubleshootIamPolicyRequest) 46*d5c09012SAndroid Build Coastguard Worker returns (TroubleshootIamPolicyResponse) { 47*d5c09012SAndroid Build Coastguard Worker option (google.api.http) = { 48*d5c09012SAndroid Build Coastguard Worker post: "/v1/iam:troubleshoot" 49*d5c09012SAndroid Build Coastguard Worker body: "*" 50*d5c09012SAndroid Build Coastguard Worker }; 51*d5c09012SAndroid Build Coastguard Worker } 52*d5c09012SAndroid Build Coastguard Worker} 53*d5c09012SAndroid Build Coastguard Worker 54*d5c09012SAndroid Build Coastguard Worker// Request for 55*d5c09012SAndroid Build Coastguard Worker// [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. 56*d5c09012SAndroid Build Coastguard Workermessage TroubleshootIamPolicyRequest { 57*d5c09012SAndroid Build Coastguard Worker // The information to use for checking whether a principal has a permission 58*d5c09012SAndroid Build Coastguard Worker // for a resource. 59*d5c09012SAndroid Build Coastguard Worker AccessTuple access_tuple = 1; 60*d5c09012SAndroid Build Coastguard Worker} 61*d5c09012SAndroid Build Coastguard Worker 62*d5c09012SAndroid Build Coastguard Worker// Response for 63*d5c09012SAndroid Build Coastguard Worker// [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. 64*d5c09012SAndroid Build Coastguard Workermessage TroubleshootIamPolicyResponse { 65*d5c09012SAndroid Build Coastguard Worker // Indicates whether the principal has the specified permission for the 66*d5c09012SAndroid Build Coastguard Worker // specified resource, based on evaluating all of the applicable IAM policies. 67*d5c09012SAndroid Build Coastguard Worker AccessState access = 1; 68*d5c09012SAndroid Build Coastguard Worker 69*d5c09012SAndroid Build Coastguard Worker // List of IAM policies that were evaluated to check the principal's 70*d5c09012SAndroid Build Coastguard Worker // permissions, with annotations to indicate how each policy contributed to 71*d5c09012SAndroid Build Coastguard Worker // the final result. 72*d5c09012SAndroid Build Coastguard Worker // 73*d5c09012SAndroid Build Coastguard Worker // The list of policies can include the policy for the resource itself. It can 74*d5c09012SAndroid Build Coastguard Worker // also include policies that are inherited from higher levels of the resource 75*d5c09012SAndroid Build Coastguard Worker // hierarchy, including the organization, the folder, and the project. 76*d5c09012SAndroid Build Coastguard Worker // 77*d5c09012SAndroid Build Coastguard Worker // To learn more about the resource hierarchy, see 78*d5c09012SAndroid Build Coastguard Worker // https://cloud.google.com/iam/help/resource-hierarchy. 79*d5c09012SAndroid Build Coastguard Worker repeated ExplainedPolicy explained_policies = 2; 80*d5c09012SAndroid Build Coastguard Worker 81*d5c09012SAndroid Build Coastguard Worker // The general errors contained in the troubleshooting response. 82*d5c09012SAndroid Build Coastguard Worker repeated google.rpc.Status errors = 3; 83*d5c09012SAndroid Build Coastguard Worker} 84