Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(228)

Side by Side Diff: discovery/googleapis/iam__v1.json

Issue 1797933002: Api-roll 33: 2016-03-14 (Closed) Base URL: git@github.com:dart-lang/googleapis.git@master
Patch Set: Added resources/*/CHANGELOG.md, addresssed comments Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 {
2 "auth": {
3 "oauth2": {
4 "scopes": {
5 "https://www.googleapis.com/auth/cloud-platform": {
6 "description": "View and manage your data across Google Clou d Platform services"
7 }
8 }
9 }
10 },
11 "basePath": "",
12 "baseUrl": "https://iam.googleapis.com/",
13 "batchPath": "batch",
14 "description": "Manages identity and access control for Google Cloud Platfor m resources, including the creation of service accounts, which you can use to au thenticate to Google and make API calls.",
15 "discoveryVersion": "v1",
16 "documentationLink": "https://cloud.google.com/iam/",
17 "etag": "\"bRFOOrZKfO9LweMbPqu0kcu6De8/KGIJuBPLol6TqL9arf5YOmp-wQ0\"",
18 "icons": {
19 "x16": "http://www.google.com/images/icons/product/search-16.gif",
20 "x32": "http://www.google.com/images/icons/product/search-32.gif"
21 },
22 "id": "iam:v1",
23 "kind": "discovery#restDescription",
24 "name": "iam",
25 "ownerDomain": "google.com",
26 "ownerName": "Google",
27 "parameters": {
28 "access_token": {
29 "description": "OAuth access token.",
30 "location": "query",
31 "type": "string"
32 },
33 "alt": {
34 "default": "json",
35 "description": "Data format for response.",
36 "enumDescriptions": [
37 "Responses with Content-Type of application/json",
38 "Media download with context-dependent Content-Type",
39 "Responses with Content-Type of application/x-protobuf"
40 ],
41 "location": "query",
42 "type": "string"
43 },
44 "bearer_token": {
45 "description": "OAuth bearer token.",
46 "location": "query",
47 "type": "string"
48 },
49 "callback": {
50 "description": "JSONP",
51 "location": "query",
52 "type": "string"
53 },
54 "fields": {
55 "description": "Selector specifying which fields to include in a par tial response.",
56 "location": "query",
57 "type": "string"
58 },
59 "key": {
60 "description": "API key. Your API key identifies your project and pr ovides you with API access, quota, and reports. Required unless you provide an O Auth 2.0 token.",
61 "location": "query",
62 "type": "string"
63 },
64 "oauth_token": {
65 "description": "OAuth 2.0 token for the current user.",
66 "location": "query",
67 "type": "string"
68 },
69 "pp": {
70 "default": "true",
71 "description": "Pretty-print response.",
72 "location": "query",
73 "type": "boolean"
74 },
75 "prettyPrint": {
76 "default": "true",
77 "description": "Returns response with indentations and line breaks." ,
78 "location": "query",
79 "type": "boolean"
80 },
81 "quotaUser": {
82 "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exc eed 40 characters.",
83 "location": "query",
84 "type": "string"
85 },
86 "upload_protocol": {
87 "description": "Upload protocol for media (e.g. \"raw\", \"multipart \").",
88 "location": "query",
89 "type": "string"
90 },
91 "uploadType": {
92 "description": "Legacy upload protocol for media (e.g. \"media\", \" multipart\").",
93 "location": "query",
94 "type": "string"
95 },
96 "$.xgafv": {
97 "description": "V1 error format.",
98 "enumDescriptions": [
99 "v1 error format",
100 "v2 error format"
101 ],
102 "location": "query",
103 "type": "string"
104 }
105 },
106 "protocol": "rest",
107 "resources": {
108 "projects": {
109 "resources": {
110 "serviceAccounts": {
111 "methods": {
112 "list": {
113 "description": "Lists service accounts for a project .",
114 "httpMethod": "GET",
115 "id": "iam.projects.serviceAccounts.list",
116 "parameterOrder": [
117 "name"
118 ],
119 "parameters": {
120 "name": {
121 "description": "Required. The resource name of the project associated with the service accounts, such as \"projects/123\"",
122 "location": "path",
123 "pattern": "^projects/[^/]*$",
124 "required": true,
125 "type": "string"
126 },
127 "pageSize": {
128 "description": "Optional limit on the number of service accounts to include in the response. Further accounts can subsequent ly be obtained by including the [ListServiceAccountsResponse.next_page_token] in a subsequent request.",
129 "format": "int32",
130 "location": "query",
131 "type": "integer"
132 },
133 "pageToken": {
134 "description": "Optional pagination token re turned in an earlier [ListServiceAccountsResponse.next_page_token].",
135 "location": "query",
136 "type": "string"
137 }
138 },
139 "path": "v1/{+name}/serviceAccounts",
140 "response": {
141 "$ref": "ListServiceAccountsResponse"
142 },
143 "scopes": [
144 "https://www.googleapis.com/auth/cloud-platform"
145 ]
146 },
147 "get": {
148 "description": "Gets a ServiceAccount",
149 "httpMethod": "GET",
150 "id": "iam.projects.serviceAccounts.get",
151 "parameterOrder": [
152 "name"
153 ],
154 "parameters": {
155 "name": {
156 "description": "The resource name of the ser vice account in the format \"projects/{project}/serviceAccounts/{account}\". Usi ng '-' as a wildcard for the project, will infer the project from the account. T he account value can be the email address or the unique_id of the service accoun t.",
157 "location": "path",
158 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
159 "required": true,
160 "type": "string"
161 }
162 },
163 "path": "v1/{+name}",
164 "response": {
165 "$ref": "ServiceAccount"
166 },
167 "scopes": [
168 "https://www.googleapis.com/auth/cloud-platform"
169 ]
170 },
171 "create": {
172 "description": "Creates a service account and return s it.",
173 "httpMethod": "POST",
174 "id": "iam.projects.serviceAccounts.create",
175 "parameterOrder": [
176 "name"
177 ],
178 "parameters": {
179 "name": {
180 "description": "Required. The resource name of the project associated with the service accounts, such as \"projects/123\"",
181 "location": "path",
182 "pattern": "^projects/[^/]*$",
183 "required": true,
184 "type": "string"
185 }
186 },
187 "path": "v1/{+name}/serviceAccounts",
188 "request": {
189 "$ref": "CreateServiceAccountRequest"
190 },
191 "response": {
192 "$ref": "ServiceAccount"
193 },
194 "scopes": [
195 "https://www.googleapis.com/auth/cloud-platform"
196 ]
197 },
198 "update": {
199 "description": "Updates a service account. Currently , only the following fields are updatable: 'display_name' . The 'etag' is mandat ory.",
200 "httpMethod": "PUT",
201 "id": "iam.projects.serviceAccounts.update",
202 "parameterOrder": [
203 "name"
204 ],
205 "parameters": {
206 "name": {
207 "description": "The resource name of the ser vice account in the format \"projects/{project}/serviceAccounts/{account}\". In requests using '-' as a wildcard for the project, will infer the project from th e account and the account value can be the email address or the unique_id of the service account. In responses the resource name will always be in the format \" projects/{project}/serviceAccounts/{email}\".",
208 "location": "path",
209 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
210 "required": true,
211 "type": "string"
212 }
213 },
214 "path": "v1/{+name}",
215 "request": {
216 "$ref": "ServiceAccount"
217 },
218 "response": {
219 "$ref": "ServiceAccount"
220 },
221 "scopes": [
222 "https://www.googleapis.com/auth/cloud-platform"
223 ]
224 },
225 "delete": {
226 "description": "Deletes a service acount.",
227 "httpMethod": "DELETE",
228 "id": "iam.projects.serviceAccounts.delete",
229 "parameterOrder": [
230 "name"
231 ],
232 "parameters": {
233 "name": {
234 "description": "The resource name of the ser vice account in the format \"projects/{project}/serviceAccounts/{account}\". Usi ng '-' as a wildcard for the project, will infer the project from the account. T he account value can be the email address or the unique_id of the service accoun t.",
235 "location": "path",
236 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
237 "required": true,
238 "type": "string"
239 }
240 },
241 "path": "v1/{+name}",
242 "response": {
243 "$ref": "Empty"
244 },
245 "scopes": [
246 "https://www.googleapis.com/auth/cloud-platform"
247 ]
248 },
249 "signBlob": {
250 "description": "Signs a blob using a service account .",
251 "httpMethod": "POST",
252 "id": "iam.projects.serviceAccounts.signBlob",
253 "parameterOrder": [
254 "name"
255 ],
256 "parameters": {
257 "name": {
258 "description": "The resource name of the ser vice account in the format \"projects/{project}/serviceAccounts/{account}\". Usi ng '-' as a wildcard for the project, will infer the project from the account. T he account value can be the email address or the unique_id of the service accoun t.",
259 "location": "path",
260 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
261 "required": true,
262 "type": "string"
263 }
264 },
265 "path": "v1/{+name}:signBlob",
266 "request": {
267 "$ref": "SignBlobRequest"
268 },
269 "response": {
270 "$ref": "SignBlobResponse"
271 },
272 "scopes": [
273 "https://www.googleapis.com/auth/cloud-platform"
274 ]
275 },
276 "getIamPolicy": {
277 "description": "Returns the IAM access control polic y for specified IAM resource.",
278 "httpMethod": "POST",
279 "id": "iam.projects.serviceAccounts.getIamPolicy",
280 "parameterOrder": [
281 "resource"
282 ],
283 "parameters": {
284 "resource": {
285 "description": "REQUIRED: The resource for w hich the policy is being requested. `resource` is usually specified as a path, s uch as `projects/*project*/zones/*zone*/disks/*disk*`. The format for the path s pecified in this value is resource specific and is specified in the `getIamPolic y` documentation.",
286 "location": "path",
287 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
288 "required": true,
289 "type": "string"
290 }
291 },
292 "path": "v1/{+resource}:getIamPolicy",
293 "response": {
294 "$ref": "Policy"
295 },
296 "scopes": [
297 "https://www.googleapis.com/auth/cloud-platform"
298 ]
299 },
300 "setIamPolicy": {
301 "description": "Sets the IAM access control policy f or the specified IAM resource.",
302 "httpMethod": "POST",
303 "id": "iam.projects.serviceAccounts.setIamPolicy",
304 "parameterOrder": [
305 "resource"
306 ],
307 "parameters": {
308 "resource": {
309 "description": "REQUIRED: The resource for w hich the policy is being specified. `resource` is usually specified as a path, s uch as `projects/*project*/zones/*zone*/disks/*disk*`. The format for the path s pecified in this value is resource specific and is specified in the `setIamPolic y` documentation.",
310 "location": "path",
311 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
312 "required": true,
313 "type": "string"
314 }
315 },
316 "path": "v1/{+resource}:setIamPolicy",
317 "request": {
318 "$ref": "SetIamPolicyRequest"
319 },
320 "response": {
321 "$ref": "Policy"
322 },
323 "scopes": [
324 "https://www.googleapis.com/auth/cloud-platform"
325 ]
326 },
327 "testIamPermissions": {
328 "description": "Tests the specified permissions agai nst the IAM access control policy for the specified IAM resource.",
329 "httpMethod": "POST",
330 "id": "iam.projects.serviceAccounts.testIamPermissio ns",
331 "parameterOrder": [
332 "resource"
333 ],
334 "parameters": {
335 "resource": {
336 "description": "REQUIRED: The resource for w hich the policy detail is being requested. `resource` is usually specified as a path, such as `projects/*project*/zones/*zone*/disks/*disk*`. The format for the path specified in this value is resource specific and is specified in the `test IamPermissions` documentation.",
337 "location": "path",
338 "pattern": "^projects/[^/]*/serviceAccounts/ [^/]*$",
339 "required": true,
340 "type": "string"
341 }
342 },
343 "path": "v1/{+resource}:testIamPermissions",
344 "request": {
345 "$ref": "TestIamPermissionsRequest"
346 },
347 "response": {
348 "$ref": "TestIamPermissionsResponse"
349 },
350 "scopes": [
351 "https://www.googleapis.com/auth/cloud-platform"
352 ]
353 }
354 },
355 "resources": {
356 "keys": {
357 "methods": {
358 "list": {
359 "description": "Lists service account keys",
360 "httpMethod": "GET",
361 "id": "iam.projects.serviceAccounts.keys.lis t",
362 "parameterOrder": [
363 "name"
364 ],
365 "parameters": {
366 "name": {
367 "description": "The resource name of the service account in the format \"projects/{project}/serviceAccounts/{account }\". Using '-' as a wildcard for the project, will infer the project from the ac count. The account value can be the email address or the unique_id of the servic e account.",
368 "location": "path",
369 "pattern": "^projects/[^/]*/serviceA ccounts/[^/]*$",
370 "required": true,
371 "type": "string"
372 },
373 "keyTypes": {
374 "description": "The type of keys the user wants to list. If empty, all key types are included in the response. Dupli cate key types are not allowed.",
375 "enum": [
376 "KEY_TYPE_UNSPECIFIED",
377 "USER_MANAGED",
378 "SYSTEM_MANAGED"
379 ],
380 "location": "query",
381 "repeated": true,
382 "type": "string"
383 }
384 },
385 "path": "v1/{+name}/keys",
386 "response": {
387 "$ref": "ListServiceAccountKeysResponse"
388 },
389 "scopes": [
390 "https://www.googleapis.com/auth/cloud-p latform"
391 ]
392 },
393 "get": {
394 "description": "Gets the ServiceAccountKey b y key id.",
395 "httpMethod": "GET",
396 "id": "iam.projects.serviceAccounts.keys.get ",
397 "parameterOrder": [
398 "name"
399 ],
400 "parameters": {
401 "name": {
402 "description": "The resource name of the service account key in the format \"projects/{project}/serviceAccounts/{acc ount}/keys/{key}\". Using '-' as a wildcard for the project will infer the proje ct from the account. The account value can be the email address or the unique_id of the service account.",
403 "location": "path",
404 "pattern": "^projects/[^/]*/serviceA ccounts/[^/]*/keys/[^/]*$",
405 "required": true,
406 "type": "string"
407 }
408 },
409 "path": "v1/{+name}",
410 "response": {
411 "$ref": "ServiceAccountKey"
412 },
413 "scopes": [
414 "https://www.googleapis.com/auth/cloud-p latform"
415 ]
416 },
417 "create": {
418 "description": "Creates a service account ke y and returns it.",
419 "httpMethod": "POST",
420 "id": "iam.projects.serviceAccounts.keys.cre ate",
421 "parameterOrder": [
422 "name"
423 ],
424 "parameters": {
425 "name": {
426 "description": "The resource name of the service account in the format \"projects/{project}/serviceAccounts/{account }\". Using '-' as a wildcard for the project, will infer the project from the ac count. The account value can be the email address or the unique_id of the servic e account.",
427 "location": "path",
428 "pattern": "^projects/[^/]*/serviceA ccounts/[^/]*$",
429 "required": true,
430 "type": "string"
431 }
432 },
433 "path": "v1/{+name}/keys",
434 "request": {
435 "$ref": "CreateServiceAccountKeyRequest"
436 },
437 "response": {
438 "$ref": "ServiceAccountKey"
439 },
440 "scopes": [
441 "https://www.googleapis.com/auth/cloud-p latform"
442 ]
443 },
444 "delete": {
445 "description": "Deletes a service account ke y.",
446 "httpMethod": "DELETE",
447 "id": "iam.projects.serviceAccounts.keys.del ete",
448 "parameterOrder": [
449 "name"
450 ],
451 "parameters": {
452 "name": {
453 "description": "The resource name of the service account key in the format \"projects/{project}/serviceAccounts/{acc ount}/keys/{key}\". Using '-' as a wildcard for the project will infer the proje ct from the account. The account value can be the email address or the unique_id of the service account.",
454 "location": "path",
455 "pattern": "^projects/[^/]*/serviceA ccounts/[^/]*/keys/[^/]*$",
456 "required": true,
457 "type": "string"
458 }
459 },
460 "path": "v1/{+name}",
461 "response": {
462 "$ref": "Empty"
463 },
464 "scopes": [
465 "https://www.googleapis.com/auth/cloud-p latform"
466 ]
467 }
468 }
469 }
470 }
471 }
472 }
473 }
474 },
475 "revision": "20160129",
476 "rootUrl": "https://iam.googleapis.com/",
477 "schemas": {
478 "ListServiceAccountsResponse": {
479 "description": "The service account list response.",
480 "id": "ListServiceAccountsResponse",
481 "properties": {
482 "accounts": {
483 "description": "The list of matching service accounts.",
484 "items": {
485 "$ref": "ServiceAccount"
486 },
487 "type": "array"
488 },
489 "nextPageToken": {
490 "description": "To retrieve the next page of results, set [L istServiceAccountsRequest.page_token] to this value.",
491 "type": "string"
492 }
493 },
494 "type": "object"
495 },
496 "ServiceAccount": {
497 "description": "A service account in the Identity and Access Managem ent API. To create a service account, you specify the project_id and account_id for the account. The account_id is unique within the project, and used to genera te the service account email address and a stable unique id. All other methods c an identify accounts using the format \"projects/{project}/serviceAccounts/{acco unt}\". Using '-' as a wildcard for the project, will infer the project from the account. The account value can be the email address or the unique_id of the ser vice account.",
498 "id": "ServiceAccount",
499 "properties": {
500 "name": {
501 "description": "The resource name of the service account in the format \"projects/{project}/serviceAccounts/{account}\". In requests using ' -' as a wildcard for the project, will infer the project from the account and th e account value can be the email address or the unique_id of the service account . In responses the resource name will always be in the format \"projects/{projec t}/serviceAccounts/{email}\".",
502 "type": "string"
503 },
504 "projectId": {
505 "description": "@OutputOnly The id of the project that owns the service account.",
506 "type": "string"
507 },
508 "uniqueId": {
509 "description": "@OutputOnly unique and stable id of the serv ice account.",
510 "type": "string"
511 },
512 "email": {
513 "description": "@OutputOnly Email address of the service acc ount.",
514 "type": "string"
515 },
516 "displayName": {
517 "description": "Optional. A user-specified description of th e service account. Must be fewer than 100 UTF-8 bytes.",
518 "type": "string"
519 },
520 "etag": {
521 "description": "Used to perform a consistent read-modify-wri te.",
522 "format": "byte",
523 "type": "string"
524 },
525 "oauth2ClientId": {
526 "description": "@OutputOnly. The OAuth2 client id for the se rvice account. This is used in conjunction with the OAuth2 clientconfig API to m ake three legged OAuth2 (3LO) flows to access the data of Google users.",
527 "type": "string"
528 }
529 },
530 "type": "object"
531 },
532 "CreateServiceAccountRequest": {
533 "description": "The service account create request.",
534 "id": "CreateServiceAccountRequest",
535 "properties": {
536 "accountId": {
537 "description": "Required. The account id that is used to gen erate the service account email address and a stable unique id. It is unique wit hin a project, must be 1-63 characters long, and match the regular expression [a -z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035.",
538 "type": "string"
539 },
540 "serviceAccount": {
541 "$ref": "ServiceAccount",
542 "description": "The ServiceAccount resource to create. Curre ntly, only the following values are user assignable: display_name ."
543 }
544 },
545 "type": "object"
546 },
547 "Empty": {
548 "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON re presentation for `Empty` is empty JSON object `{}`.",
549 "id": "Empty",
550 "type": "object"
551 },
552 "ListServiceAccountKeysResponse": {
553 "description": "The service account keys list response.",
554 "id": "ListServiceAccountKeysResponse",
555 "properties": {
556 "keys": {
557 "description": "The public keys for the service account.",
558 "items": {
559 "$ref": "ServiceAccountKey"
560 },
561 "type": "array"
562 }
563 },
564 "type": "object"
565 },
566 "ServiceAccountKey": {
567 "description": "Represents a service account key. A service account can have 0 or more key pairs. The private keys for these are not stored by Googl e. ServiceAccountKeys are immutable.",
568 "id": "ServiceAccountKey",
569 "properties": {
570 "name": {
571 "description": "The resource name of the service account key in the format \"projects/{project}/serviceAccounts/{email}/keys/{key}\".",
572 "type": "string"
573 },
574 "privateKeyType": {
575 "description": "The type of the private key.",
576 "enum": [
577 "TYPE_UNSPECIFIED",
578 "TYPE_PKCS12_FILE",
579 "TYPE_GOOGLE_CREDENTIALS_FILE"
580 ],
581 "type": "string"
582 },
583 "privateKeyData": {
584 "description": "The key data.",
585 "format": "byte",
586 "type": "string"
587 },
588 "validAfterTime": {
589 "description": "The key can be used after this timestamp.",
590 "type": "string"
591 },
592 "validBeforeTime": {
593 "description": "The key can be used before this timestamp.",
594 "type": "string"
595 }
596 },
597 "type": "object"
598 },
599 "CreateServiceAccountKeyRequest": {
600 "description": "The service account key create request.",
601 "id": "CreateServiceAccountKeyRequest",
602 "properties": {
603 "privateKeyType": {
604 "description": "The type of the key requested. GOOGLE_CREDEN TIALS is the default key type.",
605 "enum": [
606 "TYPE_UNSPECIFIED",
607 "TYPE_PKCS12_FILE",
608 "TYPE_GOOGLE_CREDENTIALS_FILE"
609 ],
610 "type": "string"
611 }
612 },
613 "type": "object"
614 },
615 "SignBlobRequest": {
616 "description": "The service account sign blob request.",
617 "id": "SignBlobRequest",
618 "properties": {
619 "bytesToSign": {
620 "description": "The bytes to sign",
621 "format": "byte",
622 "type": "string"
623 }
624 },
625 "type": "object"
626 },
627 "SignBlobResponse": {
628 "description": "The service account sign blob response.",
629 "id": "SignBlobResponse",
630 "properties": {
631 "keyId": {
632 "description": "The id of the key used to sign the blob.",
633 "type": "string"
634 },
635 "signature": {
636 "description": "The signed blob.",
637 "format": "byte",
638 "type": "string"
639 }
640 },
641 "type": "object"
642 },
643 "Policy": {
644 "description": "Defines an Identity and Access Management (IAM) poli cy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `member s` to a `role`, where the members can be user accounts, Google groups, Google do mains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { \"bindings\": [ { \"role\": \"roles/owner\", \"members\": [ \ "user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \ "serviceAccount:my-other-app@appspot.gserviceaccount.com\"] }, { \"role\": \"rol es/viewer\", \"members\": [\"user:sean@example.com\"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/ iam).",
645 "id": "Policy",
646 "properties": {
647 "version": {
648 "description": "Version of the `Policy`. The default version is 0.",
649 "format": "int32",
650 "type": "integer"
651 },
652 "bindings": {
653 "description": "Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with n o members will result in an error.",
654 "items": {
655 "$ref": "Binding"
656 },
657 "type": "array"
658 },
659 "rules": {
660 "items": {
661 "$ref": "Rule"
662 },
663 "type": "array"
664 },
665 "etag": {
666 "description": "`etag` is used for optimistic concurrency co ntrol as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race condit ions: An `etag` is returned in the response to `getIamPolicy`, and systems are e xpected to put that etag in the request to `setIamPolicy` to ensure that their c hange will be applied to the same version of the policy. If no `etag` is provide d in the call to `setIamPolicy`, then the existing policy is overwritten blindly .",
667 "format": "byte",
668 "type": "string"
669 }
670 },
671 "type": "object"
672 },
673 "Binding": {
674 "description": "Associates `members` with a `role`.",
675 "id": "Binding",
676 "properties": {
677 "role": {
678 "description": "Role that is assigned to `members`. For exam ple, `roles/viewer`, `roles/editor`, or `roles/owner`. Required",
679 "type": "string"
680 },
681 "members": {
682 "description": "Specifies the identities requesting access f or a Cloud Platform resource. `members` can have the following values: * `allUse rs`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service accoun t. * `user:{emailid}`: An email address that represents a specific Google accoun t. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{email id}`: An email address that represents a service account. For example, `my-other -app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that re presents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For exa mple, `google.com` or `example.com`.",
683 "items": {
684 "type": "string"
685 },
686 "type": "array"
687 }
688 },
689 "type": "object"
690 },
691 "Rule": {
692 "description": "A rule to be applied in a Policy.",
693 "id": "Rule",
694 "properties": {
695 "description": {
696 "description": "Human-readable description of the rule.",
697 "type": "string"
698 },
699 "permissions": {
700 "description": "A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb par t of '*' (e.g., 'storage.buckets.*') matches all verbs.",
701 "items": {
702 "type": "string"
703 },
704 "type": "array"
705 },
706 "action": {
707 "description": "Required",
708 "enum": [
709 "NO_ACTION",
710 "ALLOW",
711 "ALLOW_WITH_LOG",
712 "DENY",
713 "DENY_WITH_LOG",
714 "LOG"
715 ],
716 "type": "string"
717 },
718 "in": {
719 "description": "The rule matches if the PRINCIPAL/AUTHORITY_ SELECTOR is in this set of entries.",
720 "items": {
721 "type": "string"
722 },
723 "type": "array"
724 },
725 "notIn": {
726 "description": "The rule matches if the PRINCIPAL/AUTHORITY_ SELECTOR is not in this set of entries. The format for in and not_in entries is the same as for members in a Binding (see google/iam/v1/policy.proto).",
727 "items": {
728 "type": "string"
729 },
730 "type": "array"
731 },
732 "conditions": {
733 "description": "Additional restrictions that must be met",
734 "items": {
735 "$ref": "Condition"
736 },
737 "type": "array"
738 },
739 "logConfig": {
740 "description": "The config returned to callers of tech.iam.I AM.CheckPolicy for any entries that match the LOG action.",
741 "items": {
742 "$ref": "LogConfig"
743 },
744 "type": "array"
745 }
746 },
747 "type": "object"
748 },
749 "Condition": {
750 "description": "A condition to be met.",
751 "id": "Condition",
752 "properties": {
753 "iam": {
754 "description": "Trusted attributes supplied by the IAM syste m.",
755 "enum": [
756 "NO_ATTR",
757 "AUTHORITY",
758 "ATTRIBUTION"
759 ],
760 "type": "string"
761 },
762 "sys": {
763 "description": "Trusted attributes supplied by any service t hat owns resources and uses the IAM system for access control.",
764 "enum": [
765 "NO_ATTR",
766 "REGION",
767 "SERVICE",
768 "NAME",
769 "IP"
770 ],
771 "type": "string"
772 },
773 "svc": {
774 "description": "Trusted attributes discharged by the service .",
775 "type": "string"
776 },
777 "op": {
778 "description": "An operator to apply the subject with.",
779 "enum": [
780 "NO_OP",
781 "EQUALS",
782 "NOT_EQUALS",
783 "IN",
784 "NOT_IN",
785 "DISCHARGED"
786 ],
787 "type": "string"
788 },
789 "value": {
790 "description": "The object of the condition. Exactly one of these must be set.",
791 "type": "string"
792 },
793 "values": {
794 "description": "The objects of the condition. This is mutual ly exclusive with 'value'.",
795 "items": {
796 "type": "string"
797 },
798 "type": "array"
799 }
800 },
801 "type": "object"
802 },
803 "LogConfig": {
804 "description": "Specifies what kind of log the caller must write Inc rement a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in \"_count\". Fi eld names should not contain an initial slash. The actual exported metric names will have \"/iam/policy\" prepended. Field names correspond to IAM request param eters and field values are their respective values. At present only \"iam_princi pal\", corresponding to IAMContext.principal, is supported. Examples: counter { metric: \"/debug_access_count\" field: \"iam_principal\" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.prin cipal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anyt hing other than 1",
805 "id": "LogConfig",
806 "properties": {
807 "counter": {
808 "$ref": "CounterOptions",
809 "description": "Counter options."
810 },
811 "dataAccess": {
812 "$ref": "DataAccessOptions",
813 "description": "Data access options."
814 },
815 "cloudAudit": {
816 "$ref": "CloudAuditOptions",
817 "description": "Cloud audit options."
818 }
819 },
820 "type": "object"
821 },
822 "CounterOptions": {
823 "description": "Options for counters",
824 "id": "CounterOptions",
825 "properties": {
826 "metric": {
827 "description": "The metric to update.",
828 "type": "string"
829 },
830 "field": {
831 "description": "The field value to attribute.",
832 "type": "string"
833 }
834 },
835 "type": "object"
836 },
837 "DataAccessOptions": {
838 "description": "Write a Data Access (Gin) log",
839 "id": "DataAccessOptions",
840 "type": "object"
841 },
842 "CloudAuditOptions": {
843 "description": "Write a Cloud Audit log",
844 "id": "CloudAuditOptions",
845 "type": "object"
846 },
847 "SetIamPolicyRequest": {
848 "description": "Request message for `SetIamPolicy` method.",
849 "id": "SetIamPolicyRequest",
850 "properties": {
851 "policy": {
852 "$ref": "Policy",
853 "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empt y policy is a valid policy but certain Cloud Platform services (such as Projects ) might reject them."
854 }
855 },
856 "type": "object"
857 },
858 "TestIamPermissionsRequest": {
859 "description": "Request message for `TestIamPermissions` method.",
860 "id": "TestIamPermissionsRequest",
861 "properties": {
862 "permissions": {
863 "description": "The set of permissions to check for the `res ource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see IAM Overview.",
864 "items": {
865 "type": "string"
866 },
867 "type": "array"
868 }
869 },
870 "type": "object"
871 },
872 "TestIamPermissionsResponse": {
873 "description": "Response message for `TestIamPermissions` method.",
874 "id": "TestIamPermissionsResponse",
875 "properties": {
876 "permissions": {
877 "description": "A subset of `TestPermissionsRequest.permissi ons` that the caller is allowed.",
878 "items": {
879 "type": "string"
880 },
881 "type": "array"
882 }
883 },
884 "type": "object"
885 }
886 },
887 "servicePath": "",
888 "title": "Google Identity and Access Management API",
889 "version": "v1"
890 }
OLDNEW
« no previous file with comments | « discovery/googleapis/groupssettings__v1.json ('k') | discovery/googleapis/identitytoolkit__v3.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698