// Copyright 2019 Google LLC. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // syntax = "proto3"; package google.cloud.policytroubleshooter.v1; import public "google/cloud/policytroubleshooter/v1/explanations.proto"; import "google/api/annotations.proto"; import "google/api/client.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.PolicyTroubleshooter.V1"; option go_package = "google.golang.org/genproto/googleapis/cloud/policytroubleshooter/v1;policytroubleshooter"; option java_multiple_files = true; option java_outer_classname = "IAMCheckerProto"; option java_package = "com.google.cloud.policytroubleshooter.v1"; option php_namespace = "Google\\Cloud\\PolicyTroubleshooter\\V1"; option ruby_package = "Google::Cloud::PolicyTroubleshooter::V1"; // IAM Policy Troubleshooter service. // // This service helps you troubleshoot access issues for Google Cloud resources. service IamChecker { option (google.api.default_host) = "policytroubleshooter.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Checks whether a member has a specific permission for a specific resource, // and explains why the member does or does not have that permission. rpc TroubleshootIamPolicy(TroubleshootIamPolicyRequest) returns (TroubleshootIamPolicyResponse) { option (google.api.http) = { post: "/v1/iam:troubleshoot" body: "*" }; } } // Request for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. message TroubleshootIamPolicyRequest { // The information to use for checking whether a member has a permission for a // resource. AccessTuple access_tuple = 1; } // Response for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. message TroubleshootIamPolicyResponse { // Indicates whether the member has the specified permission for the specified // resource, based on evaluating all of the applicable IAM policies. AccessState access = 1; // List of IAM policies that were evaluated to check the member's permissions, // with annotations to indicate how each policy contributed to the final // result. // // The list of policies can include the policy for the resource itself. It can // also include policies that are inherited from higher levels of the resource // hierarchy, including the organization, the folder, and the project. // // To learn more about the resource hierarchy, see // https://cloud.google.com/iam/help/resource-hierarchy. repeated ExplainedPolicy explained_policies = 2; }