pharnexbase
/
kratos
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
188 Commits
46 Branches
62 Tags
68 MiB
 
 
 
 
Tag: Branch: Tree: 257d42b23c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '257d42b23c'
${ noResults }
kratos/third_party/google/iam/iam_meta_api.yaml

85 lines
3.2 KiB
Raw Blame History

type: google.api.Service
config_version: 2
name: iam-meta-api.googleapis.com
title: IAM Meta API
apis:
- name: google.iam.v1.IAMPolicy
types:
- name: google.iam.v1.PolicyDelta
documentation:
summary: Manages access control for Google Cloud Platform resources.
overview: |-
# Google Identity and Access Management (IAM) API
Documentation of the access control API that will be implemented by all
1st party services provided by the Google Cloud Platform (like Cloud
Storage, Compute Engine, App Engine).
Any implementation of an API that offers access control features
will implement the google.iam.v1.IAMPolicy interface.
## Data model
Access control is applied when a principal (user or service account),
takes some action on a resource exposed by a service. Resources,
identified by
URI-like names, are the unit of access control specification. It is up to
the service implementations to choose what granularity of access control
to support and what set of actions (permissions) to support for the
resources
they provide. For example one database service may allow access control to
be specified only at the Table level, whereas another might allow access
control to also be specified at the Column level.
This is intentionally not a CRUD style API because access control policies
are created and deleted implicitly with the resources to which they are
attached.
## Policy
A `Policy` consists of a list of bindings. A `Binding` binds a set of
members to a role, where the members can include user accounts, user
groups, user
domains, and service accounts. A role is a named set of permissions,
defined by the IAM system. The definition of a role is outside the
policy.
A permission check involves determining the roles that include the
specified permission, and then determining if the principal specified by
the check is a member of a binding to at least one of these roles. The
membership check is recursive when a group is bound to a role.
rules:
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
description: |-
Gets the access control policy for a resource. Returns an empty policy
if the resource exists and does not have a policy set.
- selector: google.iam.v1.IAMPolicy.SetIamPolicy
description: |-
Sets the access control policy on the specified resource. Replaces
any existing policy.
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
description: |-
Returns permissions that a caller has on the specified resource. If the
resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building
permission-aware UIs and command-line tools, not for authorization
checking. This operation may "fail open" without warning.
http:
rules:
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
post: '/v1/{resource=**}:getIamPolicy'
body: '*'
- selector: google.iam.v1.IAMPolicy.SetIamPolicy
post: '/v1/{resource=**}:setIamPolicy'
body: '*'
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
post: '/v1/{resource=**}:testIamPermissions'
body: '*'