diff options
| author | komels <[email protected]> | 2022-04-15 16:53:39 +0300 |
|---|---|---|
| committer | komels <[email protected]> | 2022-04-15 16:53:39 +0300 |
| commit | 703a2fb6e100d202d1c7fcd052d73bd5affef408 (patch) | |
| tree | 22b7320c06bb04d86dbf7b9af9ae44281331cd15 /cloud | |
| parent | 3375bbfda1e2afb03aa2072bf5f2f2c3a26026e8 (diff) | |
Move 'kikimr/yndx'-depending tests out of ydb/core
ref:0a380e13308d579e0545a76924330d1ca5129c43
Diffstat (limited to 'cloud')
155 files changed, 0 insertions, 11918 deletions
diff --git a/cloud/README.md b/cloud/README.md deleted file mode 100644 index 3e469f7ad89..00000000000 --- a/cloud/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Yandex Cloud (https://wiki.yandex-team.ru/cloud) - -This repository used for YC projects -Another repositories - https://bb.yandex-team.ru/projects/CLOUD/ - -Please contact [email protected] for any support - diff --git a/cloud/__init__.py b/cloud/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 --- a/cloud/__init__.py +++ /dev/null diff --git a/cloud/bitbucket/common-api/yandex/cloud/api/CMakeLists.txt b/cloud/bitbucket/common-api/yandex/cloud/api/CMakeLists.txt deleted file mode 100644 index 895a0abdd92..00000000000 --- a/cloud/bitbucket/common-api/yandex/cloud/api/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(yandex-cloud-api) -set_property(TARGET yandex-cloud-api PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET yandex-cloud-api PROPERTY - PROTO_NAMESPACE cloud/bitbucket/common-api -) -target_include_directories(yandex-cloud-api PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api -) -target_include_directories(yandex-cloud-api PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api -) -target_link_libraries(yandex-cloud-api PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - cloud-api-tools - contrib-libs-protobuf -) -target_proto_messages(yandex-cloud-api PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api/yandex/cloud/api/operation.proto -) -target_proto_addincls(yandex-cloud-api - ./cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(yandex-cloud-api - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api -) -target_proto_plugin(yandex-cloud-api - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/common-api/yandex/cloud/api/operation.proto b/cloud/bitbucket/common-api/yandex/cloud/api/operation.proto deleted file mode 100644 index ad794a9cbed..00000000000 --- a/cloud/bitbucket/common-api/yandex/cloud/api/operation.proto +++ /dev/null @@ -1,24 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.api; - -import "google/protobuf/descriptor.proto"; -import "yandex/cloud/api/tools/options.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/common-api/yandex/cloud/api;api"; -option (cloud.api.tools.file).lint_skip.java_package = true; - -extend google.protobuf.MethodOptions { Operation operation = 87334; } - -// Operation is annotation for rpc that returns longrunning operation, describes -// message types that will be returned in metadata [google.protobuf.Any], and -// in response [google.protobuf.Any] (for successful operation). -message Operation { - // Optional. If present, rpc returns operation which metadata field will - // contains message of specified type. - string metadata = 1; // Optional. - - // Required. rpc returns operation, in case of success response will contains message of - // specified field. - string response = 2; // Required. -} diff --git a/cloud/bitbucket/common-api/yandex/cloud/api/tools/CMakeLists.txt b/cloud/bitbucket/common-api/yandex/cloud/api/tools/CMakeLists.txt deleted file mode 100644 index ee192d71f60..00000000000 --- a/cloud/bitbucket/common-api/yandex/cloud/api/tools/CMakeLists.txt +++ /dev/null @@ -1,51 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(cloud-api-tools) -set_property(TARGET cloud-api-tools PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET cloud-api-tools PROPERTY - PROTO_NAMESPACE cloud/bitbucket/common-api -) -target_include_directories(cloud-api-tools PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api -) -target_include_directories(cloud-api-tools PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api -) -target_link_libraries(cloud-api-tools PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - contrib-libs-protobuf -) -target_proto_messages(cloud-api-tools PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api/yandex/cloud/api/tools/options.proto -) -target_proto_addincls(cloud-api-tools - ./cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(cloud-api-tools - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/common-api -) -target_proto_plugin(cloud-api-tools - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/common-api/yandex/cloud/api/tools/options.proto b/cloud/bitbucket/common-api/yandex/cloud/api/tools/options.proto deleted file mode 100644 index bc0c14275c8..00000000000 --- a/cloud/bitbucket/common-api/yandex/cloud/api/tools/options.proto +++ /dev/null @@ -1,87 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.api.tools; - -import "google/protobuf/descriptor.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/common-api/yandex/cloud/api/tools;tools"; -option (cloud.api.tools.file).lint_skip.java_package = true; - -// NOTE(skipor): option extention names should have package scope unique names -// and global unique ids per Options type from range 50000-99999 reserved for internal use. - -extend google.protobuf.FileOptions {FileOptions file = 67321;} -extend google.protobuf.MessageOptions {MessageOptions message = 67321;} -extend google.protobuf.FieldOptions {FieldOptions field = 67321;} -extend google.protobuf.EnumOptions {EnumOptions enumeration = 67321;} // enum is reserved word :( -extend google.protobuf.EnumValueOptions {EnumValueOptions value = 67321;} -extend google.protobuf.ServiceOptions {ServiceOptions service = 67321;} -extend google.protobuf.MethodOptions {MethodOptions method = 67321;} - -message FileOptions { - FileLintSkip lint_skip = 1; -} - -message FileLintSkip { - bool all = 1; - bool go_package = 2; - bool file_path = 3; - bool java_package = 4; -} - -message MessageOptions { - CommonLintSkip lint_skip = 1; - string openapi_name = 2; -} - -message FieldOptions { - // Used to declare which schema may have protobuf.Struct field. - // TODO(skipor): if v1 and later apis use it move it to yandex.cloud.api package, and parse - // at lint stage, but not at options parse. - repeated string one_of = 1; - FieldLintSkip lint_skip = 2; -} - -message FieldLintSkip { - bool all = 1; - bool int_type = 2; - bool float_type = 3; - bool json_name = 4; -} - -message EnumOptions { - EnumLintSkip lint_skip = 2; - string openapi_name = 3; -} - -message EnumLintSkip { - bool all = 1; - bool value_names_case = 2; - bool unspecified_value = 3; -} - -message EnumValueOptions { - CommonLintSkip lint_skip = 1; -} - -message ServiceOptions { - CommonLintSkip lint_skip = 1; - bool skip_generate = 2; -} - -message MethodOptions { - MethodLintSkip lint_skip = 1; - bool skip_generate = 2; -} - -message MethodLintSkip { - bool all = 1; - bool contains_resource_name = 2; - bool http_query_parameters = 3; - bool http_path = 4; - bool http_verb = 5; -} - -message CommonLintSkip { - bool all = 1; -} diff --git a/cloud/bitbucket/private-api/README.md b/cloud/bitbucket/private-api/README.md deleted file mode 100644 index 5afc5b317e1..00000000000 --- a/cloud/bitbucket/private-api/README.md +++ /dev/null @@ -1,52 +0,0 @@ -## Private API development guide - -All cloud control plane API definition based on [gRPC](https://grpc.io). - -### Repository setup -#### Prerequisites - -- make -- on Mac OS X, protoc (should be >= 3.5) or Homebrew (protoc will be installed using brew) -- on Linux, protoc (should be >= 3.5) or sudo access to install it from github - -#### Steps - -Example: - -``` -git clone https://bb.yandex-team.ru/scm/cloud/private-api.git -cd private-api - -// ...Hack-hack-hack... - -make lint -``` - -### Checking proto compilation locally - -Just run `make lint` inside src root. -To build proto tools from source set 'BUILD_TOOLS' variable to 1. -Also you may check compilation of swagger docs out of cloud API: run `make generate` for that. - -For Pull Request build both successful `lint` and `generate` required. - - -#### Validation - -Normally, all the fields of all messages received from users must be validated: -- Request messages; -- Value objects used in request messages; -- Value objects used in value objects and so on. - -Output messages does not require validation. - -Syntax and examples can be found in ``yandex/cloud/priv/example/v1alpha/validation_example.proto`` - -For Java developers there is ``java`` module, ``mvn clean package`` in this directory does following: - - builds and packages all proto-files in the repository - - tests all validators for syntax and applicability - - includes yandex.cloud.proto.ProtoValidator which helps validating messages in grpc interceptor. - -The `java/do_local_install.sh` script is useful for local development of a feature branch. -The script will run `mvn versions:set && mvn clean install` and install built artifacts -in the local maven repo with snapshot version. Please run `versions:revert` manually if script failed at compilation. diff --git a/cloud/bitbucket/private-api/README.roles.md b/cloud/bitbucket/private-api/README.roles.md deleted file mode 100644 index 8fbc10189d8..00000000000 --- a/cloud/bitbucket/private-api/README.roles.md +++ /dev/null @@ -1,108 +0,0 @@ -# identity-role-access-matrix - -Этот документ описывает новый формат хранения данных о well-known сущностях IAM'а. - -Пермишены и сервисные роли хранятся в отдельном каталоге для сервиса, который ими управляет. -Например, пермишен `compute.instances.start` может быть задан в файле `compute/permissions.yaml`, а роль `resource-manager.clouds.member` — в файле `resource-manager/roles.yaml`. -Внутри своего каталога команда сервиса может организовать данные как угодно, одним файлом или несколькими, положить их в одном каталоге или раскидать по поддиректориям. -Обязательное требование — файлы внутри подкаталогов должны называться `permissions.yaml`, `roles.yaml`, `stages.yaml`, `resources.yaml` для описания набора прав, ролей, стейджей и типов ресурсов соответсвенно. -В каждом файле можно сослаться на сущность из любого другого файла — точно так же, как если бы сущности были описаны рядом, явно ссылаться на файл не нужно. - -Если эта документация противоречит тому, что на самом деле творится в файлах — значит, в файлах неправильно :) - -## Тулинг - -Для проверки того, что yaml'ы написаны верно, можно воспользоваться `yc-iam-compile-role-fixtures` из Python-пакета [yc_iam_tools](https://bb.yandex-team.ru/projects/CLOUD/repos/identity/browse/iam_tools/yc_iam_tools/). А можно и не пользоваться, такая же проверка запускается в TeamCity на каждый PR. - -## Роли - -```yaml -roles: - # В этом dict'е перечисляются роли: ключ — название роли, значение — dict со свойствами - - example.editor: # название роли - - # Описание роли на английском для документации. - summary: |> - Edit different things that are managed by ExampleService. - Users with this role are also allowed to whisper to horses. - - # Видимость роли: может быть public или internal. Роли public видят пользователи, а internal роли — нет. - # Public роль не должна включать в себя internal-пермишены, сейчас это warning при компиляции, - # в будущем повысим до error. - visibility: public - - # Минимальный тип ресурса, на который можно назначить роль. - resourceType: resource-manager.folder - # Эту роль можно назначить на фолдер или на клауд, но нельзя на SA или на биллинг-аккаунт. - # Такая роль может содержать пермишены, у которых resourceType фолдер или какой-нибудь вложенный в него ресурс, - # но не может содержать никакие другие пермишены. - - # Другие роли, входящие в состав этой. - # Параметр можно не указывать, если не нужно инклюдить никакие другие роли. - includedRoles: - - example.viewer - - horse.whisperer - # Роль `example.editor` содержит все пермишены из `example.viewer` и `horse.whisperer`. - # `includedRoles` работает транзитивно: если в определении `example.viewer` тоже инклюдятся какие-то роли, - # то их пермишены входят и в `example.editor`. - - # Пермишены, входящие в роль. - # Параметр можно не указывать, если роль не включает никаких пермишенов напрямую. - permissions: - - example.things.edit - - example.things.manage - # Есть сокращённая форма записи: - - example.thingCollections.{create,update,delete} - # Фигурные скобки можно использовать в любом месте записи: - # `sample.{horses,mice,chickens}.{feed,pet}` тоже можно сказать, - # эта запись разресолвится в 6 пермишенов. - # (Но лучше таким не злоупотреблять.) - - # В итоге получается, что в роль `example.editor` входят пермишены: - # `example.things.edit`, `example.things.manage`, - # `example.thingCollections.create`, `example.thingCollections.update`, `example.thingCollections.delete`, - # а также все пермишены, которые входят в роли `example.viewer` и `horse.whisperer`. - - # Ещё одна роль. - example.viewer: - # Эта роль используется в роли `example.editor` выше. - # Но это не значит, что `example.viewer` в файле должна идти после `example.editor` — - # можно расположить их хоть как или вообще положить в разные файлы. - ... -``` - -Роли задаются аддитивно: можно создать роль "`viewer` плюс `compute.editor` плюс `iam.serviceAccounts.create`", но нельзя задать "`viewer` минус `billing.viewer`" или "все пермишены `serverless.*.*`, кроме `serverless.*.delete`". Это сделано специально, чтобы при добавлении новой роли/пермишена вся система вела себя более предсказуемо. - -Некоторые роли помечены как "псевдороли", у них есть поле `pseudorole: true`. Это временные сущности, они нужны только для того, чтобы из них составить общеоблачные роли типа `viewer`. Ни внешние, ни внутренние пользователи не могут видеть псевдороли в API и назначать на ресурсы. Сервисам рекомендуется заменить их на правильные сервисные роли. - -## Пермишены - -```yaml -permissions: - - iam.accessBinding.delete: # имя пермишена - - # Описание роли на английском для документации. - description: Delete access binding. - - # Стейдж. Чаще всего это GA. - # Список стейджей лежит в `stages.yaml`. - stage: GA - - # Видимость пермишена: может быть public или internal. - # Связана с видимостью ролей: internal пермишены не должны входить в public роли. - visibility: public - - # Здесь задаются условия, когда пермишен может действовать. - allowedWhen: - - # Сейчас можно задать только условие на статус клауда. - cloud: - status: - - BLOCKED_BY_BILLING - - ACTIVE - # Этим пермишеном можно воспользоваться только тогда, когда клауд - # находится в статусе ACTIVE или BLOCKED_BY_BILLING. - # А если клауд в другом статусе — например, BLOCKED — пермишен запрещён. -``` diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/CMakeLists.txt deleted file mode 100644 index 4ac967704ee..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/CMakeLists.txt +++ /dev/null @@ -1,52 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(yandex-cloud-priv) -set_property(TARGET yandex-cloud-priv PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET yandex-cloud-priv PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(yandex-cloud-priv PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(yandex-cloud-priv PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(yandex-cloud-priv PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - contrib-libs-protobuf -) -target_proto_messages(yandex-cloud-priv PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/sensitive.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/validation.proto -) -target_proto_addincls(yandex-cloud-priv - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(yandex-cloud-priv - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(yandex-cloud-priv - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/access/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/access/CMakeLists.txt deleted file mode 100644 index 292231e4807..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/access/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(cloud-priv-access) -set_property(TARGET cloud-priv-access PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET cloud-priv-access PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-access PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-access PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(cloud-priv-access PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - contrib-libs-protobuf -) -target_proto_messages(cloud-priv-access PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/access/access.proto -) -target_proto_addincls(cloud-priv-access - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(cloud-priv-access - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(cloud-priv-access - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/access/access.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/access/access.proto deleted file mode 100644 index 08ef8976784..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/access/access.proto +++ /dev/null @@ -1,94 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.access; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/access;access"; -option java_outer_classname = "PA"; - -// * `type = system, id = allUsers`: A special identifier that represents anyone. -// -// * `type = system, id = allAuthenticatedUsers`: A special identifier that represents anyone -// who is authenticated. -// -// * `type = userAccount, id = <cloud generated id>` -// -// * `type = federatedUser, id = <cloud generated id>` -// -// * `type = serviceAccount, id = <cloud generated id>` -// -// * `type = group, id = <cloud generated id>` - -message Subject { - string id = 1 [(required) = true, (length) = "<=50"]; - string type = 2 [(required) = true, (length) = "<=100"]; -} - -message AccessBinding { - string role_id = 1 [(required) = true, (length) = "<=50"]; - Subject subject = 2 [(required) = true]; -} - -message ListAccessBindingsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; - // A flag allowing the service to determine that the original action was - // initiated from services (private API) when [private_call] = true, or from - // the public API when [private_call] = false. [private_call] = false adds - // additional restrictions on the execution of the action (ex. the prohibition - // of manipulating internal roles, internal roles are not returned in a result). - // When proxying from the public API, this field MUST be mapped to false. - bool private_call = 4; -} - -message ListAccessBindingsResponse { - repeated AccessBinding access_bindings = 1; - string next_page_token = 2; -} - -message SetAccessBindingsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - repeated AccessBinding access_bindings = 2; - // A flag allowing the service to determine that the original action was - // initiated from services (private API) when [private_call] = true, or from - // the public API when [private_call] = false. [private_call] = false adds - // additional restrictions on the execution of the action (ex. the prohibition - // of manipulating internal roles, throwing NotFoundException on an - // internal role). When proxying from the public API, - // this field MUST be mapped to false. - bool private_call = 3; -} - -message SetAccessBindingsMetadata { - string resource_id = 1; -} - -message UpdateAccessBindingsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - repeated AccessBindingDelta access_binding_deltas = 2 [(size) = ">0"]; - // A flag allowing the service to determine that the original action was - // initiated from services (private API) when [private_call] = true, or from - // the public API when [private_call] = false. [private_call] = false adds - // additional restrictions on the execution of the action (ex. the prohibition - // of manipulating internal roles, throwing NotFoundException on an - // internal role). When proxying from the public API, - // this field MUST be mapped to false. - bool private_call = 3; -} - -message UpdateAccessBindingsMetadata { - string resource_id = 1; -} - -enum AccessBindingAction { - ACCESS_BINDING_ACTION_UNSPECIFIED = 0; - ADD = 1; - REMOVE = 2; -} - -message AccessBindingDelta { - AccessBindingAction action = 1 [(required) = true]; - AccessBinding access_binding = 2 [(required) = true]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/restriction.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/restriction.proto deleted file mode 100644 index 0f2fe123966..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/restriction.proto +++ /dev/null @@ -1,58 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam;iam"; -option java_outer_classname = "PRN"; - -enum RestrictionKind { - RESTRICTION_KIND_UNSPECIFIED = 0; - BLOCK_PERMISSIONS = 1; -} - -message Restriction { - RestrictionKind restriction_kind = 1; - string restriction_type_id = 2; - google.protobuf.Timestamp added_at = 3; - string added_by = 4; -} - -message ListRestrictionsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - RestrictionKind restriction_kind = 2; - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListRestrictionsResponse { - repeated Restriction restrictions = 1; - string next_page_token = 2; -} - -message GetRestrictionRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string restriction_type_id = 2 [(required) = true, (length) = "<=100"]; -} - -message AddRestrictionRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string restriction_type_id = 2 [(required) = true, (length) = "<=100"]; -} - -message AddRestrictionMetadata { - string resource_id = 1; - string restriction_type_id = 2; -} - -message RemoveRestrictionRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string restriction_type_id = 2 [(required) = true, (length) = "<=100"]; -} - -message RemoveRestrictionMetadata { - string resource_id = 1; - string restriction_type_id = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/CMakeLists.txt deleted file mode 100644 index cf42f5bfa7b..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/CMakeLists.txt +++ /dev/null @@ -1,102 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(priv-iam-v1) -set_property(TARGET priv-iam-v1 PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET priv-iam-v1 PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(priv-iam-v1 PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(priv-iam-v1 PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(priv-iam-v1 PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-api - cloud-api-tools - yandex-cloud-priv - cloud-priv-access - iam-v1-token - iam-v1-ts - priv-oauth-v1 - cloud-priv-operation - cloud-priv-quota - priv-servicecontrol-v1 - contrib-libs-protobuf -) -target_proto_messages(priv-iam-v1 PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/access_binding_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/gizmo_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_cookie_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_token_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/membership_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/operation_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quota_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/root_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/subject_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token_agent.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_cookie.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_user_account_service.proto -) -target_proto_addincls(priv-iam-v1 - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(priv-iam-v1 - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(priv-iam-v1 - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/access_binding_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/access_binding_service.proto deleted file mode 100644 index d9b77098f03..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/access_binding_service.proto +++ /dev/null @@ -1,258 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "google/rpc/error_details.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/servicecontrol/v1/resource.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PABS"; - -service AccessBindingService { - rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse) { - option (google.api.http) = { get: "/iam/v1/listAccessBindings" }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } - - rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/setAccessBindings" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "SetAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } - - rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/updateAccessBindings" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - option (yandex.cloud.api.tools.method).lint_skip.http_verb = true; - } - - rpc CheckLikelyPubliclyAccessible (CheckLikelyPubliclyAccessibleRequest) returns (CheckLikelyPubliclyAccessibleResponse); - - rpc ChangeTopLevelResource (ChangeTopLevelResourceRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "ChangeTopLevelResourceMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc DeleteByTopLevelResource (DeleteByTopLevelResourceRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteByTopLevelResourceMetadata" - response: "google.protobuf.Empty" - }; - } -} - -// * `type = system, id = allUsers`: A special identifier that represents anyone. -// -// * `type = system, id = allAuthenticatedUsers`: A special identifier that represents anyone -// who is authenticated. -// -// * `type = userAccount, id = <cloud generated id>` -// -// * `type = federatedUser, id = <cloud generated id>` -// -// * `type = serviceAccount, id = <cloud generated id>` -// -// * `type = group, id = <cloud generated id>` -// -// * `type = invitee, id = <cloud generated id>` -message Subject { - string id = 1 [(required) = true, (length) = "<=50"]; - string type = 2 [(required) = true, (length) = "<=100"]; -} - -message AccessBinding { - string role_id = 1 [(required) = true, (length) = "<=50"]; - Subject subject = 2 [(required) = true]; - string managed_by = 3 [(length) = "<=50"]; -} - -message ListAccessBindingsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; - // A flag allowing the service to determine that the original action was - // initiated from services (private API) when [private_call] = true, or from - // the public API when [private_call] = false. [private_call] = false adds - // additional restrictions on the execution of the action (ex. the prohibition - // of manipulating internal roles, internal roles are not returned in a result). - // When proxying from the public API, this field MUST be mapped to false. - bool private_call = 3; - int64 page_size = 4 [(value) = "<=1000"]; - string page_token = 5 [(length) = "<=100"]; -} - -message ListAccessBindingsResponse { - repeated AccessBinding access_bindings = 1; - string next_page_token = 2; -} - -message SetAccessBindingsRequest { - // Path to resource, from most to least specific according to resource hierarchy. - // E.g. [storage.bucket, resource-manager.folder, resource-manager.cloud]. - // If specified, takes precedence over resource_id/resource_type. - repeated servicecontrol.v1.Resource resource_path = 5; - // Access bindings to set. - repeated AccessBinding access_bindings = 4 [(size) = "<=1000"]; - // A flag allowing the service to determine that the original action was - // initiated from services (private API) when [private_call] = true, or from - // the public API when [private_call] = false. [private_call] = false adds - // additional restrictions on the execution of the action (ex. the prohibition - // of manipulating internal roles, throwing NotFoundException on an - // internal role). When proxying from the public API, - // this field MUST be mapped to false. - bool private_call = 3; - // If set, perform operation on behalf of subject with this id. - string on_behalf_of_subject_id = 6 [(length) = "<=50"]; - - // Legacy resource specifiers. Use resource_path instead. - string resource_id = 1 [(length) = "<=50"]; - string resource_type = 2 [(length) = "<=100"]; -} - -message SetAccessBindingsMetadata { - string resource_id = 1; - string resource_type = 2; - repeated servicecontrol.v1.Resource resource_path = 3; - string on_behalf_of_subject_id = 4; -} - -message UpdateAccessBindingsRequest { - // Path to resource, from most to least specific according to resource hierarchy - // E.g. [storage.bucket, resource-manager.folder, resource-manager.cloud]. - // If specified, takes precedence over resource_id/resource_type. - repeated servicecontrol.v1.Resource resource_path = 5; - // Access bindings to add/remove. - repeated AccessBindingDelta access_binding_deltas = 3 [(size) = "1-1000"]; - // A flag allowing the service to determine that the original action was - // initiated from services (private API) when [private_call] = true, or from - // the public API when [private_call] = false. [private_call] = false adds - // additional restrictions on the execution of the action (ex. the prohibition - // of manipulating internal roles, throwing NotFoundException on an - // internal role). When proxying from the public API, - // this field MUST be mapped to false. - bool private_call = 4; - // If set, perform operation on behalf of subject with this id. - string on_behalf_of_subject_id = 6 [(length) = "<=50"]; - - // Legacy resource specifiers. Use resource_path instead. - string resource_id = 1 [(length) = "<=50"]; - string resource_type = 2 [(length) = "<=100"]; -} - -message UpdateAccessBindingsMetadata { - string resource_id = 1; - string resource_type = 2; - repeated servicecontrol.v1.Resource resource_path = 3; - string on_behalf_of_subject_id = 4; -} - -enum AccessBindingAction { - ACCESS_BINDING_ACTION_UNSPECIFIED = 0; - ADD = 1; - REMOVE = 2; -} - -message AccessBindingDelta { - AccessBindingAction action = 1 [(required) = true]; - AccessBinding access_binding = 2 [(required) = true]; -} - -// Access bindings operation status. Returned as an element of google.rpc.Status.details. -// Returned only when a {set,update}AccessBindings() call is made on behalf of other subject, -// in which case the "code" and "message" values should be returned to that subject as the GRPC result -// of your service's {set,update}AccessBindings() method calls. -message AccessBindingsOperationStatus { - // End-user facing GRPC status code. - int64 code = 1; - - // End-user facing message. - string message = 2; - - // Private message details. - google.rpc.DebugInfo internal = 3; -} - -// Access bindings added or removed during this operation. -message AccessBindingsOperationDelta { - repeated AccessBindingDelta access_binding_deltas = 1; -} - -// Deprecated in favor of above message. -message BindingsOperationStatus { - int64 code = 1 [deprecated = true]; - string message = 2 [deprecated = true]; - google.rpc.DebugInfo internal = 3 [deprecated = true]; -} - -message CheckLikelyPubliclyAccessibleRequest { - // Resources to check. - repeated servicecontrol.v1.Resource resources = 1 [(size) = "1-1000"]; -} - -message CheckLikelyPubliclyAccessibleResponse { - // Resources that are likely publicly accessible; - repeated servicecontrol.v1.Resource resources = 1; -} - -message ChangeTopLevelResourceRequest { - // Path to resource. - repeated servicecontrol.v1.Resource resource_path = 1; - // Top level resource to change to. - servicecontrol.v1.Resource top_level_resource = 2; - // Dry run flag. When this flag is true, perform preliminary check instead. In case there are - // access bindings that would be lost in the process, returned failed operation with code FAILED_PRECONDITION - // will contain a ChangeTopLevelResourceDryRunErrorDetails error detail describing subjects whose - // access bindings would be lost. - bool dry_run = 3; -} - -message ChangeTopLevelResourceMetadata { - repeated servicecontrol.v1.Resource resource_path = 1; - servicecontrol.v1.Resource top_level_resource = 2; - bool dry_run = 3; -} - -message ChangeTopLevelResourceDryRunErrorDetails { - // Some of the public access bindings that would be lost when changing top level resource. - // This list might be empty in case only system bindings are present. - // These can be displayed to public end users. - repeated AccessBinding public_access_bindings = 1 [(size) = "<=10"]; - // Some of the system access bindings that would be lost when changing top level resource. - // This list might be empty in case only public bindings are present. - // These should only be displayed to staff members. - // In case only system bindings are present, public end users should receive a vague - // message like "cannot move access bindings", without any specifics. - repeated AccessBinding system_access_bindings = 2 [(size) = "<=10"]; - - message AccessBinding { - string role_id = 1; - string subject_id = 2; - string resource_id = 3; - string resource_type = 4; - } -} - -message DeleteByTopLevelResourceRequest { - // Subject IDs whose bindings are to be removed. - repeated string subject_ids = 1 [(size) = "1-1000"]; - // Top level resource filter of access bindings. - servicecontrol.v1.Resource top_level_resource = 2 [(required) = true]; -} - -message DeleteByTopLevelResourceMetadata { - repeated string subject_ids = 1; - servicecontrol.v1.Resource top_level_resource = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key.proto deleted file mode 100644 index a8ac7ac88d5..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key.proto +++ /dev/null @@ -1,15 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PAPIK"; - -message ApiKey { - string id = 1; - string service_account_id = 2; - google.protobuf.Timestamp created_at = 3; - string description = 4; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key_service.proto deleted file mode 100644 index 6ce0ec09ffd..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/api_key_service.proto +++ /dev/null @@ -1,104 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/api_key.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PAPIKS"; - -service ApiKeyService { - - rpc List (ListApiKeysRequest) returns (ListApiKeysResponse) { - option (google.api.http) = {get: "/iam/v1/apiKeys"}; - } - - rpc Get (GetApiKeyRequest) returns (ApiKey) { - option (google.api.http) = {get: "/iam/v1/apiKeys/{api_key_id}"}; - } - - rpc Create (CreateApiKeyRequest) returns (CreateApiKeyResponse) { - option (google.api.http) = {post: "/iam/v1/apiKeys" body: "*"}; - } - - rpc Update (UpdateApiKeyRequest) returns (operation.Operation) { - option (google.api.http) = {patch: "/iam/v1/apiKeys/{api_key_id}" body: "*"}; - option (yandex.cloud.api.operation) = { - metadata: "UpdateApiKeyMetadata" - response: "ApiKey" - }; - } - - rpc Delete (DeleteApiKeyRequest) returns (operation.Operation) { - option (google.api.http) = {delete: "/iam/v1/apiKeys/{api_key_id}"}; - option (yandex.cloud.api.operation) = { - metadata: "DeleteApiKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc ListOperations (ListApiKeyOperationsRequest) returns (ListApiKeyOperationsResponse) { - option (google.api.http) = {get: "/iam/v1/apiKeys/{api_key_id}/operations"}; - } -} - -message GetApiKeyRequest { - string api_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListApiKeysRequest { - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListApiKeysResponse { - repeated ApiKey api_keys = 1; - string next_page_token = 2; -} - -message CreateApiKeyRequest { - string api_key_id = 3 [(required) = false, (length) = "<=50"]; - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - string description = 2 [(length) = "<=256"]; -} - -message CreateApiKeyResponse { - ApiKey api_key = 1; - string secret = 2 [(sensitive) = true]; -} - -message UpdateApiKeyRequest { - string api_key_id = 1 [(required) = true, (length) = "<=50"]; - google.protobuf.FieldMask update_mask = 2; - string description = 3 [(length) = "<=256"]; -} - -message UpdateApiKeyMetadata { - string api_key_id = 1; -} - -message DeleteApiKeyRequest { - string api_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteApiKeyMetadata { - string api_key_id = 1; -} - -message ListApiKeyOperationsRequest { - string api_key_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListApiKeyOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility/access_key.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility/access_key.proto deleted file mode 100644 index c2a3dafac33..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility/access_key.proto +++ /dev/null @@ -1,18 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.awscompatibility; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility;awscompatibility"; -option java_outer_classname = "PAK"; - -message AccessKey { - string id = 1; - string service_account_id = 2; - google.protobuf.Timestamp created_at = 3; - string description = 4; - string key_id = 5; - // Base64-encoded (no padding) sha256 hash of binary secret key - string fingerprint = 6; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility/access_key_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility/access_key_service.proto deleted file mode 100644 index 01070526f6e..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility/access_key_service.proto +++ /dev/null @@ -1,117 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.awscompatibility; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/awscompatibility/access_key.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/awscompatibility;awscompatibility"; -option java_outer_classname = "PAKS"; - -service AccessKeyService { - - rpc List (ListAccessKeysRequest) returns (ListAccessKeysResponse) { - option (google.api.http) = {get: "/iam/v1/accessKeys"}; - } - - rpc ListByFingerprint (ListAccessKeysByFingerprintRequest) returns (ListAccessKeysByFingerprintResponse); - - rpc Get (GetAccessKeyRequest) returns (AccessKey) { - option (google.api.http) = {get: "/iam/v1/accessKeys/{access_key_id}"}; - } - - rpc Create (CreateAccessKeyRequest) returns (CreateAccessKeyResponse) { - option (google.api.http) = {post: "/iam/v1/accessKeys" body: "*"}; - } - - rpc Update (UpdateAccessKeyRequest) returns (operation.Operation) { - option (google.api.http) = {patch: "/iam/v1/accessKeys/{access_key_id}" body: "*"}; - option (yandex.cloud.api.operation) = { - metadata: "UpdateAccessKeyMetadata" - response: "AccessKey" - }; - } - - rpc Delete (DeleteAccessKeyRequest) returns (operation.Operation) { - option (google.api.http) = {delete: "/iam/v1/accessKeys/{access_key_id}"}; - option (yandex.cloud.api.operation) = { - metadata: "DeleteAccessKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc ListOperations (ListAccessKeyOperationsRequest) returns (ListAccessKeyOperationsResponse) { - option (google.api.http) = {get: "/iam/v1/accessKeys/{access_key_id}/operations"}; - } -} - -message GetAccessKeyRequest { - string access_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListAccessKeysRequest { - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListAccessKeysResponse { - repeated AccessKey access_keys = 1; - string next_page_token = 2; -} - -message ListAccessKeysByFingerprintRequest { - string fingerprint = 1 [(length) = "43"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListAccessKeysByFingerprintResponse { - repeated AccessKey access_keys = 1; - string next_page_token = 2; -} - -message CreateAccessKeyRequest { - string access_key_id = 3 [(required) = false, (length) = "<=50"]; - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - string description = 2 [(length) = "<=256"]; -} - -message CreateAccessKeyResponse { - AccessKey access_key = 1; - string secret = 2 [(sensitive) = true]; -} - -message UpdateAccessKeyRequest { - string access_key_id = 1 [(required) = true, (length) = "<=50"]; - google.protobuf.FieldMask update_mask = 2; - string description = 3 [(length) = "<=256"]; -} - -message UpdateAccessKeyMetadata { - string access_key_id = 1; -} - -message DeleteAccessKeyRequest { - string access_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteAccessKeyMetadata { - string access_key_id = 1; -} - -message ListAccessKeyOperationsRequest { - string access_key_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListAccessKeyOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice/access_binding_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice/access_binding_service.proto deleted file mode 100644 index 73979fc24ee..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice/access_binding_service.proto +++ /dev/null @@ -1,29 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.backoffice; - -import "yandex/cloud/priv/servicecontrol/v1/resource.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice;iam_backoffice"; -option java_outer_classname = "PBOABS"; - -service AccessBindingService { - rpc ListBySubject (ListSubjectAccessBindingsRequest) returns (ListSubjectAccessBindingsResponse); -} - -message ListSubjectAccessBindingsRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "<=1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListSubjectAccessBindingsResponse { - repeated SubjectAccessBinding access_bindings = 1; - string next_page_token = 2; -} - -message SubjectAccessBinding { - string role_id = 1; - servicecontrol.v1.Resource resource = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice/permission_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice/permission_service.proto deleted file mode 100644 index e808df5fe13..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice/permission_service.proto +++ /dev/null @@ -1,49 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.backoffice; - -import "google/rpc/status.proto"; -import "yandex/cloud/priv/access/access.proto"; -import "yandex/cloud/priv/servicecontrol/v1/access_service.proto"; -import "yandex/cloud/priv/servicecontrol/v1/resource.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/backoffice;iam_backoffice"; -option java_outer_classname = "PBOPS"; - -service PermissionService { - rpc Check (CheckPermissionRequest) returns (CheckPermissionResponse); -} - -message CheckPermissionRequest { - // Permission to check. - string permission = 1 [(required) = true, (length) = "<=50"]; - // Resource path from most specific resource to least. - // Same semantics as AccessService.AuthorizeRequest#resource_path. - repeated servicecontrol.v1.Resource resource_path = 2 [(size) = "<=50"]; - // Subject to check permission for. Use caller subject if not specified. - servicecontrol.v1.Subject subject = 3; -} - -message CheckPermissionResponse { - // Permission info for resources in specified resource path, from most specific to least. - // Might contain more entries than specified resource path. - repeated ResourcePermissionInfo resource_permissions = 1; -} - -message ResourcePermissionInfo { - // Resource against which the permission is being checked. - servicecontrol.v1.Resource resource = 1; - - // Access bindings on this resource that grant the permission. - repeated access.AccessBinding access_bindings = 2; - - // AccessService response trying to authorize the permission against this resource. - oneof authorize_response { - option (exactly_one) = true; - // If authorization succeeded. - servicecontrol.v1.AuthorizeResponse response = 3; - // If authorization failed. - google.rpc.Status status = 4; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/compute/os_login_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/compute/os_login_service.proto deleted file mode 100644 index 53f207c58f8..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/compute/os_login_service.proto +++ /dev/null @@ -1,86 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.compute; - -import "yandex/cloud/priv/servicecontrol/v1/resource.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/compute;iam_compute"; -option java_outer_classname = "PCOLS"; - -service OsLoginService { - // DEPRECATED. - rpc GetUserInfo (GetUserInfoRequest) returns (GetUserInfoResponse); - - rpc Get (GetOsLoginRequest) returns (GetOsLoginResponse); - rpc List (ListOsLoginsRequest) returns (ListOsLoginsResponse); -} - -message GetUserInfoRequest { - // ID of the cloud to search for os login in. - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - // A resource path for compute instance. Same one to be passed to AccessService#authorize(). - // Must consist of [compute.instance, resource-manager.folder] in that order. - // cloud_id is automatically appended from request. - repeated servicecontrol.v1.Resource instance_resource_path = 2 [(size) = "2"]; - oneof subject { - option (exactly_one) = true; - string subject_id = 3 [(length) = "<=50"]; - string os_login = 4 [(length) = "<=32"]; - int64 os_uid = 5 [(value) = ">=0"]; - } -} - -message GetUserInfoResponse { - string subject_id = 1; - string os_login = 2; - int64 os_uid = 3; - bool is_admin = 4; - repeated SshKeyInfo ssh_keys = 5; -} - -message GetOsLoginRequest { - // ID of the cloud to search for os login in. - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - oneof subject { - option (exactly_one) = true; - string subject_id = 3 [(length) = "<=50"]; - string os_login = 4 [(length) = "<=32"]; - int64 os_uid = 5 [(value) = ">=0"]; - } -} - -message GetOsLoginResponse { - OsLoginInfo os_login_info = 1; -} - -message ListOsLoginsRequest { - // ID of the cloud to search for os login in. - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "<=2048"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListOsLoginsResponse { - repeated OsLoginInfo os_login_infos = 1; - string next_page_token = 2; -} - -message OsLoginInfo { - string subject_id = 1; - SubjectType subject_type = 2; - string os_login = 3; - int64 os_uid = 4; - repeated SshKeyInfo ssh_keys = 5; -} - -enum SubjectType { - SUBJECT_TYPE_UNSPECIFIED = 0; - USER_ACCOUNT = 1; - SERVICE_ACCOUNT = 2; -} - -message SshKeyInfo { - string id = 1; - string data = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/access_binding_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/access_binding_service.proto deleted file mode 100644 index b44832b6982..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/access_binding_service.proto +++ /dev/null @@ -1,60 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/priv/oauth/claims.proto"; -import "yandex/cloud/priv/servicecontrol/v1/resource.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCABS"; - -// Console-specific AccessBindingService. -// Analogous to the regular ABS from private API, but to be used by service facades when serving -// console-specific access bindings calls. -// Usage scenario: -// [end user] --access-bindings-UI--> [console] --> [console folder service] --> [console ABS] - -// Important thing to note here is that access bindings listing response is leaking information. -// By providing "inherited_from" field, access bindings from resources other than specified one -// are inadvertently disclosed. Those are the access bindings the user might not have had permissions -// to read. -// It was decided however to greenlight this approach since it was considered more "harmful" to -// not let the end user see that other subjects might have access to his generally private resources, -// rather than trying to maximize security on a method level. - -service AccessBindingService { - rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse) { - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } -} - -message ListAccessBindingsRequest { - // Path to resource, from most to least specific according to resource hierarchy. - // Access bindings from all resources but first are considered "inherited" by the first resource. - repeated servicecontrol.v1.Resource resource_path = 1 [(size) = "1-10"]; - int64 page_size = 2 [(value) = "<=1000"]; - string page_token = 3 [(length) = "<=100"]; - // Access bindings listing filter. - // Filter specs: https://wiki.yandex-team.ru/users/zdazzy/cloud/iam/service/console/objectfilter/ - string filter = 4 [(length) = "<=1000"]; - bool get_inherited_bindings = 5; -} - -message ListAccessBindingsResponse { - repeated SubjectWithBindings subjects_with_bindings = 1; - string next_page_token = 3; -} - -message SubjectWithBindings { - yandex.cloud.priv.oauth.SubjectClaims subject_claims = 1; - repeated AccessBinding access_bindings = 2; - repeated AccessBinding inherited_access_bindings = 3; -} - -message AccessBinding { - string role_id = 1; - // If present, specifies a resource this access binding is inherited from. - servicecontrol.v1.Resource inherited_from = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/key_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/key_service.proto deleted file mode 100644 index 1881d2ce285..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/key_service.proto +++ /dev/null @@ -1,28 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/priv/iam/v1/key.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCKS"; - -service KeyService { - - rpc Create (CreateKeyRequest) returns (CreateKeyResponse); - -} - -message CreateKeyRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - string description = 4 [(length) = "<=256"]; - Key.Algorithm key_algorithm = 5; -} - -message CreateKeyResponse { - Key key = 1; - string private_key = 2 [(sensitive) = true]; - string key_json = 3 [(sensitive) = true]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/membership_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/membership_service.proto deleted file mode 100644 index cf88c8c06cc..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/membership_service.proto +++ /dev/null @@ -1,39 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/priv/oauth/claims.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCMS"; - -// Console-specific MembershipService. - -service MembershipService { - rpc ListMembers (ListMembersRequest) returns (ListMembersResponse); -} - -message ListMembersRequest { - oneof list_context { - option (exactly_one) = true; - string organization_id = 1 [(length) = "<=50"]; - string cloud_id = 2 [(length) = "<=50"]; - } - - // Subjects listing filter. - // Filter specs: https://wiki.yandex-team.ru/users/zdazzy/cloud/iam/service/console/objectfilter/ - string filter = 3 [(length) = "<=1000"]; - - int64 page_size = 4 [(value) = "<=1000"]; - string page_token = 5 [(length) = "<=100"]; -} - -message ListMembersResponse { - repeated SubjectWithClaims members = 1; - string next_page_token = 2; -} - -message SubjectWithClaims { - yandex.cloud.priv.oauth.SubjectClaims subject_claims = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/os_login_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/os_login_service.proto deleted file mode 100644 index 5507334b153..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/os_login_service.proto +++ /dev/null @@ -1,23 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCOLS"; - -service OsLoginService { - // Get OS Login info for current subject. - rpc Get (GetOsLoginRequest) returns (GetOsLoginResponse); -} - -message GetOsLoginRequest { - // ID of the cloud to search for OS Login if called by a non-service account. - string cloud_id = 1 [(length) = "<=50"]; -} - -message GetOsLoginResponse { - string subject_id = 1; - string os_login = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/role_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/role_service.proto deleted file mode 100644 index 3e83afd99ad..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/role_service.proto +++ /dev/null @@ -1,46 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCRS"; - -// Console-specific RoleService. - -service RoleService { - rpc List (ListRolesRequest) returns (ListRolesResponse); - rpc ListCategories (ListCategoriesRequest) returns (ListCategoriesResponse); -} - -message ListRolesRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListRolesResponse { - repeated Role roles = 1; - string next_page_token = 2; -} - -message Role { - string id = 1; - string description = 2; - repeated string category_ids = 3; -} - -message ListCategoriesRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListCategoriesResponse { - repeated Category categories = 1; - string next_page_token = 2; -} - -message Category { - string id = 1; - string name = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/service_account_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/service_account_service.proto deleted file mode 100644 index ea4a43bfdda..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/service_account_service.proto +++ /dev/null @@ -1,58 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/console/v1/access_binding.proto"; -import "yandex/cloud/priv/iam/v1/service_account.proto"; -import "yandex/cloud/priv/iam/v1/awscompatibility/access_key.proto"; -import "yandex/cloud/priv/iam/v1/key.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCSAS"; - -// Console-specific ServiceAccountService. - -service ServiceAccountService { - rpc List (ListServiceAccountsRequest) returns (ListServiceAccountsResponse); - - rpc Create (CreateServiceAccountRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "CreateServiceAccountMetadata" - response: "ServiceAccount" - }; - } - - rpc ListAccessBindings (yandex.cloud.priv.console.v1.ListAccessBindingsRequest) returns (yandex.cloud.priv.console.v1.ListAccessBindingsResponse); -} - -message ListServiceAccountsRequest { - string folder_id = 1 [(length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ServiceAccountWithKeys { - ServiceAccount service_account = 1; - repeated yandex.cloud.priv.iam.v1.awscompatibility.AccessKey access_keys = 2; - repeated yandex.cloud.priv.iam.v1.Key authorized_keys = 3; -} - -message ListServiceAccountsResponse { - repeated ServiceAccountWithKeys service_accounts = 1; - string next_page_token = 2; -} - -message CreateServiceAccountRequest { - string folder_id = 1 [(required) = true, (length) = "<=50"]; - string name = 2 [(required) = true, (pattern) = "[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - string description = 3 [(length) = "<=256"]; - map<string, string> labels = 4 [(priv.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; - // Folder ID on which to place access bindings with roles specified below. - // Can be different from folder_id, in which SA itself resides. - string roles_folder_id = 5 [(required) = true, (length) = "<=50"]; - // Roles to grant to this SA. - repeated string roles = 6 [(size) = "1-10", (length) = "<=50"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/user_account_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/user_account_service.proto deleted file mode 100644 index 454dd2791cd..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console/user_account_service.proto +++ /dev/null @@ -1,29 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.console; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/operation/operation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/console;iam_console"; -option java_outer_classname = "PCUAS"; - -service UserAccountService { - - // Deletes all access keys for the current authenticated user. - rpc RevokeAllAccessKeys (RevokeAllAccessKeysRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "RevokeAllAccessKeysMetadata" - response: "google.protobuf.Empty" - }; - - } - -} - -message RevokeAllAccessKeysRequest { -} - -message RevokeAllAccessKeysMetadata { - string subject_id = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/gizmo_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/gizmo_service.proto deleted file mode 100644 index 2aa8f0ca003..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/gizmo_service.proto +++ /dev/null @@ -1,34 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/access/access.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PGS"; - -service GizmoService { - rpc ListAccessBindings (ListGizmoAccessBindingsRequest) returns (access.ListAccessBindingsResponse); - - rpc UpdateAccessBindings (UpdateGizmoAccessBindingsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UpdateGizmoAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message ListGizmoAccessBindingsRequest { - int64 page_size = 1 [(value) = "<=1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message UpdateGizmoAccessBindingsRequest { - repeated access.AccessBindingDelta access_binding_deltas = 1 [(size) = ">0"]; -} - -message UpdateGizmoAccessBindingsMetadata { -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_cookie_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_cookie_service.proto deleted file mode 100644 index a1060c37537..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_cookie_service.proto +++ /dev/null @@ -1,56 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto"; -import "yandex/cloud/priv/iam/v1/yandex_passport_cookie.proto"; -import "yandex/cloud/priv/oauth/v1/oauth_request.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PICS"; - -service IamCookieService { - rpc Create (CreateIamCookieRequest) returns (CreateIamCookieResponse); - rpc CreateForUserAccount (CreateIamCookieForSubjectRequest) returns (CreateIamCookieResponse) { - option deprecated = true; - } - rpc CreateForSubject (CreateIamCookieForSubjectRequest) returns (CreateIamCookieResponse); - rpc Revoke (RevokeCookieRequest) returns (RevokeCookieResponse); -} - -message CreateIamCookieForSubjectRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; - yandex.cloud.priv.oauth.v1.OAuthRequest oauth_request = 2; - // additional parameters for cross-domain authentication - string session_id = 3; -} - -message CreateIamCookieRequest { - oneof identity { - option (exactly_one) = true; - string user_account_id = 1 [deprecated = true]; - YandexPassportCookies yandex_passport_cookies = 2; - } - yandex.cloud.priv.oauth.v1.OAuthRequest oauth_request = 10; - // additional parameters for cross-domain authentication - string session_id = 11; -} - -message RevokeCookieRequest { - string iam_cookie = 1 [(required) = true, (sensitive) = true, (sensitive_type) = SENSITIVE_IAM_COOKIE]; - YandexPassportCookies yandex_passport_cookies = 2; -} - -message RevokeCookieResponse { - yandex.cloud.priv.iam.v1.ts.Subject subject = 1; -} - -message CreateIamCookieResponse { - string iam_cookie = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_IAM_COOKIE]; - google.protobuf.Timestamp issued_at = 4; - google.protobuf.Timestamp expires_at = 2; - yandex.cloud.priv.iam.v1.ts.Subject subject = 3; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_token_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_token_service.proto deleted file mode 100644 index 5f7da38c5ad..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/iam_token_service.proto +++ /dev/null @@ -1,69 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto"; -import "yandex/cloud/priv/iam/v1/yandex_passport_cookie.proto"; -import "yandex/cloud/priv/oauth/v1/oauth_request.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PITS"; - -service IamTokenService { - - // method doesn't require auth - rpc Create (CreateIamTokenRequest) returns (CreateIamTokenResponse) { - option (google.api.http) = { post: "/iam/v1/tokens" body: "*" }; - } - - // create iam token for service account - rpc CreateForServiceAccount (CreateIamTokenForServiceAccountRequest) returns (CreateIamTokenResponse); - - // create iam token for compute instance - rpc CreateForComputeInstance (CreateIamTokenForComputeInstanceRequest) returns (CreateIamTokenResponse); - - // create iam token for oauth request - rpc CreateForUserAccount (CreateIamTokenForSubjectRequest) returns (CreateIamTokenResponse) { - option deprecated = true; - } - - // create iam token for oauth request - rpc CreateForSubject (CreateIamTokenForSubjectRequest) returns (CreateIamTokenResponse); -} - -message CreateIamTokenRequest { - oneof identity { - option (exactly_one) = true; - string yandex_passport_oauth_token = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_YANDEX_PASSPORT_OAUTH_TOKEN, (length) = "<=4000"]; - string jwt = 2 [(sensitive) = true, (length) = "<=8000"]; - string iam_cookie = 3 [(sensitive) = true, (sensitive_type) = SENSITIVE_IAM_COOKIE]; - YandexPassportCookies yandex_passport_cookies = 4; - } -} - -message CreateIamTokenForSubjectRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; - yandex.cloud.priv.oauth.v1.OAuthRequest oauth_request = 2; - // additional parameters for cross-domain authentication - string session_id = 3; -} - -message CreateIamTokenForServiceAccountRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; -} - -message CreateIamTokenForComputeInstanceRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - string instance_id = 2 [(required) = true, (length) = "<=50"]; -} - -message CreateIamTokenResponse { - string iam_token = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_IAM_TOKEN]; - google.protobuf.Timestamp issued_at = 4; - google.protobuf.Timestamp expires_at = 2; - yandex.cloud.priv.iam.v1.ts.Subject subject = 3; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key.proto deleted file mode 100644 index dcbf374296a..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PK"; - -message Key { - enum Algorithm { - ALGORITHM_UNSPECIFIED = 0; - RSA_2048 = 1; - RSA_4096 = 2; - } - - string id = 1; - - oneof subject { - string user_account_id = 2; - string service_account_id = 3; - } - - google.protobuf.Timestamp created_at = 4; - string description = 5; - - Algorithm key_algorithm = 6; - string public_key = 7; - - // Base64-encoded (no padding) sha256 hash of DER-encoded RSA public key in SubjectPublicKeyInfo format. - string fingerprint = 8; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key_service.proto deleted file mode 100644 index 41e2ea4eb91..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/key_service.proto +++ /dev/null @@ -1,140 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/priv/iam/v1/key.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PKS"; - -service KeyService { - - rpc Get (GetKeyRequest) returns (Key) { - option (google.api.http) = { get: "/iam/v1/keys/{key_id}" }; - } - - rpc List (ListKeysRequest) returns (ListKeysResponse) { - option (google.api.http) = { get: "/iam/v1/keys" }; - } - - rpc ListByFingerprint (ListKeysByFingerprintRequest) returns (ListKeysByFingerprintResponse); - - rpc Create (CreateKeyRequest) returns (CreateKeyResponse) { - option (google.api.http) = { post: "/iam/v1/keys" body: "*" }; - } - - rpc Update (UpdateKeyRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/keys/{key_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateKeyMetadata" - response: "Key" - }; - } - - rpc Delete (DeleteKeyRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/keys/{key_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc ListOperations (ListKeyOperationsRequest) returns (ListKeyOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/keys/{key_id}/operations" }; - } -} - -message GetKeyRequest { - string key_id = 1 [(length) = "<=50"]; - KeyFormat format = 2; -} - -message ListKeysRequest { - KeyFormat format = 1; - // one of service_account_id, user_account_id or federated_user_id. - // cannot be made oneof{} in spec due to public API incompatibility issues. - // https://bb.yandex-team.ru/projects/CLOUD/repos/cloud-go/pull-requests/7995/overview?commentId=1093148 - // use calling subject if not specified - string service_account_id = 2 [(length) = "<=50"]; - string user_account_id = 5 [(length) = "<=50"]; - string federated_user_id = 6 [(length) = "<=50"]; - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListKeysResponse { - repeated Key keys = 1; - string next_page_token = 2; -} - -message ListKeysByFingerprintRequest { - string fingerprint = 1 [(length) = "43"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListKeysByFingerprintResponse { - repeated Key keys = 1; - string next_page_token = 2; -} - -message CreateKeyRequest { - string key_id = 5 [(length) = "<=50"]; - // one of service_account_id, user_account_id or federated_user_id. - // cannot be made oneof{} in spec due to public API incompatibility issues. - // https://bb.yandex-team.ru/projects/CLOUD/repos/cloud-go/pull-requests/7995/overview?commentId=1093148 - // use calling subject if not specified - string service_account_id = 1 [(length) = "<=50"]; - string user_account_id = 7 [(length) = "<=50"]; - string federated_user_id = 8 [(length) = "<=50"]; - string description = 2 [(length) = "<=256"]; - KeyFormat format = 3; - Key.Algorithm key_algorithm = 4; - string public_key = 6 [(length) = "<=15000"]; // create key with custom public part. no private key in response. -} - -message CreateKeyResponse { - Key key = 1; - string private_key = 2 [(sensitive) = true]; -} - -message UpdateKeyRequest { - string key_id = 1 [(required) = true, (length) = "<=50"]; - google.protobuf.FieldMask update_mask = 2; - string description = 3 [(length) = "<=256"]; -} - -message UpdateKeyMetadata { - string key_id = 1; -} - -message DeleteKeyRequest { - string key_id = 1 [(length) = "<=50"]; -} - -message DeleteKeyMetadata { - string key_id = 1; -} - -message ListKeyOperationsRequest { - string key_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListKeyOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} - -enum KeyFormat { - option (cloud.api.tools.enumeration).lint_skip.unspecified_value = true; - PEM_FILE = 0; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/membership_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/membership_service.proto deleted file mode 100644 index 6dec6e5ef7f..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/membership_service.proto +++ /dev/null @@ -1,50 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PMS"; - -service MembershipService { - rpc ListResourceMembers (ListResourceMembersRequest) returns (ListResourceMembersResponse); - - // List member resources for specified resource type. Response resources are sorted by resource_id. - rpc ListMemberResources (ListMemberResourcesRequest) returns (ListMemberResourcesResponse); -} - -// List all members of a resource of type "resource_type" with id "resource_id". -message ListResourceMembersRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListResourceMembersResponse { - repeated ResourceMember resource_members = 1; - string next_page_token = 2; -} - -message ResourceMember { - string subject_id = 1; -} - -// List all resources of type "resource_type" in which "subject_id" is a member. -message ListMemberResourcesRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListMemberResourcesResponse { - repeated MemberResource member_resources = 1; - string next_page_token = 2; -} - -message MemberResource { - string resource_id = 1; - string resource_type = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/console/totp_profile_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/console/totp_profile_service.proto deleted file mode 100644 index 8d34563bc35..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/console/totp_profile_service.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.mfa.console; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/iam/v1/mfa/totp_profile.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/console;mfa_console"; -option java_outer_classname = "PCTPS"; - -// A set of methods for managing hardware and software time-based one time passwords (TOTP). -// The user credentials should be passed in the authorization header. -service TotpProfileService { - - // Verifies user-supplied TOTP value. See https://tools.ietf.org/html/rfc6238#section-5.2 for the reference. - rpc Verify (VerifyTotpRequest) returns (VerifyTotpResponse) {} -} - -message VerifyTotpRequest { - int64 code = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_REMOVE, (value) = ">0"]; - string totp_profile_id = 2 [(required) = true, (length) = "<=50"]; -} - -message VerifyTotpResponse { - VerificationResult result = 1; - // HTTP-header Set-Cookie for End-User with required per-service cookies, e.g. yc_session. - // See also yandex/cloud/priv/oauth/v1/session_service.proto specification. - repeated string set_cookie_header = 2 [(sensitive) = true]; - google.protobuf.Timestamp retry_at = 3; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile.proto deleted file mode 100644 index 83734ff1647..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile.proto +++ /dev/null @@ -1,43 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.mfa.hardware; - -import "google/protobuf/duration.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/iam/v1/mfa/totp_profile.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware;mfa_hardware"; -option java_outer_classname = "PHTP"; - -message TotpProfile { - // TOTP profile ID. - string id = 1; - // The organization in which the hardware token is registered - string organization_id = 2; - // The user that this token binds to. - string subject_id = 3; - google.protobuf.Timestamp created_at = 4; - // True, if the user has ever been successfully verified. - bool active = 5; - // Descriptions of profile - string description = 6; - // Labels of profile - map<string, string> labels = 7; - // The algorithm used to calculate the hash. - HashAlgorithm algorithm = 8; - // The length of the TOTP code (6-8). - int64 digits = 9; - // The period that a TOTP code will be valid for. - google.protobuf.Duration time_step = 10 [(value) = "10s-10m"]; - // Serial number hardware token - string serial_no = 11; - // Manufacturer hardware token - string manufacturer = 12; - // Model hardware token - string model = 13; - // Start time for the hardware token. Default is Unix Epoch. - google.protobuf.Timestamp start_time = 14; - // Token time lags - google.protobuf.Duration time_drift = 15; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile_service.proto deleted file mode 100644 index 3ec2456c844..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile_service.proto +++ /dev/null @@ -1,243 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.mfa.hardware; - -import "google/protobuf/duration.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/iam/v1/mfa/hardware/totp_profile.proto"; -import "yandex/cloud/priv/iam/v1/mfa/totp_profile.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/hardware;mfa_hardware"; -option java_outer_classname = "PHTPS"; - -// A set of methods for managing hardware time-based one time passwords (TOTP). -// The user credentials should be passed in the authorization header. -service TotpProfileService { - - // Creates hardware TOTP profile - rpc Create (CreateTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "CreateTotpProfileMetadata" - response: "TotpProfile" - }; - } - - // Bulk creates hardware TOTP profiles using file .csv - rpc ImportFromFile (ImportTotpProfilesRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "ImportTotpProfilesMetadata" - response: "ImportTotpProfilesResponse" - }; - } - - // Retrieves hardware TOTP profile by Id - rpc Get (GetTotpProfileRequest) returns (TotpProfile) {} - - // Retrieves the list hardware TOTP profiles by organization_id and filter - rpc List (ListTotpProfilesRequest) returns (ListTotpProfilesResponse) {} - - // Updates hardware TOTP profile - rpc Update (UpdateTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UpdateTotpProfileMetadata" - response: "TotpProfile" - }; - } - - // Updates hardware TOTP profile by id - rpc Delete (DeleteTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteTotpProfileMetadata" - response: "google.protobuf.Empty" - }; - } - - // Retrieves the list of Operations for the specified hardware TOTP profile. - rpc ListOperations (ListTotpProfileOperationsRequest) returns (ListTotpProfileOperationsResponse) {} - - // Binds the token to the user for HelpDesk - rpc Assign (AssignTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "AssignTotpProfileMetadata" - response: "TotpProfile" - }; - } - - // Unbind the token from the user for HelpDesk - rpc Unassign (UnassignTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UnassignTotpProfileMetadata" - response: "TotpProfile" - }; - } - - // Synchronizes clocks for hardware tokens. Doesn't activate profile. - rpc SyncTimeDrift (SyncTimeDriftRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "SyncTimeDriftMetadata" - response: "TotpProfile" - }; - } - - // Verifies user-supplied TOTP value. See https://tools.ietf.org/html/rfc6238#section-5.2 for the reference. - rpc Verify (VerifyTotpRequest) returns (VerifyTotpResponse) {} -} - -message CreateTotpProfileRequest { - - // The organization in which the hardware token is registered - string organization_id = 1 [(required) = true, (length) = "<=50"]; - - // An optional subject_id to auto-assign - string subject_id = 2 [(length) = "<=50"]; - - // Optional description - string description = 3 [(length) = "<=256"]; - - // Optional labels - map<string, string> labels = 4 [(priv.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; - - // Algorithm used to calculate the hash (SHA1, SHA256 or SHA512). Default is SHA1. - HashAlgorithm algorithm = 5; - - // Length of the TOTP code (6, 7 or 8). Default is 6. - int64 digits = 6 [(value) = "0,6,7,8"]; - - // The period that a TOTP code will be valid for. - google.protobuf.Duration time_step = 7 [(value) = "10s-10m"]; - - // secret encoded in HEX - string secret = 8 [(required) = true, (sensitive) = true, (length) = "<=262144"]; - - // Serial number hardware token - string serial_no = 9 [(required) = true, (pattern) = "[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - - // Manufacturer hardware token - string manufacturer = 10 [(length) = "<=256"]; - - // Model hardware token - string model = 11 [(length) = "<=256"]; - - // Start time for the hardware token. Default is Unix Epoch. - google.protobuf.Timestamp start_time = 12; - - // Token time lags - google.protobuf.Duration time_drift = 13; -} - -message CreateTotpProfileMetadata { - string totp_profile_id = 1; -} - -message ImportTotpProfilesRequest { - // Data from file csv, secret encoded in HEX - string data = 1 [(required) = true, (length) = "<=262144", (sensitive) = true]; - HashAlgorithm algorithm = 2; - int64 digits = 3 [(value) = "0,6,7,8"]; - google.protobuf.Duration time_step = 4 [(value) = "10s-10m"]; - string description = 5 [(length) = "<=256"]; - map<string, string> labels = 6 [(priv.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; - string manufacturer = 7 [(length) = "<=256"]; - string model = 8 [(length) = "<=256"]; -} - -message ImportTotpProfilesMetadata { -} - -message ImportTotpProfilesResponse { - repeated hardware.TotpProfile totp_profiles = 1; -} - -message GetTotpProfileRequest { - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListTotpProfilesRequest { - string organization_id = 1 [(required) = true, (length) = "<=50"]; - string filter = 2 [(length) = "<=1000"]; - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListTotpProfilesResponse { - repeated hardware.TotpProfile totp_profiles = 1; - string next_page_token = 2; -} - -message UpdateTotpProfileRequest { - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; - // Mask specifying which totp profile fields will be updated. - google.protobuf.FieldMask update_mask = 2; - string description = 3 [(length) = "<=256"]; - map<string, string> labels = 4 [(priv.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; -} - -message UpdateTotpProfileMetadata { - string totp_profile_id = 1; -} - -message DeleteTotpProfileRequest { - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteTotpProfileMetadata { - string totp_profile_id = 1; -} - -message ListTotpProfileOperationsRequest { - oneof from { - option (exactly_one) = true; - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; - string organization_id = 2 [(required) = true, (length) = "<=50"]; - } - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListTotpProfileOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} - -message AssignTotpProfileRequest { - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; - string subject_id = 2 [(required) = true, (length) = "<=50"]; -} - -message AssignTotpProfileMetadata { - string totp_profile_id = 1; -} - -message UnassignTotpProfileRequest { - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; -} - -message UnassignTotpProfileMetadata { - string totp_profile_id = 1; -} - -message SyncTimeDriftRequest { - string totp_profile_id = 1 [(required) = true, (length) = "<=50"]; - repeated int64 code = 2 [(sensitive) = true, (sensitive_type) = SENSITIVE_REMOVE, (value) = ">0", (size) = ">1"]; - // Maximum number of steps time_step by which the time of the server and the token can differ. Default value is 25 - int64 window_size = 3 [(value) = "1-100"]; -} - -message SyncTimeDriftMetadata { - string totp_profile_id = 1; -} - -message VerifyTotpRequest { - int64 code = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_REMOVE, (value) = ">0"]; - string totp_profile_id = 2 [(required) = true, (length) = "<=50"]; -} - -message VerifyTotpResponse { - VerificationResult result = 1; - google.protobuf.Timestamp retry_at = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/operation_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/operation_service.proto deleted file mode 100644 index 56b9c5b4c12..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/operation_service.proto +++ /dev/null @@ -1,17 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.mfa; - -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa;mfa"; -option java_outer_classname = "POS"; - -service OperationService { - rpc Get (GetOperationRequest) returns (operation.Operation) {} -} - -message GetOperationRequest { - string operation_id = 1 [(required) = true, (length) = "<=50"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/totp_profile.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/totp_profile.proto deleted file mode 100644 index 8fe56d289d4..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/totp_profile.proto +++ /dev/null @@ -1,56 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.mfa; - -import "google/protobuf/duration.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa;mfa"; -option java_outer_classname = "PTP"; - -enum VerificationResult { - VERIFICATION_RESULT_UNSPECIFIED = 0; - // The verification succeeded. - OK = 1; - // The TOTP code sent by the client does not match the code generated on the server side. - CODE_MISMATCH = 2; - // The TOTP code has been used already (possibly a reuse attack). - CODE_REUSE = 3; - // Blocked due to brute force. - TOO_MANY_REQUESTS = 4; - // No TOTP configured for this user. - NOT_SET = 5; - // The verification succeeded, but item >= inner window size (and item < outer window size). - NEED_MORE_CODES = 6; -} - -// Default is SHA1. -enum HashAlgorithm { - HASH_ALGORITHM_UNSPECIFIED = 0; - SHA1 = 1; - SHA256 = 2; - SHA512 = 3; -} - -message TotpProfile { - // TOTP profile ID. - string id = 1; - // The user that this password belongs to. - string subject_id = 2; - // The algorithm used to calculate the hash. - HashAlgorithm algorithm = 3; - // The length of the TOTP code (6-8). - int64 digits = 4; - google.protobuf.Timestamp created_at = 5; - // Additional TOTP parameters. - TotpProfileOptions options = 6; - // True, if the user has ever been successfully verified. - bool active = 7; -} - -// Additional TOTP parameters. -message TotpProfileOptions { - // The period that a TOTP code will be valid for. - google.protobuf.Duration time_step = 1 [(value) = "10s-10m"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/totp_profile_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/totp_profile_service.proto deleted file mode 100644 index 7bed0bd3b31..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa/totp_profile_service.proto +++ /dev/null @@ -1,125 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.mfa; - -import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/mfa/totp_profile.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/mfa;mfa"; -option java_outer_classname = "PTPS"; - -// A set of methods for managing time-based one time passwords (TOTP). -// The user credentials should be passed in the authorization header. -service TotpProfileService { - - // Returns the TOTP profile for the user. - rpc Get (google.protobuf.Empty) returns (TotpProfile) {} - - // Creates a new TOTP profile for the user. This method will fail, if the user - // already has an active TOTP profile. - rpc Create (CreateTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "CreateTotpProfileMetadata" - response: "CreateTotpProfileResponse" - }; - } - - // Deletes the TOTP profile for the user. - rpc Delete (DeleteTotpProfileRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteTotpProfileMetadata" - response: "google.protobuf.Empty" - }; - } - - // Retrieves the list of Operations for the specified TOTP profile. - rpc ListOperations (ListTotpProfileOperationsRequest) returns (ListTotpProfileOperationsResponse) {} - - // Verifies user-supplied TOTP value. See https://tools.ietf.org/html/rfc6238#section-5.2 for the reference. - rpc Verify (VerifyTotpRequest) returns (VerifyTotpResponse) {} - - // Returns the TOTP profile for the specified user. - // This method requires `iam.totpProfiles.manage` permission. - rpc GetForSubject (GetTotpProfileForSubjectRequest) returns (TotpProfile) {} - - // Deletes the TOTP profile for the specified user. - // This method requires `iam.totpProfiles.manage` permission. - rpc DeleteForSubject (DeleteTotpProfileForSubjectRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteTotpProfileForSubjectMetadata" - response: "google.protobuf.Empty" - }; - } - -} - -message CreateTotpProfileRequest { - // The algorithm used to calculate the hash (SHA1, SHA256 or SHA512). Default is SHA1. - HashAlgorithm algorithm = 1; - // The length of the TOTP code (6, 7 or 8). Default is 6. - int64 digits = 2 [(value) = "0,6,7,8"]; - // The default value for time step is 30 seconds. - TotpProfileOptions options = 3; -} - -message CreateTotpProfileMetadata { - string subject_id = 1; -} - -message CreateTotpProfileResponse { - // The secret parameter is an arbitrary key value encoded in Base32 according - // to RFC https://tools.ietf.org/html/rfc3548. - string secret = 1 [(sensitive) = true]; - // The issuer parameter is a string value indicating the provider - // or service this account is associated with. - string issuer = 2; - // Newly created TOTP profile. - TotpProfile totp_profile = 3; -} - -message GetTotpProfileForSubjectRequest { - string subject_id = 1 [(required) = true]; -} - -message DeleteTotpProfileRequest { - int64 code = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_REMOVE, (value) = ">0"]; -} - -message DeleteTotpProfileForSubjectRequest { - string subject_id = 1 [(required) = true]; -} - -message DeleteTotpProfileMetadata { - string subject_id = 1; -} - -message DeleteTotpProfileForSubjectMetadata { - string subject_id = 1; -} - -message ListTotpProfileOperationsRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListTotpProfileOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} - -message VerifyTotpRequest { - int64 code = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_REMOVE, (value) = ">0"]; -} - -message VerifyTotpResponse { - VerificationResult result = 1; - // HTTP-header Set-Cookie for End-User with required per-service cookies, e.g. yc_session. - // See also yandex/cloud/priv/oauth/v1/session_service.proto specification. - repeated string set_cookie_header = 2 [(sensitive) = true]; - google.protobuf.Timestamp retry_at = 3; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client.proto deleted file mode 100644 index f214bfd2d35..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client.proto +++ /dev/null @@ -1,18 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POAC"; - -message OAuthClient { - string id = 1; - string name = 2; - repeated string permission_ids = 3; - string client_secret_sha256 = 4; - repeated string redirect_uris = 5; - repeated string scopes = 6; - repeated string auto_approve_scopes = 7; - repeated string authorized_grant_types = 8; - string federation_id = 9; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client_service.proto deleted file mode 100644 index 98b0aef4eb5..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_client_service.proto +++ /dev/null @@ -1,99 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/oauth_client.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POACS"; - -service OAuthClientService { - rpc Get (GetOAuthClientRequest) returns (OAuthClient); - - rpc List (ListOAuthClientsRequest) returns (ListOAuthClientsResponse); - - rpc Create (CreateOAuthClientRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "OAuthClient" - metadata: "CreateOAuthClientMetadata" - }; - } - - rpc Update (UpdateOAuthClientRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "OAuthClient" - metadata: "UpdateOAuthClientMetadata" - }; - } - - rpc Delete (DeleteOAuthClientRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "google.protobuf.Empty" - metadata: "DeleteOAuthClientMetadata" - }; - } -} - -message ListOAuthClientsRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListOAuthClientsResponse { - repeated OAuthClientListView oauth_clients = 1; - string next_page_token = 2; -} - -message GetOAuthClientRequest { - string oauth_client_id = 1 [(required) = true]; -} - -message OAuthClientListView { - string id = 1; - string name = 2; -} - -message CreateOAuthClientMetadata { - string oauth_client_id = 1; -} - -message UpdateOAuthClientMetadata { - string oauth_client_id = 1; -} - -message DeleteOAuthClientMetadata { - string oauth_client_id = 1; -} - -message CreateOAuthClientRequest { - string oauth_client_id = 1 [(required) = true]; - string name = 2 [(required) = true]; - repeated string permission_ids = 3 [(size) = "<=10000", (length) = "<=255"]; - string client_secret_sha256 = 4 [(length) = "<=64"]; - repeated string redirect_uris = 5 [(size) = "<=1000", (length) = "<=1000"]; - repeated string scopes = 6 [(size) = "<=1000", (length) = "<=255"]; - repeated string auto_approve_scopes = 7 [(size) = "<=1000", (length) = "<=255"]; - repeated string authorized_grant_types = 8[(size) = "<=1000", (length) = "<=255"]; - string federation_id = 9 [(length) = "<=255"]; -} - -message UpdateOAuthClientRequest { - string oauth_client_id = 1 [(required) = true]; - google.protobuf.FieldMask update_mask = 2; - string name = 3; - repeated string permission_ids = 4 [(size) = "<=10000", (length) = "<=255"]; - string client_secret_sha256 = 5 [(length) = "<=64"]; - repeated string redirect_uris = 6 [(size) = "<=1000", (length) = "<=1000"]; - repeated string scopes = 7 [(size) = "<=1000", (length) = "<=255"]; - repeated string auto_approve_scopes = 8 [(size) = "<=1000", (length) = "<=255"]; - repeated string authorized_grant_types = 9 [(size) = "<=1000", (length) = "<=255"]; - string federation_id = 10 [(length) = "<=255"]; -} - -message DeleteOAuthClientRequest { - string oauth_client_id = 1 [(required) = true]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope.proto deleted file mode 100644 index f2080b05700..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope.proto +++ /dev/null @@ -1,13 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POAS"; - -message OAuthScope { - string id = 1; - bool is_system = 2; - string service = 3; - repeated string permission_ids = 4; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope_service.proto deleted file mode 100644 index 1492257e482..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/oauth_scope_service.proto +++ /dev/null @@ -1,90 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/oauth_scope.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POASS"; - -service OAuthScopeService { - rpc Get (GetOAuthScopeRequest) returns (OAuthScope); - - rpc List (ListOAuthScopesRequest) returns (ListOAuthScopesResponse); - - rpc Create (CreateOAuthScopeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "OAuthScope" - metadata: "CreateOAuthScopeMetadata" - }; - } - - rpc Update (UpdateOAuthScopeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "OAuthScope" - metadata: "UpdateOAuthScopeMetadata" - }; - } - - rpc Delete (DeleteOAuthScopeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "google.protobuf.Empty" - metadata: "DeleteOAuthScopeMetadata" - }; - } -} - -message ListOAuthScopesRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListOAuthScopesResponse { - repeated OAuthScopeListView oauth_scopes = 1; - string next_page_token = 2; -} - -message GetOAuthScopeRequest { - string oauth_scope_id = 1 [(required) = true]; -} - -message OAuthScopeListView { - string id = 1; - bool is_system = 2; - string service = 3; -} - -message CreateOAuthScopeMetadata { - string oauth_scope_id = 1; -} - -message UpdateOAuthScopeMetadata { - string oauth_scope_id = 1; -} - -message DeleteOAuthScopeMetadata { - string oauth_scope_id = 1; -} - -message CreateOAuthScopeRequest { - string oauth_scope_id = 1 [(required) = true]; - bool is_system = 2; - string service = 3 [(required) = true]; - repeated string permission_ids = 4 [(size) = "<=10000", (length) = "<=255"]; -} - -message UpdateOAuthScopeRequest { - string oauth_scope_id = 1 [(required) = true]; - google.protobuf.FieldMask update_mask = 2; - bool is_system = 3; - string service = 4; - repeated string permission_ids = 5 [(size) = "<=10000", (length) = "<=255"]; -} - -message DeleteOAuthScopeRequest { - string oauth_scope_id = 1 [(required) = true]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/openapi-meta.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/openapi-meta.yaml deleted file mode 100644 index 31cdeb08886..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/openapi-meta.yaml +++ /dev/null @@ -1,6 +0,0 @@ -info: - title: Iam - version: v1 - description: TODO service description -docURLPrefix: "https://doc.cloud.yandex.ru/iaas/v1" -docName: "FIXME-DOC-NAME-NOT-DEFINED-IN-OPEN-API-META-YAML"
\ No newline at end of file diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/operation_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/operation_service.proto deleted file mode 100644 index 94c4c74c50f..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/operation_service.proto +++ /dev/null @@ -1,20 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POS"; - -service OperationService { - rpc Get (GetOperationRequest) returns (operation.Operation) { - option (google.api.http) = { get: "/iam/v1/operations/{operation_id}" }; - } -} - -message GetOperationRequest { - string operation_id = 1 [(required) = true, (length) = "<=50"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login.proto deleted file mode 100644 index 41608e1bf92..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login.proto +++ /dev/null @@ -1,12 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POL"; - -message OsLoginInfo { - string subject_id = 1; - string os_login = 2; - int64 uid = 3; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login_service.proto deleted file mode 100644 index 15e5cd81127..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/os_login_service.proto +++ /dev/null @@ -1,45 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/os_login.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "POLS"; - -service OsLoginService { - rpc Get (GetOsLoginRequest) returns (OsLoginInfo); - - rpc Update (UpdateOsLoginRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UpdateOsLoginMetadata" - response: "OsLoginInfo" - }; - } -} - -message GetOsLoginRequest { - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - oneof subject {// use calling subject if not specified - string subject_id = 2 [(length) = "<=50"]; - string os_login = 3 [(length) = "<=32"]; - int64 uid = 4; - } -} - -message UpdateOsLoginRequest { - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - string subject_id = 2 [(length) = "<=50"]; // use calling subject if not specified - google.protobuf.FieldMask update_mask = 3; - string os_login = 4 [(length) = "<=32"]; - int64 uid = 5; -} - -message UpdateOsLoginMetadata { - string cloud_id = 1; - string subject_id = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission.proto deleted file mode 100644 index 49ab3be5543..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission.proto +++ /dev/null @@ -1,11 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PPE"; - -message Permission { - string id = 1; - string stage = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_service.proto deleted file mode 100644 index d277c9c3dcc..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_service.proto +++ /dev/null @@ -1,80 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/permission.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PPES"; - -service PermissionService { - rpc Get (GetPermissionRequest) returns (Permission); - - rpc List (ListPermissionsRequest) returns (ListPermissionsResponse); - - rpc Create (CreatePermissionRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "Permission" - metadata: "CreatePermissionMetadata" - }; - } - - rpc Update (UpdatePermissionRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "Permission" - metadata: "UpdatePermissionMetadata" - }; - } - - rpc Delete (DeletePermissionRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "google.protobuf.Empty" - metadata: "DeletePermissionMetadata" - }; - } -} - -message CreatePermissionMetadata { - string permission_id = 1; -} - -message UpdatePermissionMetadata { - string permission_id = 1; -} - -message DeletePermissionMetadata { - string permission_id = 1; -} - -message CreatePermissionRequest { - string permission_id = 1 [(required) = true]; - string stage = 2 [(required) = true]; -} - -message UpdatePermissionRequest { - string permission_id = 1 [(required) = true]; - google.protobuf.FieldMask update_mask = 2; - string stage = 3; -} - -message DeletePermissionRequest { - string permission_id = 1 [(required) = true]; -} - -message GetPermissionRequest { - string permission_id = 1 [(required) = true]; -} - -message ListPermissionsRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListPermissionsResponse { - repeated Permission permissions = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage.proto deleted file mode 100644 index 398c1b6f5fb..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage.proto +++ /dev/null @@ -1,36 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PPS"; - -message PermissionStage { - string id = 1; - string description = 2; -} - -message SetAllPermissionStagesRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; -} - -message SetPermissionStagesRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - repeated string permission_stage_ids = 2; -} - -message SetPermissionStagesMetadata { - string resource_id = 1; -} - -message UpdatePermissionStagesRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - repeated string add_permission_stage_ids = 2; - repeated string remove_permission_stage_ids = 3; -} - -message UpdatePermissionStagesMetadata { - string resource_id = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage_service.proto deleted file mode 100644 index a3f494a2bda..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permission_stage_service.proto +++ /dev/null @@ -1,70 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/permission_stage.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PPSS"; - -service PermissionStageService { - rpc Get (GetPermissionStageRequest) returns (PermissionStage); - - rpc List (ListPermissionStagesRequest) returns (ListPermissionStagesResponse); - - rpc Create (CreatePermissionStageRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "PermissionStage" - metadata: "CreatePermissionStageMetadata" - }; - } - - rpc Delete (DeletePermissionStageRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "google.protobuf.Empty" - metadata: "DeletePermissionMetadata" - }; - } -} - -message CreatePermissionStageMetadata { - string permission_stage_id = 1; -} - -message UpdatePermissionStageMetadata { - string permission_stage_id = 1; -} - -message DeletePermissionStageMetadata { - string permission_stage_id = 1; -} - -message CreatePermissionStageRequest { - string permission_stage_id = 1 [(required) = true]; -} - -message UpdatePermissionStageRequest { - string permission_stage_id = 1 [(required) = true]; -} - -message DeletePermissionStageRequest { - string permission_stage_id = 1 [(required) = true]; -} - -message GetPermissionStageRequest { - string permission_stage_id = 1 [(required) = true]; -} - -message ListPermissionStagesRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; - string filter = 3 [(length) = "<=1000"]; -} - -message ListPermissionStagesResponse { - repeated PermissionStage permission_stages = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permissions.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permissions.yaml deleted file mode 100644 index 22798527112..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/permissions.yaml +++ /dev/null @@ -1,1481 +0,0 @@ -permissions: - - iam.permissionStages.get: - description: Get IAM permission stages - stage: GA - visibility: internal - iam.permissionStages.create: - description: Create IAM permission stages - stage: GA - visibility: internal - - iam.resourceTypes.get: - description: Get IAM resource types - stage: GA - visibility: internal - iam.resourceTypes.create: - description: Create IAM resource types - stage: GA - visibility: internal - iam.resourceTypes.update: - description: Update IAM resource types - stage: GA - visibility: internal - iam.resourceTypes.listRestrictions: - description: List assignment of restrictions on all resources of particular type - stage: GA - visibility: internal - resourceType: iam.resourceType - iam.resourceTypes.updateRestrictions: - description: Manage assignment of restrictions on all resources of particular type - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.permissions.get: - description: Get IAM permissions - stage: GA - visibility: internal - iam.permissions.create: - description: Create IAM permissions - stage: GA - visibility: internal - iam.permissions.update: - description: Update IAM permissions - stage: GA - visibility: internal - - iam.roles.get: - description: Get IAM roles - stage: GA - visibility: internal - iam.roles.create: - description: Create IAM roles - stage: GA - visibility: internal - iam.roles.update: - description: Update IAM roles - stage: GA - visibility: internal - - iam.restrictionTypes.get: - description: Get IAM restriciton types - stage: GA - visibility: internal - resourceType: iam.restrictionType - iam.restrictionTypes.create: - description: Create IAM restriction types - stage: GA - visibility: internal - resourceType: iam.gizmo - iam.restrictionTypes.update: - description: Update IAM restriction types - stage: GA - visibility: internal - resourceType: iam.restrictionType - iam.restrictionTypes.listAccessBindings: - description: List access bindings on restriction type - stage: GA - visibility: internal - resourceType: iam.restrictionType - iam.restrictionTypes.updateAccessBindings: - description: Update access bindings on restriction type - stage: GA - visibility: internal - resourceType: iam.restrictionType - iam.restrictionTypes.use: - description: Manage particular type of restriction on resources - stage: GA - visibility: internal - resourceType: iam.restrictionType - - iam.oauthScopes.get: - description: Get OAuth scopes - stage: GA - visibility: internal - iam.oauthScopes.create: - description: Create OAuth scopes - stage: GA - visibility: internal - iam.oauthScopes.update: - description: Update OAuth scopes - stage: GA - visibility: internal - - iam.oauthClients.get: - description: Get OAuth clients - stage: GA - visibility: internal - iam.oauthClients.create: - description: Create OAuth clients - stage: GA - visibility: internal - iam.oauthClients.update: - description: Update OAuth clients - stage: GA - visibility: internal - - iam.accessBinding.delete: - description: Delete role assignment - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - iam.accessBindings.list: - description: List all role assignments - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - CREATING - - ACTIVE - - DELETING - iam.accessBindings.manageOwners: - description: Manage owner roles in a cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - cloud: - status: - - BLOCKED_BY_BILLING - - CREATING - - ACTIVE - iam.accessBindings.set: - description: Create role assignment - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - BLOCKED_BY_BILLING - - CREATING - - ACTIVE - iam.accessBindings.update: - description: Create role assignment - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - BLOCKED_BY_BILLING - - CREATING - - ACTIVE - iam.accessBindings.changeTopLevelResource: - description: Change top level resource of access bindings - stage: GA - visibility: internal - iam.accessBindings.deleteByTopLevelResource: - description: Delete access bindings by top level resource - stage: GA - visibility: internal - - iam.cloud.update: - # TODO: rename - description: Edits an cloud - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - - iam.cloudOperations.list: - description: List cloud operations - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.cloudUser.create: - description: Create user in cloud - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - iam.cloudUser.delete: - description: Deletes a user - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - iam.cloudUser.get: - description: Get one user in a given cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - iam.cloudUsers.list: - description: List users in a cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - iam.cloudUsers.superList: - description: List users in a cloud with disabled user listing - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.clouds.delete: - description: Deletes an cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - iam.clouds.get: - description: Returns a single cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - CREATING - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: resource-manager.cloud - iam.clouds.getSettings: - description: Returns a single cloud settings - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - CREATING - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - iam.clouds.updateSettings: - description: Updates a single cloud settings - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - cloud: - status: - - CREATING - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - iam.clouds.list: - description: List clouds where current user has membership - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - iam.clouds.setDefaultZone: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - iam.clouds.setUserListingSetting: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: resource-manager.cloud - - iam.federations.create: - description: '' - stage: IAM_FOLDER_SAML_FEDERATIONS - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: resource-manager.folder - iam.federations.createCertificate: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.federation - iam.federations.createUser: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.federation - iam.federations.delete: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.federation - iam.federations.deleteCertificate: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.federationCertificate - iam.federations.deleteUser: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - iam.federations.get: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.federation - iam.federations.getCertificate: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.federationCertificate - iam.federations.list: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: resource-manager.folder - iam.federations.listCertificate: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.federation - iam.federations.update: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.federation - iam.federations.updateCertificate: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.federationCertificate - - iam.federatedUsers.crossCloudBindings: - description: '' - stage: GA - visibility: internal - resourceType: iam.userAccount - - iam.folderOperations.list: - description: List folder operations - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.folders.create: - description: Create folder - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: resource-manager.cloud - iam.folders.delete: - description: Deletes a folder - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: resource-manager.folder - iam.folders.get: - description: Returns a single folder - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: resource-manager.folder - iam.folders.getSettings: - description: Returns a single folder settings - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - CREATING - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - iam.folders.updateSettings: - description: Updates a single folder settings - stage: GA - visibility: public - allowedWhen: - restrictions: - - freeTier - - billSuspend - cloud: - status: - - CREATING - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - iam.folders.list: - description: List folders in an cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: resource-manager.cloud - iam.folders.update: - description: Update folder - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: resource-manager.folder - - iam.operations.get: - description: Get operation - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - iam.operations.list: - description: Get operation - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.roles.list: - description: Get the list of global roles in an cloud - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.serviceAccounts.create: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: resource-manager.folder - iam.serviceAccounts.createForHost: - description: '' - stage: GA - visibility: public - iam.serviceAccounts.delete: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.getAccessKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.createAccessKey: - description: Create access key for service account - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.serviceAccount - iam.serviceAccounts.createAccessKeyWithPrefix: - description: Create access key for service account with regional prefix - stage: IAM_ACCESS_KEY_PREFIX - visibility: internal - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.serviceAccount - iam.serviceAccounts.updateAccessKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.deleteAccessKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.getApiKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.createApiKey: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.serviceAccount - iam.serviceAccounts.updateApiKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.deleteApiKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.getSshKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.createSshKey: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.serviceAccount - iam.serviceAccounts.deleteSshKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.serviceAccount - iam.userAccounts.getSshKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.userAccount - iam.userAccounts.createSshKey: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.userAccount - iam.userAccounts.deleteSshKey: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.userAccount - iam.userAccounts.getSettings: - description: 'Чтение userSettings пользователя' - stage: GA - visibility: public - resourceType: iam.userAccount - iam.serviceAccounts.get: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.issueToken: - description: '' - stage: GA - visibility: public - resourceType: iam.serviceAccount - iam.serviceAccounts.issueCookie: - description: '' - stage: GA - visibility: internal - resourceType: iam.serviceAccount - iam.serviceAccounts.issueTokenForInstance: - description: '' - stage: GA - visibility: public - resourceType: iam.serviceAccount - iam.serviceAccounts.issueTokenForRestrictedAlgorithm: - description: '' - stage: GA - visibility: internal - resourceType: iam.serviceAccount - iam.serviceAccounts.list: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: resource-manager.folder - iam.serviceAccounts.listAccessKeys: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.serviceAccount - iam.accessKeys.listByFingerprint: - description: List access keys by secret key fingerprint - stage: GA - visibility: internal - iam.serviceAccounts.listApiKeys: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.serviceAccount - iam.serviceAccounts.update: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.serviceAccount - iam.serviceAccounts.use: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - iam.serviceAccounts.crossCloudBindings: - description: '' - stage: GA - visibility: internal - resourceType: iam.serviceAccount - allowedWhen: - cloud: - status: - - ACTIVE - iam.serviceAccounts.listAccessBindings: - description: '' - stage: GA - visibility: public - resourceType: iam.serviceAccount - allowedWhen: - restrictions: - - freeTier - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - CREATING - - ACTIVE - - DELETING - iam.serviceAccounts.updateAccessBindings: - description: '' - stage: GA - visibility: public - resourceType: iam.serviceAccount - allowedWhen: - restrictions: - - freeTier - - billSuspend - cloud: - status: - - BLOCKED_BY_BILLING - - CREATING - - ACTIVE - iam.tokenKeys.create: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.tokenKeys.update: - description: '' - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.tokenKeys.delete: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.tokenKeys.get: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - - iam.authorizedKeys.create: - description: Create authorized key - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.authorizedKeys.update: - description: Update authorized key - stage: GA - visibility: public - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.authorizedKeys.delete: - description: Delete authorized key - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.authorizedKeys.get: - description: Get authorized key - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - iam.authorizedKeys.listByFingerprint: - description: List authorized keys by public key fingerprint - stage: GA - visibility: internal - - iam.userAccounts.createAccessKey: - description: Create user access key - stage: GA - visibility: internal - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.userAccount - iam.userAccounts.createAccessKeyWithPrefix: - description: Create user access key with regional prefix - stage: IAM_ACCESS_KEY_PREFIX - visibility: internal - allowedWhen: - cloud: - status: - - ACTIVE - resourceType: iam.userAccount - iam.userAccounts.deleteAccessKey: - description: Delete user access key - stage: GA - visibility: internal - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.userAccount - iam.userAccounts.getAccessKey: - description: Get user access key - stage: GA - visibility: internal - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.userAccount - iam.userAccounts.listAccessKeys: - description: List user access keys - stage: GA - visibility: internal - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - resourceType: iam.userAccount - iam.userAccounts.updateAccessKey: - description: Update user access key - stage: GA - visibility: internal - allowedWhen: - restrictions: - - billSuspend - cloud: - status: - - ACTIVE - - BLOCKED_BY_BILLING - - DELETING - resourceType: iam.userAccount - - iam.userAccounts.createManaged: - description: 'Create a user account that is managed by an external system.' - stage: GA - visibility: internal - resourceType: iam.gizmo - - iam.userAccounts.delete: - description: 'Delete a user account.' - stage: GA - visibility: internal - resourceType: iam.gizmo - - iam.userAccounts.get: - description: '' - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.subjects.issueCookie: - description: 'Issue cookie for subject' - stage: GA - visibility: internal - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - - iam.subjects.issueToken: - description: 'Issue token for subject' - stage: GA - visibility: internal - resourceType: - oneOf: [iam.serviceAccount, iam.userAccount] - - iam.userAccounts.issueCookie: - description: 'Issue cookie for user account' - stage: GA - visibility: internal - resourceType: iam.userAccount - - iam.userAccounts.issueToken: - description: 'Issue token for user account' - stage: GA - visibility: internal - resourceType: iam.userAccount - - iam.userAccounts.issueTokenFromJwt: - description: 'Issue token for user account from JWT' - stage: GA - visibility: internal - resourceType: iam.userAccount - - iam.userAccounts.createTotpProfile: - description: 'Create TOTP profile for user account' - stage: GA - visibility: internal - resourceType: iam.userAccount - - iam.userAccounts.presignUrl: - description: 'Create signature for storage URL' - stage: GA - visibility: internal - resourceType: iam.userAccount - - iam.userOperations.list: - description: List user operations - stage: GA - visibility: public - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.resourceTypes.membership: - description: Special permission granting membership in a top-level resource - stage: GA - visibility: public - - iam.resourceTypes.listMemberships: - description: View top-level resource members and member resources - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.resourceTypes.listAccessBindings: - description: List access bindings on resource type - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.resourceTypes.updateAccessBindings: - description: Update access bindings on resource type - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.gizmo.listAccessBindings: - description: List gizmo access bindings - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.gizmo.updateAccessBindings: - description: Update gizmo access bindings - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.root.listAccessBindings: - description: List root access bindings - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.root.updateAccessBindings: - description: Update root access bindings - stage: GA - visibility: internal - resourceType: iam.resourceType - - iam.subjects.getOsLogin: - description: Get OS login information of a subject - stage: GA - visibility: internal - resourceType: iam.subject - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.subjects.updateOsLogin: - description: Update OS login information of a subject - stage: GA - visibility: internal - resourceType: iam.subject - allowedWhen: - cloud: - status: - - ACTIVE - - iam.quotas.get: - description: Get IAM quotas - stage: GA - visibility: public - resourceType: resource-manager.cloud - allowedWhen: - restrictions: - - billSuspend - - fraud - - deletingContainer - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.quotas.updateLimit: - description: Update IAM quotas - stage: GA - visibility: internal - resourceType: resource-manager.cloud - allowedWhen: - restrictions: - - billSuspend - cloud: - status: - - BLOCKED - - BLOCKED_BY_BILLING - - ACTIVE - - DELETING - - iam.internal.diagnostics: - description: Usage of intenal diagnostic tools - stage: GA - visibility: internal - resourceType: iam.gizmo - - iam.totpProfiles.manage: - description: '' - stage: GA - visibility: internal - resourceType: iam.totpProfile - - iam.invitees.getOrCreate: - description: Create (or get if exists) invitees - stage: GA - visibility: internal - resourceType: iam.gizmo - - iam.subjects.merge: - description: Merge subjects - stage: GA - visibility: internal - resourceType: iam.gizmo - - iam.subjects.delete: - description: Delete subjects - stage: GA - visibility: internal - resourceType: iam.gizmo diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quota_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quota_service.proto deleted file mode 100644 index b425b36e1de..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quota_service.proto +++ /dev/null @@ -1,17 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/empty.proto"; -import "yandex/cloud/priv/quota/quota.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PQS"; - -service QuotaService { - rpc Get (quota.GetQuotaRequest) returns (quota.Quota); - - rpc Update (quota.UpdateQuotaMetricRequest) returns (google.protobuf.Empty); - - rpc GetDefault (quota.GetQuotaDefaultRequest) returns (quota.GetQuotaDefaultResponse); -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quotas.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quotas.yaml deleted file mode 100644 index 8f3a2d16783..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/quotas.yaml +++ /dev/null @@ -1,2 +0,0 @@ -quotas: - - iam.accessBindings.count diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type.proto deleted file mode 100644 index 59c74b882ee..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type.proto +++ /dev/null @@ -1,11 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRST"; - -message ResourceType { - string id = 1; - string access_bindings_listing_permission = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type_service.proto deleted file mode 100644 index a04190169c6..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resource_type_service.proto +++ /dev/null @@ -1,105 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/access/access.proto"; -import "yandex/cloud/priv/iam/v1/resource_type.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRSTS"; - -service ResourceTypeService { - rpc Get (GetResourceTypeRequest) returns (ResourceType); - - rpc List (ListResourceTypesRequest) returns (ListResourceTypeResponse); - - rpc Create (CreateResourceTypeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "ResourceType" - metadata: "CreateResourceTypeMetadata" - }; - } - - rpc Update (UpdateResourceTypeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "ResourceType" - metadata: "UpdateResourceTypeMetadata" - }; - } - - rpc Delete (DeleteResourceTypeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "ResourceType" - metadata: "DeleteResourceTypeMetadata" - }; - } - - rpc ListAccessBindings (ListResourceTypeAccessBindingsRequest) returns (access.ListAccessBindingsResponse); - - rpc UpdateAccessBindings (UpdateResourceTypeAccessBindingsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UpdateResourceTypeAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message CreateResourceTypeMetadata { - string resource_type = 1; -} - -message UpdateResourceTypeMetadata { - string resource_type = 1; -} - -message DeleteResourceTypeMetadata { - string resource_type = 1; -} - -message CreateResourceTypeRequest { - string resource_type = 1 [(required) = true]; - string access_bindings_listing_permission = 2; -} - -message UpdateResourceTypeRequest { - string resource_type = 1 [(required) = true]; - google.protobuf.FieldMask update_mask = 2; - string access_bindings_listing_permission = 3; -} - -message DeleteResourceTypeRequest { - string resource_type = 1 [(required) = true]; -} - -message GetResourceTypeRequest { - string resource_type = 1 [(required) = true]; -} - -message ListResourceTypesRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message ListResourceTypeResponse { - repeated ResourceType resource_types = 1; - string next_page_token = 2; -} - -message ListResourceTypeAccessBindingsRequest { - string resource_type = 1 [(required) = true, (length) = "<=100"]; - int64 page_size = 2 [(value) = "<=1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message UpdateResourceTypeAccessBindingsRequest { - string resource_type = 1 [(required) = true, (length) = "<=100"]; - repeated access.AccessBindingDelta access_binding_deltas = 2 [(size) = ">0"]; -} - -message UpdateResourceTypeAccessBindingsMetadata { - string resource_type = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resources.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resources.yaml deleted file mode 100644 index 885c82a3d10..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/resources.yaml +++ /dev/null @@ -1,26 +0,0 @@ -resources: - iam.resourceType: - parents: [root] - iam.gizmo: - parents: [root] - iam.subject: - parents: [root] - iam.restrictionType: - parents: [root] - iam.serviceAccount: - parents: [iam.subject, resource-manager.folder] - accessBindingsListingPermission: iam.serviceAccounts.listAccessBindings - iam.userAccount: - parents: [iam.subject] - iam.accessKey: - parents: [iam.subject] - iam.authorizedKey: - parents: [iam.subject] - iam.apiKey: - parents: [iam.serviceAccount] - iam.federationCertificate: - parents: [iam.federation] - iam.federation: - parents: [resource-manager.folder] - iam.totpProfile: - parents: [iam.subject] diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction.proto deleted file mode 100644 index 6b9d7aaf9da..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction.proto +++ /dev/null @@ -1,16 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/iam/v1/restriction_type.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRN"; - -message Restriction { - RestrictionKind restriction_kind = 1; - string restriction_type_id = 2; - google.protobuf.Timestamp added_at = 3; - string added_by = 4; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_service.proto deleted file mode 100644 index 19b5efa97c4..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_service.proto +++ /dev/null @@ -1,89 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/restriction.proto"; -import "yandex/cloud/priv/iam/v1/restriction_type.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRNS"; - -service RestrictionService { - rpc List (ListRestrictionsRequest) returns (ListRestrictionsResponse); - - rpc Add (AddRestrictionRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "AddRestrictionMetadata" - response: "Restriction" - }; - } - - rpc Remove (RemoveRestrictionRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "RemoveRestrictionMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc RemoveAll (RemoveAllRestrictionsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "RemoveAllRestrictionsMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message ListRestrictionsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; - RestrictionKind restriction_kind = 3; - int64 page_size = 4 [(value) = "<=1000"]; - string page_token = 5 [(length) = "<=100"]; -} - -message ListRestrictionsResponse { - repeated Restriction restrictions = 1; - string next_page_token = 2; -} - -message AddRestrictionRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; - // If set, perform operation on behalf of subject with this id. - string on_behalf_of_subject_id = 3 [(length) = "<=50"]; - string restriction_type_id = 4 [(required) = true, (length) = "<=100"]; -} - -message AddRestrictionMetadata { - string resource_id = 1; - string resource_type = 2; - string on_behalf_of_subject_id = 3; -} - -message RemoveRestrictionRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; - // If set, perform operation on behalf of subject with this id. - string on_behalf_of_subject_id = 3 [(length) = "<=50"]; - string restriction_type_id = 4 [(required) = true, (length) = "<=100"]; -} - -message RemoveRestrictionMetadata { - string resource_id = 1; - string resource_type = 2; - string on_behalf_of_subject_id = 3; - string restriction_type_id = 4; -} - -message RemoveAllRestrictionsRequest { - string resource_id = 1 [(required) = true, (length) = "<=50"]; - string resource_type = 2 [(required) = true, (length) = "<=100"]; -} - -message RemoveAllRestrictionsMetadata { - string resource_id = 1; - string resource_type = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type.proto deleted file mode 100644 index 59de0f83d84..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/duration.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRNT"; - -enum RestrictionKind { - RESTRICTION_KIND_UNSPECIFIED = 0; - BLOCK_PERMISSIONS = 1; -} - -message RestrictionType { - string id = 1; - RestrictionKind restriction_kind = 2; - - oneof type { - BlockPermissions block_permissions = 3; - } - - message BlockPermissions { - string role_mask = 1; - bool direct_mask = 2; - repeated string services_to_stop = 3; - repeated string resources_to_stop = 4; - google.protobuf.Duration stop_delay = 5; - google.protobuf.Duration deletion_initiation_interval = 6; - google.protobuf.Duration deletion_delay = 7; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type_service.proto deleted file mode 100644 index 845e9aeb70c..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/restriction_type_service.proto +++ /dev/null @@ -1,114 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/duration.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/access/access.proto"; -import "yandex/cloud/priv/iam/v1/restriction_type.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRNTS"; - -service RestrictionTypeService { - rpc Get (GetRestrictionTypeRequest) returns (RestrictionType); - - rpc List (ListRestrictionTypesRequest) returns (ListRestrictionTypesResponse); - - rpc Create (CreateRestrictionTypeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "CreateRestrictionTypeMetadata" - response: "RestrictionType" - }; - } - - rpc Update (UpdateRestrictionTypeRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UpdateRestrictionTypeMetadata" - response: "RestrictionType" - }; - } - - // access - - rpc ListAccessBindings (access.ListAccessBindingsRequest) returns (access.ListAccessBindingsResponse); - - rpc SetAccessBindings (access.SetAccessBindingsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "access.SetAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc UpdateAccessBindings (access.UpdateAccessBindingsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "access.UpdateAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message GetRestrictionTypeRequest { - string restriction_type_id = 1 [(required) = true, (length) = "<=100"]; -} - -message ListRestrictionTypesRequest { - RestrictionKind restriction_kind = 1; - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; -} - -message ListRestrictionTypesResponse { - repeated RestrictionType restriction_types = 1; - string next_page_token = 2; -} - -message CreateRestrictionTypeRequest { - string restriction_type_id = 1 [(required) = true, (length) = "<=100"]; - - oneof type { - option (exactly_one) = true; - BlockPermissions block_permissions = 2; - } - - message BlockPermissions { - string role_mask = 1 [(required) = true, (length) = "<=100"]; - bool direct_mask = 2; - repeated string services_to_stop = 3 [(size) = "<=100", (length) = "<=100"]; - repeated string resources_to_stop = 4 [(size) = "<=100", (length) = "<=100"]; - google.protobuf.Duration stop_delay = 5; - google.protobuf.Duration deletion_initiation_interval = 6; - google.protobuf.Duration deletion_delay = 7; - } -} - -message CreateRestrictionTypeMetadata { - string restriction_type_id = 1; -} - -message UpdateRestrictionTypeRequest { - string restriction_type_id = 1 [(required) = true, (length) = "<=100"]; - google.protobuf.FieldMask update_mask = 2; - - oneof type { - option (exactly_one) = true; - BlockPermissions block_permissions = 3; - } - - message BlockPermissions { - string role_mask = 1 [(length) = "<=100"]; - bool direct_mask = 2; - repeated string services_to_stop = 3 [(size) = "<=100", (length) = "<=100"]; - repeated string resources_to_stop = 4 [(size) = "<=100", (length) = "<=100"]; - google.protobuf.Duration stop_delay = 5; - google.protobuf.Duration deletion_initiation_interval = 6; - google.protobuf.Duration deletion_delay = 7; - } -} - -message UpdateRestrictionTypeMetadata { - string restriction_type_id = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role.proto deleted file mode 100644 index 4aed76da4c4..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role.proto +++ /dev/null @@ -1,13 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PR"; - -message Role { - string id = 1; - string description = 2; - repeated string permission_ids = 3; - bool is_system = 4; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role_service.proto deleted file mode 100644 index 807308a7d59..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/role_service.proto +++ /dev/null @@ -1,95 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/role.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRS"; - -service RoleService { - rpc Get (GetRoleRequest) returns (Role); - - rpc List (ListRolesRequest) returns (ListRolesResponse); - - rpc Create (CreateRoleRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "Role" - metadata: "CreateRoleMetadata" - }; - } - - rpc Update (UpdateRoleRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - response: "Role" - metadata: "UpdateRoleMetadata" - }; - } - - rpc Delete (DeleteRoleRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteRoleMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message CreateRoleMetadata { - string role_id = 1; -} - -message UpdateRoleMetadata { - string role_id = 1; -} - -message DeleteRoleMetadata { - string role_id = 1; -} - -message CreateRoleRequest { - string role_id = 1 [(required) = true]; - bool is_system = 2; - repeated string permission_ids = 3 [(size) = "<=10000", (length) = "<=255"]; -} - -message UpdateRoleRequest { - string role_id = 1 [(required) = true]; - google.protobuf.FieldMask update_mask = 2; - bool is_system = 3; - repeated string permission_ids = 4 [(size) = "<=10000", (length) = "<=255"]; -} - -message DeleteRoleRequest { - string role_id = 1 [(required) = true]; -} - -message GetRoleRequest { - string role_id = 1 [(required) = true]; -} - -message ListRolesRequest { - int64 page_size = 1 [(value) = "0-1000"]; - string page_token = 2 [(length) = "<=100"]; - string filter = 3 [(length) = "<=1000"]; - - RoleView view = 4; -} - -message ListRolesResponse { - repeated Role roles = 1; - string next_page_token = 2; -} - -enum RoleView { - option (cloud.api.tools.enumeration).lint_skip.unspecified_value = true; - // Omits the permission_ids field. This is the default value. - BASIC = 0; - - // Returns all fields. - FULL = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/roles.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/roles.yaml deleted file mode 100644 index 86e2f6a6ba9..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/roles.yaml +++ /dev/null @@ -1,568 +0,0 @@ -role_groups: - iam: - name: IAM roles - -roles: - - ############################################################################## - # Public Roles - ############################################################################## - - iam.viewer: - groups: [iam] - name: IAM-viewer - visibility: public - description: '' - scopes: - - yc.iam.serviceAccounts.accessKey.get - - yc.iam.serviceAccounts.apiKey.get - - yc.iam.serviceAccounts.sshKey.get - - yc.iam.serviceAccounts.get - - yc.resource-manager.folders.get # ? - - yc.resource-manager.clouds.get # ? - permissions: - - iam.accessBindings.list - - iam.authorizedKeys.get - - iam.cloudOperations.list - - iam.cloudUser.get - - iam.cloudUsers.list - - iam.cloudUsers.superList - - iam.federations.get - - iam.folderOperations.list - - iam.operations.{get,list} - - iam.roles.list - - iam.serviceAccounts.listAccessBindings - - iam.tokenKeys.get - - iam.userAccounts.get - - iam.userOperations.list - - iam.quotas.get - - iam.editor: - groups: [iam] - name: IAM-editor - visibility: public - description: '' - includedRoles: - - iam.viewer - scopes: - - yc.iam.serviceAccounts.manage - - yc.resource-manager.folders.manage - - yc.iam.serviceAccounts.use - permissions: - - iam.authorizedKeys.{create,delete,update} - - iam.cloud.update - - iam.clouds.getSettings - - iam.clouds.updateSettings - - iam.cloudUser.delete - - iam.folders.getSettings - - iam.folders.updateSettings - - iam.tokenKeys.{create,delete,update} - - iam.userAccounts.{create,delete}SshKey - - iam.admin: - groups: [iam] - name: IAM-admin - visibility: public - description: '' - includedRoles: - - iam.editor - - iam.serviceAccounts.admin - scopes: - - yc.iam.federations.manage - - yc.iam.accessBindings.manage - - yc.iam.clouds.manage - permissions: - - iam.cloudUser.create - - iam.serviceAccounts.admin: - groups: [iam] - name: Администратор сервисных аккаунтов - visibility: public - description: '' - scopes: - - yc.iam.serviceAccounts.manage - - yc.iam.authorizedKeys.get - - yc.iam.serviceAccounts.accessKey.get - - yc.iam.serviceAccounts.apiKey.get - - yc.iam.serviceAccounts.sshKey.get - - yc.iam.serviceAccounts.get - - yc.iam.serviceAccounts.use - - yc.iam.serviceAccounts.issueToken - - yc.resource-manager.folders.get - permissions: - - iam.serviceAccounts.{list,update}AccessBindings - - iam.serviceAccounts.tokenCreator: - groups: [iam] - name: Роль для получения токена сервис-аккаунта, на который она назначена - visibility: public - description: '' - scopes: - - yc.iam.serviceAccounts.issueToken - - iam.serviceAccounts.user: - groups: [iam] - name: Пользователь сервисного аккаунта - visibility: public - description: ' специальная роль для доступа к сервисным аккаунтам' - scopes: - - yc.iam.serviceAccounts.get - - yc.iam.serviceAccounts.use - permissions: [] - - iam.serviceAccounts.accessKeyAdmin: - groups: [iam] - name: Администратор access-ключей - visibility: public - description: '' - permissions: - - iam.serviceAccounts.{create,get,update,delete}AccessKey - - iam.serviceAccounts.apiKeyAdmin: - groups: [iam] - name: Администратор API-ключей - visibility: public - description: '' - permissions: - - iam.serviceAccounts.{create,get,update,delete}ApiKey - - iam.serviceAccounts.authorizedKeyAdmin: - groups: [iam] - name: Администратор авторизованных ключей - visibility: public - description: '' - permissions: - - iam.authorizedKeys.{create,get,update,delete} - - iam.serviceAccounts.keyAdmin: - groups: [iam] - name: Администратор ключей - visibility: public - description: '' - includedRoles: - - iam.serviceAccounts.accessKeyAdmin - - iam.serviceAccounts.apiKeyAdmin - - iam.serviceAccounts.authorizedKeyAdmin - - ############################################################################## - # Support Roles - ############################################################################## - - iam.support: - groups: [iam, staff] - name: Support IAM - visibility: internal - description: Role for support engineers to see access bindings and premissions - permissions: - - iam.accessBindings.list - - iam.authorizedKeys.get - - iam.cloudOperations.list - - iam.cloudUser.get - - iam.cloudUsers.list - - iam.cloudUsers.superList - - iam.clouds.{get,list} - - iam.folderOperations.list - - iam.folders.{get,list} - - iam.folders.create - - iam.operations.{get,list} - - iam.roles.list - - iam.serviceAccounts.getAccessKey - - iam.serviceAccounts.getApiKey - - iam.serviceAccounts.getSshKey - - iam.serviceAccounts.listAccessKeys - - iam.serviceAccounts.listApiKeys - - iam.serviceAccounts.{get,list} - - iam.serviceAccounts.listAccessBindings - - iam.tokenKeys.get - - iam.userAccounts.get - - iam.userAccounts.getAccessKey - - iam.userAccounts.getSettings - - iam.userAccounts.getSshKey - - iam.userAccounts.listAccessKeys - - iam.userOperations.list - - iam.federations.{get,list} - - iam.quotas.updateLimit - - resource-manager.clouds.listAccessBindings - - resource-manager.clouds.listRestrictions - - resource-manager.clouds.listPermissionStages - - resource-manager.clouds.updatePermissionStages - - resource-manager.folders.listAccessBindings - - iam.supportAdmin: - groups: [iam, staff] - name: Support IAM Admin - visibility: internal - description: Privileged Operations in IAM for support engineers - includedRoles: - - iam.support - permissions: [] - - ############################################################################## - # On-call Roles - ############################################################################## - - iam.onCall: - groups: [iam, staff] - name: On-call IAM - visibility: internal - description: Role for IAM on-call engineers to see access bindings and premissions - includedRoles: - - onCall - permissions: - - iam.accessBindings.list - - iam.authorizedKeys.get - - iam.cloudOperations.list - - iam.cloudUser.get - - iam.cloudUsers.list - - iam.cloudUsers.superList - - iam.clouds.{get,list} - - iam.folderOperations.list - - iam.folders.{get,list} - - iam.folders.create - - iam.operations.{get,list} - - iam.roles.list - - iam.serviceAccounts.getAccessKey - - iam.serviceAccounts.getApiKey - - iam.serviceAccounts.getSshKey - - iam.serviceAccounts.listAccessKeys - - iam.serviceAccounts.listApiKeys - - iam.serviceAccounts.{get,list} - - iam.serviceAccounts.listAccessBindings - - iam.tokenKeys.get - - iam.userAccounts.get - - iam.userAccounts.getAccessKey - - iam.userAccounts.getSettings - - iam.userAccounts.getSshKey - - iam.userAccounts.listAccessKeys - - iam.userOperations.list - - iam.federations.{get,list} - - resource-manager.clouds.listAccessBindings - - resource-manager.clouds.listRestrictions - - resource-manager.clouds.listPermissionStages - - resource-manager.clouds.updatePermissionStages - - resource-manager.folders.listAccessBindings - - iam.onCallAdmin: - groups: [iam, staff] - name: On-call IAM Admin - visibility: internal - description: Privileged Operations in IAM for on-call engineers - includedRoles: - - iam.onCall - - internal.iam.metaModelEditor - permissions: - - iam.accessBinding.delete - - iam.accessBindings.update - - iam.accessBindings.manageOwners - - iam.authorizedKeys.delete - - iam.cloudUser.delete - - iam.clouds.delete - - iam.folders.delete - - iam.serviceAccounts.delete - - iam.serviceAccounts.deleteAccessKey - - iam.serviceAccounts.deleteApiKey - - iam.serviceAccounts.deleteSshKey - - iam.tokenKeys.delete - - iam.userAccounts.{delete,update}AccessKey - - iam.userAccounts.deleteSshKey - - iam.quotas.updateLimit - - iam.totpProfiles.manage - - - ############################################################################## - # Internal Roles - ############################################################################## - - internal.iam.restrictedTokenCreator: - groups: [iam] - name: Роль для получения токена сервис-аккаунта, который лежит в folderе на который назначена эта роль - visibility: internal - description: '' - permissions: - - iam.serviceAccounts.issueTokenForRestrictedAlgorithm - - internal.iam.prefixedAccessKeyCreator: - groups: [iam] - name: Роль для создания Access Key с региональным префиксом - visibility: internal - description: '' - permissions: - - iam.serviceAccounts.createAccessKeyWithPrefix - - iam.userAccounts.createAccessKeyWithPrefix - - internal.identityagent: - groups: [iam] - name: (Внутренняя) Агент Identity - visibility: internal - description: ' доступ для создания сетей и presigned URL' - permissions: - - billingInternal.accounts.activateReferralCode - - billingInternal.accounts.bindCloud - - compute.instances.{get,list} - - computeInternal.instances.{get,list} - - iam.clouds.get - - resource-manager.clouds.get - - iam.serviceAccounts.issueCookie - - iam.serviceAccounts.issueToken - - iam.userAccounts.createAccessKey - - iam.userAccounts.getAccessKey - - iam.userAccounts.issueCookie - - iam.userAccounts.issueToken - - iam.userAccounts.presignUrl - - iam.subjects.issueCookie - - iam.subjects.issueToken - - s3.objects.getObject - - s3.objects.putObject - - vpc.addresses.createExternal - - vpc.addresses.createInternal - - vpc.networks.create - - vpc.networks.createDefaultSecurityGroup - - vpc.networks.createRouteTable - - vpc.networks.createSubnet - - vpc.networks.use - - vpc.subnets.create - - vpc.subnets.assignExtraParams - - internal.tokenagent: - groups: [iam] - name: (Внутренняя) token agent - visibility: internal - description: Роль для инициализации хостов - permissions: - - iam.authorizedKeys.create - - iam.serviceAccounts.createForHost - - iam.tokenKeys.create - - internal.iamE2eTests: - groups: [iam] - name: (Внутренняя) IAM Private-API E2E Tests - visibility: internal - description: Роль для E2E тестов приватного API IAM - permissions: - - iam.serviceAccounts.issueCookie - - iam.serviceAccounts.issueToken - - iam.serviceAccounts.issueTokenForInstance - - iam.userAccounts.issueCookie - - iam.userAccounts.issueToken - - iam.subjects.issueCookie - - iam.subjects.issueToken - - iam.resourceTypes.listAccessBindings - - iam.resourceTypes.updateAccessBindings - - iam.resourceTypes.listMemberships - - iam.gizmo.listAccessBindings - - iam.gizmo.updateAccessBindings - - iam.root.listAccessBindings - - iam.root.updateAccessBindings - - internal.iam.crossCloudBindings: - groups: [iam] - name: (Внутренняя) Редактор closs-cloud прав - visibility: internal - description: Системная роль для редактирования прав на ресурсы чужих облаков - permissions: - - iam.serviceAccounts.crossCloudBindings - - iam.federatedUsers.crossCloudBindings - - internal.iam.accessBindings.viewer: - groups: [iam] - name: (Внутренняя) Чтение прав доступа - visibility: internal - description: Чтение прав доступа на ресурсах определённых типов и просмотр членства - permissions: - - iam.accessBindings.list - - iam.resourceTypes.listMemberships - - internal.iam.accessBindings.admin: - groups: [iam] - name: (Внутренняя) Администрирование прав доступа - visibility: internal - description: Администрирование прав доступа на ресурсах определённых типов и просмотр членства - includedRoles: - - internal.iam.accessBindings.viewer - permissions: - - iam.accessBindings.update - - internal.iam.rootAccessBindingAdmin: - groups: [iam] - name: (Внутренняя) Администрирование прав доступа на root - visibility: internal - description: Администрирование прав доступа на корневой объект иерархии ресурсов - permissions: - - iam.root.listAccessBindings - - iam.root.updateAccessBindings - - internal.iam.gizmoAccessBindingAdmin: - groups: [iam] - name: (Внутренняя) Администрирование прав доступа на gizmo - visibility: internal - description: Администрирование прав доступа на gizmo-ресурс - permissions: - - iam.gizmo.listAccessBindings - - iam.gizmo.updateAccessBindings - - internal.iam.resourceTypes.admin: - groups: [iam] - name: (Внутренняя) Администрирование прав доступа на типы ресурсов - visibility: internal - description: Администрирование прав доступа на типы ресурсов - permissions: - - iam.resourceTypes.listAccessBindings - - iam.resourceTypes.updateAccessBindings - - internal.iam.restrictionTypes.user: - groups: [iam] - name: (Внутренняя) Администрирование ограничениями - visibility: internal - description: Администрирование ограничения определённого типа на ресурсах - permissions: - - iam.restrictionTypes.use - - internal.iam.restrictionTypes.admin: - groups: [iam] - name: (Внутренняя) Администрирование прав доступа на типы ограничений - visibility: internal - description: Администрирование прав доступа на типы ограничений - includedRoles: - - internal.iam.restrictionTypes.user - permissions: - - iam.restrictionTypes.listAccessBindings - - iam.restrictionTypes.updateAccessBindings - - internal.iam.quotas.admin: - groups: [ iam ] - name: (Внутренняя) Администрирование квот на ресурсы - visibility: internal - description: Администрирование лимитов квот на облака - permissions: - - iam.quotas.updateLimit - - internal.iam.agent: - groups: [iam] - name: (Внутренняя) IAM control plane - visibility: internal - description: Роль для инстансных SA IAM control plane - permissions: - - resource-manager.folders.get - - organization-manager.organizations.listInvitations - - internal.iam.listResourceTypeMemberships: - groups: [iam] - name: (Внутренняя) Листинг членов ресурсов верхнего уровня - visibility: internal - description: Специальная роль для листинга членов ресурсов верхнего уровня - permissions: - - iam.resourceTypes.listMemberships - - internal.iam.sync: - groups: [iam] - name: Role for the service for syncing users and access rights with external systems - visibility: internal - description: '' - permissions: - - iam.operations.get - - iam.operations.list - - iam.accessBindings.list - - iam.accessBindings.manageOwners - - iam.accessBindings.update - - iam.userAccounts.createManaged - - iam.userOperations.list - - iam.root.listAccessBindings - - iam.root.updateAccessBindings - - iam.serviceAccounts.listAccessBindings - - iam.serviceAccounts.updateAccessBindings - - iam.gizmo.listAccessBindings - - iam.gizmo.updateAccessBindings - - iam.userAccounts.getSshKey - - iam.userAccounts.createSshKey - - resource-manager.clouds.listAccessBindings - - resource-manager.folders.listAccessBindings - - internal.iam.osLogins.admin: - groups: [iam] - name: (Внутренняя) Администрирование OS logins пользователей - visibility: internal - description: Просмотр и редактирование OS logins пользователей - permissions: - - iam.subjects.getOsLogin - - iam.subjects.updateOsLogin - - internal.iam.sshKeys.admin: - groups: [iam] - name: (Внутренняя) Администрирование ssh keys пользователей и сервисных аккаунтов - visibility: internal - description: Просмотр и редактирование ssh keys пользователей и сервисных аккаунтов - permissions: - - iam.userAccounts.getSshKey - - iam.userAccounts.createSshKey - - iam.userAccounts.deleteSshKey - - iam.serviceAccounts.getSshKey - - iam.serviceAccounts.createSshKey - - iam.serviceAccounts.deleteSshKey - - internal.iam.tokenCreatorFromUserJwt: - groups: [iam] - name: (Внутренняя) IAM роль для пользователей, разрешающая обменять JWT на IAM token - visibility: internal - description: Пользователей может обменять JWT на IAM token - permissions: - - iam.userAccounts.issueTokenFromJwt - - internal.iam.diagnostician: - groups: [iam] - name: (Внутренняя) Доступ к диагностическим ручкам IAM - visibility: internal - description: '' - permissions: - - iam.internal.diagnostics - - internal.iam.totpProfileCreator: - groups: [iam] - name: (Внутренняя) IAM роль для пользователей, разрешающая создавать TOTP профиль - visibility: internal - description: '' - permissions: - - iam.userAccounts.createTotpProfile - - internal.iam.userSettings.agent: - groups: [iam] - name: (Внутренняя) IAM роль для service accounts, разрешающая читать userSettings пользователей (locale,notifications) - visibility: internal - description: '' - permissions: - - iam.userAccounts.getSettings - - internal.iam.metaModelViewer: - groups: [iam] - name: (Внутренняя) Чтение метамодели авторизации - visibility: internal - description: '' - permissions: - - iam.permissionStages.get - - iam.resourceTypes.get - - iam.permissions.get - - iam.roles.get - - iam.oauthScopes.get - - iam.oauthClients.get - - iam.restrictionTypes.get - - internal.iam.metaModelEditor: - groups: [iam] - name: (Внутренняя) Изменение метамодели авторизации - visibility: internal - description: '' - includedRoles: - - internal.iam.metaModelViewer - permissions: - - iam.permissionStages.create - - iam.restrictionTypes.{create,update} - - iam.{resourceTypes,permissions,roles,oauthScopes,oauthClients}.create - - iam.{resourceTypes,permissions,roles,oauthScopes,oauthClients}.update - - internal.iam.keyFingerprintSearcher: - groups: [iam] - name: (Внутренняя) Поиск ключей по fingerprint - visibility: internal - description: '' - permissions: - - iam.authorizedKeys.listByFingerprint - - iam.accessKeys.listByFingerprint diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/root_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/root_service.proto deleted file mode 100644 index d5777e80936..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/root_service.proto +++ /dev/null @@ -1,34 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/access/access.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PRTS"; - -service RootService { - rpc ListAccessBindings (ListRootAccessBindingsRequest) returns (access.ListAccessBindingsResponse); - - rpc UpdateAccessBindings (UpdateRootAccessBindingsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "UpdateRootAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message ListRootAccessBindingsRequest { - int64 page_size = 1 [(value) = "<=1000"]; - string page_token = 2 [(length) = "<=100"]; -} - -message UpdateRootAccessBindingsRequest { - repeated access.AccessBindingDelta access_binding_deltas = 1 [(size) = ">0"]; -} - -message UpdateRootAccessBindingsMetadata { -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/certificate.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/certificate.proto deleted file mode 100644 index 3efcf76b829..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/certificate.proto +++ /dev/null @@ -1,39 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.saml; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml;saml"; -option java_outer_classname = "PSC"; - -// A certificate. -message Certificate { - - // ID of the certificate. - string id = 1; - - // ID of the federation that the certificate belongs to. - string federation_id = 2; - - // Name of the certificate. 3-63 characters long. - string name = 3; - - // Description of the certificate. 0-256 characters long. - string description = 4; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 5; - - // Certificate data in PEM format. - string data = 6; - - // SHA256-fingerprint of the certificate. - string fingerprint = 7; - - // Time after which the certificate is not valid. - google.protobuf.Timestamp not_after = 8; - - // Time before which the certificate is not valid. - google.protobuf.Timestamp not_before = 9; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/certificate_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/certificate_service.proto deleted file mode 100644 index d1a5a1c7335..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/certificate_service.proto +++ /dev/null @@ -1,110 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.saml; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/saml/certificate.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml;saml"; -option java_outer_classname = "PSCS"; - -service CertificateService { - rpc Get (GetCertificateRequest) returns (Certificate) { - option (google.api.http) = { get: "/iam/v1/saml/certificates/{certificate_id}" }; - } - - rpc List (ListCertificatesRequest) returns (ListCertificatesResponse) { - option (google.api.http) = { get: "/iam/v1/saml/certificates" }; - } - - rpc Create (CreateCertificateRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/saml/certificates" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "CreateCertificateMetadata" - response: "Certificate" - }; - } - - // Updates the specified certificate. - rpc Update (UpdateCertificateRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/saml/certificates/{certificate_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateCertificateMetadata" - response: "Certificate" - }; - } - - rpc Delete (DeleteCertificateRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/saml/certificates/{certificate_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteCertificateMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc ListOperations (ListCertificateOperationsRequest) returns (ListCertificateOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/certificates/{certificate_id}/operations" }; - } -} - -message GetCertificateRequest { - string certificate_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListCertificatesRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; - string filter = 4 [(length) = "<=1000"]; -} - -message ListCertificatesResponse { - repeated Certificate certificates = 1; - string next_page_token = 2; -} - -message CreateCertificateRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; - string name = 2 [(pattern) = "([a-z]([-a-z0-9]{0,61}[a-z0-9])?)?"]; - string description = 3 [(length) = "<=256"]; - string data = 4 [(required) = true, (length) = "<=32000"]; -} - -message CreateCertificateMetadata { - string certificate_id = 1; -} - -message UpdateCertificateRequest { - string certificate_id = 1 [(required) = true, (length) = "<=50"]; - google.protobuf.FieldMask update_mask = 2; - string name = 3 [(pattern) = "|[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - string description = 4 [(length) = "<=256"]; - string data = 5 [(length) = "<=32000"]; -} - -message UpdateCertificateMetadata { - string certificate_id = 1; -} - -message DeleteCertificateRequest { - string certificate_id = 1 [(length) = "<=50"]; -} - -message DeleteCertificateMetadata { - string certificate_id = 1; -} - -message ListCertificateOperationsRequest { - string certificate_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListCertificateOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/federation.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/federation.proto deleted file mode 100644 index 9d36085593a..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/federation.proto +++ /dev/null @@ -1,92 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.saml; - -import "google/protobuf/duration.proto"; -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml;saml"; -option java_outer_classname = "PSF"; - -// A federation resource. -// For more information, see [federations](/docs/iam/concepts/users/saml-federations). -message Federation { - - // ID of the federation. - string id = 1; - - // ID of the folder that the federation belongs to. - string folder_id = 2; - - // Name of the federation. - // The name is unique within the cloud. 3-63 characters long. - string name = 3; - - // Description of the federation. 0-256 characters long. - string description = 4; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 5; - - // The 'IAM_COOKIE' cookie max age in seconds. - // The value should be in range from 10 min to 12 hours. - // The default value is 8 hours. - google.protobuf.Duration cookie_max_age = 6; - - // Auto create accounts for new user on first login. - bool auto_create_account_on_login = 7; - - // federation issuer (entity Id). - string issuer = 8; - - // Single sign on endpoint binding type. - BindingType sso_binding = 9; - - // Single sign on endpoint URL. - string sso_url = 10; - - // Federation security settings. - FederationSecuritySettings security_settings = 11; - - // Use case insensitive Name IDs. - bool case_insensitive_name_ids = 12; -} - -// SAML Binding is a mapping of a SAML protocol message onto standard messaging formats and/or communications protocols. -enum BindingType { - - // Invalid - BINDING_TYPE_UNSPECIFIED = 0; - - // HTTP POST binding. - POST = 1; - - // HTTP redirect binding. - REDIRECT = 2; - - // HTTP artifact binding. - ARTIFACT = 3; - -} - -message FederationSecuritySettings { - // Enable encrypted assertions. - bool encrypted_assertions = 1; -} - -message ServiceProviderCertificate { - // ID of the federation that the certificate belongs to. - string federation_id = 2; - - // Certificate data in PEM format. - string data = 6; - - // SHA256-fingerprint of the certificate. - string fingerprint = 7; - - // Time after which the certificate is not valid. - google.protobuf.Timestamp not_after = 8; - - // Time before which the certificate is not valid. - google.protobuf.Timestamp not_before = 9; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/federation_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/federation_service.proto deleted file mode 100644 index 0f9d1c9a597..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml/federation_service.proto +++ /dev/null @@ -1,171 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.saml; - -import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/user_account.proto"; -import "yandex/cloud/priv/iam/v1/saml/federation.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/saml;saml"; -option java_outer_classname = "PSFS"; - -service FederationService { - rpc Get (GetFederationRequest) returns (Federation) { - option (google.api.http) = { get: "/iam/v1/saml/federations/{federation_id}" }; - } - - rpc List (ListFederationsRequest) returns (ListFederationsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/federations" }; - } - - rpc Create (CreateFederationRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/saml/federations" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "CreateFederationMetadata" - response: "Federation" - }; - } - - rpc Update (UpdateFederationRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/saml/federations/{federation_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateFederationMetadata" - response: "Federation" - }; - } - - rpc Delete (DeleteFederationRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/saml/federations/{federation_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteFederationMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc AddUserAccounts (AddFederatedUserAccountsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/saml/federations/{federation_id}:addUserAccounts" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "AddFederatedUserAccountsMetadata" - response: "AddFederatedUserAccountsResponse" - }; - } - - rpc ListUserAccounts (ListFederatedUserAccountsRequest) returns (ListFederatedUserAccountsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/federations/{federation_id}:listUserAccounts" }; - } - - rpc ListOperations (ListFederationOperationsRequest) returns (ListFederationOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/federations/{federation_id}/operations" }; - } - - rpc GetServiceProviderCertificate (GetServiceProviderCertificateRequest) returns (ServiceProviderCertificate); -} - -message GetFederationRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; -} - -message GetServiceProviderCertificateRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListFederationsRequest { - oneof scope { - option (exactly_one) = true; - string cloud_id = 1 [(length) = "<=50"]; - string folder_id = 2 [(length) = "<=50"]; - } - int64 page_size = 3 [(value) = "0-1000"]; - string page_token = 4 [(length) = "<=100"]; - string filter = 5 [(length) = "<=1000"]; -} - -message ListFederationsResponse { - repeated Federation federations = 1; - string next_page_token = 2; -} - -message CreateFederationRequest { - string id = 11 [(length) = "<=50"]; - string folder_id = 1 [(required) = true, (length) = "<=50"]; - string name = 2 [(required) = true, (pattern) = "[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - string description = 3 [(length) = "<=256"]; - google.protobuf.Duration cookie_max_age = 4 [(value) = "10m-12h"]; - bool auto_create_account_on_login = 5; - string issuer = 6 [(required) = true, (length) = "<=8000"]; - BindingType sso_binding = 7 [(required) = true]; - string sso_url = 8 [(required) = true, (length) = "<=8000"]; - FederationSecuritySettings security_settings = 9; - bool case_insensitive_name_ids = 10; -} - -message CreateFederationMetadata { - string federation_id = 1; -} - -message UpdateFederationRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; - google.protobuf.FieldMask update_mask = 2; - - string name = 3 [(pattern) = "|[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - string description = 4 [(length) = "<=256"]; - google.protobuf.Duration cookie_max_age = 5 [(value) = "10m-12h"]; - bool auto_create_account_on_login = 6; - string issuer = 7 [(length) = "<=8000"]; - BindingType sso_binding = 8; - string sso_url = 9 [(length) = "<=8000"]; - FederationSecuritySettings security_settings = 10; - bool case_insensitive_name_ids = 11; -} - -message UpdateFederationMetadata { - string federation_id = 1; -} - -message DeleteFederationRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteFederationMetadata { - string federation_id = 1; -} - -message AddFederatedUserAccountsRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; - repeated string name_ids = 2 [(size) = "1-1000", (length) = "1-1000"]; -} - -message AddFederatedUserAccountsMetadata { - string federation_id = 1; -} - -message AddFederatedUserAccountsResponse { - repeated UserAccount user_accounts = 1; -} - -message ListFederatedUserAccountsRequest { - string federation_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListFederatedUserAccountsResponse { - repeated UserAccount user_accounts = 1; - string next_page_token = 2; -} - -message ListFederationOperationsRequest { - string federation_id = 1 [(length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListFederationOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/scopes.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/scopes.yaml deleted file mode 100644 index b1f0f1e0d55..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/scopes.yaml +++ /dev/null @@ -1,107 +0,0 @@ -scopes: - - yc.iam.accessBindings.manage: - service: iam - name: 'управление биндингами' - description: '' - visibility: internal - permissions: - - iam.accessBindings.list - - iam.accessBinding.delete # TODO remove ? - - iam.accessBindings.set - - iam.accessBindings.update - - yc.iam.clouds.manage: - service: iam - name: 'удалять облако и редактировать его настройки' - description: '' - visibility: internal - permissions: - - iam.clouds.delete - - iam.clouds.setUserListingSetting - - yc.iam.federations.manage: - service: iam - name: 'управление федерациями' - description: '' - visibility: internal - permissions: - - iam.federations.createCertificate - - iam.federations.createUser - - iam.federations.deleteCertificate - - iam.federations.deleteUser - - iam.federations.getCertificate - - iam.federations.listCertificate - - iam.federations.updateCertificate - - iam.federations.{create,delete,update} - - iam.federations.{get,list} - - yc.iam.serviceAccounts.manage: - service: iam - name: 'управление сервисными аккаунтами' - description: '' - visibility: internal - permissions: - - iam.tokenKeys.{create,delete,update} - - iam.authorizedKeys.{create,delete,update} - - iam.serviceAccounts.{create,update,delete}AccessKey - - iam.serviceAccounts.{create,update,delete}ApiKey - - iam.serviceAccounts.{create,delete}SshKey - - iam.serviceAccounts.{create,delete,update} - - yc.iam.serviceAccounts.apiKey.get: - service: iam - name: 'получение информации об API-ключах' - description: '' - visibility: internal - permissions: - - iam.serviceAccounts.{getApiKey,listApiKeys} - - yc.iam.serviceAccounts.accessKey.get: - service: iam - name: 'получение информации об авторизованных ключах' - description: '' - visibility: internal - permissions: - - iam.serviceAccounts.{getAccessKey,listAccessKeys} - - yc.iam.serviceAccounts.sshKey.get: - service: iam - name: 'получение информации об SSH-ключах' - description: '' - visibility: internal - permissions: - - iam.serviceAccounts.getSshKey - - yc.iam.serviceAccounts.get: - service: iam - name: 'получение информации о сервисных аккаунтах' - description: '' - visibility: internal - permissions: - - iam.serviceAccounts.{get,list} - - yc.iam.serviceAccounts.use: - service: iam - name: 'использование сервисного аккаунта' - description: '' - visibility: internal - permissions: - - iam.serviceAccounts.use - - yc.iam.serviceAccounts.issueToken: - service: iam - name: 'получения токена сервисного-аккаунта' - description: '' - visibility: internal - permissions: - - iam.serviceAccounts.issueToken - - yc.iam.authorizedKeys.get: - service: iam - name: 'чтение авторизованных ключей' - description: '' - visibility: internal - permissions: - - iam.authorizedKeys.get - - iam.tokenKeys.get diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account.proto deleted file mode 100644 index 8d392731800..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account.proto +++ /dev/null @@ -1,20 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PSA"; - -message ServiceAccount { - - string id = 1; - string folder_id = 2; - - google.protobuf.Timestamp created_at = 3; - - string name = 4; - string description = 5; - map<string, string> labels = 6; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account_service.proto deleted file mode 100644 index def7bc159e2..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/service_account_service.proto +++ /dev/null @@ -1,146 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/priv/iam/v1/token/iam_token.proto"; -import "yandex/cloud/priv/iam/v1/service_account.proto"; -import "yandex/cloud/priv/access/access.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PSAS"; - -service ServiceAccountService { - rpc Get (GetServiceAccountRequest) returns (ServiceAccount) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts/{service_account_id}" }; - } - - rpc List (ListServiceAccountsRequest) returns (ListServiceAccountsResponse) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts" }; - } - - rpc Create (CreateServiceAccountRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "CreateServiceAccountMetadata" - response: "ServiceAccount" - }; - } - - rpc Update (UpdateServiceAccountRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/serviceAccounts/{service_account_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateServiceAccountMetadata" - response: "ServiceAccount" - }; - } - - rpc Delete (DeleteServiceAccountRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/serviceAccounts/{service_account_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteServiceAccountMetadata" - response: "google.protobuf.Empty" - }; - } - - //access - - rpc ListAccessBindings (access.ListAccessBindingsRequest) returns (access.ListAccessBindingsResponse) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts/{resource_id}:listAccessBindings" }; - } - - rpc SetAccessBindings (access.SetAccessBindingsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts/{resource_id}:setAccessBindings" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "access.SetAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc UpdateAccessBindings (access.UpdateAccessBindingsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts/{resource_id}:updateAccessBindings" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "access.UpdateAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - option (yandex.cloud.api.tools.method).lint_skip.http_verb = true; - } - - rpc ListOperations (ListServiceAccountOperationsRequest) returns (ListServiceAccountOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts/{service_account_id}/operations" }; - } - - rpc IssueToken (IssueTokenRequest) returns (IamToken) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts/{service_account_id}:issueToken" body: "*" }; - } -} - -message GetServiceAccountRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListServiceAccountsRequest { - string folder_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; - string filter = 4 [(length) = "<=1000"]; -} - -message ListServiceAccountsResponse { - repeated ServiceAccount service_accounts = 1; - string next_page_token = 2; -} - -message CreateServiceAccountRequest { - string folder_id = 1 [(required) = true, (length) = "<=50"]; - string name = 2 [(required) = true, (pattern) = "[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - string description = 3 [(length) = "<=256"]; - string id = 4 [(length) = "<=50"]; - map<string, string> labels = 5 [(priv.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; -} - -message CreateServiceAccountMetadata { - string service_account_id = 1; -} - -message UpdateServiceAccountRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - google.protobuf.FieldMask update_mask = 2; - - string name = 3 [(pattern) = "|[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - string description = 4 [(length) = "<=256"]; - map<string, string> labels = 5 [(priv.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; -} - -message UpdateServiceAccountMetadata { - string service_account_id = 1; -} - -message DeleteServiceAccountRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteServiceAccountMetadata { - string service_account_id = 1; -} - -message ListServiceAccountOperationsRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListServiceAccountOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} - -message IssueTokenRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - string instance_id = 2 [(length) = "<=50"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key.proto deleted file mode 100644 index e2888739b0e..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key.proto +++ /dev/null @@ -1,15 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PSK"; - -message SshKey { - string id = 1; - string data = 2; - string fingerprint = 3; - google.protobuf.Timestamp created_at = 4; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key_service.proto deleted file mode 100644 index fcfaf8d18a1..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ssh_key_service.proto +++ /dev/null @@ -1,86 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/ssh_key.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PSKS"; - -service SshKeyService { - rpc Get (GetSshKeyRequest) returns (SshKey); - - rpc List (ListSshKeysRequest) returns (ListSshKeysResponse); - - rpc Create (CreateSshKeyRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "CreateSshKeyMetadata" - response: "SshKey" - }; - } - - rpc Delete (DeleteSshKeyRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteSshKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc ListOperations (ListSshKeyOperationsRequest) returns (ListSshKeyOperationsResponse); -} - -message GetSshKeyRequest { - string ssh_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListSshKeysRequest { - oneof subject { - string service_account_id = 1; - string user_account_id = 2; - string federated_user_id = 3; - } - int64 page_size = 4 [(value) = "0-1000"]; - string page_token = 5 [(length) = "<=100"]; -} - -message ListSshKeysResponse { - repeated SshKey ssh_keys = 1; - string next_page_token = 2; -} - -message CreateSshKeyRequest { - string ssh_key_id = 1 [(length) = "<=50"]; - oneof subject { - string service_account_id = 2; - string user_account_id = 3; - string federated_user_id = 4; - } - string ssh_key_data = 5 [(required) = true, (length) = "<=20000"]; -} - -message CreateSshKeyMetadata { - string ssh_key_id = 1; - string subject_id = 2; -} - -message DeleteSshKeyRequest { - string ssh_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteSshKeyMetadata { - string ssh_key_id = 1; -} - -message ListSshKeyOperationsRequest { - string ssh_key_id = 1 [(required) = true, (length) = "<=50"]; - int64 page_size = 2 [(value) = "0-1000"]; - string page_token = 3 [(length) = "<=100"]; -} - -message ListSshKeyOperationsResponse { - repeated operation.Operation operations = 1; - string next_page_token = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/subject_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/subject_service.proto deleted file mode 100644 index 7932e4b8e28..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/subject_service.proto +++ /dev/null @@ -1,81 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PSS"; - -service SubjectService { - rpc GetOrCreate (GetOrCreateSubjectRequest) returns (GetOrCreateSubjectResponse); - - rpc Merge (MergeSubjectsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "MergeSubjectsMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc Delete (DeleteSubjectRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteSubjectMetadata" - response: "google.protobuf.Empty" - }; - } -} - -message GetOrCreateSubjectRequest { - // Optional IAM Subject unique identifier (well-known-id). - string subject_id = 1 [(required) = false, (length) = "<=50"]; - // IAM Subject type. May be one of: - // * serviceAccount (unsupported yet) - // * federatedUser (unsupported yet) - // * invitee - string subject_type = 2 [(required) = true, (length) = "<=256"]; - // The Subject external (IdP-specific) identifier. - string external_id = 3 [(required) = true, (length) = "3-256"]; - // Json-string representation of map<string, object> IAM Subject attributes. - string attributes = 4 [(length) = "<=262144"]; - // Json-string representation of map<string, object> IAM Subject settings. - string settings = 5 [(length) = "<=262144"]; -} - -message GetOrCreateSubjectResponse { - // IAM Subject unique identifier. - string id = 1; - // IAM Subject type. - string subject_type = 2; - // The Subject external (IdP-specific) identifier. - string external_id = 3; - // Json-string representation of map<string, object> IAM Subject attributes. - string attributes = 4; - // Json-string representation of map<string, object> IAM Subject settings. - string settings = 5; - // Creation timestamp. - google.protobuf.Timestamp created_at = 6; -} - -message MergeSubjectsRequest { - // Source subject. - // Attention!!! Source subject will be deleted at the end of the merge operation. - string source_subject_id = 1 [(required) = true]; - // Destination subject. - string destination_subject_id = 2 [(required) = true]; -} - -message MergeSubjectsMetadata { - string source_subject_id = 1; - string destination_subject_id = 2; -} - -message DeleteSubjectRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteSubjectMetadata { - string subject_id = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/CMakeLists.txt deleted file mode 100644 index 18e54bc56fe..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(iam-v1-token) -set_property(TARGET iam-v1-token PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET iam-v1-token PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(iam-v1-token PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(iam-v1-token PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(iam-v1-token PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - contrib-libs-protobuf -) -target_proto_messages(iam-v1-token PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/iam_token.proto -) -target_proto_addincls(iam-v1-token - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(iam-v1-token - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(iam-v1-token - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/iam_token.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/iam_token.proto deleted file mode 100644 index 8c44532a2b3..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token/iam_token.proto +++ /dev/null @@ -1,14 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token;iam"; -option java_outer_classname = "PIT"; - -message IamToken { - string iam_token = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_IAM_TOKEN]; - google.protobuf.Timestamp expires_at = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token_agent.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token_agent.proto deleted file mode 100644 index b77df757ef8..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/token_agent.proto +++ /dev/null @@ -1,26 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PTAS"; - -// The IAM token agent definition. -service TokenAgent { - rpc GetToken(GetTokenRequest) returns (GetTokenResponse) {} -} - -message GetTokenRequest { - // An additional service qualifier for obtaining different tokens - // for different services running on behalf of the same user. - string tag = 1; -} - -// The response message containing the token -message GetTokenResponse { - string iam_token = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_IAM_TOKEN]; - google.protobuf.Timestamp expires_at = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/agreement_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/agreement_service.proto deleted file mode 100644 index 8113c3c03f1..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/agreement_service.proto +++ /dev/null @@ -1,36 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; -import "yandex/cloud/api/tools/options.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTAGS"; - -// TODO console -service AgreementService { - rpc AcceptAgreements (AcceptAgreementsRequest) returns (AcceptAgreementsResponse) { - option (google.api.http) = { post: "/iam/v1/acceptAgreements" body: "*" }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } - - rpc AcceptAgreementsOauth (AcceptAgreementsRequest) returns (AcceptAgreementsResponse) { - option (google.api.http) = { post: "/iam/v1/acceptAgreementsOauth" body: "*" }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } - - rpc AcceptAgreementsLogin (AcceptAgreementsRequest) returns (AcceptAgreementsResponse) { - option (google.api.http) = { post: "/iam/v1/acceptAgreementsLogin" body: "*" }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } -} - -message AcceptAgreementsRequest { - string eula = 1; - string privacy_policy = 2; -} - -message AcceptAgreementsResponse { - string agreements = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/auth_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/auth_service.proto deleted file mode 100644 index b8f8b4c502f..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/auth_service.proto +++ /dev/null @@ -1,25 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTAS"; - -service AuthService { - // TODO legacy v2 - rpc SessionId (SessionIdRequest) returns (SessionIdResponse) { - option (google.api.http) = { post: "/iam/v1/auth/session_id" body: "*" }; - } -} - -message SessionIdRequest { - string organization_id = 1; -} - -message SessionIdResponse { - string token = 1 [(sensitive) = true]; - string secret_key = 2 [(sensitive) = true]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/health_check_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/health_check_service.proto deleted file mode 100644 index 6ef824087a7..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/health_check_service.proto +++ /dev/null @@ -1,29 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; -import "yandex/cloud/api/tools/options.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTHCS"; - -service HealthCheckService { - rpc GetHealth (HealthCheckRequest) returns (HealthCheckResponse) { - option (google.api.http) = { get: "/iam/v1/health" }; - } -} - -message HealthCheckRequest { -} - -message HealthCheckResponse { - HealthStatus health = 1; - - enum HealthStatus { - option (cloud.api.tools.enumeration).lint_skip.unspecified_value = true; - PASSED = 0; - FAILED = 1; - UNKNOWN = 2; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/passport_federation_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/passport_federation_service.proto deleted file mode 100644 index 3bca566fcf7..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/passport_federation_service.proto +++ /dev/null @@ -1,45 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/iam/v1/user_account.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTPFS"; - -service PassportFederationService { - - rpc AddUserAccounts (AddPassportUserAccountsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "AddUserAccountsMetadata" - response: "AddUserAccountsResponse" - }; - } - -} - -message AddPassportUserAccountsRequest { - oneof ids { - option (exactly_one) = true; - Logins logins = 1; - Uids uids = 2; - } -} - -message Uids { - repeated int64 values = 1 [(size) = "<=1000", (value) = ">0"]; -} - -message Logins { - repeated string values = 1 [(size) = "<=1000", (length) = "2-63"]; -} - -message AddUserAccountsMetadata { -} - -message AddUserAccountsResponse { - repeated UserAccount user_accounts = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/policy_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/policy_service.proto deleted file mode 100644 index 7a20166b500..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/policy_service.proto +++ /dev/null @@ -1,79 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTPS"; - -service PolicyService { - rpc List (ListPoliciesRequest) returns (ListPoliciesResponse) { - option (google.api.http) = { get: "/iam/v1/cloud/{cloud_id}/policies" }; - } - - rpc ListCompat (ListPoliciesCompatRequest) returns (ListPoliciesResponse) { - option (google.api.http) = { get: "/iam/v1/org/{org_id}/policies" }; - } - - rpc Set (SetPolicyRequest) returns (SetPolicyResponse) { - option (google.api.http) = { post: "/iam/v1/cloud/{cloud_id}/policies" body: "*" }; - } - - rpc SetCompat (SetPolicyCompatRequest) returns (SetPolicyResponse) { - option (google.api.http) = { post: "/iam/v1/org/{org_id}/policies" body: "*" }; - } - - rpc Delete (DeletePolicyRequest) returns (DeletePolicyResponse) { - option (google.api.http) = { delete: "/iam/v1/cloud/{cloud_id}/policy/{assignment_id}" }; - } - - rpc DeleteCompat (DeletePolicyCompatRequest) returns (DeletePolicyResponse) { - option (google.api.http) = { delete: "/iam/v1/cloud/{org_id}/policy/{assignment_id}" }; - } -} - -message ListPoliciesRequest { - string cloud_id = 1; -} - -message ListPoliciesCompatRequest { - string org_id = 1; -} - -message Assignment { - string id = 1; -} - -message ListPoliciesResponse { - repeated Assignment result = 1; -} - -message SetPolicyRequest { - string cloud_id = 1; - string policy_id = 2; -} - -message SetPolicyCompatRequest { - string org_id = 1; - string policy_id = 2; -} - -message SetPolicyResponse { - string status = 1; - string id = 2; -} - -message DeletePolicyRequest { - string cloud_id = 1; - string assignment_id = 2; -} - -message DeletePolicyCompatRequest { - string org_id = 1; - string assignment_id = 2; -} - -message DeletePolicyResponse { - string status = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/roles_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/roles_service.proto deleted file mode 100644 index 8c155e80b5d..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/roles_service.proto +++ /dev/null @@ -1,28 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTRS"; - -service RoleService { - rpc List (ListRolesRequest) returns (ListRolesResponse) { - option (google.api.http) = { get: "/iam/v1/role" }; - } -} - -message ListRolesRequest { - string language = 1; -} - -message ListRolesResponse { - repeated Role result = 1; - - message Role { - string slug = 1; - string name = 2; - string desc = 3; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/service_account_access_key_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/service_account_access_key_service.proto deleted file mode 100644 index 2ab344f4a09..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/service_account_access_key_service.proto +++ /dev/null @@ -1,54 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; -import "google/protobuf/empty.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTSAAKS"; - -service ServiceAccountAccessKeyService { - rpc PresignUrl (PresignUrlRequest) returns (PresignUrlResponse) { - option (google.api.http) = { post: "/iam/v1/presignURL" body: "*" }; - } - - rpc PresignUrls (PresignUrlsRequest) returns (PresignUrlsResponse) { - option (google.api.http) = { post: "/iam/v1/presignURLs" body: "*" }; - } - - rpc GetCurrentPresignKey (google.protobuf.Empty) returns (PresignKey) { - option (google.api.http) = { get: "/iam/v1/presignURL:getCurrentKey" }; - } -} - -message PresignUrlRequest { - string key_id = 1; // TODO not cloud ID - string string_to_sign = 2; - string version = 3; // TODO enum - string region = 4; - string service = 5; -} - -message PresignUrlResponse { - string result = 1; - string signature = 2; - string key_id = 3; -} - -message PresignUrlsRequest { - string key_id = 1; // TODO not cloud ID - repeated string strings_to_sign = 2; - string version = 3; // TODO enum - string region = 4; - string service = 5; -} - -message PresignUrlsResponse { - string key_id = 1; - repeated string signatures = 2; -} - -message PresignKey { - string key_id = 1; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/user_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/user_service.proto deleted file mode 100644 index 016f3a23e79..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional/user_service.proto +++ /dev/null @@ -1,90 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.transitional; - -import "google/api/annotations.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/transitional;iam"; -option java_outer_classname = "PTUS"; - -service UserService { - rpc GetMetadata (GetUserMetadataRequest) returns (GetUserMetadataResponse) { - option (google.api.http) = { get: "/iam/v1/org/{org_id}/user/{user_id}/metadata" }; - } - - rpc SetMetadata (SetUserMetadataRequest) returns (SetUserMetadataResponse) { - option (google.api.http) = { post: "/iam/v1/org/{org_id}/user/{user_id}/metadata" body: "*" }; - } - - rpc GetPassportUser (GetPassportUserRequest) returns (GetPassportUserResponse) { - option (google.api.http) = { get: "/iam/v1/passportUid" }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } - - rpc ListUsers (ListUsersRequest) returns (ListUsersResponse) { - option (google.api.http) = { get: "/iam/v1/cloud/{cloud_id}/users" }; - option (yandex.cloud.api.tools.method).lint_skip.contains_resource_name = true; - } - - rpc GetCurrentSubject (google.protobuf.Empty) returns (GetCurrentSubjectResponse) { - option (google.api.http) = { get: "/iam/v1/whoami" }; - } -} - -message GetUserMetadataRequest { - string org_id = 1; - string user_id = 2; -} - -message GetUserMetadataResponse { - string metadata = 1 [(sensitive) = true, (sensitive_type) = SENSITIVE_CRC]; -} - -message SetUserMetadataRequest { - string org_id = 1; - string user_id = 2; - string metadata = 3[(sensitive) = true, (sensitive_type) = SENSITIVE_CRC]; -} - -message SetUserMetadataResponse { - string status = 1; -} - -message GetPassportUserRequest { - string subject_id = 1; -} - -message GetPassportUserResponse { - string passport_uid = 1; -} - -message ListUsersRequest { - string cloud_id = 1; -} - -message ListUsersResponse { - repeated User users = 1; - - message User { - string id = 1; - string login = 2; - string first_name = 3; - string last_name = 4; - string avatar = 5; - } -} - -message GetCurrentSubjectResponse { - string id = 1; - string cloud_id = 2; - google.protobuf.Timestamp created_at = 3; - string subject_type = 4; - string login = 5; - string email = 6; - string reference = 7; - int64 deleted = 8; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/CMakeLists.txt deleted file mode 100644 index 836769b275f..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(iam-v1-ts) -set_property(TARGET iam-v1-ts PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET iam-v1-ts PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(iam-v1-ts PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(iam-v1-ts PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(iam-v1-ts PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - contrib-libs-protobuf -) -target_proto_messages(iam-v1-ts PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto -) -target_proto_addincls(iam-v1-ts - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(iam-v1-ts - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(iam-v1-ts - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto deleted file mode 100644 index 0081c4b5af9..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto +++ /dev/null @@ -1,25 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1.ts; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/ts;iam"; -option java_outer_classname = "PITS"; - -message Subject { - oneof type { - option (exactly_one) = true; - - UserAccount user_account = 1; - ServiceAccount service_account = 2; - } - - message UserAccount { - string id = 1 [(required) = true, (length) = "<=50"]; - } - - message ServiceAccount { - string id = 1 [(required) = true, (length) = "<=50"]; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account.proto deleted file mode 100644 index bdc48a2ea09..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account.proto +++ /dev/null @@ -1,46 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PUA"; - -message UserAccount { - string id = 1; - oneof user_account { - option (exactly_one) = true; - YandexPassportUserAccount yandex_passport_user_account = 2; - SamlUserAccount saml_user_account = 3; - OAuthUserAccount oauth_user_account = 4; - } -} - -message YandexPassportUserAccount { - string login = 1; - string default_email = 2; -} - -// A SAML federated user. -// For more information, see [federations](/docs/iam/concepts/users/saml-federations). -message SamlUserAccount { - message Attribute { - repeated string value = 1; - } - // ID of the federation that the user belongs to. - string federation_id = 1 [(required) = true, (length) = "<=50"]; - // Name Id of the SAML federated user. - // The name is unique within the federation. 1-256 characters long. - string name_id = 2 [(required) = true, (length) = "1-256"]; - // Additional attributes of the SAML federated user. - map <string, Attribute> attributes = 3; -} - -// A OAuth federated user. -message OAuthUserAccount { - // ID of the federation that the user belongs to. - string federation_id = 1 [(required) = true, (length) = "<=50"]; - // Federated user claims. - map <string, string> claims = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account_service.proto deleted file mode 100644 index 671ae5ca917..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/user_account_service.proto +++ /dev/null @@ -1,106 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/iam/v1/user_account.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PUAS"; - -service UserAccountService { - rpc Get (GetUserAccountRequest) returns (UserAccount) { - option (google.api.http) = { get: "/iam/v1/userAccounts/{user_account_id}" }; - } - - rpc Delete (DeleteUserAccountRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "DeleteUserAccountMetadata" - response: "google.protobuf.Empty" - }; - } - - rpc GetSettings (GetSettingsRequest) returns (UserSettings); - - rpc UpdateSettings (UpdateSettingsRequest) returns (UserSettings); - - rpc PresignUrl(PresignUrlRequest) returns (PresignUrlResponse); -} - -message GetUserAccountRequest { - string user_account_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteUserAccountRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteUserAccountMetadata { - string subject_id = 1; -} - -message GetSettingsRequest { - // Empty list means full settings. - repeated string response_json_path = 1 [(size) = "<=100", (length) = "1-1000"]; - // Optional - get specified subject user settings. By default equals to authenticated subject. - string subject_id = 2 [(length) = "<=50"]; -} - -message UserSettings { - // JSON-serialized user-settings. - string json = 1; -} - -message UpdateSettingsRequest { - // Empty list means full settings. - repeated string response_json_path = 1 [(size) = "<=100", (length) = "1-1000"]; - // Serialized JSON Patch (https://tools.ietf.org/html/rfc6902). - string json_patch = 2 [(length) = "<=10000"]; -} - -message PresignUrlRequest { - string subject_id = 1 [(required) = true, (length) = "<=50"]; - // The formatted string to sign, see https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html - repeated string strings_to_sign = 2 [(size) = "1-100", (length) = "1-1024", (unique) = true]; - - oneof parameters { - option (exactly_one) = true; - - Version2Parameters v2_parameters = 4; - Version4Parameters v4_parameters = 5; - } - - // https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html - message Version2Parameters { - SignatureMethod signature_method = 1 [(required) = true]; - - enum SignatureMethod { - SIGNATURE_METHOD_UNSPECIFIED = 0; - HMAC_SHA1 = 1; - HMAC_SHA256 = 2; - } - } - - // https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html - message Version4Parameters { - google.protobuf.Timestamp signed_at = 1 [(required) = true]; - string service = 2 [(required) = true, (length) = "<=64"]; - string region = 3 [(required) = true, (length) = "<=32"]; - } - -} - -message PresignUrlResponse { - string access_key_id = 1; - repeated SignedString signed_strings = 2; -} - -message SignedString { - string string_to_sign = 1; - string signature = 2 [(sensitive) = true, (sensitive_type) = SENSITIVE_CRC]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_cookie.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_cookie.proto deleted file mode 100644 index 6b493101c11..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_cookie.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PYPC"; - -message YandexPassportCookies { - // Cookies Session_id and sessionid2 - // https://doc.yandex-team.ru/blackbox/reference/MethodSessionID.html - - // Also blackbox verify client's IP to belong to internal networks. - // Internal services set different cookies depending on which network the user's IP - external or internal. - // - // Use X-Forwarded-For to send user's IP which will be sent to blackbox. - // - // IP address need specify in standard IPv4 format (for example, 194.84.46.241) - // or IPv6 (for example, 2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d). - // If IP address in the wrong format, returns an error message. - - // Value of the cookie being checked Session_id. - string session_id = 1 [(required) = true, (length) = "<=4093", (sensitive) = true]; - - // The value of a cookie sessionid2. - string ssl_session_id = 2 [(length) = "<=4093", (sensitive) = true]; - - // Host address, for example "yandex.ua" or "volozh.ya.ru". - string host = 3 [(required) = true, (length) = "<=253"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_user_account_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_user_account_service.proto deleted file mode 100644 index 733dfd26609..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1/yandex_passport_user_account_service.proto +++ /dev/null @@ -1,52 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.iam.v1; - -import "google/api/annotations.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/priv/operation/operation.proto"; -import "yandex/cloud/priv/iam/v1/user_account.proto"; -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/iam/v1;iam"; -option java_outer_classname = "PYPUAS"; - -service YandexPassportUserAccountService { - rpc GetByLogin (GetUserAccountByLoginRequest) returns (UserAccount) { - option (google.api.http) = { get: "/iam/v1/yandexPassportUserAccounts:byLogin" }; - } - - // create subject_id for Yandex.Passport user identifier. - rpc AddUserAccounts (AddPassportUserAccountsRequest) returns (operation.Operation) { - option (yandex.cloud.api.operation) = { - metadata: "AddUserAccountsMetadata" - response: "AddUserAccountsResponse" - }; - } -} - -message GetUserAccountByLoginRequest { - string login = 1 [(required) = true]; -} - -message AddUserAccountsMetadata { -} - -message AddUserAccountsResponse { - repeated UserAccount valid_users = 1; - repeated PassportUser invalid_users = 2; -} - - -message AddPassportUserAccountsRequest { - repeated PassportUser passport_users = 1 [(size) = "1-100"]; -} - -message PassportUser { - oneof identity { - option (exactly_one) = true; - // Yandex.Passport login or Yandex.Passport email - string login = 1 [(length) = "2-63"]; - int64 uid = 2 [(value) = ">0"]; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/CMakeLists.txt deleted file mode 100644 index 7efbdab52f6..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(cloud-priv-oauth) -set_property(TARGET cloud-priv-oauth PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET cloud-priv-oauth PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-oauth PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-oauth PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(cloud-priv-oauth PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - contrib-libs-protobuf -) -target_proto_messages(cloud-priv-oauth PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/claims.proto -) -target_proto_addincls(cloud-priv-oauth - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(cloud-priv-oauth - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(cloud-priv-oauth - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/claims.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/claims.proto deleted file mode 100644 index 8f3d42426a8..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/claims.proto +++ /dev/null @@ -1,90 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.oauth; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/oauth;oauth"; -option java_outer_classname = "Claims"; - -import "yandex/cloud/priv/validation.proto"; - -// claims representation, see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for details -message SubjectClaims { - // Subject - Identifier for the End-User at the Issuer. - string sub = 1 [(required) = true, (length) = "<=50"]; - // End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences. - string name = 2; - // Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters. - string given_name = 3; - // Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters. - string family_name = 4; - // Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. - // This value MAY be any valid JSON string including special characters such as @, /, or whitespace. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7. - string preferred_username = 7; - // URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), - // rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User. - string picture = 9; - // End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. - // The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7. - string email = 11; - // String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles. - string zoneinfo = 15; - // End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639-1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166-1] country code in uppercase, separated by a dash. - // For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well. - string locale = 16; - // End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. - // If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678. - string phone_number = 17; - - - // Subject type. - SubjectType sub_type = 99; - // non-empty only for federated users - Federation federation = 100; - // An image content of the user. Typically a space-efficient format like JPEG or GIF encoded in base64-string. - // The maximum size is limited to 100 Kib. - string picture_data = 101; - YandexClaims yandex_claims = 200; -} - -// minimalistic analog of yandex.cloud.priv.iam.v1.saml.Federation -message Federation { - // ID of the federation. - string id = 1 [(required) = true, (length) = "<=50"]; - // Name of the federation. The name is unique within the cloud or organization - string name = 3; - // Whether the federation is global or not. - bool is_global = 5; -} - -message YandexClaims { - // staff.yandex-team.ru login - only for passport users - string staff_login = 1; - // passport uid (external). default_uid for Yandex.Passport active multi-session. - int64 passport_uid = 2; - // passport login - string login = 3; - // For size-specific avatar rendering purposes https://avatars.mds.yandex.net/get-yapic/<avatarId>/<avatarSize> - // see https://doc.yandex-team.ru/blackbox/reference/method-sessionid-response-json.html#method-sessionid-response-json__display-name - string avatar_id = 4; - // passport default email - string email = 5; - bool two_factor_authentication_enabled = 6; - int64 karma = 7; - repeated string phones = 8; - Domain domain = 9; - string login_id = 10; - - message Domain { - string domain = 1; - string domid = 2; - bool hosted = 3; - } -} - -enum SubjectType { - SUBJECT_TYPE_UNSPECIFIED = 0; - USER_ACCOUNT = 1; - SERVICE_ACCOUNT = 2; - GROUP = 3; - INVITEE = 4; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/CMakeLists.txt deleted file mode 100644 index 3d82ddefb09..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/CMakeLists.txt +++ /dev/null @@ -1,59 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(priv-oauth-v1) -set_property(TARGET priv-oauth-v1 PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET priv-oauth-v1 PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(priv-oauth-v1 PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(priv-oauth-v1 PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(priv-oauth-v1 PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - iam-v1-token - iam-v1-ts - cloud-priv-oauth - contrib-libs-protobuf -) -target_proto_messages(priv-oauth-v1 PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/claim_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/cloud_user.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/oauth_request.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/session_service.proto -) -target_proto_addincls(priv-oauth-v1 - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(priv-oauth-v1 - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(priv-oauth-v1 - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/claim_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/claim_service.proto deleted file mode 100644 index 938a2fdf075..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/claim_service.proto +++ /dev/null @@ -1,25 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.oauth.v1; - -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/oauth/claims.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1;oauth"; -option java_outer_classname = "PACS"; - -service ClaimService { - rpc Get (GetClaimsRequest) returns (GetClaimsResponse); -} - -message GetClaimsRequest { - repeated string subject_ids = 1 [(size) = "1-1000", (length) = "<=50"]; -} - -message GetClaimsResponse { - repeated SubjectDetails subject_details = 2; -} - -message SubjectDetails { - SubjectClaims subject_claims = 1 [(required) = true]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/clients.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/clients.yaml deleted file mode 100644 index 5ca0c87b571..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/clients.yaml +++ /dev/null @@ -1,72 +0,0 @@ -oauth_clients: - yc.oauth.oauth_server: - name: 'Yandex.Cloud OAuth Server' - scopes: [] - yc.oauth.assembly_workshop: - name: 'Yandex.Cloud OAuth Server' - scopes: [] - - yc.oauth.console: - name: 'Yandex.Cloud Management Console' - includedRoles: - - resource-manager.clouds.owner - scopes: - - yc.organization-manager.federations.manage - - yc.organization-manager.users.manage # invite users to ogranization from cloud ACL page - - yc.organization-manager.users.get # suggest users - permissions: - - organization-manager.organizations.listAccessBindings # show inherited bindings from organization - - certificate-manager.providers.use # permission to request/view internal certificates for YC developers - - yc.oauth.doubleconsole: - name: 'DoubleCloud Management Console' - includedRoles: - - organization-manager.organizations.owner - - resource-manager.clouds.owner - scopes: [] - - yc.oauth.mobile-app: - name: 'Yandex.Cloud Mobile Application' - scopes: [] - includedRoles: - - resource-manager.clouds.owner - - yc.oauth.partners: - name: 'Yandex.Cloud Partners Portal' - includedRoles: - - viewer - - billing.clouds.owner - - billing.accounts.admin - - marketplace.editor - scopes: - - yc.support.tickets.manage - - yc.resource-manager.clouds.accessBindings.manage # XXX temporary, see CLOUD-70244 and CLOUDBIZ-5425 for details - - yc.oauth.iap-ydb-viewer: - name: 'Yandex.Cloud Identity-Aware Proxy for YDB Viewer' - scopes: [] - includedRoles: - - iap.web.user - - ydb.viewer - - yc.oauth.query: - name: 'Yandex.Cloud Query' - includedRoles: - - ydb.viewer - - mdb.viewer - - storage.viewer - - yds.viewer - - yq.admin - - yq.internal.admin # to view additional internal data for developers - scopes: - - yc.iam.serviceAccounts.get - - yc.iam.serviceAccounts.use - - yc.resource-manager.folders.get - - yc.resource-manager.clouds.get - - yc.organization-manager.users.get - - yc.oauth.chats-api: - name: 'Yandex.Cloud Support Chats' - scopes: - - yc.support.chats.manage - - yc.support.tickets.manage diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/cloud_user.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/cloud_user.proto deleted file mode 100644 index c16c47a25da..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/cloud_user.proto +++ /dev/null @@ -1,23 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.oauth.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1;oauth"; -option java_outer_classname = "Login"; - -message CloudUserInfo { - // corresponding to eulaAccepted field - bool is_eula_accepted = 1 [deprecated = true]; - // corresponding to hasClouds field - bool is_member_of_cloud = 2 [deprecated = true]; - // corresponding to canCreateClouds field - bool can_create_cloud = 3; - // corresponding to checks field - CreateCloudRestrictions create_cloud_restrictions = 4; - - message CreateCloudRestrictions { - bool has_phone = 1; - bool has_email = 2; - bool has_login = 3; - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/oauth_request.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/oauth_request.proto deleted file mode 100644 index 693acbcad48..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/oauth_request.proto +++ /dev/null @@ -1,15 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.oauth.v1; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1;oauth"; -option java_outer_classname = "OAuthModel"; - -// OAuth request -message OAuthRequest { - // client_id - string client_id = 1 [(required) = true]; - repeated string scopes = 3; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/permissions.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/permissions.yaml deleted file mode 100644 index 6d0cd6046ba..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/permissions.yaml +++ /dev/null @@ -1,21 +0,0 @@ -permissions: - internal.oauth.checkSession: - description: 'Возможность проверять валидность per-service cookies' - stage: GA - visibility: internal - resourceType: organization-manager.application - internal.oauth.createSession: - description: 'Возможность создавать per-service cookies' - stage: GA - visibility: internal - resourceType: organization-manager.application - internal.oauth.getUserAccountClaims: - description: 'Get user accounts claims' - stage: GA - visibility: internal - resourceType: iam.gizmo - internal.oauth.checkPassportSession: - description: 'Check passport cookies and issue IAM-token' - stage: GA - visibility: internal - resourceType: organization-manager.application diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/roles.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/roles.yaml deleted file mode 100644 index 17f8f44df2c..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/roles.yaml +++ /dev/null @@ -1,42 +0,0 @@ -role_groups: - oauth: - name: OAuth roles - -roles: - internal.sessionService: - groups: [oauth] - name: (Внутренняя) session service - visibility: internal - description: Роль для выписывания per-service cookie в session service (кросс-доменная аутентификация) - permissions: - - iam.userAccounts.issueCookie - - iam.userAccounts.issueToken - - iam.serviceAccounts.issueCookie - - iam.serviceAccounts.issueToken - - iam.subjects.issueCookie - - iam.subjects.issueToken - - internal.sessionService.userAccountAgent: - groups: [oauth] - name: User Account Agent - visibility: internal - description: Внутренняя роль для просмотра пользовательских аккаунтов - permissions: - - internal.oauth.getUserAccountClaims - - internal.oauth.client: - groups: [oauth] - name: (Внутренняя) session service + oauth client - visibility: internal - description: Роль для выписывания и проверки per-service cookie конечными сервисами - permissions: - - internal.oauth.checkSession - - internal.oauth.createSession - - internal.oauth.passportClient: - groups: [oauth] - name: (Внутренняя) session service - visibility: internal - description: Роль для выписывания и проверки per-service IAM-token конечными сервисами по Session_id куке Yandex.Passport - permissions: - - internal.oauth.checkPassportSession diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/scopes.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/scopes.yaml deleted file mode 100644 index 4252f532000..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/scopes.yaml +++ /dev/null @@ -1,39 +0,0 @@ -scopes: - openid: - service: oauth - name: '' - # description полжен завершать предложение "приложение сможет" и отвечать на вопрос "сможет что делать?" - description: 'аутентифицировать пользователя и получить его sub (subjectId)' - visibility: public - # сейчас нет возможности выдать пользователю права на чтение только своего профиля, поэтому список пермишенов пустой - permissions: [] - profile: - service: oauth - name: 'получить доступ к основным данным профиля аутентифицированного пользователя (name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at)' - description: '' - visibility: public - permissions: [] - email: - service: oauth - name: 'получить доступ к атрибутам email, email_verified аутентифицированного пользователя' - description: '' - visibility: public - permissions: [] - address: - service: oauth - name: 'получить доступ к атрибуту address аутентифицированного пользователя' - description: '' - visibility: public - permissions: [] - phone: - service: oauth - name: 'получить доступ к атрибутам phone_number, phone_number_verified аутентифицированного пользователя' - description: '' - visibility: public - permissions: [] - offline_access: - service: oauth - name: 'получить refresh_token для аутентифицированного пользователя' - description: '' - visibility: public - permissions: [] diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/session_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/session_service.proto deleted file mode 100644 index 97ed98e8a67..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1/session_service.proto +++ /dev/null @@ -1,153 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.oauth.v1; - -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/iam/v1/token/iam_token.proto"; -import "yandex/cloud/priv/iam/v1/ts/iam_token_service_subject.proto"; -import "yandex/cloud/priv/oauth/claims.proto"; -import "yandex/cloud/priv/oauth/v1/cloud_user.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/oauth/v1;oauth"; -option java_outer_classname = "OAuth"; - -service SessionService { - // Verify the identity of a subject for services, authenticated via Yandex.Cloud IdP. - // IAM-token authorization is required. - // - // gRPC error codes - // - // Unauthenticated: authorization iam_token are invalid or may have expired. - // InvalidArgument: the provided cookies are invalid or may have expired. - // Additional information can be found in details at AuthorizationRequired message - in this case user should be redirected to specified URL - rpc Check (CheckSessionRequest) returns (CheckSessionResponse); - - // Verify the identity of a subject for services, authenticated via Yandex.ID (Yandex.Passport). - // IAM-token authorization is required. - // Usage of this API is limited and will be deprecated. - // - // gRPC error codes - // - // Unauthenticated: authorization iam_token are invalid or may have expired. - // InvalidArgument: the provided cookies are invalid or may have expired. - rpc CheckPassport (CheckPassportSessionRequest) returns (CheckPassportSessionResponse); - - // Create per-service session - // - // gRPC error codes - // Unauthenticated: authorization iam_token are invalid or may have expired. - // InvalidArgument: the provided access_token is invalid or may have expired. - // Additional information can be found in details at AuthorizationRequired message - in this case user should be redirected to specified URL - // FailedPrecondition: openid scope is missed for specified access_token - rpc Create (CreateSessionRequest) returns (CreateSessionResponse); - - // Logout from parent session - rpc Logout (LogoutRequest) returns (LogoutResponse); - - // Accept EULA - rpc AcceptEula (AcceptEulaRequest) returns (AcceptEulaResponse); -} - -message AcceptEulaRequest { - // HTTP-header Cookie with required authentication cookie values (e.g. Session_id) - string cookie_header = 1 [(length) = "<=32768", (sensitive) = true]; - // Service host address, for example "datalens.yandex.ru" or "tracker.yandex.com". - // Used for Yandex.Passport cookie validation (Yandex.Passport cookie is TLD-specific) - string host = 2 [(required) = true, (length) = "<=253"]; - YandexCloudAgreements cloud_agreements = 3; -} - -message AcceptEulaResponse { - YandexCloudAgreements cloud_agreements = 1; -} - -// Yandex.Cloud agreements -message YandexCloudAgreements { - // current Yandex.Cloud EULA text is here https://yandex.ru/legal/cloud_termsofuse/ - bool eula = 1; - bool privacy_policy = 2; - // Deny receiving advertising and other informational messages from the company Yandex.Cloud LLC (OGRN 1187746678580). - bool deny_notifications = 3; -} - -message CheckSessionRequest { - // HTTP-header Cookie with required per-service cookie values (e.g. yc_session) - string cookie_header = 1 [(length) = "<=32768", (sensitive) = true]; - // Service host address, for example "datalens.yandex.ru" or "tracker.yandex.com". - // Used for authorize_url TLD calculation, Yandex.Passport cookie revalidation (Yandex.Passport cookie is TLD-specific) - string host = 2 [(length) = "<=253"]; - // If present - specified federation id should be used for authorization - // otherwise authorization IdP calculated from cookies. - string federation_id = 3 [(length) = "<=50"]; -} - -message CheckSessionResponse { - // Authenticated subject claims. - SubjectClaims subject_claims = 1 [(required) = true]; - // per-service cookie expiration time. - google.protobuf.Timestamp expires_at = 2; - CloudUserInfo cloud_user_info = 3; - yandex.cloud.priv.iam.v1.IamToken iam_token = 4; - // Yandex.Passport active multisession. - PassportSession passport_session = 5; -} - -message CheckPassportSessionRequest { - // HTTP-header Cookie with required per-service cookie values (e.g. yc_session) - string cookie_header = 1 [(length) = "<=32768", (sensitive) = true]; - // Service host address, for example "datalens.yandex.ru" or "tracker.yandex.com". - // Used for authorize_url TLD calculation, Yandex.Passport cookie revalidation (Yandex.Passport cookie is TLD-specific) - string host = 2 [(required) = true, (length) = "<=253"]; - // organization-manager.application ID that is used to authorize and issuer IAM-token - string client_id = 3 [(required) = true, (length) = "<=50"]; -} - -message CheckPassportSessionResponse { - // Authenticated subject claims. - SubjectClaims subject_claims = 1 [(required) = true]; - yandex.cloud.priv.iam.v1.IamToken iam_token = 4; -} - -message PassportSession { - // Yandex.Passport active multisession user info (including default user) - repeated YandexClaims users = 1; -} - -message CreateSessionRequest { - // access_token from successful token response, see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse for details. - string access_token = 1 [(length) = "<=4096", (sensitive) = true]; - // Which hosts are allowed to receive the cookie. In general - application should not send this parameter. - // Domain should match one of the client_id redirect_uri. Unmatched domain parameter is ignored. - // see http://www.rfcreader.com/#rfc6265_line474 for details. - string domain = 2 [(length) = "<=253"]; -} - -message CreateSessionResponse { - // HTTP-header Set-Cookie for End-User with required per-service cookies, e.g. yc_session - repeated string set_cookie_header = 1 [(sensitive) = true]; - // per-service cookie expiration time. - google.protobuf.Timestamp expires_at = 2; -} - -message LogoutRequest { - // HTTP-header Cookie with required per-service cookie values (e.g. yc_session) - string cookie_header = 1 [(length) = "<=32768", (sensitive) = true]; - // Which hosts are allowed to receive the cookie. In general - application should not send this parameter. - // Domain should match one of the client_id redirect_uri. Unmatched domain parameter is ignored. - // see http://www.rfcreader.com/#rfc6265_line474 for details. - string domain = 2 [(length) = "<=253"]; -} - -message LogoutResponse { - yandex.cloud.priv.iam.v1.ts.Subject subject = 1; - // HTTP-header Set-Cookie for End-User with required per-service cookies, e.g. yc_session - // Cloud-specific user authentication cookies should be removed by Set-Cookie header. - repeated string set_cookie_header = 2 [(sensitive) = true]; -} - -message AuthorizationRequired { - // authorize URL, e.g. URL for /authorize OpenID Connect endpoint. - string authorize_url = 1 [(required) = true, (length) = "<=2048"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/operation/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/operation/CMakeLists.txt deleted file mode 100644 index 2c46cc6a81a..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/operation/CMakeLists.txt +++ /dev/null @@ -1,51 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(cloud-priv-operation) -set_property(TARGET cloud-priv-operation PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET cloud-priv-operation PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-operation PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-operation PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(cloud-priv-operation PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - contrib-libs-protobuf -) -target_proto_messages(cloud-priv-operation PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/operation/operation.proto -) -target_proto_addincls(cloud-priv-operation - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(cloud-priv-operation - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(cloud-priv-operation - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/operation/operation.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/operation/operation.proto deleted file mode 100644 index 0867840b506..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/operation/operation.proto +++ /dev/null @@ -1,28 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.operation; - -import "google/protobuf/any.proto"; -import "google/rpc/status.proto"; -import "google/protobuf/timestamp.proto"; - - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/operation;operation"; -option java_outer_classname = "PO"; - -message Operation { - string id = 1; - string description = 2; // ex: Create VM, Stop VM, Delete Disk, Snapshot Disk, etc - google.protobuf.Timestamp created_at = 3; - string created_by = 4; - google.protobuf.Timestamp modified_at = 5; - - bool done = 6; - - google.protobuf.Any metadata = 7; - - oneof result { - google.rpc.Status error = 8; // for error and cancellation - google.protobuf.Any response = 9; // for 'Create/Update' should contain entity - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/quota/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/quota/CMakeLists.txt deleted file mode 100644 index 4e9abb7d040..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/quota/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(cloud-priv-quota) -set_property(TARGET cloud-priv-quota PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET cloud-priv-quota PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-quota PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(cloud-priv-quota PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(cloud-priv-quota PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - contrib-libs-protobuf -) -target_proto_messages(cloud-priv-quota PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/quota/quota.proto -) -target_proto_addincls(cloud-priv-quota - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(cloud-priv-quota - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(cloud-priv-quota - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/quota/quota.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/quota/quota.proto deleted file mode 100644 index 8e3200a0243..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/quota/quota.proto +++ /dev/null @@ -1,63 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.quota; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/quota;quota"; -option java_outer_classname = "PQ"; - -// Cloud service should implement grpc service with signature -// -//service QuotaService { -// rpc Get (quota.GetQuotaRequest) returns (quota.Quota); -// -// rpc BatchUpdateMetric (quota.BatchUpdateQuotaMetricsRequest) returns (google.protobuf.Empty); -//} - -message Quota { - string cloud_id = 1; - repeated QuotaMetric metrics = 2; -} - -message QuotaMetric { - string name = 1; // formatted as <domain>.<metric>.<unit>, e.g. mdb.hdd.size - int64 value = 2 [deprecated=true]; // use 'usage' field instead - int64 limit = 3; - double usage = 4; -} - -message MetricLimit { - string name = 1; - int64 limit = 2; -} - -message GetQuotaRequest { - string cloud_id = 1 [(required) = true, (length) = "<=50"]; -} - -message UpdateQuotaMetricRequest { - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - MetricLimit metric = 2; -} - -message BatchUpdateQuotaMetricsRequest { - string cloud_id = 1 [(required) = true, (length) = "<=50"]; - repeated MetricLimit metrics = 2; -} - -message GetQuotaDefaultRequest { -} - -message GetQuotaDefaultResponse { - repeated MetricLimit metrics = 1; -} - -message QuotaFailure { - message Violation { - QuotaMetric metric = 1; - int64 required = 2; // new value for the MetricLimit.limit, so it is: old limit + delta - } - string cloud_id = 1; - repeated Violation violations = 2; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/resources.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/resources.yaml deleted file mode 100644 index 9a051f003a6..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -resources: - root: - parents: [] diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/restrictions.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/restrictions.yaml deleted file mode 100644 index fe8e05053b3..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/restrictions.yaml +++ /dev/null @@ -1,32 +0,0 @@ -restrictions: - blockPermissions: - freeTier: - denyAllPermissionsByDefault: true - - deletingContainer: - denyAllPermissionsByDefault: true - - billSuspend: - servicesToStop: ["*"] - resourcesToStop: [] - stopDelay: PT0S - deletionInitiationInterval: P57D - deletionDelay: P3D - denyAllPermissionsByDefault: true - - clientBlocking: - servicesToStop: ["*"] - stopDelay: PT0S - denyAllPermissionsByDefault: true - - fraud: - servicesToStop: ["*"] - stopDelay: PT0S - deletionInitiationInterval: P4D - deletionDelay: P3D - denyAllPermissionsByDefault: true - - elasticsearchSanctions: - servicesToStop: ["managed-elasticsearch"] - stopDelay: P7D - denyAllPermissionsByDefault: false diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/roles.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/roles.yaml deleted file mode 100644 index 091520149e7..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/roles.yaml +++ /dev/null @@ -1,447 +0,0 @@ -role_groups: - primitive: - name: Primitive roles - staff: - name: Cloud Staff Roles - infra: - name: YC Infra roles - -roles: - - ############################################################################## - # Primitive Roles - ############################################################################## - - viewer: - name: viewer - groups: [primitive] - description: доступ ко всем функциям в режиме чтения - visibility: public - includedRoles: - - alb.viewer.pseudo - - api-gateway.viewer - - audit-trails.configViewer - - audit-trails.viewer - - billing.accounts.viewer - - cdn.viewer - - certificate-manager.viewer - - cic.partnerViewer - - cic.secretViewer - - cic.viewer - - cloudbeaver.viewer - - compute.instanceGroups.viewer - - compute.viewer - - container-registry.viewer - - data-transfer.viewer - - dataproc.viewer - - datasphere.user - - dcnetwork.viewer # DoubleCloud Network - - dns.viewer - - gitlab.viewer - - iam.viewer - - iot.viewer - - k8s.cluster-api.viewer - - k8s.viewer - - kms.viewer - - load-balancer.viewer - - load-balancer.viewer - - loadtesting.viewer - - lockbox.viewer - - logging.reader - - logging.viewer - - marketplace.viewer - - mdb.viewer - - monitoring.viewer - - organization-manager.viewer - - quota-manager.viewer - - resource-manager.viewer - - serverless.containers.viewer - - serverless.functions.viewer.pseudo - - smart-captcha.viewer - - storage.viewer - - vdi.viewer - - vpc.viewer - - ydb.viewer - - ydb.viewer.pseudo - - yds.viewer - - ymq.viewer - - ymq.viewer.pseudo - - yq.viewer - scopes: - - yc.datalens.view - - yc.support.tickets.manage - permissions: - - cloudai.resources.{get,list} - - logs.logEvents.read - - editor: - name: 'editor' - groups: [primitive] - description: доступ ко всем функциям в режиме чтения и записи - visibility: public - includedRoles: - - ai.speechkit-stt.user - - ai.speechkit-tts.user - - ai.translate.user - - ai.vision.user - - alb.editor.pseudo - - api-gateway.editor - - audit-trails.editor - - billing.accounts.editor - - cdn.editor - - certificate-manager.editor - - cic.editor - - cic.partnerEditor - - cic.secretEditor - - cloudbeaver.editor - - compute.editor - - compute.instanceGroups.editor - - compute.osLogin - - container-registry.editor - - data-transfer.editor - - datalens.instances.user - - dataproc.editor - - dcnetwork.editor # DoubleCloud Network - - dns.editor - - gitlab.editor - - iam.editor - - iot.editor - - k8s.cluster-api.cluster-admin - - k8s.editor - - kms.editor - - loadtesting.editor - - lockbox.editor - - logging.editor - - logging.writer - - marketplace.editor - - mdb.editor - - monitoring.editor - - organization-manager.editor - - quota-manager.editor - - resource-manager.editor - - serverless.containers.editor - - serverless.functions.editor.pseudo - - smart-captcha.editor - - storage.editor - - vdi.editor - - viewer - - vpc.privateEditor.pseudo - - vpc.publicEditor.pseudo - - vpc.securityGroups.editor.pseudo - - vpc.user - - ydb.editor - - yds.editor - - ylb.networkLoadBalancers.publicEditor.pseudo - - ylb.targetGroups.editor.pseudo - - ymq.editor - - yq.editor - permissions: - - cloudai.biometry.exec - - cloudai.locator.exec - - cloudai.predictor.exec - - cloudai.resources.{create,delete,update} - - cloudai.speller.exec - - cloudai.vocabulary.exec - - logs.logEvents.write - - admin: - name: 'admin' - groups: [primitive] - description: доступ ко всем функциям в режиме чтения и записи, управление пользователями - и политиками - visibility: public - includedRoles: - - alb.admin.pseudo - - api-gateway.admin - - audit-trails.admin - - billing.accounts.admin - - cdn.admin - - certificate-manager.admin - - cloudbeaver.admin - - compute.admin - - compute.osAdminLogin - - container-registry.admin - - data-transfer.admin - - datalens.instances.admin - - dataproc.admin - - datasphere.admin - - dcnetwork.admin # DoubleCloud Network - - dns.admin - - editor - - gitlab.admin - - iam.admin - - iot.admin - - k8s.admin - - k8s.cluster-api.cluster-admin - - kms.admin - - loadtesting.admin - - lockbox.admin - - logging.admin - - mdb.admin - - monitoring.admin - - organization-manager.admin - - quota-manager.admin - - resource-manager.admin - - serverless.containers.admin - - serverless.functions.admin - - smart-captcha.admin - - storage.admin - - vdi.admin - - vpc.admin - - ydb.admin - - yds.admin - - ymq.admin - - yq.admin - - auditor: - #это временная роль, которая сейчас по составу неправильная и в таком виде ее нельзя пускать дальше в прод, пока сервисы не готовы поддерживать новую сервисную роль самостоятельно https://st.yandex-team.ru/CLOUDBIZ-6178 - name: auditor - groups: [primitive] - description: доступ только к конфигурации и метадате - visibility: internal - includedRoles: - - storage.configViewer - - vpc.viewer - - k8s.viewer - - k8s.cluster-api.viewer - - lockbox.viewer - - kms.viewer - - audit-trails.configViewer - - load-balancer.viewer - - certificate-manager.viewer - - container-registry.viewer - - iam.viewer - - dns.viewer - - monitoring.viewer - permissions: - - compute.console.getFolderStats - - compute.console.getDiskLimits - - compute.diskOperations.list - - compute.disks.{get,list} - - compute.filesystemOperations.list - - compute.filesystems.{get,list} - - compute.imageOperations.list - - compute.images.getLatestByFamily - - compute.images.{get,list} - - compute.instanceOperations.list - - compute.instances.{get,list} - - compute.instanceGroups.{get,list} - - compute.networkInterfaces.{get,list} - - compute.operations.{get,list} - - compute.placementGroups.{get,list,listInstances} - - compute.placementGroupOperations.list - - compute.platforms.get - - compute.diskPlacementGroups.{get,list,listDisks} - - compute.diskPlacementGroupOperations.list - - compute.hostGroups.{get,list,listHosts,listInstances} - - compute.hostGroupOperations.list - - compute.quotas.getCloudLimit - - compute.snapshotOperations.list - - compute.snapshots.{get,list} - - compute.zones.{get,list} - - ############################################################################## - # Support Roles - ############################################################################## - - support: - groups: [staff] - name: Техподдержка - visibility: internal - description: возможность проведения специфичных для support операций - includedRoles: - - alb.support - - audit-trails.support - - billing.support - - cdn.support - - certificate-manager.support - - cic.support - - cloudai.support - - cloudbeaver.support - - cloudsearch.cloudsIndex.support - - compute.instanceGroups.support - - compute.support - - container-registry.support - - data-transfer.support - - datalens.support - - disk-manager.support - - dns.support - - gitlab.support - - iam.support - - iot.support - - k8s.support - - kms.support - - load-balancer.support - - loadtesting.support - - lockbox.support - - logging.support - - logs.support - - marketplace.support - - mdb.supportMdb - - monitoring.support - - nbs.support - - quota-manager.support - - serverless.support - - storage.support - - vdi.support - - vpc.support - - ydb.support - - yds.support - - ymq.support - permissions: [] - - supportAdmin: - groups: [staff] - name: Техподдержка - visibility: internal - description: доступ к методам удаления объектов и квотам compute - includedRoles: - - alb.supportAdmin - - audit-trails.supportAdmin - - billing.supportAdmin - - cdn.supportAdmin - - certificate-manager.supportAdmin - - cic.supportAdmin - - cloudai.supportAdmin - - cloudbeaver.supportAdmin - - compute.instanceGroups.supportAdmin - - compute.supportAdmin - - container-registry.supportAdmin - - data-transfer.supportAdmin - - datalens.supportAdmin - - disk-manager.supportAdmin - - dns.supportAdmin - - gitlab.supportAdmin - - iam.supportAdmin - - iot.supportAdmin - - k8s.supportAdmin - - kms.supportAdmin - - load-balancer.supportAdmin - - loadtesting.supportAdmin - - lockbox.supportAdmin - - logging.supportAdmin - - logs.supportAdmin - - marketplace.supportAdmin - - mdb.supportAdmin - - monitoring.supportAdmin - - nbs.supportAdmin - - quota-manager.supportAdmin - - serverless.supportAdmin - - storage.supportAdmin - - vdi.supportAdmin - - vpc.supportAdmin - - ydb.supportAdmin - - yds.supportAdmin - - ymq.supportAdmin - permissions: [] - - supportadmin: - groups: [staff] - name: Техподдержка - visibility: internal - description: DEPRECATED - includedRoles: - - alb.supportAdmin - - audit-trails.supportAdmin - - billing.supportAdmin - - cdn.supportAdmin - - certificate-manager.supportAdmin - - cloudai.supportAdmin - - compute.supportAdmin - - container-registry.supportAdmin - - data-transfer.supportAdmin - - datalens.supportAdmin - - disk-manager.supportAdmin - - iam.supportAdmin - - iot.supportAdmin - - k8s.supportAdmin - - kms.supportAdmin - - load-balancer.supportAdmin - - lockbox.supportAdmin - - logs.supportAdmin - - marketplace.supportAdmin - - mdb.supportAdmin - - monitoring.supportAdmin - - nbs.supportAdmin - - serverless.supportAdmin - - storage.supportAdmin - - vdi.supportAdmin - - vpc.supportAdmin - - ydb.supportAdmin - - yds.supportAdmin - - ymq.supportAdmin - permissions: [] - - - ############################################################################## - # On-call Roles - ############################################################################## - - onCall: - groups: [staff] - name: Инженер on-call - visibility: internal - description: доступы для всех инженеров on-call - includedRoles: - - monitoring.viewer # все дежурные могут смотреть в мониторинге метрики любых облаков и ресурсов CLOUD-67217 - - cloudsearch.cloudsIndex.onCall # все дежурные могут смотреть в индекс по всем ресурсам - permissions: - - organization-manager.organizations.get - - resource-manager.clouds.get - - resource-manager.folders.get - - - ############################################################################## - # Internal Roles - ############################################################################## - - compute.admin: - groups: [compute, instance-group] - name: Администратор Compute - visibility: public - description: доступ ко всем функциям compute, включая instance-group - includedRoles: - - compute.admin.withoutVpc.pseudo - - compute.instanceGroups.admin - - vpc.user - - internal.empty: - groups: [infra] - name: (Внутренняя) Пустая роль - visibility: internal - description: роль без полномочий для тестовых целей - permissions: [] - - internal.infra: - groups: [infra] - name: Роль для SA селфхоста - visibility: internal - description: '' - permissions: [] - - internal.teamcityagent: - groups: [infra] - name: (Внутренняя) Агент Teamcity - visibility: internal - description: доступ к Container Registry - permissions: - - container-registry.images.{create,update} - - container-registry.images.{get,list} - - container-registry.quotas.get - - container-registry.registries.{get,list} - - internal.computehead: - groups: [infra] - name: "(Внутренняя) Роль для SA head'ов compute" - visibility: internal - description: '' - includedRoles: - - internal.compute.snapshotService.admin - - internal.marketplacelicense - - internal.disk-manager.user - - internal.nbs.admin - permissions: - - vpcInternal.computeInternal.use - - compute.worker.catchTasks - - resource-manager.folders.get - - resource-manager.clouds.get diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/sensitive.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/sensitive.proto deleted file mode 100644 index be953a9dcb5..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/sensitive.proto +++ /dev/null @@ -1,24 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv; - -import "google/protobuf/descriptor.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv;cloud"; - -enum SensitiveType { - SENSITIVE_TYPE_UNSPECIFIED = 0; - SENSITIVE_CRC = 1; - SENSITIVE_IAM_TOKEN = 2; - SENSITIVE_REMOVE = 3; - SENSITIVE_YANDEX_PASSPORT_OAUTH_TOKEN = 4; - SENSITIVE_IAM_COOKIE = 5; -} - -extend google.protobuf.FieldOptions { - // novikoff: - // Sensitive fields are hidden in logs - // For now could be applied only to string fields - bool sensitive = 100601; - SensitiveType sensitive_type = 100602; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/CMakeLists.txt b/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/CMakeLists.txt deleted file mode 100644 index 610138bc7cf..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/CMakeLists.txt +++ /dev/null @@ -1,54 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(priv-servicecontrol-v1) -set_property(TARGET priv-servicecontrol-v1 PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET priv-servicecontrol-v1 PROPERTY - PROTO_NAMESPACE cloud/bitbucket/private-api -) -target_include_directories(priv-servicecontrol-v1 PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_include_directories(priv-servicecontrol-v1 PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_link_libraries(priv-servicecontrol-v1 PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-priv - contrib-libs-protobuf -) -target_proto_messages(priv-servicecontrol-v1 PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/access_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/resource.proto -) -target_proto_addincls(priv-servicecontrol-v1 - ./cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/private-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(priv-servicecontrol-v1 - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/private-api -) -target_proto_plugin(priv-servicecontrol-v1 - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/access_service.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/access_service.proto deleted file mode 100644 index 4f6e066134d..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/access_service.proto +++ /dev/null @@ -1,255 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.servicecontrol.v1; - -import "google/protobuf/timestamp.proto"; -import "google/protobuf/any.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/priv/validation.proto"; -import "yandex/cloud/priv/sensitive.proto"; -import "yandex/cloud/priv/servicecontrol/v1/resource.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1;servicecontrol"; - -service AccessService { - // Verify the identity of a subject. - // - // gRPC error codes - // - // Ok: the provided credentials are valid - // Unauthenticated: the provided credentials are invalid or may have expired - // InvalidArgument: the client specified an invalid argument (please note that this applies to the request in itself, - // not to the content of the request, i.e. you will get the InvalidArgument error if the message - // size exceeds the server limit but Unauthenticated if the token format is not recognized) - // Unavailable: the service is currently unavailable, the client should retry again - // Internal: the service is broken - // - // Please note that these do not include client-side errors (e.g. Cancelled, DeadlineExceeded, etc.) - rpc Authenticate (AuthenticateRequest) returns (AuthenticateResponse); - - // Check if a subject is allowed to perform an action. This also authenticates the subject if any credentials are - // passed as an identity. - // - // gRPC error codes - // - // Ok: the provided credentials (if any) are valid and the subject has permissions to access the - // specified resource - // Unauthenticated: the provided credentials are invalid or may have expired - // PermissionDenied: the subject does not have permissions to access the specified resource - // InvalidArgument: the client specified an invalid argument (please note that this applies to the request in itself, - // not to the content of the request, i.e. you will get the InvalidArgument error if the message - // size exceeds the server limit or the specified permission does not exist but Unauthenticated if - // the token format is not recognized) - // Unavailable: the service is currently unavailable, the client should retry again - // Internal: the service is broken - // - // Please note that these do not include client-side errors (e.g. Cancelled, DeadlineExceeded, etc.) - rpc Authorize (AuthorizeRequest) returns (AuthorizeResponse); - - // Similar to Authorize, but requests multiple actions for one subject. - // - // gRPC error codes will be the same, except for these cases: - // - An Unauthenticated error of BulkAuthorizeRequest.identity is returned in - // BulkAuthorizeResponse.unauthenticated_error. - // - All PermissionDenied of BulkAuthorizeRequest.authorizations are returned in - // BulkAuthorizeResponse.results. - // - // You can control the information returned in BulkAuthorizeResponse.results with: - // - result_filter : return all errors (ALL_FAILED) or only the first one (FIRST_FAILED), if any. - // - result_mask : You can choose the fields returned (all by default), - // from the fields in BulkAuthorizeResponse.Result. - // - rpc BulkAuthorize (BulkAuthorizeRequest) returns (BulkAuthorizeResponse); -} - -message AuthenticateRequest { - oneof credentials { - option (exactly_one) = true; - - // IAM-token obtained from the IAM Token Service. - // The server response for an empty IAM token is UNAUTHENTICATED - string iam_token = 1 [(length) = "<=1024", (sensitive) = true, (sensitive_type) = SENSITIVE_IAM_TOKEN]; - - // AWS-compatible signature. - AccessKeySignature signature = 2; - - // API key. - // The server response for an empty API key is UNAUTHENTICATED - string api_key = 3; - - // IAM-cookie. - // The server response for an empty IAM cookie is UNAUTHENTICATED - string iam_cookie = 4 [(sensitive) = true, (sensitive_type) = SENSITIVE_IAM_COOKIE]; - } -} - -message AuthenticateResponse { - Subject subject = 1; -} - -message AuthorizeRequest { - oneof identity { - option (exactly_one) = true; - - Subject subject = 1; - - // IAM-token obtained from the IAM Token Service. - // The server response for an empty IAM token is UNAUTHENTICATED - string iam_token = 2 [(length) = "<=1024", (sensitive) = true, (sensitive_type) = SENSITIVE_IAM_TOKEN]; - - // AWS-compatible signature. - AccessKeySignature signature = 3; - - // API key. - // The server response for an empty API key is UNAUTHENTICATED - string api_key = 6; - } - - string permission = 4 [(required) = true, (length) = "<=128"]; - - // A resource to authorize access to. This may also include a service-specific hierarchy of the resource, usually - // ends with resource-manager.folder. - // - // Examples: - // (resource-manager.folder, b1gn3enigctah04o0fkb) - // (billing.account, b1gqql62454n46tboesn) - // (compute.instance, b1gqqhvc4fg65mkrefs8), (resource-manager.folder, b1gn3enigctah04o0fkb) - // (resource-manager.cloud, aje56o8prppkrpaiuoc6) - // (my-service.instance, b1gqqepv0upu57issrog), (resource-manager.cloud, aje56o8prppkrpaiuoc6) - repeated Resource resource_path = 5 [(size) = ">0"]; -} - -message AuthorizeResponse { - Subject subject = 1; - - // Full path to the resource. - repeated Resource resource_path = 2; -} - -message BulkAuthorizeRequest { - oneof identity { - option (exactly_one) = true; - - Subject subject = 1; - - string iam_token = 2 [(length) = "<=1024", (sensitive) = true, (sensitive_type) = SENSITIVE_IAM_TOKEN]; - - AccessKeySignature signature = 3; - - string api_key = 4; - } - - oneof authorizations { - option (exactly_one) = true; - - Actions actions = 5; - - ActionMatrix action_matrix = 6; - } - - ResultFilter result_filter = 7; - - google.protobuf.FieldMask result_mask = 8; - - message Action { - repeated Resource resource_path = 1 [(size) = "1-128"]; - - string permission = 2 [(required) = true, (length) = "<=128"]; - } - - message Actions { - repeated Action items = 1 [(size) = "1-1000"]; - } - - // Cross product of paths and permissions (represents N*M actions, N*M <= 1000). - message ActionMatrix { - repeated ResourcePath resource_paths = 2 [(size) = "1-1000"]; - - repeated string permissions = 1 [(size) = "1-1000", (length) = "<=128"]; - } - - enum ResultFilter { - RESULT_FILTER_UNSPECIFIED = 0; - FIRST_FAILED = 1; - ALL_FAILED = 2; - } -} - -message BulkAuthorizeResponse { - Subject subject = 1; - - Error unauthenticated_error = 2; - - Results results = 3; - - message Results { - repeated Result items = 1; - } - - message Result { - string permission = 1; - - repeated Resource resource_path = 2; - - Error permission_denied_error = 3; - } - - message Error { - string message = 1; - - repeated google.protobuf.Any details = 2; - } -} - -message AccessKeySignature { - string access_key_id = 1 [(required) = true, (length) = "<=50"]; - string string_to_sign = 2 [(required) = true, (length) = "<=8192"]; - string signature = 3 [(required) = true, (length) = "<=128", (sensitive) = true, (sensitive_type) = SENSITIVE_CRC]; - - oneof parameters { - option (exactly_one) = true; - - Version2Parameters v2_parameters = 4; - Version4Parameters v4_parameters = 5; - } - - message Version2Parameters { - SignatureMethod signature_method = 1; - - enum SignatureMethod { - SIGNATURE_METHOD_UNSPECIFIED = 0; - HMAC_SHA1 = 1; - HMAC_SHA256 = 2; - } - } - - message Version4Parameters { - google.protobuf.Timestamp signed_at = 1 [(required) = true]; - string service = 2 [(required) = true, (length) = "<=64"]; - string region = 3 [(required) = true, (length) = "<=32"]; - } -} - -message Subject { - oneof type { - option (exactly_one) = true; - - UserAccount user_account = 1; - ServiceAccount service_account = 2; - AnonymousAccount anonymous_account = 3; - } - - message UserAccount { - string id = 1 [(required) = true, (length) = "<=50"]; - string federation_id = 2 [(length) = "<=50"]; - } - - message ServiceAccount { - string id = 1 [(required) = true, (length) = "<=50"]; - string folder_id = 2 [(length) = "<=50"]; - } - - // Use this if you want to check if an unauthenticated subject is allowed to access a resource. - message AnonymousAccount { - } -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/resource.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/resource.proto deleted file mode 100644 index 4ad3293eb10..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1/resource.proto +++ /dev/null @@ -1,19 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv.servicecontrol.v1; - -import "yandex/cloud/priv/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv/servicecontrol/v1;servicecontrol"; -option java_outer_classname = "PR"; - -message Resource { - string id = 1 [(required) = true, (length) = "<=50"]; - - // The type of the resource, e.g. resource-manager.folder, billing.account, compute.snapshot, etc. - string type = 2 [(required) = true, (length) = "<=64"]; -} - -message ResourcePath { - repeated Resource path = 1 [(size) = "1-128"]; -} diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/services.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/services.yaml deleted file mode 100644 index ef7524a0b48..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/services.yaml +++ /dev/null @@ -1,186 +0,0 @@ -# one of the following https://cloud.yandex.ru/services#_all -services: - dwh: - name: Yandex Cloud DWH (Internal) - description: Облачный DWH - resource-manager: - name: Yandex Resource Manager - description: Управление ресурсами в каталогах и облаках - storage: - name: Yandex Object Storage - description: Масштабируемое хранилище данных - aliases: [s3] - ai: - name: Yandex SpeechKit, Yandex Translate, Yandex Vision - description: Комплекс технологий распознавания и синтеза речи, машинный перевод, анализ изображений - aliases: [cloudai] - certificate-manager: - name: Yandex Certificate Manager - description: Управление TLS-сертификатами - cdn: - name: Yandex Cloud CDN - description: Сервис CDN - compute: - name: Yandex Compute Cloud - description: Виртуальные машины и диски - container-registry: - name: Yandex Container Registry - description: Управление Docker-образами - datalens: - name: Yandex DataLens - description: Визуализация и анализ данных - datasphere: - name: Yandex DataSphere - description: Платформа для ML-разработчиков - dns: - name: Yandex Cloud DNS - description: ДНС - iam: - name: Yandex Identity and Access Management - description: Идентификация и контроль доступа к облачным ресурсам - iot: - name: Yandex IoT Core - description: Решения для интернета вещей - managed-kubernetes: - name: Yandex Managed Service for Kubernetes - description: Управление кластерами Kubernetes - aliases: [k8s] - kms: - name: Yandex Key Management Service - description: Управление ключами шифрования - ylb: - name: Yandex Load Balancer - description: Сетевые балансировщики нагрузки - aliases: [load-balancer] - mdb: - name: Yandex Managed Data Bases - description: Управление базами данных - instance-group: - name: Yandex Instance Groups - description: Группы виртуальных машин - monitoring: - name: Yandex Monitoring - description: Сбор и визуализация метрик - serverless: - name: Yandex Cloud Functions - description: Запуск вашего кода в виде функции - api-gateway: - name: Yandex API Gateway - description: Cервис для управления API-шлюзами - vpc: - name: Yandex Virtual Private Cloud - description: Управление сетями в облаке - cic: - name: Yandex Cloud Interconnect - description: Связность между виртуальными сетями и on-premise сетями - ydb: - name: Yandex Database - description: Распределённая отказоустойчивая NewSQL СУБД - yds: - name: Yandex Data Streams - description: Отказоустойчивый сервис для передачи потоков данных - ymq: - name: Yandex Message Queue - description: Очереди для обмена сообщениями между приложениями - marketplace: - name: Yandex Cloud Marketplace - description: '' - alb: - name: Load Balancer API - description: '' - oauth: - name: Yandex Cloud OAuth 2.0 & OpenID Connect server - description: '' - billing: - name: Billing (internal) - description: '' - support: - name: Support (internal) - description: '' - yq: - name: Yandex Query - description: Сервис безсерверной аналитики - data-transfer: - name: Data Transfer - description: Сервис без серверного трансфера данных - dataproc: - name: Data Proc - description: Управление кластерами Apache Hadoop и Apache Spark - organization-manager: - name: Organization Manager - description: Управление Организациями - vulnerability-scanner: - name: Vulnerability Scanner (internal) - description: Сервис сканирования образов на уязвимости - lockbox: - name: Yandex Lockbox - description: Управление секретами - managed-kafka: - name: Yandex Managed Service for Apache Kafka - description: Управление кластерами Apache Kafka - managed-elasticsearch: - name: Yandex Managed Service for Elasticsearch - description: Управление кластерами Elasticsearch - managed-sqlserver: - name: Yandex Managed Service for Microsoft SQL Server - description: Управление кластерами Microsoft SQL Server - logs: - name: Yandex Cloud Logs - description: Запись, хранение, чтение и настройка логов - logging: - name: Yandex Cloud Logging - description: Запись, хранение, чтение и настройка логов - audit-trails: - name: Yandex Audit Trails - description: Сервис аудитных логов - bastion: - name: Bastion (internal) - description: Сервис доступа по ssh - loadtesting: - name: Loadtesting - description: Сервис нагрузочного тестирования - vdi: - name: Virtual Desktop Infrastructure - description: Виртуальные рабочие места - uk8s: - name: Underlay K8S - description: Kubernetes для железных хостов - managed-gitlab: - name: Yandex Managed Service for Gitlab - description: Сервис управления Git-репозиториями - aliases: [gitlab] - quota-manager: - name: Quota Manager - description: Сервис просмотра квот и управление запросами на изменение квот - cloudsearch: - name: YC.CloudSearch - description: Сервис поиска по облакам - cloudbeaver: - name: CloudBeaver - description: Управление базами данных через web-интерфейс - smart-captcha: - name: Yandex SmartCaptcha - description: Сервис для встраивания капчи - -#DoubleCloud services - dcnetwork: - name: DoubleCloud Network Service - description: Управление сетями в DoubleCloud - -#Internal services - backoffice: - name: YC.Backoffice - description: Внутренняя админка - - maintenance: - name: Maintenance Service - description: Обслуживание облачных сервисов - -#Collaboration services - tracker: - name: Yandex Tracker - description: Яндекс Трекер, сервис для совместной работы и организации процессов в компании - - wiki: - name: Yandex Wiki - description: Яндекс Вики, сервис для ведения базы знаний diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/stages.yaml b/cloud/bitbucket/private-api/yandex/cloud/priv/stages.yaml deleted file mode 100644 index 991fef1043c..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/stages.yaml +++ /dev/null @@ -1,173 +0,0 @@ -stages: - # Internal - - GA - - TEST_ALPHA # https://st.yandex-team.ru/CLOUD-36203 - - # Resource reaper flags https://st.yandex-team.ru/CLOUD-42619 - - REAPER_NO_DELAY_FLAG - - REAPER_WHITELIST_FLAG - - # MDB feature flags - - MDB_ALLOW_DECOMMISSIONED_ZONE_USE - - MDB_CLICKHOUSE_FAST_OPS - - MDB_CLICKHOUSE_SHARDING - - MDB_CLICKHOUSE_UNLIMITED_SHARD_COUNT - - MDB_CLICKHOUSE_UPGRADE - - MDB_CLICKHOUSE_CLOUD_STORAGE - - MDB_CLICKHOUSE_CLOUD_STORAGE_HA - - MDB_CLICKHOUSE_KEEPER - - MDB_CLICKHOUSE_SQL_MANAGEMENT - - MDB_CLICKHOUSE_TESTING_VERSIONS - - MDB_DATAPROC_INSTANCE_GROUPS - - MDB_DATAPROC_MANAGER - - MDB_DATAPROC_AUTOSCALING - - MDB_DATAPROC_ALLOW_DEPRECATED_VERSIONS - - MDB_HADOOP_ALPHA - - MDB_HADOOP_GPU - - MDB_LOCAL_DISK_RESIZE - - MDB_MONGODB_40 - - MDB_MONGODB_4_2 - - MDB_MONGODB_4_2_RS_UPGRADE - - MDB_MONGODB_4_2_SHARDED_UPGRADE - - MDB_MONGODB_EXTENDEDS - - MDB_MONGODB_FAST_OPS - - MDB_MONGODB_UNLIMITED_SHARD_COUNT - - MDB_MYSQL_80 - - MDB_MYSQL_FAST_OPS - - MDB_NETWORK_DISK_NO_STOP_RESIZE - - MDB_NETWORK_DISK_TRUNCATE - - MDB_POSTGRESQL_10_1C - - MDB_POSTGRESQL_11 - - MDB_POSTGRESQL_11_1C - - MDB_POSTGRESQL_12_1C - - MDB_POSTGRESQL_13 - - MDB_POSTGRESQL_FAST_OPS - - MDB_GREENPLUM_CLUSTER - - MDB_REDIS - - MDB_REDIS_FAST_OPS - - MDB_REDIS_SHARDING - - MDB_KAFKA_CLUSTER - - MDB_KAFKA_CONNECT - - MDB_SQLSERVER_CLUSTER - - MDB_SQLSERVER_ALLOW_DEV - - MDB_SQLSERVER_ALLOW_17_19 - - MDB_ELASTICSEARCH_CLUSTER - - MDB_ELASTICSEARCH_ALLOW_UNLIMITED_HOSTS - - MDB_DATAPROC_UI_PROXY - - MDB_MONGODB_RS_PITR - - MDB_ALLOW_NETWORK_SSD_NONREPLICATED - - MDB_DATAPROC_IMAGE_1_3 - - MDB_MONGODB_INFRA_CFG - - MDB_MONGODB_4_4 - - MDB_MONGODB_4_4_RS_UPGRADE - - MDB_MONGODB_4_4_SHARDED_UPGRADE - - MDB_MONGODB_SHARDED_PITR - - MDB_MONGODB_BACKUP_SERVICE - - MDB_FORCE_UNSAFE_RESIZE - - MDB_MONGODB_RESTORE_WITHOUT_REPLAY - - MDB_FLAVOR_80_512 - - MDB_DATAPROC_IMAGE_2_0 # https://st.yandex-team.ru/MDB-8214 - - MDB_MONGODB_ALLOW_DEPRECATED_VERSIONS - - MDB_MONGODB_PERF_DIAG - - MDB_V3GEN # https://st.yandex-team.ru/MDB-12883 - - MDB_SQLSERVER_TWO_NODE_CLUSTER # https://st.yandex-team.ru/MDB-13389 - - MDB_DEDICATED_HOSTS # https://st.yandex-team.ru/CLOUDFRONT-9054 - - MDB_MONGODB_ENTERPRISE # https://st.yandex-team.ru/MDB-16140 - - # Other services feature flags - - KMS_STRONG_ENCRYPTION # https://st.yandex-team.ru/CLOUD-34154 - - KMS_HSM_KEYS # https://st.yandex-team.ru/CLOUD-44371 - - SOFTWARE_ACCELERATED_NETWORK_ALPHA # https://st.yandex-team.ru/CLOUDFRONT-2752 - - VPC_DISABLE_ROUTE_TABLES_SUBNETS_CHECK # https://st.yandex-team.ru/CLOUD-30129 - - STORAGE_ENABLE_ENCRYPTION # https://st.yandex-team.ru/MDS-11418 - - STORAGE_ENABLE_SELECT # https://st.yandex-team.ru/MDS-13861 - - CDN_ENABLE_ACCESS # https://st.yandex-team.ru/CLOUD-63401 - - DATASPHERE_CUSTOM_LM_LEARNING # https://st.yandex-team.ru/CLOUD-52048 - - DATA_TRANSFER_LOGBROKER - - DATA_TRANSFER_LOGFELLER - - DATA_TRANSFER_MONGODB - - DATA_TRANSFER_CLICKHOUSE - - DATA_TRANSFER_YDB - - DATA_TRANSFER_YDS # https://st.yandex-team.ru/TM-1460 - - DATA_TRANSFER_KAFKA # https://st.yandex-team.ru/TM-2041 - - DATA_TRANSFER_OBJECT_STORAGE # https://st.yandex-team.ru/TM-1747 - - DATA_TRANSFER_ORACLE # https://st.yandex-team.ru/TM-643 - - DATA_TRANSFER_POSTGRESQL_TO_YDB #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_MYSQL_TO_YDB #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_POSTGRESQL_TO_OBJECT_STORAGE #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_MYSQL_TO_OBJECT_STORAGE #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_MONGO_TO_OBJECT_STORAGE #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_ORACLE_TO_POSTGRESQL #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_ORACLE_TO_CLICKHOUSE #https://st.yandex-team.ru/TM-2477 - - DATA_TRANSFER_YC_FROM_LOGBROKER #https://st.yandex-team.ru/TM-2563 - - DATA_TRANSFER_YC_TO_LOGBROKER #https://st.yandex-team.ru/TM-2563 - - DATA_TRANSFER_AIRBYTE #https://st.yandex-team.ru/TM-2899 - - DATA_TRANSFER_GREENPLUM # https://st.yandex-team.ru/TM-3280 - - DATA_TRANSFER_DEBEZIUM # https://st.yandex-team.ru/TM-3218 - - DATASPHERE_GENERAL_NIRVANA_GRAPHS # https://st.yandex-team.ru/CLOUD-62288 - - DATASPHERE_CELL_DEPLOYMENT - - IAM_FOLDER_SAML_FEDERATIONS # iam SAML-federations in folder https://st.yandex-team.ru/CLOUD-69157 - - IAM_ACCESS_KEY_PREFIX # https://st.yandex-team.ru/CLOUD-80368 - - SERVERLESS_FUNCTIONS_PROVISION_ALPHA # https://st.yandex-team.ru/CLOUD-71805 - - LOADTESTING_PREVIEW_ALPHA # https://st.yandex-team.ru/CLOUDLOAD-77 - - DATASPHERE_TAAS # https://st.yandex-team.ru/CLOUD-80447 - - DATASPHERE_IDE_ON_SERVANT # https://st.yandex-team.ru/CLOUD-85578 - - DATASPHERE_DISK_VERSIONING # https://st.yandex-team.ru/CLOUD-93160 - - TRIGGERS_CLOUD_LOGS_ALPHA # https://st.yandex-team.ru/CLOUD-80291 - - TRIGGERS_MAIL_ALPHA # https://st.yandex-team.ru/CLOUD-95233 - - SMART_CAPTCHA_ALPHA # https://st.yandex-team.ru/CAPTCHA-2599 - - SERVERLESS_FUNCTIONS_SECRETS_ALPHA # https://st.yandex-team.ru/CLOUD-52449 - - IOT_BROKER_ALPHA # https://st.yandex-team.ru/CLOUD-95928 - - # Services in development - - APIGW_ALPHA # https://st.yandex-team.ru/CLOUD-31754 - - SERVERLESS_VPC # https://st.yandex-team.ru/CLOUD-40827 - - CERTIFICATE_MANAGER_ALPHA # https://st.yandex-team.ru/CLOUD-35187 - - CUSTOM_FQDN_INSTANCES_ALPHA # https://st.yandex-team.ru/CLOUD-15718 - - EGRESS_NAT_ALPHA # https://st.yandex-team.ru/CLOUD-35281 - - CIC_ALPHA # https://st.yandex-team.ru/CLOUD-74655 - - KMS_ALPHA # https://st.yandex-team.ru/CLOUD-26559 - - ML_PLATFORM_ALPHA # https://st.yandex-team.ru/CLOUD-35731 - - MULTI_INTERFACE_INSTANCES_ALPHA # https://st.yandex-team.ru/CLOUD-15718 - - UDP_LISTENER_YLB_ALPHA # https://st.yandex-team.ru/CLOUD-34630 - - YDB_ALPHA # https://st.yandex-team.ru/CLOUD-24439 - - COMPUTE_OSLOGIN_ALPHA # https://st.yandex-team.ru/CLOUD-21127 - - DATA_TRANSFER_ALPHA #https://st.yandex-team.ru/CLOUD-40128 - - DNS_ALPHA #https://st.yandex-team.ru/CLOUD-42207 - - MDBPROXY_ALPHA #https://st.yandex-team.ru/CLOUD-38110 - - IMAGE_SCANNER_ALPHA #https://st.yandex-team.ru/CLOUD-34754 - - LOCKBOX_ALPHA #https://st.yandex-team.ru/CLOUD-46437 - - ALB_ALPHA #https://st.yandex-team.ru/CLOUD-58061 - - LOGGING_ALPHA # https://st.yandex-team.ru/CLOUD-62388 - - LOGS_ALPHA # deprecated, use LOGGING_ALPHA - - AUDIT_TRAILS_ALPHA # https://st.yandex-team.ru/CLOUD-51927 - - RESOURCEMANAGER_DELETE_ALPHA # https://st.yandex-team.ru/CLOUD-63858 - - DATA_STREAMS_ALPHA # https://st.yandex-team.ru/CLOUD-68113 - - SERVERLESS_CONTAINERS_ALPHA # https://st.yandex-team.ru/CLOUD-72622 - - SERVERLESS_CONTAINERS_PROVISION_ALPHA # https://st.yandex-team.ru/CLOUD-85491 - - K8S_MARKETPLACE_ALPHA #https://st.yandex-team.ru/CLOUD-72635 - - K8S_MARKETPLACE_FRONT_ALPHA # https://st.yandex-team.ru/CLOUD-84678 - - VDI_ALPHA #https://st.yandex-team.ru/CLOUDBIZ-5195 - - MANAGED_GITLAB_ALPHA # https://st.yandex-team.ru/CLOUD-71805 - - CLOUD_BEAVER_ALPHA # https://st.yandex-team.ru/CLOUD-87921 - - # VPC - - INTERNAL_YLB_ALPHA # https://st.yandex-team.ru/CLOUD-18755 - - VPC_SG_ALPHA # https://st.yandex-team.ru/CLOUD-35341 - - VPC_IPV6_ALPHA # https://st.yandex-team.ru/CLOUD-40113 - - VPC_YANDEX_SERVICES # https://st.yandex-team.ru/CLOUD-62110 - - # Marketplace - - DISABLE_PLACEMENT_HINT_WINDOWS_DC # https://st.yandex-team.ru/CLOUD-82570 - - DISABLE_PLACEMENT_HINT_WINDOWS_DC_SQL_ENTERPRISE # https://st.yandex-team.ru/CLOUD-82570 - - YAGA_MARKETPLACE_ALPHA # https://st.yandex-team.ru/CLOUD-85253 - - MARKETPLACE_MONGODB_ENTERPRISE # https://st.yandex-team.ru/CLOUD-80323 - - # Yandex Query - - YANDEX_QUERY_ALPHA # https://st.yandex-team.ru/CLOUD-79231 - - YANDEX_QUERY_CONNECTION_CH - - YANDEX_QUERY_CONNECTION_YDB - - # Outdated, don't use these (Stages CAN'T BE REMOVED) - - VPC_DHCP_OPTIONS_ALPHA - diff --git a/cloud/bitbucket/private-api/yandex/cloud/priv/validation.proto b/cloud/bitbucket/private-api/yandex/cloud/priv/validation.proto deleted file mode 100644 index daec144396b..00000000000 --- a/cloud/bitbucket/private-api/yandex/cloud/priv/validation.proto +++ /dev/null @@ -1,29 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.priv; - -import "google/protobuf/descriptor.proto"; - -// See yandex/cloud/priv/example/v1alpha/validation_example.proto for usage examples. -option go_package = "a.yandex-team.ru/cloud/bitbucket/private-api/yandex/cloud/priv;cloud"; - -extend google.protobuf.OneofOptions { - bool exactly_one = 100400; -} - -extend google.protobuf.FieldOptions { - bool required = 100501; - string pattern = 100502; - string value = 100503; - string size = 100504; - string length = 100505; - bool unique = 100506; - MapKeySpec map_key = 100510; - string bytes = 100511; -} - -message MapKeySpec { - string value = 1; - string pattern = 2; - string length = 3; -} diff --git a/cloud/bitbucket/public-api/AUTHORS b/cloud/bitbucket/public-api/AUTHORS deleted file mode 100644 index 26d20b4d176..00000000000 --- a/cloud/bitbucket/public-api/AUTHORS +++ /dev/null @@ -1,32 +0,0 @@ -The following authors have created the source code of "Yandex.Cloud API" published and distributed by YANDEX LLC as the owner: - -Alexander Burmak <[email protected]> -Alexander Kirakozov <[email protected]> -Alexander Klyuev <[email protected]> -Alexander Serkov <[email protected]> -Alexey Baranov <[email protected]> -Alexey Zamulla <[email protected]> -Alexey Zasimov <[email protected]> -Amy Krishnevsky <[email protected]> -Anastasia Karavaeva <[email protected]> -Andrey Polyakov <[email protected]> -Damir Makhmutov <[email protected]> -Danila Diugurov <[email protected]> -David Lanchava <[email protected]> -Elena Ilycheva <[email protected]> -Evgeny Arhipov <[email protected]> -Luba Grinkevich <[email protected]> -Maxim Kolganov <[email protected]> -Mikhail Goncharov <[email protected]> -Nikolay Amelichev <[email protected]> -Pavel Fomin <[email protected]> -Rurik Krylov <[email protected]> -Evgeny Dyukov <[email protected]> -Sergey Kanunnikov <[email protected]> -Sergey Kiselev <[email protected]> -Sergey Sytnik <[email protected]> -Stanislav Ievlev <[email protected]> -Vasilii Briginets <[email protected]> -Vlad Arkhipov <[email protected]> -Vladimir Borodin <[email protected]> -Vladimir Skipor <[email protected]>
\ No newline at end of file diff --git a/cloud/bitbucket/public-api/LICENSE b/cloud/bitbucket/public-api/LICENSE deleted file mode 100644 index 0cd74fabf04..00000000000 --- a/cloud/bitbucket/public-api/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2018 YANDEX LLC - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/cloud/bitbucket/public-api/README.md b/cloud/bitbucket/public-api/README.md deleted file mode 100644 index 43465310ef0..00000000000 --- a/cloud/bitbucket/public-api/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Yandex.Cloud API - -This repository contains the interface definitions of Yandex.Cloud API. - -For more details see [documentation](https://cloud.yandex.com/docs). - -## Overview - -You can access Yandex.Cloud by using REST or GRPC API. - -Yandex.Cloud API uses Protocol Buffers to define API interfaces and data structures. These definitions are used for both REST and GRPC versions of the Yandex.Cloud API. - -## Repository structure - -Repository structure reflects Yandex.Cloud service hierarchy. Folders represent different services of the platform and contain protobuf files. Each service folder contains resource data structure and interface definitions for API calls. diff --git a/cloud/bitbucket/public-api/internal-CONTRIBUTING.md b/cloud/bitbucket/public-api/internal-CONTRIBUTING.md deleted file mode 100644 index 50fabbd47e0..00000000000 --- a/cloud/bitbucket/public-api/internal-CONTRIBUTING.md +++ /dev/null @@ -1,105 +0,0 @@ -## Public API development guide - -All cloud control plane API definition based on [GRPC](https://grpc.io). - -This repo contains: -- public api definition -- public api documentation - -Public API definitions used only for: - - API Gateway - - Public SDK - - Docs generation - -For other purpose see [private API](https://bb.yandex-team.ru/projects/CLOUD/repos/private-api/browse) - -#### API definition style - -Layout `yandex/<service>/<version>/*.proto` - - service in cloud product meaning, for example, compute, mds, microcosm, etc - - version format for GA releases `v<N>`, for pre-GA releases `v<N><pre-release-name><M>`, ex: `v1tp1` - -For entity and service definitions use two .proto file: - - `<entity>.proto`, use for entity structure definition - - `<entity>_service.proto`, use for grpc service definition - -All methods for operations tracking and listing should be placed in `<entity>_service.proto` - -For the scalar fields of the message use one of the following types: - - `int64`, everywhere for integer numbers. This allows not to think about overflow - - `double`, everywhere for real numbers. This allows not to think about overflow - - `string`, `bool`, no comments - -If you want to use any other scalar type, first take advice from API design team. - -See compute service API as a reference. - -## Setup repository - -### POSIX (maxOS or Linux) - -#### Prerequisites - -- make, curl -- on macOS, protoc (should be >= 3.5) or Homebrew (protoc will be installed using brew) -- on Linux, protoc (should be >= 3.5) or sudo access to install it from github - -#### Steps - -- clone this repo - -*Example:* -``` -mkdir -p ~/cloud -cd ~/cloud -git clone https://bb.yandex-team.ru/scm/cloud/public-api.git -cd ~/public-api -``` - -### Windows - -#### Prerequisites - -- Download and install [Git](https://git-scm.com/download/win) with mingw command line -- Download and install [MinGW](https://sourceforge.net/projects/mingw/files/latest/download) -- Configure MinGW: Run `C:\MinGW\bin\mingw-get install mingw32-base` - - -#### Steps - -- Everything should be run under Git Bash (Start Menu -> Git Bash) -- Make sure `mingw32-make` is in your `PATH`. As a backup, just run: `export PATH=$PATH:/c/MinGW/bin` - -- clone this repo - -*Example:* -``` -mkdir -p ~/cloud -cd ~/cloud -git clone https://bb.yandex-team.ru/scm/cloud/public-api.git -cd ~/public-api -``` - - -## Working with repository -*For Windows use `mingw32-make` instead of `make`* - -### Main commands -- `make` to run lint and generate docs - - Equivalent of running both `make lint` and `make generate` - - This is run in every Pull Request Build. If `make` is not successful your PR will not be merged. -- `make lint` to run lint - - Run custom .proto files checks that forces API definition style. - - To build proto tools from source set 'BUILD_TOOLS' variable to 1. -- `make generate` to generate Open API files that used for docs generation. - - Output will be in `${repo_root}/generated` - - -### Utility commands -These commands should not be required. - - `make clean-generated` to delete all generated docs. In case any bugs happen (doc is not being regenerated), run this command and then run `make generate` - - `make clean` to delete all binary dependencies (protobuf generator plugins, etc.) and generated docs. - -## Questions? -Ask in [YC.API doc](https://t.me/joinchat/BLcQWA1_s-OlyJ_4NMhaEA) chat! - diff --git a/cloud/bitbucket/public-api/openapi-descriptions.yaml b/cloud/bitbucket/public-api/openapi-descriptions.yaml deleted file mode 100644 index 23781c55165..00000000000 --- a/cloud/bitbucket/public-api/openapi-descriptions.yaml +++ /dev/null @@ -1,25 +0,0 @@ -replace-description: - google.protobuf.Empty: |- - Empty JSON object `` {} ``. - google.protobuf.FieldMask: |- - A comma-separated names off ALL fields to be updated. - Оnly the specified fields will be changed. The others will be left untouched. - If the field is specified in `` updateMask `` and no value for that field was sent in the request, - the field's value will be reset to the default. The default value for most fields is null or 0. - - If `` updateMask `` is not sent in the request, all fields' values will be updated. - Fields specified in the request will be updated to provided values. - The rest of the fields will be reset to the default. - - google.rpc.Status: |- - The error result of the operation in case of failure or cancellation. - google.rpc.Status.code: |- - Error code. An enum value of [google.rpc.Code][google.rpc.Code]. - google.rpc.Status.message: |- - An error message. - google.rpc.Status.details: |- - A list of messages that carry the error details. - -append-format: - google.protobuf.Timestamp: |- - String in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. diff --git a/cloud/bitbucket/public-api/yandex/cloud/CMakeLists.txt b/cloud/bitbucket/public-api/yandex/cloud/CMakeLists.txt deleted file mode 100644 index 484f915bfdd..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/CMakeLists.txt +++ /dev/null @@ -1,52 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(public-api-yandex-cloud) -set_property(TARGET public-api-yandex-cloud PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET public-api-yandex-cloud PROPERTY - PROTO_NAMESPACE cloud/bitbucket/public-api -) -target_include_directories(public-api-yandex-cloud PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_include_directories(public-api-yandex-cloud PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_link_libraries(public-api-yandex-cloud PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - contrib-libs-protobuf -) -target_proto_messages(public-api-yandex-cloud PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/imports.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/validation.proto -) -target_proto_addincls(public-api-yandex-cloud - ./cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(public-api-yandex-cloud - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_proto_plugin(public-api-yandex-cloud - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/public-api/yandex/cloud/access/CMakeLists.txt b/cloud/bitbucket/public-api/yandex/cloud/access/CMakeLists.txt deleted file mode 100644 index f4b8bc8fb44..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/access/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(yandex-cloud-access) -set_property(TARGET yandex-cloud-access PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET yandex-cloud-access PROPERTY - PROTO_NAMESPACE cloud/bitbucket/public-api -) -target_include_directories(yandex-cloud-access PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_include_directories(yandex-cloud-access PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_link_libraries(yandex-cloud-access PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - public-api-yandex-cloud - contrib-libs-protobuf -) -target_proto_messages(yandex-cloud-access PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/access/access.proto -) -target_proto_addincls(yandex-cloud-access - ./cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(yandex-cloud-access - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_proto_plugin(yandex-cloud-access - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/public-api/yandex/cloud/access/access.proto b/cloud/bitbucket/public-api/yandex/cloud/access/access.proto deleted file mode 100644 index dd1191088de..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/access/access.proto +++ /dev/null @@ -1,120 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.access; - -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/access;access"; -option java_package = "yandex.cloud.api.access"; - -message Subject { - // ID of the subject. - // - // It can contain one of the following values: - // * `allAuthenticatedUsers`: A special system identifier that represents anyone - // who is authenticated. It can be used only if the [type] is `system`. - // * `allUsers`: A special system identifier that represents anyone. No authentication is required. - // For example, you don't need to specify the IAM token in an API query. - // * `<cloud generated id>`: An identifier that represents a user account. - // It can be used only if the [type] is `userAccount`, `federatedUser` or `serviceAccount`. - string id = 1 [(required) = true, (length) = "<=50"]; - - // Type of the subject. - // - // It can contain one of the following values: - // * `userAccount`: An account on Yandex or Yandex Connect, added to Yandex Cloud. - // * `serviceAccount`: A service account. This type represents the [yandex.cloud.iam.v1.ServiceAccount] resource. - // * `federatedUser`: A federated account. This type represents a user from an identity federation, like Active Directory. - // * `system`: System group. This type represents several accounts with a common system identifier. - // - // For more information, see [Subject to which the role is assigned](/docs/iam/concepts/access-control/#subject). - string type = 2 [(required) = true, (length) = "<=100"]; -} - -message AccessBinding { - // ID of the [yandex.cloud.iam.v1.Role] that is assigned to the [subject]. - string role_id = 1 [(required) = true, (length) = "<=50"]; - - // Identity for which access binding is being created. - // It can represent an account with a unique ID or several accounts with a system identifier. - Subject subject = 2 [(required) = true]; -} - -message ListAccessBindingsRequest { - // ID of the resource to list access bindings for. - // - // To get the resource ID, use a corresponding List request. - // For example, use the [yandex.cloud.resourcemanager.v1.CloudService.List] request to get the Cloud resource ID. - string resource_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page that should be returned. If the number of available - // results is larger than [page_size], - // the service returns a [ListAccessBindingsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "<=1000"]; - - // Page token. Set [page_token] - // to the [ListAccessBindingsResponse.next_page_token] - // returned by a previous list request to get the next page of results. - string page_token = 3 [(length) = "<=100"]; -} - -message ListAccessBindingsResponse { - // List of access bindings for the specified resource. - repeated AccessBinding access_bindings = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListAccessBindingsRequest.page_size], use - // the [next_page_token] as the value - // for the [ListAccessBindingsRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message SetAccessBindingsRequest { - // ID of the resource for which access bindings are being set. - // - // To get the resource ID, use a corresponding List request. - string resource_id = 1 [(required) = true, (length) = "<=50"]; - - // Access bindings to be set. For more information, see [Access Bindings](/docs/iam/concepts/access-control/#access-bindings). - repeated AccessBinding access_bindings = 2 [(required) = true]; -} - -message SetAccessBindingsMetadata { - // ID of the resource for which access bindings are being set. - string resource_id = 1; -} - -message UpdateAccessBindingsRequest { - // ID of the resource for which access bindings are being updated. - string resource_id = 1 [(required) = true, (length) = "<=50"]; - - // Updates to access bindings. - repeated AccessBindingDelta access_binding_deltas = 2 [(size) = ">0", (required) = true]; -} - -message UpdateAccessBindingsMetadata { - // ID of the resource for which access bindings are being updated. - string resource_id = 1; -} - -enum AccessBindingAction { - ACCESS_BINDING_ACTION_UNSPECIFIED = 0; - - // Addition of an access binding. - ADD = 1; - - // Removal of an access binding. - REMOVE = 2; -} - -message AccessBindingDelta { - // The action that is being performed on an access binding. - AccessBindingAction action = 1 [(required) = true]; - - // Access binding. For more information, see [Access Bindings](/docs/iam/concepts/access-control/#access-bindings). - AccessBinding access_binding = 2 [(required) = true]; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/CMakeLists.txt b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/CMakeLists.txt deleted file mode 100644 index 34e3764b0ef..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/CMakeLists.txt +++ /dev/null @@ -1,69 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(cloud-iam-v1) -set_property(TARGET cloud-iam-v1 PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET cloud-iam-v1 PROPERTY - PROTO_NAMESPACE cloud/bitbucket/public-api -) -target_include_directories(cloud-iam-v1 PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_include_directories(cloud-iam-v1 PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_link_libraries(cloud-iam-v1 PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - yandex-cloud-api - cloud-api-tools - public-api-yandex-cloud - yandex-cloud-access - yandex-cloud-operation - contrib-libs-protobuf -) -target_proto_messages(cloud-iam-v1 PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/iam_token_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account_service.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/iam/v1/yandex_passport_user_account_service.proto -) -target_proto_addincls(cloud-iam-v1 - ./cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(cloud-iam-v1 - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_proto_plugin(cloud-iam-v1 - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key.proto deleted file mode 100644 index 2fea0dee5c2..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key.proto +++ /dev/null @@ -1,23 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// An ApiKey resource. For more information, see [Api-Key](/docs/iam/concepts/authorization/api-key). -message ApiKey { - // ID of the API Key. - string id = 1; - - // ID of the service account that the API key belongs to. - string service_account_id = 2; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 3; - - // Description of the API key. 0-256 characters long. - string description = 4; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key_service.proto deleted file mode 100644 index 502a26f2108..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/api_key_service.proto +++ /dev/null @@ -1,167 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/iam/v1/api_key.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing API keys. -service ApiKeyService { - // Retrieves the list of API keys for the specified service account. - rpc List (ListApiKeysRequest) returns (ListApiKeysResponse) { - option (google.api.http) = {get: "/iam/v1/apiKeys"}; - } - - // Returns the specified API key. - // - // To get the list of available API keys, make a [List] request. - rpc Get (GetApiKeyRequest) returns (ApiKey) { - option (google.api.http) = {get: "/iam/v1/apiKeys/{api_key_id}"}; - } - - // Creates an API key for the specified service account. - rpc Create (CreateApiKeyRequest) returns (CreateApiKeyResponse) { - option (google.api.http) = {post: "/iam/v1/apiKeys" body: "*"}; - } - - // Updates the specified API key. - rpc Update (UpdateApiKeyRequest) returns (operation.Operation) { - option (google.api.http) = {patch: "/iam/v1/apiKeys/{api_key_id}" body: "*"}; - option (yandex.cloud.api.operation) = { - metadata: "UpdateApiKeyMetadata" - response: "ApiKey" - }; - } - - // Deletes the specified API key. - rpc Delete (DeleteApiKeyRequest) returns (operation.Operation) { - option (google.api.http) = {delete: "/iam/v1/apiKeys/{api_key_id}"}; - option (yandex.cloud.api.operation) = { - metadata: "DeleteApiKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - // Retrieves the list of operations for the specified API key. - rpc ListOperations (ListApiKeyOperationsRequest) returns (ListApiKeyOperationsResponse) { - option (google.api.http) = {get: "/iam/v1/apiKeys/{api_key_id}/operations"}; - } -} - -message GetApiKeyRequest { - // ID of the API key to return. - // To get the API key ID, use a [ApiKeyService.List] request. - string api_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListApiKeysRequest { - // ID of the service account to list API keys for. - // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request. - // If not specified, it defaults to the subject that made the request. - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListApiKeysResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListApiKeysResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListApiKeysResponse { - // List of API keys. - repeated ApiKey api_keys = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListApiKeysRequest.page_size], use - // the [next_page_token] as the value - // for the [ListApiKeysRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message CreateApiKeyRequest { - // ID of the service account to create an API key for. - // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request. - // If not specified, it defaults to the subject that made the request. - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - - // Description of the API key. - string description = 2 [(length) = "<=256"]; -} - -message CreateApiKeyResponse { - // ApiKey resource. - ApiKey api_key = 1; - - // Secret part of the API key. This secret key you may use in the requests for authentication. - string secret = 2; -} - -message UpdateApiKeyRequest { - // ID of the ApiKey resource to update. - // To get the API key ID, use a [ApiKeyService.List] request. - string api_key_id = 1 [(required) = true, (length) = "<=50"]; - - // Field mask that specifies which fields of the ApiKey resource are going to be updated. - google.protobuf.FieldMask update_mask = 2; - - // Description of the API key. - string description = 3 [(length) = "<=256"]; -} - -message UpdateApiKeyMetadata { - // ID of the ApiKey resource that is being updated. - string api_key_id = 1; -} - -message DeleteApiKeyRequest { - // ID of the API key to delete. - // To get the API key ID, use a [ApiKeyService.List] request. - string api_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteApiKeyMetadata { - // ID of the API key that is being deleted. - string api_key_id = 1; -} - -message ListApiKeyOperationsRequest { - // ID of the key to list operations for. - string api_key_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListApiKeyOperationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] to the - // [ListApiKeyOperationsResponse.next_page_token] returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListApiKeyOperationsResponse { - // List of operations for the specified API key. - repeated operation.Operation operations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListApiKeyOperationsRequest.page_size], use the [next_page_token] as the value - // for the [ListApiKeyOperationsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/access_key.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/access_key.proto deleted file mode 100644 index 09ac7ed57f3..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/access_key.proto +++ /dev/null @@ -1,29 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1.awscompatibility; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility;awscompatibility"; -option java_package = "yandex.cloud.api.iam.v1.awscompatibility"; - -// An access key. -// For more information, see [AWS-compatible access keys](/docs/iam/concepts/authorization/access-key). -message AccessKey { - // ID of the AccessKey resource. - // It is used to manage secret credentials: an access key ID and a secret access key. - string id = 1; - - // ID of the service account that the access key belongs to. - string service_account_id = 2; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 3; - - // Description of the access key. 0-256 characters long. - string description = 4; - - // ID of the access key. - // The key is AWS compatible. - string key_id = 5; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/access_key_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/access_key_service.proto deleted file mode 100644 index 3e1715d4a3f..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/access_key_service.proto +++ /dev/null @@ -1,168 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1.awscompatibility; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/iam/v1/awscompatibility/access_key.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility;awscompatibility"; -option java_package = "yandex.cloud.api.iam.v1.awscompatibility"; - -// A set of methods for managing access keys. -service AccessKeyService { - // Retrieves the list of access keys for the specified service account. - rpc List (ListAccessKeysRequest) returns (ListAccessKeysResponse) { - option (google.api.http) = {get: "/iam/aws-compatibility/v1/accessKeys"}; - } - - // Returns the specified access key. - // - // To get the list of available access keys, make a [List] request. - rpc Get (GetAccessKeyRequest) returns (AccessKey) { - option (google.api.http) = {get: "/iam/aws-compatibility/v1/accessKeys/{access_key_id}"}; - } - - // Creates an access key for the specified service account. - rpc Create (CreateAccessKeyRequest) returns (CreateAccessKeyResponse) { - option (google.api.http) = {post: "/iam/aws-compatibility/v1/accessKeys" body: "*"}; - } - - // Updates the specified access key. - rpc Update (UpdateAccessKeyRequest) returns (operation.Operation) { - option (google.api.http) = {patch: "/iam/aws-compatibility/v1/accessKeys/{access_key_id}" body: "*"}; - option (yandex.cloud.api.operation) = { - metadata: "UpdateAccessKeyMetadata" - response: "AccessKey" - }; - } - - // Deletes the specified access key. - rpc Delete (DeleteAccessKeyRequest) returns (operation.Operation) { - option (google.api.http) = {delete: "/iam/aws-compatibility/v1/accessKeys/{access_key_id}"}; - option (yandex.cloud.api.operation) = { - metadata: "DeleteAccessKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - // Retrieves the list of operations for the specified access key. - rpc ListOperations (ListAccessKeyOperationsRequest) returns (ListAccessKeyOperationsResponse) { - option (google.api.http) = {get: "/iam/aws-compatibility/v1/accessKeys/{access_key_id}/operations"}; - } -} - -message GetAccessKeyRequest { - // ID of the AccessKey resource to return. - // To get the access key ID, use a [AccessKeyService.List] request. - string access_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListAccessKeysRequest { - // ID of the service account to list access keys for. - // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request. - // If not specified, it defaults to the subject that made the request. - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListAccessKeysResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "<=1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListAccessKeysResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListAccessKeysResponse { - // List of access keys. - repeated AccessKey access_keys = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListAccessKeysRequest.page_size], use - // the [next_page_token] as the value - // for the [ListAccessKeysRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message CreateAccessKeyRequest { - // ID of the service account to create an access key for. - // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request. - // If not specified, it defaults to the subject that made the request. - string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set - - // Description of the access key. - string description = 2 [(length) = "<=256"]; -} - -message CreateAccessKeyResponse { - // AccessKey resource. - AccessKey access_key = 1; - - // Secret access key. - // The key is AWS compatible. - string secret = 2; -} - -message UpdateAccessKeyRequest { - // ID of the AccessKey resource to update. - // To get the access key ID, use a [AccessKeyService.List] request. - string access_key_id = 1 [(required) = true, (length) = "<=50"]; - - // Field mask that specifies which fields of the Accesskey resource are going to be updated. - google.protobuf.FieldMask update_mask = 2; - - // Description of the access key. - string description = 3 [(length) = "<=256"]; -} - -message UpdateAccessKeyMetadata { - // ID of the AccessKey resource that is being updated. - string access_key_id = 1; -} - -message DeleteAccessKeyRequest { - // ID of the access key to delete. - // To get the access key ID, use a [AccessKeyService.List] request. - string access_key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteAccessKeyMetadata { - // ID of the access key that is being deleted. - string access_key_id = 1; -} - -message ListAccessKeyOperationsRequest { - // ID of the key to list operations for. - string access_key_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListAccessKeyOperationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] to the - // [ListAccessKeyOperationsResponse.next_page_token] returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListAccessKeyOperationsResponse { - // List of operations for the specified access key. - repeated operation.Operation operations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListAccessKeyOperationsRequest.page_size], use the [next_page_token] as the value - // for the [ListAccessKeyOperationsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/openapi-meta.yaml b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/openapi-meta.yaml deleted file mode 100644 index 1cf3d3f664b..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/awscompatibility/openapi-meta.yaml +++ /dev/null @@ -1,7 +0,0 @@ -info: - title: Yandex IAM API - version: v1 - description: This API reference is organized by resource. Actions are performed by sending HTTP requests to resource URLs or making RPC calls. For more information about Yandex.Cloud API architecture, see [API Concepts](/docs/api-design-guide/). - x-y-docUri: api-ref - x-y-baseUrl: "https://iam.api.cloud.yandex.net" -docName: "/docs/iam/api-ref" diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/iam_token_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/iam_token_service.proto deleted file mode 100644 index 034e84ec0e6..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/iam_token_service.proto +++ /dev/null @@ -1,52 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing IAM tokens. -service IamTokenService { - // Creates an IAM token for the specified identity. - rpc Create (CreateIamTokenRequest) returns (CreateIamTokenResponse) { - option (google.api.http) = {post: "/iam/v1/tokens" body: "*"}; - } - - // Create iam token for service account. - rpc CreateForServiceAccount (CreateIamTokenForServiceAccountRequest) returns (CreateIamTokenResponse) { - option (google.api.http) = {post: "/iam/v1/tokens:createForServiceAccount" body: "*"}; - }; -} - -message CreateIamTokenRequest { - oneof identity { - option (exactly_one) = true; - - // OAuth token for a Yandex account. - // For more information, see [OAuth token](/docs/iam/concepts/authorization/oauth-token). - string yandex_passport_oauth_token = 1; - - // JSON Web Token (JWT) for a service account. - // For more information, see [Get IAM token for a service account](/docs/iam/operations/iam-token/create-for-sa). - string jwt = 2; - } -} - -message CreateIamTokenResponse { - // IAM token for the specified identity. - // - // You should pass the token in the `Authorization` header for any further API requests. - // For example, `Authorization: Bearer [iam_token]`. - string iam_token = 1; - - // IAM token expiration time. - google.protobuf.Timestamp expires_at = 2; -} - -message CreateIamTokenForServiceAccountRequest { - string service_account_id = 1 [(required) = true, (length) = "<=50"]; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key.proto deleted file mode 100644 index 22eff7180e9..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key.proto +++ /dev/null @@ -1,44 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A Key resource. For more information, see [Authorized keys](/docs/iam/concepts/authorization/key). -message Key { - enum Algorithm { - ALGORITHM_UNSPECIFIED = 0; - - // RSA with a 2048-bit key size. Default value. - RSA_2048 = 1; - - // RSA with a 4096-bit key size. - RSA_4096 = 2; - } - - // ID of the Key resource. - string id = 1; - - oneof subject { - // ID of the user account that the Key resource belongs to. - string user_account_id = 2; - - // ID of the service account that the Key resource belongs to. - string service_account_id = 3; - } - - // Creation timestamp. - google.protobuf.Timestamp created_at = 4; - - // Description of the Key resource. 0-256 characters long. - string description = 5; - - // An algorithm used to generate a key pair of the Key resource. - Algorithm key_algorithm = 6; - - // A public key of the Key resource. - string public_key = 7; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key_service.proto deleted file mode 100644 index aec6ecedfb3..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/key_service.proto +++ /dev/null @@ -1,187 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/iam/v1/key.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing Key resources. -service KeyService { - // Returns the specified Key resource. - // - // To get the list of available Key resources, make a [List] request. - rpc Get (GetKeyRequest) returns (Key) { - option (google.api.http) = { get: "/iam/v1/keys/{key_id}" }; - } - - // Retrieves the list of Key resources for the specified service account. - rpc List (ListKeysRequest) returns (ListKeysResponse) { - option (google.api.http) = { get: "/iam/v1/keys" }; - } - - // Creates a key pair for the specified service account. - rpc Create (CreateKeyRequest) returns (CreateKeyResponse) { - option (google.api.http) = { post: "/iam/v1/keys" body: "*" }; - } - - // Updates the specified key pair. - rpc Update (UpdateKeyRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/keys/{key_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateKeyMetadata" - response: "Key" - }; - } - - // Deletes the specified key pair. - rpc Delete (DeleteKeyRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/keys/{key_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteKeyMetadata" - response: "google.protobuf.Empty" - }; - } - - // Lists operations for the specified key. - rpc ListOperations (ListKeyOperationsRequest) returns (ListKeyOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/keys/{key_id}/operations" }; - } -} - -message GetKeyRequest { - // ID of the Key resource to return. - // To get the ID use a [KeyService.List] request. - string key_id = 1 [(required) = true, (length) = "<=50"]; - - // Output format of the key. - KeyFormat format = 2; -} - -message ListKeysRequest { - // Output format of the key. - KeyFormat format = 1; - - // ID of the service account to list key pairs for. - // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request. - // If not specified, it defaults to the subject that made the request. - string service_account_id = 2 [(length) = "<=50"]; // use userAccount identity if this not set - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListKeysResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 3 [(value) = "<=1000"]; - - // Page token. To get the next page of results, set [page_token] to the - // [ListKeysResponse.next_page_token] returned by a previous list request. - string page_token = 4 [(length) = "<=100"]; -} - -message ListKeysResponse { - // List of Key resources. - repeated Key keys = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListKeysRequest.page_size], use - // the [next_page_token] as the value - // for the [ListKeysRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message CreateKeyRequest { - // ID of the service account to create a key pair for. - // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request. - // If not specified, it defaults to the subject that made the request. - string service_account_id = 1 [(length) = "<=50"]; // use userAccount identity if this not set - - // Description of the key pair. - string description = 2 [(length) = "<=256"]; - - // Output format of the key. - KeyFormat format = 3; - - // An algorithm used to generate a key pair of the Key resource. - Key.Algorithm key_algorithm = 4; -} - -message CreateKeyResponse { - // Key resource. - Key key = 1; - - // A private key of the Key resource. - // This key must be stored securely. - string private_key = 2; -} - -message UpdateKeyRequest { - // ID of the Key resource to update. - // To get key pair ID, use a [KeyService.List] request. - string key_id = 1 [(required) = true, (length) = "<=50"]; - - // Field mask that specifies which fields of the Key resource are going to be updated. - google.protobuf.FieldMask update_mask = 2; - - // Description of the key pair. - string description = 3 [(length) = "<=256"]; -} - -message UpdateKeyMetadata { - // ID of the Key resource that is being updated. - string key_id = 1; -} - -message DeleteKeyRequest { - // ID of the key to delete. - // To get key ID use a [KeyService.List] request. - string key_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteKeyMetadata { - // ID of the key that is being deleted. - string key_id = 1; -} - -message ListKeyOperationsRequest { - // ID of the key to list operations for. - string key_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListKeyOperationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] to the - // [ListKeyOperationsResponse.next_page_token] returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListKeyOperationsResponse { - // List of operations for the specified key. - repeated operation.Operation operations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListKeyOperationsRequest.page_size], use the [next_page_token] as the value - // for the [ListKeyOperationsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -enum KeyFormat { - option (cloud.api.tools.enumeration).lint_skip.unspecified_value = true; - - // Privacy-Enhanced Mail (PEM) format. Default value. - PEM_FILE = 0; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/openapi-meta.yaml b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/openapi-meta.yaml deleted file mode 100644 index 1cf3d3f664b..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/openapi-meta.yaml +++ /dev/null @@ -1,7 +0,0 @@ -info: - title: Yandex IAM API - version: v1 - description: This API reference is organized by resource. Actions are performed by sending HTTP requests to resource URLs or making RPC calls. For more information about Yandex.Cloud API architecture, see [API Concepts](/docs/api-design-guide/). - x-y-docUri: api-ref - x-y-baseUrl: "https://iam.api.cloud.yandex.net" -docName: "/docs/iam/api-ref" diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role.proto deleted file mode 100644 index ebbd02306f2..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role.proto +++ /dev/null @@ -1,15 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A Role resource. For more information, see [Roles](/docs/iam/concepts/access-control/roles). -message Role { - // ID of the role. - string id = 1; - - // Description of the role. 0-256 characters long. - string description = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role_service.proto deleted file mode 100644 index bf20a1f94dc..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/role_service.proto +++ /dev/null @@ -1,61 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "yandex/cloud/validation.proto"; -import "yandex/cloud/iam/v1/role.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing Role resources. -service RoleService { - // Returns the specified Role resource. - // - // To get the list of available Role resources, make a [List] request. - rpc Get (GetRoleRequest) returns (Role) { - option (google.api.http) = {get: "/iam/v1/roles/{role_id}"}; - } - - // Retrieves the list of Role resources. - rpc List (ListRolesRequest) returns (ListRolesResponse) { - option (google.api.http) = {get: "/iam/v1/roles"}; - } -} - -message GetRoleRequest { - // ID of the Role resource to return. - // To get the role ID, use a [RoleService.List] request. - string role_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListRolesRequest { - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListRolesResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 1 [(value) = "<=1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListRolesResponse.next_page_token] - // returned by a previous list request. - string page_token = 2 [(length) = "<=100"]; - - // A filter expression that filters resources listed in the response. - string filter = 3 [(length) = "<=1000"]; -} - -message ListRolesResponse { - // List of Role resources. - repeated Role roles = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListRolesRequest.page_size], use - // the [next_page_token] as the value - // for the [ListRolesRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/certificate.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/certificate.proto deleted file mode 100644 index ed7f14e68aa..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/certificate.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1.saml; - -import "yandex/cloud/validation.proto"; -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml;saml"; -option java_package = "yandex.cloud.api.iam.v1.saml"; - -// A certificate. -message Certificate { - - // ID of the certificate. - string id = 1 [(required) = true, (length) = "<=50"]; - - // ID of the federation that the certificate belongs to. - string federation_id = 2 [(required) = true, (length) = "<=50"]; - - // Name of the certificate. - string name = 3 [ (pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"]; - - // Description of the certificate. - string description = 4 [(length) = "<=256"]; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 5; - - // Certificate data in PEM format. - string data = 6 [(required) = true, (length) = "<=32000"]; - -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/certificate_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/certificate_service.proto deleted file mode 100644 index 99c7f2423b1..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/certificate_service.proto +++ /dev/null @@ -1,186 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1.saml; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/iam/v1/saml/certificate.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml;saml"; -option java_package = "yandex.cloud.api.iam.v1.saml"; - -// A set of methods for managing certificates. -service CertificateService { - // Returns the specified certificate. - // - // To get the list of available certificates, make a [List] request. - rpc Get (GetCertificateRequest) returns (Certificate) { - option (google.api.http) = { get: "/iam/v1/saml/certificates/{certificate_id}" }; - } - - // Retrieves the list of certificates in the specified federation. - rpc List (ListCertificatesRequest) returns (ListCertificatesResponse) { - option (google.api.http) = { get: "/iam/v1/saml/certificates" }; - } - - // Creates a certificate in the specified federation. - rpc Create (CreateCertificateRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/saml/certificates" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "CreateCertificateMetadata" - response: "Certificate" - }; - } - - // Updates the specified certificate. - rpc Update (UpdateCertificateRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/saml/certificates/{certificate_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateCertificateMetadata" - response: "Certificate" - }; - } - - // Deletes the specified certificate. - rpc Delete (DeleteCertificateRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/saml/certificates/{certificate_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteCertificateMetadata" - response: "google.protobuf.Empty" - }; - } - - // Lists operations for the specified certificate. - rpc ListOperations (ListCertificateOperationsRequest) returns (ListCertificateOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/certificates/{certificate_id}/operations" }; - } -} - -message GetCertificateRequest { - // ID of the certificate to return. - // To get the certificate ID, make a [CertificateService.List] request. - string certificate_id = 1 [(length) = "<=50"]; -} - -message ListCertificatesRequest { - // ID of the federation to list certificates in. - // To get the federation ID make a [yandex.cloud.iam.v1.saml.FederationService.List] request. - string federation_id = 1 [(length) = "<=50", (required) = true]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], the service returns a [ListCertificatesResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListCertificatesResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; - - // A filter expression that filters resources listed in the response. - // The expression must specify: - // 1. The field name. Currently you can use filtering only on [Certificate.name] field. - // 2. An `=` operator. - // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`. - string filter = 4 [(length) = "<=1000"]; -} - -message ListCertificatesResponse { - // List of certificates. - repeated Certificate certificates = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListCertificatesRequest.page_size], use - // the [next_page_token] as the value - // for the [ListCertificatesRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message CreateCertificateRequest { - // ID of the federation to add new certificate. - // To get the federation ID make a [yandex.cloud.iam.v1.saml.FederationService.List] request. - string federation_id = 1 [(length) = "<=50"]; - - // Name of the certificate. - // The name must be unique within the federation. - string name = 2 [(pattern) = "[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - - // Description of the certificate. - string description = 3 [(length) = "<=256"]; - - // Certificate data in PEM format. - string data = 4 [(length) = "<=32000"]; -} - -message CreateCertificateMetadata { - // ID of the certificate that is being created. - string certificate_id = 1; -} - -message UpdateCertificateRequest { - // ID of the certificate to update. - // To get the certificate ID, make a [CertificateService.List] request. - string certificate_id = 1 [(length) = "<=50"]; - - // Field mask that specifies which fields of the certificate are going to be updated. - google.protobuf.FieldMask update_mask = 2; - - // Name of the certificate. - // The name must be unique within the federation. - string name = 3 [(pattern) = "|[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - - // Description of the certificate. - string description = 4 [(length) = "<=256"]; - - // Certificate data in PEM format. - string data = 5 [(length) = "<=32000"]; -} - -message UpdateCertificateMetadata { - // ID of the certificate that is being updated. - string certificate_id = 1; -} - -message DeleteCertificateRequest { - // ID of the certificate to delete. - // To get the certificate ID, make a [CertificateService.List] request. - string certificate_id = 1 [(length) = "<=50"]; -} - -message DeleteCertificateMetadata { - // ID of the certificate that is being deleted. - string certificate_id = 1; -} - -message ListCertificateOperationsRequest { - // ID of the certificate to list operations for. - string certificate_id = 1 [(length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], the service returns a [ListCertificateOperationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListCertificateOperationsResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListCertificateOperationsResponse { - // List of operations for the specified certificate. - repeated operation.Operation operations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListCertificateOperationsRequest.page_size], use the [next_page_token] as the value - // for the [ListCertificateOperationsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/federation.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/federation.proto deleted file mode 100644 index 71c8e1f9b69..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/federation.proto +++ /dev/null @@ -1,83 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1.saml; - -import "google/protobuf/duration.proto"; -import "google/protobuf/timestamp.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml;saml"; -option java_package = "yandex.cloud.api.iam.v1.saml"; - -// A federation. -// For more information, see [SAML-compatible identity federations](/docs/iam/concepts/users/identity-federations). -message Federation { - - // ID of the federation. - string id = 1 [(required) = true, (length) = "<=50"]; - - // ID of the folder that the federation belongs to. - string folder_id = 2 [(required) = true, (length) = "<=50"]; - - // Name of the federation. - string name = 3 [(required) = true, (pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"]; - - // Description of the federation. - string description = 4 [(length) = "<=256"]; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 5; - - // Browser cookie lifetime in seconds. - // If the cookie is still valid, the management console - // authenticates the user immediately and redirects them to the home page. - google.protobuf.Duration cookie_max_age = 6 [(value) = "10m-12h"]; - - // Add new users automatically on successful authentication. - // The user will get the `resource-manager.clouds.member` role automatically, - // but you need to grant other roles to them. - // - // If the value is `false`, users who aren't added to the cloud - // can't log in, even if they have authenticated on your server. - bool auto_create_account_on_login = 7; - - // ID of the IdP server to be used for authentication. - // The IdP server also responds to IAM with this ID after the user authenticates. - string issuer = 8 [(required) = true, (length) = "<=8000"]; - - // Single sign-on endpoint binding type. Most Identity Providers support the `POST` binding type. - // - // SAML Binding is a mapping of a SAML protocol message onto standard messaging - // formats and/or communications protocols. - BindingType sso_binding = 9; - - // Single sign-on endpoint URL. - // Specify the link to the IdP login page here. - string sso_url = 10 [(required) = true, (length) = "<=8000"]; - - // Federation security settings. - FederationSecuritySettings security_settings = 11; - - // Use case insensitive Name IDs. - bool case_insensitive_name_ids = 12; -} - -enum BindingType { - BINDING_TYPE_UNSPECIFIED = 0; - - // HTTP POST binding. - POST = 1; - - // HTTP redirect binding. - REDIRECT = 2; - - // HTTP artifact binding. - ARTIFACT = 3; - -} - -// Federation security settings. -message FederationSecuritySettings { - // Enable encrypted assertions. - bool encrypted_assertions = 1; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/federation_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/federation_service.proto deleted file mode 100644 index 363431aaf49..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/federation_service.proto +++ /dev/null @@ -1,317 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1.saml; - -import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/iam/v1/user_account.proto"; -import "yandex/cloud/iam/v1/saml/federation.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml;saml"; -option java_package = "yandex.cloud.api.iam.v1.saml"; - -// A set of methods for managing federations. -service FederationService { - // Returns the specified federation. - // - // To get the list of available federations, make a [List] request. - rpc Get (GetFederationRequest) returns (Federation) { - option (google.api.http) = { get: "/iam/v1/saml/federations/{federation_id}" }; - } - - // Retrieves the list of federations in the specified folder. - rpc List (ListFederationsRequest) returns (ListFederationsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/federations" }; - } - - // Creates a federation in the specified folder. - rpc Create (CreateFederationRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/saml/federations" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "CreateFederationMetadata" - response: "Federation" - }; - } - - // Updates the specified federation. - rpc Update (UpdateFederationRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/saml/federations/{federation_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateFederationMetadata" - response: "Federation" - }; - } - - // Deletes the specified federation. - rpc Delete (DeleteFederationRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/saml/federations/{federation_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteFederationMetadata" - response: "google.protobuf.Empty" - }; - } - - // Adds users to the specified federation. - rpc AddUserAccounts (AddFederatedUserAccountsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/saml/federations/{federation_id}:addUserAccounts" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "AddFederatedUserAccountsMetadata" - response: "AddFederatedUserAccountsResponse" - }; - } - - // Lists users for the specified federation. - rpc ListUserAccounts (ListFederatedUserAccountsRequest) returns (ListFederatedUserAccountsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/federations/{federation_id}:listUserAccounts" }; - } - - // Lists operations for the specified federation. - rpc ListOperations (ListFederationOperationsRequest) returns (ListFederationOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/saml/federations/{federation_id}/operations" }; - } - -} - -message GetFederationRequest { - // ID of the federation to return. - // To get the federation ID, make a [FederationService.List] request. - string federation_id = 1 [(length) = "<=50"]; -} - -message ListFederationsRequest { - oneof scope { - // ID of the cloud to list federations in. - // To get the cloud ID, make a [yandex.cloud.resourcemanager.v1.CloudService.List] request. - string cloud_id = 1 [(length) = "<=50"]; - - // ID of the folder to list federations in. - // To get the folder ID, make a [yandex.cloud.resourcemanager.v1.FolderService.List] request. - string folder_id = 2 [(length) = "<=50"]; - } - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListFederationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100 - int64 page_size = 3 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListFederationsResponse.next_page_token] - // returned by a previous list request. - string page_token = 4 [(length) = "<=50"]; - - // A filter expression that filters resources listed in the response. - // The expression must specify: - // 1. The field name. Currently you can use filtering only on the [Federation.name] field. - // 2. An `=` operator. - // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`. - string filter = 5 [(length) = "<=1000"]; -} - -message ListFederationsResponse { - // List of federations. - repeated Federation federations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListFederationsRequest.page_size], use - // the [next_page_token] as the value - // for the [ListFederationsRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message CreateFederationRequest { - // ID of the folder to create a federation in. - // To get the folder ID, make a [yandex.cloud.resourcemanager.v1.FolderService.List] request. - string folder_id = 1 [(length) = "<=50"]; - - // Name of the federation. - // The name must be unique within the cloud. - string name = 2 [(pattern) = "[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - - // Description of the federation. - string description = 3 [(length) = "<=256"]; - - // Browser cookie lifetime in seconds. - // If the cookie is still valid, the management console - // authenticates the user immediately and redirects them to the home page. - // The default value is `8h`. - google.protobuf.Duration cookie_max_age = 4 [(value) = "10m-12h"]; - - // Add new users automatically on successful authentication. - // The user will get the `resource-manager.clouds.member` role automatically, - // but you need to grant other roles to them. - // - // If the value is `false`, users who aren't added to the cloud - // can't log in, even if they have authenticated on your server. - bool auto_create_account_on_login = 5; - - // ID of the IdP server to be used for authentication. - // The IdP server also responds to IAM with this ID after the user authenticates. - string issuer = 6 [(required) = true, (length) = "<=8000"]; - - // Single sign-on endpoint binding type. Most Identity Providers support the `POST` binding type. - // - // SAML Binding is a mapping of a SAML protocol message onto standard messaging - // formats and/or communications protocols. - BindingType sso_binding = 7; - - // Single sign-on endpoint URL. - // Specify the link to the IdP login page here. - string sso_url = 8 [(required) = true, (length) = "<=8000"]; - - // Federation security settings. - FederationSecuritySettings security_settings = 9; - - // Use case insensitive Name IDs. - bool case_insensitive_name_ids = 10; -} - -message CreateFederationMetadata { - // ID of the federation that is being created. - string federation_id = 1; -} - -message UpdateFederationRequest { - // ID of the federation to update. - // To get the federation ID, make a [FederationService.List] request. - string federation_id = 1 [(length) = "<=50"]; - - // Field mask that specifies which fields of the federation are going to be updated. - google.protobuf.FieldMask update_mask = 2; - - // Name of the federation. - // The name must be unique within the cloud. - string name = 3 [(pattern) = "|[a-z]([-a-z0-9]{0,61}[a-z0-9])?"]; - - // Description of the federation. - string description = 4 [(length) = "<=256"]; - - // Browser cookie lifetime in seconds. - // If the cookie is still valid, the management console - // authenticates the user immediately and redirects them to the home page. - // The default value is `8h`. - google.protobuf.Duration cookie_max_age = 5 [(value) = "10m-12h"]; - - // Add new users automatically on successful authentication. - // The user will get the `resource-manager.clouds.member` role automatically, - // but you need to grant other roles to them. - // - // If the value is `false`, users who aren't added to the cloud - // can't log in, even if they have authenticated on your server. - bool auto_create_account_on_login = 6; - - // ID of the IdP server to be used for authentication. - // The IdP server also responds to IAM with this ID after the user authenticates. - string issuer = 7 [(required) = true, (length) = "<=8000"]; - - // Single sign-on endpoint binding type. Most Identity Providers support the `POST` binding type. - // - // SAML Binding is a mapping of a SAML protocol message onto standard messaging - // formats and/or communications protocols. - BindingType sso_binding = 8; - - // Single sign-on endpoint URL. - // Specify the link to the IdP login page here. - string sso_url = 9 [(required) = true, (length) = "<=8000"]; - - // Federation security settings. - FederationSecuritySettings security_settings = 10; - - // Use case insensitive name ids. - bool case_insensitive_name_ids = 12; -} - -message UpdateFederationMetadata { - // ID of the federation that is being updated. - string federation_id = 1; -} - -message DeleteFederationRequest { - // ID of the federation to delete. - // To get the federation ID, make a [FederationService.List] request. - string federation_id = 1 [(length) = "<=50"]; -} - -message DeleteFederationMetadata { - // ID of the federation that is being deleted. - string federation_id = 1; -} - -message AddFederatedUserAccountsRequest { - // ID of the federation to add users. - string federation_id = 1 [(length) = "<=50"]; - // Name IDs returned by the Identity Provider (IdP) on successful authentication. - // These may be UPNs or user email addresses. - repeated string name_ids = 2 [(length) = "<=1000"]; -} - -message AddFederatedUserAccountsMetadata { - // ID of the federation that is being altered. - string federation_id = 1; -} - -message AddFederatedUserAccountsResponse { - // List of users created by [FederationService.AddUserAccounts] request. - repeated UserAccount user_accounts = 1; -} - -message ListFederatedUserAccountsRequest { - // ID of the federation to list user accounts for. - string federation_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], the service returns a [ListFederatedUserAccountsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListFederatedUserAccountsResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListFederatedUserAccountsResponse { - // List of user accounts for the specified federation. - repeated UserAccount user_accounts = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListFederatedUserAccountsRequest.page_size], use the [next_page_token] as the value - // for the [ListFederatedUserAccountsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message ListFederationOperationsRequest { - // ID of the federation to list operations for. - string federation_id = 1 [(length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], the service returns a [ListFederationOperationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "0-1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListFederationOperationsResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListFederationOperationsResponse { - // List of operations for the specified federation. - repeated operation.Operation operations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListFederationOperationsRequest.page_size], use the [next_page_token] as the value - // for the [ListFederationOperationsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/openapi-meta.yaml b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/openapi-meta.yaml deleted file mode 100644 index f9d6775355c..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/saml/openapi-meta.yaml +++ /dev/null @@ -1,7 +0,0 @@ -info: - title: Yandex IAM SAML API - version: v1 - description: This API reference is organized by resource. Actions are performed by sending HTTP requests to resource URLs or making RPC calls. For more information about Yandex.Cloud API architecture, see [API Concepts](/docs/api-design-guide/). - x-y-docUri: api-ref - x-y-baseUrl: "https://iam.api.cloud.yandex.net" -docName: "/docs/iam/api-ref" diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account.proto deleted file mode 100644 index c21e68a00f8..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account.proto +++ /dev/null @@ -1,30 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/protobuf/timestamp.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A ServiceAccount resource. For more information, see [Service accounts](/docs/iam/concepts/users/service-accounts). -message ServiceAccount { - // ID of the service account. - string id = 1; - - // ID of the folder that the service account belongs to. - string folder_id = 2; - - // Creation timestamp. - google.protobuf.Timestamp created_at = 3; - - // Name of the service account. - // The name is unique within the cloud. 3-63 characters long. - string name = 4; - - // Description of the service account. 0-256 characters long. - string description = 5; - - // Resource labels as `` key:value `` pairs. Maximum of 64 per resource. - map<string, string> labels = 6; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account_service.proto deleted file mode 100644 index 42f85766323..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/service_account_service.proto +++ /dev/null @@ -1,215 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "google/protobuf/field_mask.proto"; -import "yandex/cloud/api/operation.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/iam/v1/service_account.proto"; -import "yandex/cloud/access/access.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing ServiceAccount resources. -service ServiceAccountService { - // Returns the specified ServiceAccount resource. - // - // To get the list of available ServiceAccount resources, make a [List] request. - rpc Get (GetServiceAccountRequest) returns (ServiceAccount) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts/{service_account_id}" }; - } - - // Retrieves the list of ServiceAccount resources in the specified folder. - rpc List (ListServiceAccountsRequest) returns (ListServiceAccountsResponse) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts" }; - } - - // Creates a service account in the specified folder. - rpc Create (CreateServiceAccountRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "CreateServiceAccountMetadata" - response: "ServiceAccount" - }; - } - - // Updates the specified service account. - rpc Update (UpdateServiceAccountRequest) returns (operation.Operation) { - option (google.api.http) = { patch: "/iam/v1/serviceAccounts/{service_account_id}" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "UpdateServiceAccountMetadata" - response: "ServiceAccount" - }; - } - - // Deletes the specified service account. - rpc Delete (DeleteServiceAccountRequest) returns (operation.Operation) { - option (google.api.http) = { delete: "/iam/v1/serviceAccounts/{service_account_id}" }; - option (yandex.cloud.api.operation) = { - metadata: "DeleteServiceAccountMetadata" - response: "google.protobuf.Empty" - }; - } - - //access - - // Lists access bindings for the specified service account. - rpc ListAccessBindings (access.ListAccessBindingsRequest) returns (access.ListAccessBindingsResponse) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts/{resource_id}:listAccessBindings" }; - } - - // Sets access bindings for the service account. - rpc SetAccessBindings (access.SetAccessBindingsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts/{resource_id}:setAccessBindings" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "access.SetAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - } - - // Updates access bindings for the specified service account. - rpc UpdateAccessBindings (access.UpdateAccessBindingsRequest) returns (operation.Operation) { - option (google.api.http) = { post: "/iam/v1/serviceAccounts/{resource_id}:updateAccessBindings" body: "*" }; - option (yandex.cloud.api.operation) = { - metadata: "access.UpdateAccessBindingsMetadata" - response: "google.protobuf.Empty" - }; - option (yandex.cloud.api.tools.method).lint_skip.http_verb = true; - } - - // Lists operations for the specified service account. - rpc ListOperations (ListServiceAccountOperationsRequest) returns (ListServiceAccountOperationsResponse) { - option (google.api.http) = { get: "/iam/v1/serviceAccounts/{service_account_id}/operations" }; - } -} - -message GetServiceAccountRequest { - // ID of the ServiceAccount resource to return. - // To get the service account ID, use a [ServiceAccountService.List] request. - string service_account_id = 1 [(required) = true, (length) = "<=50"]; -} - -message ListServiceAccountsRequest { - // ID of the folder to list service accounts in. - // To get the folder ID, use a [yandex.cloud.resourcemanager.v1.FolderService.List] request. - string folder_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], - // the service returns a [ListServiceAccountsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100 - int64 page_size = 2 [(value) = "<=1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListServiceAccountsResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; - - // A filter expression that filters resources listed in the response. - // The expression must specify: - // 1. The field name. Currently you can use filtering only on the [ServiceAccount.name] field. - // 2. An `=` operator. - // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`. - string filter = 4 [(length) = "<=1000"]; -} - -message ListServiceAccountsResponse { - // List of ServiceAccount resources. - repeated ServiceAccount service_accounts = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListServiceAccountsRequest.page_size], use - // the [next_page_token] as the value - // for the [ListServiceAccountsRequest.page_token] query parameter - // in the next list request. Each subsequent list request will have its own - // [next_page_token] to continue paging through the results. - string next_page_token = 2; -} - -message CreateServiceAccountRequest { - // ID of the folder to create a service account in. - // To get the folder ID, use a [yandex.cloud.resourcemanager.v1.FolderService.List] request. - string folder_id = 1 [(required) = true, (length) = "<=50"]; - - // Name of the service account. - // The name must be unique within the cloud. - string name = 2 [(required) = true, (pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"]; - - // Description of the service account. - string description = 3 [(length) = "<=256"]; - - // Resource labels as `` key:value `` pairs. - map<string, string> labels = 4 [(yandex.cloud.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; -} - -message CreateServiceAccountMetadata { - // ID of the service account that is being created. - string service_account_id = 1; -} - -message UpdateServiceAccountRequest { - // ID of the ServiceAccount resource to update. - // To get the service account ID, use a [ServiceAccountService.List] request. - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - - // Field mask that specifies which fields of the ServiceAccount resource are going to be updated. - google.protobuf.FieldMask update_mask = 2; - - // Name of the service account. - // The name must be unique within the cloud. - string name = 3 [(required) = true, (pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"]; - - // Description of the service account. - string description = 4 [(length) = "<=256"]; - - // Resource labels as `` key:value `` pairs. - map<string, string> labels = 5 [(yandex.cloud.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"]; -} - -message UpdateServiceAccountMetadata { - // ID of the ServiceAccount resource that is being updated. - string service_account_id = 1; -} - -message DeleteServiceAccountRequest { - // ID of the service account to delete. - // To get the service account ID, use a [ServiceAccountService.List] request. - string service_account_id = 1 [(required) = true, (length) = "<=50"]; -} - -message DeleteServiceAccountMetadata { - // ID of the service account that is being deleted. - string service_account_id = 1; -} - -message ListServiceAccountOperationsRequest { - // ID of the ServiceAccount resource to list operations for. - string service_account_id = 1 [(required) = true, (length) = "<=50"]; - - // The maximum number of results per page to return. If the number of available - // results is larger than [page_size], the service returns a [ListServiceAccountOperationsResponse.next_page_token] - // that can be used to get the next page of results in subsequent list requests. - // Default value: 100. - int64 page_size = 2 [(value) = "<=1000"]; - - // Page token. To get the next page of results, set [page_token] - // to the [ListServiceAccountOperationsResponse.next_page_token] - // returned by a previous list request. - string page_token = 3 [(length) = "<=100"]; -} - -message ListServiceAccountOperationsResponse { - // List of operations for the specified service account. - repeated operation.Operation operations = 1; - - // This token allows you to get the next page of results for list requests. If the number of results - // is larger than [ListServiceAccountOperationsRequest.page_size], use the [next_page_token] as the value - // for the [ListServiceAccountOperationsRequest.page_token] query parameter in the next list request. - // Each subsequent list request will have its own [next_page_token] to continue paging through the results. - string next_page_token = 2; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account.proto deleted file mode 100644 index 7fe7fda2348..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account.proto +++ /dev/null @@ -1,47 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "yandex/cloud/validation.proto"; - - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// Currently represents only [Yandex account](/docs/iam/concepts/#passport). -message UserAccount { - // ID of the user account. - string id = 1; - - oneof user_account { - option (exactly_one) = true; - // A YandexPassportUserAccount resource. - YandexPassportUserAccount yandex_passport_user_account = 2; - // A SAML federated user. - SamlUserAccount saml_user_account = 3; - } -} - -// A YandexPassportUserAccount resource. -// For more information, see [Yandex account](/docs/iam/concepts/#passport). -message YandexPassportUserAccount { - // Login of the Yandex user account. - string login = 1; - // Default email of the Yandex user account. - string default_email = 2; -} - -// A SAML federated user. -// For more information, see [federations](/docs/iam/concepts/users/saml-federations). -message SamlUserAccount { - message Attribute { - repeated string value = 1; - } - // ID of the federation that the federation belongs to. - string federation_id = 1 [(required) = true, (length) = "<=50"]; - // Name Id of the SAML federated user. - // The name is unique within the federation. 1-256 characters long. - string name_id = 2 [(required) = true, (length) = "1-256"]; - // Additional attributes of the SAML federated user. - map <string, Attribute> attributes = 3; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account_service.proto deleted file mode 100644 index 102f664dea3..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/user_account_service.proto +++ /dev/null @@ -1,23 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "yandex/cloud/iam/v1/user_account.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing user accounts. Currently applicable only for [Yandex accounts](/docs/iam/concepts/#passport). -service UserAccountService { - // Returns the specified UserAccount resource. - rpc Get (GetUserAccountRequest) returns (UserAccount) { - option (google.api.http) = { get: "/iam/v1/userAccounts/{user_account_id}" }; - } -} - -message GetUserAccountRequest { - // ID of the UserAccount resource to return. - string user_account_id = 1 [(required) = true, (length) = "<=50"]; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/yandex_passport_user_account_service.proto b/cloud/bitbucket/public-api/yandex/cloud/iam/v1/yandex_passport_user_account_service.proto deleted file mode 100644 index eabd7ae4638..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/iam/v1/yandex_passport_user_account_service.proto +++ /dev/null @@ -1,23 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.iam.v1; - -import "google/api/annotations.proto"; -import "yandex/cloud/iam/v1/user_account.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/iam/v1;iam"; -option java_package = "yandex.cloud.api.iam.v1"; - -// A set of methods for managing YandexPassportUserAccount resources. -service YandexPassportUserAccountService { - // Returns the specified YandexPassportUserAccount resource. - rpc GetByLogin (GetUserAccountByLoginRequest) returns (UserAccount) { - option (google.api.http) = { get: "/iam/v1/yandexPassportUserAccounts:byLogin" }; - } -} - -message GetUserAccountByLoginRequest { - // Login of the YandexPassportUserAccount resource to return. - string login = 1 [(required) = true]; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/imports.proto b/cloud/bitbucket/public-api/yandex/cloud/imports.proto deleted file mode 100644 index a6774f180b9..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/imports.proto +++ /dev/null @@ -1,23 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud; - -// This file contains all imports that may not be required by API itself, but -// should present in PB-descriptor for grpc-json conversion. The most vivid -// examples are messages defined in google/rpc/error_details.proto, which -// may appear in status details but are not mentioned anywhere else in API as -// import. - -import "google/rpc/status.proto"; -import "google/rpc/error_details.proto"; -import "google/rpc/code.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud;cloud"; -option java_package = "yandex.cloud.api"; - -message Dummy { - // Reference all includes to avoid 'unused' warnings. - google.rpc.Status status = 1; - google.rpc.Code code = 2; - google.rpc.RequestInfo request_info = 3; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/operation/CMakeLists.txt b/cloud/bitbucket/public-api/yandex/cloud/operation/CMakeLists.txt deleted file mode 100644 index f7629ae82cc..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/operation/CMakeLists.txt +++ /dev/null @@ -1,56 +0,0 @@ - -# This file was gererated by the build system used internally in the Yandex monorepo. -# Only simple modifications are allowed (adding source-files to targets, adding simple properties -# like target_include_directories). These modifications will be ported to original -# ya.make files by maintainers. Any complex modifications which can't be ported back to the -# original buildsystem will not be accepted. - - - -add_library(yandex-cloud-operation) -set_property(TARGET yandex-cloud-operation PROPERTY - PROTOC_EXTRA_OUTS .grpc.pb.cc .grpc.pb.h -) -set_property(TARGET yandex-cloud-operation PROPERTY - PROTO_NAMESPACE cloud/bitbucket/public-api -) -target_include_directories(yandex-cloud-operation PUBLIC - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_include_directories(yandex-cloud-operation PRIVATE - ${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_link_libraries(yandex-cloud-operation PUBLIC - contrib-libs-cxxsupp - yutil - contrib-libs-grpc - contrib-libs-googleapis-common-protos - cloud-api-tools - public-api-yandex-cloud - contrib-libs-protobuf -) -target_proto_messages(yandex-cloud-operation PRIVATE - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/operation/operation.proto - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api/yandex/cloud/operation/operation_service.proto -) -target_proto_addincls(yandex-cloud-operation - ./cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_SOURCE_DIR}/contrib/libs/googleapis-common-protos - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/common-api - ${CMAKE_SOURCE_DIR}/cloud/bitbucket/public-api - ${CMAKE_BINARY_DIR} - ${CMAKE_SOURCE_DIR}/contrib/libs/protobuf/src -) -target_proto_outs(yandex-cloud-operation - --cpp_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api - --cpp_styleguide_out=${CMAKE_BINARY_DIR}/cloud/bitbucket/public-api -) -target_proto_plugin(yandex-cloud-operation - grpc_cpp - grpc_cpp -) diff --git a/cloud/bitbucket/public-api/yandex/cloud/operation/openapi-meta.yaml b/cloud/bitbucket/public-api/yandex/cloud/operation/openapi-meta.yaml deleted file mode 100644 index 44aa30cf218..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/operation/openapi-meta.yaml +++ /dev/null @@ -1,7 +0,0 @@ -info: - version: - title: Yandex.Cloud Operations API - description: This API reference is organized by resource. Actions are performed by sending HTTP requests to resource URLs or making RPC calls. For more information about Yandex.Cloud API architecture, see [API Concepts](/docs/api-design-guide/). - x-y-docUri: api-ref - x-y-baseUrl: "https://operation.api.cloud.yandex.net" -docName: "/docs/operation/api-ref" diff --git a/cloud/bitbucket/public-api/yandex/cloud/operation/operation.proto b/cloud/bitbucket/public-api/yandex/cloud/operation/operation.proto deleted file mode 100644 index 053029f3300..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/operation/operation.proto +++ /dev/null @@ -1,55 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.operation; - -import "google/protobuf/any.proto"; -import "google/rpc/status.proto"; -import "google/protobuf/timestamp.proto"; - - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/operation;operation"; -option java_package = "yandex.cloud.api.operation"; - -// An Operation resource. For more information, see [Operation](/docs/api-design-guide/concepts/operation). -message Operation { - // ID of the operation. - string id = 1; - - // Description of the operation. 0-256 characters long. - string description = 2; // ex: Create VM, Stop VM, Delete Disk, Snapshot Disk, etc - - // Creation timestamp. - google.protobuf.Timestamp created_at = 3; - - // ID of the user or service account who initiated the operation. - string created_by = 4; - - // The time when the Operation resource was last modified. - google.protobuf.Timestamp modified_at = 5; - - // If the value is `false`, it means the operation is still in progress. - // If `true`, the operation is completed, and either `error` or `response` is available. - bool done = 6; - - // Service-specific metadata associated with the operation. - // It typically contains the ID of the target resource that the operation is performed on. - // Any method that returns a long-running operation should document the metadata type, if any. - google.protobuf.Any metadata = 7; - - // The operation result. - // If `done == false` and there was no failure detected, neither `error` nor `response` is set. - // If `done == false` and there was a failure detected, `error` is set. - // If `done == true`, exactly one of `error` or `response` is set. - oneof result { - // The error result of the operation in case of failure or cancellation. - google.rpc.Status error = 8; - - // The normal response of the operation in case of success. - // If the original method returns no data on success, such as Delete, - // the response is [google.protobuf.Empty]. - // If the original method is the standard Create/Update, - // the response should be the target resource of the operation. - // Any method that returns a long-running operation should document the response type, if any. - google.protobuf.Any response = 9; - } -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/operation/operation_service.proto b/cloud/bitbucket/public-api/yandex/cloud/operation/operation_service.proto deleted file mode 100644 index cdda823e36a..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/operation/operation_service.proto +++ /dev/null @@ -1,37 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud.operation; - -import "google/api/annotations.proto"; -import "yandex/cloud/api/tools/options.proto"; -import "yandex/cloud/operation/operation.proto"; -import "yandex/cloud/validation.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud/operation;operation"; -option java_package = "yandex.cloud.api.operation"; - -// A set of methods for managing operations for asynchronous API requests. -service OperationService { - // Returns the specified Operation resource. - rpc Get (GetOperationRequest) returns (Operation) { - option (google.api.http) = { get: "/operations/{operation_id}" }; - } - - // Cancels the specified operation. - // - // Note that currently Yandex Object Storage API does not support cancelling operations. - rpc Cancel (CancelOperationRequest) returns (Operation) { - option (google.api.http) = { get: "/operations/{operation_id}:cancel" }; - option (yandex.cloud.api.tools.method).lint_skip.http_verb = true; - } -} - -message GetOperationRequest { - // ID of the Operation resource to return. - string operation_id = 1 [(required) = true]; -} - -message CancelOperationRequest { - // ID of the operation to cancel. - string operation_id = 1 [(required) = true]; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/validation.proto b/cloud/bitbucket/public-api/yandex/cloud/validation.proto deleted file mode 100644 index e3f5ffca74f..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/validation.proto +++ /dev/null @@ -1,29 +0,0 @@ -syntax = "proto3"; - -package yandex.cloud; - -import "google/protobuf/descriptor.proto"; - -option go_package = "a.yandex-team.ru/cloud/bitbucket/public-api/yandex/cloud;cloud"; -option java_package = "yandex.cloud.api"; - -extend google.protobuf.OneofOptions { - bool exactly_one = 101400; -} - -extend google.protobuf.FieldOptions { - bool required = 101501; - string pattern = 101502; - string value = 101503; - string size = 101504; - string length = 101505; - bool unique = 101506; - MapKeySpec map_key = 101510; - string bytes = 101511; -} - -message MapKeySpec { - string value = 1; - string pattern = 2; - string length = 3; -} diff --git a/cloud/bitbucket/public-api/yandex/cloud/validation.yadoc.yaml b/cloud/bitbucket/public-api/yandex/cloud/validation.yadoc.yaml deleted file mode 100644 index ab37b83de49..00000000000 --- a/cloud/bitbucket/public-api/yandex/cloud/validation.yadoc.yaml +++ /dev/null @@ -1,127 +0,0 @@ -# NOTE(skipor): text will be placed in description, which is CommonMark Markdown -# so escape regular expressions using `` <pattern> `` escaping, to escape even '`' characters. - -required: Required. - -pattern: - usual: Value must match the regular expression `` $PATTERN ``. - repeated: Each value must match the regular expression `` $PATTERN ``. - map_value: Each value must match the regular expression `` $PATTERN ``. - -value: - usual: - "<=": The maximum value is $MAX_VALUE. - "<": Value must be less than $MAX_VALUE. - ">=": The minimum value is $MIN_VALUE. - ">": Value must be greater than $MIN_VALUE. - "min-max": Acceptable values are $MIN_VALUE to $MAX_VALUE, inclusive. - "=": Value must be equal to $VALUE. - "list": Value must be one of $FIRST_VALUES or $LAST_VALUE. - repeated: - "<=": Each value must be less than or equal to $MAX_VALUE. - "<": Each value must be less than $MAX_VALUE. - ">=": Each value must be greater than or equal to $MIN_VALUE. - ">": Each value must be greater than $MIN_VALUE. - "min-max": Acceptable values are $MIN_VALUE to $MAX_VALUE, inclusive. - "=": Each value must be equal to $VALUE. - "list": Each value must be one of $FIRST_VALUES or $LAST_VALUE. - map_value: - "<=": Each value must be less than or equal to $MAX_VALUE. - "<": Each value must be less than $MAX_VALUE. - ">=": Each value must be greater than or equal to $MIN_VALUE. - ">": Each value must be greater than $MIN_VALUE. - "min-max": Acceptable values are $MIN_VALUE to $MAX_VALUE, inclusive. - "=": Each value must be equal to $VALUE. - "list": Each value must be one of $FIRST_VALUES or $LAST_VALUE. - -size: - repeated: - "<=": The maximum number of elements is $MAX_VALUE. - "<": The number of elements must be less than $MAX_VALUE. - ">=": The minimum number of elements is $MIN_VALUE. - ">0": Must contain at least one element. - ">": The number of elements must be greater than $MIN_VALUE. - "min-max": The number of elements must be in the range $MIN_VALUE-$MAX_VALUE. - "1": Must contain exactly 1 element. - "=": The number of elements must be exactly $VALUE. - "list": The number of elements must be one of $FIRST_VALUES or $LAST_VALUE. - map_value: - "<=": No more than $MAX_VALUE per resource. - "<": Less than $MAX_VALUE per resource. - ">=": No less than $MIN_VALUE per resource. - ">0": At least one per resource. - ">": More than $MIN_VALUE per resource. - "min-max": $MIN_VALUE-$MAX_VALUE per resource. - "=": Exactly $VALUE per resource. - "list": $FIRST_VALUES or $LAST_VALUE per resource. - -length: - usual: - "<=": The maximum string length in characters is $MAX_VALUE. - "<": The string length in characters must be less than $MAX_VALUE. - ">=": The minimum string length in characters is $MIN_VALUE. - ">": The string length in characters must be greater than $MIN_VALUE. - "min-max": The string length in characters must be $MIN_VALUE-$MAX_VALUE. - "=": The string length in characters must be equal to $VALUE. - "list": The string length in characters must be equal to one of $FIRST_VALUES or $LAST_VALUE. - repeated: - "<=": The maximum string length in characters for each value is $MAX_VALUE. - "<": The string length in characters for each value must be less than $MAX_VALUE. - ">=": The minimum string length in characters for each value is $MIN_VALUE. - ">": The string length in characters for each value must be greater than $MIN_VALUE. - "min-max": The string length in characters for each value must be $MIN_VALUE-$MAX_VALUE. - "=": The string length in characters for each value must be equal to $VALUE. - "list": The string length in characters for each value must be equal to one of $FIRST_VALUES or $LAST_VALUE. - map_value: - "<=": The maximum string length in characters for each value is $MAX_VALUE. - "<": The string length in characters for each value must be less than $MAX_VALUE. - ">=": The minimum string length in characters for each value is $MIN_VALUE. - ">": The string length in characters for each value must be greater than $MIN_VALUE. - "min-max": The string length in characters for each value must be $MIN_VALUE-$MAX_VALUE. - "=": The string length in characters for each value must be equal to $VALUE. - "list": The string length in characters for each value must be equal to one of $FIRST_VALUES or $LAST_VALUE. - -bytes: - usual: - "<=": The maximum size in bytes is $MAX_VALUE. - "<": The size in bytes must be less than $MAX_VALUE. - ">=": The minimum size in bytes is $MIN_VALUE. - ">": The size in bytes must be greater than $MIN_VALUE. - "min-max": The size in bytes must be $MIN_VALUE-$MAX_VALUE. - "=": The size in bytes must be equal to $VALUE. - "list": The size in bytes must be equal to one of $FIRST_VALUES or $LAST_VALUE. - repeated: - "<=": The maximum size in bytes for each value is $MAX_VALUE. - "<": The size in bytes for each value must be less than $MAX_VALUE. - ">=": The minimum size in bytes for each value is $MIN_VALUE. - ">": The size in bytes for each value must be greater than $MIN_VALUE. - "min-max": The size in bytes for each value must be $MIN_VALUE-$MAX_VALUE. - "=": The size in bytes for each value must be equal to $VALUE. - "list": The size in bytes for each value must be equal to one of $FIRST_VALUES or $LAST_VALUE. - map_value: - "<=": The maximum size in bytes for each value is $MAX_VALUE. - "<": The size in bytes for each value must be less than $MAX_VALUE. - ">=": The minimum size in bytes for each value is $MIN_VALUE. - ">": The size in bytes for each value must be greater than $MIN_VALUE. - "min-max": The size in bytes for each value must be $MIN_VALUE-$MAX_VALUE. - "=": The size in bytes for each value must be equal to $VALUE. - "list": The size in bytes for each value must be equal to one of $FIRST_VALUES or $LAST_VALUE. - -map_key: - value: - "<=": Each key must be less than or equal to $MAX_VALUE. - "<": Each key must be less than $MAX_VALUE. - ">=": Each key must be greater than or equal to $MIN_VALUE. - ">": Each key must be greater than $MIN_VALUE. - "min-max": Acceptable keys are $MIN_VALUE to $MAX_VALUE, inclusive. - "=": Each key must be equal to $VALUE. - "list": Each key must be one of $FIRST_VALUES or $LAST_VALUE. - pattern: Each key must match the regular expression `` $PATTERN ``. - length: - "<=": The maximum string length in characters for each key is $MAX_VALUE. - "<": The string length in characters for each key must be less than $MAX_VALUE. - ">=": The minimum string length in characters for each key is $MIN_VALUE. - ">": The string length in characters for each key must be greater than $MIN_VALUE. - "min-max": The string length in characters for each key must be $MIN_VALUE-$MAX_VALUE. - "=": The string length in characters for each key must be equal to $VALUE. - "list": The string length in characters for each key must be equal to one of $FIRST_VALUES or $LAST_VALUE. |