1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
syntax = "proto3";
package yandex.cloud.access;
import "yandex/cloud/validation.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/access;access";
option java_package = "yandex.cloud.api.access";
message Subject {
// ID of the subject.
//
// It can contain one of the following values:
// * `allAuthenticatedUsers`: A special system identifier that represents anyone
// who is authenticated. It can be used only if the [type] is `system`.
// * `allUsers`: A special system identifier that represents anyone. No authentication is required.
// For example, you don't need to specify the IAM token in an API query.
// * `<cloud generated id>`: An identifier that represents a user account.
// It can be used only if the [type] is `userAccount`, `federatedUser` or `serviceAccount`.
string id = 1 [(required) = true, (length) = "<=100"];
// Type of the subject.
//
// It can contain one of the following values:
// * `userAccount`: An account on Yandex or Yandex Connect, added to Yandex Cloud.
// * `serviceAccount`: A service account. This type represents the [yandex.cloud.iam.v1.ServiceAccount] resource.
// * `federatedUser`: A federated account. This type represents a user from an identity federation, like Active Directory.
// * `system`: System group. This type represents several accounts with a common system identifier.
//
// For more information, see [Subject to which the role is assigned](/docs/iam/concepts/access-control/#subject).
string type = 2 [(required) = true, (length) = "<=100"];
}
message AccessBinding {
// ID of the [yandex.cloud.iam.v1.Role] that is assigned to the [subject].
string role_id = 1 [(required) = true, (length) = "<=50"];
// Identity for which access binding is being created.
// It can represent an account with a unique ID or several accounts with a system identifier.
Subject subject = 2 [(required) = true];
}
message ListAccessBindingsRequest {
// ID of the resource to list access bindings for.
//
// To get the resource ID, use a corresponding List request.
// For example, use the [yandex.cloud.resourcemanager.v1.CloudService.List] request to get the Cloud resource ID.
string resource_id = 1 [(required) = true, (length) = "<=50"];
// The maximum number of results per page that should be returned. If the number of available
// results is larger than [page_size],
// the service returns a [ListAccessBindingsResponse.next_page_token]
// that can be used to get the next page of results in subsequent list requests.
// Default value: 100.
int64 page_size = 2 [(value) = "<=1000"];
// Page token. Set [page_token]
// to the [ListAccessBindingsResponse.next_page_token]
// returned by a previous list request to get the next page of results.
string page_token = 3 [(length) = "<=100"];
}
message ListAccessBindingsResponse {
// List of access bindings for the specified resource.
repeated AccessBinding access_bindings = 1;
// This token allows you to get the next page of results for list requests. If the number of results
// is larger than [ListAccessBindingsRequest.page_size], use
// the [next_page_token] as the value
// for the [ListAccessBindingsRequest.page_token] query parameter
// in the next list request. Each subsequent list request will have its own
// [next_page_token] to continue paging through the results.
string next_page_token = 2;
}
message SetAccessBindingsRequest {
// ID of the resource for which access bindings are being set.
//
// To get the resource ID, use a corresponding List request.
string resource_id = 1 [(required) = true, (length) = "<=50"];
// Access bindings to be set. For more information, see [Access Bindings](/docs/iam/concepts/access-control/#access-bindings).
repeated AccessBinding access_bindings = 2 [(size) = "<=1000"];
}
message SetAccessBindingsMetadata {
// ID of the resource for which access bindings are being set.
string resource_id = 1;
}
message UpdateAccessBindingsRequest {
// ID of the resource for which access bindings are being updated.
string resource_id = 1 [(required) = true, (length) = "<=50"];
// Updates to access bindings.
repeated AccessBindingDelta access_binding_deltas = 2 [(size) = "1-1000"];
}
message UpdateAccessBindingsMetadata {
// ID of the resource for which access bindings are being updated.
string resource_id = 1;
}
enum AccessBindingAction {
ACCESS_BINDING_ACTION_UNSPECIFIED = 0;
// Addition of an access binding.
ADD = 1;
// Removal of an access binding.
REMOVE = 2;
}
message AccessBindingDelta {
// The action that is being performed on an access binding.
AccessBindingAction action = 1 [(required) = true];
// Access binding. For more information, see [Access Bindings](/docs/iam/concepts/access-control/#access-bindings).
AccessBinding access_binding = 2 [(required) = true];
}
message AccessBindingsOperationResult {
// Result access binding deltas.
repeated AccessBindingDelta effective_deltas = 1;
}
|
