1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
syntax = "proto3";
package yandex.cloud.iam.v1;
import "google/api/annotations.proto";
import "google/protobuf/field_mask.proto";
import "yandex/cloud/api/operation.proto";
import "yandex/cloud/iam/v1/service_account.proto";
import "yandex/cloud/access/access.proto";
import "yandex/cloud/operation/operation.proto";
import "yandex/cloud/validation.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/iam/v1;iam";
option java_package = "yandex.cloud.api.iam.v1";
// A set of methods for managing ServiceAccount resources.
service ServiceAccountService {
// Returns the specified ServiceAccount resource.
//
// To get the list of available ServiceAccount resources, make a [List] request.
rpc Get (GetServiceAccountRequest) returns (ServiceAccount) {
option (google.api.http) = { get: "/iam/v1/serviceAccounts/{service_account_id}" };
}
// Retrieves the list of ServiceAccount resources in the specified folder.
rpc List (ListServiceAccountsRequest) returns (ListServiceAccountsResponse) {
option (google.api.http) = { get: "/iam/v1/serviceAccounts" };
}
// Creates a service account in the specified folder.
rpc Create (CreateServiceAccountRequest) returns (operation.Operation) {
option (google.api.http) = { post: "/iam/v1/serviceAccounts" body: "*" };
option (yandex.cloud.api.operation) = {
metadata: "CreateServiceAccountMetadata"
response: "ServiceAccount"
};
}
// Updates the specified service account.
rpc Update (UpdateServiceAccountRequest) returns (operation.Operation) {
option (google.api.http) = { patch: "/iam/v1/serviceAccounts/{service_account_id}" body: "*" };
option (yandex.cloud.api.operation) = {
metadata: "UpdateServiceAccountMetadata"
response: "ServiceAccount"
};
}
// Deletes the specified service account.
rpc Delete (DeleteServiceAccountRequest) returns (operation.Operation) {
option (google.api.http) = { delete: "/iam/v1/serviceAccounts/{service_account_id}" };
option (yandex.cloud.api.operation) = {
metadata: "DeleteServiceAccountMetadata"
response: "google.protobuf.Empty"
};
}
//access
// Lists access bindings for the specified service account.
rpc ListAccessBindings (access.ListAccessBindingsRequest) returns (access.ListAccessBindingsResponse) {
option (google.api.http) = { get: "/iam/v1/serviceAccounts/{resource_id}:listAccessBindings" };
}
// Sets access bindings for the service account.
rpc SetAccessBindings (access.SetAccessBindingsRequest) returns (operation.Operation) {
option (google.api.http) = { post: "/iam/v1/serviceAccounts/{resource_id}:setAccessBindings" body: "*" };
option (yandex.cloud.api.operation) = {
metadata: "access.SetAccessBindingsMetadata"
response: "access.AccessBindingsOperationResult"
};
}
// Updates access bindings for the specified service account.
rpc UpdateAccessBindings (access.UpdateAccessBindingsRequest) returns (operation.Operation) {
option (google.api.http) = { post: "/iam/v1/serviceAccounts/{resource_id}:updateAccessBindings" body: "*" };
option (yandex.cloud.api.operation) = {
metadata: "access.UpdateAccessBindingsMetadata"
response: "access.AccessBindingsOperationResult"
};
}
// Lists operations for the specified service account.
rpc ListOperations (ListServiceAccountOperationsRequest) returns (ListServiceAccountOperationsResponse) {
option (google.api.http) = { get: "/iam/v1/serviceAccounts/{service_account_id}/operations" };
}
}
message GetServiceAccountRequest {
// ID of the ServiceAccount resource to return.
// To get the service account ID, use a [ServiceAccountService.List] request.
string service_account_id = 1 [(required) = true, (length) = "<=50"];
}
message ListServiceAccountsRequest {
// ID of the folder to list service accounts in.
// To get the folder ID, use a [yandex.cloud.resourcemanager.v1.FolderService.List] request.
string folder_id = 1 [(required) = true, (length) = "<=50"];
// The maximum number of results per page to return. If the number of available
// results is larger than [page_size],
// the service returns a [ListServiceAccountsResponse.next_page_token]
// that can be used to get the next page of results in subsequent list requests.
// Default value: 100
int64 page_size = 2 [(value) = "<=1000"];
// Page token. To get the next page of results, set [page_token]
// to the [ListServiceAccountsResponse.next_page_token]
// returned by a previous list request.
string page_token = 3 [(length) = "<=2000"];
// A filter expression that filters resources listed in the response.
// The expression must specify:
// 1. The field name. Currently you can use filtering only on the [ServiceAccount.name] field.
// 2. An `=` operator.
// 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`.
string filter = 4 [(length) = "<=1000"];
}
message ListServiceAccountsResponse {
// List of ServiceAccount resources.
repeated ServiceAccount service_accounts = 1;
// This token allows you to get the next page of results for list requests. If the number of results
// is larger than [ListServiceAccountsRequest.page_size], use
// the [next_page_token] as the value
// for the [ListServiceAccountsRequest.page_token] query parameter
// in the next list request. Each subsequent list request will have its own
// [next_page_token] to continue paging through the results.
string next_page_token = 2;
}
message CreateServiceAccountRequest {
// ID of the folder to create a service account in.
// To get the folder ID, use a [yandex.cloud.resourcemanager.v1.FolderService.List] request.
string folder_id = 1 [(required) = true, (length) = "<=50"];
// Name of the service account.
// The name must be unique within the cloud.
string name = 2 [(required) = true, (pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
// Description of the service account.
string description = 3 [(length) = "<=256"];
// Resource labels as `` key:value `` pairs.
map<string, string> labels = 4 [(yandex.cloud.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"];
}
message CreateServiceAccountMetadata {
// ID of the service account that is being created.
string service_account_id = 1;
}
message UpdateServiceAccountRequest {
// ID of the ServiceAccount resource to update.
// To get the service account ID, use a [ServiceAccountService.List] request.
string service_account_id = 1 [(required) = true, (length) = "<=50"];
// Field mask that specifies which fields of the ServiceAccount resource are going to be updated.
google.protobuf.FieldMask update_mask = 2;
// Name of the service account.
// The name must be unique within the cloud.
string name = 3 [(required) = true, (pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
// Description of the service account.
string description = 4 [(length) = "<=256"];
// Resource labels as `` key:value `` pairs.
map<string, string> labels = 5 [(yandex.cloud.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"];
}
message UpdateServiceAccountMetadata {
// ID of the ServiceAccount resource that is being updated.
string service_account_id = 1;
}
message DeleteServiceAccountRequest {
// ID of the service account to delete.
// To get the service account ID, use a [ServiceAccountService.List] request.
string service_account_id = 1 [(required) = true, (length) = "<=50"];
}
message DeleteServiceAccountMetadata {
// ID of the service account that is being deleted.
string service_account_id = 1;
}
message ListServiceAccountOperationsRequest {
// ID of the ServiceAccount resource to list operations for.
string service_account_id = 1 [(required) = true, (length) = "<=50"];
// The maximum number of results per page to return. If the number of available
// results is larger than [page_size], the service returns a [ListServiceAccountOperationsResponse.next_page_token]
// that can be used to get the next page of results in subsequent list requests.
// Default value: 100.
int64 page_size = 2 [(value) = "<=1000"];
// Page token. To get the next page of results, set [page_token]
// to the [ListServiceAccountOperationsResponse.next_page_token]
// returned by a previous list request.
string page_token = 3 [(length) = "<=2000"];
}
message ListServiceAccountOperationsResponse {
// List of operations for the specified service account.
repeated operation.Operation operations = 1;
// This token allows you to get the next page of results for list requests. If the number of results
// is larger than [ListServiceAccountOperationsRequest.page_size], use the [next_page_token] as the value
// for the [ListServiceAccountOperationsRequest.page_token] query parameter in the next list request.
// Each subsequent list request will have its own [next_page_token] to continue paging through the results.
string next_page_token = 2;
}
|
