dergeorg/SmartShopper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Firebase Update

Browse Source
This commit is contained in:
Lukas Nowy
2018-12-22 23:30:39 +01:00
parent befb44764d
commit acffe619b3
11523 changed files with 1614327 additions and 930246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

772
express-server/node_modules/google-proto-files/google/iam/admin/v1/iam.proto generated vendored Normal file
View File

@ -0,0 +1,772 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.admin.v1;
import "google/api/annotations.proto";
import "google/iam/v1/iam_policy.proto";
import "google/iam/v1/policy.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/iam/admin/v1;admin";
option java_multiple_files = true;
option java_outer_classname = "IamProto";
option java_package = "com.google.iam.admin.v1";
// Creates and manages service account objects.
//
// Service account is an account that belongs to your project instead
// of to an individual end user. It is used to authenticate calls
// to a Google API.
//
// To create a service account, specify the `project_id` and `account_id`
// for the account. The `account_id` is unique within the project, and used
// to generate the service account email address and a stable
// `unique_id`.
//
// All other methods can identify accounts using the format
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
service IAM {
// Lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project.
rpc ListServiceAccounts(ListServiceAccountsRequest) returns (ListServiceAccountsResponse) {
option (google.api.http) = { get: "/v1/{name=projects/*}/serviceAccounts" };
}
// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
rpc GetServiceAccount(GetServiceAccountRequest) returns (ServiceAccount) {
option (google.api.http) = { get: "/v1/{name=projects/*/serviceAccounts/*}" };
}
// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]
// and returns it.
rpc CreateServiceAccount(CreateServiceAccountRequest) returns (ServiceAccount) {
option (google.api.http) = { post: "/v1/{name=projects/*}/serviceAccounts" body: "*" };
}
// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// Currently, only the following fields are updatable:
// `display_name` .
// The `etag` is mandatory.
rpc UpdateServiceAccount(ServiceAccount) returns (ServiceAccount) {
option (google.api.http) = { put: "/v1/{name=projects/*/serviceAccounts/*}" body: "*" };
}
// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
rpc DeleteServiceAccount(DeleteServiceAccountRequest) returns (google.protobuf.Empty) {
option (google.api.http) = { delete: "/v1/{name=projects/*/serviceAccounts/*}" };
}
// Lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey].
rpc ListServiceAccountKeys(ListServiceAccountKeysRequest) returns (ListServiceAccountKeysResponse) {
option (google.api.http) = { get: "/v1/{name=projects/*/serviceAccounts/*}/keys" };
}
// Gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
// by key id.
rpc GetServiceAccountKey(GetServiceAccountKeyRequest) returns (ServiceAccountKey) {
option (google.api.http) = { get: "/v1/{name=projects/*/serviceAccounts/*/keys/*}" };
}
// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
// and returns it.
rpc CreateServiceAccountKey(CreateServiceAccountKeyRequest) returns (ServiceAccountKey) {
option (google.api.http) = { post: "/v1/{name=projects/*/serviceAccounts/*}/keys" body: "*" };
}
// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
rpc DeleteServiceAccountKey(DeleteServiceAccountKeyRequest) returns (google.protobuf.Empty) {
option (google.api.http) = { delete: "/v1/{name=projects/*/serviceAccounts/*/keys/*}" };
}
// Signs a blob using a service account's system-managed private key.
rpc SignBlob(SignBlobRequest) returns (SignBlobResponse) {
option (google.api.http) = { post: "/v1/{name=projects/*/serviceAccounts/*}:signBlob" body: "*" };
}
// Signs a JWT using a service account's system-managed private key.
//
// If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an
// an expiry time of one hour by default. If you request an expiry time of
// more than one hour, the request will fail.
rpc SignJwt(SignJwtRequest) returns (SignJwtResponse) {
option (google.api.http) = { post: "/v1/{name=projects/*/serviceAccounts/*}:signJwt" body: "*" };
}
// Returns the IAM access control policy for a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = { post: "/v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy" body: "" };
}
// Sets the IAM access control policy for a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
option (google.api.http) = { post: "/v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy" body: "*" };
}
// Tests the specified permissions against the IAM access control policy
// for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
option (google.api.http) = { post: "/v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions" body: "*" };
}
// Queries roles that can be granted on a particular resource.
// A role is grantable if it can be used as the role in a binding for a policy
// for that resource.
rpc QueryGrantableRoles(QueryGrantableRolesRequest) returns (QueryGrantableRolesResponse) {
option (google.api.http) = { post: "/v1/roles:queryGrantableRoles" body: "*" };
}
// Lists the Roles defined on a resource.
rpc ListRoles(ListRolesRequest) returns (ListRolesResponse) {
option (google.api.http) = { get: "/v1/roles" };
}
// Gets a Role definition.
rpc GetRole(GetRoleRequest) returns (Role) {
option (google.api.http) = { get: "/v1/{name=roles/*}" };
}
// Creates a new Role.
rpc CreateRole(CreateRoleRequest) returns (Role) {
option (google.api.http) = { post: "/v1/{parent=organizations/*}/roles" body: "*" };
}
// Updates a Role definition.
rpc UpdateRole(UpdateRoleRequest) returns (Role) {
option (google.api.http) = { patch: "/v1/{name=organizations/*/roles/*}" body: "role" };
}
// Soft deletes a role. The role is suspended and cannot be used to create new
// IAM Policy Bindings.
// The Role will not be included in `ListRoles()` unless `show_deleted` is set
// in the `ListRolesRequest`. The Role contains the deleted boolean set.
// Existing Bindings remains, but are inactive. The Role can be undeleted
// within 7 days. After 7 days the Role is deleted and all Bindings associated
// with the role are removed.
rpc DeleteRole(DeleteRoleRequest) returns (Role) {
option (google.api.http) = { delete: "/v1/{name=organizations/*/roles/*}" };
}
// Undelete a Role, bringing it back in its previous state.
rpc UndeleteRole(UndeleteRoleRequest) returns (Role) {
option (google.api.http) = { post: "/v1/{name=organizations/*/roles/*}:undelete" body: "*" };
}
// Lists the permissions testable on a resource.
// A permission is testable if it can be tested for an identity on a resource.
rpc QueryTestablePermissions(QueryTestablePermissionsRequest) returns (QueryTestablePermissionsResponse) {
option (google.api.http) = { post: "/v1/permissions:queryTestablePermissions" body: "*" };
}
}
// A service account in the Identity and Access Management API.
//
// To create a service account, specify the `project_id` and the `account_id`
// for the account. The `account_id` is unique within the project, and is used
// to generate the service account email address and a stable
// `unique_id`.
//
// If the account already exists, the account's resource name is returned
// in util::Status's ResourceInfo.resource_name in the format of
// projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
// use the name in other methods to access the account.
//
// All other methods can identify the service account using the format
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
message ServiceAccount {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
//
// Requests using `-` as a wildcard for the project will infer the project
// from the `account` and the `account` value can be the `email` address or
// the `unique_id` of the service account.
//
// In responses the resource name will always be in the format
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
string name = 1;
// @OutputOnly The id of the project that owns the service account.
string project_id = 2;
// @OutputOnly The unique and stable id of the service account.
string unique_id = 4;
// @OutputOnly The email address of the service account.
string email = 5;
// Optional. A user-specified description of the service account. Must be
// fewer than 100 UTF-8 bytes.
string display_name = 6;
// Used to perform a consistent read-modify-write.
bytes etag = 7;
// @OutputOnly. The OAuth2 client id for the service account.
// This is used in conjunction with the OAuth2 clientconfig API to make
// three legged OAuth2 (3LO) flows to access the data of Google users.
string oauth2_client_id = 9;
}
// The service account create request.
message CreateServiceAccountRequest {
// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
string name = 1;
// Required. The account id that is used to generate the service account
// email address and a stable unique id. It is unique within a project,
// must be 6-30 characters long, and match the regular expression
// `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
string account_id = 2;
// The [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to create.
// Currently, only the following values are user assignable:
// `display_name` .
ServiceAccount service_account = 3;
}
// The service account list request.
message ListServiceAccountsRequest {
// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
string name = 1;
// Optional limit on the number of service accounts to include in the
// response. Further accounts can subsequently be obtained by including the
// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token]
// in a subsequent request.
int32 page_size = 2;
// Optional pagination token returned in an earlier
// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token].
string page_token = 3;
}
// The service account list response.
message ListServiceAccountsResponse {
// The list of matching service accounts.
repeated ServiceAccount accounts = 1;
// To retrieve the next page of results, set
// [ListServiceAccountsRequest.page_token][google.iam.admin.v1.ListServiceAccountsRequest.page_token]
// to this value.
string next_page_token = 2;
}
// The service account get request.
message GetServiceAccountRequest {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
}
// The service account delete request.
message DeleteServiceAccountRequest {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
}
// The service account keys list request.
message ListServiceAccountKeysRequest {
// `KeyType` filters to selectively retrieve certain varieties
// of keys.
enum KeyType {
// Unspecified key type. The presence of this in the
// message will immediately result in an error.
KEY_TYPE_UNSPECIFIED = 0;
// User-managed keys (managed and rotated by the user).
USER_MANAGED = 1;
// System-managed keys (managed and rotated by Google).
SYSTEM_MANAGED = 2;
}
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
//
// Using `-` as a wildcard for the project, will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
// Filters the types of keys the user wants to include in the list
// response. Duplicate key types are not allowed. If no key type
// is provided, all keys are returned.
repeated KeyType key_types = 2;
}
// The service account keys list response.
message ListServiceAccountKeysResponse {
// The public keys for the service account.
repeated ServiceAccountKey keys = 1;
}
// The service account key get by id request.
message GetServiceAccountKeyRequest {
// The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}/keys/{key}`.
//
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
// The output format of the public key requested.
// X509_PEM is the default output format.
ServiceAccountPublicKeyType public_key_type = 2;
}
// Represents a service account key.
//
// A service account has two sets of key-pairs: user-managed, and
// system-managed.
//
// User-managed key-pairs can be created and deleted by users. Users are
// responsible for rotating these keys periodically to ensure security of
// their service accounts. Users retain the private key of these key-pairs,
// and Google retains ONLY the public key.
//
// System-managed key-pairs are managed automatically by Google, and rotated
// daily without user intervention. The private key never leaves Google's
// servers to maximize security.
//
// Public keys for all service accounts are also published at the OAuth2
// Service Account API.
message ServiceAccountKey {
// The resource name of the service account key in the following format
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}/keys/{key}`.
string name = 1;
// The output format for the private key.
// Only provided in `CreateServiceAccountKey` responses, not
// in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
//
// Google never exposes system-managed private keys, and never retains
// user-managed private keys.
ServiceAccountPrivateKeyType private_key_type = 2;
// Specifies the algorithm (and possibly key size) for the key.
ServiceAccountKeyAlgorithm key_algorithm = 8;
// The private key data. Only provided in `CreateServiceAccountKey`
// responses. Make sure to keep the private key data secure because it
// allows for the assertion of the service account identity.
// When decoded, the private key data can be used to authenticate with
// Google API client libraries and with
// <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
// auth activate-service-account</a>.
bytes private_key_data = 3;
// The public key data. Only provided in `GetServiceAccountKey` responses.
bytes public_key_data = 7;
// The key can be used after this timestamp.
google.protobuf.Timestamp valid_after_time = 4;
// The key can be used before this timestamp.
google.protobuf.Timestamp valid_before_time = 5;
}
// The service account key create request.
message CreateServiceAccountKeyRequest {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
// The output format of the private key. `GOOGLE_CREDENTIALS_FILE` is the
// default output format.
ServiceAccountPrivateKeyType private_key_type = 2;
// Which type of key and algorithm to use for the key.
// The default is currently a 2K RSA key. However this may change in the
// future.
ServiceAccountKeyAlgorithm key_algorithm = 3;
}
// The service account key delete request.
message DeleteServiceAccountKeyRequest {
// The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}/keys/{key}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
}
// The service account sign blob request.
message SignBlobRequest {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
// The bytes to sign.
bytes bytes_to_sign = 2;
}
// The service account sign blob response.
message SignBlobResponse {
// The id of the key used to sign the blob.
string key_id = 1;
// The signed blob.
bytes signature = 2;
}
// The service account sign JWT request.
message SignJwtRequest {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
// Using `-` as a wildcard for the project will infer the project from
// the account. The `account` value can be the `email` address or the
// `unique_id` of the service account.
string name = 1;
// The JWT payload to sign, a JSON JWT Claim set.
string payload = 2;
}
// The service account sign JWT response.
message SignJwtResponse {
// The id of the key used to sign the JWT.
string key_id = 1;
// The signed JWT.
string signed_jwt = 2;
}
// A role in the Identity and Access Management API.
message Role {
// A stage representing a role's lifecycle phase.
enum RoleLaunchStage {
// The user has indicated this role is currently in an alpha phase.
ALPHA = 0;
// The user has indicated this role is currently in a beta phase.
BETA = 1;
// The user has indicated this role is generally available.
GA = 2;
// The user has indicated this role is being deprecated.
DEPRECATED = 4;
// This role is disabled and will not contribute permissions to any members
// it is granted to in policies.
DISABLED = 5;
// The user has indicated this role is currently in an eap phase.
EAP = 6;
}
// The name of the role.
//
// When Role is used in CreateRole, the role name must not be set.
//
// When Role is used in output and other input such as UpdateRole, the role
// name is the complete path, e.g., roles/logging.viewer for curated roles
// and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
string name = 1;
// Optional. A human-readable title for the role. Typically this
// is limited to 100 UTF-8 bytes.
string title = 2;
// Optional. A human-readable description for the role.
string description = 3;
// The names of the permissions this role grants when bound in an IAM policy.
repeated string included_permissions = 7;
// The current launch stage of the role.
RoleLaunchStage stage = 8;
// Used to perform a consistent read-modify-write.
bytes etag = 9;
// The current deleted state of the role. This field is read only.
// It will be ignored in calls to CreateRole and UpdateRole.
bool deleted = 11;
}
// The grantable role query request.
message QueryGrantableRolesRequest {
// Required. The full resource name to query from the list of grantable roles.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
string full_resource_name = 1;
RoleView view = 2;
// Optional limit on the number of roles to include in the response.
int32 page_size = 3;
// Optional pagination token returned in an earlier
// QueryGrantableRolesResponse.
string page_token = 4;
}
// The grantable role query response.
message QueryGrantableRolesResponse {
// The list of matching roles.
repeated Role roles = 1;
// To retrieve the next page of results, set
// `QueryGrantableRolesRequest.page_token` to this value.
string next_page_token = 2;
}
// The request to get all roles defined under a resource.
message ListRolesRequest {
// The resource name of the parent resource in one of the following formats:
// `` (empty string) -- this refers to curated roles.
// `organizations/{ORGANIZATION_ID}`
// `projects/{PROJECT_ID}`
string parent = 1;
// Optional limit on the number of roles to include in the response.
int32 page_size = 2;
// Optional pagination token returned in an earlier ListRolesResponse.
string page_token = 3;
// Optional view for the returned Role objects.
RoleView view = 4;
// Include Roles that have been deleted.
bool show_deleted = 6;
}
// The response containing the roles defined under a resource.
message ListRolesResponse {
// The Roles defined on this resource.
repeated Role roles = 1;
// To retrieve the next page of results, set
// `ListRolesRequest.page_token` to this value.
string next_page_token = 2;
}
// The request to get the definition of an existing role.
message GetRoleRequest {
// The resource name of the role in one of the following formats:
// `roles/{ROLE_NAME}`
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
string name = 1;
}
// The request to create a new role.
message CreateRoleRequest {
// The resource name of the parent resource in one of the following formats:
// `organizations/{ORGANIZATION_ID}`
// `projects/{PROJECT_ID}`
string parent = 1;
// The role id to use for this role.
string role_id = 2;
// The Role resource to create.
Role role = 3;
}
// The request to update a role.
message UpdateRoleRequest {
// The resource name of the role in one of the following formats:
// `roles/{ROLE_NAME}`
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
string name = 1;
// The updated role.
Role role = 2;
// A mask describing which fields in the Role have changed.
google.protobuf.FieldMask update_mask = 3;
}
// The request to delete an existing role.
message DeleteRoleRequest {
// The resource name of the role in one of the following formats:
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
string name = 1;
// Used to perform a consistent read-modify-write.
bytes etag = 2;
}
// The request to undelete an existing role.
message UndeleteRoleRequest {
// The resource name of the role in one of the following formats:
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
string name = 1;
// Used to perform a consistent read-modify-write.
bytes etag = 2;
}
// A permission which can be included by a role.
message Permission {
// A stage representing a permission's lifecycle phase.
enum PermissionLaunchStage {
// The permission is currently in an alpha phase.
ALPHA = 0;
// The permission is currently in a beta phase.
BETA = 1;
// The permission is generally available.
GA = 2;
// The permission is being deprecated.
DEPRECATED = 3;
}
// The state of the permission with regards to custom roles.
enum CustomRolesSupportLevel {
// Permission is fully supported for custom role use.
SUPPORTED = 0;
// Permission is being tested to check custom role compatibility.
TESTING = 1;
// Permission is not supported for custom role use.
NOT_SUPPORTED = 2;
}
// The name of this Permission.
string name = 1;
// The title of this Permission.
string title = 2;
// A brief description of what this Permission is used for.
string description = 3;
// This permission can ONLY be used in predefined roles.
bool only_in_predefined_roles = 4;
// The current launch stage of the permission.
PermissionLaunchStage stage = 5;
// The current custom role support level.
CustomRolesSupportLevel custom_roles_support_level = 6;
}
// A request to get permissions which can be tested on a resource.
message QueryTestablePermissionsRequest {
// Required. The full resource name to query from the list of testable
// permissions.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
string full_resource_name = 1;
// Optional limit on the number of permissions to include in the response.
int32 page_size = 2;
// Optional pagination token returned in an earlier
// QueryTestablePermissionsRequest.
string page_token = 3;
}
// The response containing permissions which can be tested on a resource.
message QueryTestablePermissionsResponse {
// The Permissions testable on the requested resource.
repeated Permission permissions = 1;
// To retrieve the next page of results, set
// `QueryTestableRolesRequest.page_token` to this value.
string next_page_token = 2;
}
// Supported key algorithms.
enum ServiceAccountKeyAlgorithm {
// An unspecified key algorithm.
KEY_ALG_UNSPECIFIED = 0;
// 1k RSA Key.
KEY_ALG_RSA_1024 = 1;
// 2k RSA Key.
KEY_ALG_RSA_2048 = 2;
}
// Supported private key output formats.
enum ServiceAccountPrivateKeyType {
// Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.
TYPE_UNSPECIFIED = 0;
// PKCS12 format.
// The password for the PKCS12 file is `notasecret`.
// For more information, see https://tools.ietf.org/html/rfc7292.
TYPE_PKCS12_FILE = 1;
// Google Credentials File format.
TYPE_GOOGLE_CREDENTIALS_FILE = 2;
}
// Supported public key output formats.
enum ServiceAccountPublicKeyType {
// Unspecified. Returns nothing here.
TYPE_NONE = 0;
// X509 PEM format.
TYPE_X509_PEM_FILE = 1;
// Raw public key.
TYPE_RAW_PUBLIC_KEY = 2;
}
// A view for Role objects.
enum RoleView {
// Omits the `included_permissions` field.
// This is the default value.
BASIC = 0;
// Returns all fields.
FULL = 1;
}

224
express-server/node_modules/google-proto-files/google/iam/credentials/v1/common.proto generated vendored Normal file
View File

@ -0,0 +1,224 @@
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.credentials.v1;
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
option java_multiple_files = true;
option java_outer_classname = "IAMCredentialsCommonProto";
option java_package = "com.google.iam.credentials.v1";
message GenerateAccessTokenRequest {
// The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
string name = 1;
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
repeated string delegates = 2;
// Code to identify the scopes to be included in the OAuth 2.0 access token.
// See https://developers.google.com/identity/protocols/googlescopes for more
// information.
// At least one value required.
repeated string scope = 4;
// The desired lifetime duration of the access token in seconds.
// Must be set to a value less than or equal to 3600 (1 hour). If a value is
// not specified, the token's lifetime will be set to a default value of one
// hour.
google.protobuf.Duration lifetime = 7;
}
message GenerateAccessTokenResponse {
// The OAuth 2.0 access token.
string access_token = 1;
// Token expiration time.
// The expiration time is always set.
google.protobuf.Timestamp expire_time = 3;
}
message SignBlobRequest {
// The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
string name = 1;
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
repeated string delegates = 3;
// The bytes to sign.
bytes payload = 5;
}
message SignBlobResponse {
// The ID of the key used to sign the blob.
string key_id = 1;
// The signed blob.
bytes signed_blob = 4;
}
message SignJwtRequest {
// The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
string name = 1;
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
repeated string delegates = 3;
// The JWT payload to sign: a JSON object that contains a JWT Claims Set.
string payload = 5;
}
message SignJwtResponse {
// The ID of the key used to sign the JWT.
string key_id = 1;
// The signed JWT.
string signed_jwt = 2;
}
message GenerateIdTokenRequest {
// The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
string name = 1;
// The sequence of service accounts in a delegation chain. Each service
// account must be granted the `roles/iam.serviceAccountTokenCreator` role
// on its next service account in the chain. The last service account in the
// chain must be granted the `roles/iam.serviceAccountTokenCreator` role
// on the service account that is specified in the `name` field of the
// request.
//
// The delegates must have the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
repeated string delegates = 2;
// The audience for the token, such as the API or account that this token
// grants access to.
string audience = 3;
// Include the service account email in the token. If set to `true`, the
// token will contain `email` and `email_verified` claims.
bool include_email = 4;
}
message GenerateIdTokenResponse {
// The OpenId Connect ID token.
string token = 1;
}
message GenerateIdentityBindingAccessTokenRequest {
// The resource name of the service account for which the credentials
// are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
string name = 1;
// Code to identify the scopes to be included in the OAuth 2.0 access token.
// See https://developers.google.com/identity/protocols/googlescopes for more
// information.
// At least one value required.
repeated string scope = 2;
// Required. Input token.
// Must be in JWT format according to
// RFC7523 (https://tools.ietf.org/html/rfc7523)
// and must have 'kid' field in the header.
// Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
// Mandatory payload fields (along the lines of RFC 7523, section 3):
// - iss: issuer of the token. Must provide a discovery document at
// $iss/.well-known/openid-configuration . The document needs to be
// formatted according to section 4.2 of the OpenID Connect Discovery
// 1.0 specification.
// - iat: Issue time in seconds since epoch. Must be in the past.
// - exp: Expiration time in seconds since epoch. Must be less than 48 hours
// after iat. We recommend to create tokens that last shorter than 6
// hours to improve security unless business reasons mandate longer
// expiration times. Shorter token lifetimes are generally more secure
// since tokens that have been exfiltrated by attackers can be used for
// a shorter time. you can configure the maximum lifetime of the
// incoming token in the configuration of the mapper.
// The resulting Google token will expire within an hour or at "exp",
// whichever is earlier.
// - sub: JWT subject, identity asserted in the JWT.
// - aud: Configured in the mapper policy. By default the service account
// email.
//
// Claims from the incoming token can be transferred into the output token
// accoding to the mapper configuration. The outgoing claim size is limited.
// Outgoing claims size must be less than 4kB serialized as JSON without
// whitespace.
//
// Example header:
// {
// "alg": "RS256",
// "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
// }
// Example payload:
// {
// "iss": "https://accounts.google.com",
// "iat": 1517963104,
// "exp": 1517966704,
// "aud": "https://iamcredentials.googleapis.com/",
// "sub": "113475438248934895348",
// "my_claims": {
// "additional_claim": "value"
// }
// }
string jwt = 3;
}
message GenerateIdentityBindingAccessTokenResponse {
// The OAuth 2.0 access token.
string access_token = 1;
// Token expiration time.
// The expiration time is always set.
google.protobuf.Timestamp expire_time = 2;
}

78
express-server/node_modules/google-proto-files/google/iam/credentials/v1/iamcredentials.proto generated vendored Normal file
View File

@ -0,0 +1,78 @@
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.credentials.v1;
import "google/api/annotations.proto";
import "google/iam/credentials/v1/common.proto";
option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
// A service account is a special type of Google account that belongs to your
// application or a virtual machine (VM), instead of to an individual end user.
// Your application assumes the identity of the service account to call Google
// APIs, so that the users aren't directly involved.
//
// Service account credentials are used to temporarily assume the identity
// of the service account. Supported credential types include OAuth 2.0 access
// tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
// more.
service IAMCredentials {
// Generates an OAuth 2.0 access token for a service account.
rpc GenerateAccessToken(GenerateAccessTokenRequest) returns (GenerateAccessTokenResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/serviceAccounts/*}:generateAccessToken"
body: "*"
};
}
// Generates an OpenID Connect ID token for a service account.
rpc GenerateIdToken(GenerateIdTokenRequest) returns (GenerateIdTokenResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdToken"
body: "*"
};
}
// Signs a blob using a service account's system-managed private key.
rpc SignBlob(SignBlobRequest) returns (SignBlobResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/serviceAccounts/*}:signBlob"
body: "*"
};
}
// Signs a JWT using a service account's system-managed private key.
rpc SignJwt(SignJwtRequest) returns (SignJwtResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/serviceAccounts/*}:signJwt"
body: "*"
};
}
// Exchange a JWT signed by third party identity provider to an OAuth 2.0
// access token
rpc GenerateIdentityBindingAccessToken(
GenerateIdentityBindingAccessTokenRequest)
returns (GenerateIdentityBindingAccessTokenResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdentityBindingAccessToken"
body: "*"
};
}
}

119
express-server/node_modules/google-proto-files/google/iam/v1/iam_policy.proto generated vendored Normal file
View File

@ -0,0 +1,119 @@
// Copyright 2016 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.v1;
import "google/api/annotations.proto";
import "google/iam/v1/policy.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Iam.V1";
option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam";
option java_multiple_files = true;
option java_outer_classname = "IamPolicyProto";
option java_package = "com.google.iam.v1";
option php_namespace = "Google\\Cloud\\Iam\\V1";
// ## API Overview
//
// Manages Identity and Access Management (IAM) policies.
//
// Any implementation of an API that offers access control features
// implements the google.iam.v1.IAMPolicy interface.
//
// ## Data model
//
// Access control is applied when a principal (user or service account), takes
// some action on a resource exposed by a service. Resources, identified by
// URI-like names, are the unit of access control specification. Service
// implementations can choose the granularity of access control and the
// supported permissions for their resources.
// For example one database service may allow access control to be
// specified only at the Table level, whereas another might allow access control
// to also be specified at the Column level.
//
// ## Policy Structure
//
// See google.iam.v1.Policy
//
// This is intentionally not a CRUD style API because access control policies
// are created and deleted implicitly with the resources to which they are
// attached.
service IAMPolicy {
// Sets the access control policy on the specified resource. Replaces any
// existing policy.
rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) {
option (google.api.http) = { post: "/v1/{resource=**}:setIamPolicy" body: "*" };
}
// Gets the access control policy for a resource.
// Returns an empty policy if the resource exists and does not have a policy
// set.
rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) {
option (google.api.http) = { post: "/v1/{resource=**}:getIamPolicy" body: "*" };
}
// Returns permissions that a caller has on the specified resource.
// If the resource does not exist, this will return an empty set of
// permissions, not a NOT_FOUND error.
rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) {
option (google.api.http) = { post: "/v1/{resource=**}:testIamPermissions" body: "*" };
}
}
// Request message for `SetIamPolicy` method.
message SetIamPolicyRequest {
// REQUIRED: The resource for which the policy is being specified.
// `resource` is usually specified as a path. For example, a Project
// resource is specified as `projects/{project}`.
string resource = 1;
// REQUIRED: The complete policy to be applied to the `resource`. The size of
// the policy is limited to a few 10s of KB. An empty policy is a
// valid policy but certain Cloud Platform services (such as Projects)
// might reject them.
Policy policy = 2;
}
// Request message for `GetIamPolicy` method.
message GetIamPolicyRequest {
// REQUIRED: The resource for which the policy is being requested.
// `resource` is usually specified as a path. For example, a Project
// resource is specified as `projects/{project}`.
string resource = 1;
}
// Request message for `TestIamPermissions` method.
message TestIamPermissionsRequest {
// REQUIRED: The resource for which the policy detail is being requested.
// `resource` is usually specified as a path. For example, a Project
// resource is specified as `projects/{project}`.
string resource = 1;
// The set of permissions to check for the `resource`. Permissions with
// wildcards (such as '*' or 'storage.*') are not allowed. For more
// information see
// [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
repeated string permissions = 2;
}
// Response message for `TestIamPermissions` method.
message TestIamPermissionsResponse {
// A subset of `TestPermissionsRequest.permissions` that the caller is
// allowed.
repeated string permissions = 1;
}

35
express-server/node_modules/google-proto-files/google/iam/v1/logging/audit_data.proto generated vendored Normal file
View File

@ -0,0 +1,35 @@
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.v1.logging;
import "google/api/annotations.proto";
import "google/iam/v1/policy.proto";
option csharp_namespace = "Google.Cloud.Iam.V1.Logging";
option go_package = "google.golang.org/genproto/googleapis/iam/v1/logging;logging";
option java_multiple_files = true;
option java_outer_classname = "AuditDataProto";
option java_package = "com.google.iam.v1.logging";
// Audit log information specific to Cloud IAM. This message is serialized
// as an `Any` type in the `ServiceData` message of an
// `AuditLog` message.
message AuditData {
// Policy delta between the original policy and the newly set policy.
google.iam.v1.PolicyDelta policy_delta = 2;
}

150
express-server/node_modules/google-proto-files/google/iam/v1/policy.proto generated vendored Normal file
View File

@ -0,0 +1,150 @@
// Copyright 2016 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.iam.v1;
import "google/api/annotations.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Iam.V1";
option go_package = "google.golang.org/genproto/googleapis/iam/v1;iam";
option java_multiple_files = true;
option java_outer_classname = "PolicyProto";
option java_package = "com.google.iam.v1";
option php_namespace = "Google\\Cloud\\Iam\\V1";
// Defines an Identity and Access Management (IAM) policy. It is used to
// specify access control policies for Cloud Platform resources.
//
//
// A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
// `members` to a `role`, where the members can be user accounts, Google groups,
// Google domains, and service accounts. A `role` is a named list of permissions
// defined by IAM.
//
// **Example**
//
// {
// "bindings": [
// {
// "role": "roles/owner",
// "members": [
// "user:mike@example.com",
// "group:admins@example.com",
// "domain:google.com",
// "serviceAccount:my-other-app@appspot.gserviceaccount.com",
// ]
// },
// {
// "role": "roles/viewer",
// "members": ["user:sean@example.com"]
// }
// ]
// }
//
// For a description of IAM and its features, see the
// [IAM developer's guide](https://cloud.google.com/iam).
message Policy {
// Version of the `Policy`. The default version is 0.
int32 version = 1;
// Associates a list of `members` to a `role`.
// Multiple `bindings` must not be specified for the same `role`.
// `bindings` with no members will result in an error.
repeated Binding bindings = 4;
// `etag` is used for optimistic concurrency control as a way to help
// prevent simultaneous updates of a policy from overwriting each other.
// It is strongly suggested that systems make use of the `etag` in the
// read-modify-write cycle to perform policy updates in order to avoid race
// conditions: An `etag` is returned in the response to `getIamPolicy`, and
// systems are expected to put that etag in the request to `setIamPolicy` to
// ensure that their change will be applied to the same version of the policy.
//
// If no `etag` is provided in the call to `setIamPolicy`, then the existing
// policy is overwritten blindly.
bytes etag = 3;
}
// Associates `members` with a `role`.
message Binding {
// Role that is assigned to `members`.
// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
// Required
string role = 1;
// Specifies the identities requesting access for a Cloud Platform resource.
// `members` can have the following values:
//
// * `allUsers`: A special identifier that represents anyone who is
// on the internet; with or without a Google account.
//
// * `allAuthenticatedUsers`: A special identifier that represents anyone
// who is authenticated with a Google account or a service account.
//
// * `user:{emailid}`: An email address that represents a specific Google
// account. For example, `alice@gmail.com` or `joe@example.com`.
//
//
// * `serviceAccount:{emailid}`: An email address that represents a service
// account. For example, `my-other-app@appspot.gserviceaccount.com`.
//
// * `group:{emailid}`: An email address that represents a Google group.
// For example, `admins@example.com`.
//
// * `domain:{domain}`: A Google Apps domain name that represents all the
// users of that domain. For example, `google.com` or `example.com`.
//
//
repeated string members = 2;
}
// The difference delta between two policies.
message PolicyDelta {
// The delta for Bindings between two policies.
repeated BindingDelta binding_deltas = 1;
}
// One delta entry for Binding. Each individual change (only one member in each
// entry) to a binding will be a separate entry.
message BindingDelta {
// The type of action performed on a Binding in a policy.
enum Action {
// Unspecified.
ACTION_UNSPECIFIED = 0;
// Addition of a Binding.
ADD = 1;
// Removal of a Binding.
REMOVE = 2;
}
// The action that was performed on a Binding.
// Required
Action action = 1;
// Role that is assigned to `members`.
// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
// Required
string role = 2;
// A single identity requesting access for a Cloud Platform resource.
// Follows the same format of Binding.members.
// Required
string member = 3;
}