diff --git a/packages/grpc-google-iam-v1/README.rst b/packages/grpc-google-iam-v1/README.rst index 7546401d4a17..409dc1c1ca41 100644 --- a/packages/grpc-google-iam-v1/README.rst +++ b/packages/grpc-google-iam-v1/README.rst @@ -162,7 +162,7 @@ Code-Based Examples import logging - from google.cloud.translate_v3 import translate + from google.cloud import library_v1 base_logger = logging.getLogger("google") base_logger.addHandler(logging.StreamHandler()) @@ -174,7 +174,7 @@ Code-Based Examples import logging - from google.cloud.translate_v3 import translate + from google.cloud import library_v1 base_logger = logging.getLogger("google.cloud.library_v1") base_logger.addHandler(logging.StreamHandler()) diff --git a/packages/grpc-google-iam-v1/google/iam/v1/iam_policy.proto b/packages/grpc-google-iam-v1/google/iam/v1/iam_policy.proto new file mode 100644 index 000000000000..a123ab8411f8 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/iam_policy.proto @@ -0,0 +1,157 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/iam/v1/options.proto"; +import "google/iam/v1/policy.proto"; +import "google/protobuf/field_mask.proto"; + +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option java_multiple_files = true; +option java_outer_classname = "IamPolicyProto"; +option java_package = "com.google.iam.v1"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; + +// API Overview +// +// Manages Identity and Access Management (IAM) policies. +// +// Any implementation of an API that offers access control features +// implements the google.iam.v1.IAMPolicy interface. +// +// ## Data model +// +// Access control is applied when a principal (user or service account), takes +// some action on a resource exposed by a service. Resources, identified by +// URI-like names, are the unit of access control specification. Service +// implementations can choose the granularity of access control and the +// supported permissions for their resources. +// For example one database service may allow access control to be +// specified only at the Table level, whereas another might allow access control +// to also be specified at the Column level. +// +// ## Policy Structure +// +// See google.iam.v1.Policy +// +// This is intentionally not a CRUD style API because access control policies +// are created and deleted implicitly with the resources to which they are +// attached. +service IAMPolicy { + option (google.api.default_host) = "iam-meta-api.googleapis.com"; + + // Sets the access control policy on the specified resource. Replaces any + // existing policy. + // + // Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. + rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) { + option (google.api.http) = { + post: "/v1/{resource=**}:setIamPolicy" + body: "*" + }; + } + + // Gets the access control policy for a resource. + // Returns an empty policy if the resource exists and does not have a policy + // set. + rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) { + option (google.api.http) = { + post: "/v1/{resource=**}:getIamPolicy" + body: "*" + }; + } + + // Returns permissions that a caller has on the specified resource. + // If the resource does not exist, this will return an empty set of + // permissions, not a `NOT_FOUND` error. + // + // Note: This operation is designed to be used for building permission-aware + // UIs and command-line tools, not for authorization checking. This operation + // may "fail open" without warning. + rpc TestIamPermissions(TestIamPermissionsRequest) + returns (TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1/{resource=**}:testIamPermissions" + body: "*" + }; + } +} + +// Request message for `SetIamPolicy` method. +message SetIamPolicyRequest { + // REQUIRED: The resource for which the policy is being specified. + // See the operation documentation for the appropriate value for this field. + string resource = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference).type = "*" + ]; + + // REQUIRED: The complete policy to be applied to the `resource`. The size of + // the policy is limited to a few 10s of KB. An empty policy is a + // valid policy but certain Cloud Platform services (such as Projects) + // might reject them. + Policy policy = 2 [(google.api.field_behavior) = REQUIRED]; + + // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only + // the fields in the mask will be modified. If no mask is provided, the + // following default mask is used: + // + // `paths: "bindings, etag"` + google.protobuf.FieldMask update_mask = 3; +} + +// Request message for `GetIamPolicy` method. +message GetIamPolicyRequest { + // REQUIRED: The resource for which the policy is being requested. + // See the operation documentation for the appropriate value for this field. + string resource = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference).type = "*" + ]; + + // OPTIONAL: A `GetPolicyOptions` object for specifying options to + // `GetIamPolicy`. + GetPolicyOptions options = 2; +} + +// Request message for `TestIamPermissions` method. +message TestIamPermissionsRequest { + // REQUIRED: The resource for which the policy detail is being requested. + // See the operation documentation for the appropriate value for this field. + string resource = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference).type = "*" + ]; + + // The set of permissions to check for the `resource`. Permissions with + // wildcards (such as '*' or 'storage.*') are not allowed. For more + // information see + // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + repeated string permissions = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Response message for `TestIamPermissions` method. +message TestIamPermissionsResponse { + // A subset of `TestPermissionsRequest.permissions` that the caller is + // allowed. + repeated string permissions = 1; +} diff --git a/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.py b/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.py index 39cae7e2b58a..5300b13a38ad 100644 --- a/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.py +++ b/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/iam/v1/iam_policy.proto +# Protobuf Python Version: 4.25.3 """Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import descriptor_pool as _descriptor_pool @@ -27,14 +28,13 @@ _sym_db = _symbol_database.Default() -from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2 from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 from google.api import client_pb2 as google_dot_api_dot_client__pb2 +from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2 from google.api import resource_pb2 as google_dot_api_dot_resource__pb2 -from google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2 - from google.iam.v1 import options_pb2 as google_dot_iam_dot_v1_dot_options__pb2 from google.iam.v1 import policy_pb2 as google_dot_iam_dot_v1_dot_policy__pb2 +from google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2 DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile( b'\n\x1egoogle/iam/v1/iam_policy.proto\x12\rgoogle.iam.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1bgoogle/iam/v1/options.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a google/protobuf/field_mask.proto"\x8f\x01\n\x13SetIamPolicyRequest\x12\x1b\n\x08resource\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12*\n\x06policy\x18\x02 \x01(\x0b\x32\x15.google.iam.v1.PolicyB\x03\xe0\x41\x02\x12/\n\x0bupdate_mask\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.FieldMask"d\n\x13GetIamPolicyRequest\x12\x1b\n\x08resource\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x30\n\x07options\x18\x02 \x01(\x0b\x32\x1f.google.iam.v1.GetPolicyOptions"R\n\x19TestIamPermissionsRequest\x12\x1b\n\x08resource\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x18\n\x0bpermissions\x18\x02 \x03(\tB\x03\xe0\x41\x02"1\n\x1aTestIamPermissionsResponse\x12\x13\n\x0bpermissions\x18\x01 \x03(\t2\xb4\x03\n\tIAMPolicy\x12t\n\x0cSetIamPolicy\x12".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy")\x82\xd3\xe4\x93\x02#"\x1e/v1/{resource=**}:setIamPolicy:\x01*\x12t\n\x0cGetIamPolicy\x12".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy")\x82\xd3\xe4\x93\x02#"\x1e/v1/{resource=**}:getIamPolicy:\x01*\x12\x9a\x01\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse"/\x82\xd3\xe4\x93\x02)"$/v1/{resource=**}:testIamPermissions:\x01*\x1a\x1e\xca\x41\x1biam-meta-api.googleapis.comB|\n\x11\x63om.google.iam.v1B\x0eIamPolicyProtoP\x01Z)cloud.google.com/go/iam/apiv1/iampb;iampb\xaa\x02\x13Google.Cloud.Iam.V1\xca\x02\x13Google\\Cloud\\Iam\\V1b\x06proto3' @@ -46,42 +46,46 @@ DESCRIPTOR, "google.iam.v1.iam_policy_pb2", _globals ) if _descriptor._USE_C_DESCRIPTORS == False: - DESCRIPTOR._options = None - DESCRIPTOR._serialized_options = b"\n\021com.google.iam.v1B\016IamPolicyProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" - _SETIAMPOLICYREQUEST.fields_by_name["resource"]._options = None - _SETIAMPOLICYREQUEST.fields_by_name[ + _globals["DESCRIPTOR"]._options = None + _globals[ + "DESCRIPTOR" + ]._serialized_options = b"\n\021com.google.iam.v1B\016IamPolicyProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" + _globals["_SETIAMPOLICYREQUEST"].fields_by_name["resource"]._options = None + _globals["_SETIAMPOLICYREQUEST"].fields_by_name[ "resource" ]._serialized_options = b"\340A\002\372A\003\n\001*" - _SETIAMPOLICYREQUEST.fields_by_name["policy"]._options = None - _SETIAMPOLICYREQUEST.fields_by_name["policy"]._serialized_options = b"\340A\002" - _GETIAMPOLICYREQUEST.fields_by_name["resource"]._options = None - _GETIAMPOLICYREQUEST.fields_by_name[ + _globals["_SETIAMPOLICYREQUEST"].fields_by_name["policy"]._options = None + _globals["_SETIAMPOLICYREQUEST"].fields_by_name[ + "policy" + ]._serialized_options = b"\340A\002" + _globals["_GETIAMPOLICYREQUEST"].fields_by_name["resource"]._options = None + _globals["_GETIAMPOLICYREQUEST"].fields_by_name[ "resource" ]._serialized_options = b"\340A\002\372A\003\n\001*" - _TESTIAMPERMISSIONSREQUEST.fields_by_name["resource"]._options = None - _TESTIAMPERMISSIONSREQUEST.fields_by_name[ + _globals["_TESTIAMPERMISSIONSREQUEST"].fields_by_name["resource"]._options = None + _globals["_TESTIAMPERMISSIONSREQUEST"].fields_by_name[ "resource" ]._serialized_options = b"\340A\002\372A\003\n\001*" - _TESTIAMPERMISSIONSREQUEST.fields_by_name["permissions"]._options = None - _TESTIAMPERMISSIONSREQUEST.fields_by_name[ + _globals["_TESTIAMPERMISSIONSREQUEST"].fields_by_name["permissions"]._options = None + _globals["_TESTIAMPERMISSIONSREQUEST"].fields_by_name[ "permissions" ]._serialized_options = b"\340A\002" - _IAMPOLICY._options = None - _IAMPOLICY._serialized_options = b"\312A\033iam-meta-api.googleapis.com" - _IAMPOLICY.methods_by_name["SetIamPolicy"]._options = None - _IAMPOLICY.methods_by_name[ + _globals["_IAMPOLICY"]._options = None + _globals["_IAMPOLICY"]._serialized_options = b"\312A\033iam-meta-api.googleapis.com" + _globals["_IAMPOLICY"].methods_by_name["SetIamPolicy"]._options = None + _globals["_IAMPOLICY"].methods_by_name[ "SetIamPolicy" ]._serialized_options = ( b'\202\323\344\223\002#"\036/v1/{resource=**}:setIamPolicy:\001*' ) - _IAMPOLICY.methods_by_name["GetIamPolicy"]._options = None - _IAMPOLICY.methods_by_name[ + _globals["_IAMPOLICY"].methods_by_name["GetIamPolicy"]._options = None + _globals["_IAMPOLICY"].methods_by_name[ "GetIamPolicy" ]._serialized_options = ( b'\202\323\344\223\002#"\036/v1/{resource=**}:getIamPolicy:\001*' ) - _IAMPOLICY.methods_by_name["TestIamPermissions"]._options = None - _IAMPOLICY.methods_by_name[ + _globals["_IAMPOLICY"].methods_by_name["TestIamPermissions"]._options = None + _globals["_IAMPOLICY"].methods_by_name[ "TestIamPermissions" ]._serialized_options = ( b'\202\323\344\223\002)"$/v1/{resource=**}:testIamPermissions:\001*' diff --git a/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.pyi b/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.pyi new file mode 100644 index 000000000000..26e6b9ab8db5 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/iam_policy_pb2.pyi @@ -0,0 +1,77 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from typing import ClassVar as _ClassVar +from typing import Iterable as _Iterable +from typing import Mapping as _Mapping +from typing import Optional as _Optional +from typing import Union as _Union + +from google.api import annotations_pb2 as _annotations_pb2 +from google.api import client_pb2 as _client_pb2 +from google.api import field_behavior_pb2 as _field_behavior_pb2 +from google.api import resource_pb2 as _resource_pb2 +from google.iam.v1 import options_pb2 as _options_pb2 +from google.iam.v1 import policy_pb2 as _policy_pb2 +from google.protobuf import descriptor as _descriptor +from google.protobuf import field_mask_pb2 as _field_mask_pb2 +from google.protobuf import message as _message +from google.protobuf.internal import containers as _containers + +DESCRIPTOR: _descriptor.FileDescriptor + +class SetIamPolicyRequest(_message.Message): + __slots__ = ("resource", "policy", "update_mask") + RESOURCE_FIELD_NUMBER: _ClassVar[int] + POLICY_FIELD_NUMBER: _ClassVar[int] + UPDATE_MASK_FIELD_NUMBER: _ClassVar[int] + resource: str + policy: _policy_pb2.Policy + update_mask: _field_mask_pb2.FieldMask + def __init__( + self, + resource: _Optional[str] = ..., + policy: _Optional[_Union[_policy_pb2.Policy, _Mapping]] = ..., + update_mask: _Optional[_Union[_field_mask_pb2.FieldMask, _Mapping]] = ..., + ) -> None: ... + +class GetIamPolicyRequest(_message.Message): + __slots__ = ("resource", "options") + RESOURCE_FIELD_NUMBER: _ClassVar[int] + OPTIONS_FIELD_NUMBER: _ClassVar[int] + resource: str + options: _options_pb2.GetPolicyOptions + def __init__( + self, + resource: _Optional[str] = ..., + options: _Optional[_Union[_options_pb2.GetPolicyOptions, _Mapping]] = ..., + ) -> None: ... + +class TestIamPermissionsRequest(_message.Message): + __slots__ = ("resource", "permissions") + RESOURCE_FIELD_NUMBER: _ClassVar[int] + PERMISSIONS_FIELD_NUMBER: _ClassVar[int] + resource: str + permissions: _containers.RepeatedScalarFieldContainer[str] + def __init__( + self, + resource: _Optional[str] = ..., + permissions: _Optional[_Iterable[str]] = ..., + ) -> None: ... + +class TestIamPermissionsResponse(_message.Message): + __slots__ = ("permissions",) + PERMISSIONS_FIELD_NUMBER: _ClassVar[int] + permissions: _containers.RepeatedScalarFieldContainer[str] + def __init__(self, permissions: _Optional[_Iterable[str]] = ...) -> None: ... diff --git a/packages/grpc-google-iam-v1/google/iam/v1/options.proto b/packages/grpc-google-iam-v1/google/iam/v1/options.proto new file mode 100644 index 000000000000..5337058794a7 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/options.proto @@ -0,0 +1,48 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option java_multiple_files = true; +option java_outer_classname = "OptionsProto"; +option java_package = "com.google.iam.v1"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; + +// Encapsulates settings provided to GetIamPolicy. +message GetPolicyOptions { + // Optional. The maximum policy version that will be used to format the + // policy. + // + // Valid values are 0, 1, and 3. Requests specifying an invalid value will be + // rejected. + // + // Requests for policies with any conditional role bindings must specify + // version 3. Policies with no conditional role bindings may specify any valid + // value or leave the field unset. + // + // The policy in the response might use the policy version that you specified, + // or it might use a lower policy version. For example, if you specify version + // 3, but the policy has no conditional role bindings, the response uses + // version 1. + // + // To learn which resources support conditions in their IAM policies, see the + // [IAM + // documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + int32 requested_policy_version = 1; +} diff --git a/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.py b/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.py index 85dcd90e4675..d219723aaa28 100644 --- a/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.py +++ b/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/iam/v1/options.proto +# Protobuf Python Version: 4.25.3 """Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import descriptor_pool as _descriptor_pool @@ -37,8 +38,10 @@ DESCRIPTOR, "google.iam.v1.options_pb2", _globals ) if _descriptor._USE_C_DESCRIPTORS == False: - DESCRIPTOR._options = None - DESCRIPTOR._serialized_options = b"\n\021com.google.iam.v1B\014OptionsProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\370\001\001\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" + _globals["DESCRIPTOR"]._options = None + _globals[ + "DESCRIPTOR" + ]._serialized_options = b"\n\021com.google.iam.v1B\014OptionsProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\370\001\001\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" _globals["_GETPOLICYOPTIONS"]._serialized_start = 46 _globals["_GETPOLICYOPTIONS"]._serialized_end = 98 # @@protoc_insertion_point(module_scope) diff --git a/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.pyi b/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.pyi new file mode 100644 index 000000000000..6c55f20404b4 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/options_pb2.pyi @@ -0,0 +1,27 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from typing import ClassVar as _ClassVar +from typing import Optional as _Optional + +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message + +DESCRIPTOR: _descriptor.FileDescriptor + +class GetPolicyOptions(_message.Message): + __slots__ = ("requested_policy_version",) + REQUESTED_POLICY_VERSION_FIELD_NUMBER: _ClassVar[int] + requested_policy_version: int + def __init__(self, requested_policy_version: _Optional[int] = ...) -> None: ... diff --git a/packages/grpc-google-iam-v1/google/iam/v1/policy.proto b/packages/grpc-google-iam-v1/google/iam/v1/policy.proto new file mode 100644 index 000000000000..b5eac03c4427 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/policy.proto @@ -0,0 +1,410 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +import "google/type/expr.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option java_multiple_files = true; +option java_outer_classname = "PolicyProto"; +option java_package = "com.google.iam.v1"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; + +// An Identity and Access Management (IAM) policy, which specifies access +// controls for Google Cloud resources. +// +// +// A `Policy` is a collection of `bindings`. A `binding` binds one or more +// `members`, or principals, to a single `role`. Principals can be user +// accounts, service accounts, Google groups, and domains (such as G Suite). A +// `role` is a named list of permissions; each `role` can be an IAM predefined +// role or a user-created custom role. +// +// For some types of Google Cloud resources, a `binding` can also specify a +// `condition`, which is a logical expression that allows access to a resource +// only if the expression evaluates to `true`. A condition can add constraints +// based on attributes of the request, the resource, or both. To learn which +// resources support conditions in their IAM policies, see the +// [IAM +// documentation](https://cloud.google.com/iam/help/conditions/resource-policies). +// +// **JSON example:** +// +// ``` +// { +// "bindings": [ +// { +// "role": "roles/resourcemanager.organizationAdmin", +// "members": [ +// "user:mike@example.com", +// "group:admins@example.com", +// "domain:google.com", +// "serviceAccount:my-project-id@appspot.gserviceaccount.com" +// ] +// }, +// { +// "role": "roles/resourcemanager.organizationViewer", +// "members": [ +// "user:eve@example.com" +// ], +// "condition": { +// "title": "expirable access", +// "description": "Does not grant access after Sep 2020", +// "expression": "request.time < +// timestamp('2020-10-01T00:00:00.000Z')", +// } +// } +// ], +// "etag": "BwWWja0YfJA=", +// "version": 3 +// } +// ``` +// +// **YAML example:** +// +// ``` +// bindings: +// - members: +// - user:mike@example.com +// - group:admins@example.com +// - domain:google.com +// - serviceAccount:my-project-id@appspot.gserviceaccount.com +// role: roles/resourcemanager.organizationAdmin +// - members: +// - user:eve@example.com +// role: roles/resourcemanager.organizationViewer +// condition: +// title: expirable access +// description: Does not grant access after Sep 2020 +// expression: request.time < timestamp('2020-10-01T00:00:00.000Z') +// etag: BwWWja0YfJA= +// version: 3 +// ``` +// +// For a description of IAM and its features, see the +// [IAM documentation](https://cloud.google.com/iam/docs/). +message Policy { + // Specifies the format of the policy. + // + // Valid values are `0`, `1`, and `3`. Requests that specify an invalid value + // are rejected. + // + // Any operation that affects conditional role bindings must specify version + // `3`. This requirement applies to the following operations: + // + // * Getting a policy that includes a conditional role binding + // * Adding a conditional role binding to a policy + // * Changing a conditional role binding in a policy + // * Removing any role binding, with or without a condition, from a policy + // that includes conditions + // + // **Important:** If you use IAM Conditions, you must include the `etag` field + // whenever you call `setIamPolicy`. If you omit this field, then IAM allows + // you to overwrite a version `3` policy with a version `1` policy, and all of + // the conditions in the version `3` policy are lost. + // + // If a policy does not include any conditions, operations on that policy may + // specify any valid version or leave the field unset. + // + // To learn which resources support conditions in their IAM policies, see the + // [IAM + // documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + int32 version = 1; + + // Associates a list of `members`, or principals, with a `role`. Optionally, + // may specify a `condition` that determines how and when the `bindings` are + // applied. Each of the `bindings` must contain at least one principal. + // + // The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 + // of these principals can be Google groups. Each occurrence of a principal + // counts towards these limits. For example, if the `bindings` grant 50 + // different roles to `user:alice@example.com`, and not to any other + // principal, then you can add another 1,450 principals to the `bindings` in + // the `Policy`. + repeated Binding bindings = 4; + + // Specifies cloud audit logging configuration for this policy. + repeated AuditConfig audit_configs = 6; + + // `etag` is used for optimistic concurrency control as a way to help + // prevent simultaneous updates of a policy from overwriting each other. + // It is strongly suggested that systems make use of the `etag` in the + // read-modify-write cycle to perform policy updates in order to avoid race + // conditions: An `etag` is returned in the response to `getIamPolicy`, and + // systems are expected to put that etag in the request to `setIamPolicy` to + // ensure that their change will be applied to the same version of the policy. + // + // **Important:** If you use IAM Conditions, you must include the `etag` field + // whenever you call `setIamPolicy`. If you omit this field, then IAM allows + // you to overwrite a version `3` policy with a version `1` policy, and all of + // the conditions in the version `3` policy are lost. + bytes etag = 3; +} + +// Associates `members`, or principals, with a `role`. +message Binding { + // Role that is assigned to the list of `members`, or principals. + // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + string role = 1; + + // Specifies the principals requesting access for a Google Cloud resource. + // `members` can have the following values: + // + // * `allUsers`: A special identifier that represents anyone who is + // on the internet; with or without a Google account. + // + // * `allAuthenticatedUsers`: A special identifier that represents anyone + // who is authenticated with a Google account or a service account. + // + // * `user:{emailid}`: An email address that represents a specific Google + // account. For example, `alice@example.com` . + // + // + // * `serviceAccount:{emailid}`: An email address that represents a service + // account. For example, `my-other-app@appspot.gserviceaccount.com`. + // + // * `group:{emailid}`: An email address that represents a Google group. + // For example, `admins@example.com`. + // + // * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique + // identifier) representing a user that has been recently deleted. For + // example, `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered user + // retains the role in the binding. + // + // * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus + // unique identifier) representing a service account that has been recently + // deleted. For example, + // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. + // If the service account is undeleted, this value reverts to + // `serviceAccount:{emailid}` and the undeleted service account retains the + // role in the binding. + // + // * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique + // identifier) representing a Google group that has been recently + // deleted. For example, `admins@example.com?uid=123456789012345678901`. If + // the group is recovered, this value reverts to `group:{emailid}` and the + // recovered group retains the role in the binding. + // + // + // * `domain:{domain}`: The G Suite domain (primary) that represents all the + // users of that domain. For example, `google.com` or `example.com`. + // + // + repeated string members = 2; + + // The condition that is associated with this binding. + // + // If the condition evaluates to `true`, then this binding applies to the + // current request. + // + // If the condition evaluates to `false`, then this binding does not apply to + // the current request. However, a different role binding might grant the same + // role to one or more of the principals in this binding. + // + // To learn which resources support conditions in their IAM policies, see the + // [IAM + // documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + google.type.Expr condition = 3; +} + +// Specifies the audit configuration for a service. +// The configuration determines which permission types are logged, and what +// identities, if any, are exempted from logging. +// An AuditConfig must have one or more AuditLogConfigs. +// +// If there are AuditConfigs for both `allServices` and a specific service, +// the union of the two AuditConfigs is used for that service: the log_types +// specified in each AuditConfig are enabled, and the exempted_members in each +// AuditLogConfig are exempted. +// +// Example Policy with multiple AuditConfigs: +// +// { +// "audit_configs": [ +// { +// "service": "allServices", +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:jose@example.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE" +// }, +// { +// "log_type": "ADMIN_READ" +// } +// ] +// }, +// { +// "service": "sampleservice.googleapis.com", +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ" +// }, +// { +// "log_type": "DATA_WRITE", +// "exempted_members": [ +// "user:aliya@example.com" +// ] +// } +// ] +// } +// ] +// } +// +// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ +// logging. It also exempts `jose@example.com` from DATA_READ logging, and +// `aliya@example.com` from DATA_WRITE logging. +message AuditConfig { + // Specifies a service that will be enabled for audit logging. + // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. + // `allServices` is a special value that covers all services. + string service = 1; + + // The configuration for logging of each type of permission. + repeated AuditLogConfig audit_log_configs = 3; +} + +// Provides the configuration for logging a type of permissions. +// Example: +// +// { +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:jose@example.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE" +// } +// ] +// } +// +// This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting +// jose@example.com from DATA_READ logging. +message AuditLogConfig { + // The list of valid permission types for which logging can be configured. + // Admin writes are always logged, and are not configurable. + enum LogType { + // Default case. Should never be this. + LOG_TYPE_UNSPECIFIED = 0; + + // Admin reads. Example: CloudIAM getIamPolicy + ADMIN_READ = 1; + + // Data writes. Example: CloudSQL Users create + DATA_WRITE = 2; + + // Data reads. Example: CloudSQL Users list + DATA_READ = 3; + } + + // The log type that this config enables. + LogType log_type = 1; + + // Specifies the identities that do not cause logging for this type of + // permission. + // Follows the same format of + // [Binding.members][google.iam.v1.Binding.members]. + repeated string exempted_members = 2; +} + +// The difference delta between two policies. +message PolicyDelta { + // The delta for Bindings between two policies. + repeated BindingDelta binding_deltas = 1; + + // The delta for AuditConfigs between two policies. + repeated AuditConfigDelta audit_config_deltas = 2; +} + +// One delta entry for Binding. Each individual change (only one member in each +// entry) to a binding will be a separate entry. +message BindingDelta { + // The type of action performed on a Binding in a policy. + enum Action { + // Unspecified. + ACTION_UNSPECIFIED = 0; + + // Addition of a Binding. + ADD = 1; + + // Removal of a Binding. + REMOVE = 2; + } + + // The action that was performed on a Binding. + // Required + Action action = 1; + + // Role that is assigned to `members`. + // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + // Required + string role = 2; + + // A single identity requesting access for a Google Cloud resource. + // Follows the same format of Binding.members. + // Required + string member = 3; + + // The condition that is associated with this binding. + google.type.Expr condition = 4; +} + +// One delta entry for AuditConfig. Each individual change (only one +// exempted_member in each entry) to a AuditConfig will be a separate entry. +message AuditConfigDelta { + // The type of action performed on an audit configuration in a policy. + enum Action { + // Unspecified. + ACTION_UNSPECIFIED = 0; + + // Addition of an audit configuration. + ADD = 1; + + // Removal of an audit configuration. + REMOVE = 2; + } + + // The action that was performed on an audit configuration in a policy. + // Required + Action action = 1; + + // Specifies a service that was configured for Cloud Audit Logging. + // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. + // `allServices` is a special value that covers all services. + // Required + string service = 2; + + // A single identity that is exempted from "data access" audit + // logging for the `service` specified above. + // Follows the same format of Binding.members. + string exempted_member = 3; + + // Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always + // enabled, and cannot be configured. + // Required + string log_type = 4; +} diff --git a/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.py b/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.py index 149a59634b3b..f5a692f1d48e 100644 --- a/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.py +++ b/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/iam/v1/policy.proto +# Protobuf Python Version: 4.25.3 """Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import descriptor_pool as _descriptor_pool @@ -39,8 +40,10 @@ DESCRIPTOR, "google.iam.v1.policy_pb2", _globals ) if _descriptor._USE_C_DESCRIPTORS == False: - DESCRIPTOR._options = None - DESCRIPTOR._serialized_options = b"\n\021com.google.iam.v1B\013PolicyProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\370\001\001\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" + _globals["DESCRIPTOR"]._options = None + _globals[ + "DESCRIPTOR" + ]._serialized_options = b"\n\021com.google.iam.v1B\013PolicyProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\370\001\001\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" _globals["_POLICY"]._serialized_start = 70 _globals["_POLICY"]._serialized_end = 202 _globals["_BINDING"]._serialized_start = 204 diff --git a/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.pyi b/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.pyi new file mode 100644 index 000000000000..158edf995c48 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/policy_pb2.pyi @@ -0,0 +1,163 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from typing import ClassVar as _ClassVar +from typing import Iterable as _Iterable +from typing import Mapping as _Mapping +from typing import Optional as _Optional +from typing import Union as _Union + +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf.internal import containers as _containers +from google.protobuf.internal import enum_type_wrapper as _enum_type_wrapper +from google.type import expr_pb2 as _expr_pb2 + +DESCRIPTOR: _descriptor.FileDescriptor + +class Policy(_message.Message): + __slots__ = ("version", "bindings", "audit_configs", "etag") + VERSION_FIELD_NUMBER: _ClassVar[int] + BINDINGS_FIELD_NUMBER: _ClassVar[int] + AUDIT_CONFIGS_FIELD_NUMBER: _ClassVar[int] + ETAG_FIELD_NUMBER: _ClassVar[int] + version: int + bindings: _containers.RepeatedCompositeFieldContainer[Binding] + audit_configs: _containers.RepeatedCompositeFieldContainer[AuditConfig] + etag: bytes + def __init__( + self, + version: _Optional[int] = ..., + bindings: _Optional[_Iterable[_Union[Binding, _Mapping]]] = ..., + audit_configs: _Optional[_Iterable[_Union[AuditConfig, _Mapping]]] = ..., + etag: _Optional[bytes] = ..., + ) -> None: ... + +class Binding(_message.Message): + __slots__ = ("role", "members", "condition") + ROLE_FIELD_NUMBER: _ClassVar[int] + MEMBERS_FIELD_NUMBER: _ClassVar[int] + CONDITION_FIELD_NUMBER: _ClassVar[int] + role: str + members: _containers.RepeatedScalarFieldContainer[str] + condition: _expr_pb2.Expr + def __init__( + self, + role: _Optional[str] = ..., + members: _Optional[_Iterable[str]] = ..., + condition: _Optional[_Union[_expr_pb2.Expr, _Mapping]] = ..., + ) -> None: ... + +class AuditConfig(_message.Message): + __slots__ = ("service", "audit_log_configs") + SERVICE_FIELD_NUMBER: _ClassVar[int] + AUDIT_LOG_CONFIGS_FIELD_NUMBER: _ClassVar[int] + service: str + audit_log_configs: _containers.RepeatedCompositeFieldContainer[AuditLogConfig] + def __init__( + self, + service: _Optional[str] = ..., + audit_log_configs: _Optional[_Iterable[_Union[AuditLogConfig, _Mapping]]] = ..., + ) -> None: ... + +class AuditLogConfig(_message.Message): + __slots__ = ("log_type", "exempted_members") + + class LogType(int, metaclass=_enum_type_wrapper.EnumTypeWrapper): + __slots__ = () + LOG_TYPE_UNSPECIFIED: _ClassVar[AuditLogConfig.LogType] + ADMIN_READ: _ClassVar[AuditLogConfig.LogType] + DATA_WRITE: _ClassVar[AuditLogConfig.LogType] + DATA_READ: _ClassVar[AuditLogConfig.LogType] + LOG_TYPE_UNSPECIFIED: AuditLogConfig.LogType + ADMIN_READ: AuditLogConfig.LogType + DATA_WRITE: AuditLogConfig.LogType + DATA_READ: AuditLogConfig.LogType + LOG_TYPE_FIELD_NUMBER: _ClassVar[int] + EXEMPTED_MEMBERS_FIELD_NUMBER: _ClassVar[int] + log_type: AuditLogConfig.LogType + exempted_members: _containers.RepeatedScalarFieldContainer[str] + def __init__( + self, + log_type: _Optional[_Union[AuditLogConfig.LogType, str]] = ..., + exempted_members: _Optional[_Iterable[str]] = ..., + ) -> None: ... + +class PolicyDelta(_message.Message): + __slots__ = ("binding_deltas", "audit_config_deltas") + BINDING_DELTAS_FIELD_NUMBER: _ClassVar[int] + AUDIT_CONFIG_DELTAS_FIELD_NUMBER: _ClassVar[int] + binding_deltas: _containers.RepeatedCompositeFieldContainer[BindingDelta] + audit_config_deltas: _containers.RepeatedCompositeFieldContainer[AuditConfigDelta] + def __init__( + self, + binding_deltas: _Optional[_Iterable[_Union[BindingDelta, _Mapping]]] = ..., + audit_config_deltas: _Optional[ + _Iterable[_Union[AuditConfigDelta, _Mapping]] + ] = ..., + ) -> None: ... + +class BindingDelta(_message.Message): + __slots__ = ("action", "role", "member", "condition") + + class Action(int, metaclass=_enum_type_wrapper.EnumTypeWrapper): + __slots__ = () + ACTION_UNSPECIFIED: _ClassVar[BindingDelta.Action] + ADD: _ClassVar[BindingDelta.Action] + REMOVE: _ClassVar[BindingDelta.Action] + ACTION_UNSPECIFIED: BindingDelta.Action + ADD: BindingDelta.Action + REMOVE: BindingDelta.Action + ACTION_FIELD_NUMBER: _ClassVar[int] + ROLE_FIELD_NUMBER: _ClassVar[int] + MEMBER_FIELD_NUMBER: _ClassVar[int] + CONDITION_FIELD_NUMBER: _ClassVar[int] + action: BindingDelta.Action + role: str + member: str + condition: _expr_pb2.Expr + def __init__( + self, + action: _Optional[_Union[BindingDelta.Action, str]] = ..., + role: _Optional[str] = ..., + member: _Optional[str] = ..., + condition: _Optional[_Union[_expr_pb2.Expr, _Mapping]] = ..., + ) -> None: ... + +class AuditConfigDelta(_message.Message): + __slots__ = ("action", "service", "exempted_member", "log_type") + + class Action(int, metaclass=_enum_type_wrapper.EnumTypeWrapper): + __slots__ = () + ACTION_UNSPECIFIED: _ClassVar[AuditConfigDelta.Action] + ADD: _ClassVar[AuditConfigDelta.Action] + REMOVE: _ClassVar[AuditConfigDelta.Action] + ACTION_UNSPECIFIED: AuditConfigDelta.Action + ADD: AuditConfigDelta.Action + REMOVE: AuditConfigDelta.Action + ACTION_FIELD_NUMBER: _ClassVar[int] + SERVICE_FIELD_NUMBER: _ClassVar[int] + EXEMPTED_MEMBER_FIELD_NUMBER: _ClassVar[int] + LOG_TYPE_FIELD_NUMBER: _ClassVar[int] + action: AuditConfigDelta.Action + service: str + exempted_member: str + log_type: str + def __init__( + self, + action: _Optional[_Union[AuditConfigDelta.Action, str]] = ..., + service: _Optional[str] = ..., + exempted_member: _Optional[str] = ..., + log_type: _Optional[str] = ..., + ) -> None: ... diff --git a/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member.proto b/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member.proto new file mode 100644 index 000000000000..16eefacec5bb --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member.proto @@ -0,0 +1,50 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +import "google/api/field_behavior.proto"; + +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; +option java_multiple_files = true; +option java_outer_classname = "ResourcePolicyMemberProto"; +option java_package = "com.google.iam.v1"; + +// Output-only policy member strings of a Google Cloud resource's built-in +// identity. +message ResourcePolicyMember { + // IAM policy binding member referring to a Google Cloud resource by + // user-assigned name (https://google.aip.dev/122). If a resource is deleted + // and recreated with the same name, the binding will be applicable to the new + // resource. + // + // Example: + // `principal://parametermanager.googleapis.com/projects/12345/name/locations/us-central1-a/parameters/my-parameter` + string iam_policy_name_principal = 1 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // IAM policy binding member referring to a Google Cloud resource by + // system-assigned unique identifier (https://google.aip.dev/148#uid). If a + // resource is deleted and recreated with the same name, the binding will not + // be applicable to the new resource + // + // Example: + // `principal://parametermanager.googleapis.com/projects/12345/uid/locations/us-central1-a/parameters/a918fed5` + string iam_policy_uid_principal = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; +} diff --git a/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.py b/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.py index f1e424b0b43b..4687ddef4f4d 100644 --- a/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.py +++ b/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright 2024 Google LLC +# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/iam/v1/resource_policy_member.proto +# Protobuf Python Version: 4.25.3 """Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import descriptor_pool as _descriptor_pool @@ -39,14 +40,20 @@ DESCRIPTOR, "google.iam.v1.resource_policy_member_pb2", _globals ) if _descriptor._USE_C_DESCRIPTORS == False: - DESCRIPTOR._options = None - DESCRIPTOR._serialized_options = b"\n\021com.google.iam.v1B\031ResourcePolicyMemberProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" - _RESOURCEPOLICYMEMBER.fields_by_name["iam_policy_name_principal"]._options = None - _RESOURCEPOLICYMEMBER.fields_by_name[ + _globals["DESCRIPTOR"]._options = None + _globals[ + "DESCRIPTOR" + ]._serialized_options = b"\n\021com.google.iam.v1B\031ResourcePolicyMemberProtoP\001Z)cloud.google.com/go/iam/apiv1/iampb;iampb\252\002\023Google.Cloud.Iam.V1\312\002\023Google\\Cloud\\Iam\\V1" + _globals["_RESOURCEPOLICYMEMBER"].fields_by_name[ + "iam_policy_name_principal" + ]._options = None + _globals["_RESOURCEPOLICYMEMBER"].fields_by_name[ "iam_policy_name_principal" ]._serialized_options = b"\340A\003" - _RESOURCEPOLICYMEMBER.fields_by_name["iam_policy_uid_principal"]._options = None - _RESOURCEPOLICYMEMBER.fields_by_name[ + _globals["_RESOURCEPOLICYMEMBER"].fields_by_name[ + "iam_policy_uid_principal" + ]._options = None + _globals["_RESOURCEPOLICYMEMBER"].fields_by_name[ "iam_policy_uid_principal" ]._serialized_options = b"\340A\003" _globals["_RESOURCEPOLICYMEMBER"]._serialized_start = 94 diff --git a/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.pyi b/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.pyi new file mode 100644 index 000000000000..f3b4fdc63dc3 --- /dev/null +++ b/packages/grpc-google-iam-v1/google/iam/v1/resource_policy_member_pb2.pyi @@ -0,0 +1,34 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from typing import ClassVar as _ClassVar +from typing import Optional as _Optional + +from google.api import field_behavior_pb2 as _field_behavior_pb2 +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message + +DESCRIPTOR: _descriptor.FileDescriptor + +class ResourcePolicyMember(_message.Message): + __slots__ = ("iam_policy_name_principal", "iam_policy_uid_principal") + IAM_POLICY_NAME_PRINCIPAL_FIELD_NUMBER: _ClassVar[int] + IAM_POLICY_UID_PRINCIPAL_FIELD_NUMBER: _ClassVar[int] + iam_policy_name_principal: str + iam_policy_uid_principal: str + def __init__( + self, + iam_policy_name_principal: _Optional[str] = ..., + iam_policy_uid_principal: _Optional[str] = ..., + ) -> None: ... diff --git a/packages/grpc-google-iam-v1/noxfile.py b/packages/grpc-google-iam-v1/noxfile.py index 5f1abc66730e..39c5fc72f7e8 100644 --- a/packages/grpc-google-iam-v1/noxfile.py +++ b/packages/grpc-google-iam-v1/noxfile.py @@ -40,6 +40,7 @@ "3.11", "3.12", "3.13", + "3.14", ] DEFAULT_PYTHON_VERSION = UNIT_TEST_PYTHON_VERSIONS[-1] @@ -57,7 +58,15 @@ UNIT_TEST_EXTRAS: List[str] = [] UNIT_TEST_EXTRAS_BY_PYTHON: Dict[str, List[str]] = {} -SYSTEM_TEST_PYTHON_VERSIONS: List[str] = ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] +SYSTEM_TEST_PYTHON_VERSIONS: List[str] = [ + "3.8", + "3.9", + "3.10", + "3.11", + "3.12", + "3.13", + "3.14", +] SYSTEM_TEST_STANDARD_DEPENDENCIES = [ "mock", "pytest", @@ -176,7 +185,12 @@ def install_unittest_dependencies(session, *constraints): def unit(session, protobuf_implementation): # Install all test dependencies, then install this package in-place. - if protobuf_implementation == "cpp" and session.python in ("3.11", "3.12", "3.13"): + if protobuf_implementation == "cpp" and session.python in ( + "3.11", + "3.12", + "3.13", + "3.14", + ): session.skip("cpp implementation is not supported in python 3.11+") constraints_path = str( @@ -389,7 +403,12 @@ def prerelease_deps(session, protobuf_implementation): `pip install --pre `. """ - if protobuf_implementation == "cpp" and session.python in ("3.11", "3.12", "3.13"): + if protobuf_implementation == "cpp" and session.python in ( + "3.11", + "3.12", + "3.13", + "3.14", + ): session.skip("cpp implementation is not supported in python 3.11+") # Install all dependencies diff --git a/packages/grpc-google-iam-v1/pyproject.toml b/packages/grpc-google-iam-v1/pyproject.toml index c9f6be2077af..3d1ab25a5273 100644 --- a/packages/grpc-google-iam-v1/pyproject.toml +++ b/packages/grpc-google-iam-v1/pyproject.toml @@ -37,6 +37,7 @@ classifiers = [ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", "Operating System :: OS Independent", "Topic :: Internet", ] diff --git a/packages/grpc-google-iam-v1/testing/constraints-3.14.txt b/packages/grpc-google-iam-v1/testing/constraints-3.14.txt new file mode 100644 index 000000000000..e69de29bb2d1