Package cloud.google.com/go/iam/admin/apiv1/adminpb (v0.13.0)

var (
	ServiceAccountKeyAlgorithm_name = map[int32]string{
		0: "KEY_ALG_UNSPECIFIED",
		1: "KEY_ALG_RSA_1024",
		2: "KEY_ALG_RSA_2048",
	}
	ServiceAccountKeyAlgorithm_value = map[string]int32{
		"KEY_ALG_UNSPECIFIED": 0,
		"KEY_ALG_RSA_1024":    1,
		"KEY_ALG_RSA_2048":    2,
	}
)

var (
	ServiceAccountPrivateKeyType_name = map[int32]string{
		0: "TYPE_UNSPECIFIED",
		1: "TYPE_PKCS12_FILE",
		2: "TYPE_GOOGLE_CREDENTIALS_FILE",
	}
	ServiceAccountPrivateKeyType_value = map[string]int32{
		"TYPE_UNSPECIFIED":             0,
		"TYPE_PKCS12_FILE":             1,
		"TYPE_GOOGLE_CREDENTIALS_FILE": 2,
	}
)

var (
	ServiceAccountPublicKeyType_name = map[int32]string{
		0: "TYPE_NONE",
		1: "TYPE_X509_PEM_FILE",
		2: "TYPE_RAW_PUBLIC_KEY",
	}
	ServiceAccountPublicKeyType_value = map[string]int32{
		"TYPE_NONE":           0,
		"TYPE_X509_PEM_FILE":  1,
		"TYPE_RAW_PUBLIC_KEY": 2,
	}
)

var (
	ServiceAccountKeyOrigin_name = map[int32]string{
		0: "ORIGIN_UNSPECIFIED",
		1: "USER_PROVIDED",
		2: "GOOGLE_PROVIDED",
	}
	ServiceAccountKeyOrigin_value = map[string]int32{
		"ORIGIN_UNSPECIFIED": 0,
		"USER_PROVIDED":      1,
		"GOOGLE_PROVIDED":    2,
	}
)

var (
	RoleView_name = map[int32]string{
		0: "BASIC",
		1: "FULL",
	}
	RoleView_value = map[string]int32{
		"BASIC": 0,
		"FULL":  1,
	}
)

var (
	ListServiceAccountKeysRequest_KeyType_name = map[int32]string{
		0: "KEY_TYPE_UNSPECIFIED",
		1: "USER_MANAGED",
		2: "SYSTEM_MANAGED",
	}
	ListServiceAccountKeysRequest_KeyType_value = map[string]int32{
		"KEY_TYPE_UNSPECIFIED": 0,
		"USER_MANAGED":         1,
		"SYSTEM_MANAGED":       2,
	}
)

var (
	Role_RoleLaunchStage_name = map[int32]string{
		0: "ALPHA",
		1: "BETA",
		2: "GA",
		4: "DEPRECATED",
		5: "DISABLED",
		6: "EAP",
	}
	Role_RoleLaunchStage_value = map[string]int32{
		"ALPHA":      0,
		"BETA":       1,
		"GA":         2,
		"DEPRECATED": 4,
		"DISABLED":   5,
		"EAP":        6,
	}
)

var (
	Permission_PermissionLaunchStage_name = map[int32]string{
		0: "ALPHA",
		1: "BETA",
		2: "GA",
		3: "DEPRECATED",
	}
	Permission_PermissionLaunchStage_value = map[string]int32{
		"ALPHA":      0,
		"BETA":       1,
		"GA":         2,
		"DEPRECATED": 3,
	}
)

var (
	Permission_CustomRolesSupportLevel_name = map[int32]string{
		0: "SUPPORTED",
		1: "TESTING",
		2: "NOT_SUPPORTED",
	}
	Permission_CustomRolesSupportLevel_value = map[string]int32{
		"SUPPORTED":     0,
		"TESTING":       1,
		"NOT_SUPPORTED": 2,
	}
)

var (
	LintResult_Level_name = map[int32]string{
		0: "LEVEL_UNSPECIFIED",
		3: "CONDITION",
	}
	LintResult_Level_value = map[string]int32{
		"LEVEL_UNSPECIFIED": 0,
		"CONDITION":         3,
	}
)

var (
	LintResult_Severity_name = map[int32]string{
		0: "SEVERITY_UNSPECIFIED",
		1: "ERROR",
		2: "WARNING",
		3: "NOTICE",
		4: "INFO",
		5: "DEPRECATED",
	}
	LintResult_Severity_value = map[string]int32{
		"SEVERITY_UNSPECIFIED": 0,
		"ERROR":                1,
		"WARNING":              2,
		"NOTICE":               3,
		"INFO":                 4,
		"DEPRECATED":           5,
	}
)

var File_google_iam_admin_v1_audit_data_proto protoreflect.FileDescriptor

var File_google_iam_admin_v1_iam_proto protoreflect.FileDescriptor

func RegisterIAMServer(s *grpc.Server, srv IAMServer)

type AuditData struct {

	// The permission_delta when when creating or updating a Role.
	PermissionDelta *AuditData_PermissionDelta `protobuf:"bytes,1,opt,name=permission_delta,json=permissionDelta,proto3" json:"permission_delta,omitempty"`
	// contains filtered or unexported fields
}

func (*AuditData) Descriptor() ([]byte, []int)

func (x *AuditData) GetPermissionDelta() *AuditData_PermissionDelta

func (*AuditData) ProtoMessage()

func (x *AuditData) ProtoReflect() protoreflect.Message

func (x *AuditData) Reset()

func (x *AuditData) String() string

type AuditData_PermissionDelta struct {

	// Added permissions.
	AddedPermissions []string `protobuf:"bytes,1,rep,name=added_permissions,json=addedPermissions,proto3" json:"added_permissions,omitempty"`
	// Removed permissions.
	RemovedPermissions []string `protobuf:"bytes,2,rep,name=removed_permissions,json=removedPermissions,proto3" json:"removed_permissions,omitempty"`
	// contains filtered or unexported fields
}

func (*AuditData_PermissionDelta) Descriptor() ([]byte, []int)

func (x *AuditData_PermissionDelta) GetAddedPermissions() []string

func (x *AuditData_PermissionDelta) GetRemovedPermissions() []string

func (*AuditData_PermissionDelta) ProtoMessage()

func (x *AuditData_PermissionDelta) ProtoReflect() protoreflect.Message

func (x *AuditData_PermissionDelta) Reset()

func (x *AuditData_PermissionDelta) String() string

type CreateRoleRequest struct {

	// The `parent` parameter's value depends on the target resource for the
	// request, namely
	// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
	// or
	// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
	// Each resource type's `parent` value format is described below:
	//
	//   - [`projects.roles.create()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/create):
	//     `projects/{PROJECT_ID}`. This method creates project-level
	//     [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
	//     Example request URL:
	//     `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
	//
	//   - [`organizations.roles.create()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/create):
	//     `organizations/{ORGANIZATION_ID}`. This method creates organization-level
	//     [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
	//     Example request URL:
	//     `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// The role ID to use for this role.
	//
	// A role ID may contain alphanumeric characters, underscores (`_`), and
	// periods (`.`). It must contain a minimum of 3 characters and a maximum of
	// 64 characters.
	RoleId string `protobuf:"bytes,2,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"`
	// The Role resource to create.
	Role *Role `protobuf:"bytes,3,opt,name=role,proto3" json:"role,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateRoleRequest) Descriptor() ([]byte, []int)

func (x *CreateRoleRequest) GetParent() string

func (x *CreateRoleRequest) GetRole() *Role

func (x *CreateRoleRequest) GetRoleId() string

func (*CreateRoleRequest) ProtoMessage()

func (x *CreateRoleRequest) ProtoReflect() protoreflect.Message

func (x *CreateRoleRequest) Reset()

func (x *CreateRoleRequest) String() string

type CreateServiceAccountKeyRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	PrivateKeyType ServiceAccountPrivateKeyType "" /* 160 byte string literal not displayed */

	KeyAlgorithm ServiceAccountKeyAlgorithm "" /* 150 byte string literal not displayed */

}

func (*CreateServiceAccountKeyRequest) Descriptor() ([]byte, []int)

func (x *CreateServiceAccountKeyRequest) GetKeyAlgorithm() ServiceAccountKeyAlgorithm

func (x *CreateServiceAccountKeyRequest) GetName() string

func (x *CreateServiceAccountKeyRequest) GetPrivateKeyType() ServiceAccountPrivateKeyType

func (*CreateServiceAccountKeyRequest) ProtoMessage()

func (x *CreateServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (x *CreateServiceAccountKeyRequest) Reset()

func (x *CreateServiceAccountKeyRequest) String() string

type CreateServiceAccountRequest struct {

	// Required. The resource name of the project associated with the service
	// accounts, such as `projects/my-project-123`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The account id that is used to generate the service account
	// email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression
	// `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
	AccountId string `protobuf:"bytes,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
	// The [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to
	// create. Currently, only the following values are user assignable:
	// `display_name` and `description`.
	ServiceAccount *ServiceAccount `protobuf:"bytes,3,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateServiceAccountRequest) Descriptor() ([]byte, []int)

func (x *CreateServiceAccountRequest) GetAccountId() string

func (x *CreateServiceAccountRequest) GetName() string

func (x *CreateServiceAccountRequest) GetServiceAccount() *ServiceAccount

func (*CreateServiceAccountRequest) ProtoMessage()

func (x *CreateServiceAccountRequest) ProtoReflect() protoreflect.Message

func (x *CreateServiceAccountRequest) Reset()

func (x *CreateServiceAccountRequest) String() string

type DeleteRoleRequest struct {

	// The `name` parameter's value depends on the target resource for the
	// request, namely
	// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
	// or
	// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
	// Each resource type's `name` value format is described below:
	//
	//   - [`projects.roles.delete()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/delete):
	//     `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
	//     [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
	//     have been created at the project level. Example request URL:
	//     `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	//   - [`organizations.roles.delete()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/delete):
	//     `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
	//     deletes only [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
	//     have been created at the organization level. Example request URL:
	//     `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Used to perform a consistent read-modify-write.
	Etag []byte `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
	// contains filtered or unexported fields
}

func (*DeleteRoleRequest) Descriptor() ([]byte, []int)

func (x *DeleteRoleRequest) GetEtag() []byte

func (x *DeleteRoleRequest) GetName() string

func (*DeleteRoleRequest) ProtoMessage()

func (x *DeleteRoleRequest) ProtoReflect() protoreflect.Message

func (x *DeleteRoleRequest) Reset()

func (x *DeleteRoleRequest) String() string

type DeleteServiceAccountKeyRequest struct {

	// Required. The resource name of the service account key in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*DeleteServiceAccountKeyRequest) Descriptor() ([]byte, []int)

func (x *DeleteServiceAccountKeyRequest) GetName() string

func (*DeleteServiceAccountKeyRequest) ProtoMessage()

func (x *DeleteServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (x *DeleteServiceAccountKeyRequest) Reset()

func (x *DeleteServiceAccountKeyRequest) String() string

type DeleteServiceAccountRequest struct {

	// Required. The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*DeleteServiceAccountRequest) Descriptor() ([]byte, []int)

func (x *DeleteServiceAccountRequest) GetName() string

func (*DeleteServiceAccountRequest) ProtoMessage()

func (x *DeleteServiceAccountRequest) ProtoReflect() protoreflect.Message

func (x *DeleteServiceAccountRequest) Reset()

func (x *DeleteServiceAccountRequest) String() string

type DisableServiceAccountKeyRequest struct {

	// Required. The resource name of the service account key in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	//
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*DisableServiceAccountKeyRequest) Descriptor() ([]byte, []int)

func (x *DisableServiceAccountKeyRequest) GetName() string

func (*DisableServiceAccountKeyRequest) ProtoMessage()

func (x *DisableServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (x *DisableServiceAccountKeyRequest) Reset()

func (x *DisableServiceAccountKeyRequest) String() string

type DisableServiceAccountRequest struct {

	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*DisableServiceAccountRequest) Descriptor() ([]byte, []int)

func (x *DisableServiceAccountRequest) GetName() string

func (*DisableServiceAccountRequest) ProtoMessage()

func (x *DisableServiceAccountRequest) ProtoReflect() protoreflect.Message

func (x *DisableServiceAccountRequest) Reset()

func (x *DisableServiceAccountRequest) String() string

type EnableServiceAccountKeyRequest struct {

	// Required. The resource name of the service account key in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	//
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*EnableServiceAccountKeyRequest) Descriptor() ([]byte, []int)

func (x *EnableServiceAccountKeyRequest) GetName() string

func (*EnableServiceAccountKeyRequest) ProtoMessage()

func (x *EnableServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (x *EnableServiceAccountKeyRequest) Reset()

func (x *EnableServiceAccountKeyRequest) String() string

type EnableServiceAccountRequest struct {

	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*EnableServiceAccountRequest) Descriptor() ([]byte, []int)

func (x *EnableServiceAccountRequest) GetName() string

func (*EnableServiceAccountRequest) ProtoMessage()

func (x *EnableServiceAccountRequest) ProtoReflect() protoreflect.Message

func (x *EnableServiceAccountRequest) Reset()

func (x *EnableServiceAccountRequest) String() string

type GetRoleRequest struct {

	// The `name` parameter's value depends on the target resource for the
	// request, namely
	// [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles),
	// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles),
	// or
	// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
	// Each resource type's `name` value format is described below:
	//
	//   - [`roles.get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
	//     This method returns results from all
	//     [predefined
	//     roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles)
	//     in Cloud IAM. Example request URL:
	//     `https://iam.googleapis.com/v1/roles/{ROLE_NAME}`
	//
	//   - [`projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/get):
	//     `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
	//     [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
	//     have been created at the project level. Example request URL:
	//     `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	//   - [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/get):
	//     `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
	//     returns only [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
	//     have been created at the organization level. Example request URL:
	//     `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRoleRequest) Descriptor() ([]byte, []int)

func (x *GetRoleRequest) GetName() string

func (*GetRoleRequest) ProtoMessage()

func (x *GetRoleRequest) ProtoReflect() protoreflect.Message

func (x *GetRoleRequest) Reset()

func (x *GetRoleRequest) String() string

type GetServiceAccountKeyRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	PublicKeyType ServiceAccountPublicKeyType "" /* 156 byte string literal not displayed */

}

func (*GetServiceAccountKeyRequest) Descriptor() ([]byte, []int)

func (x *GetServiceAccountKeyRequest) GetName() string

func (x *GetServiceAccountKeyRequest) GetPublicKeyType() ServiceAccountPublicKeyType

func (*GetServiceAccountKeyRequest) ProtoMessage()

func (x *GetServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (x *GetServiceAccountKeyRequest) Reset()

func (x *GetServiceAccountKeyRequest) String() string

type GetServiceAccountRequest struct {

	// Required. The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*GetServiceAccountRequest) Descriptor() ([]byte, []int)

func (x *GetServiceAccountRequest) GetName() string

func (*GetServiceAccountRequest) ProtoMessage()

func (x *GetServiceAccountRequest) ProtoReflect() protoreflect.Message

func (x *GetServiceAccountRequest) Reset()

func (x *GetServiceAccountRequest) String() string

type IAMClient interface {
	// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
	ListServiceAccounts(ctx context.Context, in *ListServiceAccountsRequest, opts ...grpc.CallOption) (*ListServiceAccountsResponse, error)
	// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	GetServiceAccount(ctx context.Context, in *GetServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
	// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	CreateServiceAccount(ctx context.Context, in *CreateServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
	// **Note:** We are in the process of deprecating this method. Use
	// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
	//
	// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// You can update only the `display_name` field.
	UpdateServiceAccount(ctx context.Context, in *ServiceAccount, opts ...grpc.CallOption) (*ServiceAccount, error)
	// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	PatchServiceAccount(ctx context.Context, in *PatchServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
	// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Warning:** After you delete a service account, you might not be able to
	// undelete it. If you know that you need to re-enable the service account in
	// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
	//
	// If you delete a service account, IAM permanently removes the service
	// account 30 days later. Google Cloud cannot recover the service account
	// after it is permanently removed, even if you file a support request.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
	// service account, then wait at least 24 hours and watch for unintended
	// consequences. If there are no unintended consequences, you can delete the
	// service account.
	DeleteServiceAccount(ctx context.Context, in *DeleteServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Important:** It is not always possible to restore a deleted service
	// account. Use this method only as a last resort.
	//
	// After you delete a service account, IAM permanently removes the service
	// account 30 days later. There is no way to restore a deleted service account
	// that has been permanently removed.
	UndeleteServiceAccount(ctx context.Context, in *UndeleteServiceAccountRequest, opts ...grpc.CallOption) (*UndeleteServiceAccountResponse, error)
	// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
	// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
	//
	// If the service account is already enabled, then this method has no effect.
	//
	// If the service account was disabled by other means—for example, if Google
	// disabled the service account because it was compromised—you cannot use this
	// method to enable the service account.
	EnableServiceAccount(ctx context.Context, in *EnableServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
	//
	// If an application uses the service account to authenticate, that
	// application can no longer call Google APIs or access Google Cloud
	// resources. Existing access tokens for the service account are rejected, and
	// requests for new access tokens will fail.
	//
	// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
	// re-enable the service account, its existing access tokens will be accepted,
	// and you can request new access tokens.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use this method to disable the service
	// account, then wait at least 24 hours and watch for unintended consequences.
	// If there are no unintended consequences, you can delete the service account
	// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
	DisableServiceAccount(ctx context.Context, in *DisableServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
	ListServiceAccountKeys(ctx context.Context, in *ListServiceAccountKeysRequest, opts ...grpc.CallOption) (*ListServiceAccountKeysResponse, error)
	// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	GetServiceAccountKey(ctx context.Context, in *GetServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
	// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	CreateServiceAccountKey(ctx context.Context, in *CreateServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
	// Uploads the public key portion of a key pair that you manage, and
	// associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// After you upload the public key, you can use the private key from the key
	// pair as a service account key.
	UploadServiceAccountKey(ctx context.Context, in *UploadServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
	// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
	// revoke short-lived credentials that have been issued based on the service
	// account key.
	DeleteServiceAccountKey(ctx context.Context, in *DeleteServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be
	// re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].
	DisableServiceAccountKey(ctx context.Context, in *DisableServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	EnableServiceAccountKey(ctx context.Context, in *EnableServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a JSON Web Token (JWT) using the system-managed private key for a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error)
	// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
	// policy specifies which principals have access to the service account.
	//
	// This method does not tell you whether the service account has been granted
	// any roles on other resources. To check whether a service account has role
	// grants on a resource, use the `getIamPolicy` method for that resource. For
	// example, to view the role grants for a project, call the Resource Manager
	// API's
	// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
	// method.
	GetIamPolicy(ctx context.Context, in *v1.GetIamPolicyRequest, opts ...grpc.CallOption) (*v1.Policy, error)
	// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// Use this method to grant or revoke access to the service account. For
	// example, you could grant a principal the ability to impersonate the service
	// account.
	//
	// This method does not enable the service account to access other resources.
	// To grant roles to a service account on a resource, follow these steps:
	//
	// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
	// 2. Edit the policy so that it binds the service account to an IAM role for
	// the resource.
	// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
	//
	// For detailed instructions, see
	// [Manage access to project, folders, and
	// organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
	// or [Manage access to other
	// resources](https://cloud.google.com/iam/help/access/manage-other-resources).
	SetIamPolicy(ctx context.Context, in *v1.SetIamPolicyRequest, opts ...grpc.CallOption) (*v1.Policy, error)
	// Tests whether the caller has the specified permissions on a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	TestIamPermissions(ctx context.Context, in *v1.TestIamPermissionsRequest, opts ...grpc.CallOption) (*v1.TestIamPermissionsResponse, error)
	// Lists roles that can be granted on a Google Cloud resource. A role is
	// grantable if the IAM policy for the resource can contain bindings to the
	// role.
	QueryGrantableRoles(ctx context.Context, in *QueryGrantableRolesRequest, opts ...grpc.CallOption) (*QueryGrantableRolesResponse, error)
	// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
	// that is defined for an organization or project.
	ListRoles(ctx context.Context, in *ListRolesRequest, opts ...grpc.CallOption) (*ListRolesResponse, error)
	// Gets the definition of a [Role][google.iam.admin.v1.Role].
	GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Creates a new custom [Role][google.iam.admin.v1.Role].
	CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
	UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Deletes a custom [Role][google.iam.admin.v1.Role].
	//
	// When you delete a custom role, the following changes occur immediately:
	//
	// * You cannot bind a principal to the custom role in an IAM
	// [Policy][google.iam.v1.Policy].
	// * Existing bindings to the custom role are not changed, but they have no
	// effect.
	// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
	// role.
	//
	// You have 7 days to undelete the custom role. After 7 days, the following
	// changes occur:
	//
	// * The custom role is permanently deleted and cannot be recovered.
	// * If an IAM policy contains a binding to the custom role, the binding is
	// permanently removed.
	DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Undeletes a custom [Role][google.iam.admin.v1.Role].
	UndeleteRole(ctx context.Context, in *UndeleteRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Lists every permission that you can test on a resource. A permission is
	// testable if you can check whether a principal has that permission on the
	// resource.
	QueryTestablePermissions(ctx context.Context, in *QueryTestablePermissionsRequest, opts ...grpc.CallOption) (*QueryTestablePermissionsResponse, error)
	// Returns a list of services that allow you to opt into audit logs that are
	// not generated by default.
	//
	// To learn more about audit logs, see the [Logging
	// documentation](https://cloud.google.com/logging/docs/audit).
	QueryAuditableServices(ctx context.Context, in *QueryAuditableServicesRequest, opts ...grpc.CallOption) (*QueryAuditableServicesResponse, error)
	// Lints, or validates, an IAM policy. Currently checks the
	// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
	// expression for a role binding.
	//
	// Successful calls to this method always return an HTTP `200 OK` status code,
	// even if the linter detects an issue in the IAM policy.
	LintPolicy(ctx context.Context, in *LintPolicyRequest, opts ...grpc.CallOption) (*LintPolicyResponse, error)
}

func NewIAMClient(cc grpc.ClientConnInterface) IAMClient

type IAMServer interface {
	// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
	ListServiceAccounts(context.Context, *ListServiceAccountsRequest) (*ListServiceAccountsResponse, error)
	// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	GetServiceAccount(context.Context, *GetServiceAccountRequest) (*ServiceAccount, error)
	// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	CreateServiceAccount(context.Context, *CreateServiceAccountRequest) (*ServiceAccount, error)
	// **Note:** We are in the process of deprecating this method. Use
	// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
	//
	// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// You can update only the `display_name` field.
	UpdateServiceAccount(context.Context, *ServiceAccount) (*ServiceAccount, error)
	// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	PatchServiceAccount(context.Context, *PatchServiceAccountRequest) (*ServiceAccount, error)
	// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Warning:** After you delete a service account, you might not be able to
	// undelete it. If you know that you need to re-enable the service account in
	// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
	//
	// If you delete a service account, IAM permanently removes the service
	// account 30 days later. Google Cloud cannot recover the service account
	// after it is permanently removed, even if you file a support request.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
	// service account, then wait at least 24 hours and watch for unintended
	// consequences. If there are no unintended consequences, you can delete the
	// service account.
	DeleteServiceAccount(context.Context, *DeleteServiceAccountRequest) (*emptypb.Empty, error)
	// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Important:** It is not always possible to restore a deleted service
	// account. Use this method only as a last resort.
	//
	// After you delete a service account, IAM permanently removes the service
	// account 30 days later. There is no way to restore a deleted service account
	// that has been permanently removed.
	UndeleteServiceAccount(context.Context, *UndeleteServiceAccountRequest) (*UndeleteServiceAccountResponse, error)
	// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
	// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
	//
	// If the service account is already enabled, then this method has no effect.
	//
	// If the service account was disabled by other means—for example, if Google
	// disabled the service account because it was compromised—you cannot use this
	// method to enable the service account.
	EnableServiceAccount(context.Context, *EnableServiceAccountRequest) (*emptypb.Empty, error)
	// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
	//
	// If an application uses the service account to authenticate, that
	// application can no longer call Google APIs or access Google Cloud
	// resources. Existing access tokens for the service account are rejected, and
	// requests for new access tokens will fail.
	//
	// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
	// re-enable the service account, its existing access tokens will be accepted,
	// and you can request new access tokens.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use this method to disable the service
	// account, then wait at least 24 hours and watch for unintended consequences.
	// If there are no unintended consequences, you can delete the service account
	// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
	DisableServiceAccount(context.Context, *DisableServiceAccountRequest) (*emptypb.Empty, error)
	// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
	ListServiceAccountKeys(context.Context, *ListServiceAccountKeysRequest) (*ListServiceAccountKeysResponse, error)
	// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	GetServiceAccountKey(context.Context, *GetServiceAccountKeyRequest) (*ServiceAccountKey, error)
	// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	CreateServiceAccountKey(context.Context, *CreateServiceAccountKeyRequest) (*ServiceAccountKey, error)
	// Uploads the public key portion of a key pair that you manage, and
	// associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// After you upload the public key, you can use the private key from the key
	// pair as a service account key.
	UploadServiceAccountKey(context.Context, *UploadServiceAccountKeyRequest) (*ServiceAccountKey, error)
	// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
	// revoke short-lived credentials that have been issued based on the service
	// account key.
	DeleteServiceAccountKey(context.Context, *DeleteServiceAccountKeyRequest) (*emptypb.Empty, error)
	// Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be
	// re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].
	DisableServiceAccountKey(context.Context, *DisableServiceAccountKeyRequest) (*emptypb.Empty, error)
	// Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	EnableServiceAccountKey(context.Context, *EnableServiceAccountKeyRequest) (*emptypb.Empty, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a JSON Web Token (JWT) using the system-managed private key for a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
	// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
	// policy specifies which principals have access to the service account.
	//
	// This method does not tell you whether the service account has been granted
	// any roles on other resources. To check whether a service account has role
	// grants on a resource, use the `getIamPolicy` method for that resource. For
	// example, to view the role grants for a project, call the Resource Manager
	// API's
	// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
	// method.
	GetIamPolicy(context.Context, *v1.GetIamPolicyRequest) (*v1.Policy, error)
	// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// Use this method to grant or revoke access to the service account. For
	// example, you could grant a principal the ability to impersonate the service
	// account.
	//
	// This method does not enable the service account to access other resources.
	// To grant roles to a service account on a resource, follow these steps:
	//
	// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
	// 2. Edit the policy so that it binds the service account to an IAM role for
	// the resource.
	// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
	//
	// For detailed instructions, see
	// [Manage access to project, folders, and
	// organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
	// or [Manage access to other
	// resources](https://cloud.google.com/iam/help/access/manage-other-resources).
	SetIamPolicy(context.Context, *v1.SetIamPolicyRequest) (*v1.Policy, error)
	// Tests whether the caller has the specified permissions on a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	TestIamPermissions(context.Context, *v1.TestIamPermissionsRequest) (*v1.TestIamPermissionsResponse, error)
	// Lists roles that can be granted on a Google Cloud resource. A role is
	// grantable if the IAM policy for the resource can contain bindings to the
	// role.
	QueryGrantableRoles(context.Context, *QueryGrantableRolesRequest) (*QueryGrantableRolesResponse, error)
	// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
	// that is defined for an organization or project.
	ListRoles(context.Context, *ListRolesRequest) (*ListRolesResponse, error)
	// Gets the definition of a [Role][google.iam.admin.v1.Role].
	GetRole(context.Context, *GetRoleRequest) (*Role, error)
	// Creates a new custom [Role][google.iam.admin.v1.Role].
	CreateRole(context.Context, *CreateRoleRequest) (*Role, error)
	// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
	UpdateRole(context.Context, *UpdateRoleRequest) (*Role, error)
	// Deletes a custom [Role][google.iam.admin.v1.Role].
	//
	// When you delete a custom role, the following changes occur immediately:
	//
	// * You cannot bind a principal to the custom role in an IAM
	// [Policy][google.iam.v1.Policy].
	// * Existing bindings to the custom role are not changed, but they have no
	// effect.
	// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
	// role.
	//
	// You have 7 days to undelete the custom role. After 7 days, the following
	// changes occur:
	//
	// * The custom role is permanently deleted and cannot be recovered.
	// * If an IAM policy contains a binding to the custom role, the binding is
	// permanently removed.
	DeleteRole(context.Context, *DeleteRoleRequest) (*Role, error)
	// Undeletes a custom [Role][google.iam.admin.v1.Role].
	UndeleteRole(context.Context, *UndeleteRoleRequest) (*Role, error)
	// Lists every permission that you can test on a resource. A permission is
	// testable if you can check whether a principal has that permission on the
	// resource.
	QueryTestablePermissions(context.Context, *QueryTestablePermissionsRequest) (*QueryTestablePermissionsResponse, error)
	// Returns a list of services that allow you to opt into audit logs that are
	// not generated by default.
	//
	// To learn more about audit logs, see the [Logging
	// documentation](https://cloud.google.com/logging/docs/audit).
	QueryAuditableServices(context.Context, *QueryAuditableServicesRequest) (*QueryAuditableServicesResponse, error)
	// Lints, or validates, an IAM policy. Currently checks the
	// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
	// expression for a role binding.
	//
	// Successful calls to this method always return an HTTP `200 OK` status code,
	// even if the linter detects an issue in the IAM policy.
	LintPolicy(context.Context, *LintPolicyRequest) (*LintPolicyResponse, error)
}

type LintPolicyRequest struct {

	// The full resource name of the policy this lint request is about.
	//
	// The name follows the Google Cloud Platform (GCP) resource format.
	// For example, a GCP project with ID `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	//
	// The resource name is not used to read the policy instance from the Cloud
	// IAM database. The candidate policy for lint has to be provided in the same
	// request object.
	FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Required. The Cloud IAM object to be linted.
	//
	// Types that are assignable to LintObject:
	//
	//	*LintPolicyRequest_Condition
	LintObject isLintPolicyRequest_LintObject `protobuf_oneof:"lint_object"`
	// contains filtered or unexported fields
}

func (*LintPolicyRequest) Descriptor() ([]byte, []int)

func (x *LintPolicyRequest) GetCondition() *expr.Expr

func (x *LintPolicyRequest) GetFullResourceName() string

func (m *LintPolicyRequest) GetLintObject() isLintPolicyRequest_LintObject

func (*LintPolicyRequest) ProtoMessage()

func (x *LintPolicyRequest) ProtoReflect() protoreflect.Message

func (x *LintPolicyRequest) Reset()

func (x *LintPolicyRequest) String() string

type LintPolicyRequest_Condition struct {
	// [google.iam.v1.Binding.condition] [google.iam.v1.Binding.condition] object to be linted.
	Condition *expr.Expr `protobuf:"bytes,5,opt,name=condition,proto3,oneof"`
}

type LintPolicyResponse struct {

	// List of lint results sorted by `severity` in descending order.
	LintResults []*LintResult `protobuf:"bytes,1,rep,name=lint_results,json=lintResults,proto3" json:"lint_results,omitempty"`
	// contains filtered or unexported fields
}

func (*LintPolicyResponse) Descriptor() ([]byte, []int)

func (x *LintPolicyResponse) GetLintResults() []*LintResult

func (*LintPolicyResponse) ProtoMessage()

func (x *LintPolicyResponse) ProtoReflect() protoreflect.Message

func (x *LintPolicyResponse) Reset()

func (x *LintPolicyResponse) String() string

type LintResult struct {

	// The validation unit level.
	Level LintResult_Level `protobuf:"varint,1,opt,name=level,proto3,enum=google.iam.admin.v1.LintResult_Level" json:"level,omitempty"`
	// The validation unit name, for instance
	// "lintValidationUnits/ConditionComplexityCheck".
	ValidationUnitName string `protobuf:"bytes,2,opt,name=validation_unit_name,json=validationUnitName,proto3" json:"validation_unit_name,omitempty"`
	// The validation unit severity.
	Severity LintResult_Severity `protobuf:"varint,3,opt,name=severity,proto3,enum=google.iam.admin.v1.LintResult_Severity" json:"severity,omitempty"`
	// The name of the field for which this lint result is about.
	//
	// For nested messages `field_name` consists of names of the embedded fields
	// separated by period character. The top-level qualifier is the input object
	// to lint in the request. For example, the `field_name` value
	// `condition.expression` identifies a lint result for the `expression` field
	// of the provided condition.
	FieldName string `protobuf:"bytes,5,opt,name=field_name,json=fieldName,proto3" json:"field_name,omitempty"`
	// 0-based character position of problematic construct within the object
	// identified by `field_name`. Currently, this is populated only for condition
	// expression.
	LocationOffset int32 `protobuf:"varint,6,opt,name=location_offset,json=locationOffset,proto3" json:"location_offset,omitempty"`
	// Human readable debug message associated with the issue.
	DebugMessage string `protobuf:"bytes,7,opt,name=debug_message,json=debugMessage,proto3" json:"debug_message,omitempty"`
	// contains filtered or unexported fields
}

func (*LintResult) Descriptor() ([]byte, []int)

func (x *LintResult) GetDebugMessage() string

func (x *LintResult) GetFieldName() string

func (x *LintResult) GetLevel() LintResult_Level

func (x *LintResult) GetLocationOffset() int32

func (x *LintResult) GetSeverity() LintResult_Severity

func (x *LintResult) GetValidationUnitName() string

func (*LintResult) ProtoMessage()

func (x *LintResult) ProtoReflect() protoreflect.Message

func (x *LintResult) Reset()

func (x *LintResult) String() string

type LintResult_Level int32

const (
	// Level is unspecified.
	LintResult_LEVEL_UNSPECIFIED LintResult_Level = 0
	// A validation unit which operates on an individual condition within a
	// binding.
	LintResult_CONDITION LintResult_Level = 3
)

func (LintResult_Level) Descriptor() protoreflect.EnumDescriptor

func (x LintResult_Level) Enum() *LintResult_Level

func (LintResult_Level) EnumDescriptor() ([]byte, []int)

func (x LintResult_Level) Number() protoreflect.EnumNumber

func (x LintResult_Level) String() string

func (LintResult_Level) Type() protoreflect.EnumType

type LintResult_Severity int32

const (
	// Severity is unspecified.
	LintResult_SEVERITY_UNSPECIFIED LintResult_Severity = 0
	// A validation unit returns an error only for critical issues. If an
	// attempt is made to set the problematic policy without rectifying the
	// critical issue, it causes the `setPolicy` operation to fail.
	LintResult_ERROR LintResult_Severity = 1
	// Any issue which is severe enough but does not cause an error.
	// For example, suspicious constructs in the input object will not
	// necessarily fail `setPolicy`, but there is a high likelihood that they
	// won't behave as expected during policy evaluation in `checkPolicy`.
	// This includes the following common scenarios:
	//
	//   - Unsatisfiable condition: Expired timestamp in date/time condition.
	//   - Ineffective condition: Condition on a 

func (LintResult_Severity) Descriptor() protoreflect.EnumDescriptor

func (x LintResult_Severity) Enum() *LintResult_Severity

func (LintResult_Severity) EnumDescriptor() ([]byte, []int)

func (x LintResult_Severity) Number() protoreflect.EnumNumber

func (x LintResult_Severity) String() string

func (LintResult_Severity) Type() protoreflect.EnumType

type ListRolesRequest struct {

	// The `parent` parameter's value depends on the target resource for the
	// request, namely
	// [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles),
	// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles),
	// or
	// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
	// Each resource type's `parent` value format is described below:
	//
	//   - [`roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An empty string.
	//     This method doesn't require a resource; it simply returns all
	//     [predefined
	//     roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles)
	//     in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles`
	//
	//   - [`projects.roles.list()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/list):
	//     `projects/{PROJECT_ID}`. This method lists all project-level
	//     [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
	//     Example request URL:
	//     `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
	//
	//   - [`organizations.roles.list()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/list):
	//     `organizations/{ORGANIZATION_ID}`. This method lists all
	//     organization-level [custom
	//     roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
	//     Example request URL:
	//     `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional limit on the number of roles to include in the response.
	//
	// The default is 300, and the maximum is 1,000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier ListRolesResponse.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional view for the returned Role objects. When `FULL` is specified,
	// the `includedPermissions` field is returned, which includes a list of all
	// permissions in the role. The default value is `BASIC`, which does not
	// return the `includedPermissions` field.
	View RoleView `protobuf:"varint,4,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
	// Include Roles that have been deleted.
	ShowDeleted bool `protobuf:"varint,6,opt,name=show_deleted,json=showDeleted,proto3" json:"show_deleted,omitempty"`
	// contains filtered or unexported fields
}

func (*ListRolesRequest) Descriptor() ([]byte, []int)

func (x *ListRolesRequest) GetPageSize() int32

func (x *ListRolesRequest) GetPageToken() string

func (x *ListRolesRequest) GetParent() string

func (x *ListRolesRequest) GetShowDeleted() bool

func (x *ListRolesRequest) GetView() RoleView

func (*ListRolesRequest) ProtoMessage()

func (x *ListRolesRequest) ProtoReflect() protoreflect.Message

func (x *ListRolesRequest) Reset()

func (x *ListRolesRequest) String() string

type ListRolesResponse struct {

	// The Roles defined on this resource.
	Roles []*Role `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
	// To retrieve the next page of results, set
	// `ListRolesRequest.page_token` to this value.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

func (*ListRolesResponse) Descriptor() ([]byte, []int)

func (x *ListRolesResponse) GetNextPageToken() string

func (x *ListRolesResponse) GetRoles() []*Role

func (*ListRolesResponse) ProtoMessage()

func (x *ListRolesResponse) ProtoReflect() protoreflect.Message

func (x *ListRolesResponse) Reset()

func (x *ListRolesResponse) String() string

type ListServiceAccountKeysRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	KeyTypes []ListServiceAccountKeysRequest_KeyType "" /* 156 byte string literal not displayed */

}

func (*ListServiceAccountKeysRequest) Descriptor() ([]byte, []int)

func (x *ListServiceAccountKeysRequest) GetKeyTypes() []ListServiceAccountKeysRequest_KeyType

func (x *ListServiceAccountKeysRequest) GetName() string

func (*ListServiceAccountKeysRequest) ProtoMessage()

func (x *ListServiceAccountKeysRequest) ProtoReflect() protoreflect.Message

func (x *ListServiceAccountKeysRequest) Reset()

func (x *ListServiceAccountKeysRequest) String() string

type ListServiceAccountKeysRequest_KeyType int32

const (
	// Unspecified key type. The presence of this in the
	// message will immediately result in an error.
	ListServiceAccountKeysRequest_KEY_TYPE_UNSPECIFIED ListServiceAccountKeysRequest_KeyType = 0
	// User-managed keys (managed and rotated by the user).
	ListServiceAccountKeysRequest_USER_MANAGED ListServiceAccountKeysRequest_KeyType = 1
	// System-managed keys (managed and rotated by Google).
	ListServiceAccountKeysRequest_SYSTEM_MANAGED ListServiceAccountKeysRequest_KeyType = 2
)

func (ListServiceAccountKeysRequest_KeyType) Descriptor() protoreflect.EnumDescriptor

func (x ListServiceAccountKeysRequest_KeyType) Enum() *ListServiceAccountKeysRequest_KeyType

func (ListServiceAccountKeysRequest_KeyType) EnumDescriptor() ([]byte, []int)

func (x ListServiceAccountKeysRequest_KeyType) Number() protoreflect.EnumNumber

func (x ListServiceAccountKeysRequest_KeyType) String() string

func (ListServiceAccountKeysRequest_KeyType) Type() protoreflect.EnumType

type ListServiceAccountKeysResponse struct {

	// The public keys for the service account.
	Keys []*ServiceAccountKey `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
	// contains filtered or unexported fields
}

func (*ListServiceAccountKeysResponse) Descriptor() ([]byte, []int)

func (x *ListServiceAccountKeysResponse) GetKeys() []*ServiceAccountKey

func (*ListServiceAccountKeysResponse) ProtoMessage()

func (x *ListServiceAccountKeysResponse) ProtoReflect() protoreflect.Message

func (x *ListServiceAccountKeysResponse) Reset()

func (x *ListServiceAccountKeysResponse) String() string

type ListServiceAccountsRequest struct {

	// Required. The resource name of the project associated with the service
	// accounts, such as `projects/my-project-123`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional limit on the number of service accounts to include in the
	// response. Further accounts can subsequently be obtained by including the
	// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token]
	// in a subsequent request.
	//
	// The default is 20, and the maximum is 100.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier
	// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

func (*ListServiceAccountsRequest) Descriptor() ([]byte, []int)

func (x *ListServiceAccountsRequest) GetName() string

func (x *ListServiceAccountsRequest) GetPageSize() int32

func (x *ListServiceAccountsRequest) GetPageToken() string

func (*ListServiceAccountsRequest) ProtoMessage()

func (x *ListServiceAccountsRequest) ProtoReflect() protoreflect.Message

func (x *ListServiceAccountsRequest) Reset()

func (x *ListServiceAccountsRequest) String() string

type ListServiceAccountsResponse struct {

	// The list of matching service accounts.
	Accounts []*ServiceAccount `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
	// To retrieve the next page of results, set
	// [ListServiceAccountsRequest.page_token][google.iam.admin.v1.ListServiceAccountsRequest.page_token]
	// to this value.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

func (*ListServiceAccountsResponse) Descriptor() ([]byte, []int)

func (x *ListServiceAccountsResponse) GetAccounts() []*ServiceAccount

func (x *ListServiceAccountsResponse) GetNextPageToken() string

func (*ListServiceAccountsResponse) ProtoMessage()

func (x *ListServiceAccountsResponse) ProtoReflect() protoreflect.Message

func (x *ListServiceAccountsResponse) Reset()

func (x *ListServiceAccountsResponse) String() string

type PatchServiceAccountRequest struct {
	ServiceAccount *ServiceAccount        `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
	UpdateMask     *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

func (*PatchServiceAccountRequest) Descriptor() ([]byte, []int)

func (x *PatchServiceAccountRequest) GetServiceAccount() *ServiceAccount

func (x *PatchServiceAccountRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*PatchServiceAccountRequest) ProtoMessage()

func (x *PatchServiceAccountRequest) ProtoReflect() protoreflect.Message

func (x *PatchServiceAccountRequest) Reset()

func (x *PatchServiceAccountRequest) String() string

type Permission struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`

	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`

	OnlyInPredefinedRoles bool "" /* 129 byte string literal not displayed */

	Stage Permission_PermissionLaunchStage `protobuf:"varint,5,opt,name=stage,proto3,enum=google.iam.admin.v1.Permission_PermissionLaunchStage" json:"stage,omitempty"`

	CustomRolesSupportLevel Permission_CustomRolesSupportLevel "" /* 195 byte string literal not displayed */

	ApiDisabled bool `protobuf:"varint,7,opt,name=api_disabled,json=apiDisabled,proto3" json:"api_disabled,omitempty"`

	PrimaryPermission string `protobuf:"bytes,8,opt,name=primary_permission,json=primaryPermission,proto3" json:"primary_permission,omitempty"`

}

func (*Permission) Descriptor() ([]byte, []int)

func (x *Permission) GetApiDisabled() bool

func (x *Permission) GetCustomRolesSupportLevel() Permission_CustomRolesSupportLevel

func (x *Permission) GetDescription() string

func (x *Permission) GetName() string

func (x *Permission) GetOnlyInPredefinedRoles() bool

func (x *Permission) GetPrimaryPermission() string

func (x *Permission) GetStage() Permission_PermissionLaunchStage

func (x *Permission) GetTitle() string

func (*Permission) ProtoMessage()

func (x *Permission) ProtoReflect() protoreflect.Message

func (x *Permission) Reset()

func (x *Permission) String() string

type Permission_CustomRolesSupportLevel int32

const (
	// Default state. Permission is fully supported for custom role use.
	Permission_SUPPORTED Permission_CustomRolesSupportLevel = 0
	// Permission is being tested to check custom role compatibility.
	Permission_TESTING Permission_CustomRolesSupportLevel = 1
	// Permission is not supported for custom role use.
	Permission_NOT_SUPPORTED Permission_CustomRolesSupportLevel = 2
)

func (Permission_CustomRolesSupportLevel) Descriptor() protoreflect.EnumDescriptor

func (x Permission_CustomRolesSupportLevel) Enum() *Permission_CustomRolesSupportLevel

func (Permission_CustomRolesSupportLevel) EnumDescriptor() ([]byte, []int)

func (x Permission_CustomRolesSupportLevel) Number() protoreflect.EnumNumber

func (x Permission_CustomRolesSupportLevel) String() string

func (Permission_CustomRolesSupportLevel) Type() protoreflect.EnumType

type Permission_PermissionLaunchStage int32

const (
	// The permission is currently in an alpha phase.
	Permission_ALPHA Permission_PermissionLaunchStage = 0
	// The permission is currently in a beta phase.
	Permission_BETA Permission_PermissionLaunchStage = 1
	// The permission is generally available.
	Permission_GA Permission_PermissionLaunchStage = 2
	// The permission is being deprecated.
	Permission_DEPRECATED Permission_PermissionLaunchStage = 3
)

func (Permission_PermissionLaunchStage) Descriptor() protoreflect.EnumDescriptor

func (x Permission_PermissionLaunchStage) Enum() *Permission_PermissionLaunchStage

func (Permission_PermissionLaunchStage) EnumDescriptor() ([]byte, []int)

func (x Permission_PermissionLaunchStage) Number() protoreflect.EnumNumber

func (x Permission_PermissionLaunchStage) String() string

func (Permission_PermissionLaunchStage) Type() protoreflect.EnumType

type QueryAuditableServicesRequest struct {

	// Required. The full resource name to query from the list of auditable
	// services.
	//
	// The name follows the Google Cloud Platform resource format.
	// For example, a Cloud Platform project with id `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// contains filtered or unexported fields
}

func (*QueryAuditableServicesRequest) Descriptor() ([]byte, []int)

func (x *QueryAuditableServicesRequest) GetFullResourceName() string

func (*QueryAuditableServicesRequest) ProtoMessage()

func (x *QueryAuditableServicesRequest) ProtoReflect() protoreflect.Message

func (x *QueryAuditableServicesRequest) Reset()

func (x *QueryAuditableServicesRequest) String() string

type QueryAuditableServicesResponse struct {

	// The auditable services for a resource.
	Services []*QueryAuditableServicesResponse_AuditableService `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
	// contains filtered or unexported fields
}

func (*QueryAuditableServicesResponse) Descriptor() ([]byte, []int)

func (x *QueryAuditableServicesResponse) GetServices() []*QueryAuditableServicesResponse_AuditableService

func (*QueryAuditableServicesResponse) ProtoMessage()

func (x *QueryAuditableServicesResponse) ProtoReflect() protoreflect.Message

func (x *QueryAuditableServicesResponse) Reset()

func (x *QueryAuditableServicesResponse) String() string

type QueryAuditableServicesResponse_AuditableService struct {

	// Public name of the service.
	// For example, the service name for Cloud IAM is 'iam.googleapis.com'.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*QueryAuditableServicesResponse_AuditableService) Descriptor() ([]byte, []int)

func (x *QueryAuditableServicesResponse_AuditableService) GetName() string

func (*QueryAuditableServicesResponse_AuditableService) ProtoMessage()

func (x *QueryAuditableServicesResponse_AuditableService) ProtoReflect() protoreflect.Message

func (x *QueryAuditableServicesResponse_AuditableService) Reset()

func (x *QueryAuditableServicesResponse_AuditableService) String() string

type QueryGrantableRolesRequest struct {

	// Required. The full resource name to query from the list of grantable roles.
	//
	// The name follows the Google Cloud Platform resource format.
	// For example, a Cloud Platform project with id `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	FullResourceName string   `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	View             RoleView `protobuf:"varint,2,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
	// Optional limit on the number of roles to include in the response.
	//
	// The default is 300, and the maximum is 1,000.
	PageSize int32 `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier
	// QueryGrantableRolesResponse.
	PageToken string `protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

func (*QueryGrantableRolesRequest) Descriptor() ([]byte, []int)

func (x *QueryGrantableRolesRequest) GetFullResourceName() string

func (x *QueryGrantableRolesRequest) GetPageSize() int32

func (x *QueryGrantableRolesRequest) GetPageToken() string

func (x *QueryGrantableRolesRequest) GetView() RoleView