// Copyright (c) 2015, Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.iam.v1;

option java_multiple_files = true;
option java_outer_classname = "PolicyProto";
option java_package = "com.google.iam.v1";


// # Overview
//
// The `Policy` defines an access control policy language. It is used to
// define policies that are attached to resources like files, folders, VMs,
// etc.
//
//
// # Policy structure
//
// A `Policy` consists of a list of bindings. A `Binding` binds a set of members
// to a role, where the members include user accounts, user groups, user
// domains, and service accounts. A 'role' is a named set of permissions,
// defined by IAM. The definition of a role is outside the policy.
//
// A permission check first determines the roles that include the specified
// permission, and then determines if the principal specified is a
// member of a binding to at least one of these roles. The membership check is
// recursive when a group is bound to a role.
//
// Policy examples:
//
// ```
// {
//   "bindings": [
//     {
//       "role": "roles/owner",
//       "members": [
//         "user:mike@example.com",
//         "group:admins@example.com",
//         "domain:google.com",
//         "serviceAccount:frontend@example.iam.gserviceaccounts.com"]
//     },
//     {
//       "role": "roles/viewer",
//       "members": ["user:sean@example.com"]
//     }
//   ]
// }
// ```
message Policy {
  // The policy language version. The version of the policy is
  // represented by the etag. The default version is 0.
  int32 version = 1;

  // It is an error to specify multiple bindings for the same role.
  // It is an error to specify a binding with no members.
  repeated Binding bindings = 4;

  // Can be used to perform a read-modify-write.
  bytes etag = 3;
}

// Associates members with roles. See below for allowed
// formats of members.
message Binding {
  // The name of the role to which the members should be bound.
  // Examples: "roles/viewer", "roles/editor", "roles/owner".
  // Required
  string role = 1;

  // Format of member entries:
  // 1. allUsers
  //    Matches any requesting principal (users, service accounts or anonymous).
  //
  // 2. allAuthenticatedUsers
  //    Matches any requesting authenticated principal (users or service
  //    accounts).
  //
  // 3. user:{emailid}
  //    A google user account using an email address.
  //    For example alice@gmail.com, joe@example.com
  //
  // 4. serviceAccount:{emailid}
  //    An service account email.
  //
  // 5. group:{emailid}
  //    A google group with an email address. For example
  //    auth-ti-cloud@google.com
  //
  // 6. domain:{domain}
  //    A Google Apps domain name.
  //    For example google.com, example.com
  repeated string members = 2;
}