-
Notifications
You must be signed in to change notification settings - Fork 2.3k
/
organizations.proto
241 lines (211 loc) · 9.85 KB
/
organizations.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.resourcemanager.v3;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/iam/v1/iam_policy.proto";
import "google/iam/v1/policy.proto";
import "google/protobuf/timestamp.proto";
option csharp_namespace = "Google.Cloud.ResourceManager.V3";
option go_package = "cloud.google.com/go/resourcemanager/apiv3/resourcemanagerpb;resourcemanagerpb";
option java_multiple_files = true;
option java_outer_classname = "OrganizationsProto";
option java_package = "com.google.cloud.resourcemanager.v3";
option php_namespace = "Google\\Cloud\\ResourceManager\\V3";
option ruby_package = "Google::Cloud::ResourceManager::V3";
// Allows users to manage their organization resources.
service Organizations {
option (google.api.default_host) = "cloudresourcemanager.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform,"
"https://www.googleapis.com/auth/cloud-platform.read-only";
// Fetches an organization resource identified by the specified resource name.
rpc GetOrganization(GetOrganizationRequest) returns (Organization) {
option (google.api.http) = {
get: "/v3/{name=organizations/*}"
};
option (google.api.method_signature) = "name";
}
// Searches organization resources that are visible to the user and satisfy
// the specified filter. This method returns organizations in an unspecified
// order. New organizations do not necessarily appear at the end of the
// results, and may take a small amount of time to appear.
//
// Search will only return organizations on which the user has the permission
// `resourcemanager.organizations.get`
rpc SearchOrganizations(SearchOrganizationsRequest)
returns (SearchOrganizationsResponse) {
option (google.api.http) = {
get: "/v3/organizations:search"
};
option (google.api.method_signature) = "query";
}
// Gets the access control policy for an organization resource. The policy may
// be empty if no such policy or resource exists. The `resource` field should
// be the organization's resource name, for example: "organizations/123".
//
// Authorization requires the IAM permission
// `resourcemanager.organizations.getIamPolicy` on the specified organization.
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
returns (google.iam.v1.Policy) {
option (google.api.http) = {
post: "/v3/{resource=organizations/*}:getIamPolicy"
body: "*"
};
option (google.api.method_signature) = "resource";
}
// Sets the access control policy on an organization resource. Replaces any
// existing policy. The `resource` field should be the organization's resource
// name, for example: "organizations/123".
//
// Authorization requires the IAM permission
// `resourcemanager.organizations.setIamPolicy` on the specified organization.
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
returns (google.iam.v1.Policy) {
option (google.api.http) = {
post: "/v3/{resource=organizations/*}:setIamPolicy"
body: "*"
};
option (google.api.method_signature) = "resource";
}
// Returns the permissions that a caller has on the specified organization.
// The `resource` field should be the organization's resource name,
// for example: "organizations/123".
//
// There are no permissions required for making this API call.
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
returns (google.iam.v1.TestIamPermissionsResponse) {
option (google.api.http) = {
post: "/v3/{resource=organizations/*}:testIamPermissions"
body: "*"
};
option (google.api.method_signature) = "resource,permissions";
}
}
// The root node in the resource hierarchy to which a particular entity's
// (a company, for example) resources belong.
message Organization {
option (google.api.resource) = {
type: "cloudresourcemanager.googleapis.com/Organization"
pattern: "organizations/{organization}"
style: DECLARATIVE_FRIENDLY
};
// Organization lifecycle states.
enum State {
// Unspecified state. This is only useful for distinguishing unset values.
STATE_UNSPECIFIED = 0;
// The normal and active state.
ACTIVE = 1;
// The organization has been marked for deletion by the user.
DELETE_REQUESTED = 2;
}
// Output only. The resource name of the organization. This is the
// organization's relative path in the API. Its format is
// "organizations/[organization_id]". For example, "organizations/1234".
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. A human-readable string that refers to the organization in the
// Google Cloud Console. This string is set by the server and cannot be
// changed. The string will be set to the primary domain (for example,
// "google.com") of the Google Workspace customer that owns the organization.
string display_name = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
// The owner of this organization. The owner should be specified on
// creation. Once set, it cannot be changed.
//
// The lifetime of the organization and all of its descendants are bound to
// the owner. If the owner is deleted, the organization and all its
// descendants will be deleted.
oneof owner {
// Immutable. The G Suite / Workspace customer id used in the Directory API.
string directory_customer_id = 3 [(google.api.field_behavior) = IMMUTABLE];
}
// Output only. The organization's current lifecycle state.
State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Timestamp when the Organization was created.
google.protobuf.Timestamp create_time = 5
[(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Timestamp when the Organization was last modified.
google.protobuf.Timestamp update_time = 6
[(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Timestamp when the Organization was requested for deletion.
google.protobuf.Timestamp delete_time = 7
[(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. A checksum computed by the server based on the current value
// of the Organization resource. This may be sent on update and delete
// requests to ensure the client has an up-to-date value before proceeding.
string etag = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// The request sent to the `GetOrganization` method. The `name` field is
// required. `organization_id` is no longer accepted.
message GetOrganizationRequest {
// Required. The resource name of the Organization to fetch. This is the
// organization's relative path in the API, formatted as
// "organizations/[organizationId]". For example, "organizations/1234".
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudresourcemanager.googleapis.com/Organization"
}
];
}
// The request sent to the `SearchOrganizations` method.
message SearchOrganizationsRequest {
// Optional. The maximum number of organizations to return in the response.
// The server can return fewer organizations than requested. If unspecified,
// server picks an appropriate default.
int32 page_size = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. A pagination token returned from a previous call to
// `SearchOrganizations` that indicates from where listing should continue.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. An optional query string used to filter the Organizations to
// return in the response. Query rules are case-insensitive.
//
//
// ```
// | Field | Description |
// |------------------|--------------------------------------------|
// | directoryCustomerId, owner.directoryCustomerId | Filters by directory
// customer id. |
// | domain | Filters by domain. |
// ```
//
// Organizations may be queried by `directoryCustomerId` or by
// `domain`, where the domain is a G Suite domain, for example:
//
// * Query `directorycustomerid:123456789` returns Organization
// resources with `owner.directory_customer_id` equal to `123456789`.
// * Query `domain:google.com` returns Organization resources corresponding
// to the domain `google.com`.
string query = 3 [(google.api.field_behavior) = OPTIONAL];
}
// The response returned from the `SearchOrganizations` method.
message SearchOrganizationsResponse {
// The list of Organizations that matched the search query, possibly
// paginated.
repeated Organization organizations = 1;
// A pagination token to be used to retrieve the next page of results. If the
// result is too large to fit within the page size specified in the request,
// this field will be set with a token that can be used to fetch the next page
// of results. If this field is empty, it indicates that this response
// contains the last page of results.
string next_page_token = 2;
}
// A status object which is used as the `metadata` field for the operation
// returned by DeleteOrganization.
message DeleteOrganizationMetadata {}
// A status object which is used as the `metadata` field for the Operation
// returned by UndeleteOrganization.
message UndeleteOrganizationMetadata {}