initial commit

server/node_modules/google-gax/build/protos/google/iam/v1/iam_policy.proto

@@ -0,0 +1,155 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.v1;
+
+import "google/api/annotations.proto";
+import "google/api/client.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/iam/v1/options.proto";
+import "google/iam/v1/policy.proto";
+import "google/protobuf/field_mask.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.Iam.V1";
+option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb";
+option java_multiple_files = true;
+option java_outer_classname = "IamPolicyProto";
+option java_package = "com.google.iam.v1";
+option php_namespace = "Google\\Cloud\\Iam\\V1";
+
+// API Overview
+//
+//
+// Manages Identity and Access Management (IAM) policies.
+//
+// Any implementation of an API that offers access control features
+// implements the google.iam.v1.IAMPolicy interface.
+//
+// ## Data model
+//
+// Access control is applied when a principal (user or service account), takes
+// some action on a resource exposed by a service. Resources, identified by
+// URI-like names, are the unit of access control specification. Service
+// implementations can choose the granularity of access control and the
+// supported permissions for their resources.
+// For example one database service may allow access control to be
+// specified only at the Table level, whereas another might allow access control
+// to also be specified at the Column level.
+//
+// ## Policy Structure
+//
+// See google.iam.v1.Policy
+//
+// This is intentionally not a CRUD style API because access control policies
+// are created and deleted implicitly with the resources to which they are
+// attached.
+service IAMPolicy {
+  option (google.api.default_host) = "iam-meta-api.googleapis.com";
+
+  // Sets the access control policy on the specified resource. Replaces any
+  // existing policy.
+  //
+  // Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
+  rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) {
+    option (google.api.http) = {
+      post: "/v1/{resource=**}:setIamPolicy"
+      body: "*"
+    };
+  }
+
+  // Gets the access control policy for a resource.
+  // Returns an empty policy if the resource exists and does not have a policy
+  // set.
+  rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) {
+    option (google.api.http) = {
+      post: "/v1/{resource=**}:getIamPolicy"
+      body: "*"
+    };
+  }
+
+  // Returns permissions that a caller has on the specified resource.
+  // If the resource does not exist, this will return an empty set of
+  // permissions, not a `NOT_FOUND` error.
+  //
+  // Note: This operation is designed to be used for building permission-aware
+  // UIs and command-line tools, not for authorization checking. This operation
+  // may "fail open" without warning.
+  rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) {
+    option (google.api.http) = {
+      post: "/v1/{resource=**}:testIamPermissions"
+      body: "*"
+    };
+  }
+}
+
+// Request message for `SetIamPolicy` method.
+message SetIamPolicyRequest {
+  // REQUIRED: The resource for which the policy is being specified.
+  // See the operation documentation for the appropriate value for this field.
+  string resource = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference).type = "*"];
+
+  // REQUIRED: The complete policy to be applied to the `resource`. The size of
+  // the policy is limited to a few 10s of KB. An empty policy is a
+  // valid policy but certain Cloud Platform services (such as Projects)
+  // might reject them.
+  Policy policy = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+  // the fields in the mask will be modified. If no mask is provided, the
+  // following default mask is used:
+  //
+  // `paths: "bindings, etag"`
+  google.protobuf.FieldMask update_mask = 3;
+}
+
+// Request message for `GetIamPolicy` method.
+message GetIamPolicyRequest {
+  // REQUIRED: The resource for which the policy is being requested.
+  // See the operation documentation for the appropriate value for this field.
+  string resource = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference).type = "*"];
+
+  // OPTIONAL: A `GetPolicyOptions` object for specifying options to
+  // `GetIamPolicy`.
+  GetPolicyOptions options = 2;
+}
+
+// Request message for `TestIamPermissions` method.
+message TestIamPermissionsRequest {
+  // REQUIRED: The resource for which the policy detail is being requested.
+  // See the operation documentation for the appropriate value for this field.
+  string resource = 1[
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference).type = "*"];
+
+  // The set of permissions to check for the `resource`. Permissions with
+  // wildcards (such as '*' or 'storage.*') are not allowed. For more
+  // information see
+  // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+  repeated string permissions = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Response message for `TestIamPermissions` method.
+message TestIamPermissionsResponse {
+  // A subset of `TestPermissionsRequest.permissions` that the caller is
+  // allowed.
+  repeated string permissions = 1;
+}

server/node_modules/google-gax/build/protos/google/iam/v1/logging/audit_data.proto

@@ -0,0 +1,33 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.v1.logging;
+
+import "google/iam/v1/policy.proto";
+
+option csharp_namespace = "Google.Cloud.Iam.V1.Logging";
+option go_package = "cloud.google.com/go/iam/apiv1/logging/loggingpb;loggingpb";
+option java_multiple_files = true;
+option java_outer_classname = "AuditDataProto";
+option java_package = "com.google.iam.v1.logging";
+
+// Audit log information specific to Cloud IAM. This message is serialized
+// as an `Any` type in the `ServiceData` message of an
+// `AuditLog` message.
+message AuditData {
+  // Policy delta between the original policy and the newly set policy.
+  google.iam.v1.PolicyDelta policy_delta = 2;
+}

server/node_modules/google-gax/build/protos/google/iam/v1/options.proto

@@ -0,0 +1,48 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.v1;
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.Iam.V1";
+option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb";
+option java_multiple_files = true;
+option java_outer_classname = "OptionsProto";
+option java_package = "com.google.iam.v1";
+option php_namespace = "Google\\Cloud\\Iam\\V1";
+
+// Encapsulates settings provided to GetIamPolicy.
+message GetPolicyOptions {
+  // Optional. The maximum policy version that will be used to format the
+  // policy.
+  //
+  // Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+  // rejected.
+  //
+  // Requests for policies with any conditional role bindings must specify
+  // version 3. Policies with no conditional role bindings may specify any valid
+  // value or leave the field unset.
+  //
+  // The policy in the response might use the policy version that you specified,
+  // or it might use a lower policy version. For example, if you specify version
+  // 3, but the policy has no conditional role bindings, the response uses
+  // version 1.
+  //
+  // To learn which resources support conditions in their IAM policies, see the
+  // [IAM
+  // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  int32 requested_policy_version = 1;
+}

server/node_modules/google-gax/build/protos/google/iam/v1/policy.proto

@@ -0,0 +1,410 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.v1;
+
+import "google/type/expr.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.Iam.V1";
+option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb";
+option java_multiple_files = true;
+option java_outer_classname = "PolicyProto";
+option java_package = "com.google.iam.v1";
+option php_namespace = "Google\\Cloud\\Iam\\V1";
+
+// An Identity and Access Management (IAM) policy, which specifies access
+// controls for Google Cloud resources.
+//
+//
+// A `Policy` is a collection of `bindings`. A `binding` binds one or more
+// `members`, or principals, to a single `role`. Principals can be user
+// accounts, service accounts, Google groups, and domains (such as G Suite). A
+// `role` is a named list of permissions; each `role` can be an IAM predefined
+// role or a user-created custom role.
+//
+// For some types of Google Cloud resources, a `binding` can also specify a
+// `condition`, which is a logical expression that allows access to a resource
+// only if the expression evaluates to `true`. A condition can add constraints
+// based on attributes of the request, the resource, or both. To learn which
+// resources support conditions in their IAM policies, see the
+// [IAM
+// documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+//
+// **JSON example:**
+//
+// ```
+//     {
+//       "bindings": [
+//         {
+//           "role": "roles/resourcemanager.organizationAdmin",
+//           "members": [
+//             "user:mike@example.com",
+//             "group:admins@example.com",
+//             "domain:google.com",
+//             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+//           ]
+//         },
+//         {
+//           "role": "roles/resourcemanager.organizationViewer",
+//           "members": [
+//             "user:eve@example.com"
+//           ],
+//           "condition": {
+//             "title": "expirable access",
+//             "description": "Does not grant access after Sep 2020",
+//             "expression": "request.time <
+//             timestamp('2020-10-01T00:00:00.000Z')",
+//           }
+//         }
+//       ],
+//       "etag": "BwWWja0YfJA=",
+//       "version": 3
+//     }
+// ```
+//
+// **YAML example:**
+//
+// ```
+//     bindings:
+//     - members:
+//       - user:mike@example.com
+//       - group:admins@example.com
+//       - domain:google.com
+//       - serviceAccount:my-project-id@appspot.gserviceaccount.com
+//       role: roles/resourcemanager.organizationAdmin
+//     - members:
+//       - user:eve@example.com
+//       role: roles/resourcemanager.organizationViewer
+//       condition:
+//         title: expirable access
+//         description: Does not grant access after Sep 2020
+//         expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+//     etag: BwWWja0YfJA=
+//     version: 3
+// ```
+//
+// For a description of IAM and its features, see the
+// [IAM documentation](https://cloud.google.com/iam/docs/).
+message Policy {
+  // Specifies the format of the policy.
+  //
+  // Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+  // are rejected.
+  //
+  // Any operation that affects conditional role bindings must specify version
+  // `3`. This requirement applies to the following operations:
+  //
+  // * Getting a policy that includes a conditional role binding
+  // * Adding a conditional role binding to a policy
+  // * Changing a conditional role binding in a policy
+  // * Removing any role binding, with or without a condition, from a policy
+  //   that includes conditions
+  //
+  // **Important:** If you use IAM Conditions, you must include the `etag` field
+  // whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+  // you to overwrite a version `3` policy with a version `1` policy, and all of
+  // the conditions in the version `3` policy are lost.
+  //
+  // If a policy does not include any conditions, operations on that policy may
+  // specify any valid version or leave the field unset.
+  //
+  // To learn which resources support conditions in their IAM policies, see the
+  // [IAM
+  // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  int32 version = 1;
+
+  // Associates a list of `members`, or principals, with a `role`. Optionally,
+  // may specify a `condition` that determines how and when the `bindings` are
+  // applied. Each of the `bindings` must contain at least one principal.
+  //
+  // The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
+  // of these principals can be Google groups. Each occurrence of a principal
+  // counts towards these limits. For example, if the `bindings` grant 50
+  // different roles to `user:alice@example.com`, and not to any other
+  // principal, then you can add another 1,450 principals to the `bindings` in
+  // the `Policy`.
+  repeated Binding bindings = 4;
+
+  // Specifies cloud audit logging configuration for this policy.
+  repeated AuditConfig audit_configs = 6;
+
+  // `etag` is used for optimistic concurrency control as a way to help
+  // prevent simultaneous updates of a policy from overwriting each other.
+  // It is strongly suggested that systems make use of the `etag` in the
+  // read-modify-write cycle to perform policy updates in order to avoid race
+  // conditions: An `etag` is returned in the response to `getIamPolicy`, and
+  // systems are expected to put that etag in the request to `setIamPolicy` to
+  // ensure that their change will be applied to the same version of the policy.
+  //
+  // **Important:** If you use IAM Conditions, you must include the `etag` field
+  // whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+  // you to overwrite a version `3` policy with a version `1` policy, and all of
+  // the conditions in the version `3` policy are lost.
+  bytes etag = 3;
+}
+
+// Associates `members`, or principals, with a `role`.
+message Binding {
+  // Role that is assigned to the list of `members`, or principals.
+  // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+  string role = 1;
+
+  // Specifies the principals requesting access for a Google Cloud resource.
+  // `members` can have the following values:
+  //
+  // * `allUsers`: A special identifier that represents anyone who is
+  //    on the internet; with or without a Google account.
+  //
+  // * `allAuthenticatedUsers`: A special identifier that represents anyone
+  //    who is authenticated with a Google account or a service account.
+  //
+  // * `user:{emailid}`: An email address that represents a specific Google
+  //    account. For example, `alice@example.com` .
+  //
+  //
+  // * `serviceAccount:{emailid}`: An email address that represents a service
+  //    account. For example, `my-other-app@appspot.gserviceaccount.com`.
+  //
+  // * `group:{emailid}`: An email address that represents a Google group.
+  //    For example, `admins@example.com`.
+  //
+  // * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+  //    identifier) representing a user that has been recently deleted. For
+  //    example, `alice@example.com?uid=123456789012345678901`. If the user is
+  //    recovered, this value reverts to `user:{emailid}` and the recovered user
+  //    retains the role in the binding.
+  //
+  // * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+  //    unique identifier) representing a service account that has been recently
+  //    deleted. For example,
+  //    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+  //    If the service account is undeleted, this value reverts to
+  //    `serviceAccount:{emailid}` and the undeleted service account retains the
+  //    role in the binding.
+  //
+  // * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+  //    identifier) representing a Google group that has been recently
+  //    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+  //    the group is recovered, this value reverts to `group:{emailid}` and the
+  //    recovered group retains the role in the binding.
+  //
+  //
+  // * `domain:{domain}`: The G Suite domain (primary) that represents all the
+  //    users of that domain. For example, `google.com` or `example.com`.
+  //
+  //
+  repeated string members = 2;
+
+  // The condition that is associated with this binding.
+  //
+  // If the condition evaluates to `true`, then this binding applies to the
+  // current request.
+  //
+  // If the condition evaluates to `false`, then this binding does not apply to
+  // the current request. However, a different role binding might grant the same
+  // role to one or more of the principals in this binding.
+  //
+  // To learn which resources support conditions in their IAM policies, see the
+  // [IAM
+  // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  google.type.Expr condition = 3;
+}
+
+// Specifies the audit configuration for a service.
+// The configuration determines which permission types are logged, and what
+// identities, if any, are exempted from logging.
+// An AuditConfig must have one or more AuditLogConfigs.
+//
+// If there are AuditConfigs for both `allServices` and a specific service,
+// the union of the two AuditConfigs is used for that service: the log_types
+// specified in each AuditConfig are enabled, and the exempted_members in each
+// AuditLogConfig are exempted.
+//
+// Example Policy with multiple AuditConfigs:
+//
+//     {
+//       "audit_configs": [
+//         {
+//           "service": "allServices",
+//           "audit_log_configs": [
+//             {
+//               "log_type": "DATA_READ",
+//               "exempted_members": [
+//                 "user:jose@example.com"
+//               ]
+//             },
+//             {
+//               "log_type": "DATA_WRITE"
+//             },
+//             {
+//               "log_type": "ADMIN_READ"
+//             }
+//           ]
+//         },
+//         {
+//           "service": "sampleservice.googleapis.com",
+//           "audit_log_configs": [
+//             {
+//               "log_type": "DATA_READ"
+//             },
+//             {
+//               "log_type": "DATA_WRITE",
+//               "exempted_members": [
+//                 "user:aliya@example.com"
+//               ]
+//             }
+//           ]
+//         }
+//       ]
+//     }
+//
+// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+// logging. It also exempts `jose@example.com` from DATA_READ logging, and
+// `aliya@example.com` from DATA_WRITE logging.
+message AuditConfig {
+  // Specifies a service that will be enabled for audit logging.
+  // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+  // `allServices` is a special value that covers all services.
+  string service = 1;
+
+  // The configuration for logging of each type of permission.
+  repeated AuditLogConfig audit_log_configs = 3;
+}
+
+// Provides the configuration for logging a type of permissions.
+// Example:
+//
+//     {
+//       "audit_log_configs": [
+//         {
+//           "log_type": "DATA_READ",
+//           "exempted_members": [
+//             "user:jose@example.com"
+//           ]
+//         },
+//         {
+//           "log_type": "DATA_WRITE"
+//         }
+//       ]
+//     }
+//
+// This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+// jose@example.com from DATA_READ logging.
+message AuditLogConfig {
+  // The list of valid permission types for which logging can be configured.
+  // Admin writes are always logged, and are not configurable.
+  enum LogType {
+    // Default case. Should never be this.
+    LOG_TYPE_UNSPECIFIED = 0;
+
+    // Admin reads. Example: CloudIAM getIamPolicy
+    ADMIN_READ = 1;
+
+    // Data writes. Example: CloudSQL Users create
+    DATA_WRITE = 2;
+
+    // Data reads. Example: CloudSQL Users list
+    DATA_READ = 3;
+  }
+
+  // The log type that this config enables.
+  LogType log_type = 1;
+
+  // Specifies the identities that do not cause logging for this type of
+  // permission.
+  // Follows the same format of
+  // [Binding.members][google.iam.v1.Binding.members].
+  repeated string exempted_members = 2;
+}
+
+// The difference delta between two policies.
+message PolicyDelta {
+  // The delta for Bindings between two policies.
+  repeated BindingDelta binding_deltas = 1;
+
+  // The delta for AuditConfigs between two policies.
+  repeated AuditConfigDelta audit_config_deltas = 2;
+}
+
+// One delta entry for Binding. Each individual change (only one member in each
+// entry) to a binding will be a separate entry.
+message BindingDelta {
+  // The type of action performed on a Binding in a policy.
+  enum Action {
+    // Unspecified.
+    ACTION_UNSPECIFIED = 0;
+
+    // Addition of a Binding.
+    ADD = 1;
+
+    // Removal of a Binding.
+    REMOVE = 2;
+  }
+
+  // The action that was performed on a Binding.
+  // Required
+  Action action = 1;
+
+  // Role that is assigned to `members`.
+  // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+  // Required
+  string role = 2;
+
+  // A single identity requesting access for a Google Cloud resource.
+  // Follows the same format of Binding.members.
+  // Required
+  string member = 3;
+
+  // The condition that is associated with this binding.
+  google.type.Expr condition = 4;
+}
+
+// One delta entry for AuditConfig. Each individual change (only one
+// exempted_member in each entry) to a AuditConfig will be a separate entry.
+message AuditConfigDelta {
+  // The type of action performed on an audit configuration in a policy.
+  enum Action {
+    // Unspecified.
+    ACTION_UNSPECIFIED = 0;
+
+    // Addition of an audit configuration.
+    ADD = 1;
+
+    // Removal of an audit configuration.
+    REMOVE = 2;
+  }
+
+  // The action that was performed on an audit configuration in a policy.
+  // Required
+  Action action = 1;
+
+  // Specifies a service that was configured for Cloud Audit Logging.
+  // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+  // `allServices` is a special value that covers all services.
+  // Required
+  string service = 2;
+
+  // A single identity that is exempted from "data access" audit
+  // logging for the `service` specified above.
+  // Follows the same format of Binding.members.
+  string exempted_member = 3;
+
+  // Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
+  // enabled, and cannot be configured.
+  // Required
+  string log_type = 4;
+}