/*
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Generated by the protocol buffer compiler. DO NOT EDIT!
// source: google/iam/v2beta/deny.proto
package com.google.iam.v2beta;
/**
*
*
*
* A deny rule in an IAM deny policy.
*
*
* Protobuf type {@code google.iam.v2beta.DenyRule}
*/
public final class DenyRule extends com.google.protobuf.GeneratedMessageV3
implements
// @@protoc_insertion_point(message_implements:google.iam.v2beta.DenyRule)
DenyRuleOrBuilder {
private static final long serialVersionUID = 0L;
// Use DenyRule.newBuilder() to construct.
private DenyRule(com.google.protobuf.GeneratedMessageV3.Builder builder) {
super(builder);
}
private DenyRule() {
deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
}
@java.lang.Override
@SuppressWarnings({"unused"})
protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
return new DenyRule();
}
@java.lang.Override
public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
return this.unknownFields;
}
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
return com.google.iam.v2beta.DenyRuleProto
.internal_static_google_iam_v2beta_DenyRule_descriptor;
}
@java.lang.Override
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
internalGetFieldAccessorTable() {
return com.google.iam.v2beta.DenyRuleProto
.internal_static_google_iam_v2beta_DenyRule_fieldAccessorTable
.ensureFieldAccessorsInitialized(
com.google.iam.v2beta.DenyRule.class, com.google.iam.v2beta.DenyRule.Builder.class);
}
public static final int DENIED_PRINCIPALS_FIELD_NUMBER = 1;
@SuppressWarnings("serial")
private com.google.protobuf.LazyStringList deniedPrincipals_;
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @return A list containing the deniedPrincipals.
*/
public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
return deniedPrincipals_;
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @return The count of deniedPrincipals.
*/
public int getDeniedPrincipalsCount() {
return deniedPrincipals_.size();
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index of the element to return.
* @return The deniedPrincipals at the given index.
*/
public java.lang.String getDeniedPrincipals(int index) {
return deniedPrincipals_.get(index);
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index of the value to return.
* @return The bytes of the deniedPrincipals at the given index.
*/
public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
return deniedPrincipals_.getByteString(index);
}
public static final int EXCEPTION_PRINCIPALS_FIELD_NUMBER = 2;
@SuppressWarnings("serial")
private com.google.protobuf.LazyStringList exceptionPrincipals_;
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return A list containing the exceptionPrincipals.
*/
public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
return exceptionPrincipals_;
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return The count of exceptionPrincipals.
*/
public int getExceptionPrincipalsCount() {
return exceptionPrincipals_.size();
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index of the element to return.
* @return The exceptionPrincipals at the given index.
*/
public java.lang.String getExceptionPrincipals(int index) {
return exceptionPrincipals_.get(index);
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index of the value to return.
* @return The bytes of the exceptionPrincipals at the given index.
*/
public com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index) {
return exceptionPrincipals_.getByteString(index);
}
public static final int DENIED_PERMISSIONS_FIELD_NUMBER = 3;
@SuppressWarnings("serial")
private com.google.protobuf.LazyStringList deniedPermissions_;
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return A list containing the deniedPermissions.
*/
public com.google.protobuf.ProtocolStringList getDeniedPermissionsList() {
return deniedPermissions_;
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return The count of deniedPermissions.
*/
public int getDeniedPermissionsCount() {
return deniedPermissions_.size();
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index of the element to return.
* @return The deniedPermissions at the given index.
*/
public java.lang.String getDeniedPermissions(int index) {
return deniedPermissions_.get(index);
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index of the value to return.
* @return The bytes of the deniedPermissions at the given index.
*/
public com.google.protobuf.ByteString getDeniedPermissionsBytes(int index) {
return deniedPermissions_.getByteString(index);
}
public static final int EXCEPTION_PERMISSIONS_FIELD_NUMBER = 4;
@SuppressWarnings("serial")
private com.google.protobuf.LazyStringList exceptionPermissions_;
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return A list containing the exceptionPermissions.
*/
public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
return exceptionPermissions_;
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return The count of exceptionPermissions.
*/
public int getExceptionPermissionsCount() {
return exceptionPermissions_.size();
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index of the element to return.
* @return The exceptionPermissions at the given index.
*/
public java.lang.String getExceptionPermissions(int index) {
return exceptionPermissions_.get(index);
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index of the value to return.
* @return The bytes of the exceptionPermissions at the given index.
*/
public com.google.protobuf.ByteString getExceptionPermissionsBytes(int index) {
return exceptionPermissions_.getByteString(index);
}
public static final int DENIAL_CONDITION_FIELD_NUMBER = 5;
private com.google.type.Expr denialCondition_;
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*
* @return Whether the denialCondition field is set.
*/
@java.lang.Override
public boolean hasDenialCondition() {
return denialCondition_ != null;
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*
* @return The denialCondition.
*/
@java.lang.Override
public com.google.type.Expr getDenialCondition() {
return denialCondition_ == null ? com.google.type.Expr.getDefaultInstance() : denialCondition_;
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
@java.lang.Override
public com.google.type.ExprOrBuilder getDenialConditionOrBuilder() {
return denialCondition_ == null ? com.google.type.Expr.getDefaultInstance() : denialCondition_;
}
private byte memoizedIsInitialized = -1;
@java.lang.Override
public final boolean isInitialized() {
byte isInitialized = memoizedIsInitialized;
if (isInitialized == 1) return true;
if (isInitialized == 0) return false;
memoizedIsInitialized = 1;
return true;
}
@java.lang.Override
public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
for (int i = 0; i < deniedPrincipals_.size(); i++) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 1, deniedPrincipals_.getRaw(i));
}
for (int i = 0; i < exceptionPrincipals_.size(); i++) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 2, exceptionPrincipals_.getRaw(i));
}
for (int i = 0; i < deniedPermissions_.size(); i++) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 3, deniedPermissions_.getRaw(i));
}
for (int i = 0; i < exceptionPermissions_.size(); i++) {
com.google.protobuf.GeneratedMessageV3.writeString(
output, 4, exceptionPermissions_.getRaw(i));
}
if (denialCondition_ != null) {
output.writeMessage(5, getDenialCondition());
}
getUnknownFields().writeTo(output);
}
@java.lang.Override
public int getSerializedSize() {
int size = memoizedSize;
if (size != -1) return size;
size = 0;
{
int dataSize = 0;
for (int i = 0; i < deniedPrincipals_.size(); i++) {
dataSize += computeStringSizeNoTag(deniedPrincipals_.getRaw(i));
}
size += dataSize;
size += 1 * getDeniedPrincipalsList().size();
}
{
int dataSize = 0;
for (int i = 0; i < exceptionPrincipals_.size(); i++) {
dataSize += computeStringSizeNoTag(exceptionPrincipals_.getRaw(i));
}
size += dataSize;
size += 1 * getExceptionPrincipalsList().size();
}
{
int dataSize = 0;
for (int i = 0; i < deniedPermissions_.size(); i++) {
dataSize += computeStringSizeNoTag(deniedPermissions_.getRaw(i));
}
size += dataSize;
size += 1 * getDeniedPermissionsList().size();
}
{
int dataSize = 0;
for (int i = 0; i < exceptionPermissions_.size(); i++) {
dataSize += computeStringSizeNoTag(exceptionPermissions_.getRaw(i));
}
size += dataSize;
size += 1 * getExceptionPermissionsList().size();
}
if (denialCondition_ != null) {
size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, getDenialCondition());
}
size += getUnknownFields().getSerializedSize();
memoizedSize = size;
return size;
}
@java.lang.Override
public boolean equals(final java.lang.Object obj) {
if (obj == this) {
return true;
}
if (!(obj instanceof com.google.iam.v2beta.DenyRule)) {
return super.equals(obj);
}
com.google.iam.v2beta.DenyRule other = (com.google.iam.v2beta.DenyRule) obj;
if (!getDeniedPrincipalsList().equals(other.getDeniedPrincipalsList())) return false;
if (!getExceptionPrincipalsList().equals(other.getExceptionPrincipalsList())) return false;
if (!getDeniedPermissionsList().equals(other.getDeniedPermissionsList())) return false;
if (!getExceptionPermissionsList().equals(other.getExceptionPermissionsList())) return false;
if (hasDenialCondition() != other.hasDenialCondition()) return false;
if (hasDenialCondition()) {
if (!getDenialCondition().equals(other.getDenialCondition())) return false;
}
if (!getUnknownFields().equals(other.getUnknownFields())) return false;
return true;
}
@java.lang.Override
public int hashCode() {
if (memoizedHashCode != 0) {
return memoizedHashCode;
}
int hash = 41;
hash = (19 * hash) + getDescriptor().hashCode();
if (getDeniedPrincipalsCount() > 0) {
hash = (37 * hash) + DENIED_PRINCIPALS_FIELD_NUMBER;
hash = (53 * hash) + getDeniedPrincipalsList().hashCode();
}
if (getExceptionPrincipalsCount() > 0) {
hash = (37 * hash) + EXCEPTION_PRINCIPALS_FIELD_NUMBER;
hash = (53 * hash) + getExceptionPrincipalsList().hashCode();
}
if (getDeniedPermissionsCount() > 0) {
hash = (37 * hash) + DENIED_PERMISSIONS_FIELD_NUMBER;
hash = (53 * hash) + getDeniedPermissionsList().hashCode();
}
if (getExceptionPermissionsCount() > 0) {
hash = (37 * hash) + EXCEPTION_PERMISSIONS_FIELD_NUMBER;
hash = (53 * hash) + getExceptionPermissionsList().hashCode();
}
if (hasDenialCondition()) {
hash = (37 * hash) + DENIAL_CONDITION_FIELD_NUMBER;
hash = (53 * hash) + getDenialCondition().hashCode();
}
hash = (29 * hash) + getUnknownFields().hashCode();
memoizedHashCode = hash;
return hash;
}
public static com.google.iam.v2beta.DenyRule parseFrom(java.nio.ByteBuffer data)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data);
}
public static com.google.iam.v2beta.DenyRule parseFrom(
java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data, extensionRegistry);
}
public static com.google.iam.v2beta.DenyRule parseFrom(com.google.protobuf.ByteString data)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data);
}
public static com.google.iam.v2beta.DenyRule parseFrom(
com.google.protobuf.ByteString data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data, extensionRegistry);
}
public static com.google.iam.v2beta.DenyRule parseFrom(byte[] data)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data);
}
public static com.google.iam.v2beta.DenyRule parseFrom(
byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data, extensionRegistry);
}
public static com.google.iam.v2beta.DenyRule parseFrom(java.io.InputStream input)
throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
}
public static com.google.iam.v2beta.DenyRule parseFrom(
java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
PARSER, input, extensionRegistry);
}
public static com.google.iam.v2beta.DenyRule parseDelimitedFrom(java.io.InputStream input)
throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
}
public static com.google.iam.v2beta.DenyRule parseDelimitedFrom(
java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
PARSER, input, extensionRegistry);
}
public static com.google.iam.v2beta.DenyRule parseFrom(com.google.protobuf.CodedInputStream input)
throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
}
public static com.google.iam.v2beta.DenyRule parseFrom(
com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
PARSER, input, extensionRegistry);
}
@java.lang.Override
public Builder newBuilderForType() {
return newBuilder();
}
public static Builder newBuilder() {
return DEFAULT_INSTANCE.toBuilder();
}
public static Builder newBuilder(com.google.iam.v2beta.DenyRule prototype) {
return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
}
@java.lang.Override
public Builder toBuilder() {
return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
}
@java.lang.Override
protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
Builder builder = new Builder(parent);
return builder;
}
/**
*
*
*
* A deny rule in an IAM deny policy.
*
*
* Protobuf type {@code google.iam.v2beta.DenyRule}
*/
public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder
implements
// @@protoc_insertion_point(builder_implements:google.iam.v2beta.DenyRule)
com.google.iam.v2beta.DenyRuleOrBuilder {
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
return com.google.iam.v2beta.DenyRuleProto
.internal_static_google_iam_v2beta_DenyRule_descriptor;
}
@java.lang.Override
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
internalGetFieldAccessorTable() {
return com.google.iam.v2beta.DenyRuleProto
.internal_static_google_iam_v2beta_DenyRule_fieldAccessorTable
.ensureFieldAccessorsInitialized(
com.google.iam.v2beta.DenyRule.class, com.google.iam.v2beta.DenyRule.Builder.class);
}
// Construct using com.google.iam.v2beta.DenyRule.newBuilder()
private Builder() {}
private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
super(parent);
}
@java.lang.Override
public Builder clear() {
super.clear();
bitField0_ = 0;
deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000001);
exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000002);
deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000004);
exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000008);
denialCondition_ = null;
if (denialConditionBuilder_ != null) {
denialConditionBuilder_.dispose();
denialConditionBuilder_ = null;
}
return this;
}
@java.lang.Override
public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
return com.google.iam.v2beta.DenyRuleProto
.internal_static_google_iam_v2beta_DenyRule_descriptor;
}
@java.lang.Override
public com.google.iam.v2beta.DenyRule getDefaultInstanceForType() {
return com.google.iam.v2beta.DenyRule.getDefaultInstance();
}
@java.lang.Override
public com.google.iam.v2beta.DenyRule build() {
com.google.iam.v2beta.DenyRule result = buildPartial();
if (!result.isInitialized()) {
throw newUninitializedMessageException(result);
}
return result;
}
@java.lang.Override
public com.google.iam.v2beta.DenyRule buildPartial() {
com.google.iam.v2beta.DenyRule result = new com.google.iam.v2beta.DenyRule(this);
buildPartialRepeatedFields(result);
if (bitField0_ != 0) {
buildPartial0(result);
}
onBuilt();
return result;
}
private void buildPartialRepeatedFields(com.google.iam.v2beta.DenyRule result) {
if (((bitField0_ & 0x00000001) != 0)) {
deniedPrincipals_ = deniedPrincipals_.getUnmodifiableView();
bitField0_ = (bitField0_ & ~0x00000001);
}
result.deniedPrincipals_ = deniedPrincipals_;
if (((bitField0_ & 0x00000002) != 0)) {
exceptionPrincipals_ = exceptionPrincipals_.getUnmodifiableView();
bitField0_ = (bitField0_ & ~0x00000002);
}
result.exceptionPrincipals_ = exceptionPrincipals_;
if (((bitField0_ & 0x00000004) != 0)) {
deniedPermissions_ = deniedPermissions_.getUnmodifiableView();
bitField0_ = (bitField0_ & ~0x00000004);
}
result.deniedPermissions_ = deniedPermissions_;
if (((bitField0_ & 0x00000008) != 0)) {
exceptionPermissions_ = exceptionPermissions_.getUnmodifiableView();
bitField0_ = (bitField0_ & ~0x00000008);
}
result.exceptionPermissions_ = exceptionPermissions_;
}
private void buildPartial0(com.google.iam.v2beta.DenyRule result) {
int from_bitField0_ = bitField0_;
if (((from_bitField0_ & 0x00000010) != 0)) {
result.denialCondition_ =
denialConditionBuilder_ == null ? denialCondition_ : denialConditionBuilder_.build();
}
}
@java.lang.Override
public Builder clone() {
return super.clone();
}
@java.lang.Override
public Builder setField(
com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
return super.setField(field, value);
}
@java.lang.Override
public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
return super.clearField(field);
}
@java.lang.Override
public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
return super.clearOneof(oneof);
}
@java.lang.Override
public Builder setRepeatedField(
com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
return super.setRepeatedField(field, index, value);
}
@java.lang.Override
public Builder addRepeatedField(
com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
return super.addRepeatedField(field, value);
}
@java.lang.Override
public Builder mergeFrom(com.google.protobuf.Message other) {
if (other instanceof com.google.iam.v2beta.DenyRule) {
return mergeFrom((com.google.iam.v2beta.DenyRule) other);
} else {
super.mergeFrom(other);
return this;
}
}
public Builder mergeFrom(com.google.iam.v2beta.DenyRule other) {
if (other == com.google.iam.v2beta.DenyRule.getDefaultInstance()) return this;
if (!other.deniedPrincipals_.isEmpty()) {
if (deniedPrincipals_.isEmpty()) {
deniedPrincipals_ = other.deniedPrincipals_;
bitField0_ = (bitField0_ & ~0x00000001);
} else {
ensureDeniedPrincipalsIsMutable();
deniedPrincipals_.addAll(other.deniedPrincipals_);
}
onChanged();
}
if (!other.exceptionPrincipals_.isEmpty()) {
if (exceptionPrincipals_.isEmpty()) {
exceptionPrincipals_ = other.exceptionPrincipals_;
bitField0_ = (bitField0_ & ~0x00000002);
} else {
ensureExceptionPrincipalsIsMutable();
exceptionPrincipals_.addAll(other.exceptionPrincipals_);
}
onChanged();
}
if (!other.deniedPermissions_.isEmpty()) {
if (deniedPermissions_.isEmpty()) {
deniedPermissions_ = other.deniedPermissions_;
bitField0_ = (bitField0_ & ~0x00000004);
} else {
ensureDeniedPermissionsIsMutable();
deniedPermissions_.addAll(other.deniedPermissions_);
}
onChanged();
}
if (!other.exceptionPermissions_.isEmpty()) {
if (exceptionPermissions_.isEmpty()) {
exceptionPermissions_ = other.exceptionPermissions_;
bitField0_ = (bitField0_ & ~0x00000008);
} else {
ensureExceptionPermissionsIsMutable();
exceptionPermissions_.addAll(other.exceptionPermissions_);
}
onChanged();
}
if (other.hasDenialCondition()) {
mergeDenialCondition(other.getDenialCondition());
}
this.mergeUnknownFields(other.getUnknownFields());
onChanged();
return this;
}
@java.lang.Override
public final boolean isInitialized() {
return true;
}
@java.lang.Override
public Builder mergeFrom(
com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws java.io.IOException {
if (extensionRegistry == null) {
throw new java.lang.NullPointerException();
}
try {
boolean done = false;
while (!done) {
int tag = input.readTag();
switch (tag) {
case 0:
done = true;
break;
case 10:
{
java.lang.String s = input.readStringRequireUtf8();
ensureDeniedPrincipalsIsMutable();
deniedPrincipals_.add(s);
break;
} // case 10
case 18:
{
java.lang.String s = input.readStringRequireUtf8();
ensureExceptionPrincipalsIsMutable();
exceptionPrincipals_.add(s);
break;
} // case 18
case 26:
{
java.lang.String s = input.readStringRequireUtf8();
ensureDeniedPermissionsIsMutable();
deniedPermissions_.add(s);
break;
} // case 26
case 34:
{
java.lang.String s = input.readStringRequireUtf8();
ensureExceptionPermissionsIsMutable();
exceptionPermissions_.add(s);
break;
} // case 34
case 42:
{
input.readMessage(getDenialConditionFieldBuilder().getBuilder(), extensionRegistry);
bitField0_ |= 0x00000010;
break;
} // case 42
default:
{
if (!super.parseUnknownField(input, extensionRegistry, tag)) {
done = true; // was an endgroup tag
}
break;
} // default:
} // switch (tag)
} // while (!done)
} catch (com.google.protobuf.InvalidProtocolBufferException e) {
throw e.unwrapIOException();
} finally {
onChanged();
} // finally
return this;
}
private int bitField0_;
private com.google.protobuf.LazyStringList deniedPrincipals_ =
com.google.protobuf.LazyStringArrayList.EMPTY;
private void ensureDeniedPrincipalsIsMutable() {
if (!((bitField0_ & 0x00000001) != 0)) {
deniedPrincipals_ = new com.google.protobuf.LazyStringArrayList(deniedPrincipals_);
bitField0_ |= 0x00000001;
}
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @return A list containing the deniedPrincipals.
*/
public com.google.protobuf.ProtocolStringList getDeniedPrincipalsList() {
return deniedPrincipals_.getUnmodifiableView();
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @return The count of deniedPrincipals.
*/
public int getDeniedPrincipalsCount() {
return deniedPrincipals_.size();
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index of the element to return.
* @return The deniedPrincipals at the given index.
*/
public java.lang.String getDeniedPrincipals(int index) {
return deniedPrincipals_.get(index);
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index of the value to return.
* @return The bytes of the deniedPrincipals at the given index.
*/
public com.google.protobuf.ByteString getDeniedPrincipalsBytes(int index) {
return deniedPrincipals_.getByteString(index);
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param index The index to set the value at.
* @param value The deniedPrincipals to set.
* @return This builder for chaining.
*/
public Builder setDeniedPrincipals(int index, java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureDeniedPrincipalsIsMutable();
deniedPrincipals_.set(index, value);
onChanged();
return this;
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param value The deniedPrincipals to add.
* @return This builder for chaining.
*/
public Builder addDeniedPrincipals(java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureDeniedPrincipalsIsMutable();
deniedPrincipals_.add(value);
onChanged();
return this;
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param values The deniedPrincipals to add.
* @return This builder for chaining.
*/
public Builder addAllDeniedPrincipals(java.lang.Iterable values) {
ensureDeniedPrincipalsIsMutable();
com.google.protobuf.AbstractMessageLite.Builder.addAll(values, deniedPrincipals_);
onChanged();
return this;
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @return This builder for chaining.
*/
public Builder clearDeniedPrincipals() {
deniedPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000001);
onChanged();
return this;
}
/**
*
*
*
* The identities that are prevented from using one or more permissions on
* Google Cloud resources. This field can contain the following values:
* * `principalSet://goog/public:all`: A special identifier that represents
* any principal that is on the internet, even if they do not have a Google
* Account or are not logged in.
* * `principal://goog/subject/{email_id}`: A specific Google Account.
* Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
* example, `principal://goog/subject/alice@example.com`.
* * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
* Google Account that was deleted recently. For example,
* `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
* the Google Account is recovered, this identifier reverts to the standard
* identifier for a Google Account.
* * `principalSet://goog/group/{group_id}`: A Google group. For example,
* `principalSet://goog/group/admins@example.com`.
* * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
* that was deleted recently. For example,
* `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
* the Google group is restored, this identifier reverts to the standard
* identifier for a Google group.
* * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
* A Google Cloud service account. For example,
* `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
* * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
* A Google Cloud service account that was deleted recently. For example,
* `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
* If the service account is undeleted, this identifier reverts to the
* standard identifier for a service account.
* * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
* principals associated with the specified Google Workspace or Cloud
* Identity customer ID. For example,
* `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
*
*
* repeated string denied_principals = 1;
*
* @param value The bytes of the deniedPrincipals to add.
* @return This builder for chaining.
*/
public Builder addDeniedPrincipalsBytes(com.google.protobuf.ByteString value) {
if (value == null) {
throw new NullPointerException();
}
checkByteStringIsUtf8(value);
ensureDeniedPrincipalsIsMutable();
deniedPrincipals_.add(value);
onChanged();
return this;
}
private com.google.protobuf.LazyStringList exceptionPrincipals_ =
com.google.protobuf.LazyStringArrayList.EMPTY;
private void ensureExceptionPrincipalsIsMutable() {
if (!((bitField0_ & 0x00000002) != 0)) {
exceptionPrincipals_ = new com.google.protobuf.LazyStringArrayList(exceptionPrincipals_);
bitField0_ |= 0x00000002;
}
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return A list containing the exceptionPrincipals.
*/
public com.google.protobuf.ProtocolStringList getExceptionPrincipalsList() {
return exceptionPrincipals_.getUnmodifiableView();
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return The count of exceptionPrincipals.
*/
public int getExceptionPrincipalsCount() {
return exceptionPrincipals_.size();
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index of the element to return.
* @return The exceptionPrincipals at the given index.
*/
public java.lang.String getExceptionPrincipals(int index) {
return exceptionPrincipals_.get(index);
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index of the value to return.
* @return The bytes of the exceptionPrincipals at the given index.
*/
public com.google.protobuf.ByteString getExceptionPrincipalsBytes(int index) {
return exceptionPrincipals_.getByteString(index);
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param index The index to set the value at.
* @param value The exceptionPrincipals to set.
* @return This builder for chaining.
*/
public Builder setExceptionPrincipals(int index, java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureExceptionPrincipalsIsMutable();
exceptionPrincipals_.set(index, value);
onChanged();
return this;
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param value The exceptionPrincipals to add.
* @return This builder for chaining.
*/
public Builder addExceptionPrincipals(java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureExceptionPrincipalsIsMutable();
exceptionPrincipals_.add(value);
onChanged();
return this;
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param values The exceptionPrincipals to add.
* @return This builder for chaining.
*/
public Builder addAllExceptionPrincipals(java.lang.Iterable values) {
ensureExceptionPrincipalsIsMutable();
com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exceptionPrincipals_);
onChanged();
return this;
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @return This builder for chaining.
*/
public Builder clearExceptionPrincipals() {
exceptionPrincipals_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000002);
onChanged();
return this;
}
/**
*
*
*
* The identities that are excluded from the deny rule, even if they are
* listed in the `denied_principals`. For example, you could add a Google
* group to the `denied_principals`, then exclude specific users who belong to
* that group.
* This field can contain the same values as the `denied_principals` field,
* excluding `principalSet://goog/public:all`, which represents all users on
* the internet.
*
*
* repeated string exception_principals = 2;
*
* @param value The bytes of the exceptionPrincipals to add.
* @return This builder for chaining.
*/
public Builder addExceptionPrincipalsBytes(com.google.protobuf.ByteString value) {
if (value == null) {
throw new NullPointerException();
}
checkByteStringIsUtf8(value);
ensureExceptionPrincipalsIsMutable();
exceptionPrincipals_.add(value);
onChanged();
return this;
}
private com.google.protobuf.LazyStringList deniedPermissions_ =
com.google.protobuf.LazyStringArrayList.EMPTY;
private void ensureDeniedPermissionsIsMutable() {
if (!((bitField0_ & 0x00000004) != 0)) {
deniedPermissions_ = new com.google.protobuf.LazyStringArrayList(deniedPermissions_);
bitField0_ |= 0x00000004;
}
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return A list containing the deniedPermissions.
*/
public com.google.protobuf.ProtocolStringList getDeniedPermissionsList() {
return deniedPermissions_.getUnmodifiableView();
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return The count of deniedPermissions.
*/
public int getDeniedPermissionsCount() {
return deniedPermissions_.size();
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index of the element to return.
* @return The deniedPermissions at the given index.
*/
public java.lang.String getDeniedPermissions(int index) {
return deniedPermissions_.get(index);
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index of the value to return.
* @return The bytes of the deniedPermissions at the given index.
*/
public com.google.protobuf.ByteString getDeniedPermissionsBytes(int index) {
return deniedPermissions_.getByteString(index);
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param index The index to set the value at.
* @param value The deniedPermissions to set.
* @return This builder for chaining.
*/
public Builder setDeniedPermissions(int index, java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureDeniedPermissionsIsMutable();
deniedPermissions_.set(index, value);
onChanged();
return this;
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param value The deniedPermissions to add.
* @return This builder for chaining.
*/
public Builder addDeniedPermissions(java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureDeniedPermissionsIsMutable();
deniedPermissions_.add(value);
onChanged();
return this;
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param values The deniedPermissions to add.
* @return This builder for chaining.
*/
public Builder addAllDeniedPermissions(java.lang.Iterable values) {
ensureDeniedPermissionsIsMutable();
com.google.protobuf.AbstractMessageLite.Builder.addAll(values, deniedPermissions_);
onChanged();
return this;
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @return This builder for chaining.
*/
public Builder clearDeniedPermissions() {
deniedPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000004);
onChanged();
return this;
}
/**
*
*
*
* The permissions that are explicitly denied by this rule. Each permission
* uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
* is the fully qualified domain name for the service. For example,
* `iam.googleapis.com/roles.list`.
*
*
* repeated string denied_permissions = 3;
*
* @param value The bytes of the deniedPermissions to add.
* @return This builder for chaining.
*/
public Builder addDeniedPermissionsBytes(com.google.protobuf.ByteString value) {
if (value == null) {
throw new NullPointerException();
}
checkByteStringIsUtf8(value);
ensureDeniedPermissionsIsMutable();
deniedPermissions_.add(value);
onChanged();
return this;
}
private com.google.protobuf.LazyStringList exceptionPermissions_ =
com.google.protobuf.LazyStringArrayList.EMPTY;
private void ensureExceptionPermissionsIsMutable() {
if (!((bitField0_ & 0x00000008) != 0)) {
exceptionPermissions_ = new com.google.protobuf.LazyStringArrayList(exceptionPermissions_);
bitField0_ |= 0x00000008;
}
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return A list containing the exceptionPermissions.
*/
public com.google.protobuf.ProtocolStringList getExceptionPermissionsList() {
return exceptionPermissions_.getUnmodifiableView();
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return The count of exceptionPermissions.
*/
public int getExceptionPermissionsCount() {
return exceptionPermissions_.size();
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index of the element to return.
* @return The exceptionPermissions at the given index.
*/
public java.lang.String getExceptionPermissions(int index) {
return exceptionPermissions_.get(index);
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index of the value to return.
* @return The bytes of the exceptionPermissions at the given index.
*/
public com.google.protobuf.ByteString getExceptionPermissionsBytes(int index) {
return exceptionPermissions_.getByteString(index);
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param index The index to set the value at.
* @param value The exceptionPermissions to set.
* @return This builder for chaining.
*/
public Builder setExceptionPermissions(int index, java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureExceptionPermissionsIsMutable();
exceptionPermissions_.set(index, value);
onChanged();
return this;
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param value The exceptionPermissions to add.
* @return This builder for chaining.
*/
public Builder addExceptionPermissions(java.lang.String value) {
if (value == null) {
throw new NullPointerException();
}
ensureExceptionPermissionsIsMutable();
exceptionPermissions_.add(value);
onChanged();
return this;
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param values The exceptionPermissions to add.
* @return This builder for chaining.
*/
public Builder addAllExceptionPermissions(java.lang.Iterable values) {
ensureExceptionPermissionsIsMutable();
com.google.protobuf.AbstractMessageLite.Builder.addAll(values, exceptionPermissions_);
onChanged();
return this;
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @return This builder for chaining.
*/
public Builder clearExceptionPermissions() {
exceptionPermissions_ = com.google.protobuf.LazyStringArrayList.EMPTY;
bitField0_ = (bitField0_ & ~0x00000008);
onChanged();
return this;
}
/**
*
*
*
* Specifies the permissions that this rule excludes from the set of denied
* permissions given by `denied_permissions`. If a permission appears in
* `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
* denied.
* The excluded permissions can be specified using the same syntax as
* `denied_permissions`.
*
*
* repeated string exception_permissions = 4;
*
* @param value The bytes of the exceptionPermissions to add.
* @return This builder for chaining.
*/
public Builder addExceptionPermissionsBytes(com.google.protobuf.ByteString value) {
if (value == null) {
throw new NullPointerException();
}
checkByteStringIsUtf8(value);
ensureExceptionPermissionsIsMutable();
exceptionPermissions_.add(value);
onChanged();
return this;
}
private com.google.type.Expr denialCondition_;
private com.google.protobuf.SingleFieldBuilderV3<
com.google.type.Expr, com.google.type.Expr.Builder, com.google.type.ExprOrBuilder>
denialConditionBuilder_;
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*
* @return Whether the denialCondition field is set.
*/
public boolean hasDenialCondition() {
return ((bitField0_ & 0x00000010) != 0);
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*
* @return The denialCondition.
*/
public com.google.type.Expr getDenialCondition() {
if (denialConditionBuilder_ == null) {
return denialCondition_ == null
? com.google.type.Expr.getDefaultInstance()
: denialCondition_;
} else {
return denialConditionBuilder_.getMessage();
}
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
public Builder setDenialCondition(com.google.type.Expr value) {
if (denialConditionBuilder_ == null) {
if (value == null) {
throw new NullPointerException();
}
denialCondition_ = value;
} else {
denialConditionBuilder_.setMessage(value);
}
bitField0_ |= 0x00000010;
onChanged();
return this;
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
public Builder setDenialCondition(com.google.type.Expr.Builder builderForValue) {
if (denialConditionBuilder_ == null) {
denialCondition_ = builderForValue.build();
} else {
denialConditionBuilder_.setMessage(builderForValue.build());
}
bitField0_ |= 0x00000010;
onChanged();
return this;
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
public Builder mergeDenialCondition(com.google.type.Expr value) {
if (denialConditionBuilder_ == null) {
if (((bitField0_ & 0x00000010) != 0)
&& denialCondition_ != null
&& denialCondition_ != com.google.type.Expr.getDefaultInstance()) {
getDenialConditionBuilder().mergeFrom(value);
} else {
denialCondition_ = value;
}
} else {
denialConditionBuilder_.mergeFrom(value);
}
bitField0_ |= 0x00000010;
onChanged();
return this;
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
public Builder clearDenialCondition() {
bitField0_ = (bitField0_ & ~0x00000010);
denialCondition_ = null;
if (denialConditionBuilder_ != null) {
denialConditionBuilder_.dispose();
denialConditionBuilder_ = null;
}
onChanged();
return this;
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
public com.google.type.Expr.Builder getDenialConditionBuilder() {
bitField0_ |= 0x00000010;
onChanged();
return getDenialConditionFieldBuilder().getBuilder();
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
public com.google.type.ExprOrBuilder getDenialConditionOrBuilder() {
if (denialConditionBuilder_ != null) {
return denialConditionBuilder_.getMessageOrBuilder();
} else {
return denialCondition_ == null
? com.google.type.Expr.getDefaultInstance()
: denialCondition_;
}
}
/**
*
*
*
* The condition that determines whether this deny rule applies to a request.
* If the condition expression evaluates to `true`, then the deny rule is
* applied; otherwise, the deny rule is not applied.
* Each deny rule is evaluated independently. If this deny rule does not apply
* to a request, other deny rules might still apply.
* The condition can use CEL functions that evaluate
* [resource
* tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
* functions and operators are not supported.
*
*
* .google.type.Expr denial_condition = 5;
*/
private com.google.protobuf.SingleFieldBuilderV3<
com.google.type.Expr, com.google.type.Expr.Builder, com.google.type.ExprOrBuilder>
getDenialConditionFieldBuilder() {
if (denialConditionBuilder_ == null) {
denialConditionBuilder_ =
new com.google.protobuf.SingleFieldBuilderV3<
com.google.type.Expr, com.google.type.Expr.Builder, com.google.type.ExprOrBuilder>(
getDenialCondition(), getParentForChildren(), isClean());
denialCondition_ = null;
}
return denialConditionBuilder_;
}
@java.lang.Override
public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
return super.setUnknownFields(unknownFields);
}
@java.lang.Override
public final Builder mergeUnknownFields(
final com.google.protobuf.UnknownFieldSet unknownFields) {
return super.mergeUnknownFields(unknownFields);
}
// @@protoc_insertion_point(builder_scope:google.iam.v2beta.DenyRule)
}
// @@protoc_insertion_point(class_scope:google.iam.v2beta.DenyRule)
private static final com.google.iam.v2beta.DenyRule DEFAULT_INSTANCE;
static {
DEFAULT_INSTANCE = new com.google.iam.v2beta.DenyRule();
}
public static com.google.iam.v2beta.DenyRule getDefaultInstance() {
return DEFAULT_INSTANCE;
}
private static final com.google.protobuf.Parser PARSER =
new com.google.protobuf.AbstractParser() {
@java.lang.Override
public DenyRule parsePartialFrom(
com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws com.google.protobuf.InvalidProtocolBufferException {
Builder builder = newBuilder();
try {
builder.mergeFrom(input, extensionRegistry);
} catch (com.google.protobuf.InvalidProtocolBufferException e) {
throw e.setUnfinishedMessage(builder.buildPartial());
} catch (com.google.protobuf.UninitializedMessageException e) {
throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
} catch (java.io.IOException e) {
throw new com.google.protobuf.InvalidProtocolBufferException(e)
.setUnfinishedMessage(builder.buildPartial());
}
return builder.buildPartial();
}
};
public static com.google.protobuf.Parser parser() {
return PARSER;
}
@java.lang.Override
public com.google.protobuf.Parser getParserForType() {
return PARSER;
}
@java.lang.Override
public com.google.iam.v2beta.DenyRule getDefaultInstanceForType() {
return DEFAULT_INSTANCE;
}
}