xuyiping
/
kpt-grpc-demo


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
							type: google.api.Service
config_version: 3
name: endpointsapis.appspot.com
title: Endpoints APIs
producer_project_id: endpointsapis

apis:
- name: google.example.endpointsapis.v1.Workspaces

control:
  environment: servicecontrol.googleapis.com

resources:
- type: endpointsapis.appspot.com/Workspace
  plural: workspaces
  singular: workspace
  name_descriptor:
  - pattern: projects/{project}/locations/{location}/workspaces/{workspace}
    parent_type: cloudresourcemanager.googleapis.com/Project
    parent_name_extractor: projects/{project}

iam:
  launch_stage: ALPHA
  resources:
  - type: endpointsapis.appspot.com/Workspace
    internal:
      # This is the internal resource 'type' in the IAM service file in the format of
      # "<servicename>_<resourceplural>", and the 'PolicyName.type' must use this value when
      # making CheckPolicy calls.
      name_for_resource: endpointsapis_workspaces
    permissions:
    - name: endpointsapis.appspot.com/workspaces.get
      display_name: Get workspaces
      type: DATA_READ
      scope: USER_SCOPE
    - name: endpointsapis.appspot.com/workspaces.list
      display_name: List all workspaces under a project
      type: DATA_READ
      scope: USER_SCOPE
      parent_only: true
    - name: endpointsapis.appspot.com/workspaces.create
      display_name: Create new workspaces
      type: DATA_WRITE
      scope: ADMIN_SCOPE
      parent_only: true
    - name: endpointsapis.appspot.com/workspaces.update
      display_name: Update existing workspaces
      type: DATA_WRITE
      scope: ADMIN_SCOPE
    - name: endpointsapis.appspot.com/workspaces.delete
      display_name: Delete workspaces
      type: DATA_WRITE
      scope: ADMIN_SCOPE
  roles:
  # Viewer role: only includes get/list permissions
  - name: endpointsapis.appspot.com/viewer
    display_name: Workspace Viewer
    description: This role can list and view all workspaces.
    permissions:
    # These are recommended for all roles that could be granted to a user at or above the
    # project level
    - cloudresourcemanager.googleapis.com/projects.get
    - cloudresourcemanager.googleapis.com/projects.list
    # Additional permissions for read access
    - endpointsapis.appspot.com/workspaces.get
    - endpointsapis.appspot.com/workspaces.list

  # Editor role: Includes all permission from viewer role, and workspaces edit permissions
  - name: endpointsapis.appspot.com/editor
    display_name: Workspace Editor
    description: This role can list, view, and update all workspaces.
    permissions:
    # These are recommended for all roles that could be granted to a user at or above the
    # project level
    - cloudresourcemanager.googleapis.com/projects.get
    - cloudresourcemanager.googleapis.com/projects.list
    # Viewer permissions + additional edit permissions
    - endpointsapis.appspot.com/workspaces.get
    - endpointsapis.appspot.com/workspaces.list
    - endpointsapis.appspot.com/workspaces.create
    - endpointsapis.appspot.com/workspaces.update
    - endpointsapis.appspot.com/workspaces.delete

  # This setting means the service will use Service Control API v2 for admission control.
  reader: group:servicecontrol

  # This setting is **unused** for services using Service Control API v2 for admission control.
  environment: PROD