# Copyright 2017 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Storage API IAM policy definitions For allowed roles / permissions, see: https://cloud.google.com/storage/docs/access-control/iam """ # Storage-specific IAM roles STORAGE_OBJECT_CREATOR_ROLE = "roles/storage.objectCreator" """Role implying rights to create objects, but not delete or overwrite them.""" STORAGE_OBJECT_VIEWER_ROLE = "roles/storage.objectViewer" """Role implying rights to view object properties, excluding ACLs.""" STORAGE_OBJECT_ADMIN_ROLE = "roles/storage.objectAdmin" """Role implying full control of objects.""" STORAGE_ADMIN_ROLE = "roles/storage.admin" """Role implying full control of objects and buckets.""" STORAGE_VIEWER_ROLE = "Viewer" """Can list buckets.""" STORAGE_EDITOR_ROLE = "Editor" """Can create, list, and delete buckets.""" STORAGE_OWNER_ROLE = "Owners" """Can create, list, and delete buckets.""" # Storage-specific permissions STORAGE_BUCKETS_CREATE = "storage.buckets.create" """Permission: create buckets.""" STORAGE_BUCKETS_DELETE = "storage.buckets.delete" """Permission: delete buckets.""" STORAGE_BUCKETS_GET = "storage.buckets.get" """Permission: read bucket metadata, excluding ACLs.""" STORAGE_BUCKETS_GET_IAM_POLICY = "storage.buckets.getIamPolicy" """Permission: read bucket ACLs.""" STORAGE_BUCKETS_LIST = "storage.buckets.list" """Permission: list buckets.""" STORAGE_BUCKETS_SET_IAM_POLICY = "storage.buckets.setIamPolicy" """Permission: update bucket ACLs.""" STORAGE_BUCKETS_UPDATE = "storage.buckets.list" """Permission: update buckets, excluding ACLS.""" STORAGE_OBJECTS_CREATE = "storage.objects.create" """Permission: add new objects to a bucket.""" STORAGE_OBJECTS_DELETE = "storage.objects.delete" """Permission: delete objects.""" STORAGE_OBJECTS_GET = "storage.objects.get" """Permission: read object data / metadata, excluding ACLs.""" STORAGE_OBJECTS_GET_IAM_POLICY = "storage.objects.getIamPolicy" """Permission: read object ACLs.""" STORAGE_OBJECTS_LIST = "storage.objects.list" """Permission: list objects in a bucket.""" STORAGE_OBJECTS_SET_IAM_POLICY = "storage.objects.setIamPolicy" """Permission: update object ACLs.""" STORAGE_OBJECTS_UPDATE = "storage.objects.update" """Permission: update object metadat, excluding ACLs."""