googleapis/iam/v2beta/deny.pb.go - third_party/github.com/googleapis/go-genproto - Git at Google

 // Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
 // 	protoc        v3.12.2
 // source: google/iam/v2beta/deny.proto

 package iam

 import (
 	reflect "reflect"
 	sync "sync"

 	expr "google.golang.org/genproto/googleapis/type/expr"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 )

 const (
 	// Verify that this generated code is sufficiently up-to-date.
 	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
 	// Verify that runtime/protoimpl is sufficiently up-to-date.
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )

 // A deny rule in an IAM deny policy.
 type DenyRule struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

 	// The identities that are prevented from using one or more permissions on
 	// Google Cloud resources. This field can contain the following values:
 	//
 	//   - `principalSet://goog/public:all`: A special identifier that represents
 	//     any principal that is on the internet, even if they do not have a Google
 	//     Account or are not logged in.
 	//
 	//   - `principal://goog/subject/{email_id}`: A specific Google Account.
 	//     Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
 	//     example, `principal://goog/subject/alice@example.com`.
 	//
 	//   - `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
 	//     Google Account that was deleted recently. For example,
 	//     `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
 	//     the Google Account is recovered, this identifier reverts to the standard
 	//     identifier for a Google Account.
 	//
 	//   - `principalSet://goog/group/{group_id}`: A Google group. For example,
 	//     `principalSet://goog/group/admins@example.com`.
 	//
 	//   - `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
 	//     that was deleted recently. For example,
 	//     `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
 	//     the Google group is restored, this identifier reverts to the standard
 	//     identifier for a Google group.
 	//
 	//   - `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
 	//     A Google Cloud service account. For example,
 	//     `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
 	//
 	//   - `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
 	//     A Google Cloud service account that was deleted recently. For example,
 	//     `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
 	//     If the service account is undeleted, this identifier reverts to the
 	//     standard identifier for a service account.
 	//
 	//   - `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
 	//     principals associated with the specified Google Workspace or Cloud
 	//     Identity customer ID. For example,
 	//     `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
 	DeniedPrincipals []string `protobuf:"bytes,1,rep,name=denied_principals,json=deniedPrincipals,proto3" json:"denied_principals,omitempty"`
 	// The identities that are excluded from the deny rule, even if they are
 	// listed in the `denied_principals`. For example, you could add a Google
 	// group to the `denied_principals`, then exclude specific users who belong to
 	// that group.
 	//
 	// This field can contain the same values as the `denied_principals` field,
 	// excluding `principalSet://goog/public:all`, which represents all users on
 	// the internet.
 	ExceptionPrincipals []string `protobuf:"bytes,2,rep,name=exception_principals,json=exceptionPrincipals,proto3" json:"exception_principals,omitempty"`
 	// The permissions that are explicitly denied by this rule. Each permission
 	// uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
 	// is the fully qualified domain name for the service. For example,
 	// `iam.googleapis.com/roles.list`.
 	DeniedPermissions []string `protobuf:"bytes,3,rep,name=denied_permissions,json=deniedPermissions,proto3" json:"denied_permissions,omitempty"`
 	// Specifies the permissions that this rule excludes from the set of denied
 	// permissions given by `denied_permissions`. If a permission appears in
 	// `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
 	// denied.
 	//
 	// The excluded permissions can be specified using the same syntax as
 	// `denied_permissions`.
 	ExceptionPermissions []string `protobuf:"bytes,4,rep,name=exception_permissions,json=exceptionPermissions,proto3" json:"exception_permissions,omitempty"`
 	// The condition that determines whether this deny rule applies to a request.
 	// If the condition expression evaluates to `true`, then the deny rule is
 	// applied; otherwise, the deny rule is not applied.
 	//
 	// Each deny rule is evaluated independently. If this deny rule does not apply
 	// to a request, other deny rules might still apply.
 	//
 	// The condition can use CEL functions that evaluate
 	// [resource
 	// tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
 	// functions and operators are not supported.
 	DenialCondition *expr.Expr `protobuf:"bytes,5,opt,name=denial_condition,json=denialCondition,proto3" json:"denial_condition,omitempty"`
 }

 func (x *DenyRule) Reset() {
 	*x = DenyRule{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_google_iam_v2beta_deny_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
 }

 func (x *DenyRule) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }

 func (*DenyRule) ProtoMessage() {}

 func (x *DenyRule) ProtoReflect() protoreflect.Message {
 	mi := &file_google_iam_v2beta_deny_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }

 // Deprecated: Use DenyRule.ProtoReflect.Descriptor instead.
 func (*DenyRule) Descriptor() ([]byte, []int) {
 	return file_google_iam_v2beta_deny_proto_rawDescGZIP(), []int{0}
 }

 func (x *DenyRule) GetDeniedPrincipals() []string {
 	if x != nil {
 		return x.DeniedPrincipals
 	}
 	return nil
 }

 func (x *DenyRule) GetExceptionPrincipals() []string {
 	if x != nil {
 		return x.ExceptionPrincipals
 	}
 	return nil
 }

 func (x *DenyRule) GetDeniedPermissions() []string {
 	if x != nil {
 		return x.DeniedPermissions
 	}
 	return nil
 }

 func (x *DenyRule) GetExceptionPermissions() []string {
 	if x != nil {
 		return x.ExceptionPermissions
 	}
 	return nil
 }

 func (x *DenyRule) GetDenialCondition() *expr.Expr {
 	if x != nil {
 		return x.DenialCondition
 	}
 	return nil
 }

 var File_google_iam_v2beta_deny_proto protoreflect.FileDescriptor

 var file_google_iam_v2beta_deny_proto_rawDesc = []byte{
 	0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76, 0x32, 0x62,
 	0x65, 0x74, 0x61, 0x2f, 0x64, 0x65, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74,
 	0x61, 0x1a, 0x16, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x65,
 	0x78, 0x70, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, 0x02, 0x0a, 0x08, 0x44, 0x65,
 	0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64,
 	0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
 	0x09, 0x52, 0x10, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70,
 	0x61, 0x6c, 0x73, 0x12, 0x31, 0x0a, 0x14, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e,
 	0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
 	0x09, 0x52, 0x13, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x69, 0x6e,
 	0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x2d, 0x0a, 0x12, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64,
 	0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03,
 	0x28, 0x09, 0x52, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
 	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x15, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69,
 	0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04,
 	0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50,
 	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x10, 0x64, 0x65,
 	0x6e, 0x69, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x74, 0x79,
 	0x70, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x0f, 0x64, 0x65, 0x6e, 0x69, 0x61, 0x6c, 0x43,
 	0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x92, 0x01, 0x0a, 0x15, 0x63, 0x6f, 0x6d,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x62, 0x65,
 	0x74, 0x61, 0x42, 0x0d, 0x44, 0x65, 0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74,
 	0x6f, 0x50, 0x01, 0x5a, 0x34, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61,
 	0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76,
 	0x32, 0x62, 0x65, 0x74, 0x61, 0x3b, 0x69, 0x61, 0x6d, 0xaa, 0x02, 0x17, 0x47, 0x6f, 0x6f, 0x67,
 	0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x32, 0x42,
 	0x65, 0x74, 0x61, 0xca, 0x02, 0x17, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f,
 	0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x62, 0x06, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
 	file_google_iam_v2beta_deny_proto_rawDescOnce sync.Once
 	file_google_iam_v2beta_deny_proto_rawDescData = file_google_iam_v2beta_deny_proto_rawDesc
 )

 func file_google_iam_v2beta_deny_proto_rawDescGZIP() []byte {
 	file_google_iam_v2beta_deny_proto_rawDescOnce.Do(func() {
 		file_google_iam_v2beta_deny_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_iam_v2beta_deny_proto_rawDescData)
 	})
 	return file_google_iam_v2beta_deny_proto_rawDescData
 }

 var file_google_iam_v2beta_deny_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
 var file_google_iam_v2beta_deny_proto_goTypes = []interface{}{
 	(*DenyRule)(nil),  // 0: google.iam.v2beta.DenyRule
 	(*expr.Expr)(nil), // 1: google.type.Expr
 }
 var file_google_iam_v2beta_deny_proto_depIdxs = []int32{
 	1, // 0: google.iam.v2beta.DenyRule.denial_condition:type_name -> google.type.Expr
 	1, // [1:1] is the sub-list for method output_type
 	1, // [1:1] is the sub-list for method input_type
 	1, // [1:1] is the sub-list for extension type_name
 	1, // [1:1] is the sub-list for extension extendee
 	0, // [0:1] is the sub-list for field type_name
 }

 func init() { file_google_iam_v2beta_deny_proto_init() }
 func file_google_iam_v2beta_deny_proto_init() {
 	if File_google_iam_v2beta_deny_proto != nil {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
 		file_google_iam_v2beta_deny_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*DenyRule); i {
 			case 0:
 				return &v.state
 			case 1:
 				return &v.sizeCache
 			case 2:
 				return &v.unknownFields
 			default:
 				return nil
 			}
 		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_iam_v2beta_deny_proto_rawDesc,
 			NumEnums:      0,
 			NumMessages:   1,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
 		GoTypes:           file_google_iam_v2beta_deny_proto_goTypes,
 		DependencyIndexes: file_google_iam_v2beta_deny_proto_depIdxs,
 		MessageInfos:      file_google_iam_v2beta_deny_proto_msgTypes,
 	}.Build()
 	File_google_iam_v2beta_deny_proto = out.File
 	file_google_iam_v2beta_deny_proto_rawDesc = nil
 	file_google_iam_v2beta_deny_proto_goTypes = nil
 	file_google_iam_v2beta_deny_proto_depIdxs = nil
 }
	// Copyright 2022 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Code generated by protoc-gen-go. DO NOT EDIT.
	// versions:
	// protoc-gen-go v1.26.0
	// protoc v3.12.2
	// source: google/iam/v2beta/deny.proto

	package iam

	import (
	reflect "reflect"
	sync "sync"

	expr "google.golang.org/genproto/googleapis/type/expr"
	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
	)

	const (
	// Verify that this generated code is sufficiently up-to-date.
	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
	// Verify that runtime/protoimpl is sufficiently up-to-date.
	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
	)

	// A deny rule in an IAM deny policy.
	type DenyRule struct {
	state protoimpl.MessageState
	sizeCache protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// The identities that are prevented from using one or more permissions on
	// Google Cloud resources. This field can contain the following values:
	//
	// - `principalSet://goog/public:all`: A special identifier that represents
	// any principal that is on the internet, even if they do not have a Google
	// Account or are not logged in.
	//
	// - `principal://goog/subject/{email_id}`: A specific Google Account.
	// Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
	// example, `principal://goog/subject/alice@example.com`.
	//
	// - `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific
	// Google Account that was deleted recently. For example,
	// `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If
	// the Google Account is recovered, this identifier reverts to the standard
	// identifier for a Google Account.
	//
	// - `principalSet://goog/group/{group_id}`: A Google group. For example,
	// `principalSet://goog/group/admins@example.com`.
	//
	// - `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group
	// that was deleted recently. For example,
	// `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If
	// the Google group is restored, this identifier reverts to the standard
	// identifier for a Google group.
	//
	// - `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`:
	// A Google Cloud service account. For example,
	// `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`.
	//
	// - `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`:
	// A Google Cloud service account that was deleted recently. For example,
	// `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`.
	// If the service account is undeleted, this identifier reverts to the
	// standard identifier for a service account.
	//
	// - `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the
	// principals associated with the specified Google Workspace or Cloud
	// Identity customer ID. For example,
	// `principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
	DeniedPrincipals []string `protobuf:"bytes,1,rep,name=denied_principals,json=deniedPrincipals,proto3" json:"denied_principals,omitempty"`
	// The identities that are excluded from the deny rule, even if they are
	// listed in the `denied_principals`. For example, you could add a Google
	// group to the `denied_principals`, then exclude specific users who belong to
	// that group.
	//
	// This field can contain the same values as the `denied_principals` field,
	// excluding `principalSet://goog/public:all`, which represents all users on
	// the internet.
	ExceptionPrincipals []string `protobuf:"bytes,2,rep,name=exception_principals,json=exceptionPrincipals,proto3" json:"exception_principals,omitempty"`
	// The permissions that are explicitly denied by this rule. Each permission
	// uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}`
	// is the fully qualified domain name for the service. For example,
	// `iam.googleapis.com/roles.list`.
	DeniedPermissions []string `protobuf:"bytes,3,rep,name=denied_permissions,json=deniedPermissions,proto3" json:"denied_permissions,omitempty"`
	// Specifies the permissions that this rule excludes from the set of denied
	// permissions given by `denied_permissions`. If a permission appears in
	// `denied_permissions` _and_ in `exception_permissions` then it will _not_ be
	// denied.
	//
	// The excluded permissions can be specified using the same syntax as
	// `denied_permissions`.
	ExceptionPermissions []string `protobuf:"bytes,4,rep,name=exception_permissions,json=exceptionPermissions,proto3" json:"exception_permissions,omitempty"`
	// The condition that determines whether this deny rule applies to a request.
	// If the condition expression evaluates to `true`, then the deny rule is
	// applied; otherwise, the deny rule is not applied.
	//
	// Each deny rule is evaluated independently. If this deny rule does not apply
	// to a request, other deny rules might still apply.
	//
	// The condition can use CEL functions that evaluate
	// [resource
	// tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other
	// functions and operators are not supported.
	DenialCondition *expr.Expr `protobuf:"bytes,5,opt,name=denial_condition,json=denialCondition,proto3" json:"denial_condition,omitempty"`
	}

	func (x *DenyRule) Reset() {
	*x = DenyRule{}
	if protoimpl.UnsafeEnabled {
	mi := &file_google_iam_v2beta_deny_proto_msgTypes[0]
	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
	ms.StoreMessageInfo(mi)
	}
	}

	func (x *DenyRule) String() string {
	return protoimpl.X.MessageStringOf(x)
	}

	func (*DenyRule) ProtoMessage() {}

	func (x *DenyRule) ProtoReflect() protoreflect.Message {
	mi := &file_google_iam_v2beta_deny_proto_msgTypes[0]
	if protoimpl.UnsafeEnabled && x != nil {
	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
	if ms.LoadMessageInfo() == nil {
	ms.StoreMessageInfo(mi)
	}
	return ms
	}
	return mi.MessageOf(x)
	}

	// Deprecated: Use DenyRule.ProtoReflect.Descriptor instead.
	func (*DenyRule) Descriptor() ([]byte, []int) {
	return file_google_iam_v2beta_deny_proto_rawDescGZIP(), []int{0}
	}

	func (x *DenyRule) GetDeniedPrincipals() []string {
	if x != nil {
	return x.DeniedPrincipals
	}
	return nil
	}

	func (x *DenyRule) GetExceptionPrincipals() []string {
	if x != nil {
	return x.ExceptionPrincipals
	}
	return nil
	}

	func (x *DenyRule) GetDeniedPermissions() []string {
	if x != nil {
	return x.DeniedPermissions
	}
	return nil
	}

	func (x *DenyRule) GetExceptionPermissions() []string {
	if x != nil {
	return x.ExceptionPermissions
	}
	return nil
	}

	func (x DenyRule) GetDenialCondition() expr.Expr {
	if x != nil {
	return x.DenialCondition
	}
	return nil
	}

	var File_google_iam_v2beta_deny_proto protoreflect.FileDescriptor

	var file_google_iam_v2beta_deny_proto_rawDesc = []byte{
	0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76, 0x32, 0x62,
	0x65, 0x74, 0x61, 0x2f, 0x64, 0x65, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11,
	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74,
	0x61, 0x1a, 0x16, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x65,
	0x78, 0x70, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, 0x02, 0x0a, 0x08, 0x44, 0x65,
	0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64,
	0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
	0x09, 0x52, 0x10, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70,
	0x61, 0x6c, 0x73, 0x12, 0x31, 0x0a, 0x14, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e,
	0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
	0x09, 0x52, 0x13, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x69, 0x6e,
	0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x2d, 0x0a, 0x12, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64,
	0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03,
	0x28, 0x09, 0x52, 0x11, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x15, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69,
	0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04,
	0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50,
	0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x10, 0x64, 0x65,
	0x6e, 0x69, 0x61, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05,
	0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x74, 0x79,
	0x70, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x0f, 0x64, 0x65, 0x6e, 0x69, 0x61, 0x6c, 0x43,
	0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x92, 0x01, 0x0a, 0x15, 0x63, 0x6f, 0x6d,
	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x32, 0x62, 0x65,
	0x74, 0x61, 0x42, 0x0d, 0x44, 0x65, 0x6e, 0x79, 0x52, 0x75, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74,
	0x6f, 0x50, 0x01, 0x5a, 0x34, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61,
	0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76,
	0x32, 0x62, 0x65, 0x74, 0x61, 0x3b, 0x69, 0x61, 0x6d, 0xaa, 0x02, 0x17, 0x47, 0x6f, 0x6f, 0x67,
	0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x32, 0x42,
	0x65, 0x74, 0x61, 0xca, 0x02, 0x17, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f,
	0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x62, 0x06, 0x70,
	0x72, 0x6f, 0x74, 0x6f, 0x33,
	}

	var (
	file_google_iam_v2beta_deny_proto_rawDescOnce sync.Once
	file_google_iam_v2beta_deny_proto_rawDescData = file_google_iam_v2beta_deny_proto_rawDesc
	)

	func file_google_iam_v2beta_deny_proto_rawDescGZIP() []byte {
	file_google_iam_v2beta_deny_proto_rawDescOnce.Do(func() {
	file_google_iam_v2beta_deny_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_iam_v2beta_deny_proto_rawDescData)
	})
	return file_google_iam_v2beta_deny_proto_rawDescData
	}

	var file_google_iam_v2beta_deny_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
	var file_google_iam_v2beta_deny_proto_goTypes = []interface{}{
	(*DenyRule)(nil), // 0: google.iam.v2beta.DenyRule
	(*expr.Expr)(nil), // 1: google.type.Expr
	}
	var file_google_iam_v2beta_deny_proto_depIdxs = []int32{
	1, // 0: google.iam.v2beta.DenyRule.denial_condition:type_name -> google.type.Expr
	1, // [1:1] is the sub-list for method output_type
	1, // [1:1] is the sub-list for method input_type
	1, // [1:1] is the sub-list for extension type_name
	1, // [1:1] is the sub-list for extension extendee
	0, // [0:1] is the sub-list for field type_name
	}

	func init() { file_google_iam_v2beta_deny_proto_init() }
	func file_google_iam_v2beta_deny_proto_init() {
	if File_google_iam_v2beta_deny_proto != nil {
	return
	}
	if !protoimpl.UnsafeEnabled {
	file_google_iam_v2beta_deny_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
	switch v := v.(*DenyRule); i {
	case 0:
	return &v.state
	case 1:
	return &v.sizeCache
	case 2:
	return &v.unknownFields
	default:
	return nil
	}
	}
	}
	type x struct{}
	out := protoimpl.TypeBuilder{
	File: protoimpl.DescBuilder{
	GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
	RawDescriptor: file_google_iam_v2beta_deny_proto_rawDesc,
	NumEnums: 0,
	NumMessages: 1,
	NumExtensions: 0,
	NumServices: 0,
	},
	GoTypes: file_google_iam_v2beta_deny_proto_goTypes,
	DependencyIndexes: file_google_iam_v2beta_deny_proto_depIdxs,
	MessageInfos: file_google_iam_v2beta_deny_proto_msgTypes,
	}.Build()
	File_google_iam_v2beta_deny_proto = out.File
	file_google_iam_v2beta_deny_proto_rawDesc = nil
	file_google_iam_v2beta_deny_proto_goTypes = nil
	file_google_iam_v2beta_deny_proto_depIdxs = nil
	}