| sandbox/autopush-serviceconsumermanagement-v1 | | dictionary_item_removed | - root['version_module']
- root['resources']['operations']['methods']['cancel']
- root['resources']['operations']['methods']['delete']
- root['resources']['operations']['methods']['list']['parameters']['name']['pattern']
- root['resources']['operations']['methods']['list']['parameters']['name']['required']
|
|---|
| values_changed | | root['auth']['oauth2']['scopes'] | | new_value | | https://www.googleapis.com/auth/cloud-platform | | description | See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. |
|---|
|
|---|
| https://www.googleapis.com/auth/cloud-platform.read-only | | description | View your data across Google Cloud services and see the email address of your Google Account |
|---|
|
|---|
| https://www.googleapis.com/auth/service.management | | description | Manage your Google API service configuration |
|---|
|
|---|
| https://www.googleapis.com/auth/service.management.readonly | | description | View your Google API service configuration |
|---|
|
|---|
|
|---|
| old_value | | https://www.googleapis.com/auth/cloud-platform | | description | See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. |
|---|
|
|---|
|
|---|
|
|---|
| root['baseUrl'] | | new_value | https://staging-servicemanagement.sandbox.googleapis.com/ |
|---|
| old_value | https://autopush-serviceconsumermanagement.sandbox.googleapis.com/ |
|---|
|
|---|
| root['canonicalName'] | | new_value | Service Management |
|---|
| old_value | Service Consumer Management Autopush |
|---|
|
|---|
| root['description'] | | new_value | Google Service Management allows service producers to publish their services on Google Cloud Platform so that they can be discovered and used by service consumers. |
|---|
| old_value | Manages the service consumers of a Service Infrastructure service. |
|---|
|
|---|
| root['documentationLink'] | | new_value | https://cloud.google.com/service-management/ |
|---|
| old_value | https://cloud.google.com/service-consumer-management/docs/overview |
|---|
|
|---|
| root['id'] | | new_value | servicemanagement:v1 |
|---|
| old_value | autopush_serviceconsumermanagement_sandbox:v1 |
|---|
|
|---|
| root['mtlsRootUrl'] | | new_value | https://staging-servicemanagement.mtls.sandbox.googleapis.com/ |
|---|
| old_value | https://autopush-serviceconsumermanagement.mtls.sandbox.googleapis.com/ |
|---|
|
|---|
| root['name'] | | new_value | servicemanagement |
|---|
| old_value | autopush_serviceconsumermanagement_sandbox |
|---|
|
|---|
| root['resources']['operations']['methods']['get']['id'] | | new_value | servicemanagement.operations.get |
|---|
| old_value | autopush_serviceconsumermanagement_sandbox.operations.get |
|---|
|
|---|
| root['resources']['operations']['methods']['get']['parameters']['name']['pattern'] | | new_value | ^operations/.*$ |
|---|
| old_value | ^operations/[^/]+$ |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['description'] | | new_value | Lists service operations that match the specified filter in the request. |
|---|
| old_value | Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id. |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['id'] | | new_value | servicemanagement.operations.list |
|---|
| old_value | autopush_serviceconsumermanagement_sandbox.operations.list |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['parameters']['filter']['description'] | | new_value | A string for filtering Operations. The following filter fields are supported: * serviceName: Required. Only `=` operator is allowed. * startTime: The time this job was started, in ISO 8601 format. Allowed operators are `>=`, `>`, `<=`, and `<`. * status: Can be `done`, `in_progress`, or `failed`. Allowed operators are `=`, and `!=`. Filter expression supports conjunction (AND) and disjunction (OR) logical operators. However, the serviceName restriction must be at the top-level and can only be combined with other restrictions via the AND logical operator. Examples: * `serviceName={some-service}.googleapis.com` * `serviceName={some-service}.googleapis.com AND startTime>="2017-02-01"` * `serviceName={some-service}.googleapis.com AND status=done` * `serviceName={some-service}.googleapis.com AND (status=done OR startTime>="2017-02-01")` |
|---|
| old_value | The standard list filter. |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['parameters']['name']['description'] | | new_value | Not used. |
|---|
| old_value | The name of the operation's parent resource. |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['parameters']['name']['location'] | | new_value | query |
|---|
| old_value | path |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['parameters']['pageSize']['description'] | | new_value | The maximum number of operations to return. If unspecified, defaults to 50. The maximum value is 100. |
|---|
| old_value | The standard list page size. |
|---|
|
|---|
| root['resources']['operations']['methods']['list']['path'] | | new_value | v1/operations |
|---|
| old_value | v1/{+name} |
|---|
|
|---|
| root['resources']['services']['methods'] | | new_value | | create | | description | Creates a new managed service. A managed service is immutable, and is subject to mandatory 30-day data retention. You cannot move a service or recreate it within 30 days after deletion. One producer project can own no more than 500 services. For security and reliability purposes, a production service should be hosted in a dedicated producer project. Operation |
|---|
| flatPath | v1/services |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.create |
|---|
| parameterOrder | |
|---|
| parameters | |
|---|
| path | v1/services |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| delete | | description | Deletes a managed service. This method will change the service to the `Soft-Delete` state for 30 days. Within this period, service producers may call UndeleteService to restore the service. After 30 days, the service will be permanently deleted. Operation |
|---|
| flatPath | v1/services/{serviceName} |
|---|
| httpMethod | DELETE |
|---|
| id | servicemanagement.services.delete |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName} |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| enable | | deprecated | True |
|---|
| description | Enables a service for a project, so it can be used for the project. See [Cloud Auth Guide](https://cloud.google.com/docs/authentication) for more information. Operation |
|---|
| flatPath | v1/services/{serviceName}:enable |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.enable |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. Name of the service to enable. Specifying an unknown service name will cause the request to fail. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}:enable |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| generateConfigReport | | description | Generates and returns a report (errors, warnings and changes from existing configurations) associated with GenerateConfigReportRequest.new_value If GenerateConfigReportRequest.old_value is specified, GenerateConfigReportRequest will contain a single ChangeReport based on the comparison between GenerateConfigReportRequest.new_value and GenerateConfigReportRequest.old_value. If GenerateConfigReportRequest.old_value is not specified, this method will compare GenerateConfigReportRequest.new_value with the last pushed service configuration. |
|---|
| flatPath | v1/services:generateConfigReport |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.generateConfigReport |
|---|
| parameterOrder | |
|---|
| parameters | |
|---|
| path | v1/services:generateConfigReport |
|---|
| request | | $ref | GenerateConfigReportRequest |
|---|
|
|---|
| response | | $ref | GenerateConfigReportResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| get | | description | Gets a managed service. Authentication is required unless the service is public. |
|---|
| flatPath | v1/services/{serviceName} |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.get |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. The name of the service. See the `ServiceManager` overview for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName} |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| getConfig | | description | Gets a service configuration (version) for a managed service. |
|---|
| flatPath | v1/services/{serviceName}/config |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.getConfig |
|---|
| parameterOrder | |
|---|
| parameters | | configId | | description | Required. The id of the service configuration resource. This field must be specified for the server to return all fields, including `SourceInfo`. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
| view | | description | Specifies which parts of the Service Config should be returned in the response. |
|---|
| enum | |
|---|
| enumDescriptions | - Server response includes all fields except SourceInfo.
- Server response includes all fields including SourceInfo. SourceFiles are of type 'google.api.servicemanagement.v1.ConfigFile' and are only available for configs created using the SubmitConfigSource method.
|
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/config |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| getIamPolicy | | description | Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. |
|---|
| flatPath | v1/services/{servicesId}:getIamPolicy |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.getIamPolicy |
|---|
| parameterOrder | |
|---|
| parameters | | resource | | description | REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+resource}:getIamPolicy |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/cloud-platform.read-only
- https://www.googleapis.com/auth/service.management
- https://www.googleapis.com/auth/service.management.readonly
|
|---|
|
|---|
| list | | description | Lists managed services. Returns all public services. For authenticated users, also returns all services the calling user has "servicemanagement.services.get" permission for. |
|---|
| flatPath | v1/services |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.list |
|---|
| parameterOrder | |
|---|
| parameters | | consumerId | | deprecated | True |
|---|
| description | Include services consumed by the specified consumer. The Google Service Management implementation accepts the following forms: - project: |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| pageSize | | description | The max number of items to include in the response list. Page size is 50 if not specified. Maximum value is 500. |
|---|
| format | int32 |
|---|
| location | query |
|---|
| type | integer |
|---|
|
|---|
| pageToken | | description | Token identifying which result to start with; returned by a previous list call. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| producerProjectId | | description | Include services produced by the specified project. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| setIamPolicy | | description | Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. |
|---|
| flatPath | v1/services/{servicesId}:setIamPolicy |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.setIamPolicy |
|---|
| parameterOrder | |
|---|
| parameters | | resource | | description | REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+resource}:setIamPolicy |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| testIamPermissions | | description | Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. |
|---|
| flatPath | v1/services/{servicesId}:testIamPermissions |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.testIamPermissions |
|---|
| parameterOrder | |
|---|
| parameters | | resource | | description | REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+resource}:testIamPermissions |
|---|
| request | | $ref | TestIamPermissionsRequest |
|---|
|
|---|
| response | | $ref | TestIamPermissionsResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/cloud-platform.read-only
- https://www.googleapis.com/auth/service.management
- https://www.googleapis.com/auth/service.management.readonly
|
|---|
|
|---|
| undelete | | description | Revives a previously deleted managed service. The method restores the service using the configuration at the time the service was deleted. The target service must exist and must have been deleted within the last 30 days. Operation |
|---|
| flatPath | v1/services/{serviceName}:undelete |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.undelete |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}:undelete |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
|
|---|
| old_value | | search | | description | Search tenancy units for a managed service. |
|---|
| flatPath | v1/services/{servicesId}:search |
|---|
| httpMethod | GET |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.search |
|---|
| parameterOrder | |
|---|
| parameters | | pageSize | | description | Optional. The maximum number of results returned by this request. Currently, the default maximum is set to 1000. If `page_size` isn't provided or the size provided is a number larger than 1000, it's automatically set to 1000. |
|---|
| format | int32 |
|---|
| location | query |
|---|
| type | integer |
|---|
|
|---|
| pageToken | | description | Optional. The continuation token, which is used to page through large result sets. To get the next page of results, set this parameter to the value of `nextPageToken` from the previous response. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| parent | | description | Required. Service for which search is performed. services/{service} {service} the name of a service, for example 'service.googleapis.com'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
| query | | description | Optional. Set a query `{expression}` for querying tenancy units. Your `{expression}` must be in the format: `field_name=literal_string`. The `field_name` is the name of the field you want to compare. Supported fields are `tenant_resources.tag` and `tenant_resources.resource`. For example, to search tenancy units that contain at least one tenant resource with a given tag 'xyz', use the query `tenant_resources.tag=xyz`. To search tenancy units that contain at least one tenant resource with a given resource name 'projects/123456', use the query `tenant_resources.resource=projects/123456`. Multiple expressions can be joined with `AND`s. Tenancy units must match all expressions to be included in the result set. For example, `tenant_resources.tag=xyz AND tenant_resources.resource=projects/123456` |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| rootConsumer | | description | Optional. If this field is specified, in format 'projects/12345', first a tenancy unit for the specified service and this consumer project is found. Then all tenancy units with the same root_consumer for which any tenant project in root tenancy unit is a direct or indirect consumer will be returned. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+parent}:search |
|---|
| response | | $ref | SearchTenancyUnitsResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
|
|---|
|
|---|
| root['resources']['services']['resources'] | | new_value | | configs | | methods | | create | | description | Creates a new service configuration (version) for a managed service. This method only stores the service configuration. To roll out the service configuration to backend systems please call CreateServiceRollout. Only the 100 most recent service configurations and ones referenced by existing rollouts are kept for each service. The rest will be deleted eventually. |
|---|
| flatPath | v1/services/{serviceName}/configs |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.configs.create |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/configs |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| get | | description | Gets a service configuration (version) for a managed service. |
|---|
| flatPath | v1/services/{serviceName}/configs/{configId} |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.configs.get |
|---|
| parameterOrder | |
|---|
| parameters | | configId | | description | Required. The id of the service configuration resource. This field must be specified for the server to return all fields, including `SourceInfo`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
| view | | description | Specifies which parts of the Service Config should be returned in the response. |
|---|
| enum | |
|---|
| enumDescriptions | - Server response includes all fields except SourceInfo.
- Server response includes all fields including SourceInfo. SourceFiles are of type 'google.api.servicemanagement.v1.ConfigFile' and are only available for configs created using the SubmitConfigSource method.
|
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/configs/{configId} |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| list | | description | Lists the history of the service configuration for a managed service, from the newest to the oldest. |
|---|
| flatPath | v1/services/{serviceName}/configs |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.configs.list |
|---|
| parameterOrder | |
|---|
| parameters | | pageSize | | description | The max number of items to include in the response list. Page size is 50 if not specified. Maximum value is 100. |
|---|
| format | int32 |
|---|
| location | query |
|---|
| type | integer |
|---|
|
|---|
| pageToken | | description | The token of the page to retrieve. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/configs |
|---|
| response | | $ref | ListServiceConfigsResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| submit | | description | Creates a new service configuration (version) for a managed service based on user-supplied configuration source files (for example: OpenAPI Specification). This method stores the source configurations as well as the generated service configuration. To rollout the service configuration to other services, please call CreateServiceRollout. Only the 100 most recent configuration sources and ones referenced by existing service configurtions are kept for each service. The rest will be deleted eventually. Operation |
|---|
| flatPath | v1/services/{serviceName}/configs:submit |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.configs.submit |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/configs:submit |
|---|
| request | | $ref | SubmitConfigSourceRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
|
|---|
|
|---|
| consumers | | methods | | getIamPolicy | | description | Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. |
|---|
| flatPath | v1/services/{servicesId}/consumers/{consumersId}:getIamPolicy |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.consumers.getIamPolicy |
|---|
| parameterOrder | |
|---|
| parameters | | resource | | description | REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/consumers/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+resource}:getIamPolicy |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/cloud-platform.read-only
- https://www.googleapis.com/auth/service.management
- https://www.googleapis.com/auth/service.management.readonly
|
|---|
|
|---|
| setIamPolicy | | description | Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. |
|---|
| flatPath | v1/services/{servicesId}/consumers/{consumersId}:setIamPolicy |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.consumers.setIamPolicy |
|---|
| parameterOrder | |
|---|
| parameters | | resource | | description | REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/consumers/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+resource}:setIamPolicy |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| testIamPermissions | | description | Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. |
|---|
| flatPath | v1/services/{servicesId}/consumers/{consumersId}:testIamPermissions |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.consumers.testIamPermissions |
|---|
| parameterOrder | |
|---|
| parameters | | resource | | description | REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/consumers/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+resource}:testIamPermissions |
|---|
| request | | $ref | TestIamPermissionsRequest |
|---|
|
|---|
| response | | $ref | TestIamPermissionsResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/cloud-platform.read-only
- https://www.googleapis.com/auth/service.management
- https://www.googleapis.com/auth/service.management.readonly
|
|---|
|
|---|
|
|---|
|
|---|
| rollouts | | methods | | create | | description | Creates a new service configuration rollout. Based on rollout, the Google Service Management will roll out the service configurations to different backend services. For example, the logging configuration will be pushed to Google Cloud Logging. Please note that any previous pending and running Rollouts and associated Operations will be automatically cancelled so that the latest Rollout will not be blocked by previous Rollouts. Only the 100 most recent (in any state) and the last 10 successful (if not already part of the set of 100 most recent) rollouts are kept for each service. The rest will be deleted eventually. Operation |
|---|
| flatPath | v1/services/{serviceName}/rollouts |
|---|
| httpMethod | POST |
|---|
| id | servicemanagement.services.rollouts.create |
|---|
| parameterOrder | |
|---|
| parameters | | serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/rollouts |
|---|
| request | |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| get | | description | Gets a service configuration rollout. |
|---|
| flatPath | v1/services/{serviceName}/rollouts/{rolloutId} |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.rollouts.get |
|---|
| parameterOrder | |
|---|
| parameters | | rolloutId | | description | Required. The id of the rollout resource. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/rollouts/{rolloutId} |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
| list | | description | Lists the history of the service configuration rollouts for a managed service, from the newest to the oldest. |
|---|
| flatPath | v1/services/{serviceName}/rollouts |
|---|
| httpMethod | GET |
|---|
| id | servicemanagement.services.rollouts.list |
|---|
| parameterOrder | |
|---|
| parameters | | filter | | description | Required. Use `filter` to return subset of rollouts. The following filters are supported: -- By status. For example, `filter='status=SUCCESS'` -- By strategy. For example, `filter='strategy=TrafficPercentStrategy'` |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| pageSize | | description | The max number of items to include in the response list. Page size is 50 if not specified. Maximum value is 100. |
|---|
| format | int32 |
|---|
| location | query |
|---|
| type | integer |
|---|
|
|---|
| pageToken | | description | The token of the page to retrieve. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | Required. The name of the service. See the [overview](https://cloud.google.com/service-management/overview) for naming requirements. For example: `example.googleapis.com`. |
|---|
| location | path |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/services/{serviceName}/rollouts |
|---|
| response | | $ref | ListServiceRolloutsResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/service.management
|
|---|
|
|---|
|
|---|
|
|---|
|
|---|
| old_value | | tenancyUnits | | methods | | addProject | | description | Add a new tenant project to the tenancy unit. There can be a maximum of 1024 tenant projects in a tenancy unit. If there are previously failed `AddTenantProject` calls, you might need to call `RemoveTenantProject` first to resolve them before you can make another call to `AddTenantProject` with the same tag. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId}:addProject |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.addProject |
|---|
| parameterOrder | |
|---|
| parameters | | parent | | description | Required. Name of the tenancy unit. Such as 'services/service.googleapis.com/projects/12345/tenancyUnits/abcd'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+parent}:addProject |
|---|
| request | | $ref | AddTenantProjectRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| applyProjectConfig | | description | Apply a configuration to an existing tenant project. This project must exist in an active state and have the original owner account. The caller must have permission to add a project to the given tenancy unit. The configuration is applied, but any existing settings on the project aren't modified. Specified policy bindings are applied. Existing bindings aren't modified. Specified services are activated. No service is deactivated. If specified, new billing configuration is applied. Omit a billing configuration to keep the existing one. A service account in the project is created if previously non existed. Specified labels will be appended to tenant project, note that the value of existing label key will be updated if the same label key is requested. The specified folder is ignored, as moving a tenant project to a different folder isn't supported. The operation fails if any of the steps fail, but no rollback of already applied configuration changes is attempted. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId}:applyProjectConfig |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.applyProjectConfig |
|---|
| parameterOrder | |
|---|
| parameters | | name | | description | Required. Name of the tenancy unit. Such as 'services/service.googleapis.com/projects/12345/tenancyUnits/abcd'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+name}:applyProjectConfig |
|---|
| request | | $ref | ApplyTenantProjectConfigRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| attachProject | | description | Attach an existing project to the tenancy unit as a new tenant resource. The project could either be the tenant project reserved by calling `AddTenantProject` under a tenancy unit of a service producer's project of a managed service, or from a separate project. The caller is checked against a set of permissions as if calling `AddTenantProject` on the same service consumer. To trigger the attachment, the targeted tenant project must be in a folder. Make sure the ServiceConsumerManagement service account is the owner of that project. These two requirements are already met if the project is reserved by calling `AddTenantProject`. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId}:attachProject |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.attachProject |
|---|
| parameterOrder | |
|---|
| parameters | | name | | description | Required. Name of the tenancy unit that the project will be attached to. Such as 'services/service.googleapis.com/projects/12345/tenancyUnits/abcd'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+name}:attachProject |
|---|
| request | | $ref | AttachTenantProjectRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| create | | description | Creates a tenancy unit with no tenant resources. If tenancy unit already exists, it will be returned, however, in this case, returned TenancyUnit does not have tenant_resources field set and ListTenancyUnits has to be used to get a complete TenancyUnit with all fields populated. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.create |
|---|
| parameterOrder | |
|---|
| parameters | | parent | | description | Required. services/{service}/{collection id}/{resource id} {collection id} is the cloud resource collection type representing the service consumer, for example 'projects', or 'organizations'. {resource id} is the consumer numeric id, such as project number: '123456'. {service} the name of a managed service, such as 'service.googleapis.com'. Enables service binding using the new tenancy unit. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+parent}/tenancyUnits |
|---|
| request | | $ref | CreateTenancyUnitRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| delete | | description | Delete a tenancy unit. Before you delete the tenancy unit, there should be no tenant resources in it that aren't in a DELETED state. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId} |
|---|
| httpMethod | DELETE |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.delete |
|---|
| parameterOrder | |
|---|
| parameters | | name | | description | Required. Name of the tenancy unit to be deleted. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+name} |
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| deleteProject | | description | Deletes the specified project resource identified by a tenant resource tag. The mothod removes a project lien with a 'TenantManager' origin if that was added. It will then attempt to delete the project. If that operation fails, this method also fails. After the project has been deleted, the tenant resource state is set to DELETED. To permanently remove resource metadata, call the `RemoveTenantProject` method. New resources with the same tag can't be added if there are existing resources in a DELETED state. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId}:deleteProject |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.deleteProject |
|---|
| parameterOrder | |
|---|
| parameters | | name | | description | Required. Name of the tenancy unit. Such as 'services/service.googleapis.com/projects/12345/tenancyUnits/abcd'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+name}:deleteProject |
|---|
| request | | $ref | DeleteTenantProjectRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| list | | description | Find the tenancy unit for a managed service and service consumer. This method shouldn't be used in a service producer's runtime path, for example to find the tenant project number when creating VMs. Service producers must persist the tenant project's information after the project is created. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits |
|---|
| httpMethod | GET |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.list |
|---|
| parameterOrder | |
|---|
| parameters | | filter | | description | Optional. Filter expression over tenancy resources field. Optional. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| pageSize | | description | Optional. The maximum number of results returned by this request. |
|---|
| format | int32 |
|---|
| location | query |
|---|
| type | integer |
|---|
|
|---|
| pageToken | | description | Optional. The continuation token, which is used to page through large result sets. To get the next page of results, set this parameter to the value of `nextPageToken` from the previous response. |
|---|
| location | query |
|---|
| type | string |
|---|
|
|---|
| parent | | description | Required. Managed service and service consumer. Required. services/{service}/{collection id}/{resource id} {collection id} is the cloud resource collection type representing the service consumer, for example 'projects', or 'organizations'. {resource id} is the consumer numeric id, such as project number: '123456'. {service} the name of a service, such as 'service.googleapis.com'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+parent}/tenancyUnits |
|---|
| response | | $ref | ListTenancyUnitsResponse |
|---|
|
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| removeProject | | description | Removes the specified project resource identified by a tenant resource tag. The method removes the project lien with 'TenantManager' origin if that was added. It then attempts to delete the project. If that operation fails, this method also fails. Calls to remove already removed or non-existent tenant project succeed. After the project has been deleted, or if was already in a DELETED state, resource metadata is permanently removed from the tenancy unit. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId}:removeProject |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.removeProject |
|---|
| parameterOrder | |
|---|
| parameters | | name | | description | Required. Name of the tenancy unit. Such as 'services/service.googleapis.com/projects/12345/tenancyUnits/abcd'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+name}:removeProject |
|---|
| request | | $ref | RemoveTenantProjectRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
| undeleteProject | | description | Attempts to undelete a previously deleted tenant project. The project must be in a DELETED state. There are no guarantees that an undeleted project will be in a fully restored and functional state. Call the `ApplyTenantProjectConfig` method to update its configuration and then validate all managed service resources. Operation. |
|---|
| flatPath | v1/services/{servicesId}/{servicesId1}/{servicesId2}/tenancyUnits/{tenancyUnitsId}:undeleteProject |
|---|
| httpMethod | POST |
|---|
| id | autopush_serviceconsumermanagement_sandbox.services.tenancyUnits.undeleteProject |
|---|
| parameterOrder | |
|---|
| parameters | | name | | description | Required. Name of the tenancy unit. Such as 'services/service.googleapis.com/projects/12345/tenancyUnits/abcd'. |
|---|
| location | path |
|---|
| pattern | ^services/[^/]+/[^/]+/[^/]+/tenancyUnits/[^/]+$ |
|---|
| required | True |
|---|
| type | string |
|---|
|
|---|
|
|---|
| path | v1/{+name}:undeleteProject |
|---|
| request | | $ref | UndeleteTenantProjectRequest |
|---|
|
|---|
| response | |
|---|
| scopes | - https://www.googleapis.com/auth/cloud-platform
|
|---|
|
|---|
|
|---|
|
|---|
|
|---|
|
|---|
| root['revision'] | | new_value | 20250514 |
|---|
| old_value | 20230220 |
|---|
|
|---|
| root['rootUrl'] | | new_value | https://staging-servicemanagement.sandbox.googleapis.com/ |
|---|
| old_value | https://autopush-serviceconsumermanagement.sandbox.googleapis.com/ |
|---|
|
|---|
| root['schemas'] | | new_value | | Advice | | description | Generated advice about this change, used for providing more information about how a change will affect the existing service. |
|---|
| id | Advice |
|---|
| properties | | description | | description | Useful description for why this advice was applied and what actions should be taken to mitigate any implied risks. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Api | | description | Api is a light-weight descriptor for an API Interface. Interfaces are also described as "protocol buffer services" in some contexts, such as by the "service" keyword in a .proto file, but they are different from API Services, which represent a concrete implementation of an interface as opposed to simply a description of methods and bindings. They are also sometimes simply referred to as "APIs" in other contexts, such as the name of this message itself. See https://cloud.google.com/apis/design/glossary for detailed terminology. |
|---|
| id | Api |
|---|
| properties | | methods | | description | The methods of this interface, in unspecified order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| mixins | | description | Included interfaces. See Mixin. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The fully qualified name of this interface, including package name followed by the interface's simple name. |
|---|
| type | string |
|---|
|
|---|
| options | | description | Any metadata attached to the interface. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sourceContext | | $ref | SourceContext |
|---|
| description | Source context for the protocol buffer service represented by this message. |
|---|
|
|---|
| syntax | | description | The source syntax of the service. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
- SYNTAX_EDITIONS
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
- Syntax `editions`.
|
|---|
| type | string |
|---|
|
|---|
| version | | description | A version string for this interface. If specified, must have the form `major-version.minor-version`, as in `1.10`. If the minor version is omitted, it defaults to zero. If the entire version field is empty, the major version is derived from the package name, as outlined below. If the field is not empty, the version in the package name will be verified to be consistent with what is provided here. The versioning schema uses [semantic versioning](http://semver.org) where the major version number indicates a breaking change and the minor version an additive, non-breaking change. Both version numbers are signals to users what to expect from different versions, and should be carefully chosen based on the product plan. The major version is also reflected in the package name of the interface, which must end in `v`, as in `google.feature.v1`. For major versions 0 and 1, the suffix can be omitted. Zero major versions must only be used for experimental, non-GA interfaces. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Aspect | | description | Aspect represents Generic aspect. It is used to configure an aspect without making direct changes to service.proto |
|---|
| id | Aspect |
|---|
| properties | | kind | | description | The type of this aspect configuration. |
|---|
| type | string |
|---|
|
|---|
| spec | | additionalProperties | | description | Properties of the object. |
|---|
| type | any |
|---|
|
|---|
| description | Content of the configuration. The underlying schema should be defined by Aspect owners as protobuf message under `google/api/configaspects/proto`. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuditConfig | | description | Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. |
|---|
| id | AuditConfig |
|---|
| properties | | auditLogConfigs | | description | The configuration for logging of each type of permission. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| service | | description | Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuditLogConfig | | description | Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. |
|---|
| id | AuditLogConfig |
|---|
| properties | | exemptedMembers | | description | Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| logType | | description | The log type that this config enables. |
|---|
| enum | - LOG_TYPE_UNSPECIFIED
- ADMIN_READ
- DATA_WRITE
- DATA_READ
|
|---|
| enumDescriptions | - Default case. Should never be this.
- Admin reads. Example: CloudIAM getIamPolicy
- Data writes. Example: CloudSQL Users create
- Data reads. Example: CloudSQL Users list
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthProvider | | description | Configuration for an authentication provider, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). |
|---|
| id | AuthProvider |
|---|
| properties | | audiences | | description | The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences: - "https://[service.name]/[google.protobuf.Api.name]" - "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService - https://library-example.googleapis.com/ Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com |
|---|
| type | string |
|---|
|
|---|
| authorizationUrl | | description | Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec. |
|---|
| type | string |
|---|
|
|---|
| id | | description | The unique identifier of the auth provider. It will be referred to by `AuthRequirement.provider_id`. Example: "bookstore_auth". |
|---|
| type | string |
|---|
|
|---|
| issuer | | description | Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com |
|---|
| type | string |
|---|
|
|---|
| jwksUri | | description | URL of the provider's public key set to validate signature of the JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). Optional if the key set document: - can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs |
|---|
| type | string |
|---|
|
|---|
| jwtLocations | | description | Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations: - header: Authorization value_prefix: "Bearer " - header: x-goog-iap-jwt-assertion - query: access_token |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthRequirement | | description | User-defined authentication requirements, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). |
|---|
| id | AuthRequirement |
|---|
| properties | | audiences | | description | NOTE: This will be deprecated soon, once AuthProvider.audiences is implemented and accepted in all the runtime components. The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://Service_name/API_name" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com |
|---|
| type | string |
|---|
|
|---|
| providerId | | description | id from authentication provider. Example: provider_id: bookstore_auth |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Authentication | | description | `Authentication` defines the authentication configuration for API methods provided by an API service. Example: name: calendar.googleapis.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth - selector: google.calendar.Delegate oauth: canonical_scopes: https://www.googleapis.com/auth/calendar.read |
|---|
| id | Authentication |
|---|
| properties | | providers | | description | Defines a set of authentication providers that a service supports. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of authentication rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthenticationRule | | description | Authentication rules for the service. By default, if a method has any authentication requirements, every request must include a valid credential matching one of the requirements. It's an error to include more than one kind of credential in a single request. If a method doesn't have any auth requirements, request credentials will be ignored. |
|---|
| id | AuthenticationRule |
|---|
| properties | | allowWithoutCredential | | description | If true, the service accepts API keys without any other credential. This flag only applies to HTTP and gRPC requests. |
|---|
| type | boolean |
|---|
|
|---|
| oauth | | $ref | OAuthRequirements |
|---|
| description | The requirements for OAuth credentials. |
|---|
|
|---|
| requirements | | description | Requirements for additional authentication providers. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Backend | | description | `Backend` defines the backend configuration for a service. |
|---|
| id | Backend |
|---|
| properties | | rules | | description | A list of API backend rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BackendRule | | description | A backend rule provides configuration for an individual API element. |
|---|
| id | BackendRule |
|---|
| properties | | address | | description | The address of the API backend. The scheme is used to determine the backend protocol and security. The following schemes are accepted: SCHEME PROTOCOL SECURITY http:// HTTP None https:// HTTP TLS grpc:// gRPC None grpcs:// gRPC TLS It is recommended to explicitly include a scheme. Leaving out the scheme may cause constrasting behaviors across platforms. If the port is unspecified, the default is: - 80 for schemes without TLS - 443 for schemes with TLS For HTTP backends, use protocol to specify the protocol version. |
|---|
| type | string |
|---|
|
|---|
| deadline | | description | The number of seconds to wait for a response from a request. The default varies based on the request protocol and deployment environment. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| disableAuth | | description | When disable_auth is true, a JWT ID token won't be generated and the original "Authorization" HTTP header will be preserved. If the header is used to carry the original token and is expected by the backend, this field must be set to true to preserve the header. |
|---|
| type | boolean |
|---|
|
|---|
| jwtAudience | | description | The JWT audience is used when generating a JWT ID token for the backend. This ID token will be added in the HTTP "authorization" header, and sent to the backend. |
|---|
| type | string |
|---|
|
|---|
| loadBalancingPolicy | | description | The load balancing policy used for connection to the application backend. Defined as an arbitrary string to accomondate custom load balancing policies supported by the underlying channel, but suggest most users use one of the standard policies, such as the default, "RoundRobin". |
|---|
| type | string |
|---|
|
|---|
| minDeadline | | deprecated | True |
|---|
| description | Deprecated, do not use. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| operationDeadline | | description | The number of seconds to wait for the completion of a long running operation. The default is no deadline. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| overridesByRequestProtocol | | additionalProperties | |
|---|
| description | The map between request protocol and the backend address. |
|---|
| type | object |
|---|
|
|---|
| pathTranslation | | enum | - PATH_TRANSLATION_UNSPECIFIED
- CONSTANT_ADDRESS
- APPEND_PATH_TO_ADDRESS
|
|---|
| enumDescriptions | - Use the backend address as-is, with no modification to the path. If the URL pattern contains variables, the variable names and values will be appended to the query string. If a query string parameter and a URL pattern variable have the same name, this may result in duplicate keys in the query string. # Examples Given the following operation config: Method path: /api/company/{cid}/user/{uid} Backend address: https://example.cloudfunctions.net/getUser Requests to the following request paths will call the backend at the translated path: Request path: /api/company/widgetworks/user/johndoe Translated: https://example.cloudfunctions.net/getUser?cid=widgetworks&uid=johndoe Request path: /api/company/widgetworks/user/johndoe?timezone=EST Translated: https://example.cloudfunctions.net/getUser?timezone=EST&cid=widgetworks&uid=johndoe
- The request path will be appended to the backend address. # Examples Given the following operation config: Method path: /api/company/{cid}/user/{uid} Backend address: https://example.appspot.com Requests to the following request paths will call the backend at the translated path: Request path: /api/company/widgetworks/user/johndoe Translated: https://example.appspot.com/api/company/widgetworks/user/johndoe Request path: /api/company/widgetworks/user/johndoe?timezone=EST Translated: https://example.appspot.com/api/company/widgetworks/user/johndoe?timezone=EST
|
|---|
| type | string |
|---|
|
|---|
| protocol | | description | The protocol used for sending a request to the backend. The supported values are "http/1.1" and "h2". The default value is inferred from the scheme in the address field: SCHEME PROTOCOL http:// http/1.1 https:// http/1.1 grpc:// h2 grpcs:// h2 For secure HTTP backends (https://) that support HTTP/2, set this field to "h2" for improved performance. Configuring this field to non-default values is only supported for secure HTTP backends. This field will be ignored for all other backends. See https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids for more details on the supported values. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Billing | | description | Billing related configuration of the service. The following example shows how to configure monitored resources and metrics for billing, `consumer_destinations` is the only supported destination and the monitored resources need at least one label key `cloud.googleapis.com/location` to indicate the location of the billing usage, using different monitored resources between monitoring and billing is recommended so they can be evolved independently: monitored_resources: - type: library.googleapis.com/billing_branch labels: - key: cloud.googleapis.com/location description: | Predefined label to support billing location restriction. - key: city description: | Custom label to define the city where the library branch is located in. - key: name description: Custom label to define the name of the library branch. metrics: - name: library.googleapis.com/book/borrowed_count metric_kind: DELTA value_type: INT64 unit: "1" billing: consumer_destinations: - monitored_resource: library.googleapis.com/billing_branch metrics: - library.googleapis.com/book/borrowed_count |
|---|
| id | Billing |
|---|
| properties | | consumerDestinations | | description | Billing configurations for sending metrics to the consumer project. There can be multiple consumer destinations per service, each one must have a different monitored resource type. A metric can be used in at most one consumer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BillingDestination | | description | Configuration of a specific billing destination (Currently only support bill against consumer project). |
|---|
| id | BillingDestination |
|---|
| properties | | metrics | | description | Names of the metrics to report to this billing destination. Each name must be defined in Service.metrics section. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Binding | | description | Associates `members`, or principals, with a `role`. |
|---|
| id | Binding |
|---|
| properties | | condition | | $ref | Expr |
|---|
| description | The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
|---|
|
|---|
| members | | description | Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| role | | description | Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ChangeReport | | description | Change report associated with a particular service configuration. It contains a list of ConfigChanges based on the comparison between two service configurations. |
|---|
| id | ChangeReport |
|---|
| properties | | configChanges | | description | List of changes between two service configurations. The changes will be alphabetically sorted based on the identifier of each change. A ConfigChange identifier is a dot separated path to the configuration. Example: visibility.rules[selector='LibraryService.CreateBook'].restriction |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ClientLibrarySettings | | description | Details about how and where to publish client libraries. |
|---|
| id | ClientLibrarySettings |
|---|
| properties | | cppSettings | | $ref | CppSettings |
|---|
| description | Settings for C++ client libraries. |
|---|
|
|---|
| dotnetSettings | | $ref | DotnetSettings |
|---|
| description | Settings for .NET client libraries. |
|---|
|
|---|
| goSettings | | $ref | GoSettings |
|---|
| description | Settings for Go client libraries. |
|---|
|
|---|
| javaSettings | | $ref | JavaSettings |
|---|
| description | Settings for legacy Java features, supported in the Service YAML. |
|---|
|
|---|
| launchStage | | description | Launch stage of this version of the API. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| nodeSettings | | $ref | NodeSettings |
|---|
| description | Settings for Node client libraries. |
|---|
|
|---|
| phpSettings | | $ref | PhpSettings |
|---|
| description | Settings for PHP client libraries. |
|---|
|
|---|
| pythonSettings | | $ref | PythonSettings |
|---|
| description | Settings for Python client libraries. |
|---|
|
|---|
| restNumericEnums | | description | When using transport=rest, the client request will encode enums as numbers rather than strings. |
|---|
| type | boolean |
|---|
|
|---|
| rubySettings | | $ref | RubySettings |
|---|
| description | Settings for Ruby client libraries. |
|---|
|
|---|
| version | | description | Version of the API to apply these settings to. This is the full protobuf package for the API, ending in the version element. Examples: "google.cloud.speech.v1" and "google.spanner.admin.database.v1". |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CommonLanguageSettings | | description | Required information for every language. |
|---|
| id | CommonLanguageSettings |
|---|
| properties | | destinations | | description | The destination where API teams want this client library to be published. |
|---|
| items | | enum | - CLIENT_LIBRARY_DESTINATION_UNSPECIFIED
- GITHUB
- PACKAGE_MANAGER
|
|---|
| enumDescriptions | - Client libraries will neither be generated nor published to package managers.
- Generate the client library in a repo under github.com/googleapis, but don't publish it to package managers.
- Publish the library to package managers like nuget.org and npmjs.com.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| referenceDocsUri | | deprecated | True |
|---|
| description | Link to automatically generated reference documentation. Example: https://cloud.google.com/nodejs/docs/reference/asset/latest |
|---|
| type | string |
|---|
|
|---|
| selectiveGapicGeneration | | $ref | SelectiveGapicGeneration |
|---|
| description | Configuration for which RPCs should be generated in the GAPIC client. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ConfigChange | | description | Output generated from semantically comparing two versions of a service configuration. Includes detailed information about a field that have changed with applicable advice about potential consequences for the change, such as backwards-incompatibility. |
|---|
| id | ConfigChange |
|---|
| properties | | advices | | description | Collection of advice provided for this change, useful for determining the possible impact of this change. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| changeType | | description | The type for this change, either ADDED, REMOVED, or MODIFIED. |
|---|
| enum | - CHANGE_TYPE_UNSPECIFIED
- ADDED
- REMOVED
- MODIFIED
|
|---|
| enumDescriptions | - No value was provided.
- The changed object exists in the 'new' service configuration, but not in the 'old' service configuration.
- The changed object exists in the 'old' service configuration, but not in the 'new' service configuration.
- The changed object exists in both service configurations, but its value is different.
|
|---|
| type | string |
|---|
|
|---|
| element | | description | Object hierarchy path to the change, with levels separated by a '.' character. For repeated fields, an applicable unique identifier field is used for the index (usually selector, name, or id). For maps, the term 'key' is used. If the field has no unique identifier, the numeric index is used. Examples: - visibility.rules[selector=="google.LibraryService.ListBooks"].restriction - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value - logging.producer_destinations[0] |
|---|
| type | string |
|---|
|
|---|
| newValue | | description | Value of the changed object in the new Service configuration, in JSON format. This field will not be populated if ChangeType == REMOVED. |
|---|
| type | string |
|---|
|
|---|
| oldValue | | description | Value of the changed object in the old Service configuration, in JSON format. This field will not be populated if ChangeType == ADDED. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ConfigFile | | description | Generic specification of a source configuration file |
|---|
| id | ConfigFile |
|---|
| properties | | fileContents | | description | The bytes that constitute the file. |
|---|
| format | byte |
|---|
| type | string |
|---|
|
|---|
| filePath | | description | The file name of the configuration file (full or relative path). |
|---|
| type | string |
|---|
|
|---|
| fileType | | description | The type of configuration file this represents. |
|---|
| enum | - FILE_TYPE_UNSPECIFIED
- SERVICE_CONFIG_YAML
- OPEN_API_JSON
- OPEN_API_YAML
- FILE_DESCRIPTOR_SET_PROTO
- PROTO_FILE
|
|---|
| enumDescriptions | - Unknown file type.
- YAML-specification of service.
- OpenAPI specification, serialized in JSON.
- OpenAPI specification, serialized in YAML.
- FileDescriptorSet, generated by protoc. To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. $protoc --include_imports --include_source_info test.proto -o out.pb
- Uncompiled Proto file. Used for storage and display purposes only, currently server-side compilation is not supported. Should match the inputs to 'protoc' command used to generated FILE_DESCRIPTOR_SET_PROTO. A file of this type can only be included if at least one file of type FILE_DESCRIPTOR_SET_PROTO is included.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ConfigRef | | description | Represents a service configuration with its name and id. |
|---|
| id | ConfigRef |
|---|
| properties | | name | | description | Resource name of a service config. It must have the following format: "services/{service name}/configs/{config id}". |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ConfigSource | | description | Represents a source file which is used to generate the service configuration defined by `google.api.Service`. |
|---|
| id | ConfigSource |
|---|
| properties | | files | | description | Set of source configuration files that are used to generate a service configuration (`google.api.Service`). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| id | | description | A unique ID for a specific instance of this message, typically assigned by the client for tracking purpose. If empty, the server may choose to generate one instead. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Context | | description | `Context` defines which contexts an API requests. Example: context: rules: - selector: "*" requested: - google.rpc.context.ProjectContext - google.rpc.context.OriginContext The above specifies that all methods in the API request `google.rpc.context.ProjectContext` and `google.rpc.context.OriginContext`. Available context types are defined in package `google.rpc.context`. This also provides mechanism to allowlist any protobuf message extension that can be sent in grpc metadata using “x-goog-ext--bin” and “x-goog-ext--jspb” format. For example, list any service specific protobuf types that can appear in grpc metadata as follows in your yaml file: Example: context: rules: - selector: "google.example.library.v1.LibraryService.CreateBook" allowed_request_extensions: - google.foo.v1.NewExtension allowed_response_extensions: - google.foo.v1.NewExtension You can also specify extension ID instead of fully qualified extension name here. |
|---|
| id | Context |
|---|
| properties | | rules | | description | A list of RPC context rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ContextRule | | description | A context rule provides information about the context for an individual API element. |
|---|
| id | ContextRule |
|---|
| properties | | allowedRequestExtensions | | description | A list of full type names or extension IDs of extensions allowed in grpc side channel from client to backend. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| allowedResponseExtensions | | description | A list of full type names or extension IDs of extensions allowed in grpc side channel from backend to client. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| provided | | description | A list of full type names of provided contexts. It is used to support propagating HTTP headers and ETags from the response extension. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requested | | description | A list of full type names of requested contexts, only the requested context will be made available to the backend. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Control | | description | Selects and configures the service controller used by the service. Example: control: environment: servicecontrol.googleapis.com |
|---|
| id | Control |
|---|
| properties | | environment | | description | The service controller environment to use. If empty, no control plane feature (like quota and billing) will be enabled. The recommended value for most services is servicecontrol.googleapis.com |
|---|
| type | string |
|---|
|
|---|
| methodPolicies | | description | Defines policies applying to the API methods of the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CppSettings | | description | Settings for C++ client libraries. |
|---|
| id | CppSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CustomError | | description | Customize service error responses. For example, list any service specific protobuf types that can appear in error detail lists of error responses. Example: custom_error: types: - google.foo.v1.CustomError - google.foo.v1.AnotherError |
|---|
| id | CustomError |
|---|
| properties | | rules | | description | The list of custom error rules that apply to individual API messages. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| types | | description | The list of custom error detail types, e.g. 'google.foo.v1.CustomError'. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CustomErrorRule | | description | A custom error rule. |
|---|
| id | CustomErrorRule |
|---|
| properties | | isErrorType | | description | Mark this message as possible payload in error response. Otherwise, objects of this type will be filtered when they appear in error payload. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects messages to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CustomHttpPattern | | description | A custom pattern is used for defining custom HTTP verb. |
|---|
| id | CustomHttpPattern |
|---|
| properties | | kind | | description | The name of this custom HTTP verb. |
|---|
| type | string |
|---|
|
|---|
| path | | description | The path matched by this custom verb. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DeleteServiceStrategy | | description | Strategy used to delete a service. This strategy is a placeholder only used by the system generated rollout to delete a service. |
|---|
| id | DeleteServiceStrategy |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Diagnostic | | description | Represents a diagnostic message (error or warning) |
|---|
| id | Diagnostic |
|---|
| properties | | kind | | description | The kind of diagnostic information provided. |
|---|
| enum | |
|---|
| enumDescriptions | - Warnings and errors
- Only errors
|
|---|
| type | string |
|---|
|
|---|
| location | | description | File name and line number of the error or warning. |
|---|
| type | string |
|---|
|
|---|
| message | | description | Message describing the error or warning. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Documentation | | description | `Documentation` provides the information for describing a service. Example: documentation: summary: > The Google Calendar API gives access to most calendar features. pages: - name: Overview content: (== include google/foo/overview.md ==) - name: Tutorial content: (== include google/foo/tutorial.md ==) subpages: - name: Java content: (== include google/foo/tutorial_java.md ==) rules: - selector: google.calendar.Calendar.Get description: > ... - selector: google.calendar.Calendar.Put description: > ... Documentation is provided in markdown syntax. In addition to standard markdown features, definition lists, tables and fenced code blocks are supported. Section headers can be provided and are interpreted relative to the section nesting of the context where a documentation fragment is embedded. Documentation from the IDL is merged with documentation defined via the config at normalization time, where documentation provided by config rules overrides IDL provided. A number of constructs specific to the API platform are supported in documentation text. In order to reference a proto element, the following notation can be used: [fully.qualified.proto.name][] To override the display text used for the link, this can be used: [display text][fully.qualified.proto.name] Text can be excluded from doc using the following notation: (-- internal comment --) A few directives are available in documentation. Note that directives must appear on a single line to be properly identified. The `include` directive includes a markdown file from an external source: (== include path/to/file ==) The `resource_for` directive marks a message to be the resource of a collection in REST view. If it is not specified, tools attempt to infer the resource from the operations in a collection: (== resource_for v1.shelves.books ==) The directive `suppress_warning` does not directly affect documentation and is documented together with service config validation. |
|---|
| id | Documentation |
|---|
| properties | | additionalIamInfo | | description | Optional information about the IAM configuration. This is typically used to link to documentation about a product's IAM roles and permissions. |
|---|
| type | string |
|---|
|
|---|
| documentationRootUrl | | description | The URL to the root of documentation. |
|---|
| type | string |
|---|
|
|---|
| overview | | description | Declares a single overview page. For example: documentation: summary: ... overview: (== include overview.md ==) This is a shortcut for the following declaration (using pages style): documentation: summary: ... pages: - name: Overview content: (== include overview.md ==) Note: you cannot specify both `overview` field and `pages` field. |
|---|
| type | string |
|---|
|
|---|
| pages | | description | The top level pages for the documentation set. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of documentation rules that apply to individual API elements. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sectionOverrides | | description | Specifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| serviceRootUrl | | description | Specifies the service root url if the default one (the service name from the yaml file) is not suitable. This can be seen in any fully specified service urls as well as sections that show a base that other urls are relative to. |
|---|
| type | string |
|---|
|
|---|
| summary | | description | A short description of what the service does. The summary must be plain text. It becomes the overview of the service displayed in Google Cloud Console. NOTE: This field is equivalent to the standard field `description`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DocumentationRule | | description | A documentation rule provides information about individual API elements. |
|---|
| id | DocumentationRule |
|---|
| properties | | deprecationDescription | | description | Deprecation description of the selected element(s). It can be provided if an element is marked as `deprecated`. |
|---|
| type | string |
|---|
|
|---|
| description | | description | Description of the selected proto element (e.g. a message, a method, a 'service' definition, or a field). Defaults to leading & trailing comments taken from the proto source definition of the proto element. |
|---|
| type | string |
|---|
|
|---|
| disableReplacementWords | | description | String of comma or space separated case-sensitive words for which method/field name replacement will be disabled. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | The selector is a comma-separated list of patterns for any element such as a method, a field, an enum value. Each pattern is a qualified name of the element which may end in "*", indicating a wildcard. Wildcards are only allowed at the end and for a whole component of the qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A wildcard will match one or more components. To specify a default for all applicable elements, the whole pattern "*" is used. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DotnetSettings | | description | Settings for Dotnet client libraries. |
|---|
| id | DotnetSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
| forcedNamespaceAliases | | description | Namespaces which must be aliased in snippets due to a known (but non-generator-predictable) naming collision |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| handwrittenSignatures | | description | Method signatures (in the form "service.method(signature)") which are provided separately, so shouldn't be generated. Snippets *calling* these methods are still generated, however. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| ignoredResources | | description | List of full resource types to ignore during generation. This is typically used for API-specific Location resources, which should be handled by the generator as if they were actually the common Location resources. Example entry: "documentai.googleapis.com/Location" |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| renamedResources | | additionalProperties | |
|---|
| description | Map from full resource types to the effective short name for the resource. This is used when otherwise resource named from different services would cause naming collisions. Example entry: "datalabeling.googleapis.com/Dataset": "DataLabelingDataset" |
|---|
| type | object |
|---|
|
|---|
| renamedServices | | additionalProperties | |
|---|
| description | Map from original service names to renamed versions. This is used when the default generated types would cause a naming conflict. (Neither name is fully-qualified.) Example: Subscriber to SubscriberServiceApi. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnableServiceRequest | | description | Request message for EnableService method. |
|---|
| id | EnableServiceRequest |
|---|
| properties | | consumerId | | description | Required. The identity of consumer resource which service enablement will be applied to. The Google Service Management implementation accepts the following forms: - "project:" Note: this is made compatible with google.api.servicecontrol.v1.Operation.consumer_id. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnableServiceResponse | | description | Operation payload for EnableService method. |
|---|
| id | EnableServiceResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Endpoint | | description | `Endpoint` describes a network address of a service that serves a set of APIs. It is commonly known as a service endpoint. A service may expose any number of service endpoints, and all service endpoints share the same service definition, such as quota limits and monitoring metrics. Example: type: google.api.Service name: library-example.googleapis.com endpoints: # Declares network address `https://library-example.googleapis.com` # for service `library-example.googleapis.com`. The `https` scheme # is implicit for all service endpoints. Other schemes may be # supported in the future. - name: library-example.googleapis.com allow_cors: false - name: content-staging-library-example.googleapis.com # Allows HTTP OPTIONS calls to be passed to the API frontend, for it # to decide whether the subsequent cross-origin request is allowed # to proceed. allow_cors: true |
|---|
| id | Endpoint |
|---|
| properties | | aliases | | description | Aliases for this endpoint, these will be served by the same UrlMap as the parent endpoint, and will be provisioned in the GCP stack for the Regional Endpoints. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| allowCors | | description | Allowing [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka cross-domain traffic, would allow the backends served from this endpoint to receive and respond to HTTP OPTIONS requests. The response will be used by the browser to determine whether the subsequent cross-origin request is allowed to proceed. |
|---|
| type | boolean |
|---|
|
|---|
| name | | description | The canonical name of this endpoint. |
|---|
| type | string |
|---|
|
|---|
| target | | description | The specification of an Internet routable address of API frontend that will handle requests to this [API Endpoint](https://cloud.google.com/apis/design/glossary). It should be either a valid IPv4 address or a fully-qualified domain name. For example, "8.8.8.8" or "myservice.appspot.com". |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Enum | | description | Enum type definition. |
|---|
| id | Enum |
|---|
| properties | | edition | | description | The source edition string, only valid when syntax is SYNTAX_EDITIONS. |
|---|
| type | string |
|---|
|
|---|
| enumvalue | | description | Enum value definitions. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | Enum type name. |
|---|
| type | string |
|---|
|
|---|
| options | | description | Protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sourceContext | | $ref | SourceContext |
|---|
| description | The source context. |
|---|
|
|---|
| syntax | | description | The source syntax. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
- SYNTAX_EDITIONS
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
- Syntax `editions`.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnumValue | | description | Enum value definition. |
|---|
| id | EnumValue |
|---|
| properties | | name | | description | Enum value name. |
|---|
| type | string |
|---|
|
|---|
| number | | description | Enum value number. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| options | | description | Protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ExperimentalFeatures | | description | Experimental features to be included during client library generation. These fields will be deprecated once the feature graduates and is enabled by default. |
|---|
| id | ExperimentalFeatures |
|---|
| properties | | protobufPythonicTypesEnabled | | description | Enables generation of protobuf code using new types that are more Pythonic which are included in `protobuf>=5.29.x`. This feature will be enabled by default 1 month after launching the feature in preview packages. |
|---|
| type | boolean |
|---|
|
|---|
| restAsyncIoEnabled | | description | Enables generation of asynchronous REST clients if `rest` transport is enabled. By default, asynchronous REST clients will not be generated. This feature will be enabled by default 1 month after launching the feature in preview packages. |
|---|
| type | boolean |
|---|
|
|---|
| unversionedPackageDisabled | | description | Disables generation of an unversioned Python package for this client library. This means that the module names will need to be versioned in import statements. For example `import google.cloud.library_v2` instead of `import google.cloud.library`. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Expr | | description | Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. |
|---|
| id | Expr |
|---|
| properties | | description | | description | Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. |
|---|
| type | string |
|---|
|
|---|
| expression | | description | Textual representation of an expression in Common Expression Language syntax. |
|---|
| type | string |
|---|
|
|---|
| location | | description | Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. |
|---|
| type | string |
|---|
|
|---|
| title | | description | Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Field | | description | A single field of a message type. |
|---|
| id | Field |
|---|
| properties | | cardinality | | description | The field cardinality. |
|---|
| enum | - CARDINALITY_UNKNOWN
- CARDINALITY_OPTIONAL
- CARDINALITY_REQUIRED
- CARDINALITY_REPEATED
|
|---|
| enumDescriptions | - For fields with unknown cardinality.
- For optional fields.
- For required fields. Proto2 syntax only.
- For repeated fields.
|
|---|
| type | string |
|---|
|
|---|
| defaultValue | | description | The string value of the default value of this field. Proto2 syntax only. |
|---|
| type | string |
|---|
|
|---|
| jsonName | | description | The field JSON name. |
|---|
| type | string |
|---|
|
|---|
| kind | | description | The field type. |
|---|
| enum | - TYPE_UNKNOWN
- TYPE_DOUBLE
- TYPE_FLOAT
- TYPE_INT64
- TYPE_UINT64
- TYPE_INT32
- TYPE_FIXED64
- TYPE_FIXED32
- TYPE_BOOL
- TYPE_STRING
- TYPE_GROUP
- TYPE_MESSAGE
- TYPE_BYTES
- TYPE_UINT32
- TYPE_ENUM
- TYPE_SFIXED32
- TYPE_SFIXED64
- TYPE_SINT32
- TYPE_SINT64
|
|---|
| enumDescriptions | - Field type unknown.
- Field type double.
- Field type float.
- Field type int64.
- Field type uint64.
- Field type int32.
- Field type fixed64.
- Field type fixed32.
- Field type bool.
- Field type string.
- Field type group. Proto2 syntax only, and deprecated.
- Field type message.
- Field type bytes.
- Field type uint32.
- Field type enum.
- Field type sfixed32.
- Field type sfixed64.
- Field type sint32.
- Field type sint64.
|
|---|
| type | string |
|---|
|
|---|
| name | | description | The field name. |
|---|
| type | string |
|---|
|
|---|
| number | | description | The field number. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| oneofIndex | | description | The index of the field type in `Type.oneofs`, for message or enumeration types. The first type has index 1; zero means the type is not in the list. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| options | | description | The protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| packed | | description | Whether to use alternative packed wire representation. |
|---|
| type | boolean |
|---|
|
|---|
| typeUrl | | description | The field type URL, without the scheme, for message or enumeration types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FieldPolicy | | description | Google API Policy Annotation This message defines a simple API policy annotation that can be used to annotate API request and response message fields with applicable policies. One field may have multiple applicable policies that must all be satisfied before a request can be processed. This policy annotation is used to generate the overall policy that will be used for automatic runtime policy enforcement and documentation generation. |
|---|
| id | FieldPolicy |
|---|
| properties | | resourcePermission | | description | Specifies the required permission(s) for the resource referred to by the field. It requires the field contains a valid resource reference, and the request must pass the permission checks to proceed. For example, "resourcemanager.projects.get". |
|---|
| type | string |
|---|
|
|---|
| resourceType | | description | Specifies the resource type for the resource referred to by the field. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects one or more request or response message fields to apply this `FieldPolicy`. When a `FieldPolicy` is used in proto annotation, the selector must be left as empty. The service config generator will automatically fill the correct value. When a `FieldPolicy` is used in service config, the selector must be a comma-separated string with valid request or response field paths, such as "foo.bar" or "foo.bar,foo.baz". |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FlowErrorDetails | | description | Encapsulation of flow-specific error details for debugging. Used as a details field on an error Status, not intended for external use. |
|---|
| id | FlowErrorDetails |
|---|
| properties | | exceptionType | | description | The type of exception (as a class name). |
|---|
| type | string |
|---|
|
|---|
| flowStepId | | description | The step that failed. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GenerateConfigReportRequest | | description | Request message for GenerateConfigReport method. |
|---|
| id | GenerateConfigReportRequest |
|---|
| properties | | newConfig | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | Required. Service configuration for which we want to generate the report. For this version of API, the supported types are google.api.servicemanagement.v1.ConfigRef, google.api.servicemanagement.v1.ConfigSource, and google.api.Service |
|---|
| type | object |
|---|
|
|---|
| oldConfig | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | Optional. Service configuration against which the comparison will be done. For this version of API, the supported types are google.api.servicemanagement.v1.ConfigRef, google.api.servicemanagement.v1.ConfigSource, and google.api.Service |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GenerateConfigReportResponse | | description | Response message for GenerateConfigReport method. |
|---|
| id | GenerateConfigReportResponse |
|---|
| properties | | changeReports | | description | list of ChangeReport, each corresponding to comparison between two service configurations. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| diagnostics | | description | Errors / Linter warnings associated with the service definition this report belongs to. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| id | | description | ID of the service configuration this report belongs to. |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | Name of the service this report belongs to. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GetIamPolicyRequest | | description | Request message for `GetIamPolicy` method. |
|---|
| id | GetIamPolicyRequest |
|---|
| properties | | options | | $ref | GetPolicyOptions |
|---|
| description | OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GetPolicyOptions | | description | Encapsulates settings provided to GetIamPolicy. |
|---|
| id | GetPolicyOptions |
|---|
| properties | | requestedPolicyVersion | | description | Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GoSettings | | description | Settings for Go client libraries. |
|---|
| id | GoSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
| renamedServices | | additionalProperties | |
|---|
| description | Map of service names to renamed services. Keys are the package relative service names and values are the name to be used for the service client and call options. publishing: go_settings: renamed_services: Publisher: TopicAdmin |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Http | | description | Defines the HTTP configuration for an API service. It contains a list of HttpRule, each specifying the mapping of an RPC method to one or more HTTP REST API methods. |
|---|
| id | Http |
|---|
| properties | | fullyDecodeReservedExpansion | | description | When set to true, URL path parameters will be fully URI-decoded except in cases of single segment matches in reserved expansion, where "%2F" will be left encoded. The default behavior is to not decode RFC 6570 reserved characters in multi segment matches. |
|---|
| type | boolean |
|---|
|
|---|
| rules | | description | A list of HTTP configuration rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpRule | | description | gRPC Transcoding gRPC Transcoding is a feature for mapping between a gRPC method and one or more HTTP REST endpoints. It allows developers to build a single API service that supports both gRPC APIs and REST APIs. Many systems, including [Google APIs](https://github.com/googleapis/googleapis), [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC Gateway](https://github.com/grpc-ecosystem/grpc-gateway), and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature and use it for large scale production services. `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies how different portions of the gRPC request message are mapped to the URL path, URL query parameters, and HTTP request body. It also controls how the gRPC response message is mapped to the HTTP response body. `HttpRule` is typically specified as an `google.api.http` annotation on the gRPC method. Each mapping specifies a URL path template and an HTTP method. The path template may refer to one or more fields in the gRPC request message, as long as each field is a non-repeated field with a primitive (non-message) type. The path template controls how fields of the request message are mapped to the URL path. Example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get: "/v1/{name=messages/*}" }; } } message GetMessageRequest { string name = 1; // Mapped to URL path. } message Message { string text = 1; // The resource content. } This enables an HTTP REST to gRPC mapping as below: - HTTP: `GET /v1/messages/123456` - gRPC: `GetMessage(name: "messages/123456")` Any fields in the request message which are not bound by the path template automatically become HTTP query parameters if there is no HTTP request body. For example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get:"/v1/messages/{message_id}" }; } } message GetMessageRequest { message SubMessage { string subfield = 1; } string message_id = 1; // Mapped to URL path. int64 revision = 2; // Mapped to URL query parameter `revision`. SubMessage sub = 3; // Mapped to URL query parameter `sub.subfield`. } This enables a HTTP JSON to RPC mapping as below: - HTTP: `GET /v1/messages/123456?revision=2&sub.subfield=foo` - gRPC: `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: "foo"))` Note that fields which are mapped to URL query parameters must have a primitive type or a repeated primitive type or a non-repeated message type. In the case of a repeated type, the parameter can be repeated in the URL as `...?param=A¶m=B`. In the case of a message type, each field of the message is mapped to a separate parameter, such as `...?foo.a=A&foo.b=B&foo.c=C`. For HTTP methods that allow a request body, the `body` field specifies the mapping. Consider a REST update method on the message resource collection: service Messaging { rpc UpdateMessage(UpdateMessageRequest) returns (Message) { option (google.api.http) = { patch: "/v1/messages/{message_id}" body: "message" }; } } message UpdateMessageRequest { string message_id = 1; // mapped to the URL Message message = 2; // mapped to the body } The following HTTP JSON to RPC mapping is enabled, where the representation of the JSON in the request body is determined by protos JSON encoding: - HTTP: `PATCH /v1/messages/123456 { "text": "Hi!" }` - gRPC: `UpdateMessage(message_id: "123456" message { text: "Hi!" })` The special name `*` can be used in the body mapping to define that every field not bound by the path template should be mapped to the request body. This enables the following alternative definition of the update method: service Messaging { rpc UpdateMessage(Message) returns (Message) { option (google.api.http) = { patch: "/v1/messages/{message_id}" body: "*" }; } } message Message { string message_id = 1; string text = 2; } The following HTTP JSON to RPC mapping is enabled: - HTTP: `PATCH /v1/messages/123456 { "text": "Hi!" }` - gRPC: `UpdateMessage(message_id: "123456" text: "Hi!")` Note that when using `*` in the body mapping, it is not possible to have HTTP parameters, as all fields not bound by the path end in the body. This makes this option more rarely used in practice when defining REST APIs. The common usage of `*` is in custom methods which don't use the URL at all for transferring data. It is possible to define multiple HTTP methods for one RPC by using the `additional_bindings` option. Example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get: "/v1/messages/{message_id}" additional_bindings { get: "/v1/users/{user_id}/messages/{message_id}" } }; } } message GetMessageRequest { string message_id = 1; string user_id = 2; } This enables the following two alternative HTTP JSON to RPC mappings: - HTTP: `GET /v1/messages/123456` - gRPC: `GetMessage(message_id: "123456")` - HTTP: `GET /v1/users/me/messages/123456` - gRPC: `GetMessage(user_id: "me" message_id: "123456")` Rules for HTTP mapping 1. Leaf request fields (recursive expansion nested messages in the request message) are classified into three categories: - Fields referred by the path template. They are passed via the URL path. - Fields referred by the HttpRule.body. They are passed via the HTTP request body. - All other fields are passed via the URL query parameters, and the parameter name is the field path in the request message. A repeated field can be represented as multiple query parameters under the same name. 2. If HttpRule.body is "*", there is no URL query parameter, all fields are passed via URL path and HTTP request body. 3. If HttpRule.body is omitted, there is no HTTP request body, all fields are passed via URL path and URL query parameters. Path template syntax Template = "/" Segments [ Verb ] ; Segments = Segment { "/" Segment } ; Segment = "*" | "**" | LITERAL | Variable ; Variable = "{" FieldPath [ "=" Segments ] "}" ; FieldPath = IDENT { "." IDENT } ; Verb = ":" LITERAL ; The syntax `*` matches a single URL path segment. The syntax `**` matches zero or more URL path segments, which must be the last part of the URL path except the `Verb`. The syntax `Variable` matches part of the URL path as specified by its template. A variable template must not contain other variables. If a variable matches a single path segment, its template may be omitted, e.g. `{var}` is equivalent to `{var=*}`. The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL` contains any reserved character, such characters should be percent-encoded before the matching. If a variable contains exactly one path segment, such as `"{var}"` or `"{var=*}"`, when such a variable is expanded into a URL path on the client side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The server side does the reverse decoding. Such variables show up in the [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) as `{var}`. If a variable contains multiple path segments, such as `"{var=foo/*}"` or `"{var=**}"`, when such a variable is expanded into a URL path on the client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded. The server side does the reverse decoding, except "%2F" and "%2f" are left unchanged. Such variables show up in the [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) as `{+var}`. Using gRPC API Service Configuration gRPC API Service Configuration (service config) is a configuration language for configuring a gRPC service to become a user-facing product. The service config is simply the YAML representation of the `google.api.Service` proto message. As an alternative to annotating your proto file, you can configure gRPC transcoding in your service config YAML files. You do this by specifying a `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same effect as the proto annotation. This can be particularly useful if you have a proto that is reused in multiple services. Note that any transcoding specified in the service config will override any matching transcoding configuration in the proto. The following example selects a gRPC method and applies an `HttpRule` to it: http: rules: - selector: example.v1.Messaging.GetMessage get: /v1/messages/{message_id}/{sub.subfield} Special notes When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the proto to JSON conversion must follow the [proto3 specification](https://developers.google.com/protocol-buffers/docs/proto3#json). While the single segment variable follows the semantics of [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String Expansion, the multi segment variable **does not** follow RFC 6570 Section 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion does not expand special characters like `?` and `#`, which would lead to invalid URLs. As the result, gRPC Transcoding uses a custom encoding for multi segment variables. The path variables **must not** refer to any repeated or mapped field, because client libraries are not capable of handling such variable expansion. The path variables **must not** capture the leading "/" character. The reason is that the most common use case "{var}" does not capture the leading "/" character. For consistency, all path variables must share the same behavior. Repeated message fields must not be mapped to URL query parameters, because no client library can support such complicated mapping. If an API needs to use a JSON array for request or response body, it can map the request or response body to a repeated field. However, some gRPC Transcoding implementations may not support this feature. |
|---|
| id | HttpRule |
|---|
| properties | | additionalBindings | | description | Additional HTTP bindings for the selector. Nested bindings must not contain an `additional_bindings` field themselves (that is, the nesting may only be one level deep). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| body | | description | The name of the request field whose value is mapped to the HTTP request body, or `*` for mapping all request fields not captured by the path pattern to the HTTP body, or omitted for not having any HTTP request body. NOTE: the referred field must be present at the top-level of the request message type. |
|---|
| type | string |
|---|
|
|---|
| custom | | $ref | CustomHttpPattern |
|---|
| description | The custom pattern is used for specifying an HTTP method that is not included in the `pattern` field, such as HEAD, or "*" to leave the HTTP method unspecified for this rule. The wild-card rule is useful for services that provide content to Web (HTML) clients. |
|---|
|
|---|
| delete | | description | Maps to HTTP DELETE. Used for deleting a resource. |
|---|
| type | string |
|---|
|
|---|
| get | | description | Maps to HTTP GET. Used for listing and getting information about resources. |
|---|
| type | string |
|---|
|
|---|
| patch | | description | Maps to HTTP PATCH. Used for updating a resource. |
|---|
| type | string |
|---|
|
|---|
| post | | description | Maps to HTTP POST. Used for creating a resource or performing an action. |
|---|
| type | string |
|---|
|
|---|
| put | | description | Maps to HTTP PUT. Used for replacing a resource. |
|---|
| type | string |
|---|
|
|---|
| responseBody | | description | Optional. The name of the response field whose value is mapped to the HTTP response body. When omitted, the entire response message will be used as the HTTP response body. NOTE: The referred field must be present at the top-level of the response message type. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects a method to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JavaSettings | | description | Settings for Java client libraries. |
|---|
| id | JavaSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
| libraryPackage | | description | The package name to use in Java. Clobbers the java_package option set in the protobuf. This should be used **only** by APIs who have already set the language_settings.java.package_name" field in gapic.yaml. API teams should use the protobuf java_package option where possible. Example of a YAML configuration:: publishing: library_settings: java_settings: library_package: com.google.cloud.pubsub.v1 |
|---|
| type | string |
|---|
|
|---|
| serviceClassNames | | additionalProperties | |
|---|
| description | Configure the Java class name to use instead of the service's for its corresponding generated GAPIC client. Keys are fully-qualified service names as they appear in the protobuf (including the full the language_settings.java.interface_names" field in gapic.yaml. API teams should otherwise use the service name as it appears in the protobuf. Example of a YAML configuration:: publishing: java_settings: service_class_names: - google.pubsub.v1.Publisher: TopicAdmin - google.pubsub.v1.Subscriber: SubscriptionAdmin |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JwtLocation | | description | Specifies a location to extract JWT from an API request. |
|---|
| id | JwtLocation |
|---|
| properties | | cookie | | description | Specifies cookie name to extract JWT token. |
|---|
| type | string |
|---|
|
|---|
| header | | description | Specifies HTTP header name to extract JWT token. |
|---|
| type | string |
|---|
|
|---|
| query | | description | Specifies URL query parameter name to extract JWT token. |
|---|
| type | string |
|---|
|
|---|
| valuePrefix | | description | The value prefix. The value format is "value_prefix{token}" Only applies to "in" header type. Must be empty for "in" query type. If not empty, the header value has to match (case sensitive) this prefix. If not matched, JWT will not be extracted. If matched, JWT will be extracted after the prefix is removed. For example, for "Authorization: Bearer {JWT}", value_prefix="Bearer " with a space at the end. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LabelDescriptor | | description | A description of a label. |
|---|
| id | LabelDescriptor |
|---|
| properties | | description | | description | A human-readable description for the label. |
|---|
| type | string |
|---|
|
|---|
| key | | description | The label key. |
|---|
| type | string |
|---|
|
|---|
| valueType | | description | The type of data that can be assigned to the label. |
|---|
| enum | |
|---|
| enumDescriptions | - A variable-length string. This is the default.
- Boolean; true or false.
- A 64-bit signed integer.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ListOperationsResponse | | description | The response message for Operations.ListOperations. |
|---|
| id | ListOperationsResponse |
|---|
| properties | | nextPageToken | | description | The standard List next-page token. |
|---|
| type | string |
|---|
|
|---|
| operations | | description | A list of operations that matches the specified filter in the request. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ListServiceConfigsResponse | | description | Response message for ListServiceConfigs method. |
|---|
| id | ListServiceConfigsResponse |
|---|
| properties | | nextPageToken | | description | The token of the next page of results. |
|---|
| type | string |
|---|
|
|---|
| serviceConfigs | | description | The list of service configuration resources. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ListServiceRolloutsResponse | | description | Response message for ListServiceRollouts method. |
|---|
| id | ListServiceRolloutsResponse |
|---|
| properties | | nextPageToken | | description | The token of the next page of results. |
|---|
| type | string |
|---|
|
|---|
| rollouts | | description | The list of rollout resources. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ListServicesResponse | | description | Response message for `ListServices` method. |
|---|
| id | ListServicesResponse |
|---|
| properties | | nextPageToken | | description | Token that can be passed to `ListServices` to resume a paginated query. |
|---|
| type | string |
|---|
|
|---|
| services | | description | The returned services will only have the name field set. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LogDescriptor | | description | A description of a log type. Example in YAML format: - name: library.googleapis.com/activity_history description: The history of borrowing and returning library items. display_name: Activity labels: - key: /customer_id description: Identifier of a library customer |
|---|
| id | LogDescriptor |
|---|
| properties | | description | | description | A human-readable description of this log. This information appears in the documentation and can contain details. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | The human-readable name for this log. This information appears on the user interface and should be concise. |
|---|
| type | string |
|---|
|
|---|
| labels | | description | The set of labels that are available to describe a specific log entry. Runtime requests that contain labels not specified here are considered invalid. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The name of the log. It must be less than 512 characters long and can include the following characters: upper- and lower-case alphanumeric characters [A-Za-z0-9], and punctuation characters including slash, underscore, hyphen, period [/_-.]. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Logging | | description | Logging configuration of the service. The following example shows how to configure logs to be sent to the producer and consumer projects. In the example, the `activity_history` log is sent to both the producer and consumer projects, whereas the `purchase_history` log is only sent to the producer project. monitored_resources: - type: library.googleapis.com/branch labels: - key: /city description: The city where the library branch is located in. - key: /name description: The name of the branch. logs: - name: activity_history labels: - key: /customer_id - name: purchase_history logging: producer_destinations: - monitored_resource: library.googleapis.com/branch logs: - activity_history - purchase_history consumer_destinations: - monitored_resource: library.googleapis.com/branch logs: - activity_history |
|---|
| id | Logging |
|---|
| properties | | consumerDestinations | | description | Logging configurations for sending logs to the consumer project. There can be multiple consumer destinations, each one must have a different monitored resource type. A log can be used in at most one consumer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| producerDestinations | | description | Logging configurations for sending logs to the producer project. There can be multiple producer destinations, each one must have a different monitored resource type. A log can be used in at most one producer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LoggingDestination | | description | Configuration of a specific logging destination (the producer project or the consumer project). |
|---|
| id | LoggingDestination |
|---|
| properties | | logs | | description | Names of the logs to be sent to this destination. Each name must be defined in the Service.logs section. If the log name is not a domain scoped name, it will be automatically prefixed with the service name followed by "/". |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in the Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LongRunning | | description | Describes settings to use when generating API methods that use the long-running operation pattern. All default values below are from those used in the client library generators (e.g. [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)). |
|---|
| id | LongRunning |
|---|
| properties | | initialPollDelay | | description | Initial delay after which the first poll request will be made. Default value: 5 seconds. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| maxPollDelay | | description | Maximum time between two subsequent poll requests. Default value: 45 seconds. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| pollDelayMultiplier | | description | Multiplier to gradually increase delay between subsequent polls until it reaches max_poll_delay. Default value: 1.5. |
|---|
| format | float |
|---|
| type | number |
|---|
|
|---|
| totalPollTimeout | | description | Total polling timeout. Default value: 5 minutes. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ManagedService | | description | The full representation of a Service that is managed by Google Service Management. |
|---|
| id | ManagedService |
|---|
| properties | | producerProjectId | | description | ID of the project that produces and owns this service. |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | The name of the service. See the [overview](https://cloud.google.com/service-infrastructure/docs/overview) for naming requirements. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Method | | description | Method represents a method of an API interface. |
|---|
| id | Method |
|---|
| properties | | name | | description | The simple name of this method. |
|---|
| type | string |
|---|
|
|---|
| options | | description | Any metadata attached to the method. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requestStreaming | | description | If true, the request is streamed. |
|---|
| type | boolean |
|---|
|
|---|
| requestTypeUrl | | description | A URL of the input message type. |
|---|
| type | string |
|---|
|
|---|
| responseStreaming | | description | If true, the response is streamed. |
|---|
| type | boolean |
|---|
|
|---|
| responseTypeUrl | | description | The URL of the output message type. |
|---|
| type | string |
|---|
|
|---|
| syntax | | description | The source syntax of this method. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
- SYNTAX_EDITIONS
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
- Syntax `editions`.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodPolicy | | description | Defines policies applying to an RPC method. |
|---|
| id | MethodPolicy |
|---|
| properties | | requestPolicies | | description | Policies that are applicable to the request message. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects a method to which these policies should be enforced, for example, "google.pubsub.v1.Subscriber.CreateSubscription". Refer to selector for syntax details. NOTE: This field must not be set in the proto annotation. It will be automatically filled by the service config compiler . |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodSettings | | description | Describes the generator configuration for a method. |
|---|
| id | MethodSettings |
|---|
| properties | | autoPopulatedFields | | description | List of top-level fields of the request message, that should be automatically populated by the client libraries based on their (google.api.field_info).format. Currently supported format: UUID4. Example of a YAML configuration: publishing: method_settings: - selector: google.example.v1.ExampleService.CreateExample auto_populated_fields: - request_id |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| longRunning | | $ref | LongRunning |
|---|
| description | Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_settings: - selector: google.cloud.speech.v2.Speech.BatchRecognize long_running: initial_poll_delay: 60s # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: 360s # 6 minutes total_poll_timeout: 54000s # 90 minutes |
|---|
|
|---|
| selector | | description | The fully qualified name of the method, for which the options below apply. This is used to find the method to apply the options. Example: publishing: method_settings: - selector: google.storage.control.v2.StorageControl.CreateFolder # method settings for CreateFolder... |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricDescriptor | | description | Defines a metric type and its schema. Once a metric descriptor is created, deleting or altering it stops data collection and makes the metric type's existing data unusable. |
|---|
| id | MetricDescriptor |
|---|
| properties | | description | | description | A detailed description of the metric, which can be used in documentation. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota. |
|---|
| type | string |
|---|
|
|---|
| labels | | description | The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| launchStage | | description | Optional. The launch stage of the metric definition. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| metadata | | $ref | MetricDescriptorMetadata |
|---|
| description | Optional. Metadata which can be used to guide usage of the metric. |
|---|
|
|---|
| metricKind | | description | Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported. |
|---|
| enum | - METRIC_KIND_UNSPECIFIED
- GAUGE
- DELTA
- CUMULATIVE
|
|---|
| enumDescriptions | - Do not use this default value.
- An instantaneous measurement of a value.
- The change in a value during a time interval.
- A value accumulated over a time interval. Cumulative measurements in a time series should have the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.
|
|---|
| type | string |
|---|
|
|---|
| monitoredResourceTypes | | description | Read-only. If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The resource name of the metric descriptor. |
|---|
| type | string |
|---|
|
|---|
| type | | description | The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" "appengine.googleapis.com/http/server/response_latencies" |
|---|
| type | string |
|---|
|
|---|
| unit | | description | The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component { "." Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, "new users per day" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new users). Alternatively, "thousands of page views per day" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean "5300 page views per day"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means "3 percent"). |
|---|
| type | string |
|---|
|
|---|
| valueType | | description | Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported. |
|---|
| enum | - VALUE_TYPE_UNSPECIFIED
- BOOL
- INT64
- DOUBLE
- STRING
- DISTRIBUTION
- MONEY
|
|---|
| enumDescriptions | - Do not use this default value.
- The value is a boolean. This value type can be used only if the metric kind is `GAUGE`.
- The value is a signed 64-bit integer.
- The value is a double precision floating point number.
- The value is a text string. This value type can be used only if the metric kind is `GAUGE`.
- The value is a `Distribution`.
- The value is money.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricDescriptorMetadata | | description | Additional annotations that can be used to guide the usage of a metric. |
|---|
| id | MetricDescriptorMetadata |
|---|
| properties | | ingestDelay | | description | The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| launchStage | | deprecated | True |
|---|
| description | Deprecated. Must use the MetricDescriptor.launch_stage instead. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| samplePeriod | | description | The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| timeSeriesResourceHierarchyLevel | | description | The scope of the timeseries data of the metric. |
|---|
| items | | enum | - TIME_SERIES_RESOURCE_HIERARCHY_LEVEL_UNSPECIFIED
- PROJECT
- ORGANIZATION
- FOLDER
|
|---|
| enumDescriptions | - Do not use this default value.
- Scopes a metric to a project.
- Scopes a metric to an organization.
- Scopes a metric to a folder.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricRule | | description | Bind API methods to metrics. Binding a method to a metric causes that metric's configured quota behaviors to apply to the method call. |
|---|
| id | MetricRule |
|---|
| properties | | metricCosts | | additionalProperties | |
|---|
| description | Metrics to update when the selected methods are called, and the associated cost applied to each metric. The key of the map is the metric name, and the values are the amount increased for the metric against which the quota limits are defined. The value must not be negative. |
|---|
| type | object |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Mixin | | description | Declares an API Interface to be included in this interface. The including interface must redeclare all the methods from the included interface, but documentation and options are inherited as follows: - If after comment and whitespace stripping, the documentation string of the redeclared method is empty, it will be inherited from the original method. - Each annotation belonging to the service config (http, visibility) which is not set in the redeclared method will be inherited. - If an http annotation is inherited, the path pattern will be modified as follows. Any version prefix will be replaced by the version of the including interface plus the root path if specified. Example of a simple mixin: package google.acl.v1; service AccessControl { // Get the underlying ACL object. rpc GetAcl(GetAclRequest) returns (Acl) { option (google.api.http).get = "/v1/{resource=**}:getAcl"; } } package google.storage.v2; service Storage { // rpc GetAcl(GetAclRequest) returns (Acl); // Get a data record. rpc GetData(GetDataRequest) returns (Data) { option (google.api.http).get = "/v2/{resource=**}"; } } Example of a mixin configuration: apis: - name: google.storage.v2.Storage mixins: - name: google.acl.v1.AccessControl The mixin construct implies that all methods in `AccessControl` are also declared with same name and request/response types in `Storage`. A documentation generator or annotation processor will see the effective `Storage.GetAcl` method after inheriting documentation and annotations as follows: service Storage { // Get the underlying ACL object. rpc GetAcl(GetAclRequest) returns (Acl) { option (google.api.http).get = "/v2/{resource=**}:getAcl"; } ... } Note how the version in the path pattern changed from `v1` to `v2`. If the `root` field in the mixin is specified, it should be a relative path under which inherited HTTP paths are placed. Example: apis: - name: google.storage.v2.Storage mixins: - name: google.acl.v1.AccessControl root: acls This implies the following inherited HTTP annotation: service Storage { // Get the underlying ACL object. rpc GetAcl(GetAclRequest) returns (Acl) { option (google.api.http).get = "/v2/acls/{resource=**}:getAcl"; } ... } |
|---|
| id | Mixin |
|---|
| properties | | name | | description | The fully qualified name of the interface which is included. |
|---|
| type | string |
|---|
|
|---|
| root | | description | If non-empty specifies a path under which inherited HTTP paths are rooted. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MonitoredResourceDescriptor | | description | An object that describes the schema of a MonitoredResource object using a type name and a set of labels. For example, the monitored resource descriptor for Google Compute Engine VM instances has a type of `"gce_instance"` and specifies the use of the labels `"instance_id"` and `"zone"` to identify particular VM instances. Different APIs can support different monitored resource types. APIs generally provide a `list` method that returns the monitored resource descriptors used by the API. |
|---|
| id | MonitoredResourceDescriptor |
|---|
| properties | | description | | description | Optional. A detailed description of the monitored resource type that might be used in documentation. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | Optional. A concise name for the monitored resource type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners. For example, `"Google Cloud SQL Database"`. |
|---|
| type | string |
|---|
|
|---|
| labels | | description | Required. A set of labels used to describe instances of this monitored resource type. For example, an individual Google Cloud SQL database is identified by values for the labels `"database_id"` and `"zone"`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| launchStage | | description | Optional. The launch stage of the monitored resource definition. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| name | | description | Optional. The resource name of the monitored resource descriptor: `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where {type} is the value of the `type` field in this object and {project_id} is a project ID that provides API-specific context for accessing the type. APIs that do not use project information can use the resource name format `"monitoredResourceDescriptors/{type}"`. |
|---|
| type | string |
|---|
|
|---|
| type | | description | Required. The monitored resource type. For example, the type `"cloudsql_database"` represents databases in Google Cloud SQL. For a list of types, see [Monitored resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Monitoring | | description | Monitoring configuration of the service. The example below shows how to configure monitored resources and metrics for monitoring. In the example, a monitored resource and two metrics are defined. The `library.googleapis.com/book/returned_count` metric is sent to both producer and consumer projects, whereas the `library.googleapis.com/book/num_overdue` metric is only sent to the consumer project. monitored_resources: - type: library.googleapis.com/Branch display_name: "Library Branch" description: "A branch of a library." launch_stage: GA labels: - key: resource_container description: "The Cloud container (ie. project id) for the Branch." - key: location description: "The location of the library branch." - key: branch_id description: "The id of the branch." metrics: - name: library.googleapis.com/book/returned_count display_name: "Books Returned" description: "The count of books that have been returned." launch_stage: GA metric_kind: DELTA value_type: INT64 unit: "1" labels: - key: customer_id description: "The id of the customer." - name: library.googleapis.com/book/num_overdue display_name: "Books Overdue" description: "The current number of overdue books." launch_stage: GA metric_kind: GAUGE value_type: INT64 unit: "1" labels: - key: customer_id description: "The id of the customer." monitoring: producer_destinations: - monitored_resource: library.googleapis.com/Branch metrics: - library.googleapis.com/book/returned_count consumer_destinations: - monitored_resource: library.googleapis.com/Branch metrics: - library.googleapis.com/book/returned_count - library.googleapis.com/book/num_overdue |
|---|
| id | Monitoring |
|---|
| properties | | consumerDestinations | | description | Monitoring configurations for sending metrics to the consumer project. There can be multiple consumer destinations. A monitored resource type may appear in multiple monitoring destinations if different aggregations are needed for different sets of metrics associated with that monitored resource type. A monitored resource and metric pair may only be used once in the Monitoring configuration. |
|---|
| items | | $ref | MonitoringDestination |
|---|
|
|---|
| type | array |
|---|
|
|---|
| producerDestinations | | description | Monitoring configurations for sending metrics to the producer project. There can be multiple producer destinations. A monitored resource type may appear in multiple monitoring destinations if different aggregations are needed for different sets of metrics associated with that monitored resource type. A monitored resource and metric pair may only be used once in the Monitoring configuration. |
|---|
| items | | $ref | MonitoringDestination |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MonitoringDestination | | description | Configuration of a specific monitoring destination (the producer project or the consumer project). |
|---|
| id | MonitoringDestination |
|---|
| properties | | metrics | | description | Types of the metrics to report to this monitoring destination. Each type must be defined in Service.metrics section. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| NodeSettings | | description | Settings for Node client libraries. |
|---|
| id | NodeSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OAuthRequirements | | description | OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf. OAuth scope specifications should be fairly coarse grained; a user will need to see and understand the text description of what your scope means. In most cases: use one or at most two OAuth scopes for an entire family of products. If your product has multiple APIs, you should probably be sharing the OAuth scope across all of those APIs. When you need finer grained OAuth consent screens: talk with your product management about how developers will use them in practice. Please note that even though each of the canonical scopes is enough for a request to be accepted and passed to the backend, a request can still fail due to the backend requiring additional scopes or permissions. |
|---|
| id | OAuthRequirements |
|---|
| properties | | canonicalScopes | | description | The list of publicly documented OAuth scopes that are allowed access. An OAuth token containing any of these scopes will be accepted. Example: canonical_scopes: https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.read |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Operation | | description | This resource represents a long-running operation that is the result of a network API call. |
|---|
| id | Operation |
|---|
| properties | | done | | description | If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. |
|---|
| type | boolean |
|---|
|
|---|
| error | | $ref | Status |
|---|
| description | The error result of the operation in case of failure or cancellation. |
|---|
|
|---|
| metadata | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. |
|---|
| type | object |
|---|
|
|---|
| name | | description | The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. |
|---|
| type | string |
|---|
|
|---|
| response | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OperationInfo | | description | A message representing the message types used by a long-running operation. Example: rpc Export(ExportRequest) returns (google.longrunning.Operation) { option (google.longrunning.operation_info) = { response_type: "ExportResponse" metadata_type: "ExportMetadata" }; } |
|---|
| id | OperationInfo |
|---|
| properties | | metadataType | | description | Required. The message name of the metadata type for this long-running operation. If the response is in a different package from the rpc, a fully-qualified message name must be used (e.g. `google.protobuf.Struct`). Note: Altering this value constitutes a breaking change. |
|---|
| type | string |
|---|
|
|---|
| responseType | | description | Required. The message name of the primary return type for this long-running operation. This type will be used to deserialize the LRO's response. If the response is in a different package from the rpc, a fully-qualified message name must be used (e.g. `google.protobuf.Struct`). Note: Altering this value constitutes a breaking change. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OperationMetadata | | description | The metadata associated with a long running operation resource. |
|---|
| id | OperationMetadata |
|---|
| properties | | progressPercentage | | description | Percentage of completion of this operation, ranging from 0 to 100. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| resourceNames | | description | The full name of the resources that this operation is directly associated with. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| startTime | | description | The start time of the operation. |
|---|
| format | google-datetime |
|---|
| type | string |
|---|
|
|---|
| steps | | description | Detailed status information for each step. The order is undetermined. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Option | | description | A protocol buffer option, which can be attached to a message, field, enumeration, etc. |
|---|
| id | Option |
|---|
| properties | | name | | description | The option's name. For protobuf built-in options (options defined in descriptor.proto), this is the short name. For example, `"map_entry"`. For custom options, it should be the fully-qualified name. For example, `"google.api.http"`. |
|---|
| type | string |
|---|
|
|---|
| value | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | The option's value packed in an Any message. If the value is a primitive, the corresponding wrapper type defined in google/protobuf/wrappers.proto should be used. If the value is an enum, it should be stored as an int32 value using the google.protobuf.Int32Value type. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Page | | description | Represents a documentation page. A page can contain subpages to represent nested documentation set structure. |
|---|
| id | Page |
|---|
| properties | | content | | description | The Markdown content of the page. You can use ```(== include {path} ==)``` to include content from a Markdown file. The content can be used to produce the documentation page such as HTML format page. |
|---|
| type | string |
|---|
|
|---|
| name | | description | The name of the page. It will be used as an identity of the page to generate URI of the page, text of the link to this page in navigation, etc. The full page name (start from the root page name to this page concatenated with `.`) can be used as reference to the page in your documentation. For example: pages: - name: Tutorial content: (== include tutorial.md ==) subpages: - name: Java content: (== include tutorial_java.md ==) You can reference `Java` page using Markdown reference link syntax: `Java`. |
|---|
| type | string |
|---|
|
|---|
| subpages | | description | Subpages of this page. The order of subpages specified here will be honored in the generated docset. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PhpSettings | | description | Settings for Php client libraries. |
|---|
| id | PhpSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Policy | | description | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). |
|---|
| id | Policy |
|---|
| properties | | auditConfigs | | description | Specifies cloud audit logging configuration for this policy. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| bindings | | description | Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| etag | | description | `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. |
|---|
| format | byte |
|---|
| type | string |
|---|
|
|---|
| version | | description | Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Publishing | | description | This message configures the settings for publishing [Google Cloud Client libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) generated from the service config. |
|---|
| id | Publishing |
|---|
| properties | | apiShortName | | description | Used as a tracking tag when collecting data about the APIs developer relations artifacts like docs, packages delivered to package managers, etc. Example: "speech". |
|---|
| type | string |
|---|
|
|---|
| codeownerGithubTeams | | description | GitHub teams to be added to CODEOWNERS in the directory in GitHub containing source code for the client libraries for this API. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| docTagPrefix | | description | A prefix used in sample code when demarking regions to be included in documentation. |
|---|
| type | string |
|---|
|
|---|
| documentationUri | | description | Link to product home page. Example: https://cloud.google.com/asset-inventory/docs/overview |
|---|
| type | string |
|---|
|
|---|
| githubLabel | | description | GitHub label to apply to issues and pull requests opened for this API. |
|---|
| type | string |
|---|
|
|---|
| librarySettings | | description | Client library settings. If the same version string appears multiple times in this list, then the last one wins. Settings from earlier settings with the same version string are discarded. |
|---|
| items | | $ref | ClientLibrarySettings |
|---|
|
|---|
| type | array |
|---|
|
|---|
| methodSettings | | description | A list of API method settings, e.g. the behavior for methods that use the long-running operation pattern. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| newIssueUri | | description | Link to a *public* URI where users can report issues. Example: https://issuetracker.google.com/issues/new?component=190865&template=1161103 |
|---|
| type | string |
|---|
|
|---|
| organization | | description | For whom the client library is being published. |
|---|
| enum | - CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED
- CLOUD
- ADS
- PHOTOS
- STREET_VIEW
- SHOPPING
- GEO
- GENERATIVE_AI
|
|---|
| enumDescriptions | - Not useful.
- Google Cloud Platform Org.
- Ads (Advertising) Org.
- Photos Org.
- Street View Org.
- Shopping Org.
- Geo Org.
- Generative AI - https://developers.generativeai.google
|
|---|
| type | string |
|---|
|
|---|
| protoReferenceDocumentationUri | | description | Optional link to proto reference documentation. Example: https://cloud.google.com/pubsub/lite/docs/reference/rpc |
|---|
| type | string |
|---|
|
|---|
| restReferenceDocumentationUri | | description | Optional link to REST reference documentation. Example: https://cloud.google.com/pubsub/lite/docs/reference/rest |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PythonSettings | | description | Settings for Python client libraries. |
|---|
| id | PythonSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
| experimentalFeatures | | $ref | ExperimentalFeatures |
|---|
| description | Experimental features to be included during client library generation. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Quota | | description | Quota configuration helps to achieve fairness and budgeting in service usage. The metric based quota configuration works this way: - The service configuration defines a set of metrics. - For API calls, the quota.metric_rules maps methods to metrics with corresponding costs. - The quota.limits defines limits on the metrics, which will be used for quota checks at runtime. An example quota configuration in yaml format: quota: limits: - name: apiWriteQpsPerProject metric: library.googleapis.com/write_calls unit: "1/min/{project}" # rate limit for consumer projects values: STANDARD: 10000 (The metric rules bind all methods to the read_calls metric, except for the UpdateBook and DeleteBook methods. These two methods are mapped to the write_calls metric, with the UpdateBook method consuming at twice rate as the DeleteBook method.) metric_rules: - selector: "*" metric_costs: library.googleapis.com/read_calls: 1 - selector: google.example.library.v1.LibraryService.UpdateBook metric_costs: library.googleapis.com/write_calls: 2 - selector: google.example.library.v1.LibraryService.DeleteBook metric_costs: library.googleapis.com/write_calls: 1 Corresponding Metric definition: metrics: - name: library.googleapis.com/read_calls display_name: Read requests metric_kind: DELTA value_type: INT64 - name: library.googleapis.com/write_calls display_name: Write requests metric_kind: DELTA value_type: INT64 |
|---|
| id | Quota |
|---|
| properties | | limits | | description | List of QuotaLimit definitions for the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metricRules | | description | List of MetricRule definitions, each one mapping a selected method to one or more metrics. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaLimit | | description | `QuotaLimit` defines a specific limit that applies over a specified duration for a limit type. There can be at most one limit for a duration and limit type combination defined within a `QuotaGroup`. |
|---|
| id | QuotaLimit |
|---|
| properties | | defaultLimit | | description | Default number of tokens that can be consumed during the specified duration. This is the number of tokens assigned when a client application developer activates the service for his/her project. Specifying a value of 0 will block all requests. This can be used if you are provisioning quota to selected consumers and blocking others. Similarly, a value of -1 will indicate an unlimited quota. No other negative values are allowed. Used by group-based quotas only. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| description | | description | Optional. User-visible, extended description for this quota limit. Should be used only when more context is needed to understand this limit than provided by the limit's display name (see: `display_name`). |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | User-visible display name for this limit. Optional. If not set, the UI will provide a default display name based on the quota configuration. This field can be used to override the default display name generated from the configuration. |
|---|
| type | string |
|---|
|
|---|
| duration | | description | Duration of this limit in textual notation. Must be "100s" or "1d". Used by group-based quotas only. |
|---|
| type | string |
|---|
|
|---|
| freeTier | | description | Free tier value displayed in the Developers Console for this limit. The free tier is the number of tokens that will be subtracted from the billed amount when billing is enabled. This field can only be set on a limit with duration "1d", in a billable group; it is invalid on any other limit. If this field is not set, it defaults to 0, indicating that there is no free tier for this service. Used by group-based quotas only. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| maxLimit | | description | Maximum number of tokens that can be consumed during the specified duration. Client application developers can override the default limit up to this maximum. If specified, this value cannot be set to a value less than the default limit. If not specified, it is set to the default limit. To allow clients to apply overrides with no upper bound, set this to -1, indicating unlimited maximum quota. Used by group-based quotas only. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| metric | | description | The name of the metric this quota limit applies to. The quota limits with the same metric will be checked together during runtime. The metric must be defined within the service config. |
|---|
| type | string |
|---|
|
|---|
| name | | description | Name of the quota limit. The name must be provided, and it must be unique within the service. The name can only include alphanumeric characters as well as '-'. The maximum length of the limit name is 64 characters. |
|---|
| type | string |
|---|
|
|---|
| unit | | description | Specify the unit of the quota limit. It uses the same syntax as MetricDescriptor.unit. The supported unit kinds are determined by the quota backend system. Here are some examples: * "1/min/{project}" for quota per minute per project. Note: the order of unit components is insignificant. The "1" at the beginning is required to follow the metric unit syntax. |
|---|
| type | string |
|---|
|
|---|
| values | | additionalProperties | |
|---|
| description | Tiered limit values. You must specify this as a key:value pair, with an integer value that is the maximum number of requests allowed for the specified unit. Currently only STANDARD is supported. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ResourceReference | | description | Defines a proto annotation that describes a string field that refers to an API resource. |
|---|
| id | ResourceReference |
|---|
| properties | | childType | | description | The resource type of a child collection that the annotated field references. This is useful for annotating the `parent` field that doesn't have a fixed resource type. Example: message ListLogEntriesRequest { string parent = 1 [(google.api.resource_reference) = { child_type: "logging.googleapis.com/LogEntry" }; } |
|---|
| type | string |
|---|
|
|---|
| type | | description | The resource type that the annotated field references. Example: message Subscription { string topic = 2 [(google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }]; } Occasionally, a field may reference an arbitrary resource. In this case, APIs use the special value * in their resource reference. Example: message GetIamPolicyRequest { string resource = 2 [(google.api.resource_reference) = { type: "*" }]; } |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Rollout | | description | A rollout resource that defines how service configuration versions are pushed to control plane systems. Typically, you create a new version of the service config, and then create a Rollout to push the service config. |
|---|
| id | Rollout |
|---|
| properties | | createTime | | description | Creation time of the rollout. Readonly. |
|---|
| format | google-datetime |
|---|
| type | string |
|---|
|
|---|
| createdBy | | description | The user who created the Rollout. Readonly. |
|---|
| type | string |
|---|
|
|---|
| deleteServiceStrategy | | $ref | DeleteServiceStrategy |
|---|
| description | The strategy associated with a rollout to delete a `ManagedService`. Readonly. |
|---|
|
|---|
| rolloutId | | description | Optional. Unique identifier of this Rollout. Must be no longer than 63 characters and only lower case letters, digits, '.', '_' and '-' are allowed. If not specified by client, the server will generate one. The generated id will have the form of , where "date" is the create date in ISO 8601 format. "revision number" is a monotonically increasing positive number that is reset every day for each service. An example of the generated rollout_id is '2016-02-16r1' |
|---|
| type | string |
|---|
|
|---|
| serviceName | | description | The name of the service associated with this Rollout. |
|---|
| type | string |
|---|
|
|---|
| status | | description | The status of this rollout. Readonly. In case of a failed rollout, the system will automatically rollback to the current Rollout version. Readonly. |
|---|
| enum | - ROLLOUT_STATUS_UNSPECIFIED
- IN_PROGRESS
- SUCCESS
- CANCELLED
- FAILED
- PENDING
- FAILED_ROLLED_BACK
|
|---|
| enumDescriptions | - No status specified.
- The Rollout is in progress.
- The Rollout has completed successfully.
- The Rollout has been cancelled. This can happen if you have overlapping Rollout pushes, and the previous ones will be cancelled.
- The Rollout has failed and the rollback attempt has failed too.
- The Rollout has not started yet and is pending for execution.
- The Rollout has failed and rolled back to the previous successful Rollout.
|
|---|
| type | string |
|---|
|
|---|
| trafficPercentStrategy | | $ref | TrafficPercentStrategy |
|---|
| description | Google Service Control selects service configurations based on traffic percentage. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RubySettings | | description | Settings for Ruby client libraries. |
|---|
| id | RubySettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SelectiveGapicGeneration | | description | This message is used to configure the generation of a subset of the RPCs in a service for client libraries. |
|---|
| id | SelectiveGapicGeneration |
|---|
| properties | | generateOmittedAsInternal | | description | Setting this to true indicates to the client generators that methods that would be excluded from the generation should instead be generated in a way that indicates these methods should not be consumed by end users. How this is expressed is up to individual language implementations to decide. Some examples may be: added annotations, obfuscated identifiers, or other language idiomatic patterns. |
|---|
| type | boolean |
|---|
|
|---|
| methods | | description | An allowlist of the fully qualified names of RPCs that should be included on public client surfaces. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Service | | description | `Service` is the root object of Google API service configuration (service config). It describes the basic information about a logical service, such as the service name and the user-facing title, and delegates other aspects to sub-sections. Each sub-section is either a proto message or a repeated proto message that configures a specific aspect, such as auth. For more information, see each proto message definition. Example: type: google.api.Service name: calendar.googleapis.com title: Google Calendar API apis: - name: google.calendar.v3.Calendar visibility: rules: - selector: "google.calendar.v3.*" restriction: PREVIEW backend: rules: - selector: "google.calendar.v3.*" address: calendar.example.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth |
|---|
| id | Service |
|---|
| properties | | apis | | description | A list of API interfaces exported by this service. Only the `name` field of the google.protobuf.Api needs to be provided by the configuration author, as the remaining fields will be derived from the IDL during the normalization process. It is an error to specify an API interface here which cannot be resolved against the associated IDL files. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| aspects | | description | Configuration aspects. This is a repeated field to allow multiple aspects to be configured. The kind field in each ConfigAspect specifies the type of aspect. The spec field contains the configuration for that aspect. The schema for the spec field is defined by the backend service owners. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| authentication | | $ref | Authentication |
|---|
| description | Auth configuration. |
|---|
|
|---|
| backend | | $ref | Backend |
|---|
| description | API backend configuration. |
|---|
|
|---|
| billing | | $ref | Billing |
|---|
| description | Billing configuration. |
|---|
|
|---|
| configVersion | | description | Obsolete. Do not use. This field has no semantic meaning. The service config compiler always sets this field to `3`. |
|---|
| format | uint32 |
|---|
| type | integer |
|---|
|
|---|
| context | | $ref | Context |
|---|
| description | Context configuration. |
|---|
|
|---|
| control | | $ref | Control |
|---|
| description | Configuration for the service control plane. |
|---|
|
|---|
| customError | | $ref | CustomError |
|---|
| description | Custom error configuration. |
|---|
|
|---|
| documentation | | $ref | Documentation |
|---|
| description | Additional API documentation. |
|---|
|
|---|
| endpoints | | description | Configuration for network endpoints. If this is empty, then an endpoint with the same name as the service is automatically generated to service all defined APIs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| enums | | description | A list of all enum types included in this API service. Enums referenced directly or indirectly by the `apis` are automatically included. Enums which are not referenced but shall be included should be listed here by name by the configuration author. Example: enums: - name: google.someapi.v1.SomeEnum |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| http | | $ref | Http |
|---|
| description | HTTP configuration. |
|---|
|
|---|
| id | | description | A unique ID for a specific instance of this message, typically assigned by the client for tracking purpose. Must be no longer than 63 characters and only lower case letters, digits, '.', '_' and '-' are allowed. If empty, the server may choose to generate one instead. |
|---|
| type | string |
|---|
|
|---|
| logging | | $ref | Logging |
|---|
| description | Logging configuration. |
|---|
|
|---|
| logs | | description | Defines the logs used by this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metrics | | description | Defines the metrics used by this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResources | | description | Defines the monitored resources used by this service. This is required by the Service.monitoring and Service.logging configurations. |
|---|
| items | | $ref | MonitoredResourceDescriptor |
|---|
|
|---|
| type | array |
|---|
|
|---|
| monitoring | | $ref | Monitoring |
|---|
| description | Monitoring configuration. |
|---|
|
|---|
| name | | description | The service name, which is a DNS-like logical identifier for the service, such as `calendar.googleapis.com`. The service name typically goes through DNS verification to make sure the owner of the service also owns the DNS name. |
|---|
| type | string |
|---|
|
|---|
| producerProjectId | | description | The Google project that owns this service. |
|---|
| type | string |
|---|
|
|---|
| publishing | | $ref | Publishing |
|---|
| description | Settings for [Google Cloud Client libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) generated from APIs defined as protocol buffers. |
|---|
|
|---|
| quota | | $ref | Quota |
|---|
| description | Quota configuration. |
|---|
|
|---|
| sourceInfo | | $ref | SourceInfo |
|---|
| description | Output only. The source information for this configuration if available. |
|---|
|
|---|
| systemParameters | | $ref | SystemParameters |
|---|
| description | System parameter configuration. |
|---|
|
|---|
| systemTypes | | description | A list of all proto message types included in this API service. It serves similar purpose as [google.api.Service.types], except that these types are not needed by user-defined APIs. Therefore, they will not show up in the generated discovery doc. This field should only be used to define system APIs in ESF. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| title | | description | The product title for this service, it is the name displayed in Google Cloud Console. |
|---|
| type | string |
|---|
|
|---|
| types | | description | A list of all proto message types included in this API service. Types referenced directly or indirectly by the `apis` are automatically included. Messages which are not referenced but shall be included, such as types used by the `google.protobuf.Any` type, should be listed here by name by the configuration author. Example: types: - name: google.protobuf.Int32 |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| usage | | $ref | Usage |
|---|
| description | Configuration controlling usage of this service. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SetIamPolicyRequest | | description | Request message for `SetIamPolicy` method. |
|---|
| id | SetIamPolicyRequest |
|---|
| properties | | policy | | $ref | Policy |
|---|
| description | REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them. |
|---|
|
|---|
| updateMask | | description | OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` |
|---|
| format | google-fieldmask |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SourceContext | | description | `SourceContext` represents information about the source of a protobuf element, like the file in which it is defined. |
|---|
| id | SourceContext |
|---|
| properties | | fileName | | description | The path-qualified name of the .proto file that contained the associated protobuf element. For example: `"google/protobuf/source_context.proto"`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SourceInfo | | description | Source information used to create a Service Config |
|---|
| id | SourceInfo |
|---|
| properties | | sourceFiles | | description | All files used during config generation. |
|---|
| items | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| type | object |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Status | | description | The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). |
|---|
| id | Status |
|---|
| properties | | code | | description | The status code, which should be an enum value of google.rpc.Code. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| details | | description | A list of messages that carry the error details. There is a common set of message types for APIs to use. |
|---|
| items | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| type | object |
|---|
|
|---|
| type | array |
|---|
|
|---|
| message | | description | A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Step | | description | Represents the status of one operation step. |
|---|
| id | Step |
|---|
| properties | | description | | description | The short description of the step. |
|---|
| type | string |
|---|
|
|---|
| status | | description | The status code. |
|---|
| enum | - STATUS_UNSPECIFIED
- DONE
- NOT_STARTED
- IN_PROGRESS
- FAILED
- CANCELLED
|
|---|
| enumDescriptions | - Unspecifed code.
- The operation or step has completed without errors.
- The operation or step has not started yet.
- The operation or step is in progress.
- The operation or step has completed with errors. If the operation is rollbackable, the rollback completed with errors too.
- The operation or step has completed with cancellation.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SubmitConfigSourceRequest | | description | Request message for SubmitConfigSource method. |
|---|
| id | SubmitConfigSourceRequest |
|---|
| properties | | configSource | | $ref | ConfigSource |
|---|
| description | Required. The source configuration for the service. |
|---|
|
|---|
| validateOnly | | description | Optional. If set, this will result in the generation of a `google.api.Service` configuration based on the `ConfigSource` provided, but the generated config and the sources will NOT be persisted. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SubmitConfigSourceResponse | | description | Response message for SubmitConfigSource method. |
|---|
| id | SubmitConfigSourceResponse |
|---|
| properties | | serviceConfig | | $ref | Service |
|---|
| description | The generated service configuration. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SystemParameter | | description | Define a parameter's name and location. The parameter may be passed as either an HTTP header or a URL query parameter, and if both are passed the behavior is implementation-dependent. |
|---|
| id | SystemParameter |
|---|
| properties | | httpHeader | | description | Define the HTTP header name to use for the parameter. It is case insensitive. |
|---|
| type | string |
|---|
|
|---|
| name | | description | Define the name of the parameter, such as "api_key" . It is case sensitive. |
|---|
| type | string |
|---|
|
|---|
| urlQueryParameter | | description | Define the URL query parameter name to use for the parameter. It is case sensitive. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SystemParameterRule | | description | Define a system parameter rule mapping system parameter definitions to methods. |
|---|
| id | SystemParameterRule |
|---|
| properties | | parameters | | description | Define parameters. Multiple names may be defined for a parameter. For a given method call, only one of them should be used. If multiple names are used the behavior is implementation-dependent. If none of the specified names are present the behavior is parameter-dependent. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SystemParameters | | description | ### System parameter configuration A system parameter is a special kind of parameter defined by the API system, not by an individual API. It is typically mapped to an HTTP header and/or a URL query parameter. This configuration specifies which methods change the names of the system parameters. |
|---|
| id | SystemParameters |
|---|
| properties | | rules | | description | Define system parameters. The parameters defined here will override the default parameters implemented by the system. If this field is missing from the service config, default system parameters will be used. Default system parameters and names is implementation-dependent. Example: define api key for all methods system_parameters rules: - selector: "*" parameters: - name: api_key url_query_parameter: api_key Example: define 2 api key names for a specific method. system_parameters rules: - selector: "/ListShelves" parameters: - name: api_key http_header: Api-Key1 - name: api_key http_header: Api-Key2 **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TestIamPermissionsRequest | | description | Request message for `TestIamPermissions` method. |
|---|
| id | TestIamPermissionsRequest |
|---|
| properties | | permissions | | description | The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TestIamPermissionsResponse | | description | Response message for `TestIamPermissions` method. |
|---|
| id | TestIamPermissionsResponse |
|---|
| properties | | permissions | | description | A subset of `TestPermissionsRequest.permissions` that the caller is allowed. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TrafficPercentStrategy | | description | Strategy that specifies how clients of Google Service Controller want to send traffic to use different config versions. This is generally used by API proxy to split traffic based on your configured percentage for each config version. One example of how to gradually rollout a new service configuration using this strategy: Day 1 Rollout { id: "example.googleapis.com/rollout_20160206" traffic_percent_strategy { percentages: { "example.googleapis.com/20160201": 70.00 "example.googleapis.com/20160206": 30.00 } } } Day 2 Rollout { id: "example.googleapis.com/rollout_20160207" traffic_percent_strategy: { percentages: { "example.googleapis.com/20160206": 100.00 } } } |
|---|
| id | TrafficPercentStrategy |
|---|
| properties | | percentages | | additionalProperties | |
|---|
| description | Maps service configuration IDs to their corresponding traffic percentage. Key is the service configuration ID, Value is the traffic percentage which must be greater than 0.0 and the sum must equal to 100.0. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Type | | description | A protocol buffer message type. |
|---|
| id | Type |
|---|
| properties | | edition | | description | The source edition string, only valid when syntax is SYNTAX_EDITIONS. |
|---|
| type | string |
|---|
|
|---|
| fields | | description | The list of fields. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The fully qualified message name. |
|---|
| type | string |
|---|
|
|---|
| oneofs | | description | The list of types appearing in `oneof` definitions in this type. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| options | | description | The protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sourceContext | | $ref | SourceContext |
|---|
| description | The source context. |
|---|
|
|---|
| syntax | | description | The source syntax. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
- SYNTAX_EDITIONS
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
- Syntax `editions`.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UndeleteServiceResponse | | description | Response message for UndeleteService method. |
|---|
| id | UndeleteServiceResponse |
|---|
| properties | | service | | $ref | ManagedService |
|---|
| description | Revived service resource. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Usage | | description | Configuration controlling usage of a service. |
|---|
| id | Usage |
|---|
| properties | | producerNotificationChannel | | description | The full resource name of a channel used for sending notifications to the service producer. Google Service Management currently only supports [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification channel. To use Google Cloud Pub/Sub as the channel, this must be the name of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format documented in https://cloud.google.com/pubsub/docs/overview. |
|---|
| type | string |
|---|
|
|---|
| requirements | | description | Requirements that must be satisfied before a consumer project can use the service. Each requirement is of the form /; for example 'serviceusage.googleapis.com/billing-enabled'. For Google APIs, a Terms of Service requirement must be included here. Google Cloud APIs must include "serviceusage.googleapis.com/tos/cloud". Other Google APIs should include "serviceusage.googleapis.com/tos/universal". Additional ToS can be included based on the business needs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of usage rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UsageRule | | description | Usage configuration rules for the service. |
|---|
| id | UsageRule |
|---|
| properties | | allowUnregisteredCalls | | description | Use this rule to configure unregistered calls for the service. Unregistered calls are calls that do not contain consumer project identity. (Example: calls that do not contain an API key). WARNING: By default, API methods do not allow unregistered calls, and each method call must be identified by a consumer project identity. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| skipServiceControl | | description | If true, the selected method should skip service control and the control plane features, such as quota and billing, will not be available. This flag is used by Google Cloud Endpoints to bypass checks for internal methods, such as service health check methods. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
|
|---|
| old_value | | AddTenantProjectRequest | | description | Request to add a newly created and configured tenant project to a tenancy unit. |
|---|
| id | AddTenantProjectRequest |
|---|
| properties | | projectConfig | | $ref | TenantProjectConfig |
|---|
| description | Configuration of the new tenant project to be added to tenancy unit resources. |
|---|
|
|---|
| tag | | description | Required. Tag of the added project. Must be less than 128 characters. Required. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AdminAccessControlConfig | | description | Admin Access Control (AAC) configuration -- see go/aac-platform. If you make any changes to this proto, please also ensure that the ADMIN binding order independence check in the Central Repo compiler accurately reflects default AAC behavior. LINT.IfChange(aac_proto_definition) |
|---|
| id | AdminAccessControlConfig |
|---|
| properties | | allowBreakGlass | | description | Break-glass access bypasses some restrictions in an emergency situation. This is useful when you can't wait for approvals or for production emergencies when the normal systems are unavailable. See go/rpcsp-key-terms#break-glass. This field is deprecated. Please use `allow_break_glass_access` to enable and configure break-glass access. |
|---|
| type | boolean |
|---|
|
|---|
| allowBreakGlassAccess | |
|---|
| baselineControls | | description | Controls to enforce by default for admin actions. Additional controls may be enforced (e.g., if `require_mpa` is set) and controls may be bypassed if break-glass is used and `allow_break_glass` is true. Only one of baseline_controls or default_requirements may be set. Neither being set is equivalent to setting BaselineControls to AUTOMATIC. |
|---|
| enum | - AUTOMATIC
- INPUT_PRESENCE
- BREAK_GLASS_ONLY
|
|---|
| enumDescriptions | - Standard baseline requirements, which may include some validation of tickets used as justifications and resolution of target resources. Named so because which controls ought to be applied is determined automatically. See "AUTOMATIC" policies at go/jvs-policies.
- Only ensures that justifications and targets are specified. See "INPUT_PRESENCE" at go/jvs-policies.
- Disallows all normal admin access, allowing only break-glass access enabled via `allow_break_glass_access`, which must also be set. See "BREAK_GLASS_ONLY" at go/jvs-policies.
|
|---|
| type | string |
|---|
|
|---|
| defaultRequirements | | description | Requirements to enforce by default for admin actions. Additional requirements may be enforced (e.g., if `require_mpa` is set) and requirements may be bypassed if break-glass is used and `allow_break_glass` is true. Deprecated in favor of baseline_controls. Only one of them may be set. Neither being set is equivalent to setting BaselineControls to AUTOMATIC. |
|---|
| enum | - AAC_BASELINE
- AAC_LEGACY
- INPUT_PRESENCE
- BREAK_GLASS_ONLY
|
|---|
| enumDescriptions | - Use BaselineControls.AUTOMATIC instead
- Use BaselineControls.AUTOMATIC instead
- Use BaselineControls.INPUT_PRESENCE instead
- Use BaselineControls.BREAK_GLASS_ONLY instead
|
|---|
| type | string |
|---|
|
|---|
| enforcement | | enum | - ADMIN_ACCESS_ENFORCEMENT_DEFAULT
- INPUT_PRESENCE_CHECKS_ONLY
|
|---|
| enumDescriptions | - Normal enforcement.
- Only enforces checks for the presence of structured inputs to authorization and Gin logging, namely justifications and target information/classification. See go/jvs-policies.
|
|---|
| type | string |
|---|
|
|---|
| ginLoggingFailureBehavior | | description | Allows for early opt-in to fail-closed Gin logging. All *ADMIN roles for the same endpoint should use the same setting for gin_logging_failure_behavior. This is a temporary field that will be removed after all services are migrated to fail-closed Gin logging by default (b/161436949). |
|---|
| enum | |
|---|
| enumDescriptions | - Defaults to fail open Gin logging behavior, i.e. the Gin log is written at the end of the request processing in a fire-and-forget manner. In the future, the default behavior will change to be fail-closed Gin logging, see b/161436949.
- When set, if the preliminary audit log issued during the admin check fails to write to Gin, the request will fail (when break-glass is not used). For information about fail-closed Gin logging, see go/fail-closed-audit-logging For more information about fail-closed Gin logging in the AAC Platform, see go/aac-fail-closed-gin-logging.
|
|---|
| type | string |
|---|
|
|---|
| requireMpa | | $ref | MultiPartyAuthorizationConfig |
|---|
| description | Configures Multi-party Authorization (MPA). Presence of this message will enable and configure per-request MPA through the AAC platform. The set of users that can perform MPA reviews is the union of all members of any MPA_REVIEWER_ADMIN role binding in a given endpoint. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AdminPolicy | | description | Configuration of the `mdb:admin-access-control` approver. See go/aac-platform-integration for more information. All administrative access must be attributable to a member of mdb/all-person-users in the general case where prod users perform only privileged access. |
|---|
| id | AdminPolicy |
|---|
| properties | | allowBreakGlassAccess | |
|---|
| baselineControls | | description | Requirements to enforce by default for admin actions. Additional requirements may be enforced (e.g., if `require_mpa` is set) and requirements may be bypassed if break-glass is used by a member of `emergency_admins`. Only one of baseline_controls or default_requirements may be set. Neither being set is equivalent to setting BaselineControls to AUTOMATIC. |
|---|
| enum | - AUTOMATIC
- INPUT_PRESENCE
- BREAK_GLASS_ONLY
|
|---|
| enumDescriptions | - Standard baseline requirements, which may include some validation of tickets used as justifications and resolution of target resources. Named so because which controls ought to be applied is determined automatically. See "AUTOMATIC" policies at go/jvs-policies.
- Only ensures that justifications and targets are specified. See "INPUT_PRESENCE" at go/jvs-policies.
- Disallows all normal admin access, allowing only break-glass access enabled via `allow_break_glass_access`, which must also be set. See "BREAK_GLASS_ONLY" at go/jvs-policies. Not yet implemented (see b/215396544).
|
|---|
| type | string |
|---|
|
|---|
| defaultRequirements | | description | Requirements to enforce by default for admin actions. Additional requirements may be enforced (e.g., if `require_mpa` is set) and requirements may be bypassed if break-glass is used by a member of `emergency_admins`. Deprecated in favor of baseline_controls. Only one of them may be set. Neither being set is equivalent to setting BaselineControls to AUTOMATIC. |
|---|
| enum | - AAC_BASELINE
- AAC_LEGACY
- INPUT_PRESENCE
- BREAK_GLASS_ONLY
|
|---|
| enumDescriptions | - Use BaselineControls.AUTOMATIC instead
- Use BaselineControls.AUTOMATIC instead
- Use BaselineControls.INPUT_PRESENCE instead
- Use BaselineControls.BREAK_GLASS_ONLY instead
|
|---|
| type | string |
|---|
|
|---|
| disableImplicitPersonLogging | | description | If true, then Gin logging applies only when triggered by explicit LOG rules in the policy or by the AAC approver. Otherwise, Gin logging is triggered in any case where a prod person-user's authority applies, including denied requests. |
|---|
| type | boolean |
|---|
|
|---|
| emergencyAdmins | | description | Break-glass access can only be exercised if 1. the access matches this field (via AUTHORITY *or* ATTRIBUTION, see go/dpci-faq#attribution), *and* 2. access is also granted access via an ALLOW rule. Entries in this field should be in the same form as go/rpcsp-reference-guide#Rule.in For how to break glass, see go/how-to-break-glass. Break-glass will bypass justification and other access requirement checking (such as go/assurant), and so it is inherently unsafe and should only be used in an emergency. See go/should-i-break-glass. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| enableFailClosedGinLogging | | description | If true, then adds an additional requirement of fail-closed Gin logging to an authorized action when break-glass is not used. IMPORTANT: This currently only applies to Local IAM (including all authentication checks); it has no effect for Cloud IAM. |
|---|
| type | boolean |
|---|
|
|---|
| enforcement | | enum | - DEFAULT_ENFORCEMENT
- NO_ADMIN_ACCESS
- DRY_RUN
- INPUT_PRESENCE_CHECKS_ONLY
|
|---|
| enumDescriptions | - Applies normal controls.
- Denies all admin access. The emergency_admins field will not grant access in this case, and so should not be set. This should be used to distinguish mappings that don't allow any admin access from other mappings that do.
- Performs and records all admin access checks, but does not enforce them. This should be used in mappings that wish to test admin controls without enforcing the result. See go/aac-platform-integration for guidance on how to use this.
- WARNING: Currently not implemented. See b/187508097. Only enforces checks for the presence of structured inputs to authorization and Gin logging, namely justifications and target information/classification. See go/jvs-policies.
|
|---|
| type | string |
|---|
|
|---|
| policyValidationLevel | | enum | - DEFAULT_VALIDATION
- RELAXED_VALIDATION
|
|---|
| enumDescriptions | - Safest option, where all safety checks are performed.
- Some checks are relaxed. In particular, - the standard AAC DENY rule will be allowed to specify a list of permissions other than '*'. - the presence of the standard AAC DENY rule in system_authorization_policy will not require an admin clause in each mapping (missing admin clause => admin access denied) - an impersonation_policy will not require the standard AAC DENY rule when the mapping contains the admin clause
|
|---|
| type | string |
|---|
|
|---|
| requireMpa | | $ref | MultiPartyAuthorizationConfigV1 |
|---|
| description | Configures Multi-party Authorization (MPA). Presence of this message will enable and configure per-request MPA through the AAC platform. See go/aac-advanced-controls#mpa. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AdvancedServiceConfig | | description | `AdvancedServiceConfig` defines advanced configuration for Envelope Server Framework. |
|---|
| id | AdvancedServiceConfig |
|---|
| properties | | batch | | $ref | BatchConfig |
|---|
| description | Configurations for batch requests/response. |
|---|
|
|---|
| chemistCache | | $ref | CacheConfig |
|---|
| description | Configuration for the cache of Chemist check results. |
|---|
|
|---|
| chemistConfig | | $ref | ChemistConfig |
|---|
| description | Chemist configuration to enable Chemist features. |
|---|
|
|---|
| jwtCache | | $ref | CacheConfig |
|---|
| description | Cache config for Firebase JWT token. |
|---|
|
|---|
| messageLimitsRules | | description | A list of configuration rules for message payload limits. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| oauthCache | | $ref | CacheConfig |
|---|
| description | Advanced cache configuration for oauth_cache. |
|---|
|
|---|
| quota | | $ref | QuotaConfig |
|---|
| description | Advanced quota configuration. |
|---|
|
|---|
| quotaCache | | $ref | CacheConfig |
|---|
| description | DEPRECATED. Do not use. Advanced cache configuration of QuotaWrapper check results. |
|---|
|
|---|
| quotaRules | | description | DEPRECATED. Do not use. A list of extended configuration rules for quota. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| renameRules | | description | TO BE DEPRECATED. Do not use if you can use the [Backend.RenameRule] instead. Track deprecation in go/legacy-rename-rules-audit. A list of configuration rules for renaming methods. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| translatorConfig | | description | A list of configuration rules for request/response translators. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| ubermintConfig | | $ref | UbermintConfig |
|---|
| description | Ubermint configurations. |
|---|
|
|---|
| usageManagerCache | | $ref | CacheConfig |
|---|
| description | Configuration for the cache of UsageManager check results. |
|---|
|
|---|
| usageManagerRules | | description | A list of configuration rules for usage manager. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| webchannelConfig | | description | A list of configuration rules for webchannel. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Analytics | | description | Analytics configuration of the service. The example below shows how to configure monitored resources and metrics for analytics. In the example, a monitored resource and two metrics are defined. The `library.googleapis.com/book/returned_count` and `library.googleapis.com/book/overdue_count` metric are sent to the analytics. monitored_resources: - type: library.googleapis.com/branch labels: - key: /city description: The city where the library branch is located in. - key: /name description: The name of the branch. metrics: - name: library.googleapis.com/book/returned_count metric_kind: DELTA value_type: INT64 labels: - key: /customer_id - name: library.googleapis.com/book/overdue_count metric_kind: GAUGE value_type: INT64 labels: - key: /customer_id analytics: producer_destinations: - monitored_resource: library.googleapis.com/branch metrics: - library.googleapis.com/book/returned_count - library.googleapis.com/book/overdue_count |
|---|
| id | Analytics |
|---|
| properties | | producerDestinations | | description | Analytics configurations for sending metrics to the analytics backend. There can be multiple producer destinations, each one must have a different monitored resource type. A metric can be used in at most one producer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of analytics rules that apply to individual API methods. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AnalyticsConfig | | description | Analytics configuration of the service. The example below shows how to configure monitored resources and metrics for analytics. In the example, a monitored resource and two metrics are defined. The `library.googleapis.com/book/returned_count` and `library.googleapis.com/book/overdue_count` metric are sent to the analytics. monitored_resources: - type: library.googleapis.com/branch labels: - key: /city description: The city where the library branch is located in. - key: /name description: The name of the branch. metrics: - name: library.googleapis.com/book/returned_count metric_kind: DELTA value_type: INT64 labels: - key: /customer_id - name: library.googleapis.com/book/overdue_count metric_kind: GAUGE value_type: INT64 labels: - key: /customer_id analytics: destinations: - monitored_resource: library.googleapis.com/branch metrics: - library.googleapis.com/book/returned_count - library.googleapis.com/book/overdue_count |
|---|
| id | AnalyticsConfig |
|---|
| properties | | dataTier | | description | A data tier of the output dataset. It is applied to the output dataset when it is created. This field is not effective if the output dataset is already created. The mapping from the data tier to the corresponding ACLs is defined in the go/cloud-permissions-map. Follow go/cloud-data-access to request the read permission to your output tables. |
|---|
| type | string |
|---|
|
|---|
| description | | description | A user friendly description of the analytics data being reported. It is applied to the output dataset when it is created. This field is not effective if the output dataset is already created. |
|---|
| type | string |
|---|
|
|---|
| destinations | | description | Analytics configurations for sending metrics to the analytics backend. There can be multiple destinations, each one must have a different monitored resource type. A metric can be used in at most one destination. |
|---|
| items | | $ref | AnalyticsConfigDestination |
|---|
|
|---|
| type | array |
|---|
|
|---|
| retentionAndBackfillPolicy | | $ref | RetentionBackfillPolicy |
|---|
| description | The retention and backfill policy of the output tables. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AnalyticsConfigDestination | | description | Configuration of a specific analytics destination. |
|---|
| id | AnalyticsConfigDestination |
|---|
| properties | | metrics | | description | Names of the metrics to report to this analytics destination. Each name must be defined in Service.metrics section. Metrics with value type BOOL and STRING must be of GUAGE kind, metrics with value type INT64, DOUBLE and MONEY must be of DELTA kind. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AnalyticsDestination | | description | Configuration of a specific analytics destination. |
|---|
| id | AnalyticsDestination |
|---|
| properties | | metrics | | description | Names of the metrics to report to this analytics destination. Each name must be defined in Service.metrics section. Metrics with value type BOOL and STRING must be of GUAGE kind, metrics with value type INT64, DOUBLE and MONEY must be of DELTA kind. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AnalyticsRule | | description | Analytics rules for the service. In the example below, sampling is enabled for google.library.v1.Get. Only 40% requests to this API method will report API analytics metric to Chemist. analytics: rules: - selector: google.library.v1.Get sampling_configuration: enable_sampling: true sampling_ratio: 0.4 |
|---|
| id | AnalyticsRule |
|---|
| properties | | businessIntelligence | | $ref | BusinessIntelligenceConfig |
|---|
| description | Defines the business intelligence configuration for Concord. |
|---|
|
|---|
| samplingConfiguration | | $ref | AnalyticsSamplingConfiguration |
|---|
| description | Defines the sampling configuration for selected APIs. |
|---|
|
|---|
| selector | | description | Selects the operation names to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AnalyticsSamplingConfiguration | | description | Defines the downsampling ratios for API methods. Downsampling only applies to default API analytics metrics. |
|---|
| id | AnalyticsSamplingConfiguration |
|---|
| properties | | enableSampling | | description | By default, sampling is disabled. |
|---|
| type | boolean |
|---|
|
|---|
| samplingRatio | | description | Downsampling ratio for selected API methods. This value is only meaningful when enable_sampling is true. When specified, this value should fall in [0.0, 1.0], where 0.0 means no request of selected API methods will report API analytics metrics and 1.0 means all requests will report API analytics metrics. The precision of ratio is 0.001. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Api | | description | Api is a light-weight descriptor for an API Interface. Interfaces are also described as "protocol buffer services" in some contexts, such as by the "service" keyword in a .proto file, but they are different from API Services, which represent a concrete implementation of an interface as opposed to simply a description of methods and bindings. They are also sometimes simply referred to as "APIs" in other contexts, such as the name of this message itself. See https://cloud.google.com/apis/design/glossary for detailed terminology. |
|---|
| id | Api |
|---|
| properties | | methods | | description | The methods of this interface, in unspecified order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| mixins | | description | Included interfaces. See Mixin. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The fully qualified name of this interface, including package name followed by the interface's simple name. |
|---|
| type | string |
|---|
|
|---|
| options | | description | Any metadata attached to the interface. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sourceContext | | $ref | SourceContext |
|---|
| description | Source context for the protocol buffer service represented by this message. |
|---|
|
|---|
| syntax | | description | The source syntax of the service. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
|
|---|
| type | string |
|---|
|
|---|
| version | | description | A version string for this interface. If specified, must have the form `major-version.minor-version`, as in `1.10`. If the minor version is omitted, it defaults to zero. If the entire version field is empty, the major version is derived from the package name, as outlined below. If the field is not empty, the version in the package name will be verified to be consistent with what is provided here. The versioning schema uses [semantic versioning](http://semver.org) where the major version number indicates a breaking change and the minor version an additive, non-breaking change. Both version numbers are signals to users what to expect from different versions, and should be carefully chosen based on the product plan. The major version is also reflected in the package name of the interface, which must end in `v`, as in `google.feature.v1`. For major versions 0 and 1, the suffix can be omitted. Zero major versions must only be used for experimental, non-GA interfaces. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ApplicationAuthorizationCheckCondition | | id | ApplicationAuthorizationCheckCondition |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| ApplyTenantProjectConfigRequest | | description | Request to apply configuration to an existing tenant project. |
|---|
| id | ApplyTenantProjectConfigRequest |
|---|
| properties | | projectConfig | | $ref | TenantProjectConfig |
|---|
| description | Configuration that should be applied to the existing tenant project. |
|---|
|
|---|
| tag | | description | Required. Tag of the project. Must be less than 128 characters. Required. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AreaUnderCurveParams | | description | AreaUnderCurveParams groups the metrics relevant to generating duration based metric from base (snapshot) metric and delta (change) metric. The generated metric has two dimensions: resource usage metric and the duration the metric applies. Essentially the generated metric is the Area Under Curve(AUC) of the "duration - resource" usage curve. This AUC metric is readily applicable to billing since "billable resource usage" depends on resource usage and duration of the resource used. A service config may contain multiple resources and corresponding metrics. AreaUnderCurveParams groups the relevant ones: which snapshot_metric and change_metric are used to produce which generated_metric. |
|---|
| id | AreaUnderCurveParams |
|---|
| properties | | aggregationLabels | | description | Labels that uniquely identify and group snapshot_metrics for AUC aggregation into a generated_metric. Labels in this list must be a subset of labels on the snapshot_metric and the monitored resource labels of the metric. These labels identify a set of unique labels for AUC aggregation versus labels that represent updates to the resource. The updates generate a stream of AUC usage. When metric labels not in this list change, the current stream ends and a new stream is created with the new label values. Modifying this list changes how AUC is calculated by splitting usage based on the new identifiers. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| changeMetric | | description | Change of resource usage at a particular timestamp. This should a DELTA metric. Currently unused. |
|---|
| type | string |
|---|
|
|---|
| generatedMetric | | description | Metric generated from snapshot_metric and change_metric. Labels on this metric need to match labels on the snapshot_metric and must be defined under the same monitored_resource. This should be a DELTA metric. |
|---|
| type | string |
|---|
|
|---|
| snapshotMetric | | description | Total usage of a resource at a particular timestamp. This should be a GAUGE metric. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AttachTenantProjectRequest | | description | Request to attach an existing project to the tenancy unit as a new tenant resource. |
|---|
| id | AttachTenantProjectRequest |
|---|
| properties | | externalResource | | description | When attaching an external project, this is in the format of `projects/{project_number}`. |
|---|
| type | string |
|---|
|
|---|
| reservedResource | | description | When attaching a reserved project already in tenancy units, this is the tag of a tenant resource under the tenancy unit for the managed service's service producer project. The reserved tenant resource must be in an active state. |
|---|
| type | string |
|---|
|
|---|
| tag | | description | Required. Tag of the tenant resource after attachment. Must be less than 128 characters. Required. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuditConfig | | description | Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. |
|---|
| id | AuditConfig |
|---|
| properties | | auditLogConfigs | | description | The configuration for logging of each type of permission. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| service | | description | Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuditLogConfig | | description | Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. |
|---|
| id | AuditLogConfig |
|---|
| properties | | exemptedMembers | | description | Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| ignoreChildExemptions | |
|---|
| logType | | description | The log type that this config enables. |
|---|
| enum | - LOG_TYPE_UNSPECIFIED
- ADMIN_READ
- DATA_WRITE
- DATA_READ
|
|---|
| enumDescriptions | - Default case. Should never be this.
- Admin reads. Example: CloudIAM getIamPolicy
- Data writes. Example: CloudSQL Users create
- Data reads. Example: CloudSQL Users list
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Auditing | | description | `Auditing` defines the configurations on preparing audit log records for services to integrate with audit logging service. |
|---|
| id | Auditing |
|---|
| properties | | labels | | additionalProperties | |
|---|
| description | Additional labels to configure auditing logging behavior. |
|---|
| type | object |
|---|
|
|---|
| rules | | description | A list of audit rules for configuring the audit logging behavior. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuditingConfig | | id | AuditingConfig |
|---|
| properties | | auditing | | $ref | Auditing |
|---|
| description | Configuration information indicating how to populate top-level and (optionally) specific request and response fields in Gin (DataAccessLogProto) logs. This field is required when specifying a data_access{} log_config in AUTOMATIC_IAM mode, or when using the security::data_access::PopulateFrom{Request,Response} libraries or equivalents. It is recommended in all other cases, to achieve high-quality Gin logging without the need for application-level code to manage or populate Gin logs. See go/auto-gin for how to specify auditing configurations using proto field annotations and AuditingRules. AuditingRules may be optionally specified to supplement or override those specified in annotations to the request and response protos. The following labels must be set: gin.googleprod.com/accessing_process_name Example: labels { key: "gin.googleprod.com/accessing_process_name" value: "process-name" } rules { // Override/supplement annotations on MyRequestProto selector: "package.name.MyRequestProto.inner_field.*" directive: "AUDIT" } |
|---|
|
|---|
| http | | $ref | HttpExtractionRules |
|---|
| description | Configuration for administrative access for HTTP endpoints. Defines how to extract metadata (e.g. justification, resource, auditing) from HTTP requests. DO NOT USE - Implementation in progress (b/264686491). |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuditingRule | | description | An auditing rule provides auditing configuration for an individual API element. |
|---|
| id | AuditingRule |
|---|
| properties | | directive | | description | List of audit directives (comma separated) to apply to this rule. Currently following values are supported: - **AUDIT**: The value of this field should be logged during Cloud audit logging. If this field is one of following message types: - google.protobuf.DoubleValue - google.protobuf.FloatValue - google.protobuf.Int64Value - google.protobuf.UInt64Value - google.protobuf.Int32Value - google.protobuf.UInt32Value - google.protobuf.BoolValue - google.protobuf.StringValue - google.protobuf.BytesValue - google.protobuf.Timestamp - google.protobuf.Duration - google.protobuf.FieldMask - google.type.Color - google.type.Date - google.type.Expr - google.type.LatLng - google.type.Money - google.type.TimeOfDay - google.api.MonitoredResource then the whole message content of this field will be logged, provided all parent fields in its path have AUDIT annotations. For fields with other message types, only message content (that is, nested fields) with the "AUDIT" directive will be logged. . - **AUDIT_EXEMPTED**: Applied to API method only. Explicitly indicating both request and response are exempted from auditing. Note that a Cloud Audit Log will still be generated. - **AUDIT_OPT**: (Deprecated as of 2017/12/07) This is essentially the same as `AUDIT` but only applies to API methods with "AUDIT_OPT" as well. The value of this field will only be logged iff the API method is also configured as "AUDIT_OPT". . - **AUDIT_REDACT**: Indicating a singular message type field, if set, will be preserved but all its nested fields will be scrubbed away during cloud audit logging. If needed, use wrappers in google/protobuf/wrappers.proto for primitive (non-message) type for redaction purpose. - **AUDIT_REQUEST_AND_RESPONSE**: Applied to API method only. Indicating both request and response messages will be audited. - **AUDIT_REQUEST_ONLY**: Applied to API method only. Indicating that only request message will be audited. - **AUDIT_SIZE**: The size of the repeated field will be used to set the number of response items during Cloud audit logging . It should only be applied to repeated field which represents the returned data from a List or Query API method annotated with AUDIT_REQUEST_AND_RESPONSE. Note: for each method's response message, you could have at most one field annotated with AUDIT_SIZE. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects fields or methods where this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthProvider | | description | Configuration for an authentication provider, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). |
|---|
| id | AuthProvider |
|---|
| properties | | audiences | | description | The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences: - "https://[service.name]/[google.protobuf.Api.name]" - "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService - https://library-example.googleapis.com/ Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com |
|---|
| type | string |
|---|
|
|---|
| authorizationUrl | | description | Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec. |
|---|
| type | string |
|---|
|
|---|
| id | | description | The unique identifier of the auth provider. It will be referred to by `AuthRequirement.provider_id`. Example: "bookstore_auth". |
|---|
| type | string |
|---|
|
|---|
| issuer | | description | Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com |
|---|
| type | string |
|---|
|
|---|
| jwksUri | | description | URL of the provider's public key set to validate signature of the JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). Optional if the key set document: - can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs |
|---|
| type | string |
|---|
|
|---|
| jwtLocations | | description | Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations: - header: Authorization value_prefix: "Bearer " - header: x-goog-iap-jwt-assertion - query: access_token |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthRequirement | | description | User-defined authentication requirements, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). |
|---|
| id | AuthRequirement |
|---|
| properties | | audiences | | description | NOTE: This will be deprecated soon, once AuthProvider.audiences is implemented and accepted in all the runtime components. The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://Service_name/API_name" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com |
|---|
| type | string |
|---|
|
|---|
| providerId | | description | id from authentication provider. Example: provider_id: bookstore_auth |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Authentication | | description | `Authentication` defines the authentication configuration for API methods provided by an API service. Example: name: calendar.googleapis.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth - selector: google.calendar.Delegate oauth: canonical_scopes: https://www.googleapis.com/auth/calendar.read |
|---|
| id | Authentication |
|---|
| properties | | enableMtls | | description | Device Certificate Authentication (aka., DCA-auth or mTLS-auth) enhances the security of Google APIs for clients by incorporating the status of client device certificate in API authentication and authorization. To use DCA-auth, an API request should be sent to DCA-auth API endpoints. If this flag is true, the service enables DCA-Auth and the API_SERVICE build rule will automatically generate DCA-auth API endpoints. Currently, DCA-auth takes effect for a One Platform service, only after the service has completed integration for VPC-SC, because the policy enforcement based on device certificate status is done through VPC-SC at the current project phase of DCA-auth. API Launch Checker will verify that this flag can only be set true for a list of services that have integrated with VPCSC. If this flag is false, an API request sent to an DCA-auth API endpoint will be rejected by One Platform with canonical error code UNIMPLEMENTED. |
|---|
| type | boolean |
|---|
|
|---|
| environment | | description | Environment of UberMint service. |
|---|
| type | string |
|---|
|
|---|
| gaiaService | | description | Gaia service that this API belongs to. If this API is part of a Gaia service that Dasher administrators can disable, you must set this field. Otherwise leave it empty (see also [here](https://support.google.com/a/answer/182442?hl=en)). If in doubt, contact the Gaia team (see [here](https://sites.google.com/a/google.com/gaia/Home/integrating-with-gaia/getting-started-with-gaia/create-a-new-gaia-service)). Example: gaia_service: cl |
|---|
| type | string |
|---|
|
|---|
| peerDelegationMode | | description | Indicates which mode is set for the ESF peer delegation behavior. Please refer to the comments on the `PeerDelegationMode` message for more detailed usage. Once the `--enable_esf_delegation` flag is retired, ESF will treat the `peer_delegation_mode` value as ENABLED unless it's set to DISABLED. |
|---|
| enum | - MODE_UNSPECIFIED
- ENABLED
- DISABLED
|
|---|
| enumDescriptions | - Indicates that the esf delegation behavior will be dependent on the `--enable_esf_delegation` flag until the flag's retirement.
- Enables ESF to set the delegated role and send the client's credential to the backend.
- Disables ESF from setting the delegated role or sending the client's credential to the backend. Setting to this value is discouraged, as it is provided only for migration purposes.
|
|---|
| type | string |
|---|
|
|---|
| providers | | description | Defines a set of authentication providers that a service supports. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of authentication rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthenticationConfig | | id | AuthenticationConfig |
|---|
| properties | | additionalUbermintPlatforms | | description | Accept UberMints issued for the specified platforms. SANDBOX, CLOUD and DEVICE are supported, LEGACY_GAIA and FITBIT are experimental; other platforms are unsupported and will cause a policy validation error. To enable Cloud UberMints (of both old and new formats), include CLOUD in the platforms list. |
|---|
| items | | enum | - PLATFORM_UNSPECIFIED
- SANDBOX
- CLOUD
- DEVICE
- SANDCASTLE
- LEGACY_GAIA
- PROD_ACCOUNT
- FITBIT
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| defaultAnonymousMode | | description | Default Anonymous Mode for resolving the authority of incoming requests that have no EUCs attached. When true, incoming requests that have no EUCs (or empty EUC proto) will result in the creation of an anonymous security context. NOTE: Use caution when changing this value in a policy that is already being enforced. Unlike most other RpcSecurityPolicy elements, changing this field can affect not just whether a request is accepted or rejected by RpcSecurityPolicy, but also the identity that appears in the security context (and thus the behavior of the application code that inspects it). |
|---|
| type | boolean |
|---|
|
|---|
| thinmintControl | | description | Describe the behavior when a request has an attached ThinMint. |
|---|
| enum | - UNSPECIFIED
- IGNORED
- FORWARDED
- CONSUMED
|
|---|
| enumDescriptions | - Will default to IGNORED
- The ThinMint will be ignored and not impact the policy enforcement. TODO(b/214033237) Document further once implemented
- TODO(b/214033237) Document once implemented
- TODO(b/214033237) Document once implemented
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthenticationMethods | | description | Determines the way RpcSecurityPolicy authenticates identity. Cloud UberMints can be accepted by either setting cloud_ubermint.mode = ENABLED or by including CLOUD in ubermint.platforms. Prefer using ubermint.platforms. |
|---|
| id | AuthenticationMethods |
|---|
| properties | | cloudUbermint | | $ref | CloudUberMintConfig |
|---|
| description | Config for Cloud UberMint. By default, Cloud UberMint will be rejected with UNAUTHENTICATED error. |
|---|
|
|---|
| ubermint | | $ref | UberMintConfig |
|---|
| description | Config for Central UberMint. By default no Central UberMints will be accepted. |
|---|
|
|---|
| useDefaultMethods | | description | Default authentication methods includes LOAS, GaiaMint and DAT. Required, and must be set to true. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthenticationPolicy | | description | Policy determining how clients can authenticate. This policy only controls how the service determines whose authority a given request carries. Whether that authority is sufficient for the request is determined through subsequent authorization checks. The credentials 'environment' (determining whether prod or test credentials are accepted) is set outside of this policy, typically via --rpc_security_policy_env. |
|---|
| id | AuthenticationPolicy |
|---|
| properties | | authenticationMethods | | $ref | AuthenticationMethods |
|---|
| description | Determines the way RpcSecurityPolicy authenticates identity. By default, supported authentication methods, which will be used when this field is not set, are `LOAS`, `GaiaMint` and `DAT`. Since these default authentication methods are sufficient for most of the common use cases, the majority of services do not need to set this field. |
|---|
|
|---|
| credsPolicy | | $ref | Policy |
|---|
| description | IAM Policy determining types of credentials that clients can use. The following permissions are supported in this policy: 'auth.creds.useLOAS' Can authenticate directly using LOAS, without a separate signed authenticator. By default the authority is that of the peer (client) user, possibly attenuated through a provided authority selector. Clients with useLOAS permission are always allowed to assert their own prod identity (asserted_user=mdbuser/) or to assert anonymous access (access_assertion=ANONYMOUS). If a different asserted user is provided, this must be permitted under the impersonation_policy. This permission also accepts a normal user EUC or prod user EUC where the original EUC was obtained by the client user using only its LOAS credentials (e.g., a GaiaMint for the client's robot account, a GaiaMint obtained by the client via go/prod-corp-mint-exchange or go/per-user-service-trust, or a DAT obtained on the client's authority). This does not apply to cases where a frontend obtained a DAT using the client user's SSO ticket. As always, when EUC is present, the request authority used for authorization checks is determined by the EUC, and may not match the client's LOAS identity. 'auth.creds.useNormalUserEUC' Can present credentials provided by an end user (external Gaia user) or make anonymous access. Supported credentials include - a GaiaMint obtained from a Gaia cookie, OAuth token, or via go/prod-corp-mint-exchange, - a TransactDAT obtained from such a GaiaMint, - an UberMint (if allowed by `AuthenticationMethods`), - child-impersonation credentials (go/unimint) obtained in exchange for a parent's normal-user EUC, or - EUC containing only access_assertion: ANONYMOUS. The authority is that of the end user from the EUC, or anonymous authority in the last case. 'auth.creds.useProdUserEUC' Can present credentials conveying the authority of an internal @prod.google.com user (MDB user), such as - An "all targets" DAT obtained by a prod user (the DAT requester is the authenticated user, and the Tonic policy is used as an authority selector -- see go/tonic-migration). - An MDB-user TransactDAT obtained from Tonic either by the user directly or by a service forwarding that user's SSO ticket. - An impersonation DAT obtained from Tonic, a GaiaMint obtained from such a DAT, an all-targets DAT with EUC asserted_user set, or a service trust mint obtained per a user's trust grant record. In these cases, the impersonation must be permitted by the impersonation_policy. 'auth.creds.useEnterpriseAdminEUC' Can present EnterpriseDATs (go/enterprise-dat) and GaiaMints obtained from such DATs. Note that the 'auth.creds.useNormalUserEUC' permission does not apply to such credentials. Wildcard permission ('*', 'auth.creds.*') may be used in LOG and DENY rules only. |
|---|
|
|---|
| defaultAnonymousMode | | description | Default Anonymous Mode for resolving the authority of incoming requests that have no EUCs attached. When true, incoming requests that have no EUCs (or empty EUC proto) will result in the creation of an anonymous security context. NOTE: Use caution when changing this value in a policy that is already being enforced. Unlike most other RpcSecurityPolicy elements, changing this field can affect not just whether a request is accepted or rejected by RpcSecurityPolicy, but also the identity that appears in the security context (and thus the behavior of the application code that inspects it). |
|---|
| type | boolean |
|---|
|
|---|
| impersonationPolicy | | $ref | Policy |
|---|
| description | IAM Policy for user impersonation. This policy is consulted in addition to the creds_policy check, when the presented EndUserCreds represent impersonation. The authority under which the impersonation is requested is checked against the policy. No one (even the current user) has impersonation privileges by default. The following permissions are supported in this policy: 'auth.impersonation.impersonateNormalUser' Can impersonate an end user (external Gaia user). For example: - EndUserCreds 'asserted_user' with no authenticator. - EndUserCreds 'asserted_user' with an "all targets" DAT. - A single-user DAT or GaiaMint obtained through an impersonation (non-TRANSACTION) Tonic policy. In the first case, the peer is checked against the policy. In the Tonic-based cases, the authority corresponding to the DAT requester and Tonic policy is checked (see go/tonic-migration). 'auth.impersonation.impersonateProdUser' Similar to auth.impersonation.impersonateNormalUser, but used when the impersonation target is an internal @prod.google.com user (MDB user). If the permission check succeeds, the request is given the authority of the impersonated user (with any associated iam_attributes from EndUserCreds). See rpc_security_policy.proto for usage examples. Wildcard permission ('*', 'auth.impersonation.*') may be used in LOG and DENY rules only. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthenticationRule | | description | Authentication rules for the service. By default, if a method has any authentication requirements, every request must include a valid credential matching one of the requirements. It's an error to include more than one kind of credential in a single request. If a method doesn't have any auth requirements, request credentials will be ignored. |
|---|
| id | AuthenticationRule |
|---|
| properties | | allowAuthServerFailOpen | | description | If enabled, the service treats Gaia backend unavailable the same way as it would treat requests with no credentials at all. Otherwise, requests will be rejected with 403--the default behavior. NOTE: You must set `allow_without_credential` to true when enabling this option. See also go/esf-auth-fail-open. tl;dr a request when Gaia backend is unavailable should be regarded as signed out from Identity's perspective. This auth fail open option currently only applies to First Party Auth and OAuth, and is allowed on a case by case basis. Please reach out to api-auth@ and esf-team@ before you enable this option. |
|---|
| type | boolean |
|---|
|
|---|
| allowWithoutCredential | | description | If true, the service accepts API keys without any other credential. This flag only applies to HTTP and gRPC requests. |
|---|
| type | boolean |
|---|
|
|---|
| basicAuth | | $ref | BasicAuthRequirements |
|---|
| description | The requirements for Basic HTTP Authentication (RFC 7617) WARNING! WARNING! WARNING! Basic HTTP Authentication is only supported for migrating Apiary services whom have active Basic HTTP Authentication clients. This feature is not supported for new service development. Those wishing to use this feature should contact g/api-auth & g/api-migration for approval and allowlisting. WARNING! WARNING! WARNING! |
|---|
|
|---|
| browserFirstPartyAuth | | $ref | BrowserFirstPartyAuthRequirements |
|---|
| description | The requirements for browser first party authentication. See http://go/api-session-cookie for details. |
|---|
|
|---|
| endUserCreds | | $ref | EndUserCredsRequirements |
|---|
| description | The requirements for end user credentials. Note that `end_user_creds` MUST NOT be set when `use_rpc_security_policy` is set to `DELEGATED` in the same AuthenticationRule. NOTE: this feature is deprecated by RpcSecurityPolicy. Please see go/api-auth for currently recommended auth config. |
|---|
|
|---|
| loas | | $ref | LoasRequirements |
|---|
| description | Requirements for using LOAS auth. One use of this setting is for ESF to use the GaiaID-only LOAS identity from Direct Path (go/direct-path, go/esf-direct-path). DO NOT USE. DO NOT USE. DO NOT USE. This feature is under development. Consult api-auth@ before using, otherwise your service will likely be broken. |
|---|
|
|---|
| oauth | | $ref | OAuthRequirements |
|---|
| description | The requirements for OAuth credentials. |
|---|
|
|---|
| requirements | | description | Requirements for additional authentication providers. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| uberMint | | $ref | UberMintRequirements |
|---|
| description | Use Cloud UberMint service for authentication. This option is only allowed for Google Cloud APIs. |
|---|
|
|---|
| uberproxyAuth | | $ref | UberProxyAuthRequirements |
|---|
| description | Requirements for using UberProxy Auth (Signed UpTick) to obtain a TransactDAT via Tonic (Data Access) service for authentication. This option is only allowed for Corp APIs behind and protected by UberProxy. [User Guide](http://go/use-uberproxy-auth). Contact: go/api-support and use YAQS tag:corp-api. |
|---|
|
|---|
| useRpcSecurityPolicy | | description | [User Guide](http://go/op-rpcsecuritypolicy-user-guide) Indicates in which mode RpcSecurityPolicy will be used for authentication. See more details at the comments on the RpcSecurityPolicyMode enum. Note that `end_user_creds` MUST NOT be set when `use_rpc_security_policy` is set to `DELEGATED` in the same AuthenticationRule. |
|---|
| enum | - DISABLED
- DELEGATED
- CLOUD_POLICY_ENFORCEMENT
|
|---|
| enumDescriptions | - Disables RpcSecurityPolicy for authentication.
- Indicates that the backend will enforce RpcSecurityPolicy and get the authenticated user's identity only from the SecurityContext. The backend's RpcSecurityPolicy MUST NOT include `trust_esf_authentication`, but the backend MUST apply `--rpc_proxy_whitelist=:*`. In this mode, for requests with external credentials such as OAuth tokens and Gaia cookies, ESF exchanges the external credentials for internal credentials (EUC). Then ESF forwards any incoming internal credentials or exchanged internal credentials to the backend. ESF relays the LOAS peer identity to the backend using Stubby delegation (go/rpcdelegation). NOTE: ESF will not send UnifiedAuthResponse or InternalIAMIdentity to backend.
- Enables Cloud Policy Enforcement, ESF will enforce RpcSecurityPolicy and get the authenticated user's identity only from SecurityContext. In this mode, the RpcSecurityPolicy enforcer inside ESF imports the configured IAM, ORG, CAL and GIN policies and performs the required checks/auditing. For each request, ESF generates an EUC that contains servicecontrol token (if any) and all other security attributes associated with the request for enforcer to enforce. See http://go/cpe-sig on how to use this mode.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthorizationConfig | | description | Configuration of authorization. This section determines the authorization provider, if unspecified, then no authorization check will be done. Example: experimental: authorization: provider: firebaserules.googleapis.com |
|---|
| id | AuthorizationConfig |
|---|
| properties | | provider | | description | The name of the authorization provider, such as firebaserules.googleapis.com. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthorizationLoggingOptions | | description | Authorization-related information used by Cloud Audit Logging. |
|---|
| id | AuthorizationLoggingOptions |
|---|
| properties | | permissionType | | description | The type of the permission that was checked. |
|---|
| enum | - PERMISSION_TYPE_UNSPECIFIED
- ADMIN_READ
- ADMIN_WRITE
- DATA_READ
- DATA_WRITE
|
|---|
| enumDescriptions | - Default. Should not be used.
- A read of admin (meta) data.
- A write of admin (meta) data.
- A read of standard data.
- A write of standard data.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthorizationMethod | | description | Describes an authorization method. |
|---|
| id | AuthorizationMethod |
|---|
| properties | | ccfeAuthorizationAlreadyDone | | $ref | CcfeAuthorizationAlreadyDone |
|---|
|
|---|
| cloudIam | |
|---|
| custom | |
|---|
| delegated | |
|---|
| localIam | |
|---|
| zanzibar | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| AuthorizationRule | | description | Authorization rule for API services. It specifies the permission(s) required for an API element for the overall API request to succeed. It is typically used to mark request message fields that contain the name of the resource and indicates the permissions that will be checked on that resource. For example: package google.storage.v1; message CopyObjectRequest { string source = 1 [ (google.api.authz).permissions = "storage.objects.get"]; string destination = 2 [ (google.api.authz).permissions = "storage.objects.create,storage.objects.update"]; } |
|---|
| id | AuthorizationRule |
|---|
| properties | | permissions | | description | The required permissions. The acceptable values vary depend on the authorization system used. For Google APIs, it should be a comma-separated Google IAM permission values. When multiple permissions are listed, the semantics is not defined by the system. Additional documentation must be provided manually. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the API elements to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| AvailabilityCriteria | | description | Future parameters for the availability SLI of synchronous APIs. |
|---|
| id | AvailabilityCriteria |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Backend | | description | `Backend` defines the backend configuration for a service. |
|---|
| id | Backend |
|---|
| properties | | renameRules | | description | A list of method renaming rules for ESF's calls to the backend service. The package, the service and the method can all be renamed. The backend server should implement the renamed proto. However, clients should call the original method, and ESF routes the traffic to the renamed method. HTTP clients should call the URL mapped to the original method. gRPC and Stubby clients should call the original method with package name. The `selector` field is a standard OP selector that matches against fully qualified method names. If the `rename_to` is specified with a trailing `.*`, the `selector` strings in that rule must all be specified with a trailing `.*`. All name components matched by the `.*` in the selector will be preserved and substituted for the `.*` in the `rename_to`. For example, rename_rules: - selector: |- google.example.library.v1.*, google.example.library.v1beta.*, rename_to: google.example.library.v1alpha.* The selector matches `google.example.library.v1.Library.CreateShelf` and `google.example.library.v1beta.Library.CreateBook`, they will be renamed to `google.example.library.Library.v1alpha.CreateShelf` and `google.example.library.Library.v1alpha.CreateBook`. It essentially renames the proto package name section of the matched proto service and methods. **NOTE:** All service configuration rules follow "last one wins" order. **WARNING:** This setting is fully supported by ESF but is not yet fully supported by backend frameworks. Refer to go/legacy-rename-rules-audit for the latest status on unifying support with existing legacy rename rules (advanced.experimental.rename_rules) use cases. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of API backend rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BackendOptions | | description | Details of GFE <-> backend (AFE) communication. |
|---|
| id | BackendOptions |
|---|
| properties | | backendResponsiveness | | description | Affects how long the GFE will wait for the backend to respond and how long will a backend connection stay alive without any socket events on it. |
|---|
| enum | - BACKEND_RESPONSIVENESS_DEFAULT
- BACKEND_RESPONSIVENESS_FAST
- BACKEND_RESPONSIVENESS_MEDIUM
- BACKEND_RESPONSIVENESS_SLOW
|
|---|
| enumDescriptions | - Defaults to FAST.
- Default, fast and reasonably small responses. Order of 10-20 ms to compute the response and drop it on the wire.
- Choose for moderately responsive servers. Order of 50-150 ms to compute the request and drop it on the wire.
- Choose for long tail very expensive or data heavy requests/responses and/or high rate of dangling GETs.
|
|---|
| type | string |
|---|
|
|---|
| healthzString | | description | Determines the URL used by the GFE to healthcheck the backend. Please see go/healthz-string for whether your service need custom healthz_string. If empty, it defaults to /healthz: backend.hostname/healthz If starts with /, it is considered complete and used as follows: backend.hostname Otherwise, it is used as follows: backend.hostname/healthz? |
|---|
| type | string |
|---|
|
|---|
| maxConnections | | description | Number of connections between the GFE and the backend. |
|---|
| enum | - MAX_CONNECTIONS_DEFAULT
- MAX_CONNECTIONS_LOW
- MAX_CONNECTIONS_MEDIUM
- MAX_CONNECTIONS_HIGH
|
|---|
| enumDescriptions | - Defaults to HIGH.
- Order of 10 per GFE core.
- Order of 1000 per GFE core.
- All that a GFE core can handle.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BackendProtoTranslation | | description | Configuration for converting between backend protos and the frontend protos using templates and TEX. See go/esf-tex for details. Frontend proto is the proto that is generated by ESF from incoming input (e.g. HTTP/JSON) using go/proto3-json-spec. This proto is very close in structure and naming to the external input. Backend proto is the proto expected by the backend. It's structure and naming can be very different than the frontend proto (and by implication, external input). The frontend and backend protos are one and the same, by definition, for regular One Platform services. However, for some One Platform services that migrated from Apiary, they are different to account for the fact that Apiary templates allowed far more powerful tranformations between external input and protos than is possible by go/proto3-json-spec. To migrate such an Apiary API to One Platform, we first define a (static) "frontend proto" that ESF can translate external input into. Then we use TEX and templates to convert that frontend proto to the "backend proto" expected by the formerly Apiary backend. The templates used by TEX are slightly modified versions of the templates used by the original Apiary API. This scheme is described in detail in go/esf-tex. Example: backend_proto_translation: templates: - name: method1RequestParamTemplate info: json: path: template1.jsont assignment_direction: FRONTEND_TO_BACKEND xml: path: template1.xmlt assignment_direction: FRONTEND_TO_BACKEND - name: method1RequestBodyTemplate info: json: path: template2.jsont assignment_direction: BACKEND_TO_FRONTEND xml: path: template2.xmlt assignment_direction: BACKEND_TO_FRONTEND - name: method1ResponseBodyTemplate info: json: path: template3.jsont assignment_direction: BACKEND_TO_FRONTEND xml: path: template3.xmlt assignment_direction: BACKEND_TO_FRONTEND - name: method1ResponseHeaderTemplate info: json: path: template4.jsont assignment_direction: BACKEND_TO_FRONTEND xml: path: template4.xmlt assignment_direction: BACKEND_TO_FRONTEND - name: method1RequestParamTemplateV2 info: json: path: v2/template1.jsont assignment_direction: FRONTEND_TO_BACKEND xml: path: v2/template1.xmlt assignment_direction: FRONTEND_TO_BACKEND rules: - selector: google.myservice.v1.myapi.Method1 request_templates: - template: method1RequestParamTemplate args: - frontendRequest - context - template: method1RequestBodyTemplate args: - backendRequest.child response_templates: - template: method1ResponseBodyTemplate args: - backendResponse - selector: google.myservice.v2.myapi.Method1 request_templates: - template: method1RequestParamTemplateV2 args: - frontendRequest - context ... |
|---|
| id | BackendProtoTranslation |
|---|
| properties | | rules | | description | Association of methods to the root templates that need to be invoked on request and response flows for translating between frontend and backend protos. |
|---|
| items | | $ref | BackendProtoTranslationRule |
|---|
|
|---|
| type | array |
|---|
|
|---|
| templates | | description | References to root level templates. A "root template" is a template that is invoked directly from the `rules` section. Templates imported by these root templates need not be listed here. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BackendProtoTranslationRule | | description | Specifies the templates to apply for the request and response flows to convert between frontend and backend protos. |
|---|
| id | BackendProtoTranslationRule |
|---|
| properties | | enablePartialResponse | | description | Enables Apiary's partial response ('fields' query param) template processing in TEX. ESF provides most of the compatibility with Apiary partial response when 'use_apiary_fields_parameter_syntax' is set to true. However, some complex and infrequently used partial response patterns are not supported by ESF (see b//168769065#comment1). Use TEX for handling such cases. Normally if partial response is enabled in TEX, MigrationRule -> ignore_field_mask should also be set to true since the field mask string should only be processed once. |
|---|
| type | boolean |
|---|
|
|---|
| requestTemplates | | description | The template to apply to frontend proto to obtain the backend proto. If more than one template is specified, the results are merged to get the final backend proto. Any conflicts during the merge results in an error; in other words, we do not override values during the merge. So, the producer should ensure that the templates listed here do no set value for the same backend proto field. This is a repeated list rather than a singular value since Apiary historically used two templates to transform requests: * The first template mapped parameters (path, query, context) into proto. This template was always specified inline in the Apiary config files under the `backendRequest` stanza rather than specified as a template file. * The second template mapped HTTP payload to backend proto and was listed in the `body` config stanza. This template was specified as a source file. During migration, we create a template source file for even the first one and list both templates here. If writing a new method, it is okay to use just one template to map frontend proto request to backend proto request. See http://google3/java/com/google/api/server/config/parser/templates/method.jsont?l=640-653&rcl=210029283 and http://google3/java/com/google/api/server/config/parser/templates/method.jsont?l=597-604&rcl=210029283 for the Apiary documentation of `backendRequest` and request `body`, respectively. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| responseTemplates | | description | The template to apply to backend proto to obtain the frontend proto. Analogous to `request_templates`. It is listed as `repeated` type only for consistency; there is no historical tradition or migration need for it. It is okay to use just one template to map backend proto to frontend proto. See http://google3/java/com/google/api/server/config/parser/templates/method.jsont?l=660-667&rcl=210029283 for the Apiary documentation of response `body` which this field is functionally equivalent to. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Method selector. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BackendRule | | description | A backend rule provides configuration for an individual API element. |
|---|
| id | BackendRule |
|---|
| properties | | address | | description | The address of the API backend. The scheme is used to determine the backend protocol and security. The following schemes are accepted: SCHEME PROTOCOL SECURITY http:// HTTP None https:// HTTP TLS grpc:// gRPC None grpcs:// gRPC TLS It is recommended to explicitly include a scheme. Leaving out the scheme may cause constrasting behaviors across platforms. If the port is unspecified, the default is: - 80 for schemes without TLS - 443 for schemes with TLS For HTTP backends, use protocol to specify the protocol version. |
|---|
| type | string |
|---|
|
|---|
| deadline | | description | The number of seconds to wait for a response from a request. The default varies based on the request protocol and deployment environment. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| disableAuth | | description | When disable_auth is true, a JWT ID token won't be generated and the original "Authorization" HTTP header will be preserved. If the header is used to carry the original token and is expected by the backend, this field must be set to true to preserve the header. |
|---|
| type | boolean |
|---|
|
|---|
| jwtAudience | | description | The JWT audience is used when generating a JWT ID token for the backend. This ID token will be added in the HTTP "authorization" header, and sent to the backend. |
|---|
| type | string |
|---|
|
|---|
| minDeadline | | description | Deprecated, do not use. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| operationDeadline | | description | The number of seconds to wait for the completion of a long running operation. The default is no deadline. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| overridesByRequestProtocol | | additionalProperties | |
|---|
| description | The map between request protocol and the backend address. |
|---|
| type | object |
|---|
|
|---|
| pathTranslation | | enum | - PATH_TRANSLATION_UNSPECIFIED
- CONSTANT_ADDRESS
- APPEND_PATH_TO_ADDRESS
|
|---|
| enumDescriptions | - Use the backend address as-is, with no modification to the path. If the URL pattern contains variables, the variable names and values will be appended to the query string. If a query string parameter and a URL pattern variable have the same name, this may result in duplicate keys in the query string. # Examples Given the following operation config: Method path: /api/company/{cid}/user/{uid} Backend address: https://example.cloudfunctions.net/getUser Requests to the following request paths will call the backend at the translated path: Request path: /api/company/widgetworks/user/johndoe Translated: https://example.cloudfunctions.net/getUser?cid=widgetworks&uid=johndoe Request path: /api/company/widgetworks/user/johndoe?timezone=EST Translated: https://example.cloudfunctions.net/getUser?timezone=EST&cid=widgetworks&uid=johndoe
- The request path will be appended to the backend address. # Examples Given the following operation config: Method path: /api/company/{cid}/user/{uid} Backend address: https://example.appspot.com Requests to the following request paths will call the backend at the translated path: Request path: /api/company/widgetworks/user/johndoe Translated: https://example.appspot.com/api/company/widgetworks/user/johndoe Request path: /api/company/widgetworks/user/johndoe?timezone=EST Translated: https://example.appspot.com/api/company/widgetworks/user/johndoe?timezone=EST
|
|---|
| type | string |
|---|
|
|---|
| protocol | | description | The protocol used for sending a request to the backend. The supported values are "http/1.1" and "h2". The default value is inferred from the scheme in the address field: SCHEME PROTOCOL http:// http/1.1 https:// http/1.1 grpc:// h2 grpcs:// h2 For secure HTTP backends (https://) that support HTTP/2, set this field to "h2" for improved performance. Configuring this field to non-default values is only supported for secure HTTP backends. This field will be ignored for all other backends. See https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids for more details on the supported values. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BasicAuthRequirements | | description | Basic HTTP Authentication (RFC 7617) is supported in a limited whitelist-only basis. This scheme is not considered to be a secure method of user authentication unless used in conjunction with some external secure system such as TLS, (Transport Layer Security) as the user-id and password are passed over the network as cleartext. WARNING! WARNING! WARNING! Basic HTTP Authentication is only supported for migrating Apiary services whom have active Basic HTTP Authentication clients. This feature is not supported for new service development. Those wishing to use this feature should contact g/api-auth & g/api-migration for approval and whitelisting. WARNING! WARNING! WARNING! Example of an API that wants to accept basic auth: name: caldav.googleapis.com authentication: rules: - selector: "*" basic_auth: scope_codes: API_CL |
|---|
| id | BasicAuthRequirements |
|---|
| properties | | enableProgrammaticClientToken | | description | Enable programmatic client ID tokens. A client-provided device identifying token for purposes of risk analysis. Reach out to api-auth@ before enabling this feature. |
|---|
| type | boolean |
|---|
|
|---|
| scopeCodes | | description | The list of GaiaMint scopes that will be part of the resulting GaiaMint. Example: scope_codes: API_CL, API_CL_READONLY |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BatchConfig | | description | Configurations for batch requests. inner_request_count_limit is the maximum number of requests packed in one batch request. outer_request_size_limit is enforced on the batch request payload received from the client. By default, or if a limit value is smaller or equals to 0, the limit is disabled. Example: experimental: advanced: batch: inner_request_count_limit: 50 outer_request_size_limit: 1024000 When request payload exceeds its configured limit, the request fails with INVALID_ARGUMENT rpc status which is mapped to HTTP BAD REQUEST (400). |
|---|
| id | BatchConfig |
|---|
| properties | | innerRequestCountLimit | | description | The maximum number of single requests packed in the batch request. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| outerRequestSizeLimit | | description | The maximum number of bytes allowed in the batch request payload received from client. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Billing | | description | Billing related configuration of the service. The following example shows how to configure monitored resources and metrics for billing, `consumer_destinations` is the only supported destination and the monitored resources need at least one label key `cloud.googleapis.com/location` to indicate the location of the billing usage, using different monitored resources between monitoring and billing is recommended so they can be evolved independently: monitored_resources: - type: library.googleapis.com/billing_branch labels: - key: cloud.googleapis.com/location description: | Predefined label to support billing location restriction. - key: city description: | Custom label to define the city where the library branch is located in. - key: name description: Custom label to define the name of the library branch. metrics: - name: library.googleapis.com/book/borrowed_count metric_kind: DELTA value_type: INT64 unit: "1" billing: consumer_destinations: - monitored_resource: library.googleapis.com/billing_branch metrics: - library.googleapis.com/book/borrowed_count |
|---|
| id | Billing |
|---|
| properties | | areaUnderCurveParams | | description | Per resource grouping for delta billing based resource configs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| billingServiceName | | description | Service name used to send to cloud billing. It is used to test the production service (e.g. logging.googleapis.com) price model using staging/test service (e.g. staging-logging.sandbox.googleapis.com) usage. To avoid possible mistakes, this feature is disabled in production. |
|---|
| type | string |
|---|
|
|---|
| consumerDestinations | | description | Billing configurations for sending metrics to the consumer project. There can be multiple consumer destinations per service, each one must have a different monitored resource type. A metric can be used in at most one consumer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metrics | | description | Names of the metrics to report to billing. Each name must be defined in Service.metrics section. **NOTE:** Define monitored resources in Service.monitored_resources section and use Billing.consumer_destinations is the recommended way to configure billing. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of billing rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BillingConfig | | description | Describes the billing configuration for a new tenant project. |
|---|
| id | BillingConfig |
|---|
| properties | | billingAccount | | description | Name of the billing account. For example `billingAccounts/012345-567890-ABCDEF`. |
|---|
| type | string |
|---|
|
|---|
| billingAccountGroup | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| BillingDestination | | description | Configuration of a specific billing destination (Currently only support bill against consumer project). |
|---|
| id | BillingDestination |
|---|
| properties | | metrics | | description | Names of the metrics to report to this billing destination. Each name must be defined in Service.metrics section. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BillingStatusRule | | description | Defines the billing status requirements for operations. When used with [Service Control API](https://cloud.google.com/service-control/), the following statuses are supported: - **current**: the associated billing account is up to date and capable of paying for resource usages. - **delinquent**: the associated billing account has a correctable problem, such as late payment. Mostly services should only allow `current` status when serving requests. In addition, services can choose to allow both `current` and `delinquent` statuses when serving read-only requests to resources. If the list of allowed_statuses is empty, it means no billing requirement. |
|---|
| id | BillingStatusRule |
|---|
| properties | | allowedStatuses | | description | Allowed billing statuses. The billing status check passes if the actual billing status matches any of the provided values here. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| flags | | description | List of flags (comma-separated) controls how billing state rule is enforced. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the operation names to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Binding | | description | Associates `members`, or principals, with a `role`. |
|---|
| id | Binding |
|---|
| properties | | bindingId | |
|---|
| condition | | $ref | Expr |
|---|
| description | The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
|---|
|
|---|
| members | | description | Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| role | | description | Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BindingCondition | | description | A condition that must be satisfied for a binding to apply. |
|---|
| id | BindingCondition |
|---|
| properties | | applicationAuthorizationCheck | | $ref | ApplicationAuthorizationCheckCondition |
|---|
| description | Indicates that access granted by this binding is conditional on an additional fine-grained authorization check performed in application code. This condition always evaluates to "true", but it will cause a LocalAuthorization check the request handler performs against the "mapped permission" to return "false" (privileged access not granted), which normally triggers a fine-grained authorization check. This supports transition from RpcSecurityPolicy 1.0. |
|---|
|
|---|
| description | | description | Informational string which can be displayed in the policy and error messages. |
|---|
| type | string |
|---|
|
|---|
| excludeInsecureUsers | | $ref | ExcludeInsecureUsersCondition |
|---|
| description | Exclude a list of prod users |
|---|
|
|---|
| impersonationTarget | | $ref | ImpersonationTargetCondition |
|---|
| description | Restricts which users can be impersonated. This condition is only applicable to the bindings of impersonator roles (e.g., IMPERSONATOR_ADMIN or IMPERSONATOR_SYSTEM). |
|---|
|
|---|
| peerSecurityRealm | | $ref | PeerSecurityRealmCondition |
|---|
| description | Restricts the security realm of the peer sending the RPC. |
|---|
|
|---|
| peerUser | | $ref | PeerUserCondition |
|---|
| description | Restricts the peer identities which can be used with the binding. |
|---|
|
|---|
| primaryPeerUser | | $ref | PeerUserCondition |
|---|
| description | Restricts the identity of the primary peer that can be used with the binding. When Stubby delegation is in use, primary_peer_user refers to the identity before delegation is applied, whereas peer_user refers to the identity after delegation is applied. When Stubby delegation is not in use, primary_peer_user matches the same peer as peer_user. |
|---|
|
|---|
| userAttribution | | $ref | UserAttributionCondition |
|---|
| description | Restricts the user attribution. |
|---|
|
|---|
| zanzibarAuthorizationCheck | | $ref | ZanzibarAuthorizationCheckCondition |
|---|
| description | This field is expected to be used only in EndpointPolicy in services using Apps Framework or Scaffolding. Indicates that access granted by this binding is conditional on an additional Zanzibar authorization check configured in Apps Framework (go/af-authorization#zanzibarauthz) using the ZanzibarAuthorizationCheck annotation, or in Scaffolding using ZaznibarAuthorizationModule (go/scaffolding-auth#zanzibar). If the corresponding endpoint uses this authorization method, you should specify this condition in your policy (as of 2021Q2, this is only enforced by Apps Framework). |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BoqSettings | | description | Boq related settings. |
|---|
| id | BoqSettings |
|---|
| properties | | controlPlaneConfig | | description | Name of the rollout v2 control plane config to which the data plane config is to be matched. This value should only be set for data plane config and will be ignored otherwise. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BreakGlassConfig | | description | Break-glass access bypasses some restrictions in an emergency situation. This is useful when you can't wait for approvals or for production emergencies when the normal systems are unavailable. See go/rpcsp-key-terms#break-glass. |
|---|
| id | BreakGlassConfig |
|---|
| properties | | requireMpa | | $ref | BreakGlassMpaConfig |
|---|
| description | This field controls Multi-party Authorization (MPA) in the break-glass setting whereas non_unilateral_access_controls.require_mpa controls for all other settings. Each field is independent of each other. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BreakGlassConfigV1 | | description | Break-glass access bypasses some restrictions in an emergency situation. This is useful when you can't wait for approvals or for production emergencies when the normal systems are unavailable. See go/rpcsp-key-terms#break-glass. |
|---|
| id | BreakGlassConfigV1 |
|---|
| properties | | emergencyAdmins | | description | Break-glass access can only be exercised if 1. the access matches this field (via AUTHORITY *or* ATTRIBUTION, see go/dpci-faq#attribution), *and* 2. access is also granted access via an ALLOW rule. Entries in this field should be in the same form as go/rpcsp-reference-guide#Rule.in For how to break glass, see go/how-to-break-glass. Break-glass will bypass justification and other access requirement checking (such as go/assurant), and so it is inherently unsafe and should only be used in an emergency. See go/should-i-break-glass. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requireMpa | | $ref | BreakGlassMpaConfigV1 |
|---|
| description | This field controls Multi-party Authorization (MPA) for break-glass access whereas the require_mpa field in AdminPolicy controls for non-break-glass access. Each field is independent of the other. If break-glass is triggered, a lightweight version of MPA will always be used (i.e. ZD-MPA). |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BreakGlassMpaConfig | | description | Configures per-request Multi-party Authorization (MPA) with break-glass. This message wraps settings that allow the customization of MPA reviews -- see go/use-mpa. Reviews can be performed by users granted the MPA_REVIEWER_ADMIN role. |
|---|
| id | BreakGlassMpaConfig |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| BreakGlassMpaConfigV1 | | description | Configures per-request Multi-party Authorization (MPA) for break-glass access. This message wraps settings that allow the customization of MPA reviews -- see go/use-mpa. |
|---|
| id | BreakGlassMpaConfigV1 |
|---|
| properties | | reviewGuidance | | description | Guidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed. |
|---|
| type | string |
|---|
|
|---|
| reviewers | | description | The set of users who can review multi-party authorization for break-glass requests. Entries in this field should be one of "mdb:xxx" "user:yyy@prod.google.com" This is a subset of go/rpcsp-reference-guide#Rule.in If this field is not set, the values in `AdminPolicy.require_mpa.reviewers` will be used. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BrowserFirstPartyAuthRequirements | | description | Google first party auth configuration. This lets websites and Chrome extensions with Gaia cookies use those for API authentication. See http://go/api-session-cookie for more. Browser first party auth lets JavaScript on a first party website or Chrome extension call Google APIs, authenticating with a user's Gaia cookies. See http://go/api-session-cookie for more. See http://go/apiscopes for documentation on how to create a new API scope if you need one. Example of an API that wants to accept first party auth: name: calendar.googleapis.com authentication: rules: - selector: "*" browser_first_party_auth: scope_codes: API_CL |
|---|
| id | BrowserFirstPartyAuthRequirements |
|---|
| properties | | allowMissingActiveSession | | description | Unimplemented: If true, the services treats requests with valid credentials that don't include an active session (e.g. because it is restricted by go/account-restrictions) the same way as it would treat requests with no credentials at all. If false (default), requests without an active session will be rejected (403). Setting this to true will have no effect unless allow_without_credential is also set. See also go/account-restrictions-esf-soe tl;dr GaiaBackend hides some accounts from the mint by marking their sessions as invalid. ESF fails by default in this case unless this option is set. APIs will see the request the same way as they would for an unauthenticated API call (gaiaId will be absent). |
|---|
| type | boolean |
|---|
|
|---|
| ignoreInvalidCredentials | | description | If true, the services treats requests with invalid credentials (including invalid active session) the same way as it would treat requests with no credentials at all. If false (default), requests without an active session will be rejected (400s). Setting this to true will have no effect unless allow_without_credential is also set. See also go/esf-fpa-failure-as-signed-out tl;dr a request with invalid Gaia auth cookies should be regarded as signed out in Identity's perspective. |
|---|
| type | boolean |
|---|
|
|---|
| scopeCodes | | description | The list of GaiaMint scopes that will be part of the resulting GaiaMint. Scopes in this list must configure [AllowedFirstPartyAuth](https://source.corp.google.com/piper///depot/google3/gaia/mint/protos/apiscopes.proto;rcl=369348158;l=426). Example: scope_codes: API_CL, API_CL_READONLY |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| BusinessIntelligenceConfig | | description | Defines business intelligence configuration such as active developer designation. |
|---|
| id | BusinessIntelligenceConfig |
|---|
| properties | | activeDeveloperMethod | | description | Optional. Specifies whether calls to the configurated method come from users to be counted as "active developers". A definition of active developer and additional information on the subject can be found in go/cloud-active-developers-plan. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CacheConfig | | description | Cache config. |
|---|
| id | CacheConfig |
|---|
| properties | | disabled | | description | Whether caching is disabled. By default, caching is enabled with default cache parameters. |
|---|
| type | boolean |
|---|
|
|---|
| lifetimeSeconds | | description | Cache entry life time in seconds. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| localCacheSizeBytes | | description | Size of local cache in the number of bytes. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| memcachegRpcTimeoutMs | | description | Timeout for memcacheg rpc in milliseconds. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| refreshThresholdSeconds | | description | When this is set, cache can do asynchronous refresh when the remaining lifetime of a cache entry is less than the threshold. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| strategy | | description | The strategy to be used for caching. |
|---|
| enum | - LOCAL_ONLY
- MEMCACHE_ONLY
- LOCAL_AND_MEMCACHE
|
|---|
| enumDescriptions | - Use only a local cache.
- Use only a memcache.
- Use both local and memcache.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CancelOperationRequest | | description | The request message for Operations.CancelOperation. |
|---|
| id | CancelOperationRequest |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| CcfeAuthorizationAlreadyDone | | description | Represents the case where authorization has already been performed for a Control Logic Handler (CLH) that is behind Cloud Control Front End (CCFE). Since CCFE has already performed authorization, authz obligations are considered trivially met. |
|---|
| id | CcfeAuthorizationAlreadyDone |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Census | | description | Defines go/census related configurations. This is currently used only for defining Critical User Interaction (CUI) based on API method. The CUI is then propagated to the backend systems via Census tag to enable end-to-end visibility and cross-regional risk analysis. Please see go/cui-tags-in-esf for more details. For any inquries related to this configuration, reach out to cui-attribution-team@google.com Example: census: rules: - selector: "*" product_cui: "cloud_pubsub/UNSPECIFIED" - selector: "google.pubsub.v1.Publisher.Publish" product_cui: "cloud_pubsub/PUBLISH" The above example will set `product_cui` Census tag to be `cloud_pubsub/PUBLISH` for `google.pubsub.v1.Publisher.Publish` method, and `cloud_pubsub/UNSPECIFIED` for all the other methods. |
|---|
| id | Census |
|---|
| properties | | rules | | description | A list of Census rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CensusRule | | description | A Census rule provides configuration to map API method to `product_cui` (go/product_cui). |
|---|
| id | CensusRule |
|---|
| properties | | logProductCui | | description | Enables logging `product_cui= field to GWSLog. |
|---|
| type | boolean |
|---|
|
|---|
| productCui | | description | Specifies CUI based on go/cui-text-representation, e.g. `cloud_pubsub/PUBLISH`. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ChemistConfig | | description | Chemist Configurations. |
|---|
| id | ChemistConfig |
|---|
| properties | | address | | description | The Unifed Backend (go/backends) target address of the Chemist Server. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ClientLibrarySettings | | description | Details about how and where to publish client libraries. |
|---|
| id | ClientLibrarySettings |
|---|
| properties | | cppSettings | | $ref | CppSettings |
|---|
| description | Settings for C++ client libraries. |
|---|
|
|---|
| dotnetSettings | | $ref | DotnetSettings |
|---|
| description | Settings for .NET client libraries. |
|---|
|
|---|
| goSettings | | $ref | GoSettings |
|---|
| description | Settings for Go client libraries. |
|---|
|
|---|
| javaSettings | | $ref | JavaSettings |
|---|
| description | Settings for legacy Java features, supported in the Service YAML. |
|---|
|
|---|
| launchStage | | description | Launch stage of this version of the API. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| nodeSettings | | $ref | NodeSettings |
|---|
| description | Settings for Node client libraries. |
|---|
|
|---|
| phpSettings | | $ref | PhpSettings |
|---|
| description | Settings for PHP client libraries. |
|---|
|
|---|
| pythonSettings | | $ref | PythonSettings |
|---|
| description | Settings for Python client libraries. |
|---|
|
|---|
| restNumericEnums | | description | When using transport=rest, the client request will encode enums as numbers rather than strings. |
|---|
| type | boolean |
|---|
|
|---|
| rubySettings | | $ref | RubySettings |
|---|
| description | Settings for Ruby client libraries. |
|---|
|
|---|
| version | | description | Version of the API to apply these settings to. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CloudAuditOptions | | description | Write a Cloud Audit log |
|---|
| id | CloudAuditOptions |
|---|
| properties | | authorizationLoggingOptions | | $ref | AuthorizationLoggingOptions |
|---|
| description | Information used by the Cloud Audit Logging pipeline. |
|---|
|
|---|
| logName | | description | The log_name to populate in the Cloud Audit Record. |
|---|
| enum | - UNSPECIFIED_LOG_NAME
- ADMIN_ACTIVITY
- DATA_ACCESS
|
|---|
| enumDescriptions | - Default. Should not be used.
- Corresponds to "cloudaudit.googleapis.com/activity"
- Corresponds to "cloudaudit.googleapis.com/data_access"
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CloudIam | | description | Represents a Cloud IAM authorization check. This method is tracked by the CloudAuthorization library. |
|---|
| id | CloudIam |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| CloudUberMintConfig | | description | Config for Cloud UberMint (go/cloud-ubermint). |
|---|
| id | CloudUberMintConfig |
|---|
| properties | | mode | | description | Required to enable accepting Cloud UberMint. |
|---|
| enum | |
|---|
| enumDescriptions | - By default, Cloud UberMint will be rejected.
- Accept Cloud UberMint and produce opaque SecurityContext. This implicitly also enables the central UberMint CLOUD platform.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Codegen | | description | `Codegen` defines the codegen configuration for a service. It currently resides underneath the experimental section. Example: experimental: codegen: rules: - selector: google.calendar.Calendar.Message.field |
|---|
| id | Codegen |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| CodegenRule | | description | The rule for generating code for a selected API element. |
|---|
| id | CodegenRule |
|---|
| properties | | jsonName | | description | Overrides default name for JSON serialization. |
|---|
| type | string |
|---|
|
|---|
| resourceReference | | description | The field contains resource reference. This affects serialization and de-serialization where the resouce reference is converted between URL (used in Apiary v1) and One Platform style resource name. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects methods, messages, fields, enums, etc. to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CommonLanguageSettings | | description | Required information for every language. |
|---|
| id | CommonLanguageSettings |
|---|
| properties | | destinations | | description | The destination where API teams want this client library to be published. |
|---|
| items | | enum | - CLIENT_LIBRARY_DESTINATION_UNSPECIFIED
- GITHUB
- PACKAGE_MANAGER
|
|---|
| enumDescriptions | - Client libraries will neither be generated nor published to package managers.
- Generate the client library in a repo under github.com/googleapis, but don't publish it to package managers.
- Publish the library to package managers like nuget.org and npmjs.com.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| referenceDocsUri | | description | Link to automatically generated reference documentation. Example: https://cloud.google.com/nodejs/docs/reference/asset/latest |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Condition | | description | A condition to be met. |
|---|
| id | Condition |
|---|
| properties | | iam | | description | Trusted attributes supplied by the IAM system. |
|---|
| enum | - NO_ATTR
- AUTHORITY
- ATTRIBUTION
- SECURITY_REALM
- APPROVER
- JUSTIFICATION_TYPE
- CREDENTIALS_TYPE
- CREDS_ASSERTION
|
|---|
| enumDescriptions | - Default non-attribute.
- Either principal or (if present) authority selector.
- The principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- Any of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- An approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- What types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the *absence* of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- What type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the *absence* of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- EXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
|
|---|
| type | string |
|---|
|
|---|
| op | | description | An operator to apply the subject with. |
|---|
| enum | - NO_OP
- EQUALS
- NOT_EQUALS
- IN
- NOT_IN
- DISCHARGED
|
|---|
| enumDescriptions | - Default no-op.
- DEPRECATED. Use IN instead.
- DEPRECATED. Use NOT_IN instead.
- The condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- The condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- Subject is discharged
|
|---|
| type | string |
|---|
|
|---|
| svc | | description | Trusted attributes discharged by the service. |
|---|
| type | string |
|---|
|
|---|
| sys | | description | Trusted attributes supplied by any service that owns resources and uses the IAM system for access control. |
|---|
| enum | - NO_ATTR
- REGION
- SERVICE
- NAME
- IP
|
|---|
| enumDescriptions | - Default non-attribute type
- Region of the resource
- Service name
- Resource name
- IP address of the caller
|
|---|
| type | string |
|---|
|
|---|
| values | | description | The objects of the condition. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Context | | description | `Context` defines which contexts an API requests. Example: context: rules: - selector: "*" requested: - google.rpc.context.ProjectContext - google.rpc.context.OriginContext The above specifies that all methods in the API request `google.rpc.context.ProjectContext` and `google.rpc.context.OriginContext`. Available context types are defined in package `google.rpc.context`. This also provides mechanism to allowlist any protobuf message extension that can be sent in grpc metadata using “x-goog-ext--bin” and “x-goog-ext--jspb” format. For example, list any service specific protobuf types that can appear in grpc metadata as follows in your yaml file: Example: context: rules: - selector: "google.example.library.v1.LibraryService.CreateBook" allowed_request_extensions: - google.foo.v1.NewExtension allowed_response_extensions: - google.foo.v1.NewExtension You can also specify extension ID instead of fully qualified extension name here. |
|---|
| id | Context |
|---|
| properties | | rules | | description | A list of RPC context rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ContextRule | | description | A context rule provides information about the context for an individual API element. |
|---|
| id | ContextRule |
|---|
| properties | | allowedRequestExtensions | | description | A list of full type names or extension IDs of extensions allowed in grpc side channel from client to backend. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| allowedResponseExtensions | | description | A list of full type names or extension IDs of extensions allowed in grpc side channel from backend to client. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| provided | | description | A list of full type names of provided contexts. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requested | | description | A list of full type names of requested contexts. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Control | | description | Selects and configures the service controller used by the service. Example: control: environment: servicecontrol.googleapis.com |
|---|
| id | Control |
|---|
| properties | | environment | | description | The service controller environment to use. If empty, no control plane feature (like quota and billing) will be enabled. The recommended value for most services is servicecontrol.googleapis.com |
|---|
| type | string |
|---|
|
|---|
| failureMode | | description | How to proceed when service control check fails. |
|---|
| enum | - DEFAULT_FAIL_OPEN
- FAIL_CLOSED
|
|---|
| enumDescriptions | - ESF will succeed even when service control returns RPC error.
- ESF will drop the API call when service control returns RPC error.
|
|---|
| type | string |
|---|
|
|---|
| methodPolicies | | description | Defines policies applying to the API methods of the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| policyCallbacks | | description | The API backend configurations for policy callback. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ControlPlaneMigration | | description | Settings to manage the migration of a One Platform service from Usage Manager to Chemist. |
|---|
| id | ControlPlaneMigration |
|---|
| properties | | migrating | | description | Identifies this One Platform service as migrating its control plane from Usage Manager to Chemist. This generates config that allows ESF to make dual check calls, i.e. Check() calls to both Usage Manager and Chemist. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CounterOptions | | description | Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. Supported field names: - "authority", which is "[token]" if IAMContext.token is present, otherwise the value of IAMContext.authority_selector if present, and otherwise a representation of IAMContext.principal; or - "iam_principal", a representation of IAMContext.principal even if a token or authority selector is present; or - "" (empty string), resulting in a counter with no fields. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/debug_access_count {iam_principal=[value of IAMContext.principal]} |
|---|
| id | CounterOptions |
|---|
| properties | | customFields | | description | Custom fields. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| field | | description | The field value to attribute. |
|---|
| type | string |
|---|
|
|---|
| metric | | description | The metric to update. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CppSettings | | description | Settings for C++ client libraries. |
|---|
| id | CppSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CreateTenancyUnitRequest | | description | Request to create a tenancy unit for a service consumer of a managed service. |
|---|
| id | CreateTenancyUnitRequest |
|---|
| properties | | tenancyUnitId | | description | Optional. Optional service producer-provided identifier of the tenancy unit. Must be no longer than 40 characters and preferably URI friendly. If it isn't provided, a UID for the tenancy unit is automatically generated. The identifier must be unique across a managed service. If the tenancy unit already exists for the managed service and service consumer pair, calling `CreateTenancyUnit` returns the existing tenancy unit if the provided identifier is identical or empty, otherwise the call fails. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CredsAssertion | | description | CredsAssertion represents a check that is to be performed against credential origin. It can be referenced in creds_policy rules by name. |
|---|
| id | CredsAssertion |
|---|
| properties | | deviceTrustLevel | | $ref | DeviceTrustLevelAssertion |
|---|
| description | Assert that a credential is produced from an UpTick from a machine with sufficient trust level. |
|---|
|
|---|
| name | | description | REQUIRED. Name is used to refer to a credential assertion in creds_policy rules. |
|---|
| type | string |
|---|
|
|---|
| oauthScope | | $ref | OauthScopeAssertion |
|---|
| description | Assert that a credential is produced from an oauth token with one of specified scopes. |
|---|
|
|---|
| osidDomain | | $ref | OsidDomainAssertion |
|---|
| description | Assert that a credential is produced from an OSID cookie with one of specified domains. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CrossProductSharing | | description | Constraints on sharing of user data across products (see go/rpcsp-dma52). |
|---|
| id | CrossProductSharing |
|---|
| properties | | enableConsentCheck | | $ref | EnableConsentCheck |
|---|
| description | REQUIRED -- Enables checks that the user has consented to cross-product sharing where applicable, denying access if the required consent is not present. |
|---|
|
|---|
| excludePeers | | description | DO NOT USE: Under development Peers specified in this field will be exempted from consent check. This field supports the following format: `user:{username}@prod.google.com`. This field does NOT support excluding MDB groups or LocalACL groups. Example: cross_product_sharing { enable_consent_check {} service_team_graph_product_id: 12345 exclude_peers: 'user:service-admin@prod.google.com' } |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| serviceTeamGraphProductId | | description | REQUIRED -- Product ID of the current service (see go/dma-stable-ids). |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CrossProductSharingCondition | | description | A condition controlling cross-product sharing (see go/rpcsp-dma52). |
|---|
| id | CrossProductSharingCondition |
|---|
| properties | | enableConsentCheck | | $ref | Empty |
|---|
| description | REQUIRED -- Enables checks that the user has consented to cross-product sharing where applicable, denying access if the required consent is not present. |
|---|
|
|---|
| serviceTeamGraphProductId | | description | REQUIRED -- Product ID of the current service (see go/dma-stable-ids). |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Custom | | description | If you intend to use some authorization method not listed above, use Custom and record the check with the security context Obligations library (e.g., google3/security/context/public/obligations.h). |
|---|
| id | Custom |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| CustomError | | description | Customize service error responses. For example, list any service specific protobuf types that can appear in error detail lists of error responses. Example: custom_error: types: - google.foo.v1.CustomError - google.foo.v1.AnotherError |
|---|
| id | CustomError |
|---|
| properties | | rules | | description | The list of custom error rules that apply to individual API messages. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| types | | description | The list of custom error detail types, e.g. 'google.foo.v1.CustomError'. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CustomErrorRule | | description | A custom error rule. |
|---|
| id | CustomErrorRule |
|---|
| properties | | isErrorType | | description | Mark this message as possible payload in error response. Otherwise, objects of this type will be filtered when they appear in error payload. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects messages to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CustomField | | description | Custom fields. These can be used to create a counter with arbitrary field/value pairs. See: go/rpcsp-custom-fields. |
|---|
| id | CustomField |
|---|
| properties | | name | | description | Name is the field name. |
|---|
| type | string |
|---|
|
|---|
| value | | description | Value is the field value. It is important that in contrast to the CounterOptions.field, the value here is a constant that is not derived from the IAMContext. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| CustomHttpPattern | | description | A custom pattern is used for defining custom HTTP verb. |
|---|
| id | CustomHttpPattern |
|---|
| properties | | kind | | description | The name of this custom HTTP verb. |
|---|
| type | string |
|---|
|
|---|
| path | | description | The path matched by this custom verb. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DataAccessOptions | | description | Write a Data Access (Gin) log |
|---|
| id | DataAccessOptions |
|---|
| properties | | logMode | | enum | - LOG_MODE_UNSPECIFIED
- LOG_FAIL_CLOSED
|
|---|
| enumDescriptions | - Client is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- The application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Date | | description | Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp |
|---|
| id | Date |
|---|
| properties | | day | | description | Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| month | | description | Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| year | | description | Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Delegated | | description | Represents the intention to defer the authorization decision to some downstream service, and to trust that service's authorization decision. This method should be tracked by application code when it receives an RPC response from the delegate service. |
|---|
| id | Delegated |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| DeleteTenantProjectRequest | | description | Request message to delete tenant project resource from the tenancy unit. |
|---|
| id | DeleteTenantProjectRequest |
|---|
| properties | | tag | | description | Required. Tag of the resource within the tenancy unit. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DescriptorProto | | description | Describes a message type. |
|---|
| id | DescriptorProto |
|---|
| properties | | enumType | |
|---|
| extension | |
|---|
| extensionRange | |
|---|
| field | |
|---|
| name | |
|---|
| nestedType | |
|---|
| oneofDecl | |
|---|
| options | |
|---|
| reservedName | | description | Reserved field names, which may not be used by fields in the same message. A given name may only be reserved once. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| reservedRange | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| Destination | | description | Configuration of a destination to send metric values and log entries to. |
|---|
| id | Destination |
|---|
| properties | | acl | | $ref | ServiceControlAcl |
|---|
| description | Authorization configuration for this destination. |
|---|
|
|---|
| labelKeyTransformationName | | description | Name of the label key transformation config. The names must be defined in LabelKeyTransformationConfig section. If transformation is not specified for a given resource entity definition, identity transformation is used where all label keys defined in the resource entity definition are mapped to themselves. |
|---|
| type | string |
|---|
|
|---|
| logNames | | description | Names of the logs to be sent to this destination. Each name must be defined in the logs section. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metricNames | | description | Names of the metrics to send to this destination. Each name must be defined in MetricsDefinition.custom_metrics section. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| owner | | description | Whether the metric values and log entries are owned by the producer project or the consumer project. |
|---|
| enum | - OWNER_UNSPECIFIED
- PRODUCER_PROJECT
- CONSUMER_PROJECT
|
|---|
| enumDescriptions | - This is not a valid value.
- The metric values and log entries are owned by the producer project.
- The metric values and log entries are owned by the consumer project.
|
|---|
| type | string |
|---|
|
|---|
| type | | description | The type of the destination. |
|---|
| enum | - TYPE_UNSPECIFIED
- MONITORING
- BILLING
- LOGGING
- QUOTA
|
|---|
| enumDescriptions | - This is not a valid value.
- Send metric values to the monitoring system.
- Send metric values to the billing system.
- Send logs to the logging system.
- Send metric values to the quota system.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Devconsole | | description | Links and link-templates that are displayed to service consumers in DevConsole. These are in the legacy config for now because we should probably replace these with the more general purpose markdown based documentation already attached to the service config. Until the console supports this doc directly, however, new services need to be able to populate the existing fields. See also the ApiConfiguration message in http://go/dc-config-proto |
|---|
| id | Devconsole |
|---|
| properties | | consoleApi | | description | Indicates which API Pantheon should used to manage the service. Service owners should NOT set this field without talking to inception-team@. It will normally be populated by Inception. This field will be removed as soon as we clean up the Pantheon cutover to Inception. |
|---|
| enum | - UNKNOWN
- LEGACY
- NEW
- NEW_GOOGLERS_ONLY
|
|---|
| enumDescriptions | - No value was provided.
- Use the DevProjects API to manage the service.
- Use the Inception API to manage the service.
- Use the Inception API to manage the service for Googlers only.
|
|---|
| type | string |
|---|
|
|---|
| exampleUrl | | description | For public APIs, it must point to the API Explorer page for the API, such as https://developers.google.com/apis-explorer/#search/bigquery/bigquery/v2/. It is optional for private APIs. |
|---|
| type | string |
|---|
|
|---|
| learnmoreUrl | | description | For public APIs, it must point to the API product landing page, such as https://cloud.google.com/bigquery/. For private APIs, it should point to the API internal site. |
|---|
| type | string |
|---|
|
|---|
| pricingLink | | description | A link to pricing information for the API product, such as https://cloud.google.com/bigquery/pricing. |
|---|
| type | string |
|---|
|
|---|
| requestQuotaUrl | | description | A URL to a Google Docs form, such as https://docs.google.com/spreadsheet/viewform?formkey=abc123&entry_0={email}&entry_1={id}. Google Developers Console UI replace {email} with the current user's e-mail, {id} with the current project number, or organization ID with "organizations/" prefix. For example, https://docs.google.com/spreadsheet/viewform?formkey=abc123&entry_0=johndoe@gmail.com&entry_1=25463754, or https://docs.google.com/spreadsheet/viewform?formkey=abc123&entry_0=johndoe@gmail.com&entry_1=organizations/26474422. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DeviceTrustLevelAssertion | | description | DeviceTrustLevelAssertion asserts that a request was performed with a credential obtained from UpTick with sufficient trust level. |
|---|
| id | DeviceTrustLevelAssertion |
|---|
| properties | | loasOriginTrusted | | description | REQUIRED. If set to true, credential assertion treats LOAS-based credentials as ones with maximum trust level. If false, requests with LOAS-based credentials are treated as INDETERMINATE by this assertion. |
|---|
| type | boolean |
|---|
|
|---|
| minimum | | description | REQUIRED. Credential assertion checks that a credential is produced from an UpTick with TrustLevel of at least specified value. |
|---|
| enum | - INDETERMINATE
- MINIMALLY_TRUSTED_DEVICE
- MOSTLY_TRUSTED_DEVICE
- FULLY_TRUSTED_DEVICE
- HIT_TRUSTED_DEVICE
- RIX_TRUSTED_DEVICE
- RMG_TRUSTED_DEVICE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DisabledAdminAccessControlConfig | | description | Disable Admin Access Control (AAC) checks. -- see go/configuring-rpcsp-2-admin-role#configuring-disabledadminaccesscontrolconfig `DisabledAdminAccessControlConfig` has two use cases: 1) `DisabledAdminAccessControlConfig` can be temporarily set for migration purposes while you are not yet ready to use Admin Access Control (AAC) checks. This should not be a long term state. 2) `DisabledAdminAccessControlConfig` can be used for endpoints that grant privileged access but are out of scope for AAC checks, see go/rpcsp2-gin-3-1#annotate-out-of-scope-endpoints. |
|---|
| id | DisabledAdminAccessControlConfig |
|---|
| properties | | disableAuditLogging | | description | `disable_audit_logging` has two use cases, similar to `DisabledAdminAccessControlConfig`: 1) Audit logging can be temporarily disabled for migration purposes while a service is not yet Gintegrated. This should not be a long-term state. 2) Audit logging can be disabled for endpoints not accessing user data (and don't want to use AAC or generate Gin logs) but want to indicate privileged access. In this case, you can still use the ADMIN role and use this bit. Note: Disabling audit logging will mean the service cannot reach RpcSP Level 3. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Discovery | | description | API Discovery related configuration of a service. Example: discovery: canonical_name: Library Example public_discovery: true discovery_per_version: - version: v1 public_directory: true - version: v2 public_directory: false Next Tag: 16 |
|---|
| id | Discovery |
|---|
| properties | | apiName | | description | API name that will be shown in discovery document. If this field is not set, API compiler will try to derive it from google.api.Service.name for Google APIs, or raise error if it cannot be derived. The derivation works as follows. The API name is identified using these patterns against google.api.Service.name: `{apiname}.*.*` and `(staging|test)-{apiname}.sandbox.*.*` On the remaining string, '.' and '-' are replaced by '_'. For example, both `library.example.googleapis.com` and `staging-library.example.sandbox.googleapis.com` will result in `library_example`. If the result of derivation is not sufficient, set the name explicitly here. Note that there are a few other places in the build system and deployment configuration where you need to set the name as well if it's not derived. WARNING: This field must be set at the top level. Changing this value will cause a breaking change to all generated client libraries, APIs explorer, etc. Example: name: dev-foobar.sandbox.googleapis.com .... discovery: api_name: foobar |
|---|
| type | string |
|---|
|
|---|
| batchPath | | description | Describes the path, relative to the Root URL, where batch requests should be sent by API clients. This should always be configured with a service-specific batch endpoint. Setting this field overrides the batch path that is automatically derived by the API compiler. Most services do not need to configure the batch endpoint explicitly and should instead take on the batch path derived by the API compiler. The primary use case for this field is to override the batch path when an Apiary-style Root URL is configured in the discovery document to prevent sending traffic to the deprecated Apiary Global HTTP Batch endpoint. The batch path configured in the discovery document should align with the batch url enforced by ESF at runtime (the --esf_server_http_batch_url_path flag). The --esf_server_http_batch_url_path flag will eventually be deprecated and removed in favor of a field in the One Platform service configuration. Example: name: foo.googleapis.com ... discovery: discovery_per_version: - version: v1 root_url: www.googleapis.com batch_path: batch/foo/v1 |
|---|
| type | string |
|---|
|
|---|
| canonicalName | | description | Required. An immutable value used for the `canonicalName` in the generated discovery documents. It should contain between 1 and 3 formally-spelled English words in "Title Case", and must not end with "API". For example, "Spanner Admin". This value is used for properly casing the API class name in [Google API Client Libraries](https://developers.google.com/api-client-library) in many languages. For example, when the value is "Library Example", a code generator for camel-case naming conventions will produce "LibraryExample" in identifiers, while another code generator using lower-underscore-case convention will produce "library_example". This field is recommended to be set at the top level. WARNING: Changing this value will cause a breaking change to all generated client libraries. |
|---|
| type | string |
|---|
|
|---|
| discoveryPerVersion | | description | A field to configure discovery configuration on a version basis. Discovery.public_discovery, Discovery.supported_schemas and Discovery.api_name must only be set at the top level discovery configuration. Discovery.version, Discovery.public_directory and Discovery.path_prefixes must only be set at per-version level discovery configuration. Other fields can be specified at either the top level or per-version level. However, except for Discovery.canonical_name, configuring those fields at per-version level only is strongly recommended. WARNING: If a field is not set at per-version level discovery configuration, the top level configuration will be used to populate per-version configuration. To avoid misconfiguration, specifying the same field at both the top level and per-version level is strongly discouraged. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| exponentialBackoffDefault | | description | If true, tells a code generator to enable exponential backoff for suitable methods by default. This feature requires language support from code generator, and so might not be available in all languages. |
|---|
| type | boolean |
|---|
|
|---|
| launchStage | | description | The launch stage of this discovery document. WARNING: This field must be set at per-version level. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| pathPrefixes | | description | Once specified, only methods with an http binding that matches one of the path prefixes will be included in the generated discovery document for the given API version. The prefix matching is conducted at path segment level, meaning "/library/v1" will not be treated as prefix of "/library/v1beta1". This is useful for an Apiary API that is doing an in-place migration to One Platform, and has http paths that don't start with API version. By default, only methods with http bindings starting with the given API version will be included. Example: discovery: discovery_per_version: - version: v1 path_prefixes: - /library/v1 - /library/new/v1 - version: v2 path_prefixes: - /v2/library WARNING: This field must be set at per-version level. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| publicDirectory | | description | If true, this API discovery document will get included in the [Google API directory](https://discovery.googleapis.com/discovery/v1/apis). WARNING: This field must be set at per-version level. It is extremely rare to publish all discovery versions to the API directory. |
|---|
| type | boolean |
|---|
|
|---|
| publicDiscovery | | description | If true, the discovery document will be public and allow open access, e.g. don't require API key or authentication token. WARNING: This field only works at the top level and applies to all discovery versions. If you want to hide individual discovery version, you must use API visibility. |
|---|
| type | boolean |
|---|
|
|---|
| rootUrl | | description | This is the public DNS name that serves discovery requests for the service. It is also used as the `rootUrl` field in the service's discovery document. If this field is not set, it defaults to the service name. Set this field explicitly if the service name is not the same as the DNS name that serves discovery requests and other service traffic. For example, if your service DNS name (foo.googleapis.com) is different from your public DNS name (bar.googleapis.com), configure your service configuration as follows: Example: name: foo.googleapis.com .... discovery: discovery_per_version: - version: v1 root_url: bar.googleapis.com |
|---|
| type | string |
|---|
|
|---|
| rules | | description | Individual rules for JSON schemas. If your service have multiple API versions, this field is recommended to be configured at per-version level in order to avoid misconfiguration. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| schemaNameTemplate | | description | A simple template which determines how JSON schema names are generated for proto messages. This is a string which uses the `${var}` notation for referring to a set of predefined variable names. The following variables are supported: - `${message_name}`: the simple name of the message or enum type. - `${outer_message_name}`: the sequence of outer message names in which this message is contained, or empty, if not a nested message. - `${package_name}`: the name of the package of the message. - `${version}`: the version of the api as it appears in the metadata of the discovery document, in upper camel case. - `${api_name}`: the simple name of the api, as it appears in the metadata of the discovery document, in upper camel case. Example: discovery: discovery_per_version: - version: v1 schema_name_template: > ${api_name}${outer_message_name}${message_name} - version: v2 schema_name_template: > CustomPrefix${message_name} For an API named `my_api` and a message named `MyNested` contained in a message `MyOuter`, `${api_name}${outer_message_name}${message_name}` results in schema name `MyApiMyOuterMyNested`, `CustomPrefix${message_name}` results in schema name `CustomPrefixMyNested`. If this field is not set, the template defaults to `${message_name}`. WARNING: Changing this value will cause a breaking change to all generated client libraries. If your discovery document for an API version is already public and listed in [Google API directory](https://discovery.googleapis.com/discovery/v1/apis), use JsonSchemaRule.schema_name_template instead. JsonSchemaRule.schema_name_template can be applied at message level. If the schema name of a newly added message conflicts with the name of another message that was already included in discovery document, JsonSchemaRule.schema_name_template can be set for changing the schema name of the new message, while keeping the schema name of the existing message unchanged. |
|---|
| type | string |
|---|
|
|---|
| supportedSchemas | | description | Specifies the supported discovery schemas. If unspecified, the default is `GOOGLE_REST`. Example: discovery: supported_schemas: - GOOGLE_REST - SWAGGER2 This field is order sensitive. The default REST schema will be whatever of `GOOGLE_REST` and `GOOGLE_REST_SIMPLE_URI` appears first in this list. WARNING: This field must be set at the top level and new supported schemas must be added to the end of the list. |
|---|
| items | | enum | - GOOGLE_API
- GOOGLE_REST
- GOOGLE_REST_SIMPLE_URI
- SWAGGER1
- SWAGGER2
- OPENAPI3_0
- GOOGLE_REST_PATCHABLE_VERSION
|
|---|
| enumDescriptions | - Specifies the platform's native discovery schema, based on the google.api.Service message.
- Specifies the Google JSON REST discovery schema, which is supporting the older Google API infrastructure. See also [here](https://developers.google.com/discovery/v1/reference/apis).
- A variant of the Google JSON REST discovery schema which avoids level 2 URI template constructs, specifically the use of `{+name}` variables. See [RFC 6570](https://tools.ietf.org/html/rfc6570) for details. Level 2 templates are avoided by translating URI patterns like `{name=x/*/y/*}` into `x/{xId}/y/{yId}` instead of into `{+name}`. Also, the `{name=**}` pattern will be translated into a simple variable, which means that the client will escape all reserved characters, and the server needs to take care of unescaping itself.
- Swagger version 1.2 schema. See the [Swagger spec](https://github.com/swagger-api/swagger-spec/blob/master/versions/1.2.md). Note that swagger schema implies use of simple URI translation.
- Swagger version 2.0 schema. See the [Swagger spec](https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md). Note that swagger schema implies use of simple URI translation.
- OpenAPI version 3.0.3 schema. See the [OpenAPI spec](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md). Note that OpenAPI schema implies use of simple URI translation.
- A variant of `GOOGLE_REST` which puts the API version into the service path instead of the method path. Many Apiary client libraries support overriding the service path, so this can be used to generate a library which allows to patch the version. This schema should only be used for testing, and with build time discovery. **Note**: This schema does not work with APIs which use global custom methods, as in `v1:customVerb`.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| version | | description | API version of the per-version discovery configuration. It is also the identifier of the per-version discovery configuration. This field must be set at per-version level. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DiscoveryConfig | | id | DiscoveryConfig |
|---|
| properties | | allowBatchPathOverride | | description | Normally, `discovery_per_version` `batch_path` settings are only allowed when the `root_url` is an Apiary URL and an error is emitted when `batch_path` is set for non-Apiary URLs. This flag disables that check and allows overrides even for non-Apiary URLs. It should only be used for very limited use cases after consultation with api-migration-team@. |
|---|
| type | boolean |
|---|
|
|---|
| allowDiscoverableUserIpSystemParameter | | description | The `userIp` system parameter is only discoverable for limited use cases in order to avoid breaking changes that would remove `setUserIp()` (etc) methods from generated client libraries. Do not use this without consulting with api-migration-team@. |
|---|
| type | boolean |
|---|
|
|---|
| allowSchemaInlineMessages | | description | allow inlined messages |
|---|
| type | boolean |
|---|
|
|---|
| deriveCollectionFromDiscoveryPerVersion | | description | Use Discovery per-version configuration to derive REST collection names |
|---|
| type | boolean |
|---|
|
|---|
| deriveCollectionFromMultiLevels | | description | When a collection name is derived from proto_to_apiary_method_names the full collection name of the Apiary method name is used. That is, if the Apiary method name is myservice.foo.bar.create then the collection name will be foo.bar. |
|---|
| type | boolean |
|---|
|
|---|
| enableTopLevelMethods | | description | Enable `discovery.methods` section of the discovery doc and add methods whose Apiary method names in proto_to_apiary_method_names are eligible to this section, instead of `discovery.resources` section. Apiary method names which follow service.method pattern will be considered as eligible. |
|---|
| type | boolean |
|---|
|
|---|
| iconUrlOverrides | |
|---|
| packagePath | | description | sets the packagePath field in the discovery doc |
|---|
| type | string |
|---|
|
|---|
| propagateLowerCamelEnumsFlags | | description | Enable propagation of per-method migration flags down to the model elements they affect for discovery/docgen purposes. (e.g. lower_camel_enums down to EnumType objects). |
|---|
| type | boolean |
|---|
|
|---|
| propagateUseLegacyJsonMapFormatFlags | |
|---|
| servicePaths | | additionalProperties | |
|---|
| description | Map API version to service path. `servicePath` and `basePath` in the generated discovery doc are empty by default and REST method paths are full paths. If the service path is specified for the corresponding API version in this map, `servicePath` and `basePath` will be set in the generated discovery doc, the service path will be appended to `baseUrl` and be stripped from the REST method paths. Note that `servicePath` should not have leading '/' prefix, `basePath` will be the same as `servicePath` but with a leading '/'. |
|---|
| type | object |
|---|
|
|---|
| skipServiceControlForLegacyDiscoveryUrl | | description | When set to true, legacy Discovery(Apiary) url request would skip the service control(chemist) check inside ESF. Otherwise, legacy url Discovery request which does not have a valid API key would be rejected by invalid/restricted/not-found/expired API keys errors. Apiary discovery URLs are of the format `https://www.googleapis.com/discovery/v1/apis/{api_name}/{api_version}/rest` while OP discovery URLs are of the format `https://{SERVICE_NAME}/$discovery/rest?version={API_VERSION}`. Clients using the Apiary discovery URL had their traffic likely migrated from Apiary server to OP. Since Apiary didn't check API keys, it would be a breaking change if we did it on OP. |
|---|
| type | boolean |
|---|
|
|---|
| sortRequiredQueryParams | | description | A `parameterOrder` list is created for each method. It starts with any path parameters (in the order that they appear in the path). Then, required query params are appended to that. Apiary sorts them alphabetically (along with the entries in the related `parameters` map), but OP doesn't by default. This flag causes them to be sorted to match Apiary. This flag should really be named something like `sort_parameters` or `sort_parameters_like_apiary`. Related Apiary code appears to be here: http://google3/java/com/google/api/server/config/merged/discovery/RestParameterOrderInterpreter.java?l=106-146&rcl=353856967 http://google3/java/com/google/api/server/tools/discoverytyped/DiscoveryApiCreator.java?l=464&rcl=338668512 |
|---|
| type | boolean |
|---|
|
|---|
| suppressEmptyParameterOrder | | description | If a request has no path parameters and no required query parameters, then Apiary will not output a `parameterOrder` list (it would be empty). This flag will suppress empty `parameterOrder` lists to match Apiary. |
|---|
| type | boolean |
|---|
|
|---|
| useProtoToApiaryMethodNames | | description | When set to true, the `id` strings for each method in the discovery doc will use the mapping in `migration.proto_to_apiary_method_names` instead of deriving a new one from other sources. |
|---|
| type | boolean |
|---|
|
|---|
| warnForPropagationConflicts | | description | Report warnings if per-method migration flags end up conflicting (e.g. an enum is reachable by methods using 2 different lower_camel_enums settings). |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DiscoveryMessageConfig | | description | Configure various settings that are used to better document message types in the API (e.g. in generated discovery docs, user reference docs and client libraries). |
|---|
| id | DiscoveryMessageConfig |
|---|
| properties | | hideEmptySchema | | description | NOTE: Prefer specifying these flags here rather than the deprecated flags in `MigrationMessageRule`. The are grouped here with other discovery related configuration. |
|---|
| type | boolean |
|---|
|
|---|
| inlineMessage | | description | This message is inlined recursively whereever it's defined (i.e. if there are any message type definitions in the expansion, those message types will also be inlined recursively as well). It is an error to use this on messages that are cyclic (e.g. message A had a field of type B and message B has a field of type A). The recursive inlining happens if either this flag is set or the (== inline_message ==\) directive is in the message's description. The recursive inlining behavior is different from Apiary, suppose `ABMessage` will be inlined: ``` message ABMessage { A a = 1; B b = 2; message B { string b_name = 1; } } message A { string a_name = 1; } ``` Apiary inlines by recursively iterating type references (`a` and `b`), the generated schema will be: ``` { string a_name; b: { string b_name; } } ``` OP inlines by recursively iterating type definitions (`B`), the generated schema will be: ``` { a: { $ref: "A" }, b: { string b_name; } } ``` |
|---|
| type | boolean |
|---|
|
|---|
| shallowInlineMessage | | description | Only fields in this message will be inlined where this message is referenced by this flag. The shallow inlining happens if either this flag is set or the \(== shallow_inline_message ==\) directive is in the message's description. |
|---|
| type | boolean |
|---|
|
|---|
| useProtoForOuterMessageName | | description | Normally, OP generates schema names by using the proto names of the message types. Apiary has a `(api.message).name` annotation that will get used instead of the proto name for a message's schema name. The problem is that Apiary appears to ignore `(api.message).name` annotations for parent message types. That is, the schema name for the SecondLevel message here would be TopLevelNumberTwo (not NumberOneNumberTwo or TopLevelSecondLevel). This flag enables that behavior. ``` message TopLevel { option (api.message).name = "NumberOne"; message SecondLevel { option (api.message).name = "NumberTwo"; ... } ``` This field affects schema names only when `Discovery.schema_name_template` contains `${outer_message_name}` variables. This also affects the names that get used for nested message types when docgen's --includeOuterMessageTypes tool flag is used. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Documentation | | description | `Documentation` provides the information for describing a service. Example: documentation: summary: > The Google Calendar API gives access to most calendar features. pages: - name: Overview content: (== include google/foo/overview.md ==) - name: Tutorial content: (== include google/foo/tutorial.md ==) subpages; - name: Java content: (== include google/foo/tutorial_java.md ==) rules: - selector: google.calendar.Calendar.Get description: > ... - selector: google.calendar.Calendar.Put description: > ... Documentation is provided in markdown syntax. In addition to standard markdown features, definition lists, tables and fenced code blocks are supported. Section headers can be provided and are interpreted relative to the section nesting of the context where a documentation fragment is embedded. Documentation from the IDL is merged with documentation defined via the config at normalization time, where documentation provided by config rules overrides IDL provided. A number of constructs specific to the API platform are supported in documentation text. In order to reference a proto element, the following notation can be used: [fully.qualified.proto.name][] To override the display text used for the link, this can be used: [display text][fully.qualified.proto.name] Text can be excluded from doc using the following notation: (-- internal comment --) A few directives are available in documentation. Note that directives must appear on a single line to be properly identified. The `include` directive includes a markdown file from an external source: (== include path/to/file ==) The `resource_for` directive marks a message to be the resource of a collection in REST view. If it is not specified, tools attempt to infer the resource from the operations in a collection: (== resource_for v1.shelves.books ==) The directive `suppress_warning` does not directly affect documentation and is documented together with service config validation. |
|---|
| id | Documentation |
|---|
| properties | | documentationPerVersion | | description | Configuration that is specific to a particular API version. As with rules lists (and their `selector` fields), a given API version will use the last matching `DocumentationPerVersion` entry that is configured. And, there will be no merging between the entries if there are multiple entries for the same version. |
|---|
| items | | $ref | DocumentationPerVersion |
|---|
|
|---|
| type | array |
|---|
|
|---|
| documentationRootUrl | | description | The URL to the root of documentation. |
|---|
| type | string |
|---|
|
|---|
| overview | | description | Declares a single overview page. For example: documentation: summary: ... overview: (== include overview.md ==) This is a shortcut for the following declaration (using pages style): documentation: summary: ... pages: - name: Overview content: (== include overview.md ==) Note: you cannot specify both `overview` field and `pages` field. |
|---|
| type | string |
|---|
|
|---|
| pages | | description | The top level pages for the documentation set. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of documentation rules that apply to individual API elements. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| serviceRootUrl | | description | Specifies the service root url if the default one (the service name from the yaml file) is not suitable. This can be seen in any fully specified service urls as well as sections that show a base that other urls are relative to. |
|---|
| type | string |
|---|
|
|---|
| summary | | description | A short description of what the service does. The summary must be plain text. It becomes the overview of the service displayed in Google Cloud Console. NOTE: This field is equivalent to the standard field `description`. |
|---|
| type | string |
|---|
|
|---|
| unattachedTypeBehaviors | | description | Specifies how the document generation tool should handle the types & enums that are listed in the top level service config `types` & `enums` lists. These "top-level" types are generally considered "unattached" because they aren't explicitly referenced in the proto elements that are reachable through the proto `service` & `rpc` elements plus the types & enums that are referenced through them. Those types that ARE referenced that way are considered "attached" at the points where they are referenced. For example: ``` rpc MergeLibraries(MergeLibrariesRequest) returns (MergeLibrariesResponse) { option (google.api.http) = { post: "/{$api_version}/{name=libraries/*}" }; } message MergeLibrariesRequest { string name = 1; string other_library_name = 2; } message MergeLibrariesResponse { Library merged_library = 1; // Either `{$api_version}.MergedLibraryStatus` or `common.LibraryStatus` google.protobuf.Any merged_library_status = 2; } ``` The following types are explicitly referenced in proto via the `MergeLibraries` method: * MergeLibrariesRequest * MergeLibrariesResponse * Library * google.protobuf.Any The types `MergedLibraryStatus` and `LibraryStatus` are not directly referenced by that proto, so they would be considered "unattached". The `unattached_type_behaviors` field specifies a comma-separated set of flags to control how "unattached" types are handled. This is the current set of valid flags: * "EXTRACT_VERSION_FROM_PROTO_PACKAGE" - If the last component of the type's package looks like a version string, then attach the type to that version. If it doesn't look like a version, then the flags below will control the behavior. * "INCLUDE_IN_ALL_VERSIONS" - If the type is still unattached, then the type will be treated as global and added to every version's documentation (i.e. if there are multiple versions, then it will end up in the `Shared.Types` section). Cannot be specified with the EXCLUDE_FROM_ALL_VERSIONS flag below. * "EXCLUDE_FROM_ALL_VERSIONS" - If the type is still unattached, then the type will not be included in any version's documentation. Cannot be specified with the INCLUDE_IN_ALL_VERSIONS flag above. So, using the above example, suppose we have that method in both v1 & v2 of the API. Since the `MergedLibraryStatus` and `LibraryStatus` types aren't referenced directly through a method, they are "unattached" and should be listed in the top-level types section in YAML to get them included in documentation. ``` types: - name: google.example.library.v1.MergedLibraryStatus - name: google.example.library.v2.MergedLibraryStatus - name: google.example.library.common.LibraryStatus ``` We want each `MergedLibraryStatus` type to be documented with its corresponding version and the `LibraryStatus` type documented as being used by both versions. Since the versions can be determined from the proto packages, the recommended way to do this would be to use something like this: ``` documentation: unattached_type_behaviors: EXTRACT_VERSION_FROM_PROTO_PACKAGE, INCLUDE_IN_ALL_VERSIONS ``` If a new type is needed that doesn't follow that pattern, then it may be necessary to explicitly specify the version attachments. That could be the case if types are used from a different service or shared type whose versioning scheme doesn't match this API's versioning. For example, say that "v2" of this service uses "v1" of a new location service. In that case, you might want the above configuration as a default, but explicitly add this configuration to attach the location type. ``` types: - name: google.location.v1.LocationMetadata documentation: documentation_per_version: - version:v2 additional_type_names: - google.location.v1.LocationMetadata ``` |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DocumentationPerVersion | | description | Configuration that is specific to a particular API version's documentation. |
|---|
| id | DocumentationPerVersion |
|---|
| properties | | additionalTypeNames | | description | Additional message or enum types that will be added at the per-version level for this API version. This is primarily to include types in the API version that aren't explicitly referenced through that version's methods (e.g. via a `google.protobuf.Any` field). Any types mentioned here must be included in the top-level `types` or `enums` lists in the service config YAML. This *only* affects reference doc generation. NOTE: If a type is already attached somewhere under a different API version, the type will end up at the `Shared.Types` level (since it's now referenced through multiple API versions). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| version | | description | This is the API version that this configuration applies to. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DocumentationRule | | description | A documentation rule provides information about individual API elements. |
|---|
| id | DocumentationRule |
|---|
| properties | | deprecationDescription | | description | Deprecation description of the selected element(s). It can be provided if an element is marked as `deprecated`. |
|---|
| type | string |
|---|
|
|---|
| description | | description | Description of the selected proto element (e.g. a message, a method, a 'service' definition, or a field). Defaults to leading & trailing comments taken from the proto source definition of the proto element. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | The selector is a comma-separated list of patterns for any element such as a method, a field, an enum value. Each pattern is a qualified name of the element which may end in "*", indicating a wildcard. Wildcards are only allowed at the end and for a whole component of the qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A wildcard will match one or more components. To specify a default for all applicable elements, the whole pattern "*" is used. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| DotnetSettings | | description | Settings for Dotnet client libraries. |
|---|
| id | DotnetSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ESFGwsLogConfig | | description | Specifies the information about ESF GWS logging. |
|---|
| id | ESFGwsLogConfig |
|---|
| properties | | disableGrantedScope | | description | Disables logging granted_scope auth info in GWS log entry. If true, the user will lose granted_scope info but it allows user to reduce CPU usage without logging additional auth info of granted_scope in GWS log Entry. Please DO NOT USE without consulting ESF team or envelope-framework-users@" |
|---|
| type | boolean |
|---|
|
|---|
| enableLogErrorOnly | | description | Enables logging error entries only. |
|---|
| type | boolean |
|---|
|
|---|
| enableLogFrontlineTlsProtocolNegotiation | | description | Enables logging the frontline tls protocol negotiation mechanism. It can be one of "alpn", "npn", "quic" if any. https://g3doc.corp.google.com/gfe/g3doc/customers/advanced/frontline_info.md?cl=head |
|---|
| type | boolean |
|---|
|
|---|
| enableLogGrpcAutobahnStreamCloseLatency | | description | @Unimplemented Enables logging the latency of gRPC Autobahn stream close operation. To be specific, the latency is that gRPC Autobahn frontend proxy tries to half close the stream, until the time actual state changed to stream closed. |
|---|
| type | boolean |
|---|
|
|---|
| enableLogTaskInfo | | description | Enables logging the borg info of the current job if available. To be specific, with this configured, GWSLog would log its borg user and borg job information. |
|---|
| type | boolean |
|---|
|
|---|
| logType | | description | The Sawmill log_source:log_type used for the service. Please go/logs-launch to create a log type for the service and use it here. This field is only used for support purposes. In case of a production incident, oncall engineer and support staff can quickly locate the log for troubleshooting. If you have multiple logs, you need to use comma-separated list. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ETag | | description | ETag configuration, similar to Apiary's: http://sites/apiary/home/resources/api-config-file-reference#TOC-etag |
|---|
| id | ETag |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| ETagRule | | description | ETag configuration per method selection. |
|---|
| id | ETagRule |
|---|
| properties | | enabled | | description | Whether ETag handling is enabled. |
|---|
| type | boolean |
|---|
|
|---|
| etagFormat | | description | Format of ETag header value. |
|---|
| enum | - UNSPECIFIED
- CONFIG_AND_RESOURCE
- RESOURCE_ONLY
- QUOTED_RESOURCE_ONLY
- AUTO_RESOURCE_ONLY
|
|---|
| enumDescriptions | - This is treated as CONFIG_AND_RESOURCE, the default value.
- The ETag is computed automatically using a hash of the service configuration and a fingerprint of the resource. If service backends provide an ETag value it is encoded into the part of the ETag when sent in HTTP responses and decoded back from HTTP requests and sent to the service backends. The format of the ETag value will be: '"' + + '/' + + '"' This is the default.
- The ETag value is provided by the service backend. The value must be a web-safe string, or requests may fail. If no value is provided no ETag header is generated. The format of the ETag value will be:
- The ETag value is provided by the service backend. The value must be a web-safe string, or requests may fail. If no value is provided no ETag header is generated. The format of the ETag value will be: '"' + + '"'
- The ETag is computed automatically based only on the resource value. If service backends provide an ETag value it is encoded into the part of the ETag when sent in HTTP responses and decoded back from HTTP requests when sending to the service backends. The format of the ETag value will be: '"' + + '"'
|
|---|
| type | string |
|---|
|
|---|
| passStarToBackend | | description | If true, TEX will pass '*' ETags to the backend. Otherwise TEX will treat If-Match: * as always passing, and If-None-Match: * as always failing, which results in an immediately Precondition Failure. If enabled, '*' is passed to the backend with an empty 'fingerprint' array. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Method selector. |
|---|
| type | string |
|---|
|
|---|
| sourceField | | description | Use this field from the backend response as the ETag value. If left empty a hash of whole response will used instead. |
|---|
| type | string |
|---|
|
|---|
| suppressHeader | | description | Don't include an ETag header in the HTTP response. TEX normally includes the ETag header in every response, this flag allows the header to be suppressed while not disabling ETags completely. |
|---|
| type | boolean |
|---|
|
|---|
| useBodyResourceEtag | | description | If true, TEX will generate conditions from body ETags parsed by ETagMethod. These ETags will not override an If-Match or If-None-Match request header. Defaults to false. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Empty | | description | A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } |
|---|
| id | Empty |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| EnableConsentCheck | | description | Describes the consent checks required for cross product RPCs. |
|---|
| id | EnableConsentCheck |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| EndUserCredsRequirements | | description | End user credentials are part of the data protection program at Google. The goal is to reduce trust in code by having requests to access user data be accompanied by credentials which authorize the access. That reduces the amount of code we must trust completely since without the credentials an otherwise-unprivileged job cannot access data. Scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". See http://go/apiscopes for documentation on how to create a new API scope if you need one. Example of an API that wants to accept end user creds: name: calendar.googleapis.com authentication: gaia_service: cl rules: - selector: "*" end_user_creds: scope_codes: API_CL |
|---|
| id | EndUserCredsRequirements |
|---|
| properties | | scopeCodes | | description | The list of scope codes that are allowed access. An end user credential containing any of these scopes will be accepted. Example: scope_codes: API_CL, API_CL_READONLY |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Endpoint | | description | `Endpoint` describes a network address of a service that serves a set of APIs. It is commonly known as a service endpoint. A service may expose any number of service endpoints, and all service endpoints share the same service definition, such as quota limits and monitoring metrics. Example: type: google.api.Service name: library-example.googleapis.com endpoints: # Declares network address `https://library-example.googleapis.com` # for service `library-example.googleapis.com`. The `https` scheme # is implicit for all service endpoints. Other schemes may be # supported in the future. - name: library-example.googleapis.com allow_cors: false - name: content-staging-library-example.googleapis.com # Allows HTTP OPTIONS calls to be passed to the API frontend, for it # to decide whether the subsequent cross-origin request is allowed # to proceed. allow_cors: true |
|---|
| id | Endpoint |
|---|
| properties | | aliases | | description | Unimplemented. Dot not use. DEPRECATED: This field is no longer supported. Instead of using aliases, please specify multiple google.api.Endpoint for each of the intended aliases. Additional names that this endpoint will be hosted on. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| allowCors | | description | Allowing [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka cross-domain traffic, would allow the backends served from this endpoint to receive and respond to HTTP OPTIONS requests. The response will be used by the browser to determine whether the subsequent cross-origin request is allowed to proceed. |
|---|
| type | boolean |
|---|
|
|---|
| features | | description | Unimplemented. Do not use. The list of features enabled on this endpoint. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| launchStage | | description | The launch stage of the endpoint definition. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| name | | description | The canonical name of this endpoint. |
|---|
| type | string |
|---|
|
|---|
| target | | description | The specification of an Internet routable address of API frontend that will handle requests to this [API Endpoint](https://cloud.google.com/apis/design/glossary). It should be either a valid IPv4 address or a fully-qualified domain name. For example, "8.8.8.8" or "myservice.appspot.com". |
|---|
| type | string |
|---|
|
|---|
| urlMap | | description | The reference to the GFE URL mapping configuration. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EndpointPolicy | | description | The following four fields determines how the RpcSP compiler processes the policy configuration during compilation time for the given EndpointPolicy. The fields can only be used in policies in the Central Repo. See http://go/centralrepo-policy-check-and-rewrite-guide. |
|---|
| id | EndpointPolicy |
|---|
| properties | | actions | | description | Similar to rpc_methods, but allows for a free-form action name. This is mainly used for Apps Framework actions- see go/af-concepts/actions. The action name must match [*.a-zA-Z0-9_-]+ Wildcards are supported in this field, either global or at the end of the action following a period (i.e., "*" and "foo.bar.*" are okay, but not "foo.b*" or "foo.*.bar"). The more specific match takes precedence (e.g. "foo.bar.baz", then "foo.bar.*", then "foo.*", and finally "*"). TODO(b/216470052) Reenable restrictions once the usages have been removed. [(field_usage_restrictions) = { unsupported_frameworks: [ FRAMEWORK_SCAFFOLDING, FRAMEWORK_AF, FRAMEWORK_GOA ], note: "Not supported in Central Repo" }]; |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| authenticationConfig | | $ref | AuthenticationConfig |
|---|
| description | Optional. Settings for authentication that apply across all requests to this endpoint policy. |
|---|
|
|---|
| bindings | | description | Optional. Binds authorities to roles. An endpoint policy with no bindings acts as a deny-all policy. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| conditions | | description | Optional. Conditions that apply to all bindings. |
|---|
| items | | $ref | EndpointPolicyCondition |
|---|
|
|---|
| type | array |
|---|
|
|---|
| darklaunchConditions | | description | Optional. Fine-grained darklaunch conditions that apply to all bindings. Darklaunch conditions are evaluated for metrics collection only and do not prevent bindings from matching. Adding or removing darklaunch conditions will not change which requests the policy allows or denies. TODO(b/262394739) Add documentation of this field to go/rpcsp2-reference-guide when implementation is complete. |
|---|
| items | | $ref | EndpointPolicyDarklaunchCondition |
|---|
|
|---|
| type | array |
|---|
|
|---|
| dataGovernanceAnnotations | | $ref | PrivacyDataGovernanceAttributesAnnotations |
|---|
| description | Semantic attributes of the data accessed by the endpoints in this mapping. See go/dg-annotations for details. |
|---|
|
|---|
| disableChecks | | description | Checks that are disabled in the RpcSP compiler |
|---|
| items | | enum | - CHECK_UNSPECIFIED
- CHECK_DENY_EUC_PRESENTER_ADMIN
- CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- CHECK_NO_RPC_SERVICES_FIELD
- CHECK_LANGUAGE_SUPPORT
- CHECK_EXCLUDE_INSECURE_USERS_CONDITION
- CHECK_ADMIN_ACCESS_CONTROLS
- CHECK_CONFLICTING_GIN_LOGGING_BEHAVIORS
- CHECK_NO_HTTP_HANDLERS_FIELD
|
|---|
| enumDescriptions | - This check verifies that the EUC_PRESENTER_ADMIN role isn't used. See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_EUC_PRESENTER_ADMIN
- This check ensures that bindings are used in a way that the ordering of the bindings isn't significant. See go/rpcsp2-policy-checks-and-rewrites#CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- This check verifies that UNPRIVILEGED_USER does not grant access to a. narrow set of users. This role should only be granted to the following: all {}, all_normal_users{}, all_except_anonymous{}, prod_groups: "all", and "prod_groups: "all-person-users". See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- This check prohibits use of the experimental `rpc_services` field.
- This check verifies that a policy does not use unsupported language features. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that the `exclude_insecure_users` condition can only be used to restrict supported users. See go/rpcsp-levels#insecure-roles-list. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that `admin_access_control` is only set on bindings for admin roles. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that all *ADMIN roles for a single endpoint are using the same Gin logging failure behavior. Configuring two *ADMIN bindings where one binding is set to use fail closed Gin logging and the other is set to use fail open Gin logging is equivalent to configuring one binding that is using fail open Gin logging, and is therefore not allowed. This check will be removed once AAC enables fail closed Gin logging for all cases by default, see b/161436949.
- This check prohibits use of the experimental `http_handlers` field.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| disableRewrites | | description | Rewrites that are disabled in the RpcSP compiler |
|---|
| items | | enum | - REWRITE_UNSPECIFIED
- REWRITE_ALLOW_EUC_PRESENTER_SELF
- REWRITE_DENY_EUC_PRESENTER_NON_BCID3_ROLES
- REWRITE_DENY_EUC_PRESENTER_UNTRUSTED_PROXY_ROLES
- REWRITE_DENY_PRIVILEGED_ACCESS_FORGE
- REWRITE_DENY_PRIVILEGED_ACCESS_RPCSTUDIO
- REWRITE_ALLOW_EUC_PRESENTER_RPCSTUDIO
|
|---|
| enumDescriptions | - This rewrite allows calls from `self` (LOAS role of the process) to present EUCs. It covers typical in-process and loopback calls, as well as local ESF for One Platform APIs. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-self
- This rewrite denies calls in which a non-BCID3 role is presenting forwarded EUCs. Instead, those non-BCID3 roles, such as humans and untrusted roles, are expected to use LOAS-based credentials only. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-non-bcid3-roles
- This rewrite denies calls in which a untrusted proxy is presenting forwarded EUCs. The untrusted proxies include `untrusted-http-proxy` and `unauthenticated-esf-proxy` LOAS peer roles. These roles are "fake" LOAS peers, which indicate that the call was actually made over an unauthenticated channel. Per go/forwardable-creds, EUCs should only be presented over authenticated channels. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-untrusted-proxy-roles
- This rewrite denies system access for Forge test roles. If you want to send RPCs from Forge, use a TEST policy. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-forge
- This rewrite denies system access from the rpcStudio role (i.e., the `rpcstudio-client-initiated-rpc` role). The rpcStudio never makes requests on its own authority, so this rewrite will not interfere with any use of rpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-rpcstudio
- This rewrite allows the RpcStudio role to present EUCs. This rewrite is never enabled by default, and should only be manually enabled if you understand its effects, and intend to use RpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-rpcstudio
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| enableChecks | | description | Checks that are enabled in the RpcSP compiler |
|---|
| items | | enum | - CHECK_UNSPECIFIED
- CHECK_DENY_EUC_PRESENTER_ADMIN
- CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- CHECK_NO_RPC_SERVICES_FIELD
- CHECK_LANGUAGE_SUPPORT
- CHECK_EXCLUDE_INSECURE_USERS_CONDITION
- CHECK_ADMIN_ACCESS_CONTROLS
- CHECK_CONFLICTING_GIN_LOGGING_BEHAVIORS
- CHECK_NO_HTTP_HANDLERS_FIELD
|
|---|
| enumDescriptions | - This check verifies that the EUC_PRESENTER_ADMIN role isn't used. See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_EUC_PRESENTER_ADMIN
- This check ensures that bindings are used in a way that the ordering of the bindings isn't significant. See go/rpcsp2-policy-checks-and-rewrites#CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- This check verifies that UNPRIVILEGED_USER does not grant access to a. narrow set of users. This role should only be granted to the following: all {}, all_normal_users{}, all_except_anonymous{}, prod_groups: "all", and "prod_groups: "all-person-users". See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- This check prohibits use of the experimental `rpc_services` field.
- This check verifies that a policy does not use unsupported language features. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that the `exclude_insecure_users` condition can only be used to restrict supported users. See go/rpcsp-levels#insecure-roles-list. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that `admin_access_control` is only set on bindings for admin roles. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that all *ADMIN roles for a single endpoint are using the same Gin logging failure behavior. Configuring two *ADMIN bindings where one binding is set to use fail closed Gin logging and the other is set to use fail open Gin logging is equivalent to configuring one binding that is using fail open Gin logging, and is therefore not allowed. This check will be removed once AAC enables fail closed Gin logging for all cases by default, see b/161436949.
- This check prohibits use of the experimental `http_handlers` field.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| enableRewrites | | description | Rewrites that are enabled in the RpcSP compiler |
|---|
| items | | enum | - REWRITE_UNSPECIFIED
- REWRITE_ALLOW_EUC_PRESENTER_SELF
- REWRITE_DENY_EUC_PRESENTER_NON_BCID3_ROLES
- REWRITE_DENY_EUC_PRESENTER_UNTRUSTED_PROXY_ROLES
- REWRITE_DENY_PRIVILEGED_ACCESS_FORGE
- REWRITE_DENY_PRIVILEGED_ACCESS_RPCSTUDIO
- REWRITE_ALLOW_EUC_PRESENTER_RPCSTUDIO
|
|---|
| enumDescriptions | - This rewrite allows calls from `self` (LOAS role of the process) to present EUCs. It covers typical in-process and loopback calls, as well as local ESF for One Platform APIs. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-self
- This rewrite denies calls in which a non-BCID3 role is presenting forwarded EUCs. Instead, those non-BCID3 roles, such as humans and untrusted roles, are expected to use LOAS-based credentials only. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-non-bcid3-roles
- This rewrite denies calls in which a untrusted proxy is presenting forwarded EUCs. The untrusted proxies include `untrusted-http-proxy` and `unauthenticated-esf-proxy` LOAS peer roles. These roles are "fake" LOAS peers, which indicate that the call was actually made over an unauthenticated channel. Per go/forwardable-creds, EUCs should only be presented over authenticated channels. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-untrusted-proxy-roles
- This rewrite denies system access for Forge test roles. If you want to send RPCs from Forge, use a TEST policy. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-forge
- This rewrite denies system access from the rpcStudio role (i.e., the `rpcstudio-client-initiated-rpc` role). The rpcStudio never makes requests on its own authority, so this rewrite will not interfere with any use of rpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-rpcstudio
- This rewrite allows the RpcStudio role to present EUCs. This rewrite is never enabled by default, and should only be manually enabled if you understand its effects, and intend to use RpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-rpcstudio
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| httpHandlers | | description | Identifies the HTTP handlers subject to the endpoint policy. An HTTP handler identifies the code interface that processes HTTP requests and produces HTTP responses for a URL path served by a web frontend. http_handlers must only be used by frontends built on Server Frameworks (i.e. Apps Framework, Scaffolding and Goa). They serve the same purpose as http://cs/symbol:security.context.EndpointPolicy.actions, but apply only to HTTP endpoints. endpoint_policies must use this field instead of actions when identifying HTTP handlers. http_handlers must match [*.a-zA-Z0-9_-]+ and it must be populated with the Handler's metric action name as defined by each framework: * Apps Framework: The action name defined in go/af-http-actions#customizing-action-names. * Goa: The action name defined in go/goa-http-serving#action-naming. * Scaffolding: The action name used for mapping handlers in go/frameworks-metrics#action-map. Frameworks may support overriding the action name used (e.g. go/af-rpc-auth#action-name-override). Wildcards are supported in this field, either global or at the end of the http_handlers following a period (i.e., "*" and "com.google.myproject.*" are okay, but not "Hello*" or "com.google.*.myproject"). The more specific match takes precedence (e.g. "com.google.myproject.HelloWorld", then "com.google.myproject.*", and finally "*"). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| labels | | description | Not yet supported. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| methodQualifier | | $ref | MethodQualifier |
|---|
| description | Qualifiers that further restrict which requests the current EndpointPolicy applies to. Must only be used with `rpc_methods` (not `actions` or `labels`). |
|---|
|
|---|
| proxyServiceConfig | | $ref | ProxyServiceConfig |
|---|
| description | DO NOT USE YET. Settings for configuring proxy-like services that can skip authorization checks and auditing. |
|---|
|
|---|
| rpcMethods | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| EndpointPolicyCondition | | description | A condition that applies to all bindings in an EndpointPolicy. |
|---|
| id | EndpointPolicyCondition |
|---|
| properties | | crossProductSharing | | $ref | CrossProductSharingCondition |
|---|
| description | Restricts the cross-product sharing. |
|---|
|
|---|
| description | | description | Informational string which can be displayed in the policy and error messages. |
|---|
| type | string |
|---|
|
|---|
| peerSecurityRealm | | $ref | PeerSecurityRealmCondition |
|---|
| description | Restricts the security realm of the peer sending the RPC. |
|---|
|
|---|
| peerUser | | $ref | PeerUserCondition |
|---|
| description | Restricts the peer identities which can be used with the EndpointPolicy. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EndpointPolicyDarklaunchCondition | | description | A fine-grained darklaunch condition that applies to all bindings in an EndpointPolicy. |
|---|
| id | EndpointPolicyDarklaunchCondition |
|---|
| properties | | crossProductSharing | | $ref | CrossProductSharingCondition |
|---|
| description | Dry-runs cross-product-sharing. |
|---|
|
|---|
| description | | description | Informational string which can be displayed in log messages. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Enum | | description | Enum type definition. |
|---|
| id | Enum |
|---|
| properties | | enumvalue | | description | Enum value definitions. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | Enum type name. |
|---|
| type | string |
|---|
|
|---|
| options | | description | Protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sourceContext | | $ref | SourceContext |
|---|
| description | The source context. |
|---|
|
|---|
| syntax | | description | The source syntax. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnumDescriptorProto | | description | Describes an enum type. |
|---|
| id | EnumDescriptorProto |
|---|
| properties | | name | |
|---|
| options | |
|---|
| reservedName | | description | Reserved enum value names, which may not be reused. A given name may only be reserved once. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| reservedRange | | description | Range of reserved numeric values. Reserved numeric values may not be used by enum values in the same enum declaration. Reserved ranges may not overlap. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| value | | items | | $ref | EnumValueDescriptorProto |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnumOptions | | id | EnumOptions |
|---|
| properties | | allowAlias | | description | Set this option to true to allow mapping different tag names to the same value. |
|---|
| type | boolean |
|---|
|
|---|
| deprecated | | description | Is this enum deprecated? Depending on the target platform, this can emit Deprecated annotations for the enum, or it will be completely ignored; in the very least, this is a formalization for deprecating enums. |
|---|
| type | boolean |
|---|
|
|---|
| deprecatedLegacyJsonFieldConflicts | | description | Enable the legacy handling of JSON field name conflicts. This lowercases and strips underscored from the fields before comparison in proto3 only. The new behavior takes `json_name` into account and applies to proto2 as well. TODO(b/261750190) Remove this legacy behavior once downstream teams have had time to migrate. |
|---|
| type | boolean |
|---|
|
|---|
| proto1Name | | description | BEGIN GOOGLE-INTERNAL proto1 allowed descriptor names share names with enum type names, resulting in stuff like: parsed message Message { enum Foo { } required Foo Foo = 1; } This doesn't work in proto2, which is stricter, so to ease migration from proto1 to proto2 syntax, we let people specify in their enum options what proto1 name we should compile their old enum down to. |
|---|
| type | string |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnumReservedRange | | description | Range of reserved numeric values. Reserved values may not be used by entries in the same enum. Reserved ranges may not overlap. Note that this is distinct from DescriptorProto.ReservedRange in that it is inclusive such that it can appropriately represent the entire int32 domain. |
|---|
| id | EnumReservedRange |
|---|
| properties | | end | | description | Inclusive. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| start | | description | Inclusive. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnumValue | | description | Enum value definition. |
|---|
| id | EnumValue |
|---|
| properties | | name | | description | Enum value name. |
|---|
| type | string |
|---|
|
|---|
| number | | description | Enum value number. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| options | | description | Protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| EnumValueDescriptorProto | | description | Describes a value within an enum. |
|---|
| id | EnumValueDescriptorProto |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| EnumValueOptions | | id | EnumValueOptions |
|---|
| properties | | deprecated | | description | Is this enum value deprecated? Depending on the target platform, this can emit Deprecated annotations for the enum value, or it will be completely ignored; in the very least, this is a formalization for deprecating enum values. |
|---|
| type | boolean |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ErrorDefinition | | id | ErrorDefinition |
|---|
| properties | | domain | |
|---|
| errorMessage | |
|---|
| extendedHelp | |
|---|
| externalName | |
|---|
| httpErrorHeaders | | additionalProperties | |
|---|
| type | object |
|---|
|
|---|
| location | |
|---|
| predicate | |
|---|
| reason | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| ErrorDefinitions | | id | ErrorDefinitions |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| ErrorDomain | | id | ErrorDomain |
|---|
| properties | | errorDefinitions | | additionalProperties | |
|---|
| description | map of error name to error definitions |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ErrorFallbackConfig | | id | ErrorFallbackConfig |
|---|
| properties | | forwardingHttpserviceAddress | | description | The error fallback address of the HTTPService(shared Apiary or Podpiary). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ErrorFilter | | description | An enhanced configuration for error redirection config. The error redirection could be further specified based on: 1) detailed error reasons 2) Redirect percentage for gradual ramp down The error_filter config is a superset config for the existing error_code_pattern. Only one of them should be defined. Setting both will fail the service config validation. |
|---|
| id | ErrorFilter |
|---|
| properties | | errorCodePattern | | description | Each element must be 3 digits, can use ‘x’ to match trailing digit. E.g. "404", "40x", "4xx" and "xxx". |
|---|
| type | string |
|---|
|
|---|
| subcodes | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| ErrorPredicate | | id | ErrorPredicate |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| EsfConfig | | description | Options determining interactions between ESF and the service backend when CPE v2 is used. |
|---|
| id | EsfConfig |
|---|
| properties | | allowUntrustedRequests | | description | Trust requests claiming to be from ESF but coming from clients not in `trusted_esf_roles`, and record these requests in streamz /security/authentication/rpc_security_policy/untrusted_esf_request_count. This setting is insecure and should only be used temporarily during migration to CPE or in an emergency. TODO(b/209847557) deprecate and remove this field. |
|---|
| type | boolean |
|---|
|
|---|
| enablePeerDelegation | | description | An option to enable peer delegation for CPE v2 . When `enable_peer_delegation` is set to `true`, (1) `allow_untrusted_requests` must be `false`, and the roles in `trusted_esf_roles` will be allowed to do peer delegation which is enforced by RpcSP. For Stubby server, the flag `--rpc_proxy_allowlist=esf-role:*` must be set consistently with `trusted_esf_roles`. (2) ESF will use peer delegation in some cases (similar to `use_rpc_security_policy: DELEGATED` mode, see go/esf-delegated-authentication-mode). (3) Server frameworks will apply the same policy at the backend that is enforced in ESF (rather than the special "allow-self" policy), assuming ESF will apply delegation and all requests come through ESF. This option is for transition to the eventual state where peer delegation is enabled by default. DO NOT USE: Under development (b/193252946). |
|---|
| type | boolean |
|---|
|
|---|
| trustedEsfRoles | | description | In services using CPE v2, service backends receive a CPEContext (google3/security/context/proto/cloud/cpe_context.proto) inside ESF RequestContext of requests sent by the ESF. The information in CPEContext messages can be trusted if the request is sent by an ESF instance which is run by one of the Borg roles specified in this list of roles. The list can only contain MDB users and "self". No MDB group expansions will be performed. Examples (in text format following go/textformat-spec#fields): - a service which is only running an in-process ESF: { trusted_esf_roles: "self" } - a service which is only running a remote ESF and only the Borg role `foo-remote-esf` can run it: { trusted_esf_roles: "foo-remote-esf" } - a service which can either run an in-process or a remote ESF and there are two Borg roles who can run the remote ESF: [self, foo-remote-esf, bar-remote-ESF] { trusted_esf_roles: "self" trusted_esf_roles: "foo-remote-esf" trusted_esf_roles: "bar-remote-esf" } |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ExcludeInsecureUsersCondition | | description | A condition excluding insecure users from matching a binding. The binding will not match any authority listed in this conditions. Only values listed in go/rpcsp-levels#insecure-roles-list are valid to use in this condition. |
|---|
| id | ExcludeInsecureUsersCondition |
|---|
| properties | | prodUsers | | description | A list of prod users that cannot be matched by this binding. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Experimental | | description | Experimental service configuration. These configuration options can only be used by allowlisted users. |
|---|
| id | Experimental |
|---|
| properties | | advanced | | $ref | AdvancedServiceConfig |
|---|
| description | Advanced service configurations. |
|---|
|
|---|
| authorization | | $ref | AuthorizationConfig |
|---|
| description | Authorization configuration. |
|---|
|
|---|
| cargoContainerPrefixes | | description | List of service specific CARGO Container (go/cargo-proposal) prefixes separated by comma. The CARGO Container must have already been configured in Cloud Resource Manager (integration guide: https://g3doc.corp.google.com/company/teams/elysium/flexibleresources/integration.md?cl=head#flexible-resource-type-configuration). See go/flexible-resource-names, a CARGO Container is a resource in the form '{collection}/{uid}'. {collection} is the prefix of the CARGO Container. This field is introduced to allow service producer gradually and safely to opt-in for CARGO Container support. NOTE: 1) projects, folders, organizations, namespaces is not service specific CARGO Container prefix so no need to add them to this list. 2) '/' shall not be in the prefix. |
|---|
| type | string |
|---|
|
|---|
| codegen | | $ref | Codegen |
|---|
| description | Code generation configuration. |
|---|
|
|---|
| mediation | | $ref | MediationConfig |
|---|
| description | Mediation service configurations. |
|---|
|
|---|
| provisioning | | $ref | Provisioning |
|---|
| description | Provisioning configuration for creating instances of the service. |
|---|
|
|---|
| serviceControl | | $ref | ServiceControlConfig |
|---|
| description | Configuration for services that use Google Service Control API to integrate with backend systems. |
|---|
|
|---|
| serviceManagement | | $ref | ServiceManagementConfig |
|---|
| description | Configuration for services managed by Google Service Management API |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Expr | | description | Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. |
|---|
| id | Expr |
|---|
| properties | | description | | description | Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. |
|---|
| type | string |
|---|
|
|---|
| expression | | description | Textual representation of an expression in Common Expression Language syntax. |
|---|
| type | string |
|---|
|
|---|
| location | | description | Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. |
|---|
| type | string |
|---|
|
|---|
| title | | description | Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ExtendedQuotaRule | | description | DEPRECATED. Do not use. Advanced configuration for the QuotaWrapper. Example: experimental: advanced: quota_rules: - selector: google.library.v1.LibraryService.* quota_cache_lifetime_seconds: 10 |
|---|
| id | ExtendedQuotaRule |
|---|
| properties | | enableCache | | description | Whether to enable the acceptance cache optimization. |
|---|
| type | boolean |
|---|
|
|---|
| quotaCacheLifetimeSeconds | | description | Dictates the quota enforcement policy. For values greater than 0, the framework will try to improve the latency on the request thread, by sending quota requests through a batching client. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ExtensionRange | | id | ExtensionRange |
|---|
| properties | | end | | description | Exclusive. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| options | | $ref | ExtensionRangeOptions |
|---|
|
|---|
| start | | description | Inclusive. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ExtensionRangeOptions | | id | ExtensionRangeOptions |
|---|
| properties | | metadata | | $ref | Metadata |
|---|
| description | END GOOGLE-INTERNAL |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Field | | description | A single field of a message type. |
|---|
| id | Field |
|---|
| properties | | cardinality | | description | The field cardinality. |
|---|
| enum | - CARDINALITY_UNKNOWN
- CARDINALITY_OPTIONAL
- CARDINALITY_REQUIRED
- CARDINALITY_REPEATED
|
|---|
| enumDescriptions | - For fields with unknown cardinality.
- For optional fields.
- For required fields. Proto2 syntax only.
- For repeated fields.
|
|---|
| type | string |
|---|
|
|---|
| defaultValue | | description | The string value of the default value of this field. Proto2 syntax only. |
|---|
| type | string |
|---|
|
|---|
| jsonName | | description | The field JSON name. |
|---|
| type | string |
|---|
|
|---|
| kind | | description | The field type. |
|---|
| enum | - TYPE_UNKNOWN
- TYPE_DOUBLE
- TYPE_FLOAT
- TYPE_INT64
- TYPE_UINT64
- TYPE_INT32
- TYPE_FIXED64
- TYPE_FIXED32
- TYPE_BOOL
- TYPE_STRING
- TYPE_GROUP
- TYPE_MESSAGE
- TYPE_BYTES
- TYPE_UINT32
- TYPE_ENUM
- TYPE_SFIXED32
- TYPE_SFIXED64
- TYPE_SINT32
- TYPE_SINT64
|
|---|
| enumDescriptions | - Field type unknown.
- Field type double.
- Field type float.
- Field type int64.
- Field type uint64.
- Field type int32.
- Field type fixed64.
- Field type fixed32.
- Field type bool.
- Field type string.
- Field type group. Proto2 syntax only, and deprecated.
- Field type message.
- Field type bytes.
- Field type uint32.
- Field type enum.
- Field type sfixed32.
- Field type sfixed64.
- Field type sint32.
- Field type sint64.
|
|---|
| type | string |
|---|
|
|---|
| name | | description | The field name. |
|---|
| type | string |
|---|
|
|---|
| number | | description | The field number. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| oneofIndex | | description | The index of the field type in `Type.oneofs`, for message or enumeration types. The first type has index 1; zero means the type is not in the list. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| options | | description | The protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| packed | | description | Whether to use alternative packed wire representation. |
|---|
| type | boolean |
|---|
|
|---|
| typeUrl | | description | The field type URL, without the scheme, for message or enumeration types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FieldConstraintConfig | | description | Configure various settings that are used to better document fields in the API (e.g. in generated discovery docs, user reference docs and client libraries) and to be used by the TEX runtime (if used). Note that these can also be overridden in the parameter configuration for a specific field that's being used in a particular method. In the context of a method's request object, the parameter configuration will override any configuration that is attached to the field itself. |
|---|
| id | FieldConstraintConfig |
|---|
| properties | | defaultValue | | description | Specifies the default value for this field as implemented by the service. |
|---|
| type | string |
|---|
|
|---|
| description | | description | Provides the description for this field. This will override both comments in the proto and any `documentation.rules` specifications for the description. NOTE: THIS FIELD IS NOT SUPPORTED BY OP TOOLS UNTIL AFTER THIS COMMENT IS REMOVED! |
|---|
| type | string |
|---|
|
|---|
| isRequired | | description | This field is used to configure the field as required in the field constraint. This is only meaningful when the field is a parameter. |
|---|
| type | boolean |
|---|
|
|---|
| maxValue | | description | Specifies the expected minimum value for this field. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| minValue | | description | Specifies the expected minimum value for this field. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| pattern | | description | Specifies a regular expression pattern that this field (if it's a string) should match. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FieldDescriptorProto | | description | Describes a field within a message. |
|---|
| id | FieldDescriptorProto |
|---|
| properties | | defaultValue | | description | For numeric types, contains the original text representation of the value. For booleans, "true" or "false". For strings, contains the default text contents (not escaped in any way). For bytes, contains the C escaped value. All bytes >= 128 are escaped. |
|---|
| type | string |
|---|
|
|---|
| extendee | | description | For extensions, this is the name of the type being extended. It is resolved in the same manner as type_name. |
|---|
| type | string |
|---|
|
|---|
| jsonName | | description | JSON name of this field. The value is set by protocol compiler. If the user has set a "json_name" option on this field, that option's value will be used. Otherwise, it's deduced from the field's name by converting it to camelCase. |
|---|
| type | string |
|---|
|
|---|
| label | | enum | - LABEL_OPTIONAL
- LABEL_REQUIRED
- LABEL_REPEATED
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| name | |
|---|
| number | |
|---|
| oneofIndex | | description | If set, gives the index of a oneof in the containing type's oneof_decl list. This field is a member of that oneof. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| options | |
|---|
| proto3Optional | | description | If true, this is a proto3 "optional". When a proto3 field is optional, it tracks presence regardless of field type. When proto3_optional is true, this field must be belong to a oneof to signal to old proto3 clients that presence is tracked for this field. This oneof is known as a "synthetic" oneof, and this field must be its sole member (each proto3 optional field gets its own synthetic oneof). Synthetic oneofs exist in the descriptor only, and do not generate any API. Synthetic oneofs must be ordered after all "real" oneofs. For message fields, proto3_optional doesn't create any semantic change, since non-repeated message fields always track presence. However it still indicates the semantic detail of whether the user wrote "optional" or not. This can be useful for round-tripping the .proto file. For consistency we give message fields a synthetic oneof also, even though it is not required to track presence. This is especially important because the parser can't tell if a field is a message or an enum, so it must always create a synthetic oneof. Proto2 optional fields do not set this flag, because they already indicate optional with `LABEL_OPTIONAL`. |
|---|
| type | boolean |
|---|
|
|---|
| type | | description | If type_name is set, this need not be set. If both this and type_name are set, this must be one of TYPE_ENUM, TYPE_MESSAGE or TYPE_GROUP. |
|---|
| enum | - TYPE_DOUBLE
- TYPE_FLOAT
- TYPE_INT64
- TYPE_UINT64
- TYPE_INT32
- TYPE_FIXED64
- TYPE_FIXED32
- TYPE_BOOL
- TYPE_STRING
- TYPE_GROUP
- TYPE_MESSAGE
- TYPE_BYTES
- TYPE_UINT32
- TYPE_ENUM
- TYPE_SFIXED32
- TYPE_SFIXED64
- TYPE_SINT32
- TYPE_SINT64
|
|---|
| enumDescriptions | - 0 is reserved for errors. Order is weird for historical reasons.
- Not ZigZag encoded. Negative numbers take 10 bytes. Use TYPE_SINT64 if negative values are likely.
- Not ZigZag encoded. Negative numbers take 10 bytes. Use TYPE_SINT32 if negative values are likely.
- Tag-delimited aggregate. Group type is deprecated and not supported in proto3. However, Proto3 implementations should still be able to parse the group wire format and treat group fields as unknown fields.
- Length-delimited aggregate.
- New in version 2.
- Uses ZigZag encoding.
- Uses ZigZag encoding.
|
|---|
| type | string |
|---|
|
|---|
| typeName | | description | For message and enum types, this is the name of the type. If the name starts with a '.', it is fully-qualified. Otherwise, C++-like scoping rules are used to find the type (i.e. first the nested types within this message are searched, then within the parent, on up to the root namespace). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FieldOptions | | id | FieldOptions |
|---|
| properties | | ccOpenEnum | | description | Indicate that the enum is treated as open range in C++. This means that Out of range enum values behave like in proto3 (except that they can still have default values and they do not have the special proto3 sentinel enum values). END GOOGLE-INTERNAL |
|---|
| type | boolean |
|---|
|
|---|
| ctype | | description | The ctype option instructs the C++ code generator to use a different representation of the field than it normally would. See the specific options below. This option is not yet implemented in the open source release -- sorry, we'll try to include it in a future version! |
|---|
| enum | |
|---|
| enumDescriptions | - Default mode.
- BEGIN GOOGLE-INTERNAL The option [ctype=CORD] may be applied to a field of type "string" or "bytes". It indicates that in C++, the data should be stored in a Cord instead of a string. For very large strings, this may reduce memory fragmentation. It may also allow better performance when parsing from a Cord, or when parsing with aliasing enabled, as the parsed Cord may then alias the original buffer. END GOOGLE-INTERNAL
- BEGIN GOOGLE-INTERNAL The option [ctype=STRING_PIECE] may be applied to a field of type "string" or "bytes". It indicates that in C++, the data should be stored in a `StringPieceField` (i.e. string_view) instead of the usual string: http://google3/net/proto2/public/string_piece_field_support.h For a string field `foo`, in addition to `set_foo(absl::string_view)` (which copies to an internal buffer), there is also a zero-copy `set_alias_foo(absl::string_view)` which points at the unowned memory. The memory passed to set_alias_*() must outlive the proto. If you parse a protocol buffer with aliasing enabled, then the parser may be able to avoid copying `[ctype=STRING_PIECE]` field contents by pointing the `string_view` directly into the original buffer. To allow aliasing when parsing, use one of the `ParseFrom*WithAliasing()` methods of Message. END GOOGLE-INTERNAL
|
|---|
| type | string |
|---|
|
|---|
| debugRedact | | description | Indicate that the field value should not be printed out when using debug formats, e.g. when the field contains sensitive credentials. |
|---|
| type | boolean |
|---|
|
|---|
| deprecated | | description | Is this field deprecated? Depending on the target platform, this can emit Deprecated annotations for accessors, or it will be completely ignored; in the very least, this is a formalization for deprecating fields. |
|---|
| type | boolean |
|---|
|
|---|
| deprecatedRawMessage | | description | Indicate that the field is a RawMessage in the Proto1 API. In the Proto2 API, this option is ignored. This option is introduced to decouple the syntax migration and the RawMessage migration. New protos should never use this option. The option can only be specified in a bytes field with ctype=CORD. |
|---|
| type | boolean |
|---|
|
|---|
| enforceUtf8 | | description | ** DO NOT USE. THIS OPTION WILL BE REMOVED. ** If set to true, enforce strict UTF-8 checking for proto3 string fields (to match the specification of string fields that has existed since proto2). This is a temporary option added to allow us to flip the default proto3 behavior without breaking existing proto3 users. See go/lsc_proto3_utf8. |
|---|
| type | boolean |
|---|
|
|---|
| jstype | | description | The jstype option determines the JavaScript type used for values of the field. The option is permitted only for 64 bit integral and fixed types (int64, uint64, sint64, fixed64, sfixed64). A field with jstype JS_STRING is represented as JavaScript string, which avoids loss of precision that can happen when a large value is converted to a floating point JavaScript. Specifying JS_NUMBER for the jstype causes the generated JavaScript code to use the JavaScript "number" type. The behavior of the default option JS_NORMAL is implementation dependent. This option is an enum to permit additional types to be added, e.g. goog.math.Integer. |
|---|
| enum | - JS_NORMAL
- JS_STRING
- JS_NUMBER
|
|---|
| enumDescriptions | - Use the default type.
- Use JavaScript strings.
- Use JavaScript numbers.
|
|---|
| type | string |
|---|
|
|---|
| lazy | | description | Should this field be parsed lazily? Lazy applies only to message-type fields. It means that when the outer message is initially parsed, the inner message's contents will not be parsed but instead stored in encoded form. The inner message will actually be parsed when it is first accessed. This is only a hint. Implementations are free to choose whether to use eager or lazy parsing regardless of the value of this option. However, setting this option true suggests that the protocol author believes that using lazy parsing on this field is worth the additional bookkeeping overhead typically needed to implement it. This option does not affect the public interface of any generated code; all method signatures remain the same. Furthermore, thread-safety of the interface is not affected by this option; const methods remain safe to call from multiple threads concurrently, while non-const methods continue to require exclusive access. BEGIN GOOGLE-INTERNAL In C++, this option expands the interface with several additional methods: - encoded_fieldname(), which always returns an encoded Cord of the field. - has_encoded_fieldname(), which returns true when the internal cache of the encoded value is valid, or false when accessing the encoded value requires serialization of the field. - set_encoded_fieldname(), which accepts an encoded Cord of the field. Currently, in C++, lazy parsing is only supported in proto2 API for optional fields and oneof fields. Accessing fieldname() in C++ will force a deserialization if not done already. Hence, one can use fieldname().IsInitialized() to check if the lazy field is well formed with all required fields present, modulo any lazy subfields (see note below about IsInitialized() behavior of lazy subfields). END GOOGLE-INTERNAL Note that implementations may choose not to check required fields within a lazy sub-message. That is, calling IsInitialized() on the outer message may return true even if the inner message has missing required fields. This is necessary because otherwise the inner message would have to be parsed in order to perform the check, defeating the purpose of lazy parsing. An implementation which chooses not to check required fields must be consistent about it. That is, for any particular sub-message, the implementation must either *always* check its required fields, or *never* check its required fields, regardless of whether or not the message has been parsed. As of May 2022, lazy verifies the contents of the byte stream during parsing. An invalid byte stream will cause the overall parsing to fail. |
|---|
| type | boolean |
|---|
|
|---|
| packed | | description | The packed option can be enabled for repeated primitive fields to enable a more efficient representation on the wire. Rather than repeatedly writing the tag and type for each element, the entire array is encoded as a single length-delimited blob. In proto3, only explicit setting it to false will avoid using packed encoding. |
|---|
| type | boolean |
|---|
|
|---|
| retention | | enum | - RETENTION_UNKNOWN
- RETENTION_RUNTIME
- RETENTION_SOURCE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| target | | enum | - TARGET_TYPE_UNKNOWN
- TARGET_TYPE_FILE
- TARGET_TYPE_EXTENSION_RANGE
- TARGET_TYPE_MESSAGE
- TARGET_TYPE_FIELD
- TARGET_TYPE_ONEOF
- TARGET_TYPE_ENUM
- TARGET_TYPE_ENUM_ENTRY
- TARGET_TYPE_SERVICE
- TARGET_TYPE_METHOD
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| unverifiedLazy | | description | unverified_lazy does no correctness checks on the byte stream. This should only be used where lazy with verification is prohibitive for performance reasons. |
|---|
| type | boolean |
|---|
|
|---|
| upgradedOption | |
|---|
| weak | | description | BEGIN GOOGLE-INTERNAL Indicates that the message field is weak. The option is to allow gwslog.proto to use proto2 syntax. Other existing weak fields should be converted to either extensions, or normal messages. Global presubmit check enforces that no new weak dependencies are added to new/existing proto files. There are couple places in the code that ensure: 1) The option is not used in the a proto2 C++ API file. 2) The option needs to work with weak dependencies. See http://goto/weakfields for details. END GOOGLE-INTERNAL For Google-internal migration only. Do not use. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FieldPolicy | | description | Google API Policy Annotation This message defines a simple API policy annotation that can be used to annotate API request and response message fields with applicable policies. One field may have multiple applicable policies that must all be satisfied before a request can be processed. This policy annotation is used to generate the overall policy that will be used for automatic runtime policy enforcement and documentation generation. |
|---|
| id | FieldPolicy |
|---|
| properties | | auditing | | description | Specifies the auditing directives applicable to the field. These directives are only applicable if MethodPolicy.auditing indicates that the corresponding request or response should be logged. For example, "AUDIT" means the field value should be recorded in the audit logging. List of audit directives (comma separated) to apply to this field. Currently following values are supported: |
|---|
| type | string |
|---|
|
|---|
| childResourceNameExtractor | | description | Specifies the pattern that extracts the resource name of the child of the resource referred to by this field. The pattern can refer to one or more fields in the request message by field paths enclosed by {}. If specified, `child_resource_type` must also be specified. For Create methods that allow a client to specify the ID component of resource names, the pattern describes the new resource name constructed from field values in the request message. Example: In the below [CreateBook method](https://aip.dev/133#user-specified-ids), the `child_resource_name_extractor` is "{parent}/books/{book_id}" and `child_resource_type` is "library-example.googleapis.com/Book". message CreateBookRequest { // The parent resource where this book will be created. // Format: publishers/{publisher} string parent = 1 [ (google.api.field_policy) = { child_resource_name_extractor = "{parent}/books/{book_id}", child_resource_type = "library-example.googleapis.com/Book" }]; // The book to create. Book book = 2; // The ID to use for the book, which will become the final component of // the book's resource name. // // This value should be 4-63 characters, and valid characters // are /a-z-/. string book_id = 3; } For Create methods that use server-assigned resource names, do not set this field. |
|---|
| type | string |
|---|
|
|---|
| childResourceType | | description | Specifies the resource type of the child of the resource referred to by this field. This value should be set for methods that create the child resource. Do not specify this field for methods that list child resources. If specified, resource_permission should be a parents-only permission. |
|---|
| type | string |
|---|
|
|---|
| cmekKeySelector | | description | Field path to the request message field that contains the CMEK (Customer Managed Encryption Key) name. See http://google3/google/protobuf/field_mask.proto for field path syntax. This selector must only be set as part of an enclosing `method_policy` to enable CMEK Org Policy enforcement, as shown below: option (google.api.method_policy) = { request_policies { // Field path to the request proto field holding the // resource container (go/resource-container-guide) selector: "project" // Formats the resource type as per go/unified-resource-type resource_type: "RESOURCE" // Request proto field containing user-supplied CMEK key name cmek_key_selector: "resource.instance_encryption_key.kms_key_name" } }; This will be expanded to the set of canned Org Policy constraints (at apiserving/policy/orgpolicies/cmek.textproto) that make up the CMEK Org Policy spec. |
|---|
| type | string |
|---|
|
|---|
| customOrgPolicyAccessibility | | description | UNIMPLEMENTED (b/254659370). DO NOT USE. FieldPolicy.CustomOrgPolicyAccessibility allows producers to annotate the eligibility of a resource attribute for use in custom constraints. For example: // A hypothetical VM resource proto message VirtualMachine { // Not allowed to be referenced in CuOPs string description = 1; // Allowed to be referenced in CuOPs int num_cores = 2 [ (google.api.field_policy).custom_org_policy_accessibility = PUBLIC ]; } |
|---|
| enum | - CUSTOM_ORG_POLICY_ACCESSIBILITY_UNSPECIFIED
- PUBLIC
- GOOGLE_INTERNAL
|
|---|
| enumDescriptions | - proto3 default enum value. This should never be used to explicitly set the accessibility of a resource attribute. Default/unset value is interpreted as private, i.e. the associated attributed cannot be used in custom constraints.
- Marks a resource attribute as available to everyone, including external customers for use in their Custom Org Policy constraints.
- Marks a resource attribute as available only for a selected set of users (e.g. Googlers), for use in their Custom Org Policy constraints. It is the Custom Org Policy management plane (and may be the data plane) that enforces the distinction between PUBLIC and INTERNAL, not CPE. Once a field is marked, it cannot be changed in between PUBLIC and GOOGLE_INTERNAL because the lifecycle of a CuOP-relevant attribute should be dealt with at a separate place and not in the documentation, since it is a higher level concept. That said, the implicit assumption is that once something is made PUBLIC it cannot be made INTERNAL as it could break customers.
|
|---|
| type | string |
|---|
|
|---|
| isServiceConsumer | | description | This boolean flag controls a packaged set of API policies. It means to apply all standard Google API policies, such as activation, visibility, and quota checks, to resource owners instead of client owners, see go/resource-projects. The flag name was chosen based on go/api-glossary definition. If this flag is set to true, the above `selector` must point to a request message field that refers to GCP resource, and the platform must be able to resolve the resource owner. If a request message refers to multiple resources, at most one of them can have this flag set to true. |
|---|
| type | boolean |
|---|
|
|---|
| locationSelector | | description | The presence of a nonempty value of this field will trigger checks of the annotated field against location policy. To enable the checks against location policy for the cases where resource URLs already contain locations (in the form of ".../locations//..."), set the value of this field to the path of the field being annotated. Only fields of string type can be annotated with this attribute. To enable the location policy checks against a location in a different field, specify path of that field in the selector. In such case, the resource field can be of repeated type while the location field that its location selector points to must be of nonrepeated string type, and must contain a valid zone, region or multiregion. For example, if the protobuf definition looks like: message CopyRequest { string source_object = 1 [(google.api.field_policy).resource_type = "RESOURCE"]; string destination_object_a = 2 [ (google.api.field_policy) = { resource_type: "RESOURCE" location_selector: "destination_object_a" } ]; string destination_object_b = 3 [ (google.api.field_policy) = { resource_type: "RESOURCE" location_selector: "destination_location" } ]; string destination_location = 4; } and the actual data is: { source_object: "projects/p-12/i486" destination_object_a: "projects/p-a12/locations/asia-south1/1i486" destination_object_b: "projects/p-b12/locations/asia-south1/2i486" destination_location: "us-central1-a" } then location policy will be enforced for the resource container in `destination_object_a` against location `asia-south1` region (it will be extracted from the resource URL) and the resource container in `destination_object_b` against `us-central-a` zone (that zone will be extracted from another field which is selected by `location_selector` value). No location policy will be enforced against `source_object` field. |
|---|
| type | string |
|---|
|
|---|
| metadataPolicies | | description | Specifies the metadata policies associated with the resource referred to by the field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResourceLabelExtractor | | description | The monitored resource label extractor pattern for this field. |
|---|
| type | string |
|---|
|
|---|
| monitoredResourceType | | description | The monitored resource type for this field. |
|---|
| type | string |
|---|
|
|---|
| orgPolicies | | description | Specifies the OrgPolicy constraint for the resource referred to by the field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| resourceAccessType | | description | Specifies the singular resource access type applicable to the field. Resource access type is used for audit logging and is only applicable to methods that are audited. Every request proto belonging to an audited method must have at least one field with this directive. Only usable on fields that also have the resource_permission annotation. A resource permission cannot map to multiple resource_access_type's. This annotation will determine the type of audit log written, Data Access or Admin Activity. These log types are described in detail at https://cloud.google.com/logging/docs/audit. Currently the following values are supported: - **META_DATA_READ**: Indicates a metadata read. - **META_DATA_WRITE**: Indicates a metadata write, this is the only Admin Activity audit log. - **DATA_READ**: Indicates a data read. - **DATA_WRITE**: Indicates a data write. |
|---|
| type | string |
|---|
|
|---|
| resourceLocationSelector | | description | Specifies where to extract the API consumer location from, for methods using Resource Project Override. This can be applied to any method that sets is_service_consumer to true and it does not alter the behavior of location policy. When specifying a resource field, it must be in the form of ".../locations//...". A field different than the resource can be used by specifying the path of that field in the selector. In such case, the location field that this selector points to must be of nonrepeated string type, and must contain a valid zone, region or multiregion. |
|---|
| type | string |
|---|
|
|---|
| resourcePermission | | description | Specifies the required permission(s) for the resource referred to by the field. It requires the field contains a valid resource reference, and the request must pass the permission checks to proceed. For example, "resourcemanager.projects.get". |
|---|
| type | string |
|---|
|
|---|
| resourceType | | description | Specifies the resource type for the resource referred to by the field. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects one or more request or response message fields to apply this `FieldPolicy`. When a `FieldPolicy` is used in proto annotation, the selector must be left as empty. The service config generator will automatically fill the correct value. When a `FieldPolicy` is used in service config, the selector must be a comma-separated string with valid request or response field paths, such as "foo.bar" or "foo.bar,foo.baz". |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FieldReplacementRule | | description | A rule that indicates that for discovery purposes the fields indicated by the selector should have their types both replaced by the indicated schema. |
|---|
| id | FieldReplacementRule |
|---|
| properties | | inlineSchema | | description | Replaces the field with corresponding `schema` defined in the `migration.schemas` configuration regardless of the original field type, corresponding schema will not show in discovery doc `discovery.schemas` section. |
|---|
| type | boolean |
|---|
|
|---|
| schema | | description | The message (either proto message or a schema in the `migration.schemas` configuration) to use as the fields type in discovery. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the field to which this rule applies. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FileDescriptorProto | | description | Describes a complete .proto file. |
|---|
| id | FileDescriptorProto |
|---|
| properties | | dependency | | description | Names of files imported by this file. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| edition | | description | The edition of the proto file, which is an opaque string. |
|---|
| type | string |
|---|
|
|---|
| enumType | |
|---|
| extension | |
|---|
| messageType | | description | All top-level definitions in this file. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | file name, relative to root of source tree |
|---|
| type | string |
|---|
|
|---|
| options | |
|---|
| package | | description | e.g. "foo", "foo.bar", etc. |
|---|
| type | string |
|---|
|
|---|
| publicDependency | | description | Indexes of the public imported files in the dependency list above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| service | | items | | $ref | ServiceDescriptorProto |
|---|
|
|---|
| type | array |
|---|
|
|---|
| sourceCodeInfo | | $ref | SourceCodeInfo |
|---|
| description | This field contains optional information about the original source code. You may safely remove this entire field without harming runtime functionality of the descriptors -- the information is needed only by development tools. |
|---|
|
|---|
| syntax | | description | The syntax of the proto file. The supported values are "proto2", "proto3", and "editions". If `edition` is present, this value must be "editions". |
|---|
| type | string |
|---|
|
|---|
| weakDependency | | description | Indexes of the weak imported files in the dependency list. For Google-internal migration only. Do not use. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FileDescriptorSet | | description | The protocol compiler can output a FileDescriptorSet containing the .proto files it parses. |
|---|
| id | FileDescriptorSet |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| FileOptions | | id | FileOptions |
|---|
| properties | | ccApiVersion | | description | BEGIN GOOGLE-INTERNAL Specifies what version of the C++ API generated C++ code should use. By setting this, you can generate proto1-compatible C++ source code from proto2 .proto files. However, new language features available in proto2 will be hidden in proto1. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| ccEnableArenas | | description | Enables the use of arenas for the proto messages in this file. This applies only to generated classes for C++. |
|---|
| type | boolean |
|---|
|
|---|
| ccEnableMethodHandles | | description | If true and if the file contains services, a `rpc::MethodHandle` will be generated for each method, accessible as `$MyService::MethodHandles::k$MyMethod`. END GOOGLE-INTERNAL |
|---|
| type | boolean |
|---|
|
|---|
| ccGenericServices | | description | Should generic services be generated in each language? "Generic" services are not specific to any particular RPC system. They are generated by the main code generators in each language (without additional plugins). Generic services were the only kind of service generation supported by early versions of proto2. Generic services are now considered deprecated in favor of using plugins that generate code specific to your particular RPC system. Therefore, these default to false. Old code which depends on generic services should explicitly set them to true. BEGIN GOOGLE-INTERNAL Within google3, if you do not request generic services, you will get Stubby-specific services instead. See: http://go/proto2-stubby END GOOGLE-INTERNAL |
|---|
| type | boolean |
|---|
|
|---|
| ccUtf8Verification | | description | Whether to verify UTF-8 in debug mode. This is necessary to migrate some proto1 messages. |
|---|
| type | boolean |
|---|
|
|---|
| csharpNamespace | | description | Namespace for generated classes; defaults to the package. BEGIN GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| deprecated | | description | Is this file deprecated? Depending on the target platform, this can emit Deprecated annotations for everything in the file, or it will be completely ignored; in the very least, this is a formalization for deprecating files. |
|---|
| type | boolean |
|---|
|
|---|
| goApiFlag | | description | BEGIN GOOGLE-INTERNAL Use this option to affect how Go code is generated. For a list of allowed values and detailed explanation, see go/go-api-flag. The go_api_flag will likely be implemented as a Protobuf Editions Feature (go/protobuf-editions) and open sourced in the future. END GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| goPackage | | description | Sets the Go package where structs generated from this .proto will be placed. If omitted, the Go package will be derived from the following: - The basename of the package import path, if provided. - Otherwise, the package statement in the .proto file, if present. - Otherwise, the basename of the .proto file, without extension. BEGIN GOOGLE-INTERNAL Inside Google, if go_package is omitted, the proto_library BUILD rule name is used. END GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| javaAltApiPackage | | description | A single .proto file may actually be compiled using both java_api_versions: http://b/2410712 When compiling with the API version that does *not* match the java_api_version declared in the BUILD file and .proto file, java_alt_api_package replaces java_package, so that the two versions of the generated classes will not conflict. If java_alt_api_package is not given, it defaults to java_package + ".proto1api" (when the usual API version is 2) or java_package + ".proto2api" (when the usual API version is 1). Be careful when setting this option on existing protos, as someone may already be using them with the alternate API. Use gsearch to check. |
|---|
| type | string |
|---|
|
|---|
| javaApiVersion | | description | Like cc_api_version, but for Java. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| javaEnableDualGenerateMutableApi | | description | DO NOT USE. DO NOT USE. DO NOT USE. DO NOT USE. This option doesn't work before Proto1 and Proto2 Java bridge is implemented. The option controls the behavior of mixed Proto1 Java API and Proto2 Java Mutable API dependencies. If the option is true, the messages can be dual generated into both the Proto1 API and the Proto2 Mutable API. The proto compiler will choose the consistent API version when the message is used by messages in the other API. If the option is false, the messages will be only generated in one API, based on the java_api_version. The proto compiler will generate bridge code to make this mixed version dependency work. Note that this does not affect Proto2 Immutable APIs. END GOOGLE-INTERNAL |
|---|
| type | boolean |
|---|
|
|---|
| javaGenericServices | |
|---|
| javaJava5Enums | | description | DEPRECATED. DO NOT USE! Setting this option has no effects on any Java Proto API versions and will be deleted soon. See go/lsc-refactoringprotoconst. |
|---|
| type | boolean |
|---|
|
|---|
| javaMultipleFiles | | description | If enabled, then the Java code generator will generate a separate .java file for each top-level message, enum, and service defined in the .proto file. Thus, these types will *not* be nested inside the wrapper class named by java_outer_classname. However, the wrapper class will still be generated to contain the file's getDescriptor() method as well as any top-level extensions defined in the file. |
|---|
| type | boolean |
|---|
|
|---|
| javaMultipleFilesMutablePackage | | description | By default Java mutable API message classes for a .proto file will be generated under an outer class in a single .java file. To override this behavior you need to set java_multiple_files to true and also set this option. Then a different .java file will generated for each message under the java package specified by this option. END GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| javaMutableApi | | description | BEGIN GOOGLE-INTERNAL Specifies whether this proto supports proto2 Java mutable API. |
|---|
| type | boolean |
|---|
|
|---|
| javaOuterClassname | | description | Controls the name of the wrapper Java class generated for the .proto file. That class will always contain the .proto file's getDescriptor() method as well as any top-level extensions defined in the .proto file. If java_multiple_files is disabled, then all the other classes from the .proto file will be nested inside the single wrapper outer class. |
|---|
| type | string |
|---|
|
|---|
| javaPackage | | description | Sets the Java package where classes generated from this .proto will be placed. By default, the proto package is used, but this is often inappropriate because proto packages do not normally start with backwards domain names. BEGIN GOOGLE-INTERNAL Actually, inside google, com.google.protos.[proto package] is used, so it's fine to omit this. END GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| javaStringCheckUtf8 | | description | If set true, then the Java2 code generator will generate code that throws an exception whenever an attempt is made to assign a non-UTF-8 byte sequence to a string field. Message reflection will do the same. However, an extension field still accepts non-UTF-8 byte sequences. This option has no effect on when used with the lite runtime. |
|---|
| type | boolean |
|---|
|
|---|
| javaUseJavaproto2 | | description | DEPRECATED. DO NOT USE! Setting this option has no effects on any Java Proto API versions and will be deleted soon. See go/remove_java_use_javaproto2. |
|---|
| type | boolean |
|---|
|
|---|
| javascriptPackage | | description | BEGIN GOOGLE-INTERNAL Sets the JavaScript package where structs generated from this .proto will be placed. There is no default. END GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| jspbUseCorrectProto2Semantics | | description | For a long time JSPB did not provide proper presence semantics for proto2 fields. There are several legacy quirks: - unset fields would return null unless there was an explicit default - required fields would declare a non-null return type, even though they could return null. - you could call setFoo(undefined) to clear a field instead of clearFoo() - you could call setFoo(null) to clear a field, but only if it had an explicit default. |
|---|
| type | boolean |
|---|
|
|---|
| objcClassPrefix | | description | Sets the objective c class prefix which is prepended to all objective c generated classes from this .proto. There is no default. |
|---|
| type | string |
|---|
|
|---|
| optimizeFor | | enum | - SPEED
- CODE_SIZE
- LITE_RUNTIME
|
|---|
| enumDescriptions | - Generate complete code for parsing, serialization,
- etc. Use ReflectionOps to implement these methods.
- Generate code using MessageLite and the lite runtime.
|
|---|
| type | string |
|---|
|
|---|
| phpClassPrefix | | description | Sets the php class prefix which is prepended to all php generated classes from this .proto. Default is empty. |
|---|
| type | string |
|---|
|
|---|
| phpGenericServices | |
|---|
| phpMetadataNamespace | | description | Use this option to change the namespace of php generated metadata classes. Default is empty. When this option is empty, the proto file name will be used for determining the namespace. |
|---|
| type | string |
|---|
|
|---|
| phpNamespace | | description | Use this option to change the namespace of php generated classes. Default is empty. When this option is empty, the package name will be used for determining the namespace. |
|---|
| type | string |
|---|
|
|---|
| pyGenericServices | |
|---|
| rubyPackage | | description | Use this option to change the package of ruby generated classes. Default is empty. When this option is not set, the package name will be used for determining the ruby package. |
|---|
| type | string |
|---|
|
|---|
| swiftPrefix | | description | By default Swift generators will take the proto package and CamelCase it replacing '.' with underscore and use that to prefix the types/symbols defined. When this options is provided, they will use this value instead to prefix the types/symbols defined. |
|---|
| type | string |
|---|
|
|---|
| szlApiVersion | | description | BEGIN GOOGLE-INTERNAL Specifies what version of the API generated Sawzall code should use. Set szl_api_version = 2 to use the Proto2 Sawzall API which fully supports Proto2 language features. END GOOGLE-INTERNAL |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See the documentation for the "Options" section above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| useJavaStubbyLibrary | | description | BEGIN GOOGLE-INTERNAL If true, then java_proto_library rules will not generate rpc code. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| FilterRule | | description | A FilterRule indicates which filter to skip for which method. |
|---|
| id | FilterRule |
|---|
| properties | | selector | | description | Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| skipFilters | | description | By default, API proxy applies all supported filters. This field specifies the set of filters that should be skipped. |
|---|
| items | | enum | - UNKNOWN_FIELD_FILTER
- UNKNOWN_JSON_FILTER
- VISIBILITY_FILTER
- STUBBY_VISIBILITY_FILTER
|
|---|
| enumDescriptions | - Specifies to filter out unknown fields in protobuf payload for HTTP/Protobuf and external gRPC clients. Skipping this filter results in the unknown fields being left intact in the request and response.
- Specifies to reject HTTP/JSON request payloads that contain unknown fields. Skipping this filter will result in the request payloads being accepted, with the unknown fields dropped.
- Specifies to filter request/response by visibility enforcement, which is specified using google/api/visibility.proto.
- Specifies to filter Stubby request/response by visibility enforcement, which is specified using google/api/visibility.proto.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Filtering | | description | `Filtering` defines ESF filters to be skipped for a particular methods in the service. This is basically used because ESF implements wide range of advanced features like API visibility, API Versioning, API auditing and dropping unknown fields. These features can be computation intensive and thus API's who don't want these features can skip them by using this config. It is done by specifying skip_filters for the methods who don't want these features. If skip_filters is empty, ESF will compute the filtering rules for each request and response message based on all supported features, including API visibility, API version selector, and drop unknown fields. If skip_filters is not empty, ESF will skip the specified skip_filters and apply the remaining filters. The backend is responsible to implement the skipped request filters manually, leveraging support methods provided by proto library. An empty skip_filters will suffice for most APIs. But for performance reasons one might want to implement the filtering in backend. Example: Filtering: rules: - selector: google.calendar.Calendar.Update skip_filters: - UNKNOWN_FIELD_FILTER Here, all methods will go through UNKNOWN_FIELD_FILTER except google.calendar.Calendar.Update. Also, google.calendar.Calendar.Update will go through all filters except UNKNOWN_FIELD_FILTER. |
|---|
| id | Filtering |
|---|
| properties | | rules | | description | A list of api filter rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GfeRedirectConfig | | description | Configuration to instruct ESF to automatically do GFE internal redirect (go/gfe-internal-redirects) to Apiary when an error is encountered. Generally used during Apiary --> OP migration to redirect to existing Apiary API for second-chance processing if ESF is unable to process a request. To use this feature, first enable internal redirects in your service's GFE config as described in go/gfe-internal-redirects. In particular, set max_body_buffer_size_in_kb to allow redirection of requests with bodies (e.g. POST). The value of max_body_buffer_size_in_kb should be enough for all your requests (GFE has a limit for this field value; if you get extremely large requests, you may no be able to use this feature). You should dremel your Apiary gws logs to find max value of Content-Length header to determine this value. The configuration is per method, and allow the redirect happen if error occurs at request flow or response flow. For details, see go/esf-apiary-error-redirect. |
|---|
| id | GfeRedirectConfig |
|---|
| properties | | enableInnerBatchErrorFallback | | description | When sets to true, the inner batch requests passing the error redirection check will be forwarded to provided address directly within ESF, if the request matches the eligibility check for error redirection based on the service config of the inner batch request's method config. |
|---|
| type | boolean |
|---|
|
|---|
| enableProjectOverrides | | description | Enable project level override for error_filters config. The producers also needs to define the project property _APIARY_MIGRATION_ERROR_REDIRECT_OVERRIDE to specify textproto encoding of the migration config with GfeRedirectConfig definition. All config must be normalized(i.e. methods must be explicitly specified). A wildcard selector '*' could be used as a single selector(not mixed with other explicit selectors) in the entire property for emergency redirection handling. Please be aware that the project override will only be useful for errors that occur after ESF calls Chemist. For errors before ESF calls Chemist, the project override is a no-op. This excludes most auth/chemist errors but includes request translation errors. One special case is for APIs enabled CPE or enabled resource extraction, the request translator errors are not covered because it is happening before ESF call Chemist. |
|---|
| type | boolean |
|---|
|
|---|
| enabledOnRequestFlow | | description | Enable redirect on error before hitting backend. |
|---|
| type | boolean |
|---|
|
|---|
| enabledOnResponseFlow | | description | Enable redirect on error after hitting backend. |
|---|
| type | boolean |
|---|
|
|---|
| errorCodePattern | | description | Each element must be 3 digits, can use ‘x’ to match trailing digit. E.g. "404", "40x", "4xx" and "xxx". |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| errorFilters | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| GfeTarget | | description | Definition of a GFE's backend target, a.k.a. application frontend (AFE). It defines the GSLB target and the corresponding configuration controlling GFE <-> backend (AFE) commutation, like healthz_string. |
|---|
| id | GfeTarget |
|---|
| properties | | backendOptions | | $ref | BackendOptions |
|---|
| description | Configuration of GFE <-> backend (AFE) communication. |
|---|
|
|---|
| target | | description | GSLB target of the backend, e.g. main:foo. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| GoSettings | | description | Settings for Go client libraries. |
|---|
| id | GoSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Http | | description | Defines the HTTP configuration for an API service. It contains a list of HttpRule, each specifying the mapping of an RPC method to one or more HTTP REST API methods. |
|---|
| id | Http |
|---|
| properties | | fullyDecodeReservedExpansion | | description | When set to true, URL path parameters will be fully URI-decoded except in cases of single segment matches in reserved expansion, where "%2F" will be left encoded. The default behavior is to not decode RFC 6570 reserved characters in multi segment matches. |
|---|
| type | boolean |
|---|
|
|---|
| rules | | description | A list of HTTP configuration rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpExtractionRules | | description | Configuration of the administrative access over HTTP. Describes how metadata required for enforcing administrative access controls should be extracted from HTTP requests. |
|---|
| id | HttpExtractionRules |
|---|
| properties | | reasons | | description | The list of possible reason values to be extracted from HTTP request. Each selector indicates a header name that maps to a justification value in an HTTP request. The values will be parsed by AAC via the ExtractJustifications method: [cs/google3/security/data_access/justification/accessreason/common/extract_justifications.h] |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| resource | | description | The list of possible access targets to be extracted from HTTP request |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpFieldSelector | | description | Selector configuration for HTTP request. Describes what part of HTTP request to extract values from. Example: extracting value from HTTP header 'foo' selector { header: "foo" } Example: extracting value from HTTP parameter with the name 'bar' selector { param: "bar" } |
|---|
| id | HttpFieldSelector |
|---|
| properties | | header | | description | HTTP request header name. Case-insensitive. |
|---|
| type | string |
|---|
|
|---|
| param | | description | HTTP param name from query string or URL-encoded POST body. Case-sensitive. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpFrontendOptions | | description | Configurations of client <-> GFE communication for HTTP-based services. |
|---|
| id | HttpFrontendOptions |
|---|
| properties | | allowInternalRedirects | | description | If set to true, this service can issue internal redirests to other services on the same GFE. See go/gfe-internal-redirects. |
|---|
| type | boolean |
|---|
|
|---|
| blockInEmbargoedCountries | | description | If set to true, this service will be blocked in go/embargoed-countries. |
|---|
| type | boolean |
|---|
|
|---|
| cacheHitLogFallthroughDenom | | description | One in every cache_hit_log_fallthrough_denom cache hits will be proxied over to the backend for logging. Default (0) means none. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| dosService | | description | The name of DoS service. GFE provides DoS defense by reporting each request to the DoS stack and acting (potentially blocking) based on the instructions received from the DoS stack. A unit of reporting and decision making is a DoS service name. You don't have to define one explicitly, DoS stack will provide default protection for each reported service. If this field is not specified, the underlying GSLB target name will be used (per URL mapping to backend). |
|---|
| type | string |
|---|
|
|---|
| grpcMode | | description | Configration of how GFE handles GRPC. |
|---|
| enum | - GRPC_DEFAULT
- GRPC_DISABLED
- GRPC_ENABLED_SIMPLE
- GRPC_ENABLED_WITH_BACKEND_GRPC
|
|---|
| enumDescriptions | - Defaults to DISABLED.
- GFE doesn't allow GRPC connections.
- GFE allows GRPC connections and proxies them over to the backend using its default backend protocol. See go/grpc-autobahn.
- GFE allows GRPC connections and it proxies them over to the backend using GRPC.
|
|---|
| type | string |
|---|
|
|---|
| qosClass | | description | The quality of service class that affects the configurable parts of the whole client <-> GFE <-> backend flow. |
|---|
| enum | - QOS_CLASS_DEFAULT
- QOS_CLASS_AF2
- QOS_CLASS_AF3
- QOS_CLASS_AF4
|
|---|
| enumDescriptions | - Defaults to AF3.
- Assured forwarding priority 2.
- Assured forwarding priority 3.
- Assured forwarding priority 4.
|
|---|
| type | string |
|---|
|
|---|
| requestSize | | description | Affects how long the GFE will wait for the backend to respond. |
|---|
| enum | - REQUEST_SIZE_DEFAULT
- REQUEST_SIZE_LOW
- REQUEST_SIZE_MEDIUM
- REQUEST_SIZE_HIGH
|
|---|
| enumDescriptions | - Defaults to MEDIUM.
- Pick this for a service that mostly gets small GET requests. This is all < 1KiB.
- Pick for services with moderately large upload requirements. Order of 1-3 KiB.
- Pick this for a service that is upload heavy.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpReasonRule | | description | Instructions on how to extract data access reason from HTTP request. |
|---|
| id | HttpReasonRule |
|---|
| properties | | selector | | $ref | HttpFieldSelector |
|---|
| description | The selector specifies where to extract the metadata from HTTP requests. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpResourceRule | | description | Instructions on how to extract target resources from HTTP request. |
|---|
| id | HttpResourceRule |
|---|
| properties | | resourceRegistryType | | description | Resource type in the form of Resource Registry go/rpcsp2-gin-3-1#step3. e.g. "ResourceRegistry.PRODUCT_AREA_ID.EXPLICIT_RESOURCE_TYPE_NAME" |
|---|
| type | string |
|---|
|
|---|
| selector | | $ref | HttpFieldSelector |
|---|
| description | The selector specifies where to extract the metadata from HTTP requests. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| HttpRule | | description | # gRPC Transcoding gRPC Transcoding is a feature for mapping between a gRPC method and one or more HTTP REST endpoints. It allows developers to build a single API service that supports both gRPC APIs and REST APIs. Many systems, including [Google APIs](https://github.com/googleapis/googleapis), [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC Gateway](https://github.com/grpc-ecosystem/grpc-gateway), and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature and use it for large scale production services. `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies how different portions of the gRPC request message are mapped to the URL path, URL query parameters, and HTTP request body. It also controls how the gRPC response message is mapped to the HTTP response body. `HttpRule` is typically specified as an `google.api.http` annotation on the gRPC method. Each mapping specifies a URL path template and an HTTP method. The path template may refer to one or more fields in the gRPC request message, as long as each field is a non-repeated field with a primitive (non-message) type. The path template controls how fields of the request message are mapped to the URL path. Example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get: "/v1/{name=messages/*}" }; } } message GetMessageRequest { string name = 1; // Mapped to URL path. } message Message { string text = 1; // The resource content. } This enables an HTTP REST to gRPC mapping as below: HTTP | gRPC -----|----- `GET /v1/messages/123456` | `GetMessage(name: "messages/123456")` Any fields in the request message which are not bound by the path template automatically become HTTP query parameters if there is no HTTP request body. For example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get:"/v1/messages/{message_id}" }; } } message GetMessageRequest { message SubMessage { string subfield = 1; } string message_id = 1; // Mapped to URL path. int64 revision = 2; // Mapped to URL query parameter `revision`. SubMessage sub = 3; // Mapped to URL query parameter `sub.subfield`. } This enables a HTTP JSON to RPC mapping as below: HTTP | gRPC -----|----- `GET /v1/messages/123456?revision=2&sub.subfield=foo` | `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: "foo"))` Note that fields which are mapped to URL query parameters must have a primitive type or a repeated primitive type or a non-repeated message type. In the case of a repeated type, the parameter can be repeated in the URL as `...?param=A¶m=B`. In the case of a message type, each field of the message is mapped to a separate parameter, such as `...?foo.a=A&foo.b=B&foo.c=C`. For HTTP methods that allow a request body, the `body` field specifies the mapping. Consider a REST update method on the message resource collection: service Messaging { rpc UpdateMessage(UpdateMessageRequest) returns (Message) { option (google.api.http) = { patch: "/v1/messages/{message_id}" body: "message" }; } } message UpdateMessageRequest { string message_id = 1; // mapped to the URL Message message = 2; // mapped to the body } The following HTTP JSON to RPC mapping is enabled, where the representation of the JSON in the request body is determined by protos JSON encoding: HTTP | gRPC -----|----- `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: "123456" message { text: "Hi!" })` The special name `*` can be used in the body mapping to define that every field not bound by the path template should be mapped to the request body. This enables the following alternative definition of the update method: service Messaging { rpc UpdateMessage(Message) returns (Message) { option (google.api.http) = { patch: "/v1/messages/{message_id}" body: "*" }; } } message Message { string message_id = 1; string text = 2; } The following HTTP JSON to RPC mapping is enabled: HTTP | gRPC -----|----- `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: "123456" text: "Hi!")` Note that when using `*` in the body mapping, it is not possible to have HTTP parameters, as all fields not bound by the path end in the body. This makes this option more rarely used in practice when defining REST APIs. The common usage of `*` is in custom methods which don't use the URL at all for transferring data. It is possible to define multiple HTTP methods for one RPC by using the `additional_bindings` option. Example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get: "/v1/messages/{message_id}" additional_bindings { get: "/v1/users/{user_id}/messages/{message_id}" } }; } } message GetMessageRequest { string message_id = 1; string user_id = 2; } This enables the following two alternative HTTP JSON to RPC mappings: HTTP | gRPC -----|----- `GET /v1/messages/123456` | `GetMessage(message_id: "123456")` `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id: "123456")` ## Rules for HTTP mapping 1. Leaf request fields (recursive expansion nested messages in the request message) are classified into three categories: - Fields referred by the path template. They are passed via the URL path. - Fields referred by the HttpRule.body. They are passed via the HTTP request body. - All other fields are passed via the URL query parameters, and the parameter name is the field path in the request message. A repeated field can be represented as multiple query parameters under the same name. 2. If HttpRule.body is "*", there is no URL query parameter, all fields are passed via URL path and HTTP request body. 3. If HttpRule.body is omitted, there is no HTTP request body, all fields are passed via URL path and URL query parameters. ### Path template syntax Template = "/" Segments [ Verb ] ; Segments = Segment { "/" Segment } ; Segment = "*" | "**" | LITERAL | Variable ; Variable = "{" FieldPath [ "=" Segments ] "}" ; FieldPath = IDENT { "." IDENT } ; Verb = ":" LITERAL ; The syntax `*` matches a single URL path segment. The syntax `**` matches zero or more URL path segments, which must be the last part of the URL path except the `Verb`. The syntax `Variable` matches part of the URL path as specified by its template. A variable template must not contain other variables. If a variable matches a single path segment, its template may be omitted, e.g. `{var}` is equivalent to `{var=*}`. The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL` contains any reserved character, such characters should be percent-encoded before the matching. If a variable contains exactly one path segment, such as `"{var}"` or `"{var=*}"`, when such a variable is expanded into a URL path on the client side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The server side does the reverse decoding. Such variables show up in the [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) as `{var}`. If a variable contains multiple path segments, such as `"{var=foo/*}"` or `"{var=**}"`, when such a variable is expanded into a URL path on the client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded. The server side does the reverse decoding, except "%2F" and "%2f" are left unchanged. Such variables show up in the [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) as `{+var}`. ## Using gRPC API Service Configuration gRPC API Service Configuration (service config) is a configuration language for configuring a gRPC service to become a user-facing product. The service config is simply the YAML representation of the `google.api.Service` proto message. As an alternative to annotating your proto file, you can configure gRPC transcoding in your service config YAML files. You do this by specifying a `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same effect as the proto annotation. This can be particularly useful if you have a proto that is reused in multiple services. Note that any transcoding specified in the service config will override any matching transcoding configuration in the proto. Example: http: rules: # Selects a gRPC method and applies HttpRule to it. - selector: example.v1.Messaging.GetMessage get: /v1/messages/{message_id}/{sub.subfield} ## Special notes When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the proto to JSON conversion must follow the [proto3 specification](https://developers.google.com/protocol-buffers/docs/proto3#json). While the single segment variable follows the semantics of [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String Expansion, the multi segment variable **does not** follow RFC 6570 Section 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion does not expand special characters like `?` and `#`, which would lead to invalid URLs. As the result, gRPC Transcoding uses a custom encoding for multi segment variables. The path variables **must not** refer to any repeated or mapped field, because client libraries are not capable of handling such variable expansion. The path variables **must not** capture the leading "/" character. The reason is that the most common use case "{var}" does not capture the leading "/" character. For consistency, all path variables must share the same behavior. Repeated message fields must not be mapped to URL query parameters, because no client library can support such complicated mapping. If an API needs to use a JSON array for request or response body, it can map the request or response body to a repeated field. However, some gRPC Transcoding implementations may not support this feature. |
|---|
| id | HttpRule |
|---|
| properties | | additionalBindings | | description | Additional HTTP bindings for the selector. Nested bindings must not contain an `additional_bindings` field themselves (that is, the nesting may only be one level deep). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| allowHalfDuplex | | description | When this flag is set to true, HTTP requests will be allowed to invoke a half-duplex streaming method. |
|---|
| type | boolean |
|---|
|
|---|
| authorizations | | description | Specifies the permission(s) required for an API element for the overall API request to succeed. It is typically used to mark request message fields that contain the name of the resource and indicates the permissions that will be checked on that resource. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| body | | description | The name of the request field whose value is mapped to the HTTP request body, or `*` for mapping all request fields not captured by the path pattern to the HTTP body, or omitted for not having any HTTP request body. NOTE: the referred field must be present at the top-level of the request message type. |
|---|
| type | string |
|---|
|
|---|
| custom | | $ref | CustomHttpPattern |
|---|
| description | The custom pattern is used for specifying an HTTP method that is not included in the `pattern` field, such as HEAD, or "*" to leave the HTTP method unspecified for this rule. The wild-card rule is useful for services that provide content to Web (HTML) clients. |
|---|
|
|---|
| delete | | description | Maps to HTTP DELETE. Used for deleting a resource. |
|---|
| type | string |
|---|
|
|---|
| get | | description | Maps to HTTP GET. Used for listing and getting information about resources. |
|---|
| type | string |
|---|
|
|---|
| mediaDownload | | $ref | MediaDownload |
|---|
| description | Use this only for Scotty Requests. Do not use this for bytestream methods. For media support, add instead [][google.bytestream.RestByteStream] as an API to your configuration. |
|---|
|
|---|
| mediaUpload | | $ref | MediaUpload |
|---|
| description | Use this only for Scotty Requests. Do not use this for media support using Bytestream, add instead [][google.bytestream.RestByteStream] as an API to your configuration for Bytestream methods. |
|---|
|
|---|
| patch | | description | Maps to HTTP PATCH. Used for updating a resource. |
|---|
| type | string |
|---|
|
|---|
| post | | description | Maps to HTTP POST. Used for creating a resource or performing an action. |
|---|
| type | string |
|---|
|
|---|
| put | | description | Maps to HTTP PUT. Used for replacing a resource. |
|---|
| type | string |
|---|
|
|---|
| responseBody | | description | Optional. The name of the response field whose value is mapped to the HTTP response body. When omitted, the entire response message will be used as the HTTP response body. NOTE: The referred field must be present at the top-level of the response message type. |
|---|
| type | string |
|---|
|
|---|
| restCollection | | description | DO NOT USE. This is an experimental field. Optional. The REST collection name is by default derived from the URL pattern. If specified, this field overrides the default collection name. Example: rpc AddressesAggregatedList(AddressesAggregatedListRequest) returns (AddressesAggregatedListResponse) { option (google.api.http) = { get: "/v1/projects/{project_id}/aggregated/addresses" rest_collection: "projects.addresses" }; } This method has the automatically derived collection name "projects.aggregated". Because, semantically, this rpc is actually an operation on the "projects.addresses" collection, the `rest_collection` field is configured to override the derived collection name. |
|---|
| type | string |
|---|
|
|---|
| restMethodName | | description | DO NOT USE. This is an experimental field. Optional. The rest method name is by default derived from the URL pattern. If specified, this field overrides the default method name. Also, a special method name of "$HIDE_FROM_DISCOVERY" can be used in bindings that shouldn't appear in discovery docs or API reference docs. It is useful when there's a legacy path that needs to be accepted, but we don't want to encourage users to use it by putting it in our docs. Example: rpc CreateResource(CreateResourceRequest) returns (CreateResourceResponse) { option (google.api.http) = { post: "/v1/resources", body: "resource", rest_method_name: "insert" }; } The above method has the automatically derived rest method name "create", but for backwards compatibility with apiary, it is specified as insert. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects a method to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Iam | | description | Cloud IAM Configuration for services. |
|---|
| id | Iam |
|---|
| properties | | environment | | description | IAM environment used by Cloud Policy Enforcement for IAM policy checks. |
|---|
| type | string |
|---|
|
|---|
| internal | | $ref | IamServiceConfigInternal |
|---|
| description | Service information used to configure IAM Internals. |
|---|
|
|---|
| launchStage | | description | The service-level launch stage of the IAM integration. Each IAM entity will inherit this launch stage by default unless explicitly overridden. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| reader | | description | LOAS Roles who have access to call IAMInternal read IAM APIs (get, check, bulkcheck, test, bulktest) on resources defined in this service. For Internal Services we support LOAS Identities in the form on mdb users and groups. This will not be needed for 3rd party services. Identities that represent the service itself should use mdb users and must be BCID L3 compliant. Admin groups should use mdb groups and should only contain human users. These strings must be of the form "user:{user loas identifier}" for users and "group:{group mdb identifier}" for groups. To specify multiple LOAS roles here, you need to use a comma-separated list such as "group:{group1 mdb}, group:{group2 mdb}, user:{user1 loas}" |
|---|
| type | string |
|---|
|
|---|
| resources | | description | List of resource types of the service. |
|---|
| items | | $ref | IamResourceDescriptor |
|---|
|
|---|
| type | array |
|---|
|
|---|
| roles | | description | Roles for the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| writer | | description | LOAS Roles who have access to call IAMInternal write APIs (set, purge) for this service. The specification follows the same as the `reader` field. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamPermission | | description | IAM permission. |
|---|
| id | IamPermission |
|---|
| properties | | basicRole | | description | Sets the basic role which will include this permission. |
|---|
| enum | - BASIC_ROLE_UNSPECIFIED
- READER
- WRITER
- ADMIN
|
|---|
| enumDescriptions | - Default.
- Puts the permission in the roles/reader basic role. Will also assign the permission to the roles/viewer legacy role.
- Puts the permission in the roles/writer basic role. Will also assign the permission to the roles/editor legacy role.
- Puts the permission in the roles/admin basic role. Will also assign the permission to the roles/owner legacy role.
|
|---|
| type | string |
|---|
|
|---|
| description | | description | The human readable description of the permission. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | The human readable title of the permission. |
|---|
| type | string |
|---|
|
|---|
| internal | | $ref | IamPermissionInternal |
|---|
| description | Permission information used for IAM Internal. |
|---|
|
|---|
| launchStage | | description | The launch stage of this IAM permission. If set, overrides the service-level launch stage. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| name | | description | The name of the permission in the format: {service_name}/{plural}.{verb}. - {service_name} references the `name` field in the service config. It must be lowercase. - {plural} references the `plural` field specified in the ResourceDescriptor. It must be lowerCamelCase. Example: "library.googleapis.com/shelves.get" |
|---|
| type | string |
|---|
|
|---|
| parentOnly | | description | Whether this permission only applies to parents of this resource type. For example, the `list` permission applies to the parents of resources as opposed to just the individual resource. |
|---|
| type | boolean |
|---|
|
|---|
| scope | | description | Deprecated. Must specify basic_role directly. |
|---|
| enum | - PERMISSION_SCOPE_UNSPECIFIED
- USER_SCOPE
- ADMIN_SCOPE
|
|---|
| enumDescriptions | - Default.
- This a user scoped permission.
- This is an admin scoped permission.
|
|---|
| type | string |
|---|
|
|---|
| type | | description | The type of the action the verb represents. Specifying this field will enable Cloud Auditing. The action type cannot be changed once it is set. Note: For existing services that use this field without setting basic_role, Cloud Auditing will not be enabled. To migrate to the new semantics, please set basic_role and only set type if Cloud Auditing should be enabled. |
|---|
| enum | - PERMISSION_TYPE_UNSPECIFIED
- META_DATA_READ
- META_DATA_WRITE
- DATA_READ
- DATA_WRITE
|
|---|
| enumDescriptions | - Default.
- Indicates a metadata read.
- Indicates a metadata write.
- Indicates a data read.
- Indicates a data write.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamPermissionInternal | | description | Permission information used for IAM Internal. |
|---|
| id | IamPermissionInternal |
|---|
| properties | | calOnboardingTicket | | description | If permission's type' is specified, the cal_onboarding_ticket should point to the CAL onboarding ticket which covers this permission. data format: 'b/xxxxx' |
|---|
| type | string |
|---|
|
|---|
| customRoleSupportLevelOverride | | description | Overrides the support level of this permission for custom roles. For CPE onboarded services, IAM deems all their permissions supported for custom roles. Service owners should only use this field to override that behavior (e.g. withdraw support). For Non-CPE services, IAM confers partial support, i.e. allows inclusion of permission in custom roles but displays a warning in gcloud and in Pantheon that the permission should not be considered as stable for custom roles yet. Non-CPE services must use this field to fully support their permissions for custom roles. Services must be allowlisted with IAM in order to use this field. (go/custom-roles-support-allowlist) Allowlist is granted only if the associated requirements are met. Requirements for SUPPORTED - Non-CPE services have performed knockout tests. (go/iam-custom-roles-sig#heading=h.31x8r1vvz9oc) Requirements for NOT_SUPPORTED - Permission is security sensitive. |
|---|
| enum | - CUSTOM_ROLE_SUPPORT_LEVEL_UNSPECIFIED
- NOT_SUPPORTED
- SUPPORTED
|
|---|
| enumDescriptions | - Default.
- A permission with this custom role support level must never be included into a custom role.
- A permission with this custom role support level can be included into a custom role.
|
|---|
| type | string |
|---|
|
|---|
| usedForRpcSecurityPolicy | | description | Whether this permission is being used in place of RpcSP. Such permissions must mark custom_roles_support_level: NOT_SUPPORTED, and will not be allowed in non-root roles. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamResourceDescriptor | | description | Additional information required by IAM for resources further defined by ResourceDescriptor. |
|---|
| id | IamResourceDescriptor |
|---|
| properties | | internal | | $ref | IamResourceDescriptorInternal |
|---|
| description | Resource information used for IAM Internal. |
|---|
|
|---|
| launchStage | | description | The launch stage of this IAM resource. If set, overrides the service-level launch stage for this resource and its permissions. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| memberTypeRestriction | | enum | - MEMBER_TYPE_RESTRICTION_UNSPECIFIED
- ALLOW_ALL_USERS
- ALLOW_ALL_AUTHENTICATED_USERS
- ALLOW_ONLY_SPECIFIC_MEMBERS
|
|---|
| enumDescriptions | - Default.
- Allows allUsers and allAuthenticatedUsers member bindings. This allows administrators to make a resource of this type publicly accessible to any user without requiring authentication. This should only be allowed for a resource type when there is a strong use case for allowing resources of this type to be shared publicly.
- Allows allAuthenticateUsers member bindings. This allows administrators to make a resource of this type publicly accessible to all Gmail and Dasher users. This should only be allowed for a resource type when there is a strong use case for allowing resources of this type to be shared publicly.
- Only allows specific member bindings (such as User Accounts, Service Accounts, Groups and Domains) and block allUsers and allAuthenticateUsers members on this resource's policy. This prevents resources of this type from being shared publicly.
|
|---|
| type | string |
|---|
|
|---|
| permissions | | description | All permissions for this resource type. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| resourceNameMappings | | description | Mappings from external resource names to internal policy name ids (and vice-versa). If unset, this will be populated in the derived config at compile time by generating it from the hierarchy defined by ResourceDescriptor. |
|---|
| items | | $ref | IamResourceNameMapping |
|---|
|
|---|
| type | array |
|---|
|
|---|
| type | | description | The matching name of the resource from its ResourceDescriptor. Example: library.googleapis.com/Shelf |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamResourceDescriptorInternal | | description | Resource information used for IAM Internal. |
|---|
| id | IamResourceDescriptorInternal |
|---|
| properties | | disableConvertProjectIdOrNumber | | description | Set this flag if the IAM server should not perform automatic project id/number conversion for the underlying IAM resource type. This ensures that CPE runtime will not set the `convert_project_id_or_number` flag when calling IAM CheckPolicy. This flag should only be applied to the case when the underlying IAM resource type has Elysium project as `relation_parent_type`. |
|---|
| type | boolean |
|---|
|
|---|
| nameForResource | | description | The resource name part of the IAM namespace in the form of "{service}_{resource_name}". Cannot exceed 36 characters. Must be lowercase (unless of an existing service and already capital). Examples: - "compute_instances" --> "instances" - "library_shelves" --> "shelves" Optional if this can be validly constructed from first part of `service_name` field in service config and `plural` field in ResourceDescriptor. Example: Can be constructed: - service_name: "compute.googleapis.com" - ResourceDescriptor.plural: "instances" - Derived: "compute_instances" Cannot be constructed: - service_name: "reallylongnameforaservice.googleapis.com" - ResourceDescriptor.plural: "reallylongnamefortype" - Derived: "reallylongnameforaservice_reallylongnamefortype" (Invalid: 47 characters > max of 36 characters) Note: If service is migrating from IAM service files, this field will be required if the resource type name defined in IAM does not match the value that would be constructed as above. |
|---|
| type | string |
|---|
|
|---|
| singleParentOverride | | description | Set this flag if the underlying IAM resource type has a `path_parent_type` rather than a `multipath_parent_type`. This ensures that only one parent is allowed (matching IAM configuration) and corrects ResourceNameMapping generation. Note: This field will be allowed for new services until all new services can onboard IAM service configs via Inception. Examples: Project --(path_parent_type)--> Bar: - Set single_parent_override: true Project --(path_multiparent_type)--> Bar: - Omit single_parent_override |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamResourceNameMapping | | description | Mappings from full resource names to IAM policy names. Services should generally not add Resource Name Mappings manually. Service compiler will generate all necessary IamResourceNameMappings from related ResourceDescriptors at push time. |
|---|
| id | IamResourceNameMapping |
|---|
| properties | | policyLocationExtractor | | description | Optional. A string defining how the location component is extracted from resource_name_pattern. Example (related to resource_name_pattern examples): (library.googleapis.com/Shelf) - Leave unspecified - resource name has no location. (cloudkms.googleapis.com/KeyRing) - "{location}" |
|---|
| type | string |
|---|
|
|---|
| policyNameExtractor | | description | A string defining how the IAM policy name is extracted from resource_name_pattern. Any string enclosed between '{' and '}' is a component name and must be present in resource_name_pattern. Such named components can optionally be mapped from one form to another. Examples (related to resource_name_pattern examples): (library.googleapis.com/Shelf) - "/{project}/{shelf}" (cloudkms.googleapis.com/KeyRing) - "{projid=project}/{location}/{keyRing}" Conversion Rules: The following conversion rules are supported: - "projnum": The project identifier (either project ID or project number representation) is converted to a project number and encoded as 16-digit, zero-prefixed, lowercase hexadecimal (printf "%016x"). This conversion rule is only supported for cloudresoucemanager.googleapis.com/Project components. - "projid": The project identifier (either project ID or project number representation) is converted to a project ID and encoded as a string. This conversion rule is only supported for cloudresoucemanager.googleapis.com/Project components. - "raw": The component is extracted directly without any conversion. - "hex": The component is extracted as a number encoded as a 16-digit, zero-prefixed hexadecimal (printf "%016x"). This conversion rule is only supported for components that are decimal numbers. - "external": The result path component must be provided by the service via the policy callback. The part after '=' is for documentation only to indicate their relationship. Typically, the resource name component is looked up from an external storage and the result is substituted into the policy name component. A conversion rule is applied by prefixing the tag name with "{rulename}=" within its braces. Example: "{projid=project}". Some component names have special meanings, and by default apply particular conversion rules: - {project}: This component is assumed to be a cloudresourcemanager.googleapis.com/Project. If unspecified, the "projnum" conversion rule will be applied. - {folder}: This component is assumed to be a cloudresourcemanager.googleapis.com/Folder. If unspecified, the "hex" conversion rule will be applied. - {organization}: This component is assumed to be a cloudresourcemanager.googleapis.com/Organization. If unspecified, the "hex" conversion rule will be applied. For all other component names, the "raw" conversion rule will be applied. |
|---|
| type | string |
|---|
|
|---|
| resourceNamePattern | | description | A pattern from ResourceDescriptor.pattern. Any string enclosed between '{' and '}' is a component name. Component names must be in lower camel case and unique within the pattern. Examples: (library.googleapis.com/Shelf) - "projects/{project}/shelves/{shelf}" (cloudkms.googleapis.com/KeyRing) - "projects/{project}/locations/{location}/keyRings/{keyRing}" |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamRole | | id | IamRole |
|---|
| properties | | description | | description | Required. Human readable description of the role. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | Required. Human readable title of the role. |
|---|
| type | string |
|---|
|
|---|
| launchStage | | description | The launch stage of this IAM role. If set, overrides the service-level launch stage. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| name | | description | Immutable. Name of the role. The name of the role in the format: {service_name}/{role short name}. - {service_name} references the `name` field in the service config. It must be lowercase. - {role short name} references the short name of the role. It must be lowerCamelCase. Example: library.googleapis.com/bookReader. |
|---|
| type | string |
|---|
|
|---|
| permissions | | description | Optional. List of permissions granted by the role. Singular permissions are added to the role by adding an element to the "permissions" repeated field. The name must match the name of the IamPermission being reference. Example: `library.googleapis.com/shelves.get`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| roles | | description | Optional. List of roles granted by role. Singular roles are added to the role by adding an element to the "roles" repeated field. The name must match the name of the IamRole being referenced. Example: `library.googleapis.com/bookReader`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IamServiceConfigInternal | | description | Service information used to configure IAM Internals. |
|---|
| id | IamServiceConfigInternal |
|---|
| properties | | roleGroup | | description | All roles in the service must belong to a single group (visible in Pantheon). At present, groups are defined in groups.iam. It is not an error to specify a group that doesn't exist (Pantheon simply renders them under the "Other" group). If not specified, this field will be populated in the derived config at compile time with the derived Internal IAM name for Service (e.g., "library"). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IconUrlOverrides | | id | IconUrlOverrides |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Impersonation | | description | Google Plus Page impersonation configuration. For details, see go/op-impersonation, go/apiary-impersonation. For consistency, the field names in this section will be the same as Apiary’s ones. |
|---|
| id | Impersonation |
|---|
| properties | | allowFirstPartyAuth | | description | Whether to allow impersonation for first-party auth. If set to true, ESF will check the "X-Goog-PageId" HTTP request header for first-party auth requests, and when the header is provided, perform exchange for impersonated GaiaMint. Behavior of this field is similar to the Apiary config "allowImpersonationForFirstPartyAuth". See go/apiary-config#TOC-allowImpersonationForFirstPartyAuth |
|---|
| type | boolean |
|---|
|
|---|
| allowOauth | | description | Whether to allow "late" OAuth impersonation. If set to true, ESF will check the "X-Goog-PageId" HTTP request header for OAuth requests, and when the header is provided, perform exchange for impersonated GaiaMint. Behavior of this field is similar to the Apiary config "allowPlusPageIdHeader". See go/apiary-config#TOC-allowPlusPageIdHeader |
|---|
| type | boolean |
|---|
|
|---|
| allowedOauthClientIds | | description | Client ID allowlist for using OAuth impersonation. If this list is empty, all Client IDs will be allowed. If this list is set, only allowlisted values will be allowed. Behavior of this field is similar to the Apiary config "allowedClientIdsForPlusPageIdHeader". See go/apiary-config#TOC-allowedClientIdsForPlusPageIdHeader |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ImpersonationTargetCondition | | description | A condition to specify which users can be impersonated. |
|---|
| id | ImpersonationTargetCondition |
|---|
| properties | | allNormalUsers | | $ref | Empty |
|---|
| description | Allows impersonation of any normal user (go/rpcsp-key-terms#normal-user) or an anonymous user. |
|---|
|
|---|
| allProdUsers | | $ref | Empty |
|---|
| description | Allows impersonation of any prod user (go/rpcsp-key-terms#prod-user). Note that this includes both person and system (borg roles) users. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| IndexedResource | | description | IndexedResource provides information about a resource that needs to be indexed, and the permission the index should be performed on. |
|---|
| id | IndexedResource |
|---|
| properties | | permissions | | description | Required. The resource instances that have been bound to the following permissions will be indexed. This name should match the name from the Iam permission. NEXT ID TO USE: 3. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| resourceType | | description | Required. The resource that should be indexed. This should match the name from the ResourceDescriptor. Example `library.googleapis.com/Shelf` |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JavaSettings | | description | Settings for Java client libraries. |
|---|
| id | JavaSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
| libraryPackage | | description | The package name to use in Java. Clobbers the java_package option set in the protobuf. This should be used **only** by APIs who have already set the language_settings.java.package_name" field in gapic.yaml. API teams should use the protobuf java_package option where possible. Example of a YAML configuration:: publishing: java_settings: library_package: com.google.cloud.pubsub.v1 |
|---|
| type | string |
|---|
|
|---|
| serviceClassNames | | additionalProperties | |
|---|
| description | Configure the Java class name to use instead of the service's for its corresponding generated GAPIC client. Keys are fully-qualified service names as they appear in the protobuf (including the full the language_settings.java.interface_names" field in gapic.yaml. API teams should otherwise use the service name as it appears in the protobuf. Example of a YAML configuration:: publishing: java_settings: service_class_names: - google.pubsub.v1.Publisher: TopicAdmin - google.pubsub.v1.Subscriber: SubscriptionAdmin |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JsonFixupConfig | | id | JsonFixupConfig |
|---|
| properties | | enableJsonFixup | | description | If set to true, when a JSON request fails to parse for this method, ESF will call the JsonFixupService with the request payload to the backend, and update the payload with the fixed payload from the response. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JsonSchema | | description | Proto representation of a json schema, used to specify schemas in yaml that can't be or for some reason aren't specified in proto. Examples would be multidimensional arrays or lists that can have null values. The field names match the names used in json schema so that an instance can be passed to JsonFormat.printer().print() and result in valid json schema. The one execption is additional_properties which in json schema can be a boolean or a schema. For this reason, it is represented by two fields in proto and we post process it to make it the same field. For usages of these fields check out https://www.google.com/url?sa=D&q=https%3A%2F%2Fjson-schema.org%2Funderstanding-json-schema%2Freference%2Fobject.html |
|---|
| id | JsonSchema |
|---|
| properties | | $ref | | description | The id of the schema this element refers to. Although it is $ref in json, it is only ref without the dollar sign in yaml. |
|---|
| type | string |
|---|
|
|---|
| additionalPropertiesAllowed | | description | Whether any properties not specified in 'properties' are allowed on the object. Only valid when type is object. |
|---|
| type | boolean |
|---|
|
|---|
| additionalPropertyRestrictions | | $ref | JsonSchema |
|---|
| description | A json schema that describes what restrictions apply to any additional properties that are not listed in properties. Only valid when type is object. |
|---|
|
|---|
| annotations | | $ref | JsonSchemaAnnotations |
|---|
| description | The annotations of this property. |
|---|
|
|---|
| default | | description | The default value of the field or object described by this schema |
|---|
| type | string |
|---|
|
|---|
| description | | description | A description of this schema |
|---|
| type | string |
|---|
|
|---|
| format | | description | The format of the property. This field should only be set if corresponding format field is set in the discovery doc generated by Apiary, valid type-format pairs can be found at https://developers.google.com/discovery/v1/type-format |
|---|
| type | string |
|---|
|
|---|
| id | | description | A unique ID to identify the schema. This is the value that other $refs would point to |
|---|
| type | string |
|---|
|
|---|
| items | | $ref | JsonSchema |
|---|
| description | Schema that applies to array values, applicable only if this is of type array. It is plural even though it is not a repeated field so that it has the correct name in the discovery doc. |
|---|
|
|---|
| maximum | | description | The maximum value of this property |
|---|
| type | string |
|---|
|
|---|
| minimum | | description | The minimum value of this property |
|---|
| type | string |
|---|
|
|---|
| pattern | | description | A regular expression this property should conform to |
|---|
| type | string |
|---|
|
|---|
| properties | | additionalProperties | |
|---|
| description | The child schemas, applicable only if this is of type object. The key is the name of the property and the value is the json schema that describes that property |
|---|
| type | object |
|---|
|
|---|
| readOnly | | description | Whether this property is read only. It indicates that the field is provided in responses, but that including the field in a message in a request does nothing. |
|---|
| type | boolean |
|---|
|
|---|
| required | | description | Whether this property is required |
|---|
| type | string |
|---|
|
|---|
| type | | description | The type of the property |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JsonSchemaAnnotations | | id | JsonSchemaAnnotations |
|---|
| properties | | required | | description | The list of methods (identified by their "Apiary method names", not proto names. If unsure, check the discovery doc for the methods to find their `id` fields.) that require this field to be provided on requests made via those methods. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JsonSchemaProperties | | description | Additional properties for schemas defined in `migration.schemas`. |
|---|
| id | JsonSchemaProperties |
|---|
| properties | | hideFromSchemas | | description | A list of schemas defined in `migration.schemas` to be hidden from `discovery.schemas` section in discovery doc for this API version. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| version | | description | API version of the per-version discovery configuration. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JsonSchemaRule | | description | Discovery rules for the JSON schemas. By default, proto messages use [Discovery.schema_name_template] to determine how JSON schema names are generated in the discovery document, and all reachable JSON schemas will by default be included. This rule provides configurability at proto message level to get around the limitation of not using namespace in discovery document spec. |
|---|
| id | JsonSchemaRule |
|---|
| properties | | excluded | | description | Set to true if the messages should be excluded from the generated discovery document. A typical use case is to use this field to exclude messages that are API version specific. Example: discovery: discovery_per_version: - version: v1 rules: - selector: google.example.library.v2.* excluded: true - version: v2 rules: - selector: google.example.library.v1.* excluded: true To restrict the methods to be included in the generated discovery document, use Discovery.path_prefixes instead. |
|---|
| type | boolean |
|---|
|
|---|
| schemaNameTemplate | | description | A simple template which determines how JSON schema names are generated for proto messages. It will override the top level or per-version level schema_name_template for the matching proto message types. Example: discovery: discovery_per_version: - version: v1 rules: - selector: google.example.library.v1.LibraryService.* schema_name_template: ${outer_message_name}${message_name} - version: v2 rules: - selector: google.example.library.v2.LibraryService.* schema_name_template: ${version}${message_name} |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Required. Selects the messages to which this rule applies. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| JwtLocation | | description | Specifies a location to extract JWT from an API request. |
|---|
| id | JwtLocation |
|---|
| properties | | cookie | | description | Specifies cookie name to extract JWT token. |
|---|
| type | string |
|---|
|
|---|
| header | | description | Specifies HTTP header name to extract JWT token. |
|---|
| type | string |
|---|
|
|---|
| query | | description | Specifies URL query parameter name to extract JWT token. |
|---|
| type | string |
|---|
|
|---|
| valuePrefix | | description | The value prefix. The value format is "value_prefix{token}" Only applies to "in" header type. Must be empty for "in" query type. If not empty, the header value has to match (case sensitive) this prefix. If not matched, JWT will not be extracted. If matched, JWT will be extracted after the prefix is removed. For example, for "Authorization: Bearer {JWT}", value_prefix="Bearer " with a space at the end. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LabelDescriptor | | description | A description of a label. |
|---|
| id | LabelDescriptor |
|---|
| properties | | description | | description | A human-readable description for the label. |
|---|
| type | string |
|---|
|
|---|
| key | | description | The label key. |
|---|
| type | string |
|---|
|
|---|
| valueType | | description | The type of data that can be assigned to the label. |
|---|
| enum | |
|---|
| enumDescriptions | - A variable-length string. This is the default.
- Boolean; true or false.
- A 64-bit signed integer.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LabelMapping | | description | Mapping labels from the source label to the mapped metric label or resource label. This is used by ServiceController to do forward/backward mapping for double reporting. go/monitoring-metrics-migration. `_uid` will be used as a special label since there is no uid related label in Stackdriver config while in most cases, it is `cloud.googleapis.com/uid` for Cloud Monarch config. |
|---|
| id | LabelMapping |
|---|
| properties | | destinationMetricLabel | | description | The metric label which is mapped to. |
|---|
| type | string |
|---|
|
|---|
| destinationResourceLabel | | description | The monitored resource label which is mapped to. |
|---|
| type | string |
|---|
|
|---|
| sourceLabel | | description | The label in the descriptor, it could be either resource label or metric label. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LatencyCriteria | | description | Parameters for a latency threshold SLI of synchronous APIs. |
|---|
| id | LatencyCriteria |
|---|
| properties | | latencyExperience | | description | Customer latency experience of requests that meet the latency threshold. |
|---|
| enum | - LATENCY_EXPERIENCE_UNSPECIFIED
- DELIGHTING
- SATISFYING
- ANNOYING
|
|---|
| enumDescriptions | - Unspecified latency experience.
- Super fast responses, representing a great product experience. The recommended SLO goal is 0.5.
- Nominally fast responses. The recommended SLO goal is 0.5, 0.9 or 0.95.
- Responses are slower than SATISFYING, but still acceptable. Usually the goal is 0.99.
|
|---|
| type | string |
|---|
|
|---|
| threshold | | description | Good service is defined to be the count of requests made to this service that return in no more than `threshold`. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Legacy | | description | Defines configuration only available to Google services. To launch a Google service, please follow go/api-launch. Note: "Legacy" is not the best descriptive name for this .proto, and in hindsight we should have named it "Internal". However, given the complexity of renaming, we decided to keep the original name. Example: legacy: email: calendar-team@google.com support: calendar-support@google.com oncall: calendar-oncall@google.com mdb: mdb_running_your_backend taxonomy_id: taxonomy id for this product (go/production-taxonomy-user-guide) devconsole: example_url: "https://developers.google.com/apis-explorer/#search/bigquery/bigquery/v2/" learnmore_url: "https://cloud.google.com/bigquery/" pricing_link: "https://cloud.google.com/bigquery/pricing" request_quota_url: "https://docs.google.com/spreadsheet/viewform?formkey=abc123&entry_0={email}&entry_1={id}" gwslog: log_type: your_log_source:your_log_type healthz: /healthz?servertype=one-platform-libraryagent-libraryagentserver bug_component_id: bug_component_id_to_be_filed_against_your_service |
|---|
| id | Legacy |
|---|
| properties | | apiV1Name | | description | Output only. This value is used to map a One Platform API to its corresponding DevConsole configuration. The value is computed by Inception automatically, so there is no need to set it. |
|---|
| type | string |
|---|
|
|---|
| boqSettings | | $ref | BoqSettings |
|---|
| description | Boq related settings. |
|---|
|
|---|
| bugComponentId | | description | The bug component id for this service. It will be used for generating GFE config. It is also useful for filing bugs against the service. For more information, see go/api-blueprint. |
|---|
| type | string |
|---|
|
|---|
| bugId | | description | The latest "New API" or "Cloud API" tracking buganizer id for this API service. It is used for associating this API service with the go/api-launch process. |
|---|
| type | string |
|---|
|
|---|
| controlPlaneMigration | | $ref | ControlPlaneMigration |
|---|
| description | Settings to manage control plane migration from Usage Manager to Chemist. |
|---|
|
|---|
| devconsole | | $ref | Devconsole |
|---|
| description | Legacy DevConsole configuration. |
|---|
|
|---|
| disableQuotaProjectOverride | | description | If true, quota project override will be disabled. See go/quota-project-override for more details. Using this config is strongly discouraged. Please DO NOT USE without consulting envelope-framework-users@ |
|---|
| type | boolean |
|---|
|
|---|
| doNotSendQuotaOverridesToQuotaserver | | description | Identifies services that do not need to send overrides to Quotaserver, because they use only the Apiary proxy or Usage Manager for quota enforcement. Setting this flag to true reduces latency and server-side resource use associated with quota override operations. Services that use Chemist or are migrating to use Chemist must not set this flag to true. |
|---|
| type | boolean |
|---|
|
|---|
| email | | description | The email address of the team that owns this API service, such as chemist-team@google.com. |
|---|
| type | string |
|---|
|
|---|
| enableDirectPathForGrpc | | description | If true, ESF will enable Direct Path mode in gRPC server. DO NOT USE. DO NOT USE. DO NOT USE. This feature is under development. Please do not use without consulting envelope-framework-users@ or bochun@. |
|---|
| type | boolean |
|---|
|
|---|
| enableOrgQuotaForAllConsumers | | description | Enables org-level quota limits to be enforced for all consumers of this service. Enabling it after the launch of this service requires careful consideration in setting the org-level limit values. Otherwise, consumers may get their requests blocked due to the newly introduced org limits. When enabled, this will supersede any per-consumer allowlisting done for org-level quota limits for this service. |
|---|
| type | boolean |
|---|
|
|---|
| excludedVersionsInPackagePath | | description | Starting from config_version 2, API version will by default be included in package path of the generated Apiary client libraries. This can mean a breaking change to users of launched APIs. API producer can opt to list current versions through this field, so that the listed versions will not be included in the package path. It is not recommended to list a new major version because versionless package path cause issues when there are multiple versions in your service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| forwardJwtKnownIssuers | | description | If true, do exact or prefix match during JWT passing: If the auth provider ends with a slash, do a prefix match. If the auth provider does not end with a slash, do an exact match. This flag deprecates esf_experimental_passthrough_jwt_known_issuers and esf_experimental_passthrough_jwt_known_issuers_mode (See b/66191527). |
|---|
| type | boolean |
|---|
|
|---|
| gwslog | | $ref | ESFGwsLogConfig |
|---|
| description | The GWS log config used by ESF. |
|---|
|
|---|
| healthz | | description | The health check string. It will be used for generating GFE config. It will supersede the `esf_server_server_type` flag eventually. Example: /healthz?servertype=one-platform-libraryagent-libraryagentserver For more information, see go/api-blueprint. |
|---|
| type | string |
|---|
|
|---|
| hiddenFromList | | description | If true, then the API will be invisible in the list of services. It will remain visible in all other areas of the UI (e.g., billing, quotas, etc.). This flag is intended to be used by legacy Apiary services. It **must not** be used for regular services. |
|---|
| type | boolean |
|---|
|
|---|
| includeDebugTrackingId | | description | If true, ESF would include a debug tracking ID, which uses trace id (a.k.a. global id), in the response header. The format would be [;o=]. This debug tracking ID could be used as a common XHR tracking ID, which could link the client debugging info with server debugging info. Design doc: go/pan-common-tracking-id |
|---|
| type | boolean |
|---|
|
|---|
| mdb | | description | The mdb group(s) that your backend runs under. For One Platform APIs, this field is used to match the LOAS role(s) of your backend to grant permission to access the Service Control API. To specify multiple roles, you need to use comma-separated list of role names, such as "xxx,yyy". See go/api-deploy for more details. |
|---|
| type | string |
|---|
|
|---|
| oncall | | description | The email address that pages and alerts should be sent to, such as chemist-oncall@google.com. |
|---|
| type | string |
|---|
|
|---|
| restrictedQuotaBucketTrustedTesters | | additionalProperties | |
|---|
| description | List of Trusted testers with access to restricted quota buckets. The map key is restricted quota bucket name that is being controlled. |
|---|
| type | object |
|---|
|
|---|
| rules | | description | A list of legacy rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| support | | description | The email address for support questions about your API, such as chemist-users@google.com. This is Google-internal, not seen by users outside of Google. |
|---|
| type | string |
|---|
|
|---|
| taxonomyId | | description | A shared identifier provided by Production Taxonomy that associates a Product or Project Group with this config. https://g3doc.corp.google.com/production/insights/taxonomy/g3doc/user/index.md?cl=head NOTE: At this time, we only allow taxonomy IDs of type "teamsproduct". This restriction comes from go/insights-cube, who use taxonomy IDs to SLO data for a product to other sources like OMG. |
|---|
| type | string |
|---|
|
|---|
| useLoasProjectWithProjectlessCredentials | | description | If true, credentials do not refer to project information (security context does not have package ID) and API key is not provided, LOAS project will be used. This config deprecates esf_use_loas_project_with_projectless_credentials flag. More details see b/112103632. |
|---|
| type | boolean |
|---|
|
|---|
| usesApiaryProxy | | description | Identifies services that serve requests via the Apiary proxy. This does _not_ include services that use Usage Manager for control plane functionality but serve requests via ESF. This flag can be used by Pantheon to authoritatively determine that the given api is an Apiary api and customize the UI behavior as needed (See b/30813984) |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LegacyGfeService | | description | A legacy non-GFESpec GFE service. The legacy GFE service must be defined in GFE fragment (google3/configs/production/gfe_services/prod/fragments/ or google3/googledata/production/gslbpush/sources/). |
|---|
| id | LegacyGfeService |
|---|
| properties | | service | | description | The name of legacy GFE service. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LegacyRule | | description | Specifies method level configurations on API method(s). |
|---|
| id | LegacyRule |
|---|
| properties | | disableEsfUserAgentDetection | | description | If true, ESF will skip checking the User-Agent header for error format. |
|---|
| type | boolean |
|---|
|
|---|
| enableEsfChecksum | | description | If true, ESF checksum will be enabled for the selected method, for both request and response. It will have extra cost on CPU and Memory usage. See go/esf-checksum for more details. WARNING: DO NOT USE BEFORE THIS WARNING MESSAGE IS REMOVED!!!!! |
|---|
| type | boolean |
|---|
|
|---|
| enableEsfFastPath | | description | If true, ESF Fast Path will be enabled to serve requests for the selected method. Fast Path utilizes a unified check cache for Authentication, Chemist, and SuperQuota. When the cache hits, most overhead in Auth and Chemist wrappers will be skipped, thus achieving better request latency. See go/esf-fast-path for more details. WARNING: DO NOT USE BEFORE THIS WARNING MESSAGE IS REMOVED!!!!! |
|---|
| type | boolean |
|---|
|
|---|
| enableEsfSherlog | | description | If true, then sherlog is enabled in ESF for the method within this API. See also the design doc at go/sherlog-esf |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ListOperationsResponse | | description | The response message for Operations.ListOperations. |
|---|
| id | ListOperationsResponse |
|---|
| properties | | nextPageToken | | description | The standard List next-page token. |
|---|
| type | string |
|---|
|
|---|
| operations | | description | A list of operations that matches the specified filter in the request. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ListTenancyUnitsResponse | | description | Response for the list request. |
|---|
| id | ListTenancyUnitsResponse |
|---|
| properties | | nextPageToken | | description | Pagination token for large results. |
|---|
| type | string |
|---|
|
|---|
| tenancyUnits | | description | Tenancy units matching the request. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LoasRequirements | | description | Configuration for using Service Account Identity in LOAS channel. |
|---|
| id | LoasRequirements |
|---|
| properties | | allowServiceAccount | | description | Accepts Service Account peer in LOAS channel. In Direct Path (go/direct-path), the LOAS channel connecting to ESF will identify a peer that is an IAM service account. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LocalIam | | description | Represents an IAM authorization check made against the local system authorization policy. This method is tracked by the LocalAuthorization library; see go/rpcsp-authz. |
|---|
| id | LocalIam |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Location | | id | Location |
|---|
| properties | | leadingComments | | description | If this SourceCodeInfo represents a complete declaration, these are any comments appearing before and after the declaration which appear to be attached to the declaration. A series of line comments appearing on consecutive lines, with no other tokens appearing on those lines, will be treated as a single comment. leading_detached_comments will keep paragraphs of comments that appear before (but not connected to) the current element. Each paragraph, separated by empty lines, will be one comment element in the repeated field. Only the comment content is provided; comment markers (e.g. //) are stripped out. For block comments, leading whitespace and an asterisk will be stripped from the beginning of each line other than the first. Newlines are included in the output. Examples: optional int32 foo = 1; // Comment attached to foo. // Comment attached to bar. optional int32 bar = 2; optional string baz = 3; // Comment attached to baz. // Another line attached to baz. // Comment attached to moo. // // Another line attached to moo. optional double moo = 4; // Detached comment for corge. This is not leading or trailing comments // to moo or corge because there are blank lines separating it from // both. // Detached comment for corge paragraph 2. optional string corge = 5; /* Block comment attached * to corge. Leading asterisks * will be removed. */ /* Block comment attached to * grault. */ optional int32 grault = 6; // ignored detached comments. |
|---|
| type | string |
|---|
|
|---|
| leadingDetachedComments | |
|---|
| path | | description | Identifies which part of the FileDescriptorProto was defined at this location. Each element is a field number or an index. They form a path from the root FileDescriptorProto to the place where the definition occurs. For example, this path: [ 4, 3, 2, 7, 1 ] refers to: file.message_type(3) // 4, 3 .field(7) // 2, 7 .name() // 1 This is because FileDescriptorProto.message_type has field number 4: repeated DescriptorProto message_type = 4; and DescriptorProto.field has field number 2: repeated FieldDescriptorProto field = 2; and FieldDescriptorProto.name has field number 1: optional string name = 1; Thus, the above path gives the location of a field name. If we removed the last element: [ 4, 3, 2, 7 ] this path refers to the whole field declaration (from the beginning of the label to the terminating semicolon). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| span | | description | Always has exactly three or four elements: start line, start column, end line (optional, otherwise assumed same as start line), end column. These are packed into a single field for efficiency. Note that line and column numbers are zero-based -- typically you will want to add 1 to each before displaying to a user. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| trailingComments | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| LocationGroup | | description | The group of locations so that a feature, like Quota, SLO, can be configured as the group of locations level. The location group will be referenced through the template `{$supported_location.groups.your_group_id}`. It will be expanded to each region string associated with the group. For example, for quota config: supported_location: regions: "europe-west1, europe-west2" groups: - group_id: "europe-regions" locations: "europe-west1, europe-west2" quota: limits: - name: "ALLOCATIONS-per-project-region" ... values: ... LOW/{$supported_location.groups.europe-regions}: 100 is equal to quota: limits: - name: "ALLOCATIONS-per-project-region" ... values: LOW/europe-west1: 100 LOW/europe-west2: 100 |
|---|
| id | LocationGroup |
|---|
| properties | | groupId | | description | The group_id will be used as the placeholder in different config aspects, i.e. endpoints, quota, etc. The group_id cannot be 'region' or 'location_id' to avoid misuse. |
|---|
| type | string |
|---|
|
|---|
| locations | | description | The locations of the group, all location_ids have to be declared in either in regions or zones but not a mix of them. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LocationPolicy | | id | LocationPolicy |
|---|
| properties | | locationProperties | | description | Definition of locations for the Policy |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LocationProperties | | description | Properties of a location, for either defining a new location or changing the properties of an existing location. |
|---|
| id | LocationProperties |
|---|
| properties | | displayName | | description | The friendly name for this location, typically a nearby city name. For example, "Tokyo". |
|---|
| type | string |
|---|
|
|---|
| forTesting | | description | If set, indicates that the location is not present in the GeoExpansion SoT and it can be used for testing purposes only (i.e. Billing, Quota may not recognize it). |
|---|
| type | boolean |
|---|
|
|---|
| labels | | additionalProperties | |
|---|
| description | Labels describing properties of this location. |
|---|
| type | object |
|---|
|
|---|
| locationId | | description | The location id, such as 'europe-west4' or 'northamerica-northeast-a' It can be a region, a zone or a user-defined location for testing purposes. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LogConfig | | description | Specifies what kind of log the caller must write |
|---|
| id | LogConfig |
|---|
| properties | | cloudAudit | | $ref | CloudAuditOptions |
|---|
| description | Cloud audit options. |
|---|
|
|---|
| counter | | $ref | CounterOptions |
|---|
| description | Counter options. |
|---|
|
|---|
| dataAccess | | $ref | DataAccessOptions |
|---|
| description | Data access options. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LogDescriptor | | description | A description of a log type. Example in YAML format: - name: library.googleapis.com/activity_history description: The history of borrowing and returning library items. display_name: Activity labels: - key: /customer_id description: Identifier of a library customer |
|---|
| id | LogDescriptor |
|---|
| properties | | description | | description | A human-readable description of this log. This information appears in the documentation and can contain details. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | The human-readable name for this log. This information appears on the user interface and should be concise. |
|---|
| type | string |
|---|
|
|---|
| labels | | description | The set of labels that are available to describe a specific log entry. Runtime requests that contain labels not specified here are considered invalid. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The name of the log. It must be less than 512 characters long and can include the following characters: upper- and lower-case alphanumeric characters [A-Za-z0-9], and punctuation characters including slash, underscore, hyphen, period [/_-.]. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Logging | | description | Logging configuration of the service. The following example shows how to configure logs to be sent to the producer and consumer projects. In the example, the `activity_history` log is sent to both the producer and consumer projects, whereas the `purchase_history` log is only sent to the producer project. monitored_resources: - type: library.googleapis.com/branch labels: - key: /city description: The city where the library branch is located in. - key: /name description: The name of the branch. logs: - name: activity_history labels: - key: /customer_id - name: purchase_history logging: producer_destinations: - monitored_resource: library.googleapis.com/branch logs: - activity_history - purchase_history consumer_destinations: - monitored_resource: library.googleapis.com/branch logs: - activity_history |
|---|
| id | Logging |
|---|
| properties | | consumerDestinations | | description | Logging configurations for sending logs to the consumer project. There can be multiple consumer destinations, each one must have a different monitored resource type. A log can be used in at most one consumer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| producerDestinations | | description | Logging configurations for sending logs to the producer project. There can be multiple producer destinations, each one must have a different monitored resource type. A log can be used in at most one producer destination. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LoggingDestination | | description | Configuration of a specific logging destination (the producer project or the consumer project). |
|---|
| id | LoggingDestination |
|---|
| properties | | logs | | description | Names of the logs to be sent to this destination. Each name must be defined in the Service.logs section. If the log name is not a domain scoped name, it will be automatically prefixed with the service name followed by "/". |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in the Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| LongRunning | | description | Describes settings to use when generating API methods that use the long-running operation pattern. All default values below are from those used in the client library generators (e.g. [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)). |
|---|
| id | LongRunning |
|---|
| properties | | initialPollDelay | | description | Initial delay after which the first poll request will be made. Default value: 5 seconds. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| maxPollDelay | | description | Maximum time between two subsequent poll requests. Default value: 45 seconds. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| pollDelayMultiplier | | description | Multiplier to gradually increase delay between subsequent polls until it reaches max_poll_delay. Default value: 1.5. |
|---|
| format | float |
|---|
| type | number |
|---|
|
|---|
| totalPollTimeout | | description | Total polling timeout. Default value: 5 minutes. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MediaDownload | | description | Defines the Media configuration for a service in case of a download. Use this only for Scotty Requests. Do not use this for media support using Bytestream, add instead [][google.bytestream.RestByteStream] as an API to your configuration for Bytestream methods. |
|---|
| id | MediaDownload |
|---|
| properties | | completeNotification | | description | A boolean that determines whether a notification for the completion of a download should be sent to the backend. |
|---|
| type | boolean |
|---|
|
|---|
| downloadService | | description | Specify name of the download service if one is used for download. |
|---|
| type | string |
|---|
|
|---|
| dropzone | | description | Name of the Scotty dropzone to use for the current API. |
|---|
| type | string |
|---|
|
|---|
| enabled | | description | Whether download is enabled. |
|---|
| type | boolean |
|---|
|
|---|
| maxDirectDownloadSize | | description | Optional maximum acceptable size for direct download. The size is specified in bytes. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| servePartialContentOnFullRangeRequest | | description | Optional whether range download requests with the header `Range: =0-` is supported. When this is enabled, the response for such requests will return 206 Partial Content instead of 200 OK, and also with the `Content-Range` in the response header to indicate the partial range of the message payload. To see what the difference in behavior is, please refer b/202156706 for more information. See details in RFC 7233: https://httpwg.org/specs/rfc7233.html#status.206 |
|---|
| type | boolean |
|---|
|
|---|
| useDirectDownload | | description | A boolean that determines if direct download from ESF should be used for download of this media. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MediaUpload | | description | Defines the Media configuration for a service in case of an upload. Use this only for Scotty Requests. Do not use this for media support using Bytestream, add instead [][google.bytestream.RestByteStream] as an API to your configuration for Bytestream methods. |
|---|
| id | MediaUpload |
|---|
| properties | | completeNotification | | description | A boolean that determines whether a notification for the completion of an upload should be sent to the backend. These notifications will not be seen by the client and will not consume quota. |
|---|
| type | boolean |
|---|
|
|---|
| dropzone | | description | Name of the Scotty dropzone to use for the current API. |
|---|
| type | string |
|---|
|
|---|
| enabled | | description | Whether upload is enabled. |
|---|
| type | boolean |
|---|
|
|---|
| maxSize | | description | Optional maximum acceptable size for an upload. The size is specified in bytes. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| mimeTypes | | description | An array of mimetype patterns. Esf will only accept uploads that match one of the given patterns. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| progressNotification | | description | Whether to receive a notification for progress changes of media upload. |
|---|
| type | boolean |
|---|
|
|---|
| startNotification | | description | Whether to receive a notification on the start of media upload. |
|---|
| type | boolean |
|---|
|
|---|
| supportResumable | | description | Whether to support resumable upload. If true, discovery doc output for a method that has media upload will mention that the method supports resumable upload. NOTE: Handling for resumable uploads needs to be configured through Scotty configuration. See go/scotty-customer-config and related docs for more details. |
|---|
| type | boolean |
|---|
|
|---|
| uploadService | | description | Specify name of the upload service if one is used for upload. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MediationConfig | | description | Configurations for Mediation service. Controls whether to call Mediation service to process frontend proto before sending it to backend or call Mediation service to process backend proto before sending it to client. Example: experimental: mediation: rules: - selector: google.calendar.Calendar.List request: enabled: true message_type_url: "type.googleapis.com/calendar.v1.LegacyListRequest" requested_contexts: - google.rpc.context.HttpHeaderContext - google.rpc.context.SystemParameterContext provided_contexts: - google.rpc.context.HttpHeaderContext response: enabled: true message_type_url: "type.googleapis.com/calendar.v1.LegacyListResponse" requested_contexts: - google.rpc.context.ConditionResponseContext provided_contexts: - google.rpc.context.HttpHeaderContext |
|---|
| id | MediationConfig |
|---|
| properties | | mediationServerStartupDelay | | description | Mediation service needs time to start. ESF should wait for mediation server to be ready. This field lists the time in seconds. 0 by default. Please contact api-migration@ team before setting this value. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| rules | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| MediationMethodConfig | | id | MediationMethodConfig |
|---|
| properties | | enabled | | description | Whether to invoke Mediator for request or response flow. |
|---|
| type | boolean |
|---|
|
|---|
| messageTypeUrl | | description | A URL of the message type that the mediator returns to ESF on the request flow or expects from ESF on the response flow. |
|---|
| type | string |
|---|
|
|---|
| providedContexts | | description | A list of full type names of contexts provided by the mediator. ESF receives them via the side channel and use them to override the contexts it may have prepared itself to send to the API backend. Available context types are defined in package `google.rpc.context`. This is exactly the same as how the API backends can provide context to ESF via `context` > `rules` > `provided` (http://google3/google/api/context.proto) |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requestedContexts | | description | A list of full type names of contexts requested by the mediator. ESF passes these via the side channel. Available context types are defined in package `google.rpc.context`. This is exactly the same as how the API backends can request context from ESF via `context` > `rules` > `requested` (http://google3/google/api/context.proto) |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MediationRule | | id | MediationRule |
|---|
| properties | | request | | $ref | MediationMethodConfig |
|---|
| description | Mediation config for request flow. |
|---|
|
|---|
| response | | $ref | MediationMethodConfig |
|---|
| description | Mediation config for response flow. |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Members | | description | A set of authorities (e.g. users, authority selectors). |
|---|
| id | Members |
|---|
| properties | | all | | $ref | Empty |
|---|
| description | An authority is part of this |Members| set if |all| is set. Note: everything is matched, normal users, prod users, authority selectors and anonymous users included. |
|---|
|
|---|
| allExceptAnonymous | | $ref | Empty |
|---|
| description | A non-anonymous authority is part of this |Members| set if |all_except_anonymous| is set. Note: everything except anonymous credentials is matched, normal users, prod users, and authority selectors included. |
|---|
|
|---|
| allNormalUsers | | $ref | Empty |
|---|
| description | An authority is part of this |Members| set if it is a normal user or anonymous user and |all_normal_users| is set. |
|---|
|
|---|
| includes | | description | User-specified variables for templated member authorities. The variables are resolved through supplying instantiation with matching keys. Ex: includes: 'eng-group' WARNING: this field is only supported for policies in the RpcSP central repo (google3/configs/security/rpcsp). See go/rpcsp2-templating for usage. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| localProdGroups | | description | An authority is part of this |Members| set if it is a prod user within special local groups. Use when the service cannot depend on Chubby. More info: go/aclrep-ld |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodAuthoritySelectors | | description | An authority is part of this |Members| set if it is a prod authority selector in |prod_authority_selectors|, specified without prefix. Ex: 'tonic-policy-foo' or 'widget-admin' |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodGroups | | description | An authority is part of this |Members| set if its prod user is part of a prod group (aka "Chubby ACL" or "MDB group") in |prod_group| by Chubby expansion without suffix and with the @prod.google.com suffix implied (e.g. 'foo-readers'). More info: go/ganpati2-faq#ganpati-chubby. go/ganpati-expansion#chubby-expansion go/rpcsp-2-reference-guide#Members.prod_groups (for more information on disallowed/discouraged groups) |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodUsers | | description | An authority is part of this |Members| set if it is a prod user in |prod_users|, specified without prefix and with @prod.google.com suffix implied. Ex: 'gmail-lookup-batch' or 'sundar' |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| self | | $ref | Empty |
|---|
| description | An authority is part of this |Members| set if its prod user is the same as the prod user running the binary and |self| is set. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MessageLimitsRule | | description | Configurations for request payload limits. Request limit is enforced on the request payload received from the client. By default, or if a limit value is smaller or equals to 0, the limit is disabled. Example: experimental: advanced: message_limits_rules: - selector: google.library.v1.LibraryService.* request_limit: 1024000 Note: For compressed HTTP request payload, HTTPServer2 applies a global size limit for each uncompressed message, set by --max_uncompress_bytes (default 1M). That is overridden to request_limit if it is greater than 0. |
|---|
| id | MessageLimitsRule |
|---|
| properties | | requestLimit | | description | The maximum number of bytes allowed in the request payload received from client. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MessageOptions | | id | MessageOptions |
|---|
| properties | | deprecated | | description | Is this message deprecated? Depending on the target platform, this can emit Deprecated annotations for the message, or it will be completely ignored; in the very least, this is a formalization for deprecating messages. |
|---|
| type | boolean |
|---|
|
|---|
| deprecatedLegacyJsonFieldConflicts | | description | Enable the legacy handling of JSON field name conflicts. This lowercases and strips underscored from the fields before comparison in proto3 only. The new behavior takes `json_name` into account and applies to proto2 as well. This should only be used as a temporary measure against broken builds due to the change in behavior for JSON field name conflicts. TODO(b/261750190) This is legacy behavior we plan to remove once downstream teams have had time to migrate. |
|---|
| type | boolean |
|---|
|
|---|
| goApiFlag | | description | BEGIN GOOGLE-INTERNAL Use this option to affect how Go code is generated. For a list of allowed values and detailed explanation, see go/go-api-flag. The go_api_flag will likely be implemented as a Protobuf Editions Feature (go/protobuf-editions) and open sourced in the future. END GOOGLE-INTERNAL |
|---|
| type | string |
|---|
|
|---|
| mapEntry | | description | NOTE: Do not set the option in .proto files. Always use the maps syntax instead. The option should only be implicitly set by the proto compiler parser. Whether the message is an automatically generated map entry type for the maps field. For maps fields: map map_field = 1; The parsed descriptor looks like: message MapFieldEntry { option map_entry = true; optional KeyType key = 1; optional ValueType value = 2; } repeated MapFieldEntry map_field = 1; Implementations may choose not to generate the map_entry=true message, but use a native map in the target language to hold the keys and values. The reflection APIs in such implementations still need to work as if the field is a repeated message field. |
|---|
| type | boolean |
|---|
|
|---|
| messageSetWireFormat | | description | BEGIN GOOGLE-INTERNAL Most users should ignore this and look directly at net/proto2/bridge/proto/message_set.proto. END GOOGLE-INTERNAL Set true to use the old proto1 MessageSet wire format for extensions. This is provided for backwards-compatibility with the MessageSet wire format. You should not use this for any other reason: It's less efficient, has fewer features, and is more complicated. The message must be defined exactly as follows: message Foo { option message_set_wire_format = true; extensions 4 to max; } Note that the message cannot have any defined fields; MessageSets only have extensions. All extensions of your type must be singular messages; e.g. they cannot be int32s, enums, or repeated messages. Because this is an option, the above two restrictions are not enforced by the protocol compiler. |
|---|
| type | boolean |
|---|
|
|---|
| noStandardDescriptorAccessor | | description | Disables the generation of the standard "descriptor()" accessor, which can conflict with a field of the same name. This is meant to make migration from proto1 easier; new code should avoid fields named "descriptor". |
|---|
| type | boolean |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Metadata | | description | BEGIN GOOGLE-INTERNAL Describes the name, type, and cardinality of an extension field. This can can only be added to an extension range declaration of a single field number. For example: message Foo { extensions 1 [metadata = { name: "hello", type: "HelloMessage" }]; } This represents that the extension in field number 1 reserves the name "hello" and it is of the fully qualified type "HelloMessage". The name will be validated for uniqueness as compared with normal field declarations and reserved field names, while the type will be validated with the definition where the extendee extends Foo with field number 1 to be of the same type and cardinality. One can also indicate the expected cardinality of the extension field with is_repeated like so: message Foo { extensions 1 [metadata = { name: "hello", type: "HelloMessage", is_repeated: true }]; } This data is bidirectionally copied to and from go/named-extensions and go/typed-extensions as part of a transitory period from those abstractions to this one. |
|---|
| id | Metadata |
|---|
| properties | | isRepeated | | description | If true, indicates that the extension must be defined as repeated. Otherwise the extension must be defined as optional. |
|---|
| type | boolean |
|---|
|
|---|
| name | | description | Name of the field; validated for uniqueness in file with respect to normal field declarations and reserved field names. The name must be a sequence of letters, digits, and underscores, not starting with a digit. |
|---|
| type | string |
|---|
|
|---|
| type | | description | The fully qualified name of the type to require in any definitions. If specified, the compiler validates: - that the fully qualified name of the type used in an extendee definition matches the value provided - that the type name contains only letters, numbers, digits, underscores, and periods. Notably, the compiler does not validate that this name represents a valid type. A leading "." can be optionally specified. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetadataPolicy | | description | This message defines resource metadtata extraction policy applied to a certain field containing the resource. Examples: Assuming the following definitions for the ApiKeys service. message ApiKey { string name = 1; string display_name = 2; google.protobuf.Timestamp create_time = 3; string location = 4; } message UpdateApiKeyRequest { ApiKey key = 1; google.protobuf.FieldMask update_mask = 2; } message BatchUpdateApiKeyRequest { string parent = 1; repeated ApiKey keys = 2; google.protobuf.FieldMask update_mask = 3; } message BatchUpdateApiKeyresponse { repeated ApiKey keys = 1; } To annotate the metadata_policies, we have: service ApiKeys { // Standard Update API to update one ApiKey. rpc UpdateApiKey(UpdateApiKeyRequest) returns (ApiKey) { option (google.api.method_policy) = } flags: "ENABEL_CAIS_INTEGRATION" metadata: "method_type: UPDATE" response_policies { selector: "name" resource_type: "codelabapikeys.googleapis.com/ApiKey" metadata_policies { type: "CREATE_TIME" value_selector: "create_time" } metadata_policies { type: "LOCATION" value_selector: "location" } } }; } // Batch Update API to update all ApiKeys under same projects. rpc BatchUpdateApiKey(BatchUpdateApiKeyRequest) returns (BatchUpdateApiKeyResponse { option (google.api.method_policy) = } flags: "ENABEL_CAIS_INTEGRATION" metadata: "method_type: UPDATE" response_policies { selector: "keys.name" resource_type: "codelabapikeys.googleapis.com/ApiKey" metadata_policies { type: "CREATE_TIME" value_selector: "keys.create_time" } metadata_policies { type: "LOCATION" value_selector: "keys.location" } } }; } } |
|---|
| id | MetadataPolicy |
|---|
| properties | | type | | description | The type of resource metadata information can be extracted. |
|---|
| type | string |
|---|
|
|---|
| valueExtractors | | description | [RE2](https://github.com/google/re2/wiki/Syntax) RegEx strings to extract the information from the field value of the `value_selector` field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| valueSelector | | description | Field path to the request or response message field that contains the resource metadata information associated with the resource pointed by the enclosing FieldPolicy.selector. When left unset, the MetadataPolicy information is not contained in any field. Example: value_selector: key.name |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Method | | description | Method represents a method of an API interface. |
|---|
| id | Method |
|---|
| properties | | name | | description | The simple name of this method. |
|---|
| type | string |
|---|
|
|---|
| options | | description | Any metadata attached to the method. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requestStreaming | | description | If true, the request is streamed. |
|---|
| type | boolean |
|---|
|
|---|
| requestTypeUrl | | description | A URL of the input message type. |
|---|
| type | string |
|---|
|
|---|
| responseStreaming | | description | If true, the response is streamed. |
|---|
| type | boolean |
|---|
|
|---|
| responseTypeUrl | | description | The URL of the output message type. |
|---|
| type | string |
|---|
|
|---|
| syntax | | description | The source syntax of this method. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodDescriptorProto | | description | Describes a method of a service. |
|---|
| id | MethodDescriptorProto |
|---|
| properties | | clientStreaming | | description | Identifies if client streams multiple client messages |
|---|
| type | boolean |
|---|
|
|---|
| inputType | | description | Input and output type names. These are resolved in the same way as FieldDescriptorProto.type_name, but must refer to a message type. |
|---|
| type | string |
|---|
|
|---|
| name | |
|---|
| options | |
|---|
| outputType | |
|---|
| serverStreaming | | description | Identifies if server streams multiple server messages |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodOptions | | description | BEGIN GOOGLE-INTERNAL The following options are Stubby-specific. They get a blessed position in the proto language for historical reasons. |
|---|
| id | MethodOptions |
|---|
| properties | | clientLogging | | description | Options Logging Level control whether or not clients and servers log the request/reply messages to disk (for later analysis in case of crashes or performance anomalies). -client_logging: controls the logging done at the client. -server_logging: controls the logging done at the server. If Logging Level option is set to N, any metadata + the first N bytes of request/reply protocol buffers are logged by the client. The metadata includes information such as the request type, the identity of the peer, timing, sizes, etc. For more details about the log files, see the BINARY_INFO(http://engdoc/eng/doc/devguide/stubby/cpp-debugging#binary_info) section. If Logging Level option is set to a negative number, nothing is logged at the client. Use this setting for RPCs that are invoked often enough that logging causes performance problems. The binary encoding of a protocol message is done in tag order. That is, if two fields in a protocol message have tags 10 and 17, the tag numbered 10 (and its associated value) show up earlier in the encoded message. You can use this property to your advantage to make sure that important fields are given a small number so that they tend to show up in the first N bytes of the encoded message. none was only allowed as a logging specification in proto1 syntax .proto files; in proto2 syntax .proto files, use negative numbers; in C++ code, use RPC::NO_LOGGING. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| clientStreaming | | description | Deprecated. |
|---|
| type | boolean |
|---|
|
|---|
| deadline | | description | Option deadline sets deadline (in seconds) for how long the RPC is allowed to take. If no reply is received in the specified amount of time, the request is aborted and an error status satisfying rpc::status::IsDeadlineExceeded() is returned to the caller. By default, an RPC has no deadline. For production applications, always set a finite deadline on every RPC. Note: the RPC subsystem takes care of automatically retransmitting data when necessary, so you should set the deadline only to cover application-level timeouts, not to handle network packet loss. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| deprecated | | description | Is this method deprecated? Depending on the target platform, this can emit Deprecated annotations for the method, or it will be completely ignored; in the very least, this is a formalization for deprecating methods. |
|---|
| type | boolean |
|---|
|
|---|
| duplicateSuppression | | description | Controls whether or not the server keeps track of recently executed requests in a table. If duplicate suppression is on for a given RPC, and the response from the server is either OK or an application error (an error satisfying rpc::status::IsApplicationError()), then the response is stored in a table on the server. If a retransmission of the request arrives at the server, the server responds with the recorded response instead of reexecuting the request. By default, duplicate suppression is off. If a request is not idempotent (that is, executing the same request twice would be incorrect), you should turn on duplicate suppression for that request. This prevents RPC retransmissions from causing application-level bugs. Note: however that this mechanism does not provide at-most-once execution semantics because the contents of the duplicate-suppression table are lost on server restart, and furthermore old entries are tossed whenever the table fills up. Therefore if your application requires at-most-once execution for an RPC, you have to build that functionality directly into your application, perhaps by writing the response to stable storage before responding to the client. However duplicate suppression at the RPC layer may still be useful because it may prevent expensive checks. |
|---|
| type | boolean |
|---|
|
|---|
| endUserCredsRequested | | description | Advises the client to send end user creds from its security context. This is not a mandate, i.e., a client may choose not to send these creds for whatever reason. Setting this to false suppresses automatic creds forwarding by the client. DEPRECATED. This option is deprecated, and will be deleted once it is removed from existing Stubby service definitions, as per http://go/rpc-authority-migration-lsc |
|---|
| type | boolean |
|---|
|
|---|
| failFast | | description | Option fail_fast causes the RPC to abort quickly if the server is known to be unreachable (dead, unresponsive, or on the other side of a network partition). Otherwise, the RPC is retried indefinitely until it receives a response from the server, or any specified deadline expires. For example, set fail_fast if a mixer or a balancer is fetching results from N shards and wants to not wait for results from dead shards. Also, set fail_fast to true if you can retry another replica at a higher level in case the first one is dead. |
|---|
| type | boolean |
|---|
|
|---|
| goLegacyChannelApi | | description | Setting this on a legacy unidirectional streaming method informs the Go code generator to generate the channel-based Stubby stream code. This does not affect the wire protocol. |
|---|
| type | boolean |
|---|
|
|---|
| idempotencyLevel | | enum | - IDEMPOTENCY_UNKNOWN
- NO_SIDE_EFFECTS
- IDEMPOTENT
|
|---|
| enumDescriptions | - implies idempotent
- idempotent, but may have side effects
|
|---|
| type | string |
|---|
|
|---|
| legacyClientInitialTokens | | description | Client-side and server-side initial token count and unit. Compatibility support for old streaming syntax. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| legacyResultType | | description | The message type that the server sends to the client as the final response. |
|---|
| type | string |
|---|
|
|---|
| legacyServerInitialTokens | |
|---|
| legacyStreamType | | description | The message type that the server streams to the client. |
|---|
| type | string |
|---|
|
|---|
| legacyTokenUnit | | description | Note: The original token_unit option in the StreamOptions message defaults to MESSAGE, but here we default to BYTE, since many existing stubby4 .proto files depend on this default. |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| logLevel | | description | Log level can take the following values: - LOG_NONE Do not log anything. - LOG_HEADER_ONLY Just log the header. - LOG_HEADER_AND_NON_PRIVATE_PAYLOAD_INTERNAL Always log header. Log payload if security_level is below SSL_PRIVACY_AND_INTEGRITY. This is the internal default and should never be set explicitly. - LOG_HEADER_AND_FILTERED_PAYLOAD Always log header. Log payload if a filter is set (see rpc::SetLogFilter). - LOG_HEADER_AND_PAYLOAD = 4 Log header and payload (truncated at 256 bytes by default). This can only be considered **advisory** at the moment, as not all Google RPC implementations respect it. |
|---|
| enum | - LOG_NONE
- LOG_HEADER_ONLY
- LOG_HEADER_AND_NON_PRIVATE_PAYLOAD_INTERNAL
- LOG_HEADER_AND_FILTERED_PAYLOAD
- LOG_HEADER_AND_PAYLOAD
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| protocol | | description | This parameter specifies the network protocol to use for sending requests. -TCP: The default value, which causes all requests/responses to traverse the same TCP connection. -UDP: If you have small requests and responses, and want to reduce the number of active connections in the system, you can specify particular RPCs to use udp. Note: however, that UDP requests will fail unless you disable LOAS. For more information, see the LOAS FAQ (http://g3doc/security/loas/g3doc/faq#does-loas-work-with-udp). |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| requestFormat | | enum | - UNCOMPRESSED
- ZIPPY_COMPRESSED
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| responseFormat | | description | Stubby supports lightweight compression of RPC requests and responses. For requests, the first request from a client to the server is always sent uncompressed because the client does not yet know if the server supports compression. The first response from the server contains the protocol version it implements. The second and later requests are compressed if RPC::request_format is RPC::ZIPPY_COMPRESSED, the server's protocol version indicates that it supports request compression, and the request data might benefit from compression. Currently, a simple heuristic is used that applies compression if the data is at least 1400 bytes and at most 16 megabytes. For responses, if the RPC::response_format is set to RPC::ZIPPY_COMPRESSED compresses RPC responses if the server decides the result data might benefit from compression. RPC request compression is currently supported only in C++ and SWIG-based Python programs. RPC response compression is supported in C++, Java, and SWIG-based Python programs. |
|---|
| enum | - UNCOMPRESSED
- ZIPPY_COMPRESSED
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| securityLabel | | description | A security label (eg: admin, read) attached to a method by the service developer. Anyone who deploys this service can then specify an ACL for this label in a configuration file (eg: acl_admin = mdb/drawbridge) This ACL will then be enforced automatically by stubby (within the LabelACL library), ie, only users explicitly specified in the ACL for a security label will be allowed to access methods with that security label. Labels are case insensitive. For the list of allowed labels and other details, please see http://sites/labelacls/ |
|---|
| type | string |
|---|
|
|---|
| securityLevel | | description | Controls the minimum security level required of the connection in order to run the RPC. Any request to run the RPC over a connection with a lower security level is automatically upgraded, unless you explicitly disable LOAS on the channel. For more details, see the LOAS FAQ (http://g3doc/security/loas/g3doc/faq##SecurityLevel). Security levels other than none can only be used with protocol tcp. Security levels that are available are (see enum SecurityLevel): none, integrity, privacy_and_integrity, strong_privacy_and_integrity . (The last two are interchangeable.) |
|---|
| enum | - NONE
- INTEGRITY
- PRIVACY_AND_INTEGRITY
- STRONG_PRIVACY_AND_INTEGRITY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| serverLogging | |
|---|
| serverRequiredSecurityLevel | | description | Controls the minimum security level that stubby server will accept for incoming RPCs. The purpose of this field is to ease increasing the security level of existing methods by allowing servers to temporarily accept lower security level than what is specified in the `security_level` field. If this field is set to a higher level than `security_level` then it its value will be ignored. See go/server-required-security-level for additional details. |
|---|
| enum | - NONE
- INTEGRITY
- PRIVACY_AND_INTEGRITY
- STRONG_PRIVACY_AND_INTEGRITY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| serverStreaming | | description | Identifies if server streams multiple server messages |
|---|
| type | boolean |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodParameterRule | | description | A MethodParameterRule is used to configure per-method behavior/overrides for fields that are used as parameters in the request for the method. |
|---|
| id | MethodParameterRule |
|---|
| properties | | parameters | | description | Specify overrides of the per-field configs for fields used as request parameters for this method. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodPolicy | | description | Defines policies applying to an RPC method. |
|---|
| id | MethodPolicy |
|---|
| properties | | action | | description | Full method name for which these policies should be enforced, for example, "google.pubsub.v1.Subscriber.CreateSubscription". NOTE: This field must not be set in the proto annotation. It will be automatically filled by the service config compiler . NOTE: This field can not be specified together with the 'selector' field. |
|---|
| type | string |
|---|
|
|---|
| activeDeveloperMethod | | description | Specifies whether calls to this method come from users to be counted as "active developers". |
|---|
| type | boolean |
|---|
|
|---|
| auditing | | description | Cloud Audit Logging directives applied to this action. List of audit directives (comma separated) to apply to this method. An auditing directive must be provided for every method once a service integrates with Cloud Audit Logging . If the method is not annotated with CLOUD_AUDIT_EXEMPT , the contents of the request and response will be audited based on the FieldPolicy.auditing directives. Currently following values are supported: - **CLOUD_AUDIT_REQUEST_AND_RESPONSE**: Audit both request and response of this action in Cloud Audit Logging. - **CLOUD_AUDIT_REQUEST_ONLY**: Only audit the request of this action in Cloud Audit Logging. - **CLOUD_AUDIT_EXEMPT**: Do not audit this action in Cloud Audit Logging. |
|---|
| type | string |
|---|
|
|---|
| authorization | | description | Authorization directive applied to this action. An authorization directive must be provided for every method to indicate the authorization requirement once a service integrates with Cloud IAM. Currently following values are supported: - **AUTO_CLOUD_IAM**: Cloud IAM policy check is required and must be enforced automatically by framework based on `FieldPolicy.resource_permission` in `request_policies`. At least one field in request must be annotated with `resource_permission`. - **MANUAL_CLOUD_IAM**: Cloud IAM policy check is required and should be enforced by service producer manually. Framework may install obligation to ensure permission check is indeed performed. `resource_permission` might be annotated in request fields for documentation generation or obligation check. - **NO_CLOUD_IAM**: No Cloud IAM policy check needed or the check is delegated to another backend. `resource_permission` should not be annotated in any request fields. - **DARKLAUNCH_CLOUD_IAM**: Cloud IAM policy based on `FieldPolicy.resource_permission` in `request_policies` is checked but not enforced. This mode is only used when migrating from non-CPE authorization enforcement to Cloud Policy Enforcement (CPE). - **DOCUMENTATION_ONLY**: `resource_permission` is only used for documentation generation and is not enforced. This value can only be specified in OnePlatform configurations. |
|---|
| type | string |
|---|
|
|---|
| flags | | description | Security policy directive applied to this action. List of flags (comma-separated) controls how security policy is enforced by framework. |
|---|
| type | string |
|---|
|
|---|
| metadata | | additionalProperties | |
|---|
| description | Additional metadata to configure policy behavior. |
|---|
| type | object |
|---|
|
|---|
| requestPolicies | | description | Policies that are applicable to the request message. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| responsePolicies | | description | Policies that are applicable to the response message. NOTE: some policies don't apply to responses, such as resource permission and OrgPolicy. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects a method to which these policies should be enforced, for example, "google.pubsub.v1.Subscriber.CreateSubscription". Refer to selector for syntax details. NOTE: This field must not be set in the proto annotation. It will be automatically filled by the service config compiler . NOTE: This field can not be specified together with the 'action' field. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodQualifier | | description | Qualifiers that restrict the requests that an `EndpointPolicy` or `RpcSecurityPolicyMapping` will apply to. This is useful in cases where more than one `mapping` or `endpoint_policy` applies to the same RPC method. |
|---|
| id | MethodQualifier |
|---|
| properties | | actions | | description | Used primarily for Apps Framework actions (go/af-concepts/actions). The action name must match [.a-zA-Z0-9_-]+, no wildcard is allowed. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodReplacementRule | | description | A rule that indicates that for discovery purposes the method(s) indicated by the selector should have their request, response, or both replaced by the indicated schema. |
|---|
| id | MethodReplacementRule |
|---|
| properties | | hideRequestBodyFromDiscovery | | description | When set to true, the request body of this method won't be documented through the API's consumer interface. |
|---|
| type | boolean |
|---|
|
|---|
| hideResponseBodyFromDiscovery | | description | When set to true, the response body of this method won't be documented through the API's consumer interface. |
|---|
| type | boolean |
|---|
|
|---|
| inlineRequestSchema | | description | Replaces the request with corresponding `request_schema` defined in the `migration.schemas` configuration regardless of the original field type, corresponding schema will not show in discovery doc `discovery.schemas` section. |
|---|
| type | boolean |
|---|
|
|---|
| inlineResponseSchema | | description | Replaces the response with corresponding `response_schema` defined in the `migration.schemas` configuration regardless of the original field type, corresponding schema will not show in discovery doc `discovery.schemas` section. |
|---|
| type | boolean |
|---|
|
|---|
| parameterOrder | | description | The parameter order that should show up in the discovery doc `parameterOrder` field of this method. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| requestParameterName | | description | Indicates whether this method request has parameter name. This field controls whether and what should be set to the `parameterName` field of the method request in the discovery doc. |
|---|
| type | string |
|---|
|
|---|
| requestSchema | | description | The message (either proto message or a schema in the `migration.schemas` configuration) to use as the request type in discovery. |
|---|
| type | string |
|---|
|
|---|
| responseSchema | | description | The message (either proto message or a schema in the `migration.schemas` configuration) to use as the response type in discovery. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the method to which this rule applies. |
|---|
| type | string |
|---|
|
|---|
| supportsSubscription | | description | Indicates whether this method supports subscriptions. This field controls whether `supportsSubscription` field should be set for the method in the discovery doc. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MethodSettings | | description | Describes the generator configuration for a method. |
|---|
| id | MethodSettings |
|---|
| properties | | longRunning | | $ref | LongRunning |
|---|
| description | Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_behavior: - selector: CreateAdDomain long_running: initial_poll_delay: seconds: 60 # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: seconds: 360 # 6 minutes total_poll_timeout: seconds: 54000 # 90 minutes |
|---|
|
|---|
| selector | | description | The fully qualified name of the method, for which the options below apply. This is used to find the method to apply the options. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricDescriptor | | description | Defines a metric type and its schema. Once a metric descriptor is created, deleting or altering it stops data collection and makes the metric type's existing data unusable. |
|---|
| id | MetricDescriptor |
|---|
| properties | | description | | description | A detailed description of the metric, which can be used in documentation. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota. |
|---|
| type | string |
|---|
|
|---|
| labels | | description | The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| launchStage | | description | Optional. The launch stage of the metric definition. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| metadata | | $ref | MetricDescriptorMetadata |
|---|
| description | Optional. Metadata which can be used to guide usage of the metric. |
|---|
|
|---|
| metricKind | | description | Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported. |
|---|
| enum | - METRIC_KIND_UNSPECIFIED
- GAUGE
- DELTA
- CUMULATIVE
|
|---|
| enumDescriptions | - Do not use this default value.
- An instantaneous measurement of a value.
- The change in a value during a time interval.
- A value accumulated over a time interval. Cumulative measurements in a time series should have the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.
|
|---|
| type | string |
|---|
|
|---|
| monitoredResourceTypes | | description | Read-only. If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoringMigration | | $ref | MonitoringMigration |
|---|
| description | Optional. This would only be used for migration purpose. |
|---|
|
|---|
| name | | description | The resource name of the metric descriptor. |
|---|
| type | string |
|---|
|
|---|
| type | | description | The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" "appengine.googleapis.com/http/server/response_latencies" |
|---|
| type | string |
|---|
|
|---|
| unit | | description | The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component { "." Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, "new users per day" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new users). Alternatively, "thousands of page views per day" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean "5300 page views per day"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means "3 percent"). |
|---|
| type | string |
|---|
|
|---|
| valueType | | description | Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported. |
|---|
| enum | - VALUE_TYPE_UNSPECIFIED
- BOOL
- INT64
- DOUBLE
- STRING
- DISTRIBUTION
- MONEY
|
|---|
| enumDescriptions | - Do not use this default value.
- The value is a boolean. This value type can be used only if the metric kind is `GAUGE`.
- The value is a signed 64-bit integer.
- The value is a double precision floating point number.
- The value is a text string. This value type can be used only if the metric kind is `GAUGE`.
- The value is a `Distribution`.
- The value is money.
|
|---|
| type | string |
|---|
|
|---|
| visibilityRestriction | | description | Control the visibility of this metric. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricDescriptorMetadata | | description | Additional annotations that can be used to guide the usage of a metric. |
|---|
| id | MetricDescriptorMetadata |
|---|
| properties | | ingestDelay | | description | The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| launchStage | | description | Deprecated. Must use the MetricDescriptor.launch_stage instead. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| samplePeriod | | description | The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricMapping | | description | The metric mapping info. |
|---|
| id | MetricMapping |
|---|
| properties | | labelMappings | | description | The label mappings. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metric | | description | The mapped metric name/type. For Stackdriver source metric, this will be Monarch metric. For Monarch metric, this will be Stackdriver metric. |
|---|
| type | string |
|---|
|
|---|
| monitoredResource | | description | The mapped monitored resource associated with this metric. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MetricRule | | description | Bind API methods to metrics. Binding a method to a metric causes that metric's configured quota behaviors to apply to the method call. |
|---|
| id | MetricRule |
|---|
| properties | | dynamicMetricCosts | | additionalProperties | | enum | - DYNAMIC_COST_TYPE_UNSPECIFIED
- REQUEST_BODY_BYTES
- REQUEST_BODY_AND_HEADER_BYTES
- RESPONSE_BODY_BYTES
- RESPONSE_BODY_AND_HEADER_BYTES
|
|---|
| enumDescriptions | - Unspecified dynamic cost type.
- Cost is the request body bytes
- Cost is the request body and HTTP header bytes
- Cost is the response body bytes
- Cost is the response body and header bytes
|
|---|
| type | string |
|---|
|
|---|
| description | Metrics to update when the selected methods are called. The key of the map is the metric name, the value is the DynamicCostType to specify how to calculate the cost from the request. The cost amount will be increased for the metric against which the quota limits are defined. |
|---|
| type | object |
|---|
|
|---|
| metricCosts | | additionalProperties | |
|---|
| description | Metrics to update when the selected methods are called, and the associated cost applied to each metric. The key of the map is the metric name, and the values are the amount increased for the metric against which the quota limits are defined. The value must not be negative. |
|---|
| type | object |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Migration | | description | Defines configuration for Apiary to One Platform migration. WARNING: must not use these settings for new One Platform APIs. For questions, please contact api-migration@. |
|---|
| id | Migration |
|---|
| properties | | allowBackendBatchRequestWithoutContentId | | description | Each inner request in backend batch request must have unique Content-ID header value. Some legacy Apiary clients send backend batch request without Content-ID header. When set to true, ESF will automatically assign a random id when no Content-ID is found. Otherwise, http 400 error will be returned. Deprecated: This now is enabled by default. |
|---|
| type | boolean |
|---|
|
|---|
| allowBatchInnerPathWithoutLeadingSlash | | description | Inner request paths in http batch request must either be empty or begin with a slash (/), see https://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Definition Some legacy Apiary clients send inner request paths without leading slash which cause http library failures. This setting provides a compatible way to handle such batch requests. |
|---|
| type | boolean |
|---|
|
|---|
| allowCredentialProjectFallbackForMalformedApiKey | | description | If true, this service allows requests that provide a malformed API key to fall back to the credential project number for quota enforcement purposes. Design: go/apiary-migration-malformed-api-keys By default, One Platform rejects requests which provide malformed API Keys. Apiary, on the other hand, ignores malformed API keys and will instead attempt to consume quota from a fallback project identifier such as the project number resolved from the authentication credential. Enabling this feature loosens Chemist enforcement of malformed API keys. Instead of rejecting a request outright, Chemist will attempt to fall back to consuming quota from the credential project to mimic Apiary behavior in this specific scenario. Credential project fallback applies only to requests which provide a malformed API key. |
|---|
| type | boolean |
|---|
|
|---|
| apiRules | | description | A list of migration rules that apply to individual API interfaces (aka proto "service"). **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| apiaryDiscoveryName | | description | The discovery name in Apiary API's discovery url. For example, if your Apiary discovery doc is/was fetched at https://www.googleapis.com/discovery/v1/apis/foo/v1/rest, then this field should be "foo". Setting this field will enable the same URL path for discovery doc in OP. This value generally but not always matches both legacy > api_v1_name as well as discovery > api_name. To avoid any confusion, start with your Apiary discovery doc URL to derive this field value. |
|---|
| type | string |
|---|
|
|---|
| batchInnerRequestsCountSoftLimit | | description | When a batch request contains more than this count of inner requests, only requests until this limit are processed normally. The remaining inner requests are rejected with 429 (Too many requests) or, in case, batch_return_403_for_quota_errors is set, with HTTP 403 (Forbidden). There is no change in the response code for the outer batch request (which is usually HTTP 200). This setting differs from advanced > batch > inner_request_count_limit in that the latter is a hard limit while this is a soft limit. A batch request with more inner requests than that hard limit get summarily rejected. As such, the current setting should always be strictly less than `inner_request_count_limit`and this condition is enforced. Also this field cannot be set without setting inner_request_count_limit since otherwise there is no hard limit on batch sizes. This setting allows ESF backends to not be overwhelmed by large batch requests while at the same time not breaking clients that have been sending large-sized batch requests (up to Apiary maximum limit) before this API migrated to Apiary. The effectiveness of this setting hinges on API clients (1) retrying on 403/429 error code and (2) retrying only for failed inner requests. This is generally true of Google API clients. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| batchRedirectConfig | | $ref | GfeRedirectConfig |
|---|
| description | The error redirection config for HTTP batch method. Note that the error redirection is only meaningful for request parsing errors, specifically: 1: The redirection will happen if the outer request fails to parse. 2: Inner requests will not be redirected indiviually for any error if the outer request is OK. 3: The redirection will only happen in the request flow. For an outer batch request, there is no "backend" being hit thus the concept of "response flow" is not appliable anymore. |
|---|
|
|---|
| disableApiaryMethodNamesCheck | | description | If any method in a package with corresponding "Apiary method name" is added to `proto_to_apiary_method_names`, all methods in that package with corresponding "Apiary method names" should be added. Failure to do so will cause inconsistent method name and method id styles in discovery doc, Apiary and OnePlatform styles will co-exist, and those methods will get put into different sections for docgen output. Set this field only if inconsistent styles already exist in released public discovery doc at https://{SERVICE_NAME}/$discovery/rest?version={API_VERSION}. If you haven't finished the migration of discovery doc, please add all missing methods to `proto_to_apiary_method_names`. Even if the missing methods are hidden from the public discovery doc, please add any "Apiary method name" strings for those methods rather than disabling this check. |
|---|
| type | boolean |
|---|
|
|---|
| discoveryConfig | | $ref | DiscoveryConfig |
|---|
| description | TODO(b/142483879) Move other discovery-related fields into DiscoveryConfig |
|---|
|
|---|
| enableDomainRestriction | | description | If true, ESF will do the domain restriction by checking the service account domain, email account domain and dasher account domain with the given GaiaMintUserCredential. ESF will fail when the domain is restricted in the gaia post auth process. This feature should only be used for migration purposes. |
|---|
| type | boolean |
|---|
|
|---|
| enumRules | | description | A list of migration rules that apply to individual enum types. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| enumValueRules | | description | A list of migration rules that apply to individual enum values. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | | $ref | MigrationEnumValueRule |
|---|
|
|---|
| type | array |
|---|
|
|---|
| errorFallbackConfig | | $ref | ErrorFallbackConfig |
|---|
| description | Configurations for instructing ESF to forward an inner batch request to Apiary when the request fails and triggers error redirection conditions. See go/esf-apiary-forwarding-design for details. |
|---|
|
|---|
| errors | | additionalProperties | |
|---|
| description | Apiary-style backend-to-external error mappings. See go/apiary-config for documentation. map of error domain name to error mappings in that domain |
|---|
| type | object |
|---|
|
|---|
| fieldReplacementRules | | description | A list of rules indicated which fields should have their types replaced in discovery. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| fieldRules | | description | A list of migration rules that apply to individual fields. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| forceAlternativeServiceHeader | | description | The "force_alternative_service_if_header_present" header name defined in the traffic mover setup. When error redirection is triggered and this field is set, ESF will clean this header in the response so the request could successfully land on Apiary. |
|---|
| type | string |
|---|
|
|---|
| messageRules | | description | A list of migration rules that apply to individual message types. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| methodParameterRules | | description | A list of rules for configuring the parameters in the requests for a given method. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| methodReplacementRules | | description | A list of rules indicated which method requests and/or responses should be replaced in discovery. |
|---|
| items | | $ref | MethodReplacementRule |
|---|
|
|---|
| type | array |
|---|
|
|---|
| preferDistribDiscovery | | description | ATTENTION: DO NOT set this field without consulting both the One Platform team and the Deployment Manager teams. This field should only be used by APIs migrated from Apiary or One Platform (Usage Manager) to One Platform (Chemist). When this field is set to true, ESF Discovery url will be listed in the public directory of discovery documents. At the same time, requests to legacy discovery endpoint will return discovery document from ESF Discovery via GFE internal redirect. Deployment Manager has strong dependencies on where the discovery doc is served. If this value is changing, contact dm-eng@ so that Deployment Manager can switch discovery sources at the same time as this change is pushed. |
|---|
| type | boolean |
|---|
|
|---|
| protoToApiaryMethodNames | | additionalProperties | |
|---|
| description | Map full proto method names to their "Apiary method name" equivalents for use in setting ApiaryMigrationContext from ESF and in matching up with the method name identifiers used by UsageManager. |
|---|
| type | object |
|---|
|
|---|
| quotaUserOverride | | $ref | QuotaUserOverrideConfig |
|---|
| description | Configurations for allowing quotaUser to be passed in requests, bypassing the OnePlatform server-side API Key check, see go/quotauser-api-key-restrictions. |
|---|
|
|---|
| retryForUnavailableRetriableErr | | description | If true then ESF adds X-Google-Command:retry HTTP header to response header, if backend returns a retriable unavailable error. |
|---|
| type | boolean |
|---|
|
|---|
| return403ForBatchQuotaErrors | | description | Return HTTP 403 (Forbidden) instead of 429 (Too many requests) on quota exhausted errors. This field will only affect inner response of a batch method. |
|---|
| type | boolean |
|---|
|
|---|
| rules | | description | A list of migration rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| schemaPropertiesPerVersion | | description | JSON schema properties for controlling the behavior of schemas define in `migration.schemas` on a version basis. If there are multiple JSON schema properties defined for the same version, they will effectively be merged together. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| schemas | | additionalProperties | |
|---|
| description | A map of schema names to JSON schemas. The schemas generated from proto messages with the same names will be overridden by the schemas defined in this field. |
|---|
| type | object |
|---|
|
|---|
| serviceSuspendedEnforcementId | | description | The Integer value of INSServiceID::ServiceID which will be used for service suspended enforcement. This feature should only be used for migration purpose, service flags (INSServiceID) and account types are proposed to be locked down(go/service-flag-lockdown), new APIs should not use it, more details in go/esf-service-suspended-enforcement. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| tex | | $ref | Tex |
|---|
| description | Configuration for TEX (Template Engine Extension). This config is not expected to be used outside of Apiary migration use case. |
|---|
|
|---|
| usageManagerConfig | | $ref | UsageManagerConfig |
|---|
| description | Configuration for usage manager. |
|---|
|
|---|
| useApiaryBatchResponseHeaderAllowlist | | description | If true, ESF will use the Apiary's batch response header allowlist under https://www.google.com/url?q=http://google3/java/com/google/api/server/core/protocol/http/rest/RestServlet.java%3Fl%3D343%26rcl%3D169575550&usg=AOvVaw1Nervw422t--ziev7yG07K. Otherwise, ESF will use its own. |
|---|
| type | boolean |
|---|
|
|---|
| useApiaryStyleDiscoveryUrl | | description | If true then apiary style discovery urls will be used when generating documentation. apiary_discovery_name must be set to a non-empty string. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MigrationApiRule | | id | MigrationApiRule |
|---|
| properties | | disableApiPackageVersionConsistencyCheck | | description | ApiVersionValidator will emit an error if the version string in the proto package name is inconsistent with the `version` field of the API when it's overridden in the `apis` section of service config. Setting this flag to true will disable that consistency check. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the API interfaces (aka proto "service") to which this rule applies. Use '*' to indicate all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MigrationEnumRule | | id | MigrationEnumRule |
|---|
| properties | | discoverySortEnumValues | | description | Normally, the OP discovery doc generator will list the enum values in the discovery doc without sorting them. So, the OP order is whatever the Java EnumDescriptorProto::getValueList returns (likely in the order the values appear in the source proto file). Setting this flag to `true` will force the ordering to match Apiary's discovery doc generator (which does an alphabetical sort based on the value's name string). |
|---|
| type | boolean |
|---|
|
|---|
| hideFromDiscovery | | description | When set to true, this type shouldn't be documented through the API's consumer interface (e.g. context fields filled in by an API proxy or backend service logic). |
|---|
| type | boolean |
|---|
|
|---|
| lowerCamelEnums | | description | Whether enum values will be lower-cameled. NOTE: For a given enum value, a mapping in proto_to_json_value_names will take precedence over this. See below comments for more details. |
|---|
| type | boolean |
|---|
|
|---|
| protoToJsonValueNames | | additionalProperties | |
|---|
| description | Maps proto names for enum values to their intended JSON string. (i.e. roughly equivalent to a field's json_name attr, but for enum values) NOTE: As with json_name values, these json name values MUST be unique among all of the names in their containing enums. You can't use this for mapping multiple enum values to the same JSON name, since that will produce build time validation errors like "...Duplicate declaration of enum value...". This is normally populated internally by logic that looks at old protiary annotations from the proto transforms in the migration tooling. In order to easily support YAML config like this: - selector: * lower_camel_enums: true the proto_to_json_value_names mappings will be auto-populated if not explicitly specified. NOTE: As with all rules lists with "selector:" specifiers, the last one wins and only that selector is used as "the YAML specification" -- no merging between selectors in the YAML files. The general rules go like this: 1) An EnumRule is selected using normal yaml-proto config rules apply: * Last matching YAML file rule takes precedence. * If no yaml rule, then (google.api.enum_migration) rule in proto is used. * If no proto rule, then the default instance of EnumRule is used. 2) If there are no proto_to_json_value_names mappings in the rule from #1: * proto_to_json_value_names mappings will be derived from the first found mappings from: a) proto_to_json_value_names mappings explicitly specified in proto. b) or mappings derived from the old Protiary annotations populated by migration tools. 3) If a given enum value's name is not in the proto_to_json_value_names mappings from #2 and lower_camel_enums=true, then the value's name will be lower-cameled. NOTE: The values in this mapping take precedence over the value names that might come from the lower_camel_enums flag setting. |
|---|
| type | object |
|---|
|
|---|
| selector | | description | Selects the enum types to which this rule applies. Use '*' to indicate all enum types. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MigrationEnumValueRule | | id | MigrationEnumValueRule |
|---|
| properties | | hideFromDiscovery | | description | When set to true, this enum value shouldn't be documented through the API's consumer interface (e.g. context fields filled in by an API proxy or backend service logic). |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the message types to which this rule applies. Use '*' to indicate all message types. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MigrationFieldRule | | id | MigrationFieldRule |
|---|
| properties | | alternativeFieldName | | description | Specifies an alternative field name for a field. The alternative field will be used when ESF is not able to translate the request field data to target proto field. The alternative field should exist under the same parent message and be marked with (google.api.field_migration).hide_from_discovery. Currently only JSON array to primitive type field / map type field is supported. Ignored if enable_alternative_field_for_json_array is false. See go/dealing_with_apiary_lax_array_parsing for details. |
|---|
| type | string |
|---|
|
|---|
| alwaysOutput | | description | When included in a response field, this field will ALWAYS be output regardless of its value. This does not work when the field is empty and eliminated by suppress_empty_object_in_json_response method-level setting or "fields" partial response query param. WARNING: Use sparingly and only when needed as it could result in increased memory consumption. See g/api-migration/U7061RlPcNw/-RZUU8RnCgAJ. |
|---|
| type | boolean |
|---|
|
|---|
| constraintConfig | | $ref | FieldConstraintConfig |
|---|
| description | Configure settings that control how this field is documented in generated documents (e.g. discovery docs, user reference/docgen docs and potentially generated client library code). |
|---|
|
|---|
| defaultValue | | description | Specifies the default value of a field to be documented in discovery docs. NOTE: Deprecated in favor of the `discovery_field_config` settings below. If that setting is empty, then this one will be used as a fallback. |
|---|
| type | string |
|---|
|
|---|
| disableInlining | | description | Specifies that the given field should not be inlined even if the Message itself would normally be inlined, such as when using DiscoveryMessageConfig.inline_message and DiscoveryMessageConfig.shallow_inline_message. |
|---|
| type | boolean |
|---|
|
|---|
| enableDiscoveryFieldMaskPathsQueryParam | | description | Apiary doesn't special case `google.protobuf.FieldMask` as ESF does. So, when a `FieldMask` is marked with `(api.field).param = true` as a query param, Apiary sees a proto message type and recursively marks the primitive type leaf fields as nested query params. For `FieldMask`, that means it creates a `paths` query param. OP doesn't do that and special cases well known types like `FieldMask`, so OP only has a single string query param. For example, with this field: ``` google.protobuf.FieldMask update_mask = 1 [ (api.field).param = true ]; ``` 1. Apiary will create a single `paths` query param. 2. OP will create a single `updateMask` query param plus add information to an internal data structure that ESF uses at runtime to handle a `paths` query param pointing at the nested `update_mask.paths` field. 3. OP discovery doc will only document that `updateMask` param. Enabling this flag will cause the OP discovery doc generator to also document that `paths` as a parameter for the associated field if the field is a `google.protobuf.FieldMask` field. This is being added to support a very specific use case and it should generally not be used without consulting with api-migration-team@. |
|---|
| type | boolean |
|---|
|
|---|
| hideFromDiscovery | | description | When set to true, this field shouldn't be documented through the API's consumer interface (e.g. context fields filled in by an API proxy or backend service logic). |
|---|
| type | boolean |
|---|
|
|---|
| httpParam | | description | When set to true, Apiary would've bound this field as a http parameter (REST path param or query param) in any request that includes the field (e.g. protiary annotation (api.field).param=true). So, OP will use that to configure ESF to recognize it as a query string parameter on HTTP requests. |
|---|
| type | boolean |
|---|
|
|---|
| mapKey | | description | If true, the field's value represents a map key, and a repeated field referring to the field's message will be represented as a JSON map. It is an error if a message with a designated map key is used in any different context than the type of a repeated field. Example: message M { repeated E entries = 1; } message E { optional string key = 1 [(google.api.field_migration).map_key = true]; optional string value1 = 2; optional string value2 = 3; } Given the protocol buffer: entries: < key: "x" value1: "a" value2: "b" > entries: < key: "y" value1: "c" value2: "d" > ... the following JSON will be generated: { entries : { "x" : { "value1" : "a", "value2" : "b"} "y" : { "value1" : "c", "value2" : "d" } } } In the case the sub-message, after erasing the key field, has only one visible field left, it will be flattened. Thus, supposing for the above example there would be only the value1 but not the value2 field, the following JSON will be generated: { entries : { "x" : "a", "y" : "c" } } |
|---|
| type | boolean |
|---|
|
|---|
| pattern | | description | Specifies a regular expression a string field's value must match. Can currently only by used with fields marked as param or resource_id. This field is only used for documentation purposes (e.g. in discovery docs) and does not have any effect on service runtime. NOTE: Deprecated in favor of the `discovery_field_config` settings below. If that setting is empty, then this one will be used as a fallback. |
|---|
| type | string |
|---|
|
|---|
| requiringMethods | | description | Specify the list of methods that require this field to be provided on requests made via those methods. It corresponds to the "@required" comment directive in Apiary. For example: http://google3/cloud/cluster/api/mixer_instances.proto?l=1394&rcl=298651409 The method names here should be the `id` values as found in the discovery doc generated for this API. For migrating APIs, this is generally the same as the old "Apiary method name". If unsure, check the discovery doc for the methods to find their `id` fields. NOTE: Since TEX-using APIs should have explicitly specified parameter config, this flag will have no effect on the TEX runtime. So, it should only affect documentation artifacts like the discovery doc for non-TEX APIs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the fields to which this rule applies. Use '*' to indicate all fields in all message types. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MigrationMessageRule | | id | MigrationMessageRule |
|---|
| properties | | discoveryHideEmptySchema | | description | When this flag is set to true for a message type (or the experiment "apiary_hide_empty_schemas" is enabled), the message type will be hidden from discovery and docgen output if it has no fields to be documented. For example, a `google.protobuf.Empty` response type for a method should remove the response from that method's documentation. NOTE: Deprecated in favor of the `discovery_message_config` settings below. The used setting will be a logical OR of this flag and the new one. |
|---|
| type | boolean |
|---|
|
|---|
| discoveryMessageConfig | | $ref | DiscoveryMessageConfig |
|---|
| description | Configure settings that control how this message is documented in generated documents (e.g. discovery docs, user reference/docgen docs and potentially generated client library code). |
|---|
|
|---|
| discoveryUseProtoForOuterMessageName | | description | When this flag is set to true for a message type, the "${outer_message_name}" variable for `discovery.schema_name_template` strings will use the proto name of the parent message types rather than any `(api.message).name` renaming strings. This also affects the names that get used for nested message types when docgen's --includeOuterMessageTypes tool flag is used. NOTE: Deprecated in favor of the `discovery_message_config` settings below. The used setting will be a logical OR of this flag and the new one. |
|---|
| type | boolean |
|---|
|
|---|
| hideFromDiscovery | | description | When set to true, this type shouldn't be documented through the API's consumer interface (e.g. context fields filled in by an API proxy or backend service logic). |
|---|
| type | boolean |
|---|
|
|---|
| schemaNameOverride | | description | Defines the schema name of the message. Setting this field will instruct the Discovery tool to override the message schema name. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the message types to which this rule applies. Use '*' to indicate all message types. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MigrationRule | | description | Specifies the migration attributes on API method(s). Note that it can only be applied to API methods and these attributes should only be set when migrating Apiary APIs to One Platform. |
|---|
| id | MigrationRule |
|---|
| properties | | allowAuthSub | | description | Allow http requests that have OAuth2 token in AuthSub format header: "Authorization: AuthSub token="token"". See go/identify-oauth. OAuth must be enabled. |
|---|
| type | boolean |
|---|
|
|---|
| allowFirstPartyAuthV1 | | description | Setting this to true causes ESF to allow First Party Auth V1. First Party Auth V1 is supported on a allowlist-only basis for those services which migrated from Apiary and whose users depend on First Party Auth V1. Service producers migrating Apiary services to One Platform that requires support for First Party Auth V1 should add their One Platform service name to the First Party Auth V1 users allowlist found at google3/tech/internal/env/framework/first_party_auth_v1_users.h. |
|---|
| type | boolean |
|---|
|
|---|
| allowHttpMultipartFormData | | description | Allows sending data as Content-Type: multipart/form-data with Content-disposition: form-data; name=foo data in HTTP body. |
|---|
| type | boolean |
|---|
|
|---|
| allowIntToStringConversion | | description | If true, automatic type conversion from integer types in JSON payload to string is performed. Default behavior is to not allow such conversion. Notice, conversion between bool and string or string to number is not allowed. See allow_primitive_type_conversion for more conversions. |
|---|
| type | boolean |
|---|
|
|---|
| allowLiberalUnsignedParsing | | description | Enables tolerant parsing of uint32 / uint64 proto fields. Values that exceed what would fit in a signed variable can be expressed as either a positive or negative number. For example, uint64 number 18446744073709551615 (2^64) will be translated to "-1" instead of "18446744073709551615". This is only intended as a temporary solution to match Apiary's incorrect behavior. See /j/c/g/javascript/util/jspblite2/UnsignedFlags.java. Do not use for non-migration APIs. |
|---|
| type | boolean |
|---|
|
|---|
| allowPrimitiveTypeConversion | | description | If true, converts automatic type in JSON payload between number, bool and string. Default behavior is to not allow such conversions. Notice, this also covers functionality of allow_int_to_string_conversion. See b/110093808#comment7 for details |
|---|
| type | boolean |
|---|
|
|---|
| allowScottyDownloadUseHttpHead | | description | If true, the ESF will accept HTTP HEAD requests in Scotty media. ESF will treat HEAD request as a media download request, just the exact same as how to handle a download GET request. See more details in: go/esf-http-head-scotty. |
|---|
| type | boolean |
|---|
|
|---|
| allowUnregisteredRequests | | description | Indicates if unregistered requests should be allowed. This setting is relevant only if allow_without_credential is enabled for this method. |
|---|
| type | boolean |
|---|
|
|---|
| alwaysOutputEmptyRepeatedFields | | description | If true, emits empty JSON array for unset proto repeated fields (the field type can be primitive or message). The default One Platform behavior is to not emit anything. See b/35917174 for discussion around the need for this field. NOTE: This setting does not affect how unset non-repeated fields are emitted. NOTE: Simultaneously setting conflicting config such as `suppress_empty_repeated_fields` will result in compiler and runtime error. NOTE: There exists a setting `output_all_primitive_fields_to_json` in experimental > advanced_service_config > translator_config that also causes empty JSON array to be emitted for unset repeated fields. However, it causes default values of primitive fields to be emitted in addition. |
|---|
| type | boolean |
|---|
|
|---|
| apiaryMethodName | | description | Set to the name Apiary would use to identify this message (e.g. for UsageManager purposes). If specified, it will end up in the ESF request context google.rpc.context.ApiaryMigrationContext for the backend service. NOTE: Do not specify this manually here -- use the proto_to_apiary_method_names map in the Migration message documented above if you need to. The main reason for that is that this MigrationRule is generally specify using a "*" selector in YAML config, where apiary_method_name is necessarily a per-method specification. So, you can configure per-method names in the above map and still specify a set of global "*" flags for the rest of the settings in this rule message. |
|---|
| type | string |
|---|
|
|---|
| apiaryRpcErrorFilter | | description | If set, ESF uses the string as regex to support Apiary's rpcErrorFilter. Apiary applies regex check on backend error message and sets filtered message as final error message, ESF needs to support this feature too for migration. See go/api-config-file-reference#TOC-rpcErrorFilter. |
|---|
| type | string |
|---|
|
|---|
| chemistIsSourceOfTruthInDualCheckMode | | description | Setting this to true causes ESF to treat Chemist as the source of truth. This setting makes sense only in dual check mode, i.e. where ESF is calling both Usage Manager and Chemist control planes for a given request. This per-method service config field replaces the existing ESF flag --esf_chemist_over_um_projects (flags do not allow enabling it per service when multiple services are hosted by the same ESF instance) while also changing the flag type from list to boolean (projects are now PII and cannot be listed in source files). If this field is true, the chemist will be source of truth regardless of esf_chemist_over_um_projects values. See http://go/um-to-chemist-faq#dual-check for info on ESF dual check mode. |
|---|
| type | boolean |
|---|
|
|---|
| clearJsonBodyForBackend204Response | | description | If this option is true and backend set response code to 204 via HttpHeaderContext, the response body will be dropped to keep client response empty. Also see documentation for return_204_for_empty_response. |
|---|
| type | boolean |
|---|
|
|---|
| concatRepeatedHttpHeadersInContext | | description | If set to true, when building the HttpHeaderContext, ESF will concatenate repeated http headers into a single string in the format of a comma separated list, which is compliant with RFC 2616 Section 4.2[https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2]. E.g. if 2 "user-agent" http headers are provided("first" and "second"), the value for this header saved in the HttpHeaderContext will be "first,second". Without this setting, ESF will just pick the last value by default. |
|---|
| type | boolean |
|---|
|
|---|
| defaultAltType | | description | The default output format returned by this method when a request does not specify an alt type or Content-Type header. If unset, defaults to JSON. Corresponds to the 'alt' > 'default' (go/apiary-config#TOC-default) Apiary config. |
|---|
| enum | - ALT_TYPE_UNSPECIFIED
- JSON
- MEDIA
- PROTO
- JSPB
|
|---|
| enumDescriptions | - Using this value will result in an error
- Well known JSON format
- Scotty media
- Binary proto
- JavaScript protocol buffer
|
|---|
| type | string |
|---|
|
|---|
| defaultFieldMask | | description | Set a default field mask string for the method. This will be used if `fields` url parameter is not provided by clients. NOTE: We are not able to validate this field mask value. Please make sure this field mask string is valid. NOTE: This doesn't work when ignore_field_mask is set to true. |
|---|
| type | string |
|---|
|
|---|
| disableImplicitList | | description | When set to true, during transcoding request from HTTP/JSON to Protobuf, ESF will ignore the single json scalar/message field which is mapped as repeated scalar/message field in the proto definition. By default, the single json field will be transcoded to the mapped repeated field as a size-1 list. |
|---|
| type | boolean |
|---|
|
|---|
| doNotRequireWildcardForMapKeyField | | description | If set, relaxes the requirement for 'fields' query param value to contain a wildcard '*' char for map fields. This setting is required only if you have fields with map_key annotation set. Note that this setting allows invalid paths by ignoring errors and as such this should be set only if needed. Consider the following JSON response: { "items": { "scope1": { "instances": [ {"id": "11"}, {"id": "12"} ] }, "scope2": { "instances": [ {"id": "21"}, {"id": "22"} ] } } } Where the scope id is backed by a proto field with map_key annotation. To select all 'instances's, the 'fields' param must be set to "items/*/instances". However, Apiary has a bug that allows "items/instances" to return 200 with empty response. Setting this config makes ESF interpret the latter path as "items/*/instances" and allows it. |
|---|
| type | boolean |
|---|
|
|---|
| dropJsonPrimitiveTypeDataToMessageField | | description | When set to true, drops the primitive type data if target field is a message field, unless they are following message types: - `google.protobuf.Value`. |
|---|
| type | boolean |
|---|
|
|---|
| enableAlternativeFieldForJsonArrayDeserialization | | description | When dealing with deserialization of JSON array, this instructs ESF to use either of two proto fields to hold the value. The original field is used if its type is compatible with JSON array. If not, the alternative field is used. It is assumed that the alternative field is compatible with the JSON array. If not, the deserialization can fail. This feature enables parity with a bug in Apiary that allows deserializing JSON arrays to singular proto fields and maps. See go/dealing_with_apiary_lax_array_parsing for details |
|---|
| type | boolean |
|---|
|
|---|
| enableProjectBlacklistRedirection | | description | Enable the feature where ESF summarily redirects requests from blocklisted projects. See go/esf-apiary-project-redirect and go/apiary-migration-project-blacklist. A project is blocklisted by a producer by setting a particular project property to true (the blocklist can't be specified in service config since project ids/numbers are PII and can't be checked into source files). See above design doc for details. The redirect is performed as soon as ESF knows about the project but no sooner than that. To deal with redirection of client as well as resource projects, this point ends up being just after the Chemist call is made. If any errors happen before this point (e.g. authn), then redirection is not performed. Enabling this feature also requires certain GFE settings. See design doc above for details. See go/esf-apiary-redirect-guide for detailed producer guide. |
|---|
| type | boolean |
|---|
|
|---|
| enableQuotaUserOverride | | description | When set to true, use quotaUser parameter for user quota check instead of gaia id. If quotaUser parameter is not provided, use userIp for user quota check. If both quotaUser and userIp are not provided, use callerIp for user quota check. See b/65834288 and go/sq-per-user-quota for feature details. In order to work for non-Server-Side API Key requests, you need to also set the migration.quota_user_override field, see go/quotauser-api-key-restrictions. |
|---|
| type | boolean |
|---|
|
|---|
| gaiaMintOptions | | description | List of additional information to include in the gaia mint. This is equavlent to Apiary's gaiaMintOption. See go/apiary-config#TOC-gaiaMintOption. |
|---|
| items | | enum | - GAIA_MINT_OPTION_UNSPECIFIED
- HOSTED_USER_INFO
- GAIA_GROUPS
|
|---|
| enumDescriptions | - Gaia user info.
- Gaia group info.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| gfeRedirectConfig | | $ref | GfeRedirectConfig |
|---|
| description | Configuration required to allow internal redirection at GFE level. |
|---|
|
|---|
| hideAdditionalBindingsFromDiscovery | | description | When set to true, any `additional_bindings` configured via OP http configuration for this method will be hidden from discovery. This can be useful for a couple use cases: 1. Avoid problems when you have legacy http paths you want to continue to support but hide, so users would see the expected paths. 2. If using the old "apiary method names" (e.g. "compute.instances.get") along with `additional_bindings`, then multiple methods will be in the discovery doc with the same `id` string. This can cause problems with downstream tooling. See related: b/141273325, b/148423893 |
|---|
| type | boolean |
|---|
|
|---|
| hideFromDiscovery | | description | When set to true, this method shouldn't be documented through the API's consumer interface (e.g. methods marked with discoverable: false in their .api file). |
|---|
| type | boolean |
|---|
|
|---|
| ignoreAccessToken | | description | When set to true, ESF will ignore access token when processing auth. This setting should be used when an API service does not use access token auth (OAuth, Service Account JWT, or Firebase JWT) in ESF, and would like to explicitly ignore the presence of access token on a request (by default when an access token is present, ESF will try to check the validity if the `authentication` section is configured and even if oauth is not configured). Note: Setting this will neither automatically disable nor enable pass_through_access_token (i.e. this config only controls ESF's own use of access token but doesn't affect the pass through behavior). This setting should not be used together with OAuth or Firebase JWT auth. If so, OAuth or or Firebase JWT auth will be skipped at runtime. This setting should usually be used together with `AuthenticationRule.allow_without_credential`, because when access token is ignored ESF auth will likely think there's no credential. This setting can be used when Chemist is disabled, either by not configuring `control` section in service config, or use `UsageRule.skip_service_control`. However, if this setting is used while Chemist is enabled, an API Key, spatula, or LOAS role that identifies application will be needed while making a request (because application is not resolved from access token). See go/api-client-auth for explanation of what "application" means in the API world. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreAnonymousCredentialProjects | | description | Prevents the ESF Proxy from resolving a project number from an auth credential associated with the "anonymous" credential domain when an API Key is provided. Enables "anonymous" credentials to be used together with API Keys from other Cloud Projects. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreFieldMask | | description | If set to true, the field mask url parameter will not be checked and respected. Full response will always be returned. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreFieldsMaskForHttpbodyResponse | | description | When set to true, ESF ignores field mask parameter if response type is google.api.HttpBody since ESF has no knowledge about the response body structure. The field mask parameter will still be set to SystemParameterContext but the FieldMaskContext will not be sent to backend in this case. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreInvalidEnums | | description | If set, ESF will ignore invalid enum values in the request. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreNonMessageJsonPayload | | description | When set to true and the request body is syntactically valid JSON but isn't a "message" type, the body will be ignored. Otherwise, for JSON content type, ESF returns 400 Error if the JSON payload cannot be parsed to a message. This is to match Apiary behaviour. For example, when set to true, the following JSON payloads will be ignored: null value: 'null' bool value: 'bool' string value: '"I have no idea who am I"' list value: '["listX", "listY"]' NOTE: This only suppresses 400 Errors with message: "Root element must be a message". Other kinds of 400 Errors will still be raised if the JSON payload is invalid or ESF fails to parse it to request message. See b/110124222 for more details. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreNullValueMapEntry | | description | If true, skips rendering the map entry if map value is null unless the value type is google.protobuf.NullType. For example: message Foo { map map_value = 1; } In the following JSON input, "key2" will be ignored by parser. {"mapValue": { "key1": "value1", "key2": null }} See b/111597217#comment5 for more details. |
|---|
| type | boolean |
|---|
|
|---|
| ignorePseudoAnonymousCredentialProjects | | description | Prevents the ESF Proxy from resolving a project number from an auth credential associated with a known "pseudo anonymous project". Instead, requests which authenticate with a pseudo anonymous credential will be treated as unregistered. Requests which authenticate with a pseudo anonymous credential may send another token (e.g. API Key or Spatula Header) to resolve a quota project and qualify the request as registered. Pseudo Anonymous Projects include: - The CorpSSO Credential Exchanger Project (go/oauth-from-loas) - The Android AccountManager Generic ID Project Design Document: go/apiary-migration-pseudo-anonymous-client-ids |
|---|
| type | boolean |
|---|
|
|---|
| ignoreRequestPayload | | description | If true, skips parsing request payload no matter it is valid or not. The payload will always be discard. This should be enabled only for POST/PUT methods that have Apiary config: "request": { "body": "empty" } |
|---|
| type | boolean |
|---|
|
|---|
| ignoreRequestPayloadIfContentTypeIsEmpty | | description | If true, skips parsing request payload no matter it is valid or not if request has empty content type header. The payload will always be discard. This should be enabled only for POST/PUT methods that have Apiary config: "request": { "body": "sometemplate(backendRequest)" } |
|---|
| type | boolean |
|---|
|
|---|
| ignoreSpatula | | description | When true, ESF ignores the X-Goog-Spatula header when resolving the consumer identity for quota purposes. |
|---|
| type | boolean |
|---|
|
|---|
| ignoreUnknownFields | | description | For ESF behavior on unknown fields of protobuf messages, please refer to https://g3doc.corp.google.com/google/g3doc/oneplatform/filtering.md#unknown-field-filter NOTE: This field is deprecated and please use UNKNOWN_JSON_FILTER documented in https://g3doc.corp.google.com/google/g3doc/oneplatform/filtering.md?cl=307480361#unknown-json-filter |
|---|
| type | boolean |
|---|
|
|---|
| ignoreUnknownQueryParams | | description | If set, ESF will ignore unknown url query parameters but continue to reject unknown fields in POST bodies. This aligns with Apiary behavior when API config has strictParsing=true. See https://sites.google.com/a/google.com/apiary/home/design/strict-parsing-for-request This does not work when ignore_unknown_fields is true since ignore_unknown_fields makes ESF ignore all unknown fields. |
|---|
| type | boolean |
|---|
|
|---|
| impersonation | | $ref | Impersonation |
|---|
| description | Plus Page Impersonation, see go/op-impersonation, go/apiary-impersonation. Please consult One Platform team and GAIA team before use. Behavior of adding this field is similar to enabling "allowPlusPageImpersonation" in Apiary config. See go/apiary-config#TOC-allowPlusPageImpersonation |
|---|
|
|---|
| jsonFixupConfig | | $ref | JsonFixupConfig |
|---|
| description | Configurations for instructing ESF to fixup the json payload when the request parsing fails. This feature should only be used for migration purpose. New API should not use it. |
|---|
|
|---|
| lowerCamelEnums | | description | Whether enum values will be lower-cameled. |
|---|
| type | boolean |
|---|
|
|---|
| passThroughAccessToken | | description | When set to true, ESF gets the access token in request and passes it through to backend if google.rpc.context.ApiaryMigrationContext is requested. This only works for allowlisted services. See google3/tech/internal/env/framework/allowlist/oauth_token_context_users.h. |
|---|
| type | boolean |
|---|
|
|---|
| respectRootWildcardInFieldMask | | description | When set to true, respect root wildcard and return full response for field mask queries like "*,instances". ESF by default ignores the wildcard in such case and returns the partial response. WARNING: Please contact api-migration@ before enable this config. |
|---|
| type | boolean |
|---|
|
|---|
| return204ForEmptyResponse | | description | If this option is true and an HTTP response has no body and the operation is successful, return 204 status code. If not set, 200 status code is returned for a successful response. Note Apiary returns 204 if the API config has "body": "empty" in the response. See b/78604413 for sample issue that can arise when this flag is improperly used. As such setting this field to true for all methods will not necessarily match Apiary behavior. You need to verify Apiary returns 204 for a given method before setting this flag to true in OP config. Note, always_output, always_output_empty_repeated_fields, output_all_primitive_fields_to_json etc. in response proto will cause the response to never be empty, therefore this flag can't generate 204 for response with such config. Please consider returning 204 from backend and setting clear_json_body_for_backend_204_response config to counteract the effects of previously listed config. |
|---|
| type | boolean |
|---|
|
|---|
| return401ForSessionError | | description | Return HTTP 401 (UNAUTHENTICATED) instead of 403 (PERMISSION_DENIED) for requests without active session or with invalid active session. |
|---|
| type | boolean |
|---|
|
|---|
| return403ForQuotaErrors | | description | Return HTTP 403 (Forbidden) instead of 429 (Too many requests) on quota exhausted errors. |
|---|
| type | boolean |
|---|
|
|---|
| return500ForClientError | | description | If rpc server returns INTERNAL error, with a permanent "CLIENT_ERROR" error space (//net/rpc/rpc-errorspace.cc), ESF transforms INTERNAL (aka HTTP Response code 500 Internal Server Error) to INVALID_ARGUMENT (aka HTTP Response Code 400 Bad Request) by default. When set to true, ESF doesn't do this transform. |
|---|
| type | boolean |
|---|
|
|---|
| returnEmptyResponseForEmptyFieldMask | | description | If set to true, returns empty response if field mask parameter is set to empty by client. Without this setting, ESF will just ignore the field mask and return full response to client. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| skipActivationCheck | | description | Indicates if service activation check should be skipped for the client project. Default behavior is to perform the check and apply relevant quota. WARNING: Setting this flag to "true" will disable quota enforcement. |
|---|
| type | boolean |
|---|
|
|---|
| supportedAltTypes | | description | The output formats supported by this API. Requests for other alt formats will be rejected. If unset, then all platform supported alt types will be allowed. Corresponds to the 'alt' > 'supported' (go/apiary-config#TOC-supported) Apiary config. |
|---|
| items | | enum | - ALT_TYPE_UNSPECIFIED
- JSON
- MEDIA
- PROTO
- JSPB
|
|---|
| enumDescriptions | - Using this value will result in an error
- Well known JSON format
- Scotty media
- Binary proto
- JavaScript protocol buffer
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| suppressEmptyObjectInJsonResponse | | description | When translating proto message to json response, if an object in the response is empty (explicitly set to empty by backend or empty after scrubbed by ESF visibility label or response field mask), by default the json response is like: "objectName" : {} When set to true, then ESF doesn't output this object at all. This method level flag will override the field level flag at MigrationFieldRule->always_output. The field marked as "always_output" will not be output anymore if this flag is set. Empty repeated fields will still be present in response if always_output_empty_repeated_fields is set to true. |
|---|
| type | boolean |
|---|
|
|---|
| suppressEmptyRepeatedFields | | description | When output_all_primitive_fields_to_json is set to true and there are no elements for a repeated field, ESF will return an empty list. If this migration option is set, ESF will remove such a repeated field from its responses for the annotated method. |
|---|
| type | boolean |
|---|
|
|---|
| treatInvalidBooleanStringAsFalse | | description | Treats an invalid boolean string as the boolean FALSE value. In otherwords, any string other than "true","yes","1","y","t" (case insensitive) as FALSE. This setting is only effective when `allow_primitive_type_conversion` is set to true. With only `allow_primitive_type_conversion` set to true, invalid boolean strings like "xyz" would be rejected. |
|---|
| type | boolean |
|---|
|
|---|
| useApiaryFieldsParameterSyntax | | description | When set to true, ESF uses Apiary's `fields` syntax to handle partial response, including field mask processing, response scrubbering, and api annotation support. Otherwise, it uses ESF `fields` syntax. See https://developers.google.com/discovery/v1/performance#fields-syntax and b/20091445 notes for additional details and references. |
|---|
| type | boolean |
|---|
|
|---|
| useApiaryMethodNameForGwsLog | | description | When set to true, ESF uses Apiary method name for GWS log extension (ServerFrameworkExtension.method_name), if available. Apiary method name is set by proto_to_apiary_method_names. |
|---|
| type | boolean |
|---|
|
|---|
| useApiaryMethodNameForReporting | | description | When set to true, ESF uses Apiary method name for Chemist reporting, if available. Apiary method name is set by proto_to_apiary_method_names. Doing so causes Apiary method names to be displayed in Pantheon and Stackdriver consoles. See go/using-apiary-method-names-in-op and go/reporting-to-chemist-using-apiary-names for details. |
|---|
| type | boolean |
|---|
|
|---|
| useBackendCanonicalErrorReason | | description | If set, errors reasons for backend errors will be changed according to Apiary's canonical backend errors. For example, INVALID_ARGUMENT error from backend will have error reason "invalidArgument" instead of "badRequest". See errors with '_FROM_BACKEND' suffix in https://cs.corp.google.com/piper///depot/google3/java/com/google/api/server/core/errors/ErrorId.java?type=cs&rcl=276807716&g=0&l=45. Must be used with v1 error format, which can be specified: (1) in http header or parameter. (2) set use_v1_error_format in YAML. |
|---|
| type | boolean |
|---|
|
|---|
| useClientIpAsQuotaUser | | description | When set to true, use userIp query parameter for user quota check no matter quotaUser and/or gaia Id is present or not. If userIp is not provided, client ip will be used. This has higher priority than enable_quota_user_override. See b/78642320#comment1 for details. In order to work for non-Server-Side API Key requests, you need to also set the migration.quota_user_override field. See go/quotauser-api-key-restrictions. |
|---|
| type | boolean |
|---|
|
|---|
| useDefaultAltIfInferredAltUnsupported | | description | If the user has not specified the `alt` query param and the ESF-inferred alt type is not supported by this method (as per `supported_alt_types` setting), then fall back to the default alt for this method (if `default_alt_type` is configured) or the system default of `JSON`. This setting has no effect if `supported_alt_types` is not configured for the method. |
|---|
| type | boolean |
|---|
|
|---|
| useGdataErrorCodeForV1LegacyError | | description | If set to true, returns the http response code calculated from gdata.error instead of rpc status for legacy v1 error format users. Please contact api-migration@ before setting this config. |
|---|
| type | boolean |
|---|
|
|---|
| useIntsForEnums | | description | If true, use ints for enums for transcoding response payload from Protobuf to JSON. For transcoding request payload from JSON to Protobuf, ESF accepts both int and string for enum by default. |
|---|
| type | boolean |
|---|
|
|---|
| useLegacyJsonMapFormat | | description | If true, accepts and renders map fields in Apiary map JSON format. For example: message Foo { map map_field = 1; } can have the following JSON format: "mapField": [ { "key": "key1", "value": "value1" }, { "key": "key2", "value": "value2"} ] This was the legacy format for map field before http://go/proto3-json-spec#heading=h.o0bvlbl3592y. |
|---|
| type | boolean |
|---|
|
|---|
| useLocationFromGdataError | | description | When set to true, location and location_type field will be provided using the original gdata error info. This should only be used when TEX is used, and TEX could populate location and location_type fields for those ErrorCode where no location was defined statically. E.g. Apiary runtime would perform required check for parameters, and will append location and location_type to the REQUIRED error. TEX will perform such check, and append same location and location_type in the gdata.Errors. If this flag is true, ESF will populate location and location_type for such cases. |
|---|
| type | boolean |
|---|
|
|---|
| useResourceProjectOverride | | description | If true, use the extracted resource project to replace the client project to call Chemist. The behavior must be identical to Apiary resource project support for supporting Apiary migration. This is not required if you are using One Platform's resource project annotations (go/resource-project-override). See g/api-migration/Rk-2RBqVYFo/jQ5XDuvACgAJ for discussion. |
|---|
| type | boolean |
|---|
|
|---|
| useV1ErrorFormat | | description | If set, errors are returned in legacy Apiary v1 format by default. Most APIs that use Apiary client libraries get errors in v1 format automatically. However, some APIs have their own client libraries. If these require v1 error format, set this option. |
|---|
| type | boolean |
|---|
|
|---|
| useV1ErrorLegacyFormat | | description | If set, errors are returned in Apiary legacy (text) format for alt=proto. Only the error_message string will be returned. For example, the following v1 json format error response: { "error": { "code": 401, "message": "Request had invalid authentication credentials.", "errors": [ { ... } ], "status": "UNAUTHENTICATED" } } becomes plain text "Request had invalid authentication credentials.". This provides a compatible response as following Apiary setting: "errorType": { "PROTO": "LEGACY" } Must be used with v1 error format, which can be specified: (1) in http header or parameter. (2) set use_v1_error_format in YAML. See go/esf-use-v1-error-legacy-format for more details. |
|---|
| type | boolean |
|---|
|
|---|
| useWebSafeBase64ForByteFields | | description | Forces the translator to use web-safe base64 encoding for byte fields. Default is to use regular base64 encoding. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Mixin | | description | Declares an API Interface to be included in this interface. The including interface must redeclare all the methods from the included interface, but documentation and options are inherited as follows: - If after comment and whitespace stripping, the documentation string of the redeclared method is empty, it will be inherited from the original method. - Each annotation belonging to the service config (http, visibility) which is not set in the redeclared method will be inherited. - If an http annotation is inherited, the path pattern will be modified as follows. Any version prefix will be replaced by the version of the including interface plus the root path if specified. Example of a simple mixin: package google.acl.v1; service AccessControl { // Get the underlying ACL object. rpc GetAcl(GetAclRequest) returns (Acl) { option (google.api.http).get = "/v1/{resource=**}:getAcl"; } } package google.storage.v2; service Storage { // rpc GetAcl(GetAclRequest) returns (Acl); // Get a data record. rpc GetData(GetDataRequest) returns (Data) { option (google.api.http).get = "/v2/{resource=**}"; } } Example of a mixin configuration: apis: - name: google.storage.v2.Storage mixins: - name: google.acl.v1.AccessControl The mixin construct implies that all methods in `AccessControl` are also declared with same name and request/response types in `Storage`. A documentation generator or annotation processor will see the effective `Storage.GetAcl` method after inheriting documentation and annotations as follows: service Storage { // Get the underlying ACL object. rpc GetAcl(GetAclRequest) returns (Acl) { option (google.api.http).get = "/v2/{resource=**}:getAcl"; } ... } Note how the version in the path pattern changed from `v1` to `v2`. If the `root` field in the mixin is specified, it should be a relative path under which inherited HTTP paths are placed. Example: apis: - name: google.storage.v2.Storage mixins: - name: google.acl.v1.AccessControl root: acls This implies the following inherited HTTP annotation: service Storage { // Get the underlying ACL object. rpc GetAcl(GetAclRequest) returns (Acl) { option (google.api.http).get = "/v2/acls/{resource=**}:getAcl"; } ... } |
|---|
| id | Mixin |
|---|
| properties | | name | | description | The fully qualified name of the interface which is included. |
|---|
| type | string |
|---|
|
|---|
| root | | description | If non-empty specifies a path under which inherited HTTP paths are rooted. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MonitoredResourceDescriptor | | description | An object that describes the schema of a MonitoredResource object using a type name and a set of labels. For example, the monitored resource descriptor for Google Compute Engine VM instances has a type of `"gce_instance"` and specifies the use of the labels `"instance_id"` and `"zone"` to identify particular VM instances. Different APIs can support different monitored resource types. APIs generally provide a `list` method that returns the monitored resource descriptors used by the API. |
|---|
| id | MonitoredResourceDescriptor |
|---|
| properties | | description | | description | Optional. A detailed description of the monitored resource type that might be used in documentation. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | Optional. A concise name for the monitored resource type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners. For example, `"Google Cloud SQL Database"`. |
|---|
| type | string |
|---|
|
|---|
| labelExtractor | | description | Unimplemented. Optional. The default label extractor pattern used to extract monitored resource labels from the resource name or the resource url. |
|---|
| type | string |
|---|
|
|---|
| labels | | description | Required. A set of labels used to describe instances of this monitored resource type. For example, an individual Google Cloud SQL database is identified by values for the labels `"database_id"` and `"zone"`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| launchStage | | description | Optional. The launch stage of the monitored resource definition. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| monitoringMigration | | $ref | MonitoringMigration |
|---|
| description | Optional. This would only be used for migration purpose. |
|---|
|
|---|
| name | | description | Optional. The resource name of the monitored resource descriptor: `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where {type} is the value of the `type` field in this object and {project_id} is a project ID that provides API-specific context for accessing the type. APIs that do not use project information can use the resource name format `"monitoredResourceDescriptors/{type}"`. |
|---|
| type | string |
|---|
|
|---|
| type | | description | Required. The monitored resource type. For example, the type `"cloudsql_database"` represents databases in Google Cloud SQL. For a list of types, see [Monitoring resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Monitoring | | description | Monitoring configuration of the service. The example below shows how to configure monitored resources and metrics for monitoring. In the example, a monitored resource and two metrics are defined. The `library.googleapis.com/book/returned_count` metric is sent to both producer and consumer projects, whereas the `library.googleapis.com/book/num_overdue` metric is only sent to the consumer project. monitored_resources: - type: library.googleapis.com/Branch display_name: "Library Branch" description: "A branch of a library." launch_stage: GA labels: - key: resource_container description: "The Cloud container (ie. project id) for the Branch." - key: location description: "The location of the library branch." - key: branch_id description: "The id of the branch." metrics: - name: library.googleapis.com/book/returned_count display_name: "Books Returned" description: "The count of books that have been returned." launch_stage: GA metric_kind: DELTA value_type: INT64 unit: "1" labels: - key: customer_id description: "The id of the customer." - name: library.googleapis.com/book/num_overdue display_name: "Books Overdue" description: "The current number of overdue books." launch_stage: GA metric_kind: GAUGE value_type: INT64 unit: "1" labels: - key: customer_id description: "The id of the customer." monitoring: producer_destinations: - monitored_resource: library.googleapis.com/Branch metrics: - library.googleapis.com/book/returned_count consumer_destinations: - monitored_resource: library.googleapis.com/Branch metrics: - library.googleapis.com/book/returned_count - library.googleapis.com/book/num_overdue |
|---|
| id | Monitoring |
|---|
| properties | | consumerDestinations | | description | Monitoring configurations for sending metrics to the consumer project. There can be multiple consumer destinations. A monitored resource type may appear in multiple monitoring destinations if different aggregations are needed for different sets of metrics associated with that monitored resource type. A monitored resource and metric pair may only be used once in the Monitoring configuration. |
|---|
| items | | $ref | MonitoringDestination |
|---|
|
|---|
| type | array |
|---|
|
|---|
| producerDestinations | | description | Monitoring configurations for sending metrics to the producer project. There can be multiple producer destinations. A monitored resource type may appear in multiple monitoring destinations if different aggregations are needed for different sets of metrics associated with that monitored resource type. A monitored resource and metric pair may only be used once in the Monitoring configuration. |
|---|
| items | | $ref | MonitoringDestination |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MonitoringDestination | | description | Configuration of a specific monitoring destination (the producer project or the consumer project). |
|---|
| id | MonitoringDestination |
|---|
| properties | | aggregationType | | description | The type of aggregation to apply to all metrics in this monitoring destination. |
|---|
| enum | - AGGREGATION_TYPE_UNSPECIFIED
- FULL_AGGREGATION
- NO_AGGREGATION
- QUOTA_AGGREGATION
|
|---|
| enumDescriptions | - This is invalid. The desired aggregation has to be explicitly specified.
- Full aggregation of metric points performs both spatial and temporal aggregation. Full Aggregation can only be configured for metrics with a value type of INT64, DOUBLE, or DISTRIBUTION.
- No aggregation is performed on incoming data points. Writes must not specify the writer's "_uid."
- Special aggregation type that is only applicable for quota metrics defined in serviceruntime.yaml.
|
|---|
| type | string |
|---|
|
|---|
| metrics | | description | Types of the metrics to report to this monitoring destination. Each type must be defined in Service.metrics section. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| monitoredResource | | description | The monitored resource type. The type must be defined in Service.monitored_resources section. |
|---|
| type | string |
|---|
|
|---|
| precomputationFlags | |
|---|
| queryOptimizations | | description | Aggregations to apply to all metrics in the destination which can be substituted at query time to improve read performance. Multiple values can be used to optimize different common query patterns that group by a disjoint set of labels. For example, if there are two high cardinality labels in the time series and queries typically group by one or the other, two QueryOptimizations that aggregated each label independently will improve the performance of both query patterns. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MonitoringMigration | | description | This is a temporary message for migrating effort for the Chemist reporting path. The message should be deprecated after we migrate all monitoring related configs from manual to managed. go/monitoring-metrics-migration Example for config during double reporting: … monitored_resources: - type: redis_instance labels: - key: cloud.googleapis.com/project - key: cloud.googleapis.com/location - key: redis.googleapis.com/instance_id - key: redis.googleapis.com/node_id - key: cloud.googleapis.com/uid monitoring_migration: monitoring_backend: CLOUD_MONARCH - type: redis_instance labels: - key: project_id - key: region - key: instance_id - key: node_id monitoring_migration: monitoring_backend: STACKDRIVER metrics: - name: redis.googleapis.com/cloud/mem_store/repair_actions description: "The number of repair actions taken on the resource." metric_kind: CUMULATIVE value_type: INT64 labels: - key: redis.googleapis.com/action - key: redis.googleapis.com/primary_state - key: redis.googleapis.com/replica_state - key: redis.googleapis.com/primary_redis_state monitoring_migration: monitoring_backend: CLOUD_MONARCH metric_mappings: metric: redis.googleapis.com/cloud/mem_store/repair_actions monitored_resource: redis_instance label_mappings: - source_label: cloud.googleapis.com/project destination_resource_label: project_id - source_label: cloud.googleapis.com/location destination_resource_label: region - source_label: redis.googleapis.com/instance_id destination_resource_label: instance_id - source_label: redis.googleapis.com/node_id destination_resource_label: node_id - source_label: redis.googleapis.com/action destination_metric_label: action - source_label: redis.googleapis.com/primary_state destination_metric_label: primary_state - source_label: redis.googleapis.com/replica_state destination_metric_label: replica_state - source_label: redis.googleapis.com/primary_redis_state destination_metric_label: primary_redis_state - name: redis.googleapis.com/cloud/mem_store/repair_actions description: "The number of repair actions taken on the resource." metric_kind: CUMULATIVE value_type: INT64 unit: 1 metadata: launch_stage: ALPHA labels: - key: action - key: primary_state - key: replica_state - key: primary_redis_state monitoring_migration: monitoring_backend: STACKDRIVER monitoring: producer_destinations: - monitored_resource: redis_instance metrics: - redis.googleapis.com/cloud/mem_store/repair_actions ... ... |
|---|
| id | MonitoringMigration |
|---|
| properties | | metricMappings | | $ref | MetricMapping |
|---|
| description | The list of metric mappings. Please don't use this field without consulting boyi@ or shiyichen@. |
|---|
|
|---|
| monitoringBackend | | description | The backend where metrics should be pushed at runtime. Inception would try to expand the monitoring_destination with each monitoring_backend if the monitored_resource has two definitions (the two monitored resources have to be defined with different monitoring_backend). Then Inception would try to include the metric definitions with the same monitoring_backend. Inception would skip it if the metric definition with the same monitoring_backend cannot be found. (This could happen to be the metric has been defined only for the other monitoring_backend in the config file.) During double reporting time, the service config would have monitored resource and metrics defined for both backend with the same type/name, Chemist would split them into 2 groups based on the monitoring_backend field and use each group to report metrics to different backends. Example: monitoring: producer_destinations: - monitored_resource: redis_instance metrics: - redis.googleapis.com/cloud/mem_store/repair_actions - redis.googleapis.com/cloud/mem_store/failed_repair_actions ... During double reporting time, the redis_instance would have two definitions with different monitoring_backends. If in the same service config file, we can find two metric definitions with name/type as "redis.googleapis.com/cloud/mem_store/repair_actions", one's monitoring_backend is STACKDRIVER and the other's is CLOUD_MONARCH, then in the inferred two destinations, they would use the corresponding monitored resource and metric definitions for different monitoring_backend. In the meantime, if we can only find one metric definition with name/type as "redis.googleapis.com/cloud/mem_store/failed_repair_actions", whose monitoring_backend is STACKDRIVER, then this metric would only be used in one monitoring_destination, whose monitored resource would also have the same monitoring_backend, which is STACKDRIVER. |
|---|
| enum | - UNSPECIFIED
- STACKDRIVER
- CLOUD_MONARCH
|
|---|
| enumDescriptions | - Unspecified.
- Stackdriver api server.
- Cloud Monarch server.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MpaReviewerConfig | | id | MpaReviewerConfig |
|---|
| properties | | preferredReviewers | | description | Users who should be assigned automatically to a Multi-Party Authorization (MPA) review. Values must be prod usernames (e.g., "sergey"). Note that this field only indicates a reviewer preference, and reviewers must also be granted permission to approve using the MPA_REVIEWER_ADMIN binding `members` field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| preferredReviewersFromRotations | | description | One or more oncall rotations in go/alertmanager that are used when assigning MPA reviewers for a request. The primary oncall from each of these rotations will normally be assigned to review. Note that this field only indicates a reviewer preference, and reviewers must also be granted permission to approve using the MPA_REVIEWER_ADMIN binding `members` field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MultiPartyAuthorizationConfig | | description | Configures per-request Multi-party Authorization (MPA). This message wraps settings that allow the customization of MPA reviews -- see go/use-mpa. |
|---|
| id | MultiPartyAuthorizationConfig |
|---|
| properties | | approvalCacheDuration | | description | If set, this field represents the duration for which a transaction stays valid after it enters the ALL_APPROVALS_GRANTED state. After this duration passes, the transaction expires. If not set, a sensible default is chosen by the backend. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| reviewGuidance | | description | Guidance that will be given to reviewers when asked to review an MPA request for this role binding. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| MultiPartyAuthorizationConfigV1 | | description | Configures per-request Multi-party Authorization (MPA). This message wraps settings that allow the customization of MPA reviews -- see go/use-mpa. |
|---|
| id | MultiPartyAuthorizationConfigV1 |
|---|
| properties | | approvalCacheDuration | | description | If set, this field represents the duration for which a transaction stays valid after it enters the ALL_APPROVALS_GRANTED state. After this duration passes, the transaction expires. If not set, a sensible default is chosen by the backend. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| preferredReviewers | | description | Users who should be assigned automatically to a Multi-Party Authorization (MPA) review. Values must be prod usernames (e.g., "sergey"). Note that this field only indicates a reviewer preference, and reviewers must also be granted permission to approve using the `reviewers` field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| preferredReviewersFromRotations | | description | One or more oncall rotations in go/alertmanager that are used when assigning MPA reviewers for a request. The primary oncall from each of these rotations will normally be assigned to review. Note that this field only indicates a reviewer preference, and reviewers must also be granted permission to approve using the `reviewers` field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| reviewGuidance | | description | Guidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed. |
|---|
| type | string |
|---|
|
|---|
| reviewers | | description | The set of users who can review multi-party authorization requests. Entries in this field should be one of "mdb:xxx" "user:yyy@prod.google.com" This is a subset of go/rpcsp-reference-guide#Rule.in |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| NamePart | | description | The name of the uninterpreted option. Each string represents a segment in a dot-separated name. is_extension is true iff a segment represents an extension (denoted with parentheses in options specs in .proto files). E.g.,{ ["foo", false], ["bar.baz", true], ["moo", false] } represents "foo.(bar.baz).moo". |
|---|
| id | NamePart |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| NetworkConfig | | description | Describes the network configuration for a new tenant project. |
|---|
| id | NetworkConfig |
|---|
| properties | | description | | description | Description of the network to be inserted. |
|---|
| type | string |
|---|
|
|---|
| network | | description | Name of the network to be created. It will be created in "custom" mode. This field has exactly the same format as the "name" field in the Compute Engine networks insert method https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert#request-body |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| NodeSettings | | description | Settings for Node client libraries. |
|---|
| id | NodeSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OAuthRequirements | | description | OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf. OAuth scope specifications should be fairly coarse grained; a user will need to see and understand the text description of what your scope means. In most cases: use one or at most two OAuth scopes for an entire family of products. If your product has multiple APIs, you should probably be sharing the OAuth scope across all of those APIs. When you need finer grained OAuth consent screens: talk with your product management about how developers will use them in practice. Please note that even though each of the canonical scopes is enough for a request to be accepted and passed to the backend, a request can still fail due to the backend requiring additional scopes or permissions. |
|---|
| id | OAuthRequirements |
|---|
| properties | | allowAnyScope | | description | UNIMPLEMENTED: If enabled, ESF will allow OAuth credentials with any scope, more details in http://go/esf-oauth-any-scope. WARNING: Enabling this option will bring security risks. Customers enabling this feature accidentally may have the risk of losing authentication enforcement. Please reach out to api-auth@ and esf-team@ for approval and allowlisting before you enable this option. |
|---|
| type | boolean |
|---|
|
|---|
| canonicalScopes | | description | The list of publicly documented OAuth scopes that are allowed access. An OAuth token containing any of these scopes will be accepted. Example: canonical_scopes: https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.read |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OauthScopeAssertion | | description | OauthScopeAssertion asserts that a request was performed with a credential obtained from oauth token with one of the allowed scopes. If a credential is not based on oauth token, assertion passes iff allow_non_oauth is set to true. |
|---|
| id | OauthScopeAssertion |
|---|
| properties | | allowNonOauth | | description | Iff true, permits traffic not originating from OAuth-authenticated APIs. Required. |
|---|
| type | boolean |
|---|
|
|---|
| allowScope | | description | The set of acceptable OAuth scope codes, at least one of which must be present in the OAuth token for traffic originating from an OAuth-authenticated API. NOTE: Scope owner approval is required before creating such an assertion, go/scope-owner-approval. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OneofDescriptorProto | | description | Describes a oneof. |
|---|
| id | OneofDescriptorProto |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| OneofOptions | | id | OneofOptions |
|---|
| properties | | uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Operation | | description | This resource represents a long-running operation that is the result of a network API call. |
|---|
| id | Operation |
|---|
| properties | | done | | description | If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. |
|---|
| type | boolean |
|---|
|
|---|
| error | | $ref | Status |
|---|
| description | The error result of the operation in case of failure or cancellation. |
|---|
|
|---|
| metadata | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. |
|---|
| type | object |
|---|
|
|---|
| name | | description | The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. |
|---|
| type | string |
|---|
|
|---|
| response | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OperationAvailabilityCriteria | | description | Future parameters for a latency threshold SLI of Long Running Operation APIs. |
|---|
| id | OperationAvailabilityCriteria |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| OperationLatencyCriteria | | description | Parameters for a latency threshold SLI of Long Running Operation APIs. |
|---|
| id | OperationLatencyCriteria |
|---|
| properties | | latencyExperience | | description | Customer latency experience of operations that meet the latency threshold. |
|---|
| enum | - LATENCY_EXPERIENCE_UNSPECIFIED
- DELIGHTING
- SATISFYING
- ANNOYING
|
|---|
| enumDescriptions | - Unspecified latency experience.
- Super fast responses, representing a great product experience. The recommended SLO goal is 0.5.
- Nominally fast responses. The recommended SLO goal is 0.5, 0.9 or 0.95.
- Responses are slower than SATISFYING, but still acceptable. Usually the goal is 0.99.
|
|---|
| type | string |
|---|
|
|---|
| threshold | | description | Good service is defined to be the count of requests made to this service that return in no more than `threshold`. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OperationRule | | description | A OperatioRule provides operation info configuration for an individual API method. |
|---|
| id | OperationRule |
|---|
| properties | | lroMetadataType | | description | The fully-qualified message name of the metadata type for this long-running operation. Can only be set for methods returning long-running operation. |
|---|
| type | string |
|---|
|
|---|
| lroResponseType | | description | The fully-qualified message name of the primary return type for this long-running operation. This type will be used to deserialize the LRO's response. Can only be set for methods returning long-running operation. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Operations | | description | Configuration for operations returned by API methods of this service. |
|---|
| id | Operations |
|---|
| properties | | rules | | description | A list of OperationRules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Option | | description | A protocol buffer option, which can be attached to a message, field, enumeration, etc. |
|---|
| id | Option |
|---|
| properties | | name | | description | The option's name. For protobuf built-in options (options defined in descriptor.proto), this is the short name. For example, `"map_entry"`. For custom options, it should be the fully-qualified name. For example, `"google.api.http"`. |
|---|
| type | string |
|---|
|
|---|
| value | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | The option's value packed in an Any message. If the value is a primitive, the corresponding wrapper type defined in google/protobuf/wrappers.proto should be used. If the value is an enum, it should be stored as an int32 value using the google.protobuf.Int32Value type. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OrgPolicy | | description | This message defines OrgPolicy config applicable to a certain field or method. |
|---|
| id | OrgPolicy |
|---|
| properties | | constraint | | description | Specifies an OrgPolicy constraint applicable to a resource. For example, "constraints/gcp.allowedServices" means the field contains a service name that must conform to the allowed services constraint. For policies that can not be expressed by field annotations, they need to be handled by service backend manually. |
|---|
| type | string |
|---|
|
|---|
| enabled | | description | Control for dynamically enabling/disabling this constraint. Some horizontals require the ability to conditionally enforce a constraint depending on the values of certain attributes. This config element allows the expression of such conditions. The value is a go/cel expression on the attributes of objects supported by CPE for data binding. CPE runtime evaluates this expression during the request flow of a given API call and enforces this constraint only if it evaluates to true. The horizontal backend will only be called if the constraint evaluates to true as well, otherwise is it not invoked. E.g. `enabled: "!has(cpe.request.field1)"` causes the associated constraint to be enforced only if the request proto has `field1` set. As a more detailed example, CMEK org policy requires one constraint to be executed if the CMEK key is passed by the user, and a different constraint if it is not passed. It is expressed using this config as: org_policies { constraint: "constraint1" // A go/cel expression that evaluates to true // only when the CMEK key is _not_ sent by user. enabled: "!has(cpe.request.kms_key_name)" ... } org_policies { constraint: "constraint2" // A go/cel expression that evaluates to true // only when the CMEK key _is_ sent by user. enabled: "has(cpe.request.kms_key_name)" .... } See go/cmek-org-policy-enforcement-in-cpe for design. CURRENTLY SUPPORTED DATA BINDINGS AND CEL FUNCTIONS Currently, only attributes of `cpe.request`, which refers to the request proto, are supported for binding in the CEL expression. However, `cpe` prefixed objects are private to CPE; they are not available for data binding by regular One Platform service configs. Open support for binding to `google.rpc.context.AttributeContext` is a likely candidate in the future but is unavailable now ([reach out](https://yaqs.corp.google.com/eng/q/new?tag=api-policy) to us if/when you need it). Currently, only the CEL has() macro, and the function logical not (!) are supported for the CMEK Org Policy use case. This list will be expanded as more use cases are identified. IN DEVELOPMENT, DO NOT USE until b/190665943 is resolved. |
|---|
| type | string |
|---|
|
|---|
| valueExtractors | | description | [RE2](https://github.com/google/re2/wiki/Syntax) regex strings to extract the value to check from the field value pointed by `value_selector` for list constraint. It must *not* be set for boolean constraint. If empty, the full field value will be used. Otherwise, each regex string must contain exactly one capturing group that contains the value to check against this OrgPolicy constraint. If multiple regex strings are specified, the full field value will be matched against each of the regex string in the order that they are specified here, and the first match will be used to extract the value to check against this list constraint. For example, if the field pointed by `value_selector` is expected to have value in the format of `projects/*/locations/*/jobs/*` or `organization/*/locations/*/jobs/*` (i.e. it's a resource name), and we need to extract the location value, the proper `value_extractors` should be following (in the format of yaml): value_extractors: - ^projects/[^/]+/locations/([^/]+)/jobs/[^/]+$ - ^organization/[^/]+/locations/([^/]+)/jobs/[^/]+$ |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| valueSelector | | description | Field path to the message field that contains the value to check for a list constraint. The following formats of value_selector are supported: - Request message fields list: A comma separated list of field paths to request message. Example: "key.name,region". - Special-cased value `$Attribute:AttributeContext.api.service` This is a reserved special value to refer to API service name from AttributeContext(go/api-attributes) message. This field must *not* be set for boolean constraint. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| OsidDomainAssertion | | description | OsidDomainAssertion asserts that a request was performed with one of the allowed OSID domains. |
|---|
| id | OsidDomainAssertion |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Page | | description | Represents a documentation page. A page can contain subpages to represent nested documentation set structure. |
|---|
| id | Page |
|---|
| properties | | content | | description | The Markdown content of the page. You can use (== include {path} ==) to include content from a Markdown file. The content can be used to produce the documentation page such as HTML format page. |
|---|
| type | string |
|---|
|
|---|
| name | | description | The name of the page. It will be used as an identity of the page to generate URI of the page, text of the link to this page in navigation, etc. The full page name (start from the root page name to this page concatenated with `.`) can be used as reference to the page in your documentation. For example: pages: - name: Tutorial content: (== include tutorial.md ==) subpages: - name: Java content: (== include tutorial_java.md ==) You can reference `Java` page using Markdown reference link syntax: `Java`. |
|---|
| type | string |
|---|
|
|---|
| subpages | | description | Subpages of this page. The order of subpages specified here will be honored in the generated docset. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Parameter | | description | Represents an HTTP path or query parameter and constraints on them. The constraints are optional, but when specified are enforced by TEX. |
|---|
| id | Parameter |
|---|
| properties | | defaultValue | | description | Default value for the parameter. TEX will try to fill the frontend request field with the default value if this config is provided and the value is not set in the request. |
|---|
| type | string |
|---|
|
|---|
| maxValue | | description | The upper bound for a parameter value with number type. E.g. 25. The check for the upper bound will be enforced in TEX. Proto3 doesn't have has check for primitive field, while the max_value could be set to 0 intentionally. We need to distinguish the default value and the actual value using wrapper type. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| minValue | | description | The lower bound for a parameter value with number type. E.g. 1. The check for the lower bound will be enforced in TEX. Proto3 doesn't have has check for primitive field, while the min_value could be set to 0 intentionally. We need to distinguish the default value and the actual value using wrapper type. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| path | | description | The relative path to the frontend proto field mapped to this parameter. E.g. "child1", "child2.child3", etc. |
|---|
| type | string |
|---|
|
|---|
| pattern | | description | The regex pattern for a string type parameter. E.g. "[a-zA-Z_]+" The parameter value need to match the regex expression, and the check will be enforced in TEX. |
|---|
| type | string |
|---|
|
|---|
| repeated | | description | Boolean indicating whether the parameter may be specified multiple times. For example, a repeated query parameter could be sent as: ?param=a¶m=b |
|---|
| type | boolean |
|---|
|
|---|
| required | | description | Indicates if the parameter is required. A path parameter is always required. A query parameter is required only if explicitly specified. The check for requirement will be enforced in TEX. |
|---|
| type | boolean |
|---|
|
|---|
| type | | description | The parameter type of the parameter. Needed to correctly parse the value. |
|---|
| enum | - PARAMETER_TYPE_UNSPECIFIED
- STRING
- BOOLEAN
- INT32
- INT64
- UINT32
- UINT64
- FLOAT
- DOUBLE
- BYTES
- DATETIME
- DATE
- ETAG
|
|---|
| enumDescriptions | - These types are actually formats of string.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ParameterConfig | | description | This is used to override field-specific settings when that field is used as a request parameter for this method. TODO(b/147109988) Investigate whether there should be any merging between per-field constraints and per-method parameter config for the the overlapping set of fields. Or, if has(parameter config), then ignore the per-field constraints? |
|---|
| id | ParameterConfig |
|---|
| properties | | constraintConfig | | $ref | FieldConstraintConfig |
|---|
| description | Configuration overrides for describing the field in the context of the containing method's request parameters. This goes into the "parameters" section in the method's "request" schema in the discovery doc. |
|---|
|
|---|
| isRepeated | | description | Boolean indicating whether the parameter may be specified multiple times. For example, a repeated query parameter could be sent as: ?param=a¶m=b This flag will be used by TEX runtime during parameter validation. |
|---|
| type | boolean |
|---|
|
|---|
| isRequired | | description | Indicates if this parameter is required. A path parameter is always required. A query parameter is required only if explicitly specified. This setting will affect the TEX runtime and documentation artifacts like the discovery doc. |
|---|
| type | boolean |
|---|
|
|---|
| paramName | | description | Name of the query or path parameter. This should be the name as the user sees it (generally the json_name of the corresponding proto field). |
|---|
| type | string |
|---|
|
|---|
| type | | description | Next: 6 |
|---|
| enum | - PARAMETER_TYPE_UNSPECIFIED
- STRING
- BOOLEAN
- INT32
- INT64
- UINT32
- UINT64
- FLOAT
- DOUBLE
- BYTES
- DATETIME
- DATE
- ETAG
|
|---|
| enumDescriptions | - These types are actually formats of string.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ParameterRule | | description | Method level rule for a method's parameters definitions. |
|---|
| id | ParameterRule |
|---|
| properties | | parameters | | description | The complete list of HTTP path and query parameters for this method and constraints on them. Constraints are optional. Template methods such as {@link com.google.tech.env.services.mediation.tex.template.ext.LinkMethod} require the full list of parameters to generate their outputs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PeerSecurityRealmCondition | | description | A condition applying to the RPC peer's security realm. |
|---|
| id | PeerSecurityRealmCondition |
|---|
| properties | | alwaysAllowPersons | | $ref | Empty |
|---|
| description | Matches any prod person user from any realm (or no realm). |
|---|
|
|---|
| guardianRealms | | $ref | Empty |
|---|
| description | Matches guardian realms of the local campus. See go/security-realms-glossary#guardian |
|---|
|
|---|
| includes | | description | User-specified variables for templated peer security realm. The variables are resolved through supplying instantiation with matching keys. Ex: includes: 'custom-realm' WARNING: this field is only supported for policies in the RpcSP central repo (google3/configs/security/rpcsp). See go/rpcsp2-templating for usage. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| localCampus | | $ref | Empty |
|---|
| description | Matches the local realm. |
|---|
|
|---|
| localCloudRegion | | $ref | Empty |
|---|
| description | Matches all security realms in the local cloud region. See go/cloud-region-names. |
|---|
|
|---|
| localMetro | | $ref | Empty |
|---|
| description | Matches all security realms in the local metro. |
|---|
|
|---|
| localProdRegion | | $ref | Empty |
|---|
| description | Matches all security realms in the local prod region. See go/prod-zones#prod-region. |
|---|
|
|---|
| realms | | description | Matches if the realm is in this list of realms and realm groups. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PeerUserCondition | | description | Condition to limit peer identities used with this binding. This shouldn't be confused with limiting the authority used. For example, attaching this condition on to a NORMAL_USER binding will control the peer (the frontend that presented an EUC) rather than the normal user. |
|---|
| id | PeerUserCondition |
|---|
| properties | | includes | | description | User-specified variables for templated peer user. The variables are resolved through supplying instantiation with matching keys. Ex: includes: 'frontend-peer' WARNING: this field is only supported for policies in the RpcSP central repo (google3/configs/security/rpcsp). See go/rpcsp2-templating for usage. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| localProdGroups | | description | Matches if the peer user is a member of any of the given local prod groups (for use by special low-dependency services -- go/aclrep-ld) |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodGroups | | description | Matches if the peer user is a member of any of the given prod ("MDB") groups. Specified without suffix and with the @prod.google.com suffix implied (e.g., 'foo-readers'). More info: go/ganpati2-faq#ganpati-chubby. go/ganpati-expansion#chubby-expansion |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodUsers | | description | Matches if the peer user is any of the given prod users. Specified without prefix and with @prod.google.com suffix. implied (e.g., 'gmail-lookup-batch' or 'sundar'). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| self | | $ref | Empty |
|---|
| description | Matches if the peer user is the same as the user the service is running as. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PhpSettings | | description | Settings for Php client libraries. |
|---|
| id | PhpSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Policy | | description | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). |
|---|
| id | Policy |
|---|
| properties | | auditConfigs | | description | Specifies cloud audit logging configuration for this policy. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| bindings | | description | Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| etag | | description | `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. |
|---|
| format | byte |
|---|
| type | string |
|---|
|
|---|
| rules | | description | If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| version | | description | Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PolicyBinding | | description | Translates to IAM Policy bindings (without auditing at this level) |
|---|
| id | PolicyBinding |
|---|
| properties | | members | | description | Uses the same format as in IAM policy. `member` must include both a prefix and ID. For example, `user:{emailId}`, `serviceAccount:{emailId}`, `group:{emailId}`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| role | | description | Role. (https://cloud.google.com/iam/docs/understanding-roles) For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PolicyCallback | | description | The API backend configuration for the policy callback. |
|---|
| id | PolicyCallback |
|---|
| properties | | locationExtractor | | description | Optional. A string that defines how the location can be extracted from the resource name `pattern`. Example: resource_patterns: | "projects/{project}/locations/{location}/shelves/{shelf}" location_extractor: "{location}" If this field is set, resource_patterns must be set and contains at least one item. |
|---|
| type | string |
|---|
|
|---|
| policyCallbackAddress | | description | The address that a google3 service can call to retrieve metadata of a resource for this type. This is reachable by remote callers other than the policy enforcer that running along with your service. This is only needed if your service provides extra resource attirbutes for this resource type. Always append "?rpc_service_name=" after the address. Service renaming is supported. |
|---|
| type | string |
|---|
|
|---|
| policyCallbackBackendAddress | | description | The address that ESF calls to resolve a resource. This is only needed if your service needs to provide extra resource attributes for this resource type during runtime policy enforcement. Always append "?rpc_service_name=" after the address. Service renaming is supported. |
|---|
| type | string |
|---|
|
|---|
| resourcePatterns | | description | Optional. The relative resource name pattern associated with the resource type in this policy callback config. The pattern syntax aligns with the pattern field in google.api.resource.ResourceNameDescriptor. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| resourceType | | description | The resource type. It must be defined in the `resource` section. The format is {service_name}/{resource_type_kind}. Example: `storage.googleapis.com/Bucket` Wildcard is only allowed after the forward slash. It refers to all the resources defined under that service. No other type of wildcards are supported. Example: `storage.googleapis.com/*` NOTE: This field can not be specified together with the 'selector' field |
|---|
| type | string |
|---|
|
|---|
| selector | | description | DO NOT USE (still under implementation). Selects the methods to which this policy callback configuration applies. Refer to selector for syntax details. NOTE: This field can not be specified together with the 'resource_type' field |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PolicyRequirement | | description | EXPERIMENTAL -- EXPECT FURTHER CHANGE Requirements that an RpcSecurityPolicy is expected to satisfy. |
|---|
| id | PolicyRequirement |
|---|
| properties | | axtLevel | | enum | - AXT_LEVEL_UNSPECIFIED
- AXT_L1
- AXT_L2
- AXT_L3
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAdsData | | description | Next ID: 12 |
|---|
| id | PrivacyDataGovernanceAttributesAdsData |
|---|
| properties | | anonymizationBugId | |
|---|
| dataCategory | | enum | - UNKNOWN_CATEGORY
- OTHER_CATEGORY
- NON_USER_DATA
- ANONYMIZED_USER_DATA
- INDIVIDUAL_USER_DATA
|
|---|
| enumDescriptions | - Do not use.
- Deprecated with no successor; do not use.
- Important: This value should only be applied with an approval from PWG Anon or through go/anon-tree.
|
|---|
| type | string |
|---|
|
|---|
| dataOrigin | | items | | enum | - DATA_ORIGIN_UNKNOWN
- DO_SEARCH
- DO_YOUTUBE
- DO_GMAIL
- DO_PLAY
- DO_SEARCH_ADS
- DO_YOUTUBE_ADS
- DO_GMAIL_ADS
- DO_PLAY_ADS
- DO_FEEDS_ADS
- DO_HULK
- DO_CHROME
- DO_ACCOUNT
- DO_DEVICE
- DO_NETWORK
- DO_PLATFORM
- DO_GOOGLE_ANALYTICS
- DO_ADVERTISER_1P
- DO_PUBLISHER_1P
- DO_ADS_INDUSTRY_ORG
- DO_LENS
- DO_GOOGLE_ASSISTANT
- DO_GOOGLE_TV_ADS
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| dataType | | items | | enum | - DATA_TYPE_UNKNOWN
- DT_SPII_IDENTIFIER
- DT_PII_IDENTIFIER
- DT_PSEUDONYMOUS_IDENTIFIER
- DT_ID_LINK
- DT_PRIVACY_CONTROL
- DT_SETTING
- DT_INSTALL
- DT_VISIT
- DT_QUERY
- DT_VIEW
- DT_CLICK
- DT_PURCHASE
- DT_AD_REQUEST
- DT_AD_BID
- DT_AD_CONVERSION
- DT_LOCATION
- DT_USER_FEEDBACK_INSTRUCTIONS
- DT_USER_GENERATED_CONTENT
- DT_DEMOGRAPHICS
- DT_BEHAVIORAL_USER_PROFILE
- DT_NON_SEMANTIC_USER_LIST
- DT_DEVICE_INFO
- DT_ATTRIBUTION
- DT_REACH
- DT_ENGAGEMENT
- DT_LIFT
- DT_REPORT
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| environment | | enum | - UNKNOWN_ENV
- OTHER_ENV
- PRODUCTION_ENV
- STAGING_ENV
- TESTING_ENV
- DEVELOPMENT_ENV
|
|---|
| enumDescriptions | - Do not use.
- Deprecated, with no successor. Do not use.
|
|---|
| type | string |
|---|
|
|---|
| eventualAction | | enum | - EVENTUAL_ACTION_UNSPECIFIED
- EVENTUALLY_ANONYMIZE
- EVENTUALLY_DELETE
|
|---|
| enumDescriptions | - Do not use.
- Important: This value should only be applied with an approval from PWG Anon or through go/anon-tree.
|
|---|
| type | string |
|---|
|
|---|
| identifier | | enum | - UNKNOWN_IDENTIFIER
- GAIA_ID
- END_USER_EMAIL
- USERNAME
- EMAIL_ADDRESS
- EMPLOYEE_USERNAME
- EMPLOYEE_ID
- APPLICANT_ID
- CANDIDATE_ID
- DASHER_CUSTOMER_ID
- FIBER_ID
- ADVERTISER_ID
- GOOGLE_ANALYTICS_ID
- PHONE_NUMBER
- ZWIEBACK_ID
- YOUTUBE_VISITOR_ID
- AVOCADO_ID
- DORITOS_ID
- BISCOTTI_ID
- AUID
- GA_CLIENT_ID
- BILATERAL_ID
- PER_APP_ID
- ANDROID_ID
- WESTINGHOUSE_ID
- MOBILE_BISCOTTI_ID
- APC_ID
- CLOUD_PROJECT_ID
- YOUTUBE_CHANNEL_ID
- YOUTUBE_EXTERNAL_USER_ID
- YOUTUBE_SURROGATE_USER_ID
- YOUTUBE_EXTERNAL_CHANNEL_ID
- YOUTUBE_SURROGATE_CHANNEL_ID
- YOUTUBE_EXTERNAL_POST_ID
- YOUTUBE_SURROGATE_POST_ID
- YOUTUBE_EXTERNAL_BROWSE_ID
- YOUTUBE_EXTERNAL_OFFER_SHORT_ID
- YOUTUBE_SURROGATE_OFFER_SHORT_ID
- YOUTUBE_EXTERNAL_VIDEO_ID
- YOUTUBE_SURROGATE_VIDEO_ID
- YOUTUBE_EXTERNAL_PLAYLIST_ID
- YOUTUBE_SURROGATE_PLAYLIST_ID
- YOUTUBE_EXTERNAL_VIDEO_DOC_ID
- YOUTUBE_EXTERNAL_VIDEO_RAW_ID
- YOUTUBE_VIDEO_ID
- PAYMENTS_CUSTOMER_ID
- PUBLISHER_ID
- PUBLISHER_SESSION_ID
- FITBIT_USER_ID
- STUDY_PARTICIPANT_ID
- CLOUD_ORGANIZATION_ID
- CLOUD_PROJECT_NAME
- CLOUD_PROJECT_NUMBER
- SERIAL_MAC_ID
- THREAD_MAC_ID
- WEAVE_DEVICE_ID
- CAMERA_UUID
- ARES_ID
- IP_ADDRESS
- NEST_USER_ID
- NEST_STRUCTURE_ID
- VERILY_STUDY_ID
- VERILY_PARTICIPANT_ID
- VERILY_REGISTRY_ID
- VERILY_SUBSCRIBER_ID
- VERILY_CUSTOMER_ID
- VERILY_AGREEMENT_ID
- VERILY_LOG_ID
- VERILY_DEVICE_ID
- RAW_GFP_SESSION_ID
- TIME_CAPPED_GFP_SESSION_ID
- IDENTIFIER_AGNOSTIC
- NO_IDENTIFIER
- OTHER_ID
|
|---|
| enumDescriptions | - Includes obfuscated GAIA ID (please specify if relevant).
- go/darreq
- go/darreq
- go/darreq
- go/darreq
- Per Advertiser first party user id.
- Google Analytics 1p pseudonymous user identifier.
- Publisher Advertiser Identity Reconciliation Identifier. go/pair-prd, go/uls-bilateral-id
- Per App ID is a unique ID per .
- Android ID is used by the Play team (not Ads). It's an ID used to identify the device for non-Ads purposes. Their retention time is the lifetime of the device.
- Westinghouse ID is the identifier used for Instant Apps.
- Biscotti ID on all mobile platforms. Replaces IDFA, AD_ID, and MBISCOTTI_ID.
- Ads Partitioned Cookie Id: go/ads-partitioned-cookie-design
- More info on Publisher ID: http://doc/149ReaihmbB-pN4-2E6RQRCaC8DUR5iGD9i_cSy0EvsA#heading=h.ja91vfybq4l8 http://google3/storage/datapol/annotations/proto/semantic_annotations.proto?l=247-248&rcl=244283617
- More info on Publisher Session ID: http://google3/contentads/drx/fe/proto/logging/activity/drx_fe_activity_log_entry.proto?l=53&rcl=235855113
- IDs 29-34 are used by the Nest PA
- END: Nest specific identifiers START: Verily specific identifiers Unique identifier for subjects enrolled in a clinical study
- Unique identifier for participants enrolled in a UX study
- Unique identifier for individuals who have opted in for communications regarding future study opportunities
- Unique identifier for individuals who have opted in for communications regarding Verily products and services
- Unique identifier for existing or prospective customers of Verily's direct-to-consumer products and services
- Unique identifier for each agreement with enterprise customers, partners, JVs, or other external organizations
- Unique identifier for Verily-managed audit log entries
- Unique identifier for direct-to-consumer devices that collect and / or transmit data
- END: Verily specific identifiers Unique identifier with the form “gfp_network_id,sessionid” (http://shortn/_bHCksnZHWE), used to retrieve corresponding time_capped_gfp_session_id (http://shortn/_fLHa5BgUXp) No correlated enum type in identifiers.proto since the usage of this identifier is low: go/dg-classification-gfp-session-id
- Unique identifier (http://shortn/_fLHa5BgUXp) used to provide session_id-based frequency capping. More details: go/session-id-fcap-oz-design No correlated enum type in identifiers.proto since the usage of this identifier is low: go/dg-classification-gfp-session-id
- Data may have multiple identifiers mixed in, but none of them drive the retention timeframe.
- Data stripped of a primary identifier, but not fully anonymized.
- Other ID (please specify).
|
|---|
| type | string |
|---|
|
|---|
| survey402 | | $ref | PrivacyDataGovernanceAttributesAdsDataSurvey402 |
|---|
|
|---|
| usagePurpose | | enum | - UNKNOWN_USAGE_PURPOSE
- OTHER_USAGE_PURPOSE
- REVENUE_GENERATION
- SPAM_AND_SECURITY
- PRODUCT_IMPROVEMENT
- COMPLIANCE
- DISPUTE_RESOLUTION
- LITIGATION_HOLD
|
|---|
| enumDescriptions | - Do not use.
- Deprecated with no successor; do not use.
|
|---|
| type | string |
|---|
|
|---|
| userContract | | enum | - USER_CONTRACT_UNSPECIFIED
- SURVEY_402_QUESTION_AND_ANSWER
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| userType | | enum | - UNKNOWN_USER_TYPE
- OTHER_USER_TYPE
- INTERNAL_GOOGLER
- CUSTOMER
- END_USER
- PARTNER
- VENDOR
|
|---|
| enumDescriptions | - Do not use.
- Deprecated with no successor; do not use.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAdsDataSurvey402 | | description | Deprecated: Please use user_contract. None of the fields in this message are documented because they are wholly unused. |
|---|
| id | PrivacyDataGovernanceAttributesAdsDataSurvey402 |
|---|
| properties | | surveyDataSource | | enum | - OTHER_SURVEY_DATA_SOURCE
- GOOGLE_OPINION_REWARDS
- WEB_PLATFORM
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| surveyDataType | | enum | - NON_SURVEY_DATA_TYPE
- OTHER_SURVEY_DATA_TYPE
- SURVEY_QUESTION_AND_ANSWER
- SURVEY_SERVING_DATA
- USER_PROFILE_DATA
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAdsProcess | | description | Next ID: 5 For all annotations in this proto, please only identify information your job deals with directly. Do not identify things your job deals with indirectly though another job. If your job sends or receives data from outside of Google, only identify those data that you get directly from external entities, not those data you get from another job that interact with external entities. If your job gets data from other PA, only count the data you receive from job in a different PA directly to you. For example, if Android sends data to another job in Ads, then that job sends the data to your job. Then your job is getting the data only from Ads, not Android. Same for job purpose, if you job outputs data that can be used for payment or spam, but you don't do payment or spam directly, then they shouldn't be part of your job rocessing purpose. |
|---|
| id | PrivacyDataGovernanceAttributesAdsProcess |
|---|
| properties | | dataReceivedFromOutsideGoogle | | $ref | PrivacyDataGovernanceAttributesAdsProcessExternallyExchangedData |
|---|
| description | What kind of data are we receiving directly from outside of Google? And who and what are we dealing with? |
|---|
|
|---|
| dataSentOutsideGoogle | | $ref | PrivacyDataGovernanceAttributesAdsProcessExternallyExchangedData |
|---|
| description | What kind of data are we sending directly to outside of Google? And who and what are we dealing with? |
|---|
|
|---|
| intendedJobPurposes | | description | What is the job intended to process? What is the purpose? |
|---|
| items | | enum | - JOB_PROCESSING_PURPOSE_UNKNOWN
- JOB_PROCESSING_PURPOSE_OTHER
- PRIVACY_AND_SECURITY
- PRIVACY_AND_SECURITY_AUTHENTICATION_AUTHORIZATION_AUDIT_ENCRYPTION
- PRIVACY_AND_SECURITY_POLICY_ENFORCEMENT
- PRIVACY_AND_SECURITY_INTERNAL_FACING_SECURITY_AND_PRIVACY
- PRIVACY_AND_SECURITY_EXTERNAL_FACING_SECURITY_AND_PRIVACY
- INFRASTRUCTURE
- INFRASTRUCTURE_JOB_MANAGEMENT
|
|---|
| enumDescriptions | - Unannotated default only, please do not annotate with this field.
- Do not use this field without talking to dapt_internal_control@ first.
- Job processing purpose falling under "Privacy and security" Start a new enum range for privacy job purpose categories, 10-19. Not all enum in the range have to be used, remaining undefined enums provides buffer for later additions.
- Job processing purpose falling under "Infrastructure". Start a new enum range for infrastructure jobs, 20-29.
- More job processing purpose definations to be added later.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| providingPa | | description | which other PAs provides user data directly to this job? Please only identify PA you get data from directly, not data you get indirectly though other services in Google. For example, if Android data went to another Ads job, then to your job, then you got the data from Ads, not Android. |
|---|
| items | | enum | - PA_UNKNOWN
- PA_NONE
- PA_ADS
- PA_ANDROID
- PA_APPS_GSUITE
- PA_BETS
- PA_CHROME
- PA_COMMS
- PA_CORP_ENG
- PA_DAYDREAM
- PA_FINANCE
- PA_FIREBASE
- PA_GBO
- PA_GCP
- PA_GPI
- PA_GEO
- PA_HARDWARE
- PA_JIGSAW
- PA_LEGAL
- PA_MARKETING
- PA_PAYMENTS
- PA_PHOTOS
- PA_PLAY
- PA_RESEARCH
- PA_SEARCH
- PA_TRAVEL
- PA_WAZE
- PA_YOUTUBE
|
|---|
| enumDescriptions | - Unannotated default only, please do not annotate with this field.
- This job does not get entity data from any other jobs. If the job is in Ads, and it gets the entity data from another Ads job, then you need to annotate with PA_ADS, not PA_NONE.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAdsProcessExternallyExchangedData | | description | Next ID: 5 |
|---|
| id | PrivacyDataGovernanceAttributesAdsProcessExternallyExchangedData |
|---|
| properties | | dataGroupings | | description | What kind of data grouping is this job exchanging directly with outside of Google? Is it individual data, aggregated data, anonymized data? |
|---|
| items | | enum | - UNKNOWN_CATEGORY
- OTHER_CATEGORY
- NON_USER_DATA
- INDIVIDUAL_USER_DATA
- ANONYMIZED_USER_DATA
- AGGREGATED_USER_DATA
|
|---|
| enumDescriptions | - Unannotated default only, please do not annotate with this field.
- Do not use this field without talking to dapt_internal_control@ first.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| dataProperties | | $ref | PrivacyDataGovernanceAttributesClassificationCategory |
|---|
| description | What kind of data are we sending or receiving directly from outside of Google? Location data, financial, payment.... TODO(seleneh) We want this field to include SPII, PII, child data, others, ....created b/141502030 for PDPO to add this. |
|---|
|
|---|
| entityDataType | | description | What kind of data is sent to outside of Google, or received from outside of Google? User data? Advertiser data? Publisher?... For example, if we are sending location data of the end user data to an advertiser, then the "end user data" is the entity data owner defined in this enum. |
|---|
| items | | enum | - UNKNOWN_ENTITY_DATA_EXCHANGED
- OTHER_ENTITY_DATA_EXCHANGED
- NO_ENTITY_DATA_EXCHANGED
- END_USER_DATA_EXCHANGED
- PUBLISHER_DATA_EXCHANGED
- ADVERTISER_DATA_EXCHANGED
|
|---|
| enumDescriptions | - Unannotated default only, please do not annotate with this field.
- Will add more fields later as needed
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| externalDataExchanger | | description | What kind of external entity is sending/receiving data directly to/from this job from outside of Google? |
|---|
| items | | enum | - ENTITY_TYPE_UNKNOWN_EXTERNAL_ENTITY
- ENTITY_TYPE_OTHER_ENTITY
- ENTITY_TYPE_NO_DIRECT_DATA_EXCHANGING_EXTERNAL_ENTITY
- ENTITY_TYPE_END_USER
- ENTITY_TYPE_ADVERTISER
- ENTITY_TYPE_PUBLISHER
- ENTITY_TYPE_PLATFORM
- ENTITY_TYPE_NETWORK
- ENTITY_TYPE_EXCHANGES
|
|---|
| enumDescriptions | - Unannotated default only, please do not annotate with this field.
- Do not use this field without talking to dapt_internal_control@ first.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAdsStorage | | description | Next ID: 5 |
|---|
| id | PrivacyDataGovernanceAttributesAdsStorage |
|---|
| properties | | customerControl | | enum | - NO_CUSTOMER_CONTROL
- OTHER_CUSTOMER_CONTROL
- ADVERTISER_CONTROL
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| retentionControl | | enum | - RETENTION_CONTROL_UNSPECIFIED
- CUSTOMER_CONTROL
- GRANULAR_USER_CONTROL
- INDIRECT_RETENTION_CONTROL
- SHORT_LIVED_RETENTION_CONTROL
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| ttlControl | | enum | - UNKNOWN_TTL_CONTROL
- OTHER_TTL_CONTROL
- KANSAS_GCLIFE
- JOB_DELETION
- INDIRECT_TTL
- FOOTPRINTS_TTL
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| userControl | | enum | - NO_USER_CONTROL
- OTHER_USER_CONTROL
- FOOTPRINTS_UI
- CUSTOM_SEARCH_ENGINE
- WHY_THIS_AD
- ADS_PREFERENCE_MANAGER
- GOOGLE_ANALYTICS
- MUTE_ADS
- GAIA_ACCOUNT_MANAGEMENT_SERVICE
- GOOGLE_SHOPPING
- GOOGLE_FLIGHTS
- GOOGLE_TRIPS
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAllowedLocations | | description | Locations in which data of the given type (source, semantic_context) is allowed to be stored, processed, and/or transferred. If multiple locations are specified, the set of allowed locations is their union. DEPRECATED: Instead of this, use message Residency. |
|---|
| id | PrivacyDataGovernanceAttributesAllowedLocations |
|---|
| properties | | locations | | items | | $ref | PrivacyDataGovernanceAttributesLocation |
|---|
|
|---|
| type | array |
|---|
|
|---|
| semanticContext | | enum | - CONTEXT_UNDEFINED
- CONTEXT_OTHER
- CONTEXT_METADATA
- CONTEXT_CONTENT
- CONTEXT_CORE_CONTENT
- CONTEXT_SECURITY_CONFIGURATION
- CONTEXT_CONFIGURATION
- CONTEXT_ATTRIBUTE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| source | | enum | - SOURCE_UNDEFINED
- SOURCE_OTHER
- SOURCE_GOOGLE
- SOURCE_OTHER_BETS
- SOURCE_GENERATED_TEST
- SOURCE_USER
- SOURCE_END_USER
- SOURCE_CUSTOMER
- SOURCE_CUSTOMER_OF_CUSTOMER
- SOURCE_ENTERPRISE_CUSTOMER
- SOURCE_PUBLIC
- SOURCE_THIRD_PARTY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotations | | description | DG attributes for annotating data in production systems. Please refer to go/dg-annotations for detailed description and instructions. LINT.IfChange() |
|---|
| id | PrivacyDataGovernanceAttributesAnnotations |
|---|
| properties | | annotationId | | description | Uniquely identifiable Id. go/annotations-id-doc |
|---|
| format | uint64 |
|---|
| type | string |
|---|
|
|---|
| custom | | $ref | PrivacyDataGovernanceAttributesAnnotationsCustom |
|---|
| description | Product-specific global annotations. This field is optional. |
|---|
|
|---|
| data | | $ref | PrivacyDataGovernanceAttributesAnnotationsData |
|---|
| description | Annotations regarding the semantic attributes of the data. |
|---|
|
|---|
| process | | $ref | PrivacyDataGovernanceAttributesAnnotationsProcess |
|---|
|
|---|
| rpc | | $ref | PrivacyDataGovernanceAttributesAnnotationsRpc |
|---|
|
|---|
| storage | | $ref | PrivacyDataGovernanceAttributesAnnotationsStorage |
|---|
|
|---|
| version | | description | The version of the annotation. See go/dg-annotations-version:dd |
|---|
| enum | |
|---|
| enumDescriptions | - This is a version used for the development of the version system.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsCustom | | description | Product-specific global annotations. |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsCustom |
|---|
| properties | | productionImpact | | $ref | PrivacyDataGovernanceAttributesProductionImpact |
|---|
| description | Annotations describing the production impact of this entity. See go/production-impact-annotations-design Production Impact Annotations schema were moved to a `reason` message inside Production Annotations. |
|---|
|
|---|
| productionInfrastructure | | $ref | PrivacyDataGovernanceAttributesProductionInfrastructure |
|---|
| description | Indicates if the entity is PROD/NONPROD and which product(s) it affects. See go/production-annotations |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsData | | description | Annotations regarding the semantic attributes of the data. These attributes remain valid regardless of where the data is stored or how it is managed. See: go/dg-classification Next tag: 12 |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsData |
|---|
| properties | | allowedLocations | | description | Locations in which the data is allowed to be stored, processed, and/or transferred. If multiple locations are specified, the set of allowed locations is their union per data type. DEPRECATED: Instead of this, use message Residency. |
|---|
| items | | $ref | PrivacyDataGovernanceAttributesAllowedLocations |
|---|
|
|---|
| type | array |
|---|
|
|---|
| anonymizationBugId | | description | The Buganizer ID of an approved PWG-Anonymization review (go/anon#start) which needs to be set if a dataset is annotated with any of the below: classification.Identifiability.IDENTIFICATION_ANONYMOUS classification.Pseudonymization. PSEUDONYMIZATION_PER_USER_NONSTANDARD PSEUDONYMIZATION_MULTI_USER_NONSTANDARD |
|---|
| format | uint64 |
|---|
| type | string |
|---|
|
|---|
| category | | $ref | PrivacyDataGovernanceAttributesClassificationCategory |
|---|
| description | Classification of assets with particularly sensitive information. See: go/dg-classification:categories |
|---|
|
|---|
| confidentiality | | description | The confidentiality describes who should have access to Google Data. See: - go/dcg. - go/dg-classification:confidentiality |
|---|
| enum | - CONFIDENTIALITY_UNDEFINED
- CONFIDENTIALITY_PUBLIC
- CONFIDENTIALITY_CONFIDENTIAL
- CONFIDENTIALITY_NEED_TO_KNOW
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| custom | | $ref | PrivacyDataGovernanceAttributesAnnotationsDataCustom |
|---|
| description | Product specific data annotations. |
|---|
|
|---|
| datasetTags | | description | Tag that can be used in annotations to describe a sensitive dataset. The order of the entries has no meaning. |
|---|
| items | | enum | - UNKNOWN_DATASET
- OTHER_DATASET
- HULK
- OOLONG
- PHOTOS_BACKEND_DATA
- PHOTOS_BACKEND_GMAIL_DATA
- PHOTOS_BACKEND_BENCHMARKS_DATA
- GMAIL_DATA
- LOCAL_REVIEWS
- DATASET_FOOTPRINTS_ASSISTANT_DATA
- DATASET_FOOTPRINTS_CHROME_DATA
- DATASET_FOOTPRINTS_LENS_DATA
- DATASET_FOOTPRINTS_PHOTOS_DATA
- DATASET_FOOTPRINTS_SPEECH_DATA
- DATASET_ASSISTANT_DATA
- DATASET_PAYMENTS_DATA
|
|---|
| enumDescriptions | - Using OTHER_DATASET will trigger a review by a DG team member and it means that DG needs to create a new Dataset tag.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| identifiability | | description | Data attribute that designates how the user/customer is identified by the data. See: go/dg-classification:identifiability |
|---|
| enum | - IDENTIFIABILITY_UNDEFINED
- IDENTIFIABILITY_IDENTIFIABLE
- IDENTIFIABILITY_PSEUDONYMOUS
- IDENTIFIABILITY_ANONYMOUS
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| identifiers | | description | Describe which types of identifiers the data may contain. See: - go/dg-classification:identifiers - go/dg-identifiers |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| productAssociation | | $ref | PrivacyDataGovernanceAttributesDataProductAssociation |
|---|
| description | Defines which product(s) this dataset is a part of. NOTE: this is a new attribute introduced in the context of go/dma. A default value is computed for it for every dataset. Do not set this attribute explicitly unless you've been specifically asked to. |
|---|
|
|---|
| pseudonymization | | description | Data attribute that designates if the pseudonymous data set is user aggregated, and how the data set is identified, and or not identified at all. See: go/dg-classification:pseudonymization |
|---|
| enum | - PSEUDONYMIZATION_UNDEFINED
- PSEUDONYMIZATION_PER_USER_UNAGGREGATED_PSEUDO_IDENTIFIED
- PSEUDONYMIZATION_PER_USER_UNAGGREGATED_DEIDENTIFIED
- PSEUDONYMIZATION_PER_USER_AGGREGATED_PSEUDO_IDENTIFIED
- PSEUDONYMIZATION_PER_USER_AGGREGATED_DEIDENTIFIED
- PSEUDONYMIZATION_MULTI_USER_AGGREGATED_WITH_ID_LISTS
- PSEUDONYMIZATION_MULTI_USER_AGGREGATED_WITH_ID_COUNTS
- PSEUDONYMIZATION_MULTI_USER_AGGREGATED_NO_IDS
- PSEUDONYMIZATION_PER_USER_NONSTANDARD
- PSEUDONYMIZATION_MULTI_USER_NONSTANDARD
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| semanticContext | | description | Describes how the data is used and seen in a project or product. If this annotation covers multiple contexts, this field should be set to the most sensitive semantic context value among them. The context categories from least to most sensitive are: `CONTEXT_METADATA` < `CONTEXT_ATTRIBUTE` < `CONTEXT_CONFIGURATION` < `CONTEXT_SECURITY_CONFIGURATION` < `CONTEXT_CORE_CONTENT` < `CONTEXT_CONTENT` See: go/dg-classification:semantic-context |
|---|
| enum | - CONTEXT_UNDEFINED
- CONTEXT_OTHER
- CONTEXT_METADATA
- CONTEXT_CONTENT
- CONTEXT_CORE_CONTENT
- CONTEXT_SECURITY_CONFIGURATION
- CONTEXT_CONFIGURATION
- CONTEXT_ATTRIBUTE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| source | | description | Describes who or what created or provided the data. It does not describe the data content. The order of the entries has no meaning. If more than one value is in the list, it means that the data is coming from at least one of the sources listed in here. For example: A separate database is used for development and it is a copy of the production database. Additional data is created as part of testing. In this case, the DG Annotations will be: ``` data { source: [SOURCE_USER, SOURCE_GENERATED_TEST] } ``` This means the data is a mix of production data (`SOURCE_USER`) and test data (`SOURCE_GENERATED_TEST`) which are the additional data created. See: go/dg-classification:source |
|---|
| items | | enum | - SOURCE_UNDEFINED
- SOURCE_OTHER
- SOURCE_GOOGLE
- SOURCE_OTHER_BETS
- SOURCE_GENERATED_TEST
- SOURCE_USER
- SOURCE_END_USER
- SOURCE_CUSTOMER
- SOURCE_CUSTOMER_OF_CUSTOMER
- SOURCE_ENTERPRISE_CUSTOMER
- SOURCE_PUBLIC
- SOURCE_THIRD_PARTY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsDataCustom | | description | Product specific data annotations. Custom extensions are used to express classifications for specific teams. They are not of general uses and they describe more precisely a classification which is only used into a specific PA. See: go/dg-classification:custom |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsDataCustom |
|---|
| properties | | ads | | $ref | PrivacyDataGovernanceAttributesAdsData |
|---|
|
|---|
| apps | | $ref | PrivacyDataGovernanceAttributesAppsData |
|---|
|
|---|
| assurant | | $ref | PrivacyDataGovernanceAttributesAssurantData |
|---|
|
|---|
| audio | | $ref | PrivacyDataGovernanceAttributesAudioData |
|---|
|
|---|
| encryptionKeyProperties | | $ref | PrivacyDataGovernanceAttributesEncryptionKeyProperties |
|---|
|
|---|
| essentialOnlyMode | | $ref | PrivacyDataGovernanceAttributesEssentialOnlyModeData |
|---|
|
|---|
| experimental | | $ref | PrivacyDataGovernanceAttributesExperimentalData |
|---|
| description | Experimental annotations by Data Governance team. In general, we prefer annotations that are widely applicable in the company (or a single PA). This message is introduced strictly for experimental purposes by the Data Governance teams (e.g., as we explore the right mapping between standard DG annotations and the relevant policies). |
|---|
|
|---|
| faceAuthentication | | $ref | PrivacyDataGovernanceAttributesFaceAuthenticationData |
|---|
|
|---|
| geo | | $ref | PrivacyDataGovernanceAttributesGeoData |
|---|
|
|---|
| medical | | $ref | PrivacyDataGovernanceAttributesMedicalData |
|---|
| description | DEPRECATED Use Shield sandbox instead (go/da-shield); |
|---|
|
|---|
| mlModel | | $ref | PrivacyDataGovernanceAttributesMlModelData |
|---|
|
|---|
| payments | | $ref | PrivacyDataGovernanceAttributesPaymentsData |
|---|
|
|---|
| photos | | $ref | PrivacyDataGovernanceAttributesPhotosData |
|---|
|
|---|
| residency | | items | | $ref | PrivacyDataGovernanceAttributesResidencyData |
|---|
|
|---|
| type | array |
|---|
|
|---|
| search | | $ref | PrivacyDataGovernanceAttributesSearchDataSpecs |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsProcess | | description | Annotations regarding the attributes of the data specific to a process (due to the underlying mechanism provided by the process). This field is optional. Per-system details: - Applicable only to objects of type process. Data sources: - Native annotations if the system supports it (e.g., Borg jobs) - Annotation configs otherwise |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsProcess |
|---|
| properties | | custom | | $ref | PrivacyDataGovernanceAttributesAnnotationsProcessCustom |
|---|
| description | Product-specific process annotations. |
|---|
|
|---|
| geoLocation | | $ref | PrivacyDataGovernanceAttributesAnnotationsProcessGeoLocation |
|---|
| description | Description of the geo-locations that could be manipulated by the process. |
|---|
|
|---|
| processingPurpose | | description | The purposes for the processing this process is doing. |
|---|
| items | | $ref | PrivacyDataGovernanceAttributesProcessingPurpose |
|---|
|
|---|
| type | array |
|---|
|
|---|
| serviceType | | enum | - UNKNOWN
- SERVER
- PASSTHROUGH
- LOAD_BALANCER
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsProcessCustom | | description | Product-specific process annotations. |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsProcessCustom |
|---|
| properties | | ads | | $ref | PrivacyDataGovernanceAttributesAdsProcess |
|---|
| description | Description of ads-specific information that can be manipulated by this process. Per-system details: - Applicable only if the process is owned by the Ads PA. |
|---|
|
|---|
| audio | | $ref | PrivacyDataGovernanceAttributesAudioProcess |
|---|
| description | Description of audio-specific information for the process, such as the usage purpose of the process. |
|---|
|
|---|
| essentialOnlyMode | | $ref | PrivacyDataGovernanceAttributesEssentialOnlyModeProcess |
|---|
| description | Description of EOM information for the process, such as the usage purpose of the process. See go/dg-classification:custom-essential-only-mode for details. |
|---|
|
|---|
| residency | | $ref | PrivacyDataGovernanceAttributesResidencyProcess |
|---|
| description | Do not use. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsProcessGeoLocation | | description | Description of the geo-locations that could be manipulated by the process. See go/dg-classification-location for more details. Per-system details: - Applicable only if the process handles geo-location data. |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsProcessGeoLocation |
|---|
| properties | | coarseningTransformation | | description | The type of transformation (if any) that was applied to the location data handled by this process. |
|---|
| enum | - COARSENING_TRANSFORMATION_UNDEFINED
- UNCOARSENED
- COARSENED_AT_3_PLUS_1_LEVEL
- COARSENED_AT_COUNTRY_LEVEL
- LOCATION_REMOVED
- LOCATION_FORWARDED
- COARSENING_TRANSFORMATION_OTHER
|
|---|
| enumDescriptions | - COARSENING_TRANSFORMATION_OTHER is to be used if none of the other enum values are a match. Please contact ppi-pattributes@ if you want to use this.
|
|---|
| type | string |
|---|
|
|---|
| locationType | | description | The type of location this process handles. |
|---|
| enum | - LOCATION_UNDEFINED
- CURRENT_USER_LOCATION
- HISTORICAL_USER_LOCATION
- NOT_A_USER_LOCATION
- LOCATION_OTHER
|
|---|
| enumDescriptions | - LOCATION_OTHER is to be used if none of the other enum values are a match. Please contact ppi-pattributes@ if you want to use this.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsRpc | | description | Annotations regarding the attributes of Rpc methods. |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsRpc |
|---|
| properties | | primaryForPortability | | $ref | PrivacyDataGovernanceAttributesPrimaryForPortability |
|---|
| description | Annotation of whether his RPC provides access to primary data for portability purposes. This field is optional. |
|---|
|
|---|
| reads | | $ref | PrivacyDataGovernanceAttributesAnnotationsData |
|---|
| description | The data this RPC method reads. Only needed to override the `annotations.data` field for reads, typically when the data accessed and the data read are different. Set to a default empty Data message to indicate no read: # A method that processes user data, but doesn't read any (e.g. a dumb proxy). data { source: SOURCE_USER } rpc { reads {} } |
|---|
|
|---|
| returns | | $ref | PrivacyDataGovernanceAttributesAnnotationsData |
|---|
| description | The data this RPC method returns. Only needed to override the `annotations.data` field for returns, typically when the data accessed and the data returned are different. Set to a default empty Data message to indicate no return: # A method that accesses user data, but doesn't return any. data { source: SOURCE_USER } rpc { returns {} } |
|---|
|
|---|
| serviceType | | enum | - UNKNOWN
- SERVER
- PASSTHROUGH
- LOAD_BALANCER
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| writes | | $ref | PrivacyDataGovernanceAttributesAnnotationsData |
|---|
| description | The data this RPC method writes. Only needed to override the `annotations.data` field for writes, typically when the data accessed and the data written are different. Set to a default empty Data message to indicate no write: # A method that accesses user data, but doesn't write any. data { source: SOURCE_USER } rpc { writes {} } |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsStorage | | description | Annotations regarding the attributes of the data specific to a storage system. This field is optional. It contains storage-specific attributes, that do not necessarily travel with the data. Per-system details: - Applicable only to objects of type storage. Data sources: - Native annotations if the system supports it (e.g., Spanner) - Annotation configs otherwise |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsStorage |
|---|
| properties | | custom | | $ref | PrivacyDataGovernanceAttributesAnnotationsStorageCustom |
|---|
| description | Product-specific storage annotations. |
|---|
|
|---|
| encryption | | $ref | PrivacyDataGovernanceAttributesEncryptionProperties |
|---|
| description | Encryption properties and status information. Typically only needed if the information cannot be derived from the storage system (e.g., if a client-side solution such as go/encryptedfile is used). |
|---|
|
|---|
| primaryForPortability | | $ref | PrivacyDataGovernanceAttributesPrimaryForPortability |
|---|
| description | Annotation of whether his storage object is the primary store for one or more products. This field is optional. |
|---|
|
|---|
| retention | | $ref | PrivacyDataGovernanceAttributesAnnotationsStorageRetention |
|---|
| description | Retention-related properties that are not natively managed by the storage system. This field is optional. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsStorageCustom | | description | Product-specific storage annotations. |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsStorageCustom |
|---|
| properties | | ads | | $ref | PrivacyDataGovernanceAttributesAdsStorage |
|---|
| description | Description of ads-specific information contained by this storage. Per-system details: - Applicable only if the storage is owned by the Ads PA. |
|---|
|
|---|
| residency | | $ref | PrivacyDataGovernanceAttributesResidencyStorage |
|---|
| description | Do not use. |
|---|
|
|---|
| search | | $ref | PrivacyDataGovernanceAttributesSearchStorage |
|---|
| description | Description of search-specific inforation contained by this storage. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAnnotationsStorageRetention | | description | Retention-related properties that are not natively managed by the storage system. |
|---|
| id | PrivacyDataGovernanceAttributesAnnotationsStorageRetention |
|---|
| properties | | exemptReason | | description | Use ExemptReason as a shortcut to map exempt data to an exemption code. See: go/retention-exempt-data-types |
|---|
| enum | - REASON_UNKNOWN
- ANONYMOUS_DATA
- EMPLOYEE_DATA
- INTERNAL_BUSINESS_DATA
- PUBLIC_DATA
- SIMULATED_TEST_DATA
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| planId | | description | ID of a Wipeout Plan (formerly called "Retention Plan"). If 0, no Wipeout Plan is assigned. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| wipeoutProcessor | | description | Build target of the pipeline or service that is responsible for enforcing Wipeout compliance for this storage location. The order of the entries has no meaning. Example: `//ads/ubaq/logs:search-query-wipeout-main` |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAppsCommon | | id | PrivacyDataGovernanceAttributesAppsCommon |
|---|
| properties | | content | | items | | enum | - CONTENT_TYPE_UNKNOWN
- CONTENT_TYPE_OTHER
- CONTENT_EMAIL
|
|---|
| enumDescriptions | - Should not be used.
- Next ID: 3
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| metadata | | items | | enum | - METADATA_TYPE_UNKNOWN
- METADATA_TYPE_OTHER
- METADATA_EMAIL
- GAIA_ID
|
|---|
| enumDescriptions | - Should not be used.
- Next ID: 4
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| resourceLevelScope | | items | | enum | - UNKNOWN_SCOPE
- NON_OLYMPUS_USERS_ONLY
- OLYMPUS_SCOPE_RESOURCE
- OLYMPUS_USERS_RESOURCE
- NON_OLYMPUS_USERS_RESOURCE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| workspaceClass | | items | | $ref | PrivacyDataGovernanceAttributesAppsCommonWorkspaceClass |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAppsCommonWorkspaceClass | | id | PrivacyDataGovernanceAttributesAppsCommonWorkspaceClass |
|---|
| properties | | dataClass | | enum | - DATA_CLASS_UNKNOWN
- DATA_CLASS_PRIMARY_CONTENT
- DATA_CLASS_TRANSFORMED_PRIMARY_CONTENT
- DATA_CLASS_CONTENT_DESCRIPTORS
- DATA_CLASS_TRAFFIC_DATA
- DATA_CLASS_ENTITY_RELATIONSHIPS
- DATA_CLASS_COMPLEX_ADMIN_POLICIES
- DATA_CLASS_COMPLEX_USER_SETTINGS
- DATA_CLASS_METADATA
- DATA_CLASS_INTERACTION_DATA
- DATA_CLASS_IDENTITIES
- DATA_CLASS_NON_IDENTIFIABLE_DERIVED_DATA
- DATA_CLASS_SIMPLE_SETTINGS
- DATA_CLASS_SYSTEM_DATA
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAppsData | | id | PrivacyDataGovernanceAttributesAppsData |
|---|
| properties | | data | | $ref | PrivacyDataGovernanceAttributesAppsDataType |
|---|
| description | Next ID: 3 |
|---|
|
|---|
| product | | items | | enum | - UNKNOWN_APP
- OTHER_APP
- GMAIL
- CALENDAR
- DRIVE
- HANGOUTS_CHAT
- CLOUD_SEARCH
|
|---|
| enumDescriptions | - Should not be used.
- Next ID: 7
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAppsDataType | | id | PrivacyDataGovernanceAttributesAppsDataType |
|---|
| properties | | appsCommon | | $ref | PrivacyDataGovernanceAttributesAppsCommon |
|---|
|
|---|
| gmail | | $ref | PrivacyDataGovernanceAttributesGmail |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAssurantData | | id | PrivacyDataGovernanceAttributesAssurantData |
|---|
| properties | | customerTenancy | | items | | $ref | PrivacyDataGovernanceAttributesAssurantDataCustomerTenancy |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAssurantDataCustomerTenancy | | description | Assurant.Data.CustomerTenancy, when annotated on a PO, says: "Assurant customer's data are tenants within this production object." Next ID: 5. |
|---|
| id | PrivacyDataGovernanceAttributesAssurantDataCustomerTenancy |
|---|
| properties | | context | | description | Semantic context of customer data that are tenants within this production object for the specified product. |
|---|
| enum | - CONTEXT_UNDEFINED
- CONTEXT_OTHER
- CONTEXT_METADATA
- CONTEXT_CONTENT
- CONTEXT_CORE_CONTENT
- CONTEXT_SECURITY_CONFIGURATION
- CONTEXT_CONFIGURATION
- CONTEXT_ATTRIBUTE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| encryption | | $ref | PrivacyDataGovernanceAttributesEncryptionProperties |
|---|
| description | Encryption properties of the customer data that are tenants within this production object for the specified product. |
|---|
|
|---|
| product | | description | Product through which Assurant customers became tenants within the annotated production object. For example, if: product = PRODUCT_CLOUD_STORAGE Then, through the use of GCS, Assurant customer data have become tenants within this production object. |
|---|
| enum | - PRODUCT_NONE
- PRODUCT_CLOUD_STORAGE
- PRODUCT_COMPUTE_ENGINE
- PRODUCT_GOOGLE_KUBERNETES_ENGINE
- PRODUCT_INSTANCE_MANAGER
- PRODUCT_RESOURCE_MANAGER
- PRODUCT_CLOUD_KEY_MANAGEMENT_SERVICE
- PRODUCT_PERSISTENT_DISK
- PRODUCT_CLOUD_DATAPROC
- PRODUCT_CLOUD_DATAFLOW
- PRODUCT_CLOUD_HSM
- PRODUCT_BIGQUERY
- PRODUCT_CLOUD_EKM
- PRODUCT_CLOUD_IDENTITY_AND_ACCESS_MANAGEMENT
- PRODUCT_VPC_ACCESS
- PRODUCT_VPC_VIRTNET
- PRODUCT_AI_PLATFORM
- PRODUCT_CLOUD_SPEECH_TO_TEXT
- PRODUCT_SECRET_MANAGER
- PRODUCT_CLOUD_LOGGING
- PRODUCT_SPEAKER_ID
- PRODUCT_DOCUMENT_AI
- PRODUCT_CLOUD_HEALTHCARE_API
- PRODUCT_CLOUD_BIGTABLE
- PRODUCT_CLOUD_SPANNER
- PRODUCT_CLOUD_DLP
- PRODUCT_ARTIFACT_REGISTRY
- PRODUCT_CLOUD_SQL
- PRODUCT_CLOUD_TRANSLATION
- PRODUCT_CCAI_ASSIST_AND_KNOWLEDGE
- PRODUCT_EVENTARC
- PRODUCT_ASSURANT_AAC_EXAMPLES
- PRODUCT_DIALOGFLOW_CX
- PRODUCT_INTEGRATION_PLATFORM
- PRODUCT_FINANCIAL_SERVICES
- PRODUCT_CLOUD_TEXT_TO_SPEECH
- PRODUCT_CLOUD_RUN
- PRODUCT_CLOUD_FIRESTORE
- PRODUCT_DATAPROC_METASTORE
- PRODUCT_CLOUD_PUBSUB
- PRODUCT_CLOUD_VISION
- PRODUCT_CLOUD_DATA_FUSION
- PRODUCT_DATA_CATALOG
- PRODUCT_FILESTORE
|
|---|
| enumDescriptions | - Deprecated, please use PRODUCT_COMPUTE_ENGINE.
- Deprecated (out of scope).
- Deprecated (out of scope).
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAudioData | | id | PrivacyDataGovernanceAttributesAudioData |
|---|
| properties | | audioCategory | | $ref | PrivacyDataGovernanceAttributesAudioDataAudioCategory |
|---|
|
|---|
| identifiesSensitivePersonalCharacteristics | | description | Expresses if any speech recordings contain content/ conversations about GDPR-specific categories of data such as like racial or ethnic origin, religious beliefs, sexual orientation, etc. Examples: recordings containing speech of people talking with their therapists, or discussing sensitive topics with friends such as their health conditions, sexual preferences, or talking to researchers about their experiences being a racial or ethnic minority. For health, financial, biometrics, children, and location data, use the existing canonical classification for [Sensitive Categories](http://go/dg-classification:categories). |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| isCopy | | description | Denotes if a dataset or data store is or contains copies of Audio Data. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAudioDataAudioCategory | | description | Categorizes Audio datasets and data stores at a granular level to match the definitions of audio data Categories outlined in go/audiopolicy. Next ID: 7 |
|---|
| id | PrivacyDataGovernanceAttributesAudioDataAudioCategory |
|---|
| properties | | audioAcquired | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| enterpriseAudio | | $ref | PrivacyDataGovernanceAttributesAudioDataAudioCategoryEnterpriseAudio |
|---|
|
|---|
| publicAudio | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| syntheticAudio | | $ref | PrivacyDataGovernanceAttributesAudioDataAudioCategorySyntheticAudio |
|---|
|
|---|
| userAudio | | $ref | PrivacyDataGovernanceAttributesAudioDataAudioCategoryUserAudio |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAudioDataAudioCategoryEnterpriseAudio | | id | PrivacyDataGovernanceAttributesAudioDataAudioCategoryEnterpriseAudio |
|---|
| properties | | donated | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| nonDonated | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAudioDataAudioCategorySyntheticAudio | | id | PrivacyDataGovernanceAttributesAudioDataAudioCategorySyntheticAudio |
|---|
| properties | | limitedUse | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| preApproved | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAudioDataAudioCategoryUserAudio | | id | PrivacyDataGovernanceAttributesAudioDataAudioCategoryUserAudio |
|---|
| properties | | privateDonated | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| privateNonDonated | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| publicAudio | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesAudioProcess | | id | PrivacyDataGovernanceAttributesAudioProcess |
|---|
| properties | | processingPurpose | | description | The reason for processing audio. |
|---|
| items | | enum | - UNKNOWN
- SOUND_SEARCH
- TEXT_TO_SPEECH
- AUTOMATIC_SPEECH_RECOGNITION
- VOICE_MATCH_PERSONALIZATION
|
|---|
| enumDescriptions | - LINT.IfChange Audio processing used for song identification.
- Audio processing used for text-to-speech synthesis.
- Audio processing used for transforming sound to text.
- Audio processing used for creating personalization models based on a user's voice. LINT.ThenChange(//depot/google3/speech/congee/configs/data_inventory/generic_datasets.textproto:unrestricted-all-access-usage-purpose)
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesClassificationCategory | | description | The sensitivity categories classify assets with particularly sensitive information (see go/dg-sensitive-categories for more information). Next ID: 16 LINT.IfChange |
|---|
| id | PrivacyDataGovernanceAttributesClassificationCategory |
|---|
| properties | | audioData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| biometric | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| childrenData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| childrenProduct | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| consumerHealthAndFitness | | enum | - CONSUMER_HEALTH_AND_FITNESS_TYPE_UNDEFINED
- CHF_PROTECTED_HEALTH_INFORMATION
- CHF_NON_PROTECTED_HEALTH_INFORMATION
- CHF_ENTERPRISE
- CHF_RESEARCH
- CHF_ACHF
- CHF_ACHF_MBD_HFALD
- CHF_ACHF_NON_MBD_HFALD
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| employee | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| financial | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| geoLocation | | $ref | PrivacyDataGovernanceAttributesClassificationCategoryGeoLocation |
|---|
|
|---|
| hasXfood | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| health | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| hipaa | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| location | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| minorsData | | $ref | PrivacyDataGovernanceAttributesClassificationCategoryMinorData |
|---|
|
|---|
| paymentInstrument | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| publicUserData | | items | | enum | - PUBLIC_USER_DATA_UNDEFINED
- NOT_PUBLIC_USER_DATA
- PUBLIC_USER_DATA
- SEPARATED_PUBLIC_USER_DATA
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesClassificationCategoryChildrenCategory | | id | PrivacyDataGovernanceAttributesClassificationCategoryChildrenCategory |
|---|
| properties | | childrenData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| eduChildrenData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| griffinsData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| unicornsData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesClassificationCategoryGeoLocation | | description | Description of the geo-locations that could be present in the data. |
|---|
| id | PrivacyDataGovernanceAttributesClassificationCategoryGeoLocation |
|---|
| properties | | coarse | | enum | - COARSE_UNDEFINED
- NOT_COARSE
- COARSE_AT_1_PLUS_1_LEVEL
- COARSE_AT_3_PLUS_1_LEVEL
- COARSE_AT_COUNTRY_LEVEL
- COARSE_OTHER
|
|---|
| enumDescriptions | - COARSE_OTHER is to be used if none of the other enum values are a match. Please contact ppi-pattributes@ if you want to use this.
|
|---|
| type | string |
|---|
|
|---|
| locationType | | enum | - LOCATION_UNDEFINED
- USER_LOCATION
- USER_DIRECT_LOCATION
- USER_INDIRECT_LOCATION
- USER_CONTEXTUAL_LOCATION
- NOT_A_USER_LOCATION
- LOCATION_OTHER
|
|---|
| enumDescriptions | - LOCATION_OTHER is to be used if none of the other enum values are a match. Please contact ppi-pattributes@ if you want to use this.
|
|---|
| type | string |
|---|
|
|---|
| traces | | enum | - TRACES_UNDEFINED
- CONTAIN_MULTIPLE_LOCATIONS
- ONLY_SINGLE_LOCATION
- TRACES_OTHER
|
|---|
| enumDescriptions | - TRACES_OTHER is to be used if none of the other enum values are a match. Please contact ppi-pattributes@ if you want to use this.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesClassificationCategoryMinorData | | id | PrivacyDataGovernanceAttributesClassificationCategoryMinorData |
|---|
| properties | | childrenCategory | | $ref | PrivacyDataGovernanceAttributesClassificationCategoryChildrenCategory |
|---|
|
|---|
| teensCategory | | $ref | PrivacyDataGovernanceAttributesClassificationCategoryTeensCategory |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesClassificationCategoryTeensCategory | | id | PrivacyDataGovernanceAttributesClassificationCategoryTeensCategory |
|---|
| properties | | teensData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesDataProductAssociation | | description | Describes the product or products data originates from or can be used as-if it were origintating from. See go/dma52-graph-attributes for details. Next id: 3 |
|---|
| id | PrivacyDataGovernanceAttributesDataProductAssociation |
|---|
| properties | | anyProduct | | $ref | PrivacyDataGovernanceAttributesDataProductAssociationAnyProduct |
|---|
|
|---|
| products | | $ref | PrivacyDataGovernanceAttributesDataProductAssociationProducts |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesDataProductAssociationAnyProduct | | description | The dataset contains data from several products, but the full list is not specified. Strongly prefer to use 'Product' above. Interacting with a dataset marked AnyProduct requires the use of infrastructure that correctly validates all possible cross-product data sharing requirements. |
|---|
| id | PrivacyDataGovernanceAttributesDataProductAssociationAnyProduct |
|---|
| properties | | dummyFieldDoNotUse | | description | go/aditum has workflows exporting DGA to BigQuery. BQ doesn't support empty protos. Remove when b/204343694 is resolved (Expected H2'23). |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesDataProductAssociationProducts | | description | The dataset contains data from the products listed in `product_id`. |
|---|
| id | PrivacyDataGovernanceAttributesDataProductAssociationProducts |
|---|
| properties | | productId | | description | `product_id` is a stable product identifier as defined in go/dma-stable-ids. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesEncryptionKeyProperties | | description | Annotations that are specific to encryption key properties. See go/dg-classification:custom-encryption-key-properties for details. |
|---|
| id | PrivacyDataGovernanceAttributesEncryptionKeyProperties |
|---|
| properties | | protectedData | | $ref | PrivacyDataGovernanceAttributesEncryptionKeyPropertiesProtectedData |
|---|
| description | Describes the data that are protected by the encryption key. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesEncryptionKeyPropertiesProtectedData | | id | PrivacyDataGovernanceAttributesEncryptionKeyPropertiesProtectedData |
|---|
| properties | | semanticContext | | description | Describes how the data protected by the encryption key is used and seen in a project or product. If this annotation covers multiple contexts, this field should be set to the most sensitive semantic context value among them. The context categories from least to most sensitive are: `CONTEXT_METADATA` < `CONTEXT_ATTRIBUTE` < `CONTEXT_CONFIGURATION` < `CONTEXT_SECURITY_CONFIGURATION` < `CONTEXT_CORE_CONTENT` < `CONTEXT_CONTENT` See: go/dg-classification:semantic-context |
|---|
| enum | - CONTEXT_UNDEFINED
- CONTEXT_OTHER
- CONTEXT_METADATA
- CONTEXT_CONTENT
- CONTEXT_CORE_CONTENT
- CONTEXT_SECURITY_CONFIGURATION
- CONTEXT_CONFIGURATION
- CONTEXT_ATTRIBUTE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| source | | description | Describes who or what created or provided the data protected by the encryption key. It does not describe the data content. The order of the entries has no meaning. If more than one value is in the list, it means that the data is coming from at least one of the sources listed in here. For example: An encryption key protects user generated data as well as Google generated test data. In this case, the DG Annotations will be: ``` data { source: [SOURCE_USER, SOURCE_GENERATED_TEST] } ``` This means the data is a mix of production data (`SOURCE_USER`) and test data (`SOURCE_GENERATED_TEST`) which are the additional data created. See: go/dg-classification:source |
|---|
| items | | enum | - SOURCE_UNDEFINED
- SOURCE_OTHER
- SOURCE_GOOGLE
- SOURCE_OTHER_BETS
- SOURCE_GENERATED_TEST
- SOURCE_USER
- SOURCE_END_USER
- SOURCE_CUSTOMER
- SOURCE_CUSTOMER_OF_CUSTOMER
- SOURCE_ENTERPRISE_CUSTOMER
- SOURCE_PUBLIC
- SOURCE_THIRD_PARTY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesEncryptionProperties | | description | Structure to define encryption properties and status. |
|---|
| id | PrivacyDataGovernanceAttributesEncryptionProperties |
|---|
| properties | | status | | enum | - ENCRYPTION_STATUS_UNSPECIFIED
- NOT_ENCRYPTED
- PARTIALLY_ENCRYPTED
- ENCRYPTED
|
|---|
| enumDescriptions | - None of the data is encrypted.
- Some of the data is encrypted (e.g., specific columns/rows in a table).
- All of the data is encrypted.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesEssentialOnlyModeData | | id | PrivacyDataGovernanceAttributesEssentialOnlyModeData |
|---|
| properties | | usagePurposes | | items | | enum | - USAGE_PURPOSE_UNSPECIFIED
- USAGE_PURPOSE_PRODUCT_SERVICE_IMPROVEMENT
- USAGE_PURPOSE_PROVISION_OF_SERVICE
- USAGE_PURPOSE_PREVENT_FRAUD_AND_ABUSE
- USAGE_PURPOSE_ADDRESS_SECURITY_ISSUES
- USAGE_PURPOSE_PROTECT_AGAINST_HARM
- USAGE_PURPOSE_LEGAL_AND_ETHICAL_OBLIGATION
- USAGE_PURPOSE_PERSONALIZE_RECOMMENDATIONS_OR_CONTENT
- USAGE_PURPOSE_PERSONALIZE_DIRECT_MARKETING
- USAGE_PURPOSE_ADVERTISING
|
|---|
| enumDescriptions | - Should never actually be set, anywhere.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesEssentialOnlyModeProcess | | id | PrivacyDataGovernanceAttributesEssentialOnlyModeProcess |
|---|
| properties | | usagePurposes | | items | | enum | - USAGE_PURPOSE_UNSPECIFIED
- USAGE_PURPOSE_PRODUCT_SERVICE_IMPROVEMENT
- USAGE_PURPOSE_PROVISION_OF_SERVICE
- USAGE_PURPOSE_PREVENT_FRAUD_AND_ABUSE
- USAGE_PURPOSE_ADDRESS_SECURITY_ISSUES
- USAGE_PURPOSE_PROTECT_AGAINST_HARM
- USAGE_PURPOSE_LEGAL_AND_ETHICAL_OBLIGATION
- USAGE_PURPOSE_PERSONALIZE_RECOMMENDATIONS_OR_CONTENT
- USAGE_PURPOSE_PERSONALIZE_DIRECT_MARKETING
- USAGE_PURPOSE_ADVERTISING
|
|---|
| enumDescriptions | - Should never actually be set, anywhere.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesExperimentalData | | id | PrivacyDataGovernanceAttributesExperimentalData |
|---|
| properties | | dataCopy | | enum | - DATA_COPY_UNDEFINED
- DATA_COPY_DISALLOWED
- DATA_COPY_DISALLOWED_ON_PII
- DATA_COPY_DISALLOWED_ON_PII_WITHOUT_TTL
|
|---|
| enumDescriptions | - Data (table) not copyable.
- PII fields in data (table) not copyable.
- PII fields in data (table) not copyable unless copy has a short TTL.
|
|---|
| type | string |
|---|
|
|---|
| datasetTag | | enum | - UNKNOWN_DATASET
- OTHER_DATASET
- HULK
- OOLONG
|
|---|
| enumDescriptions | - Using OTHER_DATASET will trigger a review by a DG team member and it means that DG needs to create a new Dataset tag.
- Any data belonging to HULK.
- Any data belonging to OOLONG.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesFaceAuthenticationData | | id | PrivacyDataGovernanceAttributesFaceAuthenticationData |
|---|
| properties | | faceData | | description | For anything that directly contains imagery of faces. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| faceDerivedData | | description | For anything containing data derived from face imagery. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesGeoData | | id | PrivacyDataGovernanceAttributesGeoData |
|---|
| properties | | dataCategory | | $ref | PrivacyDataGovernanceAttributesGeoDataDataCategory |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesGeoDataDataCategory | | id | PrivacyDataGovernanceAttributesGeoDataDataCategory |
|---|
| properties | | userQuery | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesGmail | | id | PrivacyDataGovernanceAttributesGmail |
|---|
| properties | | content | | items | | enum | - CONTENT_TYPE_UNKNOWN
- CONTENT_TYPE_OTHER
- HISTORY_RECORD
- LABEL
- MESSAGE
- FILTER
- ATTACHMENT
- THREAD
|
|---|
| enumDescriptions | - Should not be used.
- Next ID: 8
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| metadata | | items | | enum | - METADATA_TYPE_UNKNOWN
- METADATA_TYPE_OTHER
- HISTORY_ID
- LABEL_ID
- MESSAGE_ID
- FILTER_ID
- ATTACHMENT_ID
- THREAD_ID
|
|---|
| enumDescriptions | - Should not be used.
- Next ID: 8
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesLocation | | description | Location information of production objects. The type of location represented depends on the field having this message as type. If used to specify an allowed/intended location, the effective location is the intersection of all fields. DEPRECATED: Do not use. |
|---|
| id | PrivacyDataGovernanceAttributesLocation |
|---|
| properties | | cloudRegion | | description | Cloud region-level location info (e.g., "us-west1"). See go/cloud-locale-definitions for additional information. |
|---|
| type | string |
|---|
|
|---|
| cloudZone | | description | Cloud zone-level location info (e.g., "us-west1-a"). See go/cloud-locale-definitions for additional information. |
|---|
| type | string |
|---|
|
|---|
| cluster | | description | Cluster-level location info (e.g., "iv", "iv-proxy"). |
|---|
| type | string |
|---|
|
|---|
| iso3166Region | | description | Country-level location info. It is represented as two character upper-case ISO 3166-1 Alpha-2 region code (e.g., "US", "CH"). |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesMedicalData | | id | PrivacyDataGovernanceAttributesMedicalData |
|---|
| properties | | sandbox | | $ref | PrivacyDataGovernanceAttributesMedicalSandbox |
|---|
| description | DEPRECATED Use Shield sandbox instead (go/da-shield); |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesMedicalSandbox | | description | Data specific to go/medical-sandbox storage and processing. |
|---|
| id | PrivacyDataGovernanceAttributesMedicalSandbox |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesMlModelData | | id | PrivacyDataGovernanceAttributesMlModelData |
|---|
| properties | | donated | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| modelAnonymization | | enum | - UNDEFINED_MODEL_ANONYMIZATION
- MODEL_NOT_ANONYMOUS
- MODEL_ANONYMOUS
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| modelArchitectures | | items | | enum | - MODEL_ARCH_UNDEFINED
- MODEL_ARCH_TRADITIONAL
- MODEL_ARCH_NEURAL_NETWORK
- MODEL_ARCH_GENERATIVE
- MODEL_ARCH_OTHER
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| modelDeployment | | enum | - MODEL_DEPLOYMENT_UNDEFINED
- MODEL_DEPLOYMENT_INTERNAL
- MODEL_DEPLOYMENT_USER_FACING_SERVER_SIDE
- MODEL_DEPLOYMENT_ON_DEVICE
- MODEL_DEPLOYMENT_EXTERNAL
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| modelPersonalization | | enum | - MODEL_PERSONALIZATION_UNDEFINED
- MODEL_PERSONALIZATION_NONE
- MODEL_PERSONALIZATION_GROUP
- MODEL_PERSONALIZATION_USER
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| study | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| synthesis | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPaymentsData | | id | PrivacyDataGovernanceAttributesPaymentsData |
|---|
| properties | | dataType | | items | | enum | - DT_UNKNOWN
- DT_PAYMENTS_RISK_DATA
- DT_PAYMENTS_SUPERCLASS_PROFILE
- DT_PAYMENTS_SUPERCLASS_TRANSACTION
- DT_PAYMENTS_SUPERCLASS_USER_ACTIVITY
- DT_PAYMENTS_SPII
- DT_PAYMENTS_EPHEMERAL
- DT_OTHER
|
|---|
| enumDescriptions | - Do not use. Catch all payments classification.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| environment | | enum | - UNKNOWN_ENV
- PRODUCTION_ENV
- SHADOW_ENV
- TESTING_ENV
- DEVELOPMENT_ENV
|
|---|
| enumDescriptions | - The default value for unclassified objects. Do not use.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPhotosData | | id | PrivacyDataGovernanceAttributesPhotosData |
|---|
| properties | | benchmarks | | $ref | PrivacyDataGovernanceAttributesPhotosDataBenchmarks |
|---|
|
|---|
| dataContents | | $ref | PrivacyDataGovernanceAttributesPhotosDataDataContents |
|---|
|
|---|
| mediaType | | enum | - MEDIA_TYPE_UNSET
- MEDIA_TYPE_CONTENT
- MEDIA_TYPE_ATTRIBUTES
- MEDIA_TYPE_DERIVED_ATTRIBUTES
- MEDIA_TYPE_NONE
|
|---|
| enumDescriptions | - The default value for unclassified objects.
|
|---|
| type | string |
|---|
|
|---|
| mediaTypes | | items | | enum | - MEDIA_TYPE_UNSET
- MEDIA_TYPE_CONTENT
- MEDIA_TYPE_ATTRIBUTES
- MEDIA_TYPE_DERIVED_ATTRIBUTES
- MEDIA_TYPE_NONE
|
|---|
| enumDescriptions | - The default value for unclassified objects.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPhotosDataBenchmarks | | description | Photos Benchmarks annotation. The Benchmarks annotation message applies to objects associated with Photos Benchmarks. These production objects are typically small, short-lived copies of Photos data that is used for model development and research. You should also set the classification.Identifiability enum to describe properties relevant to the object retention policy: A. classification.Identifiability.IDENTIFIABILITY_IDENTIFIABLE: Should be set for potentially identifiable derived Benchmark's data. B. classification.Identifiability.IDENTIFIABILITY_ANONYMOUS: Should be set for non-PII metrics derived Benchmark's data. Whether a piece of data is non-PII is determined by Photos PWG. |
|---|
| id | PrivacyDataGovernanceAttributesPhotosDataBenchmarks |
|---|
| properties | | benchmarks | | description | Data associated with the Photos Benchmark's program. These production objects are typically small, short-lived copies of Photos data that is used for model development and research. Objects that contain any data associated with the Benchmarks program should set this field to YES. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| donated | | enum | - UNDEFINED
- DONATED_YES
- DONATED_NO
- DONATED_MIXED
|
|---|
| enumDescriptions | - Undefined is equivalent to not set.
- The object contains exclusively donated data.
- The object does not contain any donated data.
- The object contains a combination of donated and non-donated data. In practice, each storage object should contain exclusively donated or non-donated data. Aggregate objects, like a higher level CNS directory, might contain both donated and non-donated lower level objects. These higher level entities should use the MIXED classification.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPhotosDataDataContents | | description | The Google Photos data content classification for specialized types. The fields in this message are independent, each should be set to YES if the specific classification applies to any data contained within the object and NO if it does not. Next ID: 5 |
|---|
| id | PrivacyDataGovernanceAttributesPhotosDataDataContents |
|---|
| properties | | derivedResourceData | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| faceContents | | $ref | PrivacyDataGovernanceAttributesPhotosDataDataContentsFaceRelatedContents |
|---|
|
|---|
| locationContents | | $ref | PrivacyDataGovernanceAttributesPhotosDataDataContentsLocationRelatedContents |
|---|
|
|---|
| sharingOrOwnershipState | | description | Data related to sharing, ownership, or access status. Objects containing product state (e.g. spanner columns, etc.) that control sharing, ownership, or access to other user media should set this field to YES. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPhotosDataDataContentsFaceRelatedContents | | description | Face related data. Face detection and clustering related, face attributes (e.g. eyes closed, etc.), facial templates, further derived fields like face cluster ID. Next ID: 5 |
|---|
| id | PrivacyDataGovernanceAttributesPhotosDataDataContentsFaceRelatedContents |
|---|
| properties | | faceLandmark | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| faceRelated | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| faceTemplate | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| furtherDerivedFields | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPhotosDataDataContentsLocationRelatedContents | | description | Media location related contents. Media location describes where the photo or video was captured by a separate app or camera. This makes it different from other types of user location that are recorded directly by the Photos app. See: go/dg-classification:geo_location for how to annotate other types of user location. Next ID: 3 |
|---|
| id | PrivacyDataGovernanceAttributesPhotosDataDataContentsLocationRelatedContents |
|---|
| properties | | mediaLocation | | description | Media location data. Location data contained in or derived from media (e.g. GPS coordinates recorded by a camera, inferred from location history, entered by the user, or from a ML model). The MEDIA_TYPE_ATTRIBUTES and MEDIA_TYPE_DERIVED_ATTRIBUTES enums may be used to distinguish camera recorded vs. inferred cases. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| mediaLocationCoarse | | description | Coarseness or precision level of the media location data. See: go/dg-classification:geo_location. |
|---|
| enum | - COARSE_UNDEFINED
- NOT_COARSE
- COARSE_AT_1_PLUS_1_LEVEL
- COARSE_AT_3_PLUS_1_LEVEL
- COARSE_AT_COUNTRY_LEVEL
- COARSE_OTHER
|
|---|
| enumDescriptions | - COARSE_OTHER is to be used if none of the other enum values are a match. Please contact ppi-pattributes@ if you want to use this.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesPrimaryForPortability | | id | PrivacyDataGovernanceAttributesPrimaryForPortability |
|---|
| properties | | isPrimaryForTgId | | additionalProperties | | enum | - PRIMARY_FOR_PORTABILITY_UNDEFINED
- PRIMARY_FOR_PORTABILITY_YES
- PRIMARY_FOR_PORTABILITY_NO
|
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesProcessingPurpose | | description | Description of the purpose or purposes for which processing is happening. See go/classification:processing-purpose for more details. Per-system details: - Applicable only for processes. |
|---|
| id | PrivacyDataGovernanceAttributesProcessingPurpose |
|---|
| properties | | adsProcessingPurpose | | description | Used to describe fine-grained processing purposes when Purpose.ADS_RELATED_PROVISION_OF_SERVICE is used. Note: Please reach out Ads PWG and Ads Privacy team(sapt@) before annotating new use cases with this field. |
|---|
| items | | enum | - DATA_USAGE_NONE
- DATA_USAGE_TARGETING
- DATA_USAGE_NEGATIVE_AD_SELECTION_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_LOGGING
- DATA_USAGE_GENERATE_PREDICTION_QEM
- DATA_USAGE_GENERATE_PREDICTION_QEM_WITH_CARVEOUT_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_LOGGING_FOR_TARGETING
- DATA_USAGE_PRIVACY_CONTROL_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_AD_EXCHANGE
- DATA_USAGE_ADSPAM
- DATA_USAGE_READ_FOR_KANSAS_WRITE
- DATA_USAGE_MEASUREMENT_EXTERNAL
- DATA_USAGE_MEASUREMENT
- DATA_USAGE_EXPERIMENTS
- DATA_USAGE_AGGREGATE_SERVER_METRICS
- DATA_USAGE_CHECK_COOKIE_LINKAGE_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_COOKIE_MATCHING
- DATA_USAGE_CLICK_URL_CUSTOMIZATION
- DATA_USAGE_ADX_TARGETING_IN_SUPERMIXER
- DATA_USAGE_TRIGGER_ELIGIBLE_COOKIE_LINK_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_SHARE_EXTERNALLY
- DATA_USAGE_CROSS_DOMAIN_SEQUENCING_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_PUBLISHER_DATA_PREDICTION_PROCESSING_AND_SHARING
- DATA_USAGE_UI_CUSTOMIZATION
- DATA_USAGE_POLICY_CONTROL_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_COUNTERFACTUAL_EXPERIMENT
- DATA_USAGE_FILL_CLICK_URL_DATA_NEEDS_PRIVACY_APPROVAL_DEPRECATED
- DATA_USAGE_MUTES
- DATA_USAGE_READ_LOC_CONTEXT_FOR_GEO_LOC_DATA_PROTO_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_READ_FROM_CACHE_NEEDS_PRIVACY_APPROVAL
- DATA_USAGE_VIDEO_ADS_SEQUENCING
|
|---|
| enumDescriptions | - Selecting/filtering ads. All typical usages of data within a targeting server (positive/negative targeting, filtering, etc) can be represented using this value. There are only a few exceptions in targeting servers that should use DATA_USAGE_NEGATIVE_AD_SELECTION_NEEDS_PRIVACY_APPROVAL instead. See DATA_USAGE_GENERATE_PREDICTION_QEM for a special case of targeting.
- This is a subclass of targeting that refers to usages of user data that limit the number of times a certain ad is shown. The primary example for this is frequency capping, but other features (for example, app-install based filtering) may also qualify. For some profiles (impression history in particular), this usage has privacy carveouts to be allowed for targeting-restricted requests. For mute ads and advertisers mutes, please use DATA_USAGE_MUTES instead. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/SAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR THIS USAGE!
- Logging to sawmill logs (not task logs). Note that the policy for DATA_USAGE_LOGGING is implemented as a subset of privacy-allowable policy to support quality considerations, as models train off of logs and want to avoid logging data that can't be used for targeting (which causes training/prediction skew).
- Usage of user data for creation of prediction QEMs. Do not use this for general targeting. This usage is only for creating prediction (mini-)QEMs.
- A special version of the GENERATE_PREDICTION_QEM that is eligible to include user data with privacy carveouts under the condition that the prediction models do not cross any such carveout data with interest categories. This allows, e.g., frequency capping profiles to be used as per-ad-candidate prediction signals on privacy sensitive requests. NOTE: As of 2021`Q2 this usage is confined only to Gmob mixer and only supports legacy cases. PLEASE DO NOT ADD NEW USE CASES; if there are really new use cases that fit this carveout, they should be incorporated into enforcement detailed in go/daml-privacy-enforcement-design, not blithely promised by the accessing client via this usage.
- Refers to usages of user data where logging happens specifically for targeting. For example, impression history is generally allowed to be logged (for fcap), but there are products such as ads reach which log impression history only to build targeting models, which should not receive carveouts for privacy sensitive requests. Accordingly, we map this use case to a more strict subset of generic logging.
- Usage of user data for enforcement of privacy logic or privacy risk mitigations, e.g., fetching of privacy risk metrics by AdX for reidentification mitigation. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/DAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Sending the user profiles to AdX RTBs.
- Used for serving or offline jobs for detecting spam.
- Refers to using user data in order to create data that will be written to Kansas.
- Refers to usages of user data that enable measurent for publisher, advertisers, or any other external entities. For example, if the data is used to create pixels meant to be used by external companies, you should use DATA_USAGE_MEASUREMENT_EXTERNAL.
- Refers to using user data for measurement, e.g., conversion tracking, internal/external aggregate ads reporting, internal analysis etc. This is meant for measurement done by Google (i.e. internal). For measurement that involves individual user data (not aggregate metrics) sharing with external entities, please use DATA_USAGE_MEASUREMENT_EXTERNAL.
- Refers to using user data for experiment conditions. In particular, setting request properties.
- This is a special usage that refers to accessing user profiles in order to update varzs and streamzs that store aggregate information about the user profiles loaded (e.g., number of user profiles for the request). Do not use this for storing aggregate data in Kansas or logs.
- Refers to the usage of user data to determine whether or not a user has links on Mobius/Constellation/AdX Hosted Match, etc, for ephemeral, not-privacy related purposes. DO NOT USE THIS VALUE IF YOU USE THE COOKIE LINK STATUS TO MAKE PRIVACY RELATED DECISIONS! USE THIS VALUE ONLY TO CHECK FOR THE PRESENCE OF LINKS, NOT TO ACCESS ANY TARGET COOKIE. FOR ACCESS TO THE LINK TARGET, USE THE ACTUAL INTENDED USAGE INSTEAD, e.g. DATA_USAGE_TARGETING. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/DAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Refers to usages of user data for initiating cookie matching. For example, using hosted match data to initiate push cookie matching.
- Refers to usages of user data for customizing the click URL. For example, using app install data to change the click URL depending on whether the promoted app is installed.
- AdX must not use user profiles in GAIA profile space which will generally be enforced by UDA execution context. We have some AdX specific UDA usages in supermixer that would get access to GAIA profiles because they are executed within Supermixer's ExecutionContext. To prevent access to GAIA profiles in these cases, we added DATA_USAGE_ADX_TARGETING_IN_SUPERMIXER with accordingly defined privacy policy rules. THIS IS SOMEWHAT HACKY so please don't copy this pattern elsewhere. DO NOT INTRODUCE ANY NEW USAGES OF THIS VALUE. Instead, all AdX specific code should be moved to AdX servers.
- Refers to the usage of user data to determine whether or not app cookie ( Device ID) can link to mobile web cookie(mobile browser DBL cookie), and trigger the actual linking if eligible. See go/mobius-impression-time-linking for more details. DISTIGUISH THIS WITH DATA_USAGE_CHECK_COOKIE_LINKAGE_NEEDS_PRIVACY_APPROVAL WHICH IS FOR CHECKING THE PRESENCE OF LINKS. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/DAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Refers to usages of user data that are getting sent to external companies. Note that this usage does not allow data to be shared with bidders.
- This refers to usages of user data for ad sequencing, on the same site or across domains. Examples include ad rule and sequential rotation. Viral uses it for Video ad sequencing (go/videoads-sequence). Ad sequencing is similar to frequency capping/negative ad selection, except that there is a larger targeting/business motivation. Accordingly, some (but not all) carvouts for frequency capping apply also to ad sequencing. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/DAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Refers to the processing of publisher-related user data by ML prediction and sharing the results with publishers for their benefit (not necessarily ads personalization). This is used for Subscription Optimization. For example, reading the propensity score of a user to subscribe to a publication, and sending it to the external publisher. For more information, please see go/sos-ml2 and go/subopt-ga-dd.
- Refers to usages of user data as an information provider. Data with this usage will not be used for ads personalization. For example, using cart data to calculate the quantity of cart items and display it in frontend.
- Refers to usages of user data for enforcement of policy control logic. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/SAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Refers to pass-through of user data for counterfactual experiment requests, in particular raw kansas lookup data. Notice: this should only be used in combination with proper fine-grained DATA_USAGE enforcement when the pass-through data is subsequently consumed in the mixer.
- Refers to usage of data to populate a clickstring sent to event servers. Privacy checks at event time must ensure this data is safely used. PLEASE NOTE THAT POLICY IS ONLY IMPLEMENTED FOR PSEUDONYMOUS IDENTIFIERS. DO NOT USE THIS USAGE UNLESS YOU HAVE EXPLICITLY CONFIRMED THAT THE POLICY EXISTS FOR YOUR PROFILE (PROBABALY BY TALKING TO SAPT). THIS USAGE IS DEPRECATED; PLEASE DO NOT ADD NEW USE CASES WITHOUT CONSULTING SAPT.
- Refers to usage of user data to mute ads and advertisers as a result of user action (e.g., through mute this ad or on Ads Settings).
- Refers to usage of data to populate GeoLocationData, which will be consumed to construct GeoDataAccessor inside Supermixer. The data comes from LES response. Please check go/les-response-paperplane for more details. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/SAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Refers to reading user data from a cache, where the cache was populated with either the original or derived user data that had already passed the privacy checks for the original intended data usage. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/SAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
- Refers to usage of user data for video ads sequencing. Refer to go/videoads-sequence for details. DO NOT USE THIS VALUE UNLESS YOU HAVE GONE THROUGH A PRIVACY REVIEW AND PRIVACY/DAPT HAVE EXPLICITLY CONFIRMED THAT YOUR USAGE MEETS THE CRITERIA FOR PRIVACY CARVE OUT.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| crossProductProcessing | | description | Indicates whether the data being processed was acquired by a product other than the one doing the processing. This field acts as a modifier for the list of purposes below, and it is necessary to set this field at the same time you set the purpose. For example, a job in Flights that accesses Gmail data to create a trip on behalf of the user, would set this to `YES`. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| purpose | | description | The actual purpose(s) for which processing is happening. |
|---|
| enum | - PROCESSING_PURPOSE_UNSPECIFIED
- PROVISION_OF_SERVICE
- ADS_RELATED_PROVISION_OF_SERVICE
- PRODUCT_PERSONALIZATION
- REVENUE_GENERATION
- USER_SUPPORT
- VERIFICATION_TESTING_VALIDATION
- DEBUGGING_AND_MONITORING
- INFRASTRUCTURE_METRICS
- BUSINESS_ANALYSIS
- MARKET_RESEARCH
- RESEARCH_EXPERIMENTATION
- TRUST_SAFETY
- COMPLIANCE_LEGAL_SUPPORT
|
|---|
| enumDescriptions | - The processing purpose is unset
- Data is being processed as part of normal provision of service. Provision of service is in general anything done with user consent, that is visible for the user or impacts the user. DO NOT USE this value for any processing that is used to provide advertising or other revenue generating features specifically related to advertising
- Data is being processed to provide advertising or other revenue generation features specifically related to advertising
- Data is being processed to provide personalization features.
- Data is being processed to drive revenue that is not related to ads (service related revenue).
- This category is for any data access that was caused by, pursuant to, or necessary to resolve an interaction with a customer or user that the customer initiated.
- Processing for debugging or monitoring or somehow related to pure software functionality. Access in order to perform testing, verification, certification, or other routine or pre-launch analysis by using stored user data. This can include regression testing, load testing, unit/integration testing, or other analysis of machine-generated or replayed activity. This is done primarily for routinized, transient evaluation like testing new builds/deployments.
- Processing for debugging or monitoring or somehow related to pure software functionality - analyzing user data to develop approved features, refactor or improve existing ones, or verify, triage, analyze, troubleshoot, or resolve problems with products and services
- Any processing for the purpose of understanding how services / products are used by users, including traffic shaping, monitoring etc. Any processing necessary to monitor a service and its performance to maintain product excellence, reliability, service quality, or other technical measures as perceived by a user.
- Perform analysis to set strategy, prioritize features, assess business risks or otherwise use the data to derive insights for the benefits of the company or its product or service offering.
- This is for any analysis that looks at the existing market across companies / manufacturers, or generates leads, contacts or potential clients or users. This can be either for manual outreach, automatic outreach or internal use.
- Open-ended or undirected analysis of user data with a clear hypothesis or intended benefit in mind.
- The data is being processed to protect Google, its users, customers or other stakeholders. This includes manual detection, analysis, remediation, prevention of unacceptable abusive behavior as defined by the terms of service. It also includes actions such as processing to keep accounts safe (such as processing for the purposes of auth or authz)
- Processing the data for compliance purposes, legal purpose, law enforcement requests and incident management related to any of these.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesProductionImpact | | description | Specifies the (worst case) production impact of access to the annotated object. The fields can be looked at in isolation to understand the effective impact in each category. Fingerprinting across fields to detect particular systems or types of endpoints is discouraged. Applicability: - For RPCs: the production impact of calling the RPC. - For storage: the aggregate production impact of write / admin / delete access - Other GUris: should not be annotated using this scheme at the moment. See go/production-impact-annotations for more details. |
|---|
| id | PrivacyDataGovernanceAttributesProductionImpact |
|---|
| properties | | bypassAccessControls | | description | Does access to this object allow changing or bypassing security controls, such as ACLs, MPA, BCID? Positive example: changing an ACL, bypassing an ACL (e.g. through chubby, changing Gaia backend to test). Negative example: using a "standard" way that allows doing this purely because the ACL is incorrect. |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| bypassLogging | | description | Does access to this object allow changing or bypassing logging? Example log types are Gin, BCID (in audit mode), Cloud Audit Logging. |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| bypassProductionControls | | description | Does access to this object allow changing or bypassing reliability controls, such as rate limiting, drain checks, break glass, go/pokes? |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| changeProductionEnvironment | | description | Does this object allow changing the state of production of a service? Including but not limited to causing user-visible outages. Examples are changes to replication, drains, borg configs, schemas. |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| impactedTeamProductId | | description | List of Team Product IDs that the annotated object can impact the production environment of. Only list direct services that this object is considered a part of, not indirect dependencies. The order of the entries has no meaning. 2021-1-14 update: *DEPRECATION* this field is deprecated in favor of the same one in production_infrastructure.proto. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| other | | description | Does this object allow any other critical impact that isn't captured above? Please contact data-classification-discuss@ if you think this applies. |
|---|
| type | boolean |
|---|
|
|---|
| tamperPrimaryData | | description | Does this object allow making user-visible changes to the data being stored or processed? Includes changing, adding to or deleting it. The data in question here is described by the `annotations.data` field. For internal systems (data.source = SOURCE_GOOGLE), Googlers are the users, so changes that are Googler-visible qualify as tampering. Positive example: changing user content in Gmail's primary database. Negative example: changing user content in a staging clone of the real database. |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| unconstrainedAccess | | description | Does this object allow unconstrained access? Positive examples: - Elevation of privileges - Allows execution of unconstrained code/commands or is otherwise "turing complete". - Proxies unconstrained / undelegated Stubby RPCs or HTTP requests. - Access is not narrowly limited to a specific purpose. - Grants wide access (read, write, and/or delete) to a wide range of data. - Acquiring identity tokens - Code execution - Impersonation |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesProductionInfrastructure | | id | PrivacyDataGovernanceAttributesProductionInfrastructure |
|---|
| properties | | blastRadiusContained | | description | Indicates that the blast radius of compromise of this object is contained. For example if strict rate-limits are enforced on the groups capabilities like only being able to bring down one region for 20 min, only giving SSH access to 1 host per hour, etc. Applicability: * ACL groups. * Borg roles. Semantics: * True: Indicates that access to this object and potential issues that follow are reasonably contained. * False: Indicates that access to this object can cause potential issues that aren't reasonably contained. Usage: * This field is conservatively interpreted as False when unset. * For `environment: NONPROD` GURIs, this field is usually left unset. |
|---|
| type | boolean |
|---|
|
|---|
| environment | | enum | - ENVIRONMENT_UNDEFINED
- PROD
- NONPROD
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| grantsAccessToMpaProtectedEndpointOnly | | description | Indicates that a group may not require MPA because the endpoints it grants access to are already non-unilateral Applicability: * ACL groups. Semantics: * True: Indicates that this object only grants access to endpoints that are non unilaterally accessible. * False: Indicates that this object can grant access to endpoints that unilaterally accessible. Usage: * This field is conservatively interpreted as False when unset. * For `environment: NONPROD` GURIs, this field is usually left unset. |
|---|
| type | boolean |
|---|
|
|---|
| grantsInnocuousWriteAccessOnly | | description | Counterpart of grants_read_access_only but for innocuous write operations. Indicates whether access to this object or its associated objects would only provide innocuous write capabilities to the service. It plays a role in deciding whether the annotated object should be in scope of programs like UAL. This has been deprecated due to lack of usage after a long period. If you think you want to use it please contact the DG annotations team and explain your use case. |
|---|
| type | boolean |
|---|
|
|---|
| grantsReadAccessOnly | | description | Indicates whether access to this object or its associated objects would only provide read capabilities to the service. Applicability: * RPCs * Prod groups that **don't** have a Prod UID. This field doesn't need to be explicitly set for Groups that have a Prod UID, because running jobs is a Prod-mutative action in itself (implied False). Semantics: * True: Used with `environment = PROD` to specify that an object is part of a service’s production infrastructure but does not have the capability to make changes to the service in any way and does not grant access to objects, tools, or services that can. * False: Used with `environment = PROD` to specify that an object is part of a service’s production infrastructure and can directly make changes to the service or grants access to other objects, tools, or services that can. Usage: * This field is conservatively interpreted as False when unset. * For `environment: NONPROD` GURIs, this field is usually left unset. |
|---|
| type | boolean |
|---|
|
|---|
| impactedTeamProductId | | description | Product(s) that the annotated GUri is an infrastructure component of. Only list direct services that this object is considered a part of, not indirect dependencies. The order of the entries has no meaning. Note: This may differ from Axium's Ganpati Teams mapping, which will capture maintenance work ownership for Ganpati groups. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| reason | | $ref | PrivacyDataGovernanceAttributesProductionImpact |
|---|
| description | The `reason` message specifies the (worst case) production impact of access to the annotated object. It is only applicable to Storage and RPC GUris. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesResidencyData | | description | Next ID: 6 |
|---|
| id | PrivacyDataGovernanceAttributesResidencyData |
|---|
| properties | | contentSubclassification | | description | DEPRECATED: Clients such as annotations.proto should use classification.SemanticContext directly instead. |
|---|
| enum | - CLASSIFICATION_UNDEFINED
- CUSTOMER_CORE_CONTENT
- SERVICE_CONFIG
- CUSTOMER_DEFINED_ATTRIBUTES
- GOOGLE_OPERATIONAL_DATA
- CUSTOMER_METADATA
|
|---|
| enumDescriptions | - Undefined means not set. Do not use.
- This data is about a resource(s), if core content represents the data within the resource(s). The service config data can include data specific to a service or generic one which can impact multiple service configurations across GCP. Google knows both the purpose and semantic meaning of this data, and collecting directly from the data subject ie GCP customer.
- This is like customer defined attributes of the resource. Google hasn’t defined the values and their meaning. Google doesn’t know the semantic meaning of this input.
|
|---|
| type | string |
|---|
|
|---|
| intendedDataLocations | | description | Intended data location for the main classification found in Data. Represents the location within which the data is supposed to reside. Teams can expect that setting this field will result in either offline or runtime policy checks verifying that the actual physical region of the data correct. Each given location needs to be one of the following: - A cloud region name (e.g., us-west1) - A service-specific multiregion name (e.g., kms_europe) - "global" If multiple intended data locations are provided, the physical location is expected to satisfy all of them, i.e., the physical location should be in the intersection of the intended locations. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| lifecycleState | | description | Lifecycle state for the main classification found in Data. |
|---|
| enum | - STATE_UNDEFINED
- DATA_AT_REST
- DATA_IN_TRANSIT
- DATA_IN_USE
|
|---|
| enumDescriptions | - Undefined means not set. Do not use.
|
|---|
| type | string |
|---|
|
|---|
| semanticContext | | description | Semantic context associated with this lifecycle state and intended data locations. The full residency location intentions represent a map of semantic context to locations, lifecycle state. By definition, we require the most restrictive semantic context in this map to be present in the classification.data.semantic_context field. |
|---|
| enum | - CONTEXT_UNDEFINED
- CONTEXT_OTHER
- CONTEXT_METADATA
- CONTEXT_CONTENT
- CONTEXT_CORE_CONTENT
- CONTEXT_SECURITY_CONFIGURATION
- CONTEXT_CONFIGURATION
- CONTEXT_ATTRIBUTE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesResidencyProcess | | id | PrivacyDataGovernanceAttributesResidencyProcess |
|---|
| properties | | dataLocationsThatCanBeProcessed | | items | | $ref | PrivacyDataGovernanceAttributesResidencyResidencyPolicy |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesResidencyResidencyPolicy | | description | Internally, Data Residency requirements and guarantees are defined in terms of these dimensions: semantic context, data state, and location. |
|---|
| id | PrivacyDataGovernanceAttributesResidencyResidencyPolicy |
|---|
| properties | | drData | | $ref | PrivacyDataGovernanceAttributesResidencyResidencyPolicyResidencyData |
|---|
|
|---|
| intendedDataLocation | | items | | $ref | PrivacyDataGovernanceAttributesLocation |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesResidencyResidencyPolicyResidencyData | | id | PrivacyDataGovernanceAttributesResidencyResidencyPolicyResidencyData |
|---|
| properties | | contentSubclassification | | description | DEPRECATED: Use semantic_context instead. |
|---|
| enum | - CLASSIFICATION_UNDEFINED
- CUSTOMER_CORE_CONTENT
- SERVICE_CONFIG
- CUSTOMER_DEFINED_ATTRIBUTES
- GOOGLE_OPERATIONAL_DATA
- CUSTOMER_METADATA
|
|---|
| enumDescriptions | - Undefined means not set. Do not use.
- This data is about a resource(s), if core content represents the data within the resource(s). The service config data can include data specific to a service or generic one which can impact multiple service configurations across GCP. Google knows both the purpose and semantic meaning of this data, and collecting directly from the data subject ie GCP customer.
- This is like customer defined attributes of the resource. Google hasn’t defined the values and their meaning. Google doesn’t know the semantic meaning of this input.
|
|---|
| type | string |
|---|
|
|---|
| lifecycleState | | enum | - STATE_UNDEFINED
- DATA_AT_REST
- DATA_IN_TRANSIT
- DATA_IN_USE
|
|---|
| enumDescriptions | - Undefined means not set. Do not use.
|
|---|
| type | string |
|---|
|
|---|
| semanticContext | | enum | - CONTEXT_UNDEFINED
- CONTEXT_OTHER
- CONTEXT_METADATA
- CONTEXT_CONTENT
- CONTEXT_CORE_CONTENT
- CONTEXT_SECURITY_CONFIGURATION
- CONTEXT_CONFIGURATION
- CONTEXT_ATTRIBUTE
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| source | | description | DEPRECATED: Data Residency does not need source information. |
|---|
| enum | - SOURCE_UNDEFINED
- SOURCE_OTHER
- SOURCE_GOOGLE
- SOURCE_OTHER_BETS
- SOURCE_GENERATED_TEST
- SOURCE_USER
- SOURCE_END_USER
- SOURCE_CUSTOMER
- SOURCE_CUSTOMER_OF_CUSTOMER
- SOURCE_ENTERPRISE_CUSTOMER
- SOURCE_PUBLIC
- SOURCE_THIRD_PARTY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesResidencyStorage | | id | PrivacyDataGovernanceAttributesResidencyStorage |
|---|
| properties | | dataLocationsThatCanBeStored | | items | | $ref | PrivacyDataGovernanceAttributesResidencyResidencyPolicy |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesSearchDataSpecs | | description | Next ID: 9 |
|---|
| id | PrivacyDataGovernanceAttributesSearchDataSpecs |
|---|
| properties | | assistantRequestAcceptStatus | | description | Define the assistant request acceptance status. |
|---|
| items | | enum | - ASSISTANT_REQUEST_ACCEPTANCE_UNSPECIFIED
- ASSISTANT_REQUEST_ACCEPTANCE_AWAITING
- ASSISTANT_REQUEST_ACCEPTANCE_ACCEPTED
- ASSISTANT_REQUEST_ACCEPTANCE_REJECTED
|
|---|
| enumDescriptions | - Unknown whether acceptance policy is applicable
- Applicable but waiting for the decision
- The request is accepted
- The request is rejected
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| dataCategory | | $ref | PrivacyDataGovernanceAttributesSearchDataSpecsDataCategory |
|---|
| description | Define the semantic content of the data. |
|---|
|
|---|
| dataSources | | description | Define from which data source does the data came from. |
|---|
| items | | enum | - DATA_SOURCE_UNSPECIFIED
- DATA_SOURCE_OTHER
- MULTIDAY_METRIC
- SEARCH_GROWTH_SESSION
- SEARCH_SESSION
- MULTIDAY_METRIC_NAPA
- SEARCH_QSESSIONS
- SEARCH_SENSITIVE_QSESSIONS
- SEARCH_GWS
- SEARCH_PROCESSED_ASSISTANT
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| hasFinalIntentHealthFitness | | description | Define variable to determine whether the final intent has been selected as H&F. |
|---|
| enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| identifierTypes | | description | Define the identifiers that may appear in data. |
|---|
| items | | enum | - IDENTIFIER_UNSPECIFIED
- IDENTIFIER_OTHER
- GAIA_ID
- ZWIEBACK_ID
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| productSources | | description | Define which products collected the data. |
|---|
| items | | enum | - PRODUCT_SOURCE_UNSPECIFIED
- PRODUCT_SOURCE_OTHER
- WEB_SEARCH
- IMAGE_SEARCH
- SHOPPING_SEARCH
- MAPS_SEARCH
- ASSISTANT_SEARCH
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| transformationCategories | | description | Define the transformations that are applied to data. |
|---|
| items | | enum | - TRANSFORMATION_CATEGORY_UNSPECIFIED
- TRANSFORMATION_CATEGORY_OTHER
- RAW
- SAMPLED
- PSEUDONYMIZED
- DEIDENTIFIED
- AGGREGATED
- K_ANONYMIZED
- DIFFERENTIALLY_PRIVATE
- NO_USER_DATA
|
|---|
| enumDescriptions | - None of the other categories are a match.
- Corresponds to any transformation on the records with user identifiers (e.g. GaiaId) that preserves the identifiers.
- Involves selecting random subset of the records that contain user identifiers (e.g. GaiaId).
- Pseudonymization involves substitution of authenticated identifiers with pseudonymous identifiers.
- De-Identification involves removal of unique identifiers, as well as sanitization (generalization or suppression) of sensitive fields.
- Aggregation involves generating aggregate, non-identifying statistics and ML models corresponding to many users.
- K-anonymization imposes a threshold of minimum k-users on the thinnest slice, across all columns, of a dataset.
- Differential Privacy typically involves adding random noise to a dataset or query results such that one would not be able to learn the presence or absence of a particular user with high probability.
- Operational data that signals property verification, job completion or contains job performance metrics that do not contain any user data.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| usagePurposes | | description | Define the purposes for the usage of the data. |
|---|
| items | | enum | - USAGE_PURPOSE_UNSPECIFIED
- USAGE_PURPOSE_OTHER
- PRODUCTION_INPUT
- EXPERIMENT_ANALYSIS
- DEBUGGING
- MANUAL_TESTING
- AUTOMATED_TESTING
- COMPLIANCE
- QUALITY_METRICS_MONITORING
- JOB_PERFORMANCE_IMPROVEMENT
- JOB_TEMPORARY_STORAGE
- STRATEGIC_ANALYSIS
|
|---|
| enumDescriptions | - Data is used as an input to a live production system such as trend analysis tools, ranking model generation and spam detection.
- Ad-hoc analysis on the data for new discoveries and optimization.
- Investigating quality, performance problems and bugs that are encountered in production.
- Code validation during development phase by engineers to check whether expected outputs are generated or not.
- Code validation with automated tools such as canary runs, Guitar and Tap tests.
- Data is used for legal compliance such as tax, finance, SOX.
- Monitoring various quality metrics such as click through rates and number of users that are interacting with a specific feature.
- Data that is utilized for improving the performance of jobs such as copies of original data sources in data centers that are closer to the running binaries.
- Temporary data that is generated as an intermediate output during the execution of the job such as Flume temporary files.
- Analysis on the data for business intelligence and reporting purposes.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesSearchDataSpecsDataCategory | | description | Semantic categories for Search/Assistant data |
|---|
| id | PrivacyDataGovernanceAttributesSearchDataSpecsDataCategory |
|---|
| properties | | contractualContent | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| qualityAbuseSignals | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| semanticNluSignals | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| structuredWorldFacts | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userBrowsedUrl | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userClicks | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userContacts | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userGeneratedContent | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userGoogleWorkspaceContent | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userImpressions | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userInterests | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userQuery | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
| userThirdPartyInteractions | | enum | |
|---|
| enumDescriptions | - Undefined is equivalent to not set.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PrivacyDataGovernanceAttributesSearchStorage | | id | PrivacyDataGovernanceAttributesSearchStorage |
|---|
| properties | | searchCriticalDatasetMitigation | | description | Marks the necessity of data. When read requests match this criticality, the data will not be filtered. |
|---|
| enum | |
|---|
| enumDescriptions | - Default value indicating data is not critical.
- Indicates data is critical or should not be filtered out of the response.
|
|---|
| type | string |
|---|
|
|---|
| useControlMethods | | items | | enum | - USE_CONTROL_METHOD_UNSPECIFIED
- USE_CONTROL_METHOD_READ_TIME_FILTERING
- USE_CONTROL_METHOD_WRITE_TIME_REJECTION
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ProjectProperties | | description | A descriptor for defining project properties for a service. One service may have many consumer projects, and the service may want to behave differently depending on some properties on the project. For example, a project may be associated with a school, or a business, or a government agency, a business type property on the project may affect how a service responds to the client. This descriptor defines which properties are allowed to be set on a project. Example: project_properties: properties: - name: NO_WATERMARK type: BOOL description: Allows usage of the API without watermarks. - name: EXTENDED_TILE_CACHE_PERIOD type: INT64 |
|---|
| id | ProjectProperties |
|---|
| properties | | properties | | description | List of per consumer project-specific properties. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Property | | description | Defines project properties. API services can define properties that can be assigned to consumer projects so that backends can perform response customization without having to make additional calls or maintain additional storage. For example, Maps API defines properties that controls map tile cache period, or whether to embed a watermark in a result. These values can be set via API producer console. Only API providers can define and set these properties. |
|---|
| id | Property |
|---|
| properties | | description | | description | The description of the property |
|---|
| type | string |
|---|
|
|---|
| name | | description | The name of the property (a.k.a key). |
|---|
| type | string |
|---|
|
|---|
| type | | description | The type of this property. |
|---|
| enum | - UNSPECIFIED
- INT64
- BOOL
- STRING
- DOUBLE
|
|---|
| enumDescriptions | - The type is unspecified, and will result in an error.
- The type is `int64`.
- The type is `bool`.
- The type is `string`.
- The type is 'double'.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Provisioning | | description | Configuration for provisioning a service to create instances of it. If a service has a provisioning configuration, users can create instances of the service using the provided configuration. For example, if a service is configured to use Deployment Manager for provisioning, an instance can be created by creating an instance of a composite type via DM. See go/service-provisioning-config. Example: experimental: provisioning: provider: "deploymentmanager.googleapis.com" settings: fields: resourceType: string_value: "test-resource/composite:composite-type" |
|---|
| id | Provisioning |
|---|
| properties | | provider | | description | The provider responsible for making instances of this service. For example, for Deployment Manager-based deployment, this would be "deploymentmanager.googleapis.com". |
|---|
| type | string |
|---|
|
|---|
| settings | | additionalProperties | | description | Properties of the object. |
|---|
| type | any |
|---|
|
|---|
| description | Provider-specific configuration for provisioning. For example, a DM config might look like: { "resourceType": "acme-project/composite:filesystem" } |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ProxyServiceConfig | | description | ProxyServiceConfig indicates whether the endpoint is transparently forwarding requests downstream. NOTE: Unlike almost every other field in EndpointPolicy that are used to allow/deny requests, this field will alter the behaviour of RpcSP. |
|---|
| id | ProxyServiceConfig |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| Publishing | | description | This message configures the settings for publishing [Google Cloud Client libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) generated from the service config. |
|---|
| id | Publishing |
|---|
| properties | | apiShortName | | description | Used as a tracking tag when collecting data about the APIs developer relations artifacts like docs, packages delivered to package managers, etc. Example: "speech". |
|---|
| type | string |
|---|
|
|---|
| bugAssigneeEmail | | description | The release bug assignee's email address, including domain name. Blank (i.e. the empty string) if no assignee should be set. This is usually a team's mailing list, such as chemist-oncall@google.com. For mdb groups ("borg role accounts"), the email address is suffixed with "@prod.google.com", for example "buganizer-test@prod.google.com" is the address for http://mdb/buganizer-test. Example 1: Chemist team decides that release bugs should be assigned to their oncall mdb group, so they set the field to chemist-oncall@google.com publishing: bug_assignee_email: chemist-oncall@google.com Example 2: GKE team thinks that their blunderbuss configuration better suits their needs to handle releases, so they opt to leave this field empty (or ignore it altogether). This results in their release bugs to have no assignee on creation. |
|---|
| type | string |
|---|
|
|---|
| codeownerGithubTeams | | description | GitHub teams to be added to CODEOWNERS in the directory in GitHub containing source code for the client libraries for this API. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| docTagPrefix | | description | A prefix used in sample code when demarking regions to be included in documentation. |
|---|
| type | string |
|---|
|
|---|
| documentationUri | | description | Link to product home page. Example: https://cloud.google.com/asset-inventory/docs/overview |
|---|
| type | string |
|---|
|
|---|
| githubLabel | | description | GitHub label to apply to issues and pull requests opened for this API. |
|---|
| type | string |
|---|
|
|---|
| librarySettings | | description | Client library settings. If the same version string appears multiple times in this list, then the last one wins. Settings from earlier settings with the same version string are discarded. |
|---|
| items | | $ref | ClientLibrarySettings |
|---|
|
|---|
| type | array |
|---|
|
|---|
| methodSettings | | description | A list of API method settings, e.g. the behavior for methods that use the long-running operation pattern. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| newIssueUri | | description | Link to a place that API users can report issues. Example: https://issuetracker.google.com/issues/new?component=190865&template=1161103 |
|---|
| type | string |
|---|
|
|---|
| organization | | description | For whom the client library is being published. |
|---|
| enum | - CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED
- CLOUD
- ADS
- PHOTOS
- STREET_VIEW
|
|---|
| enumDescriptions | - Not useful.
- Google Cloud Platform Org.
- Ads (Advertising) Org.
- Photos Org.
- Street View Org.
|
|---|
| type | string |
|---|
|
|---|
| publishingDelay | | description | Publication delay. Specifies how long it waits to trigger the publication after the control plane rollout finishes. The delay will default to 14 days if this value is not explicitly specified. Example: publishing: publishing_delay: seconds: 172800 # 2 days. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| PythonSettings | | description | Settings for Python client libraries. |
|---|
| id | PythonSettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QueryOptimization | | description | QueryOptimization is used to configure the aggregation of high cardinality labels from the base time series at write time to improve the performance of queries. The given labels are aggregated away by summing and the result is stored separately by the backend. The query engine will automatically select the pre-aggregated time series for queries which aggregate a superset of the labels. The aggregation applies to all metrics in the destination. Pre-aggregated time series only accumulate history after the configuration has been installed. Queries which have a start time that extends beyond that point will not use the pre-aggregated time series as a substitute. Adding or removing labels to an existing QueryOptimization will remove the historical data. |
|---|
| id | QueryOptimization |
|---|
| properties | | aggregatedLabels | | description | The list of monitored resource or metric labels which should be dropped in the aggregated time series. Every entry must be a label in either the monitored resource or in all metrics in the destination. For example, the following configuration would allow of faster queries which drop at lesst both the high cardinality monitored resource and metric labels seen in `aggregated_labels`: aggregated_labels = ['resource.labels.container_id', 'metric.labels.country_code'] |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| flags | | description | A list of options (comma-separated) that control additional behaviors of the aggregation configuration. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Quota | | description | Quota configuration helps to achieve fairness and budgeting in service usage. The metric based quota configuration works this way: - The service configuration defines a set of metrics. - For API calls, the quota.metric_rules maps methods to metrics with corresponding costs. - The quota.limits defines limits on the metrics, which will be used for quota checks at runtime. An example quota configuration in yaml format: quota: limits: - name: apiWriteQpsPerProject metric: library.googleapis.com/write_calls unit: "1/min/{project}" # rate limit for consumer projects values: STANDARD: 10000 (The metric rules bind all methods to the read_calls metric, except for the UpdateBook and DeleteBook methods. These two methods are mapped to the write_calls metric, with the UpdateBook method consuming at twice rate as the DeleteBook method.) metric_rules: - selector: "*" metric_costs: library.googleapis.com/read_calls: 1 - selector: google.example.library.v1.LibraryService.UpdateBook metric_costs: library.googleapis.com/write_calls: 2 - selector: google.example.library.v1.LibraryService.DeleteBook metric_costs: library.googleapis.com/write_calls: 1 Corresponding Metric definition: metrics: - name: library.googleapis.com/read_calls display_name: Read requests metric_kind: DELTA value_type: INT64 - name: library.googleapis.com/write_calls display_name: Write requests metric_kind: DELTA value_type: INT64 |
|---|
| id | Quota |
|---|
| properties | | groups | | description | Deprecated. Do not use. List of QuotaGroup definitions for the service. Used by group-based quotas only. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| limits | | description | List of QuotaLimit definitions for the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metricRules | | description | List of MetricRule definitions, each one mapping a selected method to one or more metrics. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | Deprecated. Do not use. A list of quota rules that apply to individual API methods and operations. NOTE: All service configuration rules follow "last one wins" order. Used by group-based quotas only. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| supportedLocations | | description | All the geo locations where the service has at least one resource type supported. This applies to all quota limits that do not explicitly specify their own supported locations. All geo locations are supported if this field is empty. |
|---|
| type | string |
|---|
|
|---|
| supportedRegions | | description | All the regions where the service has at least one resource type supported. It is also the supported regions for all the precise regional and zonal quota limits that do not explicitly specify their own supported regions. All regions are supported if this field is empty. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaConfig | | description | Advanced quota configuration. Example (in yaml format): experimental: advanced: quota: max_credit_percentages: ReadRequestsPerMinute: 0.7 custom_enforcement_metrics: - foo.googleapis.com/ingress_bytes - foo.googleapis.com/egress_bytes force_regionalized_enforcement_metrics: - foo.googleapis.com/read_request_count ignore_project_default_metrics: - foo.googleapis.com/ingress_bytes |
|---|
| id | QuotaConfig |
|---|
| properties | | customEnforcementMetrics | | description | Quota metrics for which SuperQuota will not be used for enforcement. Services can integrate with SuperQuota for the rest of the features, but services take the responsibility of checking with custom enforcement backends of their choice and just report the usage to SuperQuota. Before using this feature, contact superquota-team@. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| forceRegionalizedEnforcementMetrics | | description | This field is to enable SuperQuota Multi-Region quota for listed quota metrics. Per-location rate quota limits defined on these metrics will be treated as multi-region quota and will be enforced by regionalized stacks. Otherwise, those per-location quota limits will be enforced by the global stack. User guide: go/sq-mrq-user-guide. This is currently only supported for rate quotas. You **must** consult with superquota-team@ before using this field. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| ignoreProjectDefaultMetrics | | description | Quota metrics for which the default per-project quota limit value is ignored by setting it to unlimited. This feature only affects projects under an organization where both per-project and per-organization quota limits are defined and enabled. This also only applies to metrics in custom_enforcement metrics. Before using this feature, contact superquota-team@. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| maxCreditPercentages | | additionalProperties | |
|---|
| description | A map from the quota limit name to the percentage of the quota limit be applied as the max credit to the QuotaServer configuration. If the quota limit field is "*", then the max credit percentage is applied to all the quota limits. You **must** consult with superquota-team@google.com before using this field. |
|---|
| type | object |
|---|
|
|---|
| orgQuotaMetrics | | description | DEPRECATED. Do not use. Please consult SuperQuota if your team needs per-metric org quota. Quota metrics for which org quota enforcement is enabled/disabled for the allowlisted/blocklisted consumer organizations. If this is not specified, all quota metrics with org limits will be enabled for org quota. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaGroup | | description | QuotaGroup is deprecated. Do not use. Used by group-based quotas only. |
|---|
| id | QuotaGroup |
|---|
| properties | | billable | | description | Indicates if the quota limits defined in this quota group apply to consumers who have active billing. Quota limits defined in billable groups will be applied only to consumers who have active billing. The amount of tokens consumed from billable quota group will also be reported for billing. Quota limits defined in non-billable groups will be applied only to consumers who have no active billing. |
|---|
| type | boolean |
|---|
|
|---|
| description | | description | User-visible description of this quota group. |
|---|
| type | string |
|---|
|
|---|
| limits | | description | Quota limits to be enforced when this quota group is used. A request must satisfy all the limits in a group for it to be permitted. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | Name of this quota group. Must be unique within the service. Quota group name is used as part of the id for quota limits. Once the quota group has been put into use, the name of the quota group should be immutable. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaGroupMapping | | description | Quota group mapping is deprecated. Do not use. |
|---|
| id | QuotaGroupMapping |
|---|
| properties | | cost | | description | Number of tokens to consume for each request. This allows different cost to be associated with different methods that consume from the same quota group. By default, each request will cost one token. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| group | | description | The `QuotaGroup.name` of the group. Requests for the mapped methods will consume tokens from each of the limits defined in this group. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaLimit | | description | `QuotaLimit` defines a specific limit that applies over a specified duration for a limit type. There can be at most one limit for a duration and limit type combination defined within a `QuotaGroup`. |
|---|
| id | QuotaLimit |
|---|
| properties | | defaultLimit | | description | Default number of tokens that can be consumed during the specified duration. This is the number of tokens assigned when a client application developer activates the service for his/her project. Specifying a value of 0 will block all requests. This can be used if you are provisioning quota to selected consumers and blocking others. Similarly, a value of -1 will indicate an unlimited quota. No other negative values are allowed. Used by group-based quotas only. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| description | | description | Optional. User-visible, extended description for this quota limit. Should be used only when more context is needed to understand this limit than provided by the limit's display name (see: `display_name`). |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | User-visible display name for this limit. Optional. If not set, the UI will provide a default display name based on the quota configuration. This field can be used to override the default display name generated from the configuration. |
|---|
| type | string |
|---|
|
|---|
| duration | | description | Duration of this limit in textual notation. Must be "100s" or "1d". Used by group-based quotas only. |
|---|
| type | string |
|---|
|
|---|
| enablePerCellRateLimiting | | description | Applies to metric-based per-minute rate limits only. When enabled, ceil(per-minute value / 60) is enforced at per-cell level. |
|---|
| type | boolean |
|---|
|
|---|
| freeTier | | description | Free tier value displayed in the Developers Console for this limit. The free tier is the number of tokens that will be subtracted from the billed amount when billing is enabled. This field can only be set on a limit with duration "1d", in a billable group; it is invalid on any other limit. If this field is not set, it defaults to 0, indicating that there is no free tier for this service. Used by group-based quotas only. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| isConcurrent | | description | Whether the limit is a concurrent quota limit. Concurrent quota limit allows services to enforce quota on the total number of concurrent operations in flight at any given time. CURRENTLY UNDER DEVELOPMENT. Do not use until this message is removed. |
|---|
| type | boolean |
|---|
|
|---|
| isFixed | | description | Flag intended for pantheon to disable raising the quota on this particular limit. This does not actually prevent quota overrides, it merely disables the default pantheon workflow to request such overrides. See: https://docs.google.com/document/d/1tuNULVrjPDvkEE-xUlcSRS4CxdedoSPBUE_rSSiapFc/edit This flag is set by the service producer. Only pantheon cares about this flag. |
|---|
| type | boolean |
|---|
|
|---|
| isPrecise | | description | Whether the quota limit needs to be enforced precisely. Note that precise quota limits are more expensive to enforce. Make a quota limit precise only if it is necessary. Precise rate quota is not currently supported. An error will be raised if a rate quota is specified to be precise. Imprecise allocation quota is not currently supported. |
|---|
| type | boolean |
|---|
|
|---|
| launchStage | | description | Unimplemented. Do not use. The launch stage of the quota limit. |
|---|
| enum | - LAUNCH_STAGE_UNSPECIFIED
- UNIMPLEMENTED
- PRELAUNCH
- EARLY_ACCESS
- ALPHA
- BETA
- GA
- DEPRECATED
|
|---|
| enumDescriptions | - Do not use this default value.
- The feature is not yet implemented. Users can not use it.
- Prelaunch features are hidden from users and are only visible internally.
- Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
- Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
- Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
- GA features are open to all developers and are considered stable and fully qualified for production use.
- Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.
|
|---|
| type | string |
|---|
|
|---|
| limitBy | | description | Limit type to use for enforcing this quota limit. Each unique value gets the defined number of tokens to consume from. For a quota limit that uses user type, each user making requests through the same client application project will get his/her own pool of tokens to consume, whereas for a limit that uses client project type, all users making requests through the same client application project share a single pool of tokens. Used by group-based quotas only. |
|---|
| enum | |
|---|
| enumDescriptions | - ID of the project owned by the client application developer making the request.
- ID of the end user making the request using the client application.
|
|---|
| type | string |
|---|
|
|---|
| maxLimit | | description | Maximum number of tokens that can be consumed during the specified duration. Client application developers can override the default limit up to this maximum. If specified, this value cannot be set to a value less than the default limit. If not specified, it is set to the default limit. To allow clients to apply overrides with no upper bound, set this to -1, indicating unlimited maximum quota. Used by group-based quotas only. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| metric | | description | The name of the metric this quota limit applies to. The quota limits with the same metric will be checked together during runtime. The metric must be defined within the service config. |
|---|
| type | string |
|---|
|
|---|
| name | | description | Name of the quota limit. The name must be provided, and it must be unique within the service. The name can only include alphanumeric characters as well as '-'. The maximum length of the limit name is 64 characters. |
|---|
| type | string |
|---|
|
|---|
| supportedLocations | | description | Geo locations supported by this quota limit. It must be a subset of locations specified at the top-level quota field. All the per-region and per-zone limits for the same metric must have the same supported locations. Applicable to precise regional and precise zonal quota only. When this field is not set, supported locations, if any, specified at the top-level quota field will apply. |
|---|
| type | string |
|---|
|
|---|
| supportedRegions | | description | Regions supported by this quota limit. It must be a subset of the regions supported by the service. All the per-region and per-zone limits for the same metric must have the same supported regions. Applicable to precise regional and zonal quota only. Service wide supported regions apply when this field is unset or empty. |
|---|
| type | string |
|---|
|
|---|
| unit | | description | Specify the unit of the quota limit. It uses the same syntax as Metric.unit. The supported unit kinds are determined by the quota backend system. Here are some examples: * "1/min/{project}" for quota per minute per project. Note: the order of unit components is insignificant. The "1" at the beginning is required to follow the metric unit syntax. |
|---|
| type | string |
|---|
|
|---|
| values | | additionalProperties | |
|---|
| description | Tiered limit values. You must specify this as a key:value pair, with an integer value that is the maximum number of requests allowed for the specified unit. Currently only STANDARD is supported. |
|---|
| type | object |
|---|
|
|---|
| visibilityRestriction | | description | Control on the visibility of this quota limit. a comma separated list of tag such as GOOGLE_INTERNAL, BETA_TESTER. Note: This only has effect for superquota metrics/limits. See go/quota-limit-visibility. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaRule | | description | QuotaRule is deprecated. Do not use. Used by group-based quotas only. |
|---|
| id | QuotaRule |
|---|
| properties | | disableQuota | | description | Indicates if quota checking should be enforced. Quota will be disabled for methods without quota rules or with quota rules having this field set to true. When this field is set to true, no quota group mapping is allowed. Deprecated and discontinued: do not use this setting since this is not needed any more. |
|---|
| type | boolean |
|---|
|
|---|
| groups | | description | Quota groups to be used for this method. This supports associating a cost with each quota group. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| QuotaUserOverrideConfig | | description | Configuration for allowing requests to pass a quotaUser parameter in the request without using a server-side API Key. WARNING: Teams using this feature are responsible for storing allowed/denied projectIds in a PII compliant datastore. The SHA-256 stored in the config cannot be used to recover the projectId. |
|---|
| id | QuotaUserOverrideConfig |
|---|
| properties | | allowedProjects | | description | A list of the SHA-256 of project_ids + service + “sq-salt” that can pass “quotaUser” on requests to this service without using an Api Server-Side key. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| deniedProjects | | description | A list of the SHA-256 of project_ids + service + “sq-salt” that can NOT pass “quotaUser” on requests to this service, even with an Api Server-Side key. This list takes precedence over allowed_projects. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RemoveTenantProjectRequest | | description | Request message to remove a tenant project resource from the tenancy unit. |
|---|
| id | RemoveTenantProjectRequest |
|---|
| properties | | detachOnly | | description | Optional. If `detach_only` is set, only the metadata in tenancy unit is deleted, but the tenant resources such as tenant project and lien are kept. |
|---|
| type | boolean |
|---|
|
|---|
| tag | | description | Required. Tag of the resource within the tenancy unit. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RenameMethodRule | | id | RenameMethodRule |
|---|
| properties | | renameTo | | description | Note: If you are using esf as libaray, then you can only use the last rule: rename just the proto-service name. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RenameRule | | description | Generic configuration for renaming proto in various contexts. |
|---|
| id | RenameRule |
|---|
| properties | | renameTo | | description | The new name the selected proto elements should be renamed to. The specific semantics of this will depend on the context in which the `RenameRule` is used. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the proto elements to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ReservedRange | | description | Range of reserved tag numbers. Reserved tag numbers may not be used by fields or extension ranges in the same message. Reserved ranges may not overlap. |
|---|
| id | ReservedRange |
|---|
| properties | | end | | description | Exclusive. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| start | | description | Inclusive. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ResourceContainer | | description | `ResourceContainer` defines the configurations on retrieving resource container from API request proto. Resource container will be used by Google Service Control API for service runtime check and report. Deprecated: For new usage, please use go/cloud-resource-annotations. The existing usage will be in maintenance mode. |
|---|
| id | ResourceContainer |
|---|
| properties | | rules | | description | A list of resource container rules for retrieving resource container. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | | $ref | ResourceContainerRule |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ResourceContainerRule | | description | An resource container rule provides configuration for retrieving resource container from an individual field in API request message. Deprecated: For new usage, please use go/cloud-resource-annotations. The existing usage will be in maintenance mode. |
|---|
| id | ResourceContainerRule |
|---|
| properties | | selector | | description | Selects fields where this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| type | | description | Type of resource containers. Currently the following values are supported : - **RESOURCE**: The value of this field is a resource string that can be used to extract resource container. The expected formats are: - "///projects//..." - "///projects//..." - "///folders//..." - "///organizations//...” - “projects//...” - “projects//...” - “folders//...” - “organizations//...” - "" (string) - "" (integer) The "" and "" formats should not be used by new APIs. They are supported only for legacy services. - **CALLBACK**: The value of this field should be used as `resource_identifier` in the callback to API backend to retrieve resource container. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ResourceDescriptor | | description | A simple descriptor of a resource type. ResourceDescriptor annotates a resource message (either by means of a protobuf annotation or use in the service config), and associates the resource's schema, the resource type, and the pattern of the resource name. Example: message Topic { // Indicates this message defines a resource schema. // Declares the resource type in the format of {service}/{kind}. // For Kubernetes resources, the format is {api group}/{kind}. option (google.api.resource) = { type: "pubsub.googleapis.com/Topic" pattern: "projects/{project}/topics/{topic}" }; } The ResourceDescriptor Yaml config will look like: resources: - type: "pubsub.googleapis.com/Topic" pattern: "projects/{project}/topics/{topic}" Sometimes, resources have multiple patterns, typically because they can live under multiple parents. Example: message LogEntry { option (google.api.resource) = { type: "logging.googleapis.com/LogEntry" pattern: "projects/{project}/logs/{log}" pattern: "folders/{folder}/logs/{log}" pattern: "organizations/{organization}/logs/{log}" pattern: "billingAccounts/{billing_account}/logs/{log}" }; } The ResourceDescriptor Yaml config will look like: resources: - type: 'logging.googleapis.com/LogEntry' pattern: "projects/{project}/logs/{log}" pattern: "folders/{folder}/logs/{log}" pattern: "organizations/{organization}/logs/{log}" pattern: "billingAccounts/{billing_account}/logs/{log}" |
|---|
| id | ResourceDescriptor |
|---|
| properties | | history | | description | Optional. The historical or future-looking state of the resource pattern. Example: // The InspectTemplate message originally only supported resource // names with organization, and project was added later. message InspectTemplate { option (google.api.resource) = { type: "dlp.googleapis.com/InspectTemplate" pattern: "organizations/{organization}/inspectTemplates/{inspect_template}" pattern: "projects/{project}/inspectTemplates/{inspect_template}" history: ORIGINALLY_SINGLE_PATTERN }; } |
|---|
| enum | - HISTORY_UNSPECIFIED
- ORIGINALLY_SINGLE_PATTERN
- FUTURE_MULTI_PATTERN
|
|---|
| enumDescriptions | - The "unset" value.
- The resource originally had one pattern and launched as such, and additional patterns were added later.
- The resource has one pattern, but the API owner expects to add more later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents that from being necessary once there are multiple patterns.)
|
|---|
| type | string |
|---|
|
|---|
| nameDescriptor | | description | Metadata information for the names of this resource. Example: message Topic { // Indicates this message defines a resource schema. // Declares the resource type in the format of {service}/{kind}. // For Kubernetes resources, the format is {api group}/{kind}. option (google.api.resource) = { type: "pubsub.googleapis.com/Topic" name_descriptor: { pattern: "projects/{project}/topics/{topic}" parent_type: "cloudresourcemanager.googleapis.com/Project" parent_name_extractor: "projects/{project}" } }; } The ResourceDescriptor Yaml config will look like: resources: - type: "pubsub.googleapis.com/Topic" name_descriptor: - pattern: "projects/{project}/topics/{topic}" parent_type: "cloudresourcemanager.googleapis.com/Project" parent_name_extractor: "projects/{project}" Sometimes, resources have multiple patterns, typically because they can live under multiple parents. Example: message LogEntry { option (google.api.resource) = { type: "logging.googleapis.com/LogEntry" name_descriptor: { pattern: "projects/{project}/logs/{log}" parent_type: "cloudresourcemanager.googleapis.com/Project" parent_name_extractor: "projects/{project}" } name_descriptor: { pattern: "folders/{folder}/logs/{log}" parent_type: "cloudresourcemanager.googleapis.com/Folder" parent_name_extractor: "folders/{folder}" } name_descriptor: { pattern: "organizations/{organization}/logs/{log}" parent_type: "cloudresourcemanager.googleapis.com/Organization" parent_name_extractor: "organizations/{organization}" } name_descriptor: { pattern: "billingAccounts/{billing_account}/logs/{log}" parent_type: "billing.googleapis.com/BillingAccount" parent_name_extractor: "billingAccounts/{billing_account}" } }; } The ResourceDescriptor Yaml config will look like: resources: - type: 'logging.googleapis.com/LogEntry' name_descriptor: - pattern: "projects/{project}/logs/{log}" parent_type: "cloudresourcemanager.googleapis.com/Project" parent_name_extractor: "projects/{project}" - pattern: "folders/{folder}/logs/{log}" parent_type: "cloudresourcemanager.googleapis.com/Folder" parent_name_extractor: "folders/{folder}" - pattern: "organizations/{organization}/logs/{log}" parent_type: "cloudresourcemanager.googleapis.com/Organization" parent_name_extractor: "organizations/{organization}" - pattern: "billingAccounts/{billing_account}/logs/{log}" parent_type: "billing.googleapis.com/BillingAccount" parent_name_extractor: "billingAccounts/{billing_account}" For flexible resources, the resource name doesn't contain parent names, but the resource itself has parents for policy evaluation. Example: message Shelf { option (google.api.resource) = { type: "library.googleapis.com/Shelf" name_descriptor: { pattern: "shelves/{shelf}" parent_type: "cloudresourcemanager.googleapis.com/Project" } name_descriptor: { pattern: "shelves/{shelf}" parent_type: "cloudresourcemanager.googleapis.com/Folder" } }; } The ResourceDescriptor Yaml config will look like: resources: - type: 'library.googleapis.com/Shelf' name_descriptor: - pattern: "shelves/{shelf}" parent_type: "cloudresourcemanager.googleapis.com/Project" - pattern: "shelves/{shelf}" parent_type: "cloudresourcemanager.googleapis.com/Folder" |
|---|
| items | | $ref | ResourceNameDescriptor |
|---|
|
|---|
| type | array |
|---|
|
|---|
| nameField | | description | Optional. The field on the resource that designates the resource name field. If omitted, this is assumed to be "name". |
|---|
| type | string |
|---|
|
|---|
| pattern | | description | Optional. The relative resource name pattern associated with this resource type. The DNS prefix of the full resource name shouldn't be specified here. The path pattern must follow the syntax, which aligns with HTTP binding syntax: Template = Segment { "/" Segment } ; Segment = LITERAL | Variable ; Variable = "{" LITERAL "}" ; Examples: - "projects/{project}/topics/{topic}" - "projects/{project}/knowledgeBases/{knowledge_base}" The components in braces correspond to the IDs for each resource in the hierarchy. It is expected that, if multiple patterns are provided, the same component name (e.g. "project") refers to IDs of the same type of resource. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| plural | | description | The plural name used in the resource name and permission names, such as 'projects' for the resource name of 'projects/{project}' and the permission name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same concept of the `plural` field in k8s CRD spec https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ Note: The plural form is required even for singleton resources. See https://aip.dev/156 |
|---|
| type | string |
|---|
|
|---|
| singular | | description | The same concept of the `singular` field in k8s CRD spec https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ Such as "project" for the `resourcemanager.googleapis.com/Project` type. |
|---|
| type | string |
|---|
|
|---|
| style | | description | Style flag(s) for this resource. These indicate that a resource is expected to conform to a given style. See the specific style flags for additional information. |
|---|
| items | | enum | - STYLE_UNSPECIFIED
- DECLARATIVE_FRIENDLY
|
|---|
| enumDescriptions | - The unspecified value. Do not use.
- This resource is intended to be "declarative-friendly". Declarative-friendly resources must be more strictly consistent, and setting this to true communicates to tools that this resource should adhere to declarative-friendly expectations. Note: This is used by the API linter (linter.aip.dev) to enable additional checks.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| type | | description | The resource type. It must be in the format of {service_name}/{resource_type_kind}. The `resource_type_kind` must be singular and must not include version numbers. Example: `storage.googleapis.com/Bucket` The value of the resource_type_kind must follow the regular expression /A-Za-z+/. It should start with an upper case character and should use PascalCase (UpperCamelCase). The maximum number of characters allowed for the `resource_type_kind` is 100. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ResourceNameDescriptor | | description | Describe the information of the naming of this resource. Note, if the parent type has multiple name patterns, specify this message repeatedly with each pattern respectively. See examples in the doc of the ResourceDescriptor. |
|---|
| id | ResourceNameDescriptor |
|---|
| properties | | locationExtractor | | description | A string that defines how the location can be extracted from the resource name `pattern`. Example: pattern: "projects/{project}/locations/{location}/shelves/{shelf}" location_extractor: "{location}" |
|---|
| type | string |
|---|
|
|---|
| parentNameExtractor | | description | A string that defines how the parent name can be extracted from the resource name `pattern`. Example: pattern: "projects/{project}/topics/{topic}" parent_name_extractor: "projects/{project}" |
|---|
| type | string |
|---|
|
|---|
| parentType | | description | The direct parent type of this resource in the resource hierarchy. Example: `cloudresourcemanager.googleapis.com/Project`. Empty value means no parent. This is the case if the resource type is the root in the hierarchy or flexible resource. |
|---|
| type | string |
|---|
|
|---|
| pattern | | description | The relative resource name pattern associated with this resource type. The DNS prefix of the full resource name shouldn't be specified here. The path pattern must follow the syntax, which aligns with HTTP binding syntax: Template = Segment {"/" Segment} ; Segment = LITERAL | Variable ; Variable = "{" LITERAL "}" ; Singleton resources must not have a user-provided or system-generated ID and are always singular - see https://google.aip.dev/156 Examples: - "projects/{project}/topics/{topic}" - "projects/{project}/knowledgeBases/{knowledge_base}" - "projects/{project}/config" The components in braces correspond to the IDs for each resource in the hierarchy. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RetentionBackfillPolicy | | description | Configuration of the analytics data retention. |
|---|
| id | RetentionBackfillPolicy |
|---|
| properties | | fromDate | | $ref | Date |
|---|
| description | All output tables created after or on this date will be retained. |
|---|
|
|---|
| mostRecentDays | | description | All output tables created in the recent days will be retained. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| reprocessingStrategy | | description | Analytics data reprocessing policy. |
|---|
| enum | - KEEP_OLD_VERSION
- DELETE_OLD_VERSION
|
|---|
| enumDescriptions | - Regenerate previous days without deleting remaining output tables.
- Regenerate previous days and delete remaining old version output tables.
|
|---|
| type | string |
|---|
|
|---|
| reprocessingVersion | | description | An version number of the analytics config used for reprocessing. Whenever the reprocessing version changes relative to the previously seen version analytics data will be reprocessed according to the retention and reprocessing strategies. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RoleBinding | | description | Defines a set of members that are to be bound to a role. |
|---|
| id | RoleBinding |
|---|
| properties | | adminAccessControl | | $ref | AdminAccessControlConfig |
|---|
|
|---|
| conditions | | description | Conditions that need to be met for this binding to be applied. All conditions must be met (they're ANDed together). Conditions are evaluated in-order. If a condition isn't met, further conditions won't be evaluated. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| description | | description | A short description about this binding. |
|---|
| type | string |
|---|
|
|---|
| disableAdminAccessControl | | $ref | DisabledAdminAccessControlConfig |
|---|
|
|---|
| members | | $ref | Members |
|---|
| description | Required. Member set |
|---|
|
|---|
| reviewerConfig | | $ref | MpaReviewerConfig |
|---|
| description | Defines reviewers that are automatically assigned. Must only be used with MPA_REVIEWER_ADMIN binding. |
|---|
|
|---|
| role | | description | Required. |
|---|
| enum | - UNSPECIFIED_ROLE_NAME
- ADMIN
- IMPERSONATOR_ADMIN
- EUC_PRESENTER_ADMIN
- SYSTEM
- IMPERSONATOR_SYSTEM
- EUC_PRESENTER_SYSTEM
- MPA_REVIEWER_ADMIN
- UNPRIVILEGED_USER
- CLOUD_IAM_USER
- CPE_USER
- THINMINT_PRESENTER_ADMIN
- THINMINT_PRESENTER_SYSTEM
|
|---|
| enumDescriptions | - A role that grants privileged access to person users. See http://go/rpcsp-2-reference-guide#admin_enum
- A role that allows a person user to impersontate other users, subject to the `impersonation_target` condition, which must be included in the binding. See http://go/rpcsp-2-reference-guide#impersonator_admin_enum
- A role that grants person users the capability of presenting End-User Credentials (EUC). See http://go/rpcsp-2-reference-guide#euc_presenter_admin_enum
- A role that grants access to non-person production users that are fully-trusted. See http://go/rpcsp-2-reference-guide#system_enum
- A role that grants impersonation to non-person production users. See http://go/rpcsp-2-reference-guide#impersonator_system_enum
- A role that grants non-person production users the capability of presenting End-User Credentials (EUC). See http://go/rpcsp-2-reference-guide#euc_presenter_system_enum
- A role that grants humans the permisison to approve admin access with Multi-party authorization (MPA). See http://go/rpcsp-2-reference-guide#mpa_reviewer_admin_enum
- A role that grants regular, unprivileged access for normal (aka. Gaia) or production users. See http://go/rpcsp-2-reference-guide#unprivileged_user_enum
- EXPERIMENTAL. DO NOT USE. A role that grants partial access for any user type or authority selectors, conditional on the Cloud authorization check result.
- EXPERIMENTAL. DO NOT USE. A role that grants partial access for any user type or authority selectors.
- EXPERIMENTAL. DO NOT USE. A role that grants person users the capability of presenting Thinmints.
- EXPERIMENTAL. DO NOT USE. A role that grants non-person production users the capability of presenting Thinmints.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RpcSecurityPolicy | | description | Security policy determining how requests are authenticated and authorized. |
|---|
| id | RpcSecurityPolicy |
|---|
| properties | | audit | | $ref | AuditingConfig |
|---|
| description | Information on how to populate audit logs. Applies to all mappings and all endpoint_policies. See message documentation for more details. It is recommended that all new v1.0 and v2.0 RpcSPs specify this field, effectively configuring Autogin. It is _required_ in all v2.0 and some v1.0 policies. Older v1.0 policies that don't have this field will eventually be modified through various transition efforts to add this field. |
|---|
|
|---|
| disableChecks | | description | Checks that are disabled in the RpcSP compiler |
|---|
| items | | enum | - CHECK_UNSPECIFIED
- CHECK_DENY_EUC_PRESENTER_ADMIN
- CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- CHECK_NO_RPC_SERVICES_FIELD
- CHECK_LANGUAGE_SUPPORT
- CHECK_EXCLUDE_INSECURE_USERS_CONDITION
- CHECK_ADMIN_ACCESS_CONTROLS
- CHECK_CONFLICTING_GIN_LOGGING_BEHAVIORS
- CHECK_NO_HTTP_HANDLERS_FIELD
|
|---|
| enumDescriptions | - This check verifies that the EUC_PRESENTER_ADMIN role isn't used. See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_EUC_PRESENTER_ADMIN
- This check ensures that bindings are used in a way that the ordering of the bindings isn't significant. See go/rpcsp2-policy-checks-and-rewrites#CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- This check verifies that UNPRIVILEGED_USER does not grant access to a. narrow set of users. This role should only be granted to the following: all {}, all_normal_users{}, all_except_anonymous{}, prod_groups: "all", and "prod_groups: "all-person-users". See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- This check prohibits use of the experimental `rpc_services` field.
- This check verifies that a policy does not use unsupported language features. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that the `exclude_insecure_users` condition can only be used to restrict supported users. See go/rpcsp-levels#insecure-roles-list. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that `admin_access_control` is only set on bindings for admin roles. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that all *ADMIN roles for a single endpoint are using the same Gin logging failure behavior. Configuring two *ADMIN bindings where one binding is set to use fail closed Gin logging and the other is set to use fail open Gin logging is equivalent to configuring one binding that is using fail open Gin logging, and is therefore not allowed. This check will be removed once AAC enables fail closed Gin logging for all cases by default, see b/161436949.
- This check prohibits use of the experimental `http_handlers` field.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| disableRewrites | | description | Rewrites that are disabled in the RpcSP compiler |
|---|
| items | | enum | - REWRITE_UNSPECIFIED
- REWRITE_ALLOW_EUC_PRESENTER_SELF
- REWRITE_DENY_EUC_PRESENTER_NON_BCID3_ROLES
- REWRITE_DENY_EUC_PRESENTER_UNTRUSTED_PROXY_ROLES
- REWRITE_DENY_PRIVILEGED_ACCESS_FORGE
- REWRITE_DENY_PRIVILEGED_ACCESS_RPCSTUDIO
- REWRITE_ALLOW_EUC_PRESENTER_RPCSTUDIO
|
|---|
| enumDescriptions | - This rewrite allows calls from `self` (LOAS role of the process) to present EUCs. It covers typical in-process and loopback calls, as well as local ESF for One Platform APIs. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-self
- This rewrite denies calls in which a non-BCID3 role is presenting forwarded EUCs. Instead, those non-BCID3 roles, such as humans and untrusted roles, are expected to use LOAS-based credentials only. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-non-bcid3-roles
- This rewrite denies calls in which a untrusted proxy is presenting forwarded EUCs. The untrusted proxies include `untrusted-http-proxy` and `unauthenticated-esf-proxy` LOAS peer roles. These roles are "fake" LOAS peers, which indicate that the call was actually made over an unauthenticated channel. Per go/forwardable-creds, EUCs should only be presented over authenticated channels. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-untrusted-proxy-roles
- This rewrite denies system access for Forge test roles. If you want to send RPCs from Forge, use a TEST policy. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-forge
- This rewrite denies system access from the rpcStudio role (i.e., the `rpcstudio-client-initiated-rpc` role). The rpcStudio never makes requests on its own authority, so this rewrite will not interfere with any use of rpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-rpcstudio
- This rewrite allows the RpcStudio role to present EUCs. This rewrite is never enabled by default, and should only be manually enabled if you understand its effects, and intend to use RpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-rpcstudio
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| enableChecks | | description | Checks that are enabled in the RpcSP compiler |
|---|
| items | | enum | - CHECK_UNSPECIFIED
- CHECK_DENY_EUC_PRESENTER_ADMIN
- CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- CHECK_NO_RPC_SERVICES_FIELD
- CHECK_LANGUAGE_SUPPORT
- CHECK_EXCLUDE_INSECURE_USERS_CONDITION
- CHECK_ADMIN_ACCESS_CONTROLS
- CHECK_CONFLICTING_GIN_LOGGING_BEHAVIORS
- CHECK_NO_HTTP_HANDLERS_FIELD
|
|---|
| enumDescriptions | - This check verifies that the EUC_PRESENTER_ADMIN role isn't used. See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_EUC_PRESENTER_ADMIN
- This check ensures that bindings are used in a way that the ordering of the bindings isn't significant. See go/rpcsp2-policy-checks-and-rewrites#CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- This check verifies that UNPRIVILEGED_USER does not grant access to a. narrow set of users. This role should only be granted to the following: all {}, all_normal_users{}, all_except_anonymous{}, prod_groups: "all", and "prod_groups: "all-person-users". See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- This check prohibits use of the experimental `rpc_services` field.
- This check verifies that a policy does not use unsupported language features. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that the `exclude_insecure_users` condition can only be used to restrict supported users. See go/rpcsp-levels#insecure-roles-list. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that `admin_access_control` is only set on bindings for admin roles. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that all *ADMIN roles for a single endpoint are using the same Gin logging failure behavior. Configuring two *ADMIN bindings where one binding is set to use fail closed Gin logging and the other is set to use fail open Gin logging is equivalent to configuring one binding that is using fail open Gin logging, and is therefore not allowed. This check will be removed once AAC enables fail closed Gin logging for all cases by default, see b/161436949.
- This check prohibits use of the experimental `http_handlers` field.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| enableLabelEnforcement | | description | SUPPORTED IN C++ ONLY. DO NOT USE THIS FIELD IN JAVA OR GO. If true, allows configuring label mappings in the policy and enforces them on requests. Label mappings are enforced for both Stubby and HTTP requests, and Stubby requests will prefer a matching `rpc_method` mapping over a matching `label` mapping. Label mappings are the supported means of enforcing RpcSP on HTTP endpoints and built-in RPC services (including ignored services governed by --rpc_security_policy_ignored_services). When this field is false, the policy will not be enforced on HTTP handlers and built-in RPC services. This field is not yet implemented in Java or Go and will cause a policy validation exception if set. |
|---|
| type | boolean |
|---|
|
|---|
| enableRewrites | | description | Rewrites that are enabled in the RpcSP compiler |
|---|
| items | | enum | - REWRITE_UNSPECIFIED
- REWRITE_ALLOW_EUC_PRESENTER_SELF
- REWRITE_DENY_EUC_PRESENTER_NON_BCID3_ROLES
- REWRITE_DENY_EUC_PRESENTER_UNTRUSTED_PROXY_ROLES
- REWRITE_DENY_PRIVILEGED_ACCESS_FORGE
- REWRITE_DENY_PRIVILEGED_ACCESS_RPCSTUDIO
- REWRITE_ALLOW_EUC_PRESENTER_RPCSTUDIO
|
|---|
| enumDescriptions | - This rewrite allows calls from `self` (LOAS role of the process) to present EUCs. It covers typical in-process and loopback calls, as well as local ESF for One Platform APIs. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-self
- This rewrite denies calls in which a non-BCID3 role is presenting forwarded EUCs. Instead, those non-BCID3 roles, such as humans and untrusted roles, are expected to use LOAS-based credentials only. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-non-bcid3-roles
- This rewrite denies calls in which a untrusted proxy is presenting forwarded EUCs. The untrusted proxies include `untrusted-http-proxy` and `unauthenticated-esf-proxy` LOAS peer roles. These roles are "fake" LOAS peers, which indicate that the call was actually made over an unauthenticated channel. Per go/forwardable-creds, EUCs should only be presented over authenticated channels. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-untrusted-proxy-roles
- This rewrite denies system access for Forge test roles. If you want to send RPCs from Forge, use a TEST policy. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-forge
- This rewrite denies system access from the rpcStudio role (i.e., the `rpcstudio-client-initiated-rpc` role). The rpcStudio never makes requests on its own authority, so this rewrite will not interfere with any use of rpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-rpcstudio
- This rewrite allows the RpcStudio role to present EUCs. This rewrite is never enabled by default, and should only be manually enabled if you understand its effects, and intend to use RpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-rpcstudio
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| endpointPolicies | | description | Simplified, role-based language for expressing RpcSecurityPolicy. Not yet available for some languages/platforms; see go/rpcsp2-features#status. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| legacyAllowLabelMappingsWithoutLabelEnforcement | | description | DO NOT USE THIS FIELD. If true, allows services that have not enabled RpcSP label enforcement to specify label mappings in their policy. These mappings will not actually be enforced until the service migrates to RpcSP label enforcement. This field is a temporary measure used for migrating existing pilot HTTP enforcement users to RpcSP label enforcement. It should not be set in any policy that sets `enable_label_enforcement`. Setting this field has no effect in Java or Go, as pilot HTTP enforcement is C++ only. |
|---|
| type | boolean |
|---|
|
|---|
| mapping | | description | Authentication and (optionally) authorization policy, using a model consistent with Cloud Identity and Authorization Management (go/iam). See http://go/stubby-authz-2014#heading=h.nxwc3s5ss1ve for discussion of how credential policy and request authorization policy fit together in this model. For methods not matched by any mapping (see RpcSecurityPolicyMapping.rpc_method), the handling depends on the value of trust_esf_authentication field. If trust_esf_authentication is set to true and the request is ESF-authenticated, unmatched methods are treated as if MANUAL_IAM authorization mode applied (with empty permission_to_check). Otherwise, a default deny-all policy applies to all unmatched methods. Example: Service with a simple, coarse-grained authorization policy. mapping { rpc_method: '/WidgetService.Get' rpc_method: '/WidgetService.List' authentication_policy { creds_policy { # All clients can authenticate as themselves via LOAS. rules { permissions: 'auth.creds.useLOAS' action: ALLOW in: 'allUsers' } } } authorization_mode: AUTOMATIC_IAM # Authorization check in Stubby. permission_to_check: 'widgets.read' } mapping { rpc_method: '/WidgetService.Create' rpc_method: '/WidgetService.Update' authentication_policy { creds_policy { # All clients can authenticate as themselves via LOAS. rules { permissions: 'auth.creds.useLOAS' action: ALLOW in: 'allUsers' } } } authorization_mode: AUTOMATIC_IAM # Authorization check in Stubby. permission_to_check: 'widgets.write' } # Calls to any methods not listed above are rejected. system_authorization_policy { rules { permissions: 'widgets.read' action: ALLOW in: 'mdb:widget-clients-readonly' in: 'user:widget-indexer@prod.google.com' } rules { permissions: 'widgets.write' permissions: 'widgets.read' action: ALLOW in: 'mdb:widget-sre' in: 'mdb:widget-clients-readwrite' } } Example: Service with coarse-grained privileged access policy and custom fine-grained authorization checks for end-user actions. mapping { rpc_method: '/Accounts.Create' rpc_method: '/Accounts.Get' rpc_method: '/Accounts.List' rpc_method: '/Accounts.Update' authentication_policy { creds_policy { # Frontend passes GaiaMints. rules { permissions: 'auth.creds.useNormalUserEUC' action: ALLOW in: 'user:accounts-frontend@prod.google.com' } # Admin frontend passes DATs or GaiaMints obtained on the authority # of a Googler. These may be "impersonation" credentials (subject # to the impersonation_policy below) or "SuperDATs". rules { permissions: 'auth.creds.useProdUserEUC' action: ALLOW in: 'user:accounts-admin-frontend@prod.google.com' } # All clients can authenticate as themselves via LOAS, make # "anonymous" requests for public data, or (subject to the # impersonation_policy below) assert another user identity. rules { permissions: 'auth.creds.useLOAS' action: ALLOW in: 'allUsers' } } impersonation_policy { rules { permissions: 'auth.impersonation.impersonateNormalUser' action: ALLOW # Tonic policies granting API_ACCOUNTS or LOAS-authenticated # clients who are authorized requesters under such a policy. in: 'mdb:tonic-scope-api-accounts' # This privileged client makes requests on the authority of # arbitrary users without providing creds for them. in: 'user:accounts-scheduled-task-executor@prod.google.com' } } } # Application uses Authorization::Check() to check for privileged # system-level access under the system_authorization_policy below. authorization_mode: MANUAL_IAM } # Calls to any methods not listed above are rejected. system_authorization_policy { # Generate audit logs for access by humans. rules { permissions: '*' action: LOG conditions { iam: ATTRIBUTION op: IN values: 'mdb:all-person-users' } log_config { data_access {} } } # System-level (privileged) access. rules { permissions: 'accounts.read' permissions: 'accounts.write' action: ALLOW in: 'mdb:accounts-sre' in: 'user:accounts-wipeout@prod.google.com' # Permits access using SuperDATs with scope API_ACCOUNTS. in: 'mdb:tonic-scope-api-accounts' } } Example: Legacy service with opaque (non-IAM), custom authorization checks. mapping { rpc_method: '/Doodads.*' authentication_policy { creds_policy { # Frontend passes GaiaMints. rules { in: 'accounts-frontend@prod.google.com' permission: 'auth.creds.useNormalUserEUC' action: ALLOW } # All clients can authenticate as themselves via LOAS. rules { permissions: 'auth.creds.useLOAS' action: ALLOW in: 'allUsers' } } } # Application uses custom code to check authorization against user() # in the SecurityContext. This field may contain an external Gaia # user (e.g., in the NORMAL_USER_CREDS case) or an @prod.google.com # Gaia user (in the LOAS-authenticated or PROD_USER_CREDS case). authorization_mode: MANUAL_LEGACY } # Calls to any methods not listed above are rejected. |
|---|
| items | | $ref | RpcSecurityPolicyMapping |
|---|
|
|---|
| type | array |
|---|
|
|---|
| methodPolicies | | description | Per-method API policies. There’s exactly one MethodPolicy generated for each method. Each MethodPolicy contains policy configs applicable to the method, including Cloud IAM policy, OrgPolicy, Cloud Audit Logging and Gin Logging. API policies defined here are enforced in addition to any matching RpcSecurityPolicyMapping. See go/cpe-integration-overview for integration guide. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| policyRequirement | | $ref | PolicyRequirement |
|---|
| description | Asserted policy requirement. This assertion is manually provided by policy producer and may be checked by presubmit checks or at process startup. When it is missing, startup enforcement checkpoint will be bypassed. |
|---|
|
|---|
| rpcServices | | description | RPC services referenced in the policy. If present, every RPC method listed in an EndpointPolicy or RpcSecurityPolicyMapping must correspond to a declared service. DO NOT USE - Implementation in progress (b/220755905). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| systemAuthorizationPolicy | | $ref | Policy |
|---|
| description | Authorization policy granting broad ("system-level"), privileged access to selected internal users and groups. This policy will be consulted when checking 'permission_to_check' in AUTOMATIC_IAM authorization mode, and can also be used for custom authorization checks from application code (e.g., using LocalAuthorization::CheckMappedPermission()). See go/rpcsp/setup-guide.md#authz-policy. |
|---|
|
|---|
| trustEsfAuthentication | | description | If true, trust the authentication information supplied by ESF (go/esf) in deprecated ESF authentication modes, bypassing local authentication based on authentication_policy. This applies only to requests that ESF has authenticated and forwarded authentication results to the backend. Other requests, for example direct Stubby calls and calls forwarded via ESF in the recommended `use_rpc_security_policy: DELEGATED` mode, will still be subject to the authentication_policy check. DO NOT USE -- see http://go/api-auth#rpcsp for current guidance. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RpcSecurityPolicyMapping | | description | Mapping from RPC method names to policies applying to those methods. The following four fields determine how the RpcSP compiler processes the policy configuration during compilation time for the given RpcSecurityPolicyMapping. The fields can only be used in policies in the Central Repo. See go/rpcsp2-policy-checks-and-rewrites. |
|---|
| id | RpcSecurityPolicyMapping |
|---|
| properties | | action | | description | Similar to rpc_method, but allows for a free-form action name. The action name must match [*.a-zA-Z0-9_-]+ This is used in Apps Framework where there is a different abstraction around method handling and we want to represent that directly in policy. Wildcards are supported in this field, either global or at the end of the action following a period (i.e., "*" and "foo.bar.*" are okay, but not "foo.b*" or "foo.*.bar"). The more specific match takes precedence (e.g. "foo.bar.baz", then "foo.bar.*", then "foo.*", and finally "*"). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| admin | | $ref | AdminPolicy |
|---|
| description | Administrative access configuration for endpoints in this mapping. This policy controls behavior of the AAC Platform, which also requires including an appropriate DENY rule in every relevant `impersonation_policy` and `system_authorization_policy`. See go/aac-platform-integration for more information, including which languages and frameworks allow use of this feature. |
|---|
|
|---|
| authenticationPolicy | | $ref | AuthenticationPolicy |
|---|
| description | REQUIRED. Specifies authentication requirements for the above actions. |
|---|
|
|---|
| authorizationMethod | | description | Any authorization checks that the application might perform to authorize the request. Generally, the service should reject a request unless at least one of these checks receives an 'allow' response. This field should include both coarse- and fine-grained authorization checks that might be made. For example, if a service might perform: - a local IAM check against a system authorization policy, OR - if the IAM check fails, some application-specific fine-grained check, then the policy would include both LocalIam and Custom methods. This would be expressed as: mapping { rpc_method: '/Foo.Bar' authentication_policy { ... } authorization_mode: MANUAL authorization_method { local_iam {} } authorization_method { custom {} } } This field does not enforce that these checks are made, but enables monitoring of whether the service is performing these checks correctly. Receiving an 'allow' response from at least one of the listed fine-grained authorization checks generally fulfills a service's authorization obligation. NOTE: this field must be included if and only if the authorization_mode is MANUAL. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| authorizationMode | | description | If the authorization mode is MANUAL, then at least one authorization_method must be listed. |
|---|
| enum | - AUTHORIZATION_MODE_UNKNOWN
- AUTOMATIC_IAM
- MANUAL_IAM
- MANUAL_LEGACY
- CLOUD_POLICY_ENFORCEMENT
- MANUAL
|
|---|
| enumDescriptions | - Do not use.
- The mode instructs the Stubby RPC framework to perform an authorization check against Local IAM before the application even sees the request. As such it is a suitable, though more flexible, replacement for LabelACL. Audit logging is supported in this mode through Autogin (go/autogin) and you must configure this if your application would receive requests that trigger Gin logging. The particular authorization check is determined by RpcSecurityPolicyMapping with |permission_to_check| set. The request is rejected unless the authenticated user has the required permission in the system authorization policy. After authorization, the application request handler will see a validated SecurityContext in which user() is the authenticated user and peer() is not available (except for logging purposes, via GetLoggableProto()). It is acceptable to perform additional authorization checks (using either IAM policy or custom logic) for finer-grained access control. This mode ensures that: 1) Only the correct identity is used in authorization. 2) We do not forget to do an authorization check. 3) We can capture the system-level authorization policy for analysis.
- This mode represents a promise by the application to perform an IAM-based authorization check, specifically using LocalAuthorization::Check or CloudAuthorization::CloudCheck (or the equivalents in other languages). Framework code may verify that the promise is honored; failure to do so is generally a security hole and you may be nagged by security and privacy teams. It is acceptable to reject a request (for example for rate limiting) without doing the authorization check. The authorization checks performed by the application can use the 'system_authorization_policy' from RpcSecurityPolicy (if that is more convenient) or one loaded by the application. Authorization checks should use the identity in user() (which will be the user specified in EUC, or the LOAS peer if no EUC are present). It is acceptable to perform additional authorization checks (whether they use IAM or not) after the initial one. For example, you might perform the coarse-grained (service-wide) authorization check covering things like batch jobs and SRE access using the IAM language, but do per-object checks using Zanzibar or another system e.g. to grant access to specific objects if denied by the service-wide authorization policy. This mode ensures that: 1) Only the correct identity is used in authorization. 2) We have a reasonable chance of detecting a missed authorization check. 3) If authorization is done, we do not forget to write an audit log when necessary. 4) We can capture the system-level authorization policy for analysis.
- In this mode, the application is trusted to do authorization checks using some custom scheme. This mode does not expose the system-level authorization policy for analysis, nor does it ensure that authorization and logging policies are enforced, so the AUTOMATIC_IAM and MANUAL_IAM modes are preferred. Over time, we hope to reduce or eliminate use of MANUAL_LEGACY mode. The application will see a validated SecurityContext immediately upon processing the RPC. It is up to the application to perform a suitable authorization check and write any audit logs.
- This mode is for Cloud Policy Enforcement (go/cloud-policy-enforcement). It indicates that the framework (AppsFramework, Scaffolding, or ESF) will decide how to perform Cloud IAM and Org Policy authorization checks (or no authorization check) based on 'method_policies' from the RpcSecurityPolicy and proto annotations. Contact cloud-policy-enforcement@ if interested in using this mode.
- This mode indicates that the service will perform some manual authorization checks, but does not specify the form of those checks. If you use this mode you must define the authorization methods that you intend to use, via the AuthorizationMethod field in RpcSecurityPolicy.
|
|---|
| type | string |
|---|
|
|---|
| credsAssertion | | description | Specifies set of assertions that may be applied to a credential origin as a condition in an authentication rule. See go/rpcsp-reference-guide#RpcSecurityPolicyMapping.creds_assertions for more information and usage examples. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| crossProductSharing | | $ref | CrossProductSharing |
|---|
| description | EXPERIMENTAL -- DO NOT USE Enables constraints on sharing of user data across products (see go/rpcsp-dma52). |
|---|
|
|---|
| crossProductSharingDryRun | | $ref | CrossProductSharing |
|---|
| description | EXPERIMENTAL -- DO NOT USE Checks but does *not* enforce constraints on sharing of user data across products (see see go/rpcsp-dma52). Results of the check are exposed only via metrics and/or logging and do not affect serving behavior. This field can be used in conjunction with cross_product_sharing to dry-run a change to the policy configuration. |
|---|
|
|---|
| dataGovernanceAnnotations | | $ref | PrivacyDataGovernanceAttributesAnnotations |
|---|
| description | Semantic attributes of the data accessed by the endpoints in this mapping. See go/dg-annotations for details. |
|---|
|
|---|
| disableChecks | | description | Checks that are disabled in the RpcSP compiler |
|---|
| items | | enum | - CHECK_UNSPECIFIED
- CHECK_DENY_EUC_PRESENTER_ADMIN
- CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- CHECK_NO_RPC_SERVICES_FIELD
- CHECK_LANGUAGE_SUPPORT
- CHECK_EXCLUDE_INSECURE_USERS_CONDITION
- CHECK_ADMIN_ACCESS_CONTROLS
- CHECK_CONFLICTING_GIN_LOGGING_BEHAVIORS
- CHECK_NO_HTTP_HANDLERS_FIELD
|
|---|
| enumDescriptions | - This check verifies that the EUC_PRESENTER_ADMIN role isn't used. See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_EUC_PRESENTER_ADMIN
- This check ensures that bindings are used in a way that the ordering of the bindings isn't significant. See go/rpcsp2-policy-checks-and-rewrites#CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- This check verifies that UNPRIVILEGED_USER does not grant access to a. narrow set of users. This role should only be granted to the following: all {}, all_normal_users{}, all_except_anonymous{}, prod_groups: "all", and "prod_groups: "all-person-users". See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- This check prohibits use of the experimental `rpc_services` field.
- This check verifies that a policy does not use unsupported language features. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that the `exclude_insecure_users` condition can only be used to restrict supported users. See go/rpcsp-levels#insecure-roles-list. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that `admin_access_control` is only set on bindings for admin roles. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that all *ADMIN roles for a single endpoint are using the same Gin logging failure behavior. Configuring two *ADMIN bindings where one binding is set to use fail closed Gin logging and the other is set to use fail open Gin logging is equivalent to configuring one binding that is using fail open Gin logging, and is therefore not allowed. This check will be removed once AAC enables fail closed Gin logging for all cases by default, see b/161436949.
- This check prohibits use of the experimental `http_handlers` field.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| disableRewrites | | description | Rewrites that are disabled in the RpcSP compiler |
|---|
| items | | enum | - REWRITE_UNSPECIFIED
- REWRITE_ALLOW_EUC_PRESENTER_SELF
- REWRITE_DENY_EUC_PRESENTER_NON_BCID3_ROLES
- REWRITE_DENY_EUC_PRESENTER_UNTRUSTED_PROXY_ROLES
- REWRITE_DENY_PRIVILEGED_ACCESS_FORGE
- REWRITE_DENY_PRIVILEGED_ACCESS_RPCSTUDIO
- REWRITE_ALLOW_EUC_PRESENTER_RPCSTUDIO
|
|---|
| enumDescriptions | - This rewrite allows calls from `self` (LOAS role of the process) to present EUCs. It covers typical in-process and loopback calls, as well as local ESF for One Platform APIs. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-self
- This rewrite denies calls in which a non-BCID3 role is presenting forwarded EUCs. Instead, those non-BCID3 roles, such as humans and untrusted roles, are expected to use LOAS-based credentials only. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-non-bcid3-roles
- This rewrite denies calls in which a untrusted proxy is presenting forwarded EUCs. The untrusted proxies include `untrusted-http-proxy` and `unauthenticated-esf-proxy` LOAS peer roles. These roles are "fake" LOAS peers, which indicate that the call was actually made over an unauthenticated channel. Per go/forwardable-creds, EUCs should only be presented over authenticated channels. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-untrusted-proxy-roles
- This rewrite denies system access for Forge test roles. If you want to send RPCs from Forge, use a TEST policy. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-forge
- This rewrite denies system access from the rpcStudio role (i.e., the `rpcstudio-client-initiated-rpc` role). The rpcStudio never makes requests on its own authority, so this rewrite will not interfere with any use of rpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-rpcstudio
- This rewrite allows the RpcStudio role to present EUCs. This rewrite is never enabled by default, and should only be manually enabled if you understand its effects, and intend to use RpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-rpcstudio
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| enableChecks | | description | Checks that are enabled in the RpcSP compiler |
|---|
| items | | enum | - CHECK_UNSPECIFIED
- CHECK_DENY_EUC_PRESENTER_ADMIN
- CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- CHECK_NO_RPC_SERVICES_FIELD
- CHECK_LANGUAGE_SUPPORT
- CHECK_EXCLUDE_INSECURE_USERS_CONDITION
- CHECK_ADMIN_ACCESS_CONTROLS
- CHECK_CONFLICTING_GIN_LOGGING_BEHAVIORS
- CHECK_NO_HTTP_HANDLERS_FIELD
|
|---|
| enumDescriptions | - This check verifies that the EUC_PRESENTER_ADMIN role isn't used. See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_EUC_PRESENTER_ADMIN
- This check ensures that bindings are used in a way that the ordering of the bindings isn't significant. See go/rpcsp2-policy-checks-and-rewrites#CHECK_REQUIRE_ORDER_INDEPENDENT_BINDINGS
- This check verifies that UNPRIVILEGED_USER does not grant access to a. narrow set of users. This role should only be granted to the following: all {}, all_normal_users{}, all_except_anonymous{}, prod_groups: "all", and "prod_groups: "all-person-users". See go/rpcsp2-policy-checks-and-rewrites#CHECK_DENY_UNPRIVILEGED_USER_NARROW_BINDING
- This check prohibits use of the experimental `rpc_services` field.
- This check verifies that a policy does not use unsupported language features. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that the `exclude_insecure_users` condition can only be used to restrict supported users. See go/rpcsp-levels#insecure-roles-list. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that `admin_access_control` is only set on bindings for admin roles. This is an internal compiler feature and cannot be disabled by users.
- This check ensures that all *ADMIN roles for a single endpoint are using the same Gin logging failure behavior. Configuring two *ADMIN bindings where one binding is set to use fail closed Gin logging and the other is set to use fail open Gin logging is equivalent to configuring one binding that is using fail open Gin logging, and is therefore not allowed. This check will be removed once AAC enables fail closed Gin logging for all cases by default, see b/161436949.
- This check prohibits use of the experimental `http_handlers` field.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| enableRewrites | | description | Rewrites that are enabled in the RpcSP compiler |
|---|
| items | | enum | - REWRITE_UNSPECIFIED
- REWRITE_ALLOW_EUC_PRESENTER_SELF
- REWRITE_DENY_EUC_PRESENTER_NON_BCID3_ROLES
- REWRITE_DENY_EUC_PRESENTER_UNTRUSTED_PROXY_ROLES
- REWRITE_DENY_PRIVILEGED_ACCESS_FORGE
- REWRITE_DENY_PRIVILEGED_ACCESS_RPCSTUDIO
- REWRITE_ALLOW_EUC_PRESENTER_RPCSTUDIO
|
|---|
| enumDescriptions | - This rewrite allows calls from `self` (LOAS role of the process) to present EUCs. It covers typical in-process and loopback calls, as well as local ESF for One Platform APIs. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-self
- This rewrite denies calls in which a non-BCID3 role is presenting forwarded EUCs. Instead, those non-BCID3 roles, such as humans and untrusted roles, are expected to use LOAS-based credentials only. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-non-bcid3-roles
- This rewrite denies calls in which a untrusted proxy is presenting forwarded EUCs. The untrusted proxies include `untrusted-http-proxy` and `unauthenticated-esf-proxy` LOAS peer roles. These roles are "fake" LOAS peers, which indicate that the call was actually made over an unauthenticated channel. Per go/forwardable-creds, EUCs should only be presented over authenticated channels. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-euc-presenter-untrusted-proxy-roles
- This rewrite denies system access for Forge test roles. If you want to send RPCs from Forge, use a TEST policy. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-forge
- This rewrite denies system access from the rpcStudio role (i.e., the `rpcstudio-client-initiated-rpc` role). The rpcStudio never makes requests on its own authority, so this rewrite will not interfere with any use of rpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-deny-privileged-access-rpcstudio
- This rewrite allows the RpcStudio role to present EUCs. This rewrite is never enabled by default, and should only be manually enabled if you understand its effects, and intend to use RpcStudio. See go/rpcsp2-policy-checks-and-rewrites#rewrite-allow-euc-presenter-rpcstudio
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
| esfConfig | | $ref | EsfConfig |
|---|
| description | Configures options determining interactions between ESF and the server backend when CPE v2 is used. This is only allowed in mappings where RpcSecurityPolicyMapping.authorization_mode is CLOUD_POLICY_ENFORCEMENT. |
|---|
|
|---|
| httpPath | | description | DO NOT ADD NEW USAGES OF THIS FIELD. This field was introduced for experimental HTTP enforcement support in C++ and will soon be deprecated in favor of RpcSP label enforcement. Please refer to b/124385355 for the status of releasing the new feature. Names an HTTP path for experimental support of RpcSecurityPolicy enforcement on HTTP handlers. The HTTP path must begin with "/", have no empty URL segments, and contain only characters in [a-zA-Z0-9_-./], with no trailing "/". Specifying this field implicitly includes all descendant paths, with the more specific matches taking precedence. For example, a request for "/foo/bar/baz" will match a mapping for "/foo/bar/baz", then "/foo/bar", then "/foo". Mappings specifying http_path may only specify AUTOMATIC_IAM. Global wildcard (specified by either "*" or "/") is not supported. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| label | | description | Specifies a security label for which these policies should be enforced. The currently supported values are those defined by LabelAcl, and a special value for HTTP endpoints that have no assigned label: * admin * read * modify * monitoring * debugging * unlabeled-http (* not from LabelAcl) In PROD/TEST environments (configured via --rpc_security_policy_env), all labels listed above must be mapped when HTTP enforcement is enabled. For requests to endpoints associated with a label, mappings setting the endpoint-specific field (e.g. 'http_path' or 'rpc_method') will take precedence. Mappings specifying label may only specify AUTOMATIC_IAM. This feature is intended to supersede LabelACL. For more information on migrating from LabelACL to RPCSP labels, see go/rpcsp-common-http-handlers. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| methodQualifier | | $ref | MethodQualifier |
|---|
| description | Qualifiers that further restrict which requests the current RpcSecurityPolicyMapping applies to. Must only be used with `rpc_method` (not `http_path`, `action` or `label`). |
|---|
|
|---|
| permissionToCheck | | description | An IAM permission that should be checked in the system authorization policy (see the 'system_authorization_policy' field in RpcSecurityPolicy) before processing the request. In AUTOMATIC_IAM mode, the authenticated user must have this permission, or the request is automatically rejected. In MANUAL_IAM mode, the application should check this permission (e.g., using LocalAuthorization::CheckMappedPermission() in google3/security/authorization/iam/local_authorization.h). For applications that do not have fine-grained (e.g., object-level) authorization checks, checking this permission may constitute the entire authorization check: if the permission check fails, the request should fail as well. An example of this might be an Admin API on a service, which is intrinsically privileged and only allows (say) SRE access. Applications which do have fine-grained checks should check this permission first to see if the caller has broad privilege and thus can bypass the fine-grained check. However, if this coarse check fails, the request should not automatically fail but instead fall back to the fine-grained check. An example of this might be an API that serves individual end-user-owned objects; the permission here would cover just administrative access by Googlers and batch jobs, but requests from end users would fall through to the application's fine-grained check. |
|---|
| type | string |
|---|
|
|---|
| rpcMethod | | description | Full stubby or gRPC method names for which these policies should be enforced. Should follow the convention laid out in RpcServerContext.getFullMethodName(), e.g., "/MyService.MyMethod" (for most Stubby servers) or "/package.MyService/MyMethod" (for gRPC servers and Stubby servers with fully-qualified service names enabled). A given method must not appear more than once anywhere under the enclosing RpcSecurityPolicy. You may specify "/MyService.*" or "/package.MyService/*", as appropriate, to match all methods in a service that haven't been explicitly listed anywhere under the enclosing RpcSecurityPolicy, with the more specific match always taking precedence. Only one mapping is applied per request, meaning that if the matched mapping results in a rejection, it will never fall back to another mapping. Global wildcards, e.g. "*", are allowed under some conditions. If used, no other rpc_methods may be included in the same mapping. Policies with global wildcards are not valid by default -- you must explicitly opt-in to this behavior. The more specific match takes precedence (e.g., /Service.Method, then /Service.*, and finally *). C++: int main(...) { // Must be called before InitGoogle. CHECK_OK(security::context::EnableGlobalRpcMethodWildcard()); InitGoogle(...); ... } Go: Call rpcpolicy.EnableGlobalRPCMethodWildcard() before google.Init(). The RPC policy is default-DENY: if an RPC method does not match any mapping, all requests for that method are rejected. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RpcService | | description | An RPC service covered by the policy. |
|---|
| id | RpcService |
|---|
| properties | | name | | description | Fully qualified service name (e.g., "tech.spanner.QueuePushReceiver"). REQUIRED. |
|---|
| type | string |
|---|
|
|---|
| renamedAs | | description | Optional different, unqualified name the service is exported under (e.g., via Stubby `ExportServiceUnderName`), and which is used in the `rpc_methods` policy field to refer to the service. If omitted, "tech.spanner.QueuePushReceiver" is assumed to be exported as "QueuePushReceiver". Example: rpc_services { name: "tech.spanner.QueuePushReceiver" renamed_as: "WidgetQueuePushReceiver" } ... endpoint_policies { rpc_methods: "/WidgetQueuePushReceiver.ProcessMessages" ... } See go/stubby-service-renaming. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| RubySettings | | description | Settings for Ruby client libraries. |
|---|
| id | RubySettings |
|---|
| properties | | common | | $ref | CommonLanguageSettings |
|---|
| description | Some settings. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Rule | | description | A rule to be applied in a Policy. |
|---|
| id | Rule |
|---|
| properties | | action | | description | Required |
|---|
| enum | - NO_ACTION
- ALLOW
- ALLOW_WITH_LOG
- DENY
- DENY_WITH_LOG
- LOG
|
|---|
| enumDescriptions | - Default no action.
- Matching 'Entries' grant access.
- Matching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- Matching 'Entries' deny access.
- Matching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- Matching 'Entries' tell IAM.Check callers to generate logs.
|
|---|
| type | string |
|---|
|
|---|
| conditions | | description | Additional restrictions that must be met. All conditions must pass for the rule to match. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| description | | description | Human-readable description of the rule. |
|---|
| type | string |
|---|
|
|---|
| in | | description | If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| logConfig | | description | The config returned to callers of CheckPolicy for any entries that match the LOG action. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| notIn | | description | If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| permissions | | description | A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SearchTenancyUnitsResponse | | description | Response for the search query. |
|---|
| id | SearchTenancyUnitsResponse |
|---|
| properties | | nextPageToken | | description | Pagination token for large results. |
|---|
| type | string |
|---|
|
|---|
| tenancyUnits | | description | Tenancy Units matching the request. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Service | | description | `Service` is the root object of Google API service configuration (service config). It describes the basic information about a logical service, such as the service name and the user-facing title, and delegates other aspects to sub-sections. Each sub-section is either a proto message or a repeated proto message that configures a specific aspect, such as auth. For more information, see each proto message definition. Example: type: google.api.Service name: calendar.googleapis.com title: Google Calendar API apis: - name: google.calendar.v3.Calendar visibility: rules: - selector: "google.calendar.v3.*" restriction: PREVIEW backend: rules: - selector: "google.calendar.v3.*" address: calendar.example.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth |
|---|
| id | Service |
|---|
| properties | | analytics | | $ref | Analytics |
|---|
| description | Analytics configuration. |
|---|
|
|---|
| apis | | description | A list of API interfaces exported by this service. Only the `name` field of the google.protobuf.Api needs to be provided by the configuration author, as the remaining fields will be derived from the IDL during the normalization process. It is an error to specify an API interface here which cannot be resolved against the associated IDL files. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| auditing | | $ref | Auditing |
|---|
| description | Auditing configuration of the service. |
|---|
|
|---|
| authentication | | $ref | Authentication |
|---|
| description | Auth configuration. |
|---|
|
|---|
| backend | | $ref | Backend |
|---|
| description | API backend configuration. |
|---|
|
|---|
| billing | | $ref | Billing |
|---|
| description | Billing configuration. |
|---|
|
|---|
| census | | $ref | Census |
|---|
| description | Defines go/census related configurations. CURRENTLY UNDER DEVELOPMENT. Do not use until this message is removed. |
|---|
|
|---|
| configVersion | | description | Obsolete. Do not use. This field has no semantic meaning. The service config compiler always sets this field to `3`. |
|---|
| format | uint32 |
|---|
| type | integer |
|---|
|
|---|
| context | | $ref | Context |
|---|
| description | Context configuration. |
|---|
|
|---|
| control | | $ref | Control |
|---|
| description | Configuration for the service control plane. |
|---|
|
|---|
| customError | | $ref | CustomError |
|---|
| description | Custom error configuration. |
|---|
|
|---|
| derivedData | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| description | Service attributes derived by the configuration toolchain, for use at runtime. Type is defined in `//google/internal/api/derived_service.proto`. |
|---|
| type | object |
|---|
|
|---|
| discovery | | $ref | Discovery |
|---|
| description | Specifies which discovery options the API service supports. |
|---|
|
|---|
| documentation | | $ref | Documentation |
|---|
| description | Additional API documentation. |
|---|
|
|---|
| endpoints | | description | Configuration for network endpoints. If this is empty, then an endpoint with the same name as the service is automatically generated to service all defined APIs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| enums | | description | A list of all enum types included in this API service. Enums referenced directly or indirectly by the `apis` are automatically included. Enums which are not referenced but shall be included should be listed here by name by the configuration author. Example: enums: - name: google.someapi.v1.SomeEnum |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| experimental | | $ref | Experimental |
|---|
| description | Experimental configuration. |
|---|
|
|---|
| features | | description | A list of features enabled on this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| filtering | | $ref | Filtering |
|---|
| description | ESF request/response filtering configuration. |
|---|
|
|---|
| http | | $ref | Http |
|---|
| description | HTTP configuration. |
|---|
|
|---|
| iam | | $ref | Iam |
|---|
| description | IAM configurations for go/cloud-policy-enforcement. |
|---|
|
|---|
| id | | description | A unique ID for a specific instance of this message, typically assigned by the client for tracking purpose. Must be no longer than 63 characters and only lower case letters, digits, '.', '_' and '-' are allowed. If empty, the server may choose to generate one instead. |
|---|
| type | string |
|---|
|
|---|
| indexedResources | | $ref | IndexedResource |
|---|
| description | Resources to be indexed. |
|---|
|
|---|
| labels | | description | Label declarations of the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| legacy | | $ref | Legacy |
|---|
| description | Legacy configuration. |
|---|
|
|---|
| logging | | $ref | Logging |
|---|
| description | Logging configuration. |
|---|
|
|---|
| logs | | description | Defines the logs used by this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| metrics | | description | Defines the metrics used by this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| migration | | $ref | Migration |
|---|
| description | Migration configuration for Apiary APIs. |
|---|
|
|---|
| monitoredResources | | description | Defines the monitored resources used by this service. This is required by the Service.monitoring and Service.logging configurations. |
|---|
| items | | $ref | MonitoredResourceDescriptor |
|---|
|
|---|
| type | array |
|---|
|
|---|
| monitoring | | $ref | Monitoring |
|---|
| description | Monitoring configuration. |
|---|
|
|---|
| name | | description | The service name, which is a DNS-like logical identifier for the service, such as `calendar.googleapis.com`. The service name typically goes through DNS verification to make sure the owner of the service also owns the DNS name. |
|---|
| type | string |
|---|
|
|---|
| operations | | $ref | Operations |
|---|
| description | Unimplemented. Do not use. Information about operations such as LRO response type etc. |
|---|
|
|---|
| producerProjectId | | description | The Google project that owns this service. |
|---|
| type | string |
|---|
|
|---|
| projectProperties | | $ref | ProjectProperties |
|---|
| description | Configuration of per-consumer project properties. |
|---|
|
|---|
| publishing | | $ref | Publishing |
|---|
| description | Settings for [Google Cloud Client libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) generated from APIs defined as protocol buffers. |
|---|
|
|---|
| quota | | $ref | Quota |
|---|
| description | Quota configuration. |
|---|
|
|---|
| resourceContainer | | $ref | ResourceContainer |
|---|
| description | Resource container configuration of the service. Deprecated: For new usage, please use go/cloud-resource-annotations. The existing usage will be in maintenance mode. |
|---|
|
|---|
| resources | | description | Resources managed by this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rpcSecurityPolicy | | $ref | RpcSecurityPolicy |
|---|
| description | This section is ready for integration of following features: (1) Secure GCP API (go/resource-container-guide) (2) Resource Project Override (go/resource-project-override-ug) (3) Cloud Policy Enforcement (go/cpe-sig) See go/cloud-policy-op-config for overall design. |
|---|
|
|---|
| sharing | | description | Defines the entities in this config that are shared with other services. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| slo | | $ref | Slo |
|---|
| description | Configuration of the service level objectives (SLOs). |
|---|
|
|---|
| sourceInfo | | $ref | SourceInfo |
|---|
| description | Output only. The source information for this configuration if available. |
|---|
|
|---|
| supportedLocation | | $ref | SupportedLocation |
|---|
| description | Defines the locations this service supports or uses in regional configuration. A service may have a subset of physical deployments from logically supported regions, for example, a service might support multi-regions, but there is no physical deployment to the multi-regions. For such case, this config should be specified as the logically supported regions. Note, one location can only be specified once in the list. |
|---|
|
|---|
| systemParameters | | $ref | SystemParameters |
|---|
| description | System parameter configuration. |
|---|
|
|---|
| systemTypes | | description | A list of all proto message types included in this API service. It serves similar purpose as [google.api.Service.types], except that these types are not needed by user-defined APIs. Therefore, they will not show up in the generated discovery doc. This field should only be used to define system APIs in ESF. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| title | | description | The product title for this service, it is the name displayed in Google Cloud Console. |
|---|
| type | string |
|---|
|
|---|
| types | | description | A list of all proto message types included in this API service. Types referenced directly or indirectly by the `apis` are automatically included. Messages which are not referenced but shall be included, such as types used by the `google.protobuf.Any` type, should be listed here by name by the configuration author. Example: types: - name: google.protobuf.Int32 |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| urlMaps | | description | Configuration of URL maps. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| usage | | $ref | Usage |
|---|
| description | Configuration controlling usage of this service. |
|---|
|
|---|
| visibility | | $ref | Visibility |
|---|
| description | API visibility configuration. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceAccountConfig | | description | Describes the service account configuration for the tenant project. |
|---|
| id | ServiceAccountConfig |
|---|
| properties | | accountId | | description | ID of the IAM service account to be created in tenant project. The email format of the service account is "@.iam.gserviceaccount.com". This account ID must be unique within tenant project and service producers have to guarantee it. The ID must be 6-30 characters long, and match the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])`. |
|---|
| type | string |
|---|
|
|---|
| tenantProjectRoles | | description | Roles for the associated service account for the tenant project. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceControlAcl | | description | Configuration of authorization check. |
|---|
| id | ServiceControlAcl |
|---|
| properties | | labelKey | | description | The label value of the resource that is also used during ACL check. |
|---|
| type | string |
|---|
|
|---|
| model | | description | ACL model that should be applied to a resource. |
|---|
| enum | |
|---|
| enumDescriptions | - The caller has to have "writer" permission from the developer console project that owns the resource. One can use the developer console to check or provision this permission.
- The caller has to have "writer" permission in the Service Control API namespace at the resource type level for owner project. For example, if a caller has permission for updating log resource in a project, then any named log collection from the project can be updated.
- No ACL check for this resource. This is only used by trusted Google services for which the authorization of the caller is sufficient and there is no need to enforce per-resource access control.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceControlConfig | | description | Configuration for services that use the Service Control API. In the following library example, we sent metrics to quota backend and analystics. service_control: destinations: - type: QUOTA owner: CONSUMER_PROJECT acl: model: EXPLICIT metric_names: - library.googleapis.com/borrowed_count - library.googleapis.com/returned_count - library.googleapis.com/overdue_book_days analytics: destinations: - monitored_resource: library.googleapis.com/branch metrics: - library.googleapis.com/book/returned_count - library.googleapis.com/book/overdue_count |
|---|
| id | ServiceControlConfig |
|---|
| properties | | analytics | | $ref | AnalyticsConfig |
|---|
| description | Analytics configuration of the service. DEPRECATED since 2016-11-04; Use top-level analytics section instead. |
|---|
|
|---|
| destinations | | description | Configuration of destinations to send metric values and log entries to. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceDescriptorProto | | description | Describes a service. |
|---|
| id | ServiceDescriptorProto |
|---|
| properties | | method | | items | | $ref | MethodDescriptorProto |
|---|
|
|---|
| type | array |
|---|
|
|---|
| name | |
|---|
| options | |
|---|
| stream | | description | BEGIN GOOGLE-INTERNAL END GOOGLE-INTERNAL |
|---|
| items | | $ref | StreamDescriptorProto |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceIdentity | | description | The per-product per-project service identity for a service. Use this field to configure per-product per-project service identity. Example of a service identity configuration. usage: service_identity: - service_account_parent: "projects/123456789" display_name: "Cloud XXX Service Agent" description: "Used as the identity of Cloud XXX to access resources" |
|---|
| id | ServiceIdentity |
|---|
| properties | | description | | description | Optional. A user-specified opaque description of the service account. Must be less than or equal to 256 UTF-8 bytes. |
|---|
| type | string |
|---|
|
|---|
| displayName | | description | Optional. A user-specified name for the service account. Must be less than or equal to 100 UTF-8 bytes. |
|---|
| type | string |
|---|
|
|---|
| serviceAccountParent | | description | A service account project that hosts the service accounts. An example name would be: `projects/123456789` |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceManagementConfig | | description | Configuration for services that are intended to be managed by the Service Management API This section determines how the Service Management API handles the deployment of your service config to the [One Platform Control Plane](http://go/api-control-plane) and [One Platform Service Controller](http://go/chemist). Example: experimental: service_management: deployment_mode: NORMAL |
|---|
| id | ServiceManagementConfig |
|---|
| properties | | buildMode | | description | Indicates which build_mode was used to build this service config from the api_service build rule. This field will be automatically populated by the Inception tool when using the build-time-binding of config id in API Rollout v2. |
|---|
| enum | - BUILD_MODE_UNSPECIFIED
- BUILD_MODE_V1
- BUILD_MODE_V2
|
|---|
| enumDescriptions | - Unspecified.
- API Rollout v1 mode
- API Rollout v2 mode
|
|---|
| type | string |
|---|
|
|---|
| configDestination | | description | If this flag is set to `STAGING`, the managed control plane (in API Rollout v2) or Inception tool prod will automatically create config rollouts in both Inception prod and staging environments. Note that, if this flag is set to `STAGING`, Inception prod server will skip pushing config to infrastructure backends - such as Billing, Stackdriver, and IAM. So in this case only Inception staging will push those aspects of the config. For more details please refer to go/api-staging-deploy. |
|---|
| enum | |
|---|
| enumDescriptions | - UNSPECIFIED.
- The service config is used for backends with default staging endpoint configed in Inception.
|
|---|
| type | string |
|---|
|
|---|
| deploymentMode | | description | Used to specify the deployment mode of the enclosing service config. |
|---|
| enum | |
|---|
| enumDescriptions | - The deployment will go through a canary stage before being applied to the entire Control Plane and Service Controller.
- The deployment will skip the Canary stage.
|
|---|
| type | string |
|---|
|
|---|
| includeLegacyComponents | |
|---|
| prodServiceName | | description | If the service name in the service config is not following go/api-naming for sandbox services, but it needs to reference entities prefixed with the prod service name, this field needs to be set to pass entity naming validations. For example, `localdev-pubsub.sandbox.googleapis.com` needs to reference metric `pubsub.googleapis.com/request_count`. Inception will verify the user who creates such config has servicemanagement.services.update permission on both sandbox and prod services. Please note that the service config with this field being set cannot work in runtime without making Inception push from the canonical entity owner service (for example staging-{apiname}.sanbox.googleapis.com in staging) first. For an end to end working example, please refer to go/api-staging-deploy. |
|---|
| type | string |
|---|
|
|---|
| universeConfig | | $ref | UniverseConfig |
|---|
| description | Config settings related to TPC universe. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| ServiceOptions | | description | BEGIN GOOGLE-INTERNAL The following options are Stubby-specific. They get a blessed position in the proto language for historical reasons. |
|---|
| id | ServiceOptions |
|---|
| properties | | ccDefaultInvocableApi | | description | Switches the stub API generation to use AnyInvocable for the default callback type, rather than Closure. See go/stubby-to-invocable |
|---|
| type | boolean |
|---|
|
|---|
| deprecated | | description | Is this service deprecated? Depending on the target platform, this can emit Deprecated annotations for the service, or it will be completely ignored; in the very least, this is a formalization for deprecating services. |
|---|
| type | boolean |
|---|
|
|---|
| failureDetectionDelay | | description | This flag specifies number of seconds between a server becoming unreachable, and a client detecting that fact. Stubby runs an elaborate health-checking protocol to detect when the other side of the communication is healthy or not. A separate document describes the health check algorithms in more detail. When the server is marked unreachable, the client shuts the TCP socket down and tries to reconnect to the server. In addition, all current and future RPCs with fail_fast set to true (see Timeout and Error Handling section) will fail immediately. The stub's is_reachable() accessor method also returns false. If the server is being actively used, the health checks are piggy-backed on other RPCs, and do not place an extra load on the system. This parameter must be at least 10 times the network round-trip time. (Round-trip times are on the order of a millisecond within the same data center, 100 milliseconds across the US, and 200 milliseconds between Europe and US.) The protocol compiler refuses to accept a value less than 2 seconds for this parameter. If the server becomes unresponsive to network events for long periods of time (for example, if it is single-threaded and is executing a long computation in response to an earlier RPC), the maximum such unresponsive period should be added to the value assigned to this parameter. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| multicastStub | |
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Sharing | | description | Entities defined by this service that can be referenced by other services. By default, a service can only reference entities that it defines. Example: resources: - type: library.googleapis.com/Book plural: books singular: book name_descriptor: - pattern: projects/{project}/books/{book} parent_type: cloudresourcemanager.googleapis.com/Project parent_name_extractor: projects/{project} iam: environment: PROD reader: "user:foouser" writer: "group:foogroup" iam_resources: - type: library.googleapis.com/Book member_type_restriction: ALLOW_ALL_AUTHENTICATED_USERS permissions: - name: library.googleapis.com/books.create display_name: Create description: Create a book type: META_DATA_READ scope: USER_SCOPE launch_stage: GA parent_only: true - name: library.googleapis.com/books.get display_name: Get description: Get the details of a book type: DATA_READ scope: USER_SCOPE launch_stage: BETA roles: - name: library.googleapis.com/admin display_name: Library Admin description: Full access to Library API launch_stage: GA permissions: - library.googleapis.com/books.create - library.googleapis.com/books.get sharing: - target_services: - bookstore.googleapis.com - school.googleapis.com resource_types: - library.googleapis.com/Book iam_permissions: - library.googleapis.com/books.get iam_roles: - library.googleapis.com/admin |
|---|
| id | Sharing |
|---|
| properties | | iamPermissions | | description | The list of shared IAM permission names. They must match IAM permissions defined by the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| iamRoles | | description | The list of shared IAM role names. They must match IAM roles defined by the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| resourceTypes | | description | The list of shared resource type names. They must match resource type names defined by the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| targetServices | | description | The list of service names with which the entities are shared. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Slo | | description | A Service Level Objective (SLO) is defined by a Service Level Indicator (SLI), a goal for that SLI, and a time period over which to evaluate compliance with that goal. An SLI identifies an aspect of service health and measures performance of a single API method with respect to this aspect. Performance is the fraction of requests that are successful, for example, "fraction of requests that return without error" or "fraction of requests that return within a given time limit." The SLO is said to be "met" if, over the course of its `period`, its `sli` evaluates the performance to be at least `goal`. The `Slo` introduces a set of SLOs that can be used by each method of the API. The configuration is written as a set of objectives, along with rules assigning those objectives to specific methods. Templates specify the SLI's health criteria as well as the SLO's goal. A given `SloRule` identifies a set of API methods using a `selector` and lists `SloObjective`s to apply to those methods. SLOs are created as the Cartesian product of matching methods and listed `SloObjective`s. Example: slo: # All SLOs on this service are evaluated on a calendar-monthly basis. calendar_period: MONTH objectives: - name: three-nines availability: goal: 0.999 - name: latency-fast-median latency: threshold: seconds: 2 goal: 0.5 - name: latency-fast-tail latency: threshold: seconds: 5 goal: 0.99 - name: latency-slow-median latency: threshold: seconds: 10 goal: 0.5 - name: latency-slow-tail latency: threshold: seconds: 20 goal: 0.99 - name: operation-three-nines operation_availability: goal: 0.999 - name: operation-tolerable-latency operation_latency: threshold: seconds: 1800 // 0.5 hour latency_experience: ANNOYING goal: 0.99 rules: # For the `MoveBook` endpoint, we set three SLOs: two on latency and # one for availability. The SLI and goal parameters come from the # objective above whose name matches. - selector: "google.example.library.v1.MoveBook" objectives: - latency-slow-median - latency-slow-tail - three-nines # "List" commands are expected to be fast, so we use the fast latency # objectives. Suppose the library API has a `ListBooks` method and a # `ListShelves` method. This configuration will induce six SLOs, # requiring each of these methods to meet each of the objectives. - selector: "google.example.library.v1.List*" objectives: - latency-fast-median - latency-fast-tail - three-nines # "Create" commands are allowed to be slower, so we use the slow # latency objectives. We decide to reuse the "three nines" availability # objective. - selector: "google.example.library.v1.Create*" objectives: - latency-slow-median - latency-slow-tail - three-nines # For the Long Running Operation 'MergeShelves' endpoint, we set two # SLOs: one operation availability and one operation latency. - selector: "google.example.library.v1.MergeShelves" objectives: - operation-three-nines - operation-tolerable-latency # Methods with LRO SLOs must specify operation_deadline in the backend # rule. backend: rules: - selector: "google.example.library.v1.MergeShelves" operation_deadline: 200000 |
|---|
| id | Slo |
|---|
| properties | | calendarPeriod | | description | A calendar period, semantically "since the start of the current `calendar_period`". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, and `MONTH` are supported. |
|---|
| enum | - CALENDAR_PERIOD_UNSPECIFIED
- DAY
- WEEK
- FORTNIGHT
- MONTH
- QUARTER
- HALF
- YEAR
|
|---|
| enumDescriptions | - Undefined period, raises an error.
- A day.
- A week. Weeks begin on Monday, following [ISO 8601](https://en.wikipedia.org/wiki/ISO_week_date).
- A fortnight. The first calendar fortnight of the year begins at the start of week 1 according to [ISO 8601](https://en.wikipedia.org/wiki/ISO_week_date).
- A month.
- A quarter. Quarters start on dates 1-Jan, 1-Apr, 1-Jul, and 1-Oct of each year.
- A half-year. Half-years start on dates 1-Jan and 1-Jul.
- A year.
|
|---|
| type | string |
|---|
|
|---|
| metadata | | $ref | SloRepoMetadata |
|---|
| description | Configuration for SLO Repo-only features. If included, all specified SLOs will be registered for SLO Repo reporting. If omitted, SLOs will appear only in Monitoring. |
|---|
|
|---|
| objectives | | description | A library of objectives to be referenced in the SloRule to create instances of SLOs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| reportResourceLocation | | description | ESF can extract the resource location to populate SLI if 1. report_resource_location is set in the service config. 2. The service follows go/resource-container-guide to annotate the resource container field. 3. The service follows go/flexible-resource-names to embed the location into the resource name. Note, this change is only applicable to producer metrics. |
|---|
| type | boolean |
|---|
|
|---|
| rollingPeriod | | description | Rolling period: the period is `rolling_period` long and ends now. `rolling_period` must be an integer multiple of 24 hours. |
|---|
| format | google-duration |
|---|
| type | string |
|---|
|
|---|
| rules | | description | A set of rules which, when interpreted, will create SLOs for the service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SloObjective | | description | Definition for a Service Level Objective, specified in terms of the salient category of service health (availability or latency cutoff) and the desired level of service. When this objective is evaluated in an `SloRule`, it will induce a new SLO for each method that rule's `selector` matches. Example: the following refers to the requirement that 99.9% of requests return within 1.2s. name: "fast-latency" latency: threshold: seconds: 1 # 1s nanos: 200000000 # 200 * 1000 * 1000, 0.2s goal: 0.999 |
|---|
| id | SloObjective |
|---|
| properties | | availability | | $ref | AvailabilityCriteria |
|---|
| description | Availability: does a given request return without error? If `availability` is used, the SLI will be computed based on the `serviceruntime.googleapis.com/api/request_count` metric. The count where the label `response_code_class` is "non-5xx" is used for the count of good requests, while the total count is used for the count of total requests. |
|---|
|
|---|
| goal | | description | The SLO is "met" if, over the evaluation period, the fraction of requests satisfying the SLI criterion is at least `goal`. Example: the following SLO is met if 99.5% of requests succeed. name: available-995 availability: {} goal: 0.995 |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| latency | | $ref | LatencyCriteria |
|---|
| description | Latency: does a given request return before the cutoff? If `latency` is used, the SLI will be computed based on the `serviceruntime.googleapis.com/api/request_latencies` metric. The count where latency is less than `latency.threshold` is used for the count of good requests, while the total count is used for the count of total requests. |
|---|
|
|---|
| locations | | description | The SLO objectives that will be tracked in this location, if the value is specified by referencing to fields inside supported_location, it will be substituted with the actual region ids or zone ids. This is specified only if the slo is specificly for a region or zone. The valid values are any of the following (but not a mix): 1. Comma separated regions, for example, `us-east1, us-west2`. 2. A reference to supported_location regions, `{$supported_location.regions}`. 3 A reference to supported_location zones, `{$supported_location.zones}`. . 4 A reference to a group defined inside supported_location, `{$supported_location.groups.us-regions}`. |
|---|
| type | string |
|---|
|
|---|
| name | | description | Name of the SloObjective. The name must be provided, and it must be unique within the service. The name can only include alphanumeric characters as well as '-'. The maximum length of the limit name is 64 characters. |
|---|
| type | string |
|---|
|
|---|
| operationAvailability | | $ref | OperationAvailabilityCriteria |
|---|
| description | LRO Availability: does a given operation complete within its deadline defined in the backend rule? If `operation_availability` is used, the SLI will be computed based on the `serviceruntime.googleapis.com/api/producer/operation_count` metric. The count for good operations is where the label `grpc_status_code` is non server errors, while the total count is used for the count of total operations. So the availability SLI can be computed as (operation_count where grpc_status_code != server errors) / total operation_count. |
|---|
|
|---|
| operationLatency | | $ref | OperationLatencyCriteria |
|---|
| description | LRO Latency: does a given operation complete before the cutoff regardless of the result status? If `operation_latency` is used, the SLI will be computed based on the `serviceruntime.googleapis.com/api/producer/operation_count_by_latency_experience' metric. The count where latency is less than `operation_latency.threshold` for a "operation_latency.latency_experience" is used for the count of good operations, while the total count is used for the count of total operations for "operation_latency.latency_experience". |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SloRepoMetadata | | description | Additional fields for configuring internal-only configuration around a set of SLOs. |
|---|
| id | SloRepoMetadata |
|---|
| properties | | approveTime | | description | Timestamp of the approval of this SLO. |
|---|
| format | google-datetime |
|---|
| type | string |
|---|
|
|---|
| approvers | | description | List of approver usernames for this SLO. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| emails | | description | A list of email addresses for questions about the SLO. These must be @google.com email addresses. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| enablePerConsumerSli | | description | Enable per consumer SLI in SLO Repository in addition to the per service SLO dashboard in SLO Repository. This is to support go/api-slo-slipp for cloud services. |
|---|
| type | boolean |
|---|
|
|---|
| enableSlomatic | | description | Enable this field will make your service SLO be tracked in go/slomatic. By default, the field is false. |
|---|
| type | boolean |
|---|
|
|---|
| learnmoreUrl | | description | A URL to a document explaining the SLO and its rationale. |
|---|
| type | string |
|---|
|
|---|
| owningGroup | | description | SLO Repo v2 owning group, indicating the prod group that owns the SLO configuration. Optional. See go/slorv2-config#owning-group. Requirements: - It should be a valid production group related to the API. - Format: For a production group name `%group-name.prod`, the corresponding owning_group should be `group-name`. - The user or role pushing the API config must be a member of this group. - It should not be changed once it is set. WARNING: changing this will result in loss of all previously ingested metric data in SLO Repo v2. This field is used in SLO Repo v2 as: - Part of the key that is used to store metric data. - Default subspace alert target used by AutoAlert. See: go/autoalert-routing - The default scope (borg_user) used to view the data in the SLO Repo v2 UI. - The ACL for performing backfill (go/slorv2-backfill) of metric data into SLO Repo v2. - The ACL for SLIs that include fields that are marked as sensitive (applies when enable_per_consumer_sli is set true). |
|---|
| type | string |
|---|
|
|---|
| taxonomyId | | description | DEPRECATED. Use taxonomy_id in legacy.proto instead. A shared identifier provided by Production Taxonomy that associates a Product or Project Group with this config. https://g3doc.corp.google.com/production/insights/taxonomy/g3doc/user/index.md?cl=head NOTE: At this time, we only allow taxonomy IDs of type "teamsproduct". This restriction comes from go/insights-cube, who use taxonomy IDs to SLO data for a product to other sources like OMG. |
|---|
| type | string |
|---|
|
|---|
| teams | | description | A list of teams that are responsible for this SLO. This is a list of production groups, managed by Ganpati or Sphinx, which contain people. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SloRule | | description | Collection of methods for which the same level of service is required. For each method named by the `selector`, each of the listed SLOs will be monitored and evaluated. Example: Each "List" method in the library service has an SLO with parameters from the "fast-latency" objective defined above. selector: "google.example.library.v1.List*" slos: - "fast-latency" |
|---|
| id | SloRule |
|---|
| properties | | name | | description | Human readable name for this rule. Optional. Requirements: - The maximum length of the SLO rule name is 64 characters. - The SLO rule name has to be unique among all SLO rule names that belong to the same SLO aspect. This field is used in SLO Repo v2 as part of the Service Level name. If it is not provided, the selector field will be used as part of the Service Level name. If the value of this field is changed or deleted, the previously ingested metric data in SLO Repo v2 belonging to this SloRule will be soft-deleted. |
|---|
| type | string |
|---|
|
|---|
| objectives | | description | Set of names of `SloObjective`s to apply to all methods matching the `selector`. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SourceCodeInfo | | description | Encapsulates information about the original source file from which a FileDescriptorProto was generated. |
|---|
| id | SourceCodeInfo |
|---|
| properties | | location | | description | A Location identifies a piece of source code in a .proto file which corresponds to a particular definition. This information is intended to be useful to IDEs, code indexers, documentation generators, and similar tools. For example, say we have a file like: message Foo { optional string foo = 1; } Let's look at just the field definition: optional string foo = 1; ^ ^^ ^^ ^ ^^^ a bc de f ghi We have the following locations: span path represents [a,i) [ 4, 0, 2, 0 ] The whole field definition. [a,b) [ 4, 0, 2, 0, 4 ] The label (optional). [c,d) [ 4, 0, 2, 0, 5 ] The type (string). [e,f) [ 4, 0, 2, 0, 1 ] The name (foo). [g,h) [ 4, 0, 2, 0, 3 ] The number (1). Notes: - A location may refer to a repeated field itself (i.e. not to any particular index within it). This is used whenever a set of elements are logically enclosed in a single code segment. For example, an entire extend block (possibly containing multiple extension definitions) will have an outer location whose path refers to the "extensions" repeated field without an index. - Multiple locations may have the same path. This happens when a single logical declaration is spread out across multiple places. The most obvious example is the "extend" block again -- there may be multiple extend blocks in the same scope, each of which will have the same path. - A location's span is not always a subset of its parent's span. For example, the "extendee" of an extension declaration appears at the beginning of the "extend" block and is shared by all extensions within the block. - Just because a location's span is a subset of some other location's span does not mean that it is a descendant. For example, a "group" defines both a type and a field in a single declaration. Thus, the locations corresponding to the type and field and their components will overlap. - Code which tries to interpret locations should probably be designed to ignore those that it doesn't understand, as more types of locations could be recorded in the future. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SourceContext | | description | `SourceContext` represents information about the source of a protobuf element, like the file in which it is defined. |
|---|
| id | SourceContext |
|---|
| properties | | fileName | | description | The path-qualified name of the .proto file that contained the associated protobuf element. For example: `"google/protobuf/source_context.proto"`. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SourceInfo | | description | Source information used to create a Service Config |
|---|
| id | SourceInfo |
|---|
| properties | | sourceFiles | | description | All files used during config generation. |
|---|
| items | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| type | object |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Status | | description | The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). |
|---|
| id | Status |
|---|
| properties | | code | | description | The status code, which should be an enum value of google.rpc.Code. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| details | | description | A list of messages that carry the error details. There is a common set of message types for APIs to use. |
|---|
| items | | additionalProperties | | description | Properties of the object. Contains field @type with type URL. |
|---|
| type | any |
|---|
|
|---|
| type | object |
|---|
|
|---|
| type | array |
|---|
|
|---|
| message | | description | A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| StreamDescriptorProto | | description | BEGIN GOOGLE-INTERNAL Describes a stream of a service. Streams aren't supported in the open-source release. |
|---|
| id | StreamDescriptorProto |
|---|
| properties | | clientMessageType | | description | Client and server outgoing message types. These are resolved in the same way as FieldDescriptorProto.type_name, but must refer to a message type. |
|---|
| type | string |
|---|
|
|---|
| name | |
|---|
| options | |
|---|
| serverMessageType | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| StreamOptions | | description | BEGIN GOOGLE-INTERNAL Streams aren't supported in the open-source release. |
|---|
| id | StreamOptions |
|---|
| properties | | clientInitialTokens | | description | Client-side and server-side initial token count, used in bidirectional streaming. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| clientLogging | |
|---|
| deadline | |
|---|
| deprecated | | description | Is this stream deprecated? Depending on the target platform, this can emit Deprecated annotations for the stream, or it will be completely ignored; in the very least, this is a formalization for deprecating streams. |
|---|
| type | boolean |
|---|
|
|---|
| endUserCredsRequested | | description | DEPRECATED. This option is deprecated, and will be deleted once it is removed from existing Stubby service definitions, as per http://go/rpc-authority-migration-lsc |
|---|
| type | boolean |
|---|
|
|---|
| failFast | |
|---|
| logLevel | | enum | - LOG_NONE
- LOG_HEADER_ONLY
- LOG_HEADER_AND_NON_PRIVATE_PAYLOAD_INTERNAL
- LOG_HEADER_AND_FILTERED_PAYLOAD
- LOG_HEADER_AND_PAYLOAD
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| securityLabel | |
|---|
| securityLevel | | description | See MethodOptions for descriptions of the following options. |
|---|
| enum | - NONE
- INTEGRITY
- PRIVACY_AND_INTEGRITY
- STRONG_PRIVACY_AND_INTEGRITY
|
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| serverInitialTokens | |
|---|
| serverLogging | |
|---|
| tokenUnit | | description | Flow control token unit. MESSAGE: the default value. Each token allows sending one message. BYTE: each token allows one byte to be sent out. |
|---|
| enum | |
|---|
| enumDescriptions | |
|---|
| type | string |
|---|
|
|---|
| uninterpretedOption | | description | The parser stores options it doesn't recognize here. See above. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| StrictParsingRule | | id | StrictParsingRule |
|---|
| properties | | hideMergeConflictValues | | description | Avoids mentioning conflicting values in the error message when two templates try to set the same proto field on the request flow. By default, a given proto field can only be generated by a single template. If the same proto field is set by two different templates, then an error is thrown with the error message containing both the values. If this config is set, then the error message does not contain the conflicting values. This config affects only the request flow. This matches Apiary behavior as well (see hideMergeConflictValues config field at http://google3/java/com/google/api/server/config/parser/templates/config.jsont?l=383&rcl=271571286). |
|---|
| type | boolean |
|---|
|
|---|
| resolveMultipleValuesForSingularFields | | description | When enabled, TEX will always parse the proto bytes to DynamicMessage before creating entities so that it can keep the last value among duplicate values for non-repeated field. By default, TEX converts proto bytes to Entities and applies templates. This process has less performance. See http://go/esf-tex-duplicate-field-values for details. Deprecated: Avoid use of this feature where possible. This feature incurs a runtime performance penalty and is not required for TEX to resolve multiple values for singular fields. By default, both TEX and Apiary resolve multiple values for singular fields using first-one-wins ordering. In rare cases, the order of fields picked by Apiary and TEX may differ (see: b/184761165), this configuration should not be necessary for most APIs. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| strictParsingChecks | | description | Configuration for strict parsing for this selector. |
|---|
| items | | enum | - STRICT_PARSING_CHECKS_UNSPECIFIED
- UNKNOWN_NAME
- INVALID_VALUE
- MISSING_FIELD
|
|---|
| enumDescriptions | - Default value for this enum. This value should not be used in any case at all.
- Throws if non-existent field name is supplied.
- Throws if the supplied value is of a wrong type for the field.
- Throws if any required field is missing.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SubcodeConfig | | id | SubcodeConfig |
|---|
| properties | | fractionRedirected | | description | This enables the producer to specify how much percentage of failed traffic is redirected. E.g. 0.2 or 1.0. Unset value is interpreted as 1.0. |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
| subcode | | description | Apiary uses the error domain + reason as a subcode to distinguish between multiple error conditions that result in a specific error code. E.g. "global.badRequest", "usageLimits.limitExceeded". See go/apiary-migration-error-mapping for details. "*" can be used to include all error codes. Unset value is interpreted as "*". |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SupportedLocation | | description | Supported locations of the specified features for this service. Example: supported_location: regions: "us-central-1, us-east1, us-east2, europe-west1, europe-west2" groups: - group_id: "us-regions" locations: "us-central-1, us-east1, us-east2" - group_id: "europe-regions" locations: "europe-west1, europe-west2" quota: limits: - name: "ALLOCATIONS-per-project-region" ... values: VERY_LOW: 10 VERY_LOW/{$supported_location.groups.us-regions}: 100 LOW: 0 LOW/europe-west3: 80 # a location not presents in groups. LOW/{$supported_locations.groups.europe-regions}: 100 |
|---|
| id | SupportedLocation |
|---|
| properties | | groups | | description | The location groups which are used for string substitution in regional settings by using {$supported_location.groups.group_id}.Users only need to configure this if there is any variance between regions or zones. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| locationId | | description | Explicitly specifies the supported locations. such as 'us-east1' (region) or 'us-east1-a' (zone). If the features applied to multiple locations, it can be specified as comma separated locations, such as `us-east1,us-east1-a`. |
|---|
| type | string |
|---|
|
|---|
| locationPolicyOverride | | $ref | LocationPolicy |
|---|
| description | Unimplemented. Do not use. location_policy_override overrides the properties of existing locations and/or initializes the properties for new locations. If a location is mentioned in 'regions' or 'zones' but is not mentioned in the location_policy_override, it will be supported with default properties from the global SoT. Note that the zones do not inherit their properties from the regions they belong to. An example configuration: location_policy_override: location_properties: - location_id: europe-west2 labels: cloud.googleapis.com/access_type: PRIVATE - location_id: asia-southeast1 labels: cloud.googleapis.com/business_rules: ENFORCE_LOCAL_TAX_ENTITY myservice.googleapis.com/customproperty: value-of-custom-property - location_id: myservice-location1 is_for_testing: true display_name: Special location for myservice labels: cloud.googleapis.com/business_rules: FREE cloud.googleapis.com/access_type: PRIVATE cloud.googleapis.com/country: CA cloud.googleapis.com/location: myservice-location1 cloud.googleapis.com/region: myservice-location1 myservice.googleapis.com/customproperty: 123 |
|---|
|
|---|
| regions | | description | Explicitly specifies the supported regions, such as 'us-east1'. If the features applied to multiple regions, it can be specified as comma separated regions, such as us-east1,us-west2. |
|---|
| type | string |
|---|
|
|---|
| zones | | description | Explicitly specifies the supported zones. such as 'us-east1-a'. If the features applied to multiple zones, it can be specified as comma separated zones, such as us-east1-a,us-west2-b. This field is only needed if the service has a zonal level feature. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SystemParameter | | description | Define a parameter's name and location. The parameter may be passed as either an HTTP header or a URL query parameter, and if both are passed the behavior is implementation-dependent. |
|---|
| id | SystemParameter |
|---|
| properties | | httpHeader | | description | Define the HTTP header name to use for the parameter. It is case insensitive. |
|---|
| type | string |
|---|
|
|---|
| name | | description | Define the name of the parameter, such as "api_key" . It is case sensitive. |
|---|
| type | string |
|---|
|
|---|
| urlQueryParameter | | description | Define the URL query parameter name to use for the parameter. It is case sensitive. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SystemParameterRule | | description | Define a system parameter rule mapping system parameter definitions to methods. |
|---|
| id | SystemParameterRule |
|---|
| properties | | parameters | | description | Define parameters. Multiple names may be defined for a parameter. For a given method call, only one of them should be used. If multiple names are used the behavior is implementation-dependent. If none of the specified names are present the behavior is parameter-dependent. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| SystemParameters | | description | ### System parameter configuration A system parameter is a special kind of parameter defined by the API system, not by an individual API. It is typically mapped to an HTTP header and/or a URL query parameter. This configuration specifies which methods change the names of the system parameters. |
|---|
| id | SystemParameters |
|---|
| properties | | rules | | description | Define system parameters. The parameters defined here will override the default parameters implemented by the system. If this field is missing from the service config, default system parameters will be used. Default system parameters and names is implementation-dependent. Example: define api key for all methods system_parameters rules: - selector: "*" parameters: - name: api_key url_query_parameter: api_key Example: define 2 api key names for a specific method. system_parameters rules: - selector: "/ListShelves" parameters: - name: api_key http_header: Api-Key1 - name: api_key http_header: Api-Key2 **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TemplateInfo | | id | TemplateInfo |
|---|
| properties | | assignmentDirection | | description | The assignment direction of the template. |
|---|
| enum | - ASSIGNMENT_DIRECTION_UNSPECIFIED
- BACKEND_TO_FRONTEND
- FRONTEND_TO_BACKEND
|
|---|
| enumDescriptions | - Denotes that the config author has not specified the assignment direction of a template file. This will result in an error during compile time/runtime.
- Specifies that the assignments in the template source assign value *from* backend proto fields *to* frontend message fields. To be more specific, the template assignment statements have: * Left hand side (target of assignment) = frontend message (e.g. frontend proto, JSON, XML, etc) * Right hand side (source of assignment) = backend proto. The vast majority of Apiary templates are written using this direction.
- Specifies that the assignments in the template source assign value *from* frontend proto fields *to* backend message fields. To be more specific, the template assignment statements have: * Left hand side (target of assignment) = backend proto. * Right hand side (source of assignment) = frontend message (e.g. frontend proto, JSON, XML, etc). Apiary used this direction for template instructions that mapped query and path parameters to proto. Since such params only exist in a HTTP request, it is natural to write templates in this direction. Such template instructions were inlined in the `backendRequest` stanza of Apiary config rather than being specified in a separate template source file. As part of migration, we require all template transformations to be listed in a template source file rather than be specified inline in service config. As such, this direction is used for param templates generated from the inlined `backendRequest` config.
|
|---|
| type | string |
|---|
|
|---|
| path | | description | The relative path of the template file within the templates directory tree. Examples: * `foo.jsont` * `v2/bar.jsont` |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TemplateInvocation | | description | Defines the signature of a template invocation. This includes the template name and the arguments to pass to it. |
|---|
| id | TemplateInvocation |
|---|
| properties | | args | | description | The arguments to pass to the template during runtime. The argument count, order and type must match the `params` section defined in the preamble of the template source file. The only allowed values are: * `backendRequest.*`, `backendResponse.*`: these two represent the proto received and returned, respectively, by the backend.`*` can be any elements of these protos such as `backendResponse.child_element`. * `frontendRequest`: represents the frontend request proto * `context`: represents request metadata (go/apiary-config/context-variables lists all available variables). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| output | | description | The path of the output of this template. E.g. `frontendRequest.body` or `frontendResponse.resource`, etc. If not specified, it would be considered as follows: +---------------------+-----------------+------------------+ | | Request flow | Response flow | +---------------------+-----------------+------------------+ | BACKEND_TO_FRONTEND | frontendRequest | frontendResponse | | FRONTEND_TO_BACKEND | backendRequest | backendResponse | +---------------------+-----------------+------------------+ |
|---|
| type | string |
|---|
|
|---|
| template | | description | The name of the root template to invoke. Must match one of the names listed in the `backend_proto_translation` > `templates` section. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TemplateReference | | description | Reference to a template source file. |
|---|
| id | TemplateReference |
|---|
| properties | | info | | additionalProperties | |
|---|
| description | Information on the template file to use, keyed by the alt (i.e. output format). |
|---|
| type | object |
|---|
|
|---|
| name | | description | Nickname of the template that can be referenced in the `rules` section. Example: `method1RequestBodyTemplate` This name can be anything; it does not have to match the value listed in the template source under the `name` property. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TemplateSource | | id | TemplateSource |
|---|
| properties | | content | | description | Template content. |
|---|
| type | string |
|---|
|
|---|
| path | | description | Relative path of the template within a directory tree. The path must be unique across all templates. Examples: * v1/foo.jsont * bar.jsont |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TenancyUnit | | description | Representation of a tenancy unit. |
|---|
| id | TenancyUnit |
|---|
| properties | | consumer | | description | Output only. @OutputOnly Cloud resource name of the consumer of this service. For example 'projects/123456'. |
|---|
| readOnly | True |
|---|
| type | string |
|---|
|
|---|
| createTime | | description | Output only. @OutputOnly The time this tenancy unit was created. |
|---|
| format | google-datetime |
|---|
| readOnly | True |
|---|
| type | string |
|---|
|
|---|
| name | | description | Globally unique identifier of this tenancy unit "services/{service}/{collection id}/{resource id}/tenancyUnits/{unit}" |
|---|
| type | string |
|---|
|
|---|
| rootConsumer | | description | Output only. @OutputOnly For nested service to service dependencies, this is set to consumer field of the original consumer. For example 'projects/123456'. It will be equal to 'consumer' for direct dependencies. |
|---|
| readOnly | True |
|---|
| type | string |
|---|
|
|---|
| service | | description | Output only. Google Cloud API name of the managed service owning this tenancy unit. For example 'serviceconsumermanagement.googleapis.com'. |
|---|
| readOnly | True |
|---|
| type | string |
|---|
|
|---|
| tenantResources | | description | Resources constituting the tenancy unit. There can be at most 512 tenant resources in a tenancy unit. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TenantProjectConfig | | description | This structure defines a tenant project to be added to the specified tenancy unit and its initial configuration and properties. A project lien is created for the tenant project to prevent the tenant project from being deleted accidentally. The lien is deleted as part of tenant project removal. |
|---|
| id | TenantProjectConfig |
|---|
| properties | | billingConfig | | $ref | BillingConfig |
|---|
| description | Billing account properties. The billing account must be specified. |
|---|
|
|---|
| folder | | description | Folder where project in this tenancy unit must be located This folder must have been previously created with the required permissions for the caller to create and configure a project in it. Valid folder resource names have the format `folders/{folder_number}` (for example, `folders/123456`). |
|---|
| type | string |
|---|
|
|---|
| labels | | additionalProperties | |
|---|
| description | Labels that are applied to this project. |
|---|
| type | object |
|---|
|
|---|
| networkConfig | | $ref | NetworkConfig |
|---|
| description | Configuration for inserting a network in tenant project. |
|---|
|
|---|
| serviceAccountConfig | | $ref | ServiceAccountConfig |
|---|
| description | Configuration for the IAM service account on the tenant project. |
|---|
|
|---|
| services | | description | Google Cloud API names of services that are activated on this project during provisioning. If any of these services can't be activated, the request fails. For example: 'compute.googleapis.com','cloudfunctions.googleapis.com' |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| tenantProjectPolicy | | $ref | TenantProjectPolicy |
|---|
| description | Describes ownership and policies for the new tenant project. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TenantProjectPolicy | | description | Describes policy settings that can be applied to a newly created tenant project. |
|---|
| id | TenantProjectPolicy |
|---|
| properties | | policyBindings | | description | Policy bindings to be applied to the tenant project, in addition to the 'roles/owner' role granted to the Service Consumer Management service account. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TenantResource | | description | Resource constituting the TenancyUnit. |
|---|
| id | TenantResource |
|---|
| properties | | resource | | description | Output only. @OutputOnly Identifier of the tenant resource. For cloud projects, it is in the form 'projects/{number}'. For example 'projects/123456'. |
|---|
| readOnly | True |
|---|
| type | string |
|---|
|
|---|
| status | | description | Status of tenant resource. |
|---|
| enum | - STATUS_UNSPECIFIED
- PENDING_CREATE
- ACTIVE
- PENDING_DELETE
- FAILED
- DELETED
|
|---|
| enumDescriptions | - Unspecified status is the default unset value.
- Creation of the tenant resource is ongoing.
- Active resource.
- Deletion of the resource is ongoing.
- Tenant resource creation or deletion has failed.
- Tenant resource has been deleted.
|
|---|
| type | string |
|---|
|
|---|
| tag | | description | Unique per single tenancy unit. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Tex | | description | Configuration for TEX (Template Engine Extension). TEX is an envelope extension that embeds the Apiary template engine. TEX is integrated with ESF and transparently executes Apiary template files (.jsont) for converting API requests to the protos expected by the formerly Apiary backends. TEX also provides other Apiary-parity features beyond templates. This config is not expected to be used outside of Apiary migration use case. See go/esf-tex for details. |
|---|
| id | Tex |
|---|
| properties | | backendProtoDescriptors | | $ref | FileDescriptorSet |
|---|
| description | Backend proto is the proto expected by the backend. |
|---|
|
|---|
| backendProtoTranslation | | $ref | BackendProtoTranslation |
|---|
| description | Frontend proto <-> backend proto translation config. |
|---|
|
|---|
| etag | | $ref | ETag |
|---|
| description | ETag settings. |
|---|
|
|---|
| frontendProtoDescriptors | | $ref | FileDescriptorSet |
|---|
| description | Frontend proto is the proto that is generated by ESF from incoming input (e.g. HTTP/JSON) using go/proto3-json-spec. This should match the types listed in the types {} config stanza in the normalized service config. |
|---|
|
|---|
| parameters | | description | Http path and query parameters for each method and constraints on them. Example: - selector: zoo.api.AnimalService.Method1 parameters: - path: name required: true type: "STRING" - path: param_one pattern: '[a-zA-Z_]+' type: "STRING" - path: customer_id repeated: true type: "STRING" - path: param_three type: "INT32" max_value: '5' min_value: '1' - path: param_two type: "STRING" default_value: "dv" - selector: zoo.api.AnimalService.Method2 parameters: - path: name required: true type: "STRING" - path: param_one type: "INT64" Deprecated, please use the [Migration.method_parameter_rules]. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| strictParsingRules | | description | Configuration for strict parsing. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| templateSources | | description | All templates for translation. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TranslatorConfig | | description | Configurations for request/response translators. Example: experimental: advanced: translator_config: - selector: tech.frontend.WebChannelService.Message output_all_primitive_fields_to_json: true - selector: tech.frontend.WebChannelService.List jspb_variant: GWT |
|---|
| id | TranslatorConfig |
|---|
| properties | | addTrailingZerosForTimestampAndDuration | | description | When set to true, trailing ".000" nano seconds is added when the nanos part is zero for rendering google.protobuf.Timestamp and google.protobuf.Duration values. If this config is unset or set to false, the zeros are omitted. |
|---|
| type | boolean |
|---|
|
|---|
| dropEmptyFields | | description | When set to true, always keep empty field unset when populating proto2 request fields using RequestWeaver. Proto3 users do not need this config. This currently only affects scotty media requests. |
|---|
| type | boolean |
|---|
|
|---|
| jsonTranslationMaxRecursionDepth | | description | The maximum recursion depth allowed for translating json message to proto message. Messages having recursion depth above this limit will fail with an error. If not configured, default value of 100 is used. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| jspbAcceptNegativeUnsignedNumber | | description | When set to true, jspb proto translator will accept negative values for unsigned int proto fields. This is to be compatible with some legacy Java JSPB serializers. |
|---|
| type | boolean |
|---|
|
|---|
| jspbPivot | | description | The pivot used when translating to JSPB-Fava format. Leaving this field unset means any pivot can be used and different message types may have different pivots. |
|---|
| format | int32 |
|---|
| type | integer |
|---|
|
|---|
| jspbVariant | | description | JSPB format that should be used to translate the request/response messages for the selector. |
|---|
| enum | |
|---|
| enumDescriptions | - Default. Not using JSPB.
- JSPB variant used by Fava JavaScript library.
- JSPB variant used by GWT.
|
|---|
| type | string |
|---|
|
|---|
| outputAllPrimitiveFieldsToJson | | description | When converting proto to json, whether to output all fields of primitive types with their default values even when they are not in the source proto. Setting this to true causes the following to happen for unset fields: (1) primitive non-repeated fields will have defaults emitted (2) non-primitive non-repeated fields will not be emitted at all (3) repeated fields (primitive or non-primitive) will have empty array emitted (4) map fields will have empty parentheses '{}' emitted (5) Fields of type `Any` will have empty parentheses '{}' emitted NOTE: Enabling this option will significantly slow down JSON response rendering as well as increase memory usage of the Envelope. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| structIntegersAsStrings | | description | Treats number inputs in google.protobuf.Struct as strings. Normally, numeric values are returned in double field "number_value" of google.protobuf.Struct. However, this can cause precision loss for some inputs. This option is provided for services that want to preserve precision. When this option is set, numeric values are returned in "string_value" field in google.protobuf.Struct. |
|---|
| type | boolean |
|---|
|
|---|
| useWebSafeBase64ForByteFields | | description | Forces the translator to use web-safe base64 encoding for byte fields. Default is to use regular base64 encoding. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| TrustedTesterList | | id | TrustedTesterList |
|---|
| properties | | gaiaGroupIds | | description | Users that are members of the gaia group are considered trusted testers |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Type | | description | A protocol buffer message type. |
|---|
| id | Type |
|---|
| properties | | fields | | description | The list of fields. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| name | | description | The fully qualified message name. |
|---|
| type | string |
|---|
|
|---|
| oneofs | | description | The list of types appearing in `oneof` definitions in this type. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| options | | description | The protocol buffer options. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| sourceContext | | $ref | SourceContext |
|---|
| description | The source context. |
|---|
|
|---|
| syntax | | description | The source syntax. |
|---|
| enum | - SYNTAX_PROTO2
- SYNTAX_PROTO3
|
|---|
| enumDescriptions | - Syntax `proto2`.
- Syntax `proto3`.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UberMintConfig | | description | Config for Central UberMint. |
|---|
| id | UberMintConfig |
|---|
| properties | | platforms | | description | Accept UberMints issued for any of the following platforms. Not all combinations necessarily work, some platforms may be incompatible with others (causing a configuration exception). |
|---|
| items | | enum | - PLATFORM_UNSPECIFIED
- SANDBOX
- CLOUD
- DEVICE
- LEGACY_GAIA
- PROD_ACCOUNT
- FITBIT
|
|---|
| enumDescriptions | - Do not use.
- Experimental, talk to gm-um-convergence@ before using.
- Experimental, talk to tonic-eng@ before using.
- Experimental Fitbit platform. See go/fitbitmint.
|
|---|
| type | string |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UberMintRequirements | | description | Configuration for using Cloud UberMint as authentication token service. Only Google Cloud APIs are allowed to use this. See go/cloud-ubermint. |
|---|
| id | UberMintRequirements |
|---|
| properties | | mode | | enum | - DISABLED
- ENABLED_LEGACY_MINT
- ENABLED
- ENABLED_ONLY_FOR_THIRD_PARTY
|
|---|
| enumDescriptions | - Not using UberMint service. For incoming GaiaMint and UberMint to ESF, ESF passes it through.
- Using UberMint service in the legacy mode. In this mode, UberMint service returns a standard UberMint with an addition of an embedded GaiaMint in UberMint to pass to downstream services which support first party GaiaMint only. Please note that this mode does not support extending the lifetime of embedded GaiaMint using Defer/Undefer UberMint flows. Reach out to cloud-ubermint-eng@ if GaiaMint EUC is passed down the stack after a long running operation. If a 3P credential is received, there will be no embedded GaiaMint, so the resulting UberMint will just be like one that was generated in ENABLED mode. See: go/embed-gaiamint-in-ubermint. For incoming GaiaMint and UberMint to ESF, ESF passes it through.
- Using UberMint service in standard mode. In this mode, UberMint service returns Standard UberMint. For incoming GaiaMint and UberMint to ESF, ESF passes it through.
- Using UberMint service only for 3rd party tokens. In this mode, existing traffic is unaffected, UberMint is used for federated tokens. See go/accelerated-ubermint-adoption. NOTE: Use this mode only if fully Enabled mode is not possible. Once this mode is working as intended, service can change to Enabled mode with slow rollout, which should be the end state. Please reach out to cloud-ubermint-eng@ if you are considering this mode.
|
|---|
| type | string |
|---|
|
|---|
| rolloutRatio | | description | This defines the ratio of requests that should exchange the external credentials for an UberMint. The ratio should be in the range [0.0 ,1.0]. If provided, this field overrides the per service ratio defined by `esf_experimental_ubermint_rollout_percentage` flag. NOTE: This field should only be used when you are migrating your API usage from GaiaMints to UberMints. See: go/ubermint-per-api-rollout-percent |
|---|
| format | double |
|---|
| type | number |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UberProxyAuthRequirements | | description | Configuration for using UberProxy Authentication. WARNING! WARNING! WARNING! UberProxy Authentication is only supported in Root in Corp, Corp Eng APIs under 'myapi-googleapis.corp.google.com'. WARNING! WARNING! WARNING! See go/esf-corpsso-login. |
|---|
| id | UberProxyAuthRequirements |
|---|
| properties | | mode | | enum | |
|---|
| enumDescriptions | - [DEFAULT] Not using Tonic Service for authentication. For incoming UpberProxy Auth (Signed UpTick header), ESF ignores it.
- Using Tonic Service. Tonic Service returns a TransactDAT. ESF take precedence of UberProxy Auth.
|
|---|
| type | string |
|---|
|
|---|
| uptickDatPolicy | | description | Specify a Tonic policy used for the UpTick-DAT exchange. If not specified, default to http://tonic/policy/common-uptick-transact-dat. Use this only if your service needs to talk to a legacy API that is asking for scoped credentials, i.e., that API is not using RpcSecurityPolicy. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UbermintConfig | | description | Ubermint Configurations. |
|---|
| id | UbermintConfig |
|---|
| properties | | consumerAddress | | description | The Unified Backend (go/backends) target address of the non 345 compliant Ubermint Server. |
|---|
| type | string |
|---|
|
|---|
| serviceAccountAddress | | description | The Unified Backend (go/backends) target address of the local 345 compliant (Cloud Gaia Eligible) Ubermint Server. |
|---|
| type | string |
|---|
|
|---|
| yawnsOnlyServiceAccountUberminterAddress | | description | The Unified Backend (go/backends) target address of 345 compliant (Cloud Gaia Eligible) Ubermint Server in YAWNS only. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UndeleteTenantProjectRequest | | description | Request message to undelete tenant project resource previously deleted from the tenancy unit. |
|---|
| id | UndeleteTenantProjectRequest |
|---|
| properties | | tag | | description | Required. Tag of the resource within the tenancy unit. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UninterpretedOption | | description | A message representing a option the parser does not recognize. This only appears in options protos created by the compiler::Parser class. DescriptorPool resolves these when building Descriptor objects. Therefore, options protos in descriptor objects (e.g. returned by Descriptor::options(), or produced by Descriptor::CopyTo()) will never have UninterpretedOptions in them. |
|---|
| id | UninterpretedOption |
|---|
| properties | | aggregateValue | |
|---|
| doubleValue | |
|---|
| identifierValue | | description | The value of the uninterpreted option, in whatever type the tokenizer identified it as during parsing. Exactly one of these should be set. |
|---|
| type | string |
|---|
|
|---|
| name | |
|---|
| negativeIntValue | |
|---|
| positiveIntValue | |
|---|
| stringValue | |
|---|
|
|---|
| type | object |
|---|
|
|---|
| UniverseConfig | | description | Config settings related to Trusted Partner Cloud (TPC) universe. Name of the TPC universe the service config is intended for. This value is auto populated by Inception toolchain and should not be set manually. An empty value is used for the Google Default Universe (GDU) and non-empty values (e.g. "tpc-lite") refer to other universes. (b/236970642) NOTE: "tpc-lite" is the only known universe right now. |
|---|
| id | UniverseConfig |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| UpgradedOption | | description | BEGIN GOOGLE-INTERNAL For descriptors upgraded from proto1, contains the ProtocolDescriptor.Tag.Option values for this field. |
|---|
| id | UpgradedOption |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| UrlMap | | description | Configuration of URL mapping, to be referenced by Endpoint. It will be used to construct the GFE http URL mapping config for endpoints. Example: url_maps: - name: foo-url-map-global description: "For foo global APIs" http_config: grpc_mode: GRPC_ENABLED_SIMPLE default_backend: target: main:foo-global backend_options: max_connections: MAX_CONNECTIONS_HIGH rules: - backend: target: main:foo-high-availability-global backend_options: max_connections: MAX_CONNECTIONS_HIGH selector: google.cloud.foo.v1.Service.InsertAll, google.cloud.foo.v1.Service.List path_regex: - /batch example_paths: - /foo/v1/projects/p/datasets/d/insertAll - /foo/v1/projects/p/datasets/d/list - name: foo-url-map-{$supported_location.regions} description: "For foo regional APIs" http_config: grpc_mode: GRPC_ENABLED_SIMPLE default_backend: target: main:foo-{$supported_location.regions} backend_options: max_connections: MAX_CONNECTIONS_HIGH rules: - backend: target: main:foo-high-availability-{$supported_location.regions} backend_options: max_connections: MAX_CONNECTIONS_HIGH selector: google.cloud.foo.v1.Service.InsertAll, google.cloud.foo.v1.Service.List path_regex: - /batch example_paths: - /foo/v1/projects/p/datasets/d/insertAll - /foo/v1/projects/p/datasets/d/list endpoints: - name: foo.googleapis.com url_map: foo-url-map-global - name: foo.{$supported_location.regions}.googleapis.com url_map: foo-url-map-{$supported_location.regions} |
|---|
| id | UrlMap |
|---|
| properties | | defaultBackend | | $ref | GfeTarget |
|---|
| description | The default backend the endpoint is mapped to if none of the selector rules is matched. |
|---|
|
|---|
| description | | description | A detailed description of the URL map, which might be used in documentation. The description can have a maximum length of 1024 characters. |
|---|
| type | string |
|---|
|
|---|
| httpConfig | | $ref | HttpFrontendOptions |
|---|
| description | Configuration of client <-> GFE communication for HTTP-based services. |
|---|
|
|---|
| name | | description | The name of the URL mapping configuration. It will be referred to by `Endpoint.url_map`. The name must be 1-63 characters long, and comply with RFC1035 DNS segment syntax. Lower case letters, digits, and dash are allowed but must start with a lower case letter and can't end with a dash. Location regions templete {$supported_location.regions} is also allowed here and will be expanded to each region string listed in the regions of [supported_location](http://google3/google/api/location.proto?q=class:SupportedLocation$). Examples: "foo-url-map-global", "foo-url-map-{$supported_location.regions}". |
|---|
| type | string |
|---|
|
|---|
| rules | | description | The selector based URL map rules. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UrlMapRule | | description | The selector based URL map rule. |
|---|
| id | UrlMapRule |
|---|
| properties | | backend | | $ref | GfeTarget |
|---|
| description | The backend of the matched selector that are mapped to. |
|---|
|
|---|
| examplePaths | | description | The example paths that are used for testing GFE URL mapping. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| legacyGfeService | | $ref | LegacyGfeService |
|---|
| description | A non-GFESpec GFE service. |
|---|
|
|---|
| pathRegex | | description | Regex of other paths (can't be converted from selector) that will be mapped to the GFE target. For example: batch path, servicez path etc. Note: the batch path configured here should align with the batch path enforced by ESF at runtime, defined by the flag, `--esf_server_http_batch_url_path flag`, or by the default path `/batch` if there is no ESF runtime override. See, go/api-batch. Examples: "/batch", "/batch/.*", "/servicez", "/static/[^/]+". |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| selector | | description | The method selector for the target. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Usage | | description | Configuration controlling usage of a service. |
|---|
| id | Usage |
|---|
| properties | | activationHooks | | description | Services that must be contacted before a consumer can begin using the service. Each service will be contacted in sequence, and, if any activation call fails, the entire activation will fail. Each hook is of the form /, where is optional; for example: 'robotservice.googleapis.com/default'. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| deactivationHooks | | description | Services that must be contacted before a consumer can deactivate a service. Each service will be contacted in sequence, and, if any deactivation call fails, the entire deactivation will fail. Each hook is of the form /, where is optional; for example: 'compute.googleapis.com/'. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| dependsOnServices | | description | Services that must be activated in order for this service to be used. The set of services activated as a result of these relations are all activated in parallel with no guaranteed order of activation. Each string is a service name, e.g. `calendar.googleapis.com`. This will be replaced by centralized place to add this dependency configuration in tenant manager. See: http://cs/?q=putAll+f:/ServiceDependencyConf.* for new way to add this config. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| producerNotificationChannel | | description | The full resource name of a channel used for sending notifications to the service producer. Google Service Management currently only supports [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification channel. To use Google Cloud Pub/Sub as the channel, this must be the name of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format documented in https://cloud.google.com/pubsub/docs/overview. |
|---|
| type | string |
|---|
|
|---|
| requirements | | description | Requirements that must be satisfied before a consumer project can use the service. Each requirement is of the form /; for example 'serviceusage.googleapis.com/billing-enabled'. For Google APIs, a Terms of Service requirement must be included here. Google Cloud APIs must include "serviceusage.googleapis.com/tos/cloud". Other Google APIs should include "serviceusage.googleapis.com/tos/universal". Additional ToS can be included based on the business needs. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| rules | | description | A list of usage rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| serviceAccess | | description | NOTE: This feature is deprecated. Please use Cloud IAM directly to manage access control to services. See https://cloud.google.com/service-management/access-control for details. |
|---|
| enum | - RESTRICTED
- PUBLIC
- ORG_RESTRICTED
- ORG_PUBLIC
|
|---|
| enumDescriptions | - The service can only be seen/used by users identified in the service's access control policy. If the service has not been allowlisted by your domain administrator for out-of-org publishing, then this mode will be treated like ORG_RESTRICTED.
- The service can be seen/used by anyone. If the service has not been allowlisted by your domain administrator for out-of-org publishing, then this mode will be treated like ORG_PUBLIC. The discovery document for the service will also be public and allow unregistered access.
- The service can be seen/used by users identified in the service's access control policy and they are within the organization that owns the service. Access is further constrained to the group controlled by the administrator of the project/org that owns the service.
- The service can be seen/used by the group of users controlled by the administrator of the project/org that owns the service.
|
|---|
| type | string |
|---|
|
|---|
| serviceIdentity | | $ref | ServiceIdentity |
|---|
| description | The configuration of a per-product per-project service identity. |
|---|
|
|---|
| sharing | | description | Resource-based sharing model for the service. Changes to the sharing model may be restricted by an organization admin. |
|---|
| enum | - RESOURCE_BASED_SHARING_UNSPECIFIED
- BY_POLICY
- ALWAYS
|
|---|
| enumDescriptions | - No defined sharing model.
- Service is shared with a consumer only by setting an ALLOW SharingPolicy for that consumer, or one of its ancestors, in the Service Consumer Management API.
- Service is shared with all consumers, regardless of SharingPolicy.
|
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UsageManagerConfig | | description | The configuration that controls ESF's interaction with Usage Manager which happens via the {@code uds_premium.UsageManagerService} stubby interface. This config should only be needed if your control plane is Usage Manager. One Platform services should only use Chemist as the control plane, so this config is used in dual-check mode that is used as part of Apiary migration. |
|---|
| id | UsageManagerConfig |
|---|
| properties | | apiName | | description | Used to populate the 'api_name' field of a {@link com.google.searchapi.premium.UsageManagerRequest}. |
|---|
| type | string |
|---|
|
|---|
| rules | | description | Method level Usage Manager rules. |
|---|
| items | | $ref | UsageManagerConfigRule |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UsageManagerConfigRule | | id | UsageManagerConfigRule |
|---|
| properties | | address | | description | The Unified Backend (go/unified-backend-spec) target address of the UsageManagerService. The API compiler will set this field automatically. |
|---|
| type | string |
|---|
|
|---|
| apiVersion | | description | Used to populate the 'api_version' field of a {@link com.google.searchapi.premium.UsageManagerRequest}. |
|---|
| type | string |
|---|
|
|---|
| quotaBucketName | | description | The quota bucket name that this method is associated with on Apiary. Both the bucket name value as well as the method to which it is being associated must match the values in Apiary config (.api file or go/apiz). |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the API methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UsageManagerRule | | description | DEPRECATED. Use control envrionment instead. See http://cs/google/api/control.proto Configurations for the UsageManagerWrapper. Example: experimental: advanced: usage_manager_rules: - selector: google.library.v1.LibraryService.* address: usagemanager.googleprod.com |
|---|
| id | UsageManagerRule |
|---|
| properties | | address | | description | The Unifed Backend (go/unified-backend-spec) target address of the UsageManagerService. |
|---|
| type | string |
|---|
|
|---|
| enableCache | | description | Enables caching successful UsageManager checks. |
|---|
| type | boolean |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UsageRule | | description | Usage configuration rules for the service. NOTE: Under development. Use this rule to configure unregistered calls for the service. Unregistered calls are calls that do not contain consumer project identity. (Example: calls that do not contain an API key). By default, API methods do not allow unregistered calls, and each method call must be identified by a consumer project identity. Use this rule to allow/disallow unregistered calls. Example of an API that wants to allow unregistered calls for entire service. usage: rules: - selector: "*" allow_unregistered_calls: true Example of a method that wants to allow unregistered calls. usage: rules: - selector: "google.example.library.v1.LibraryService.CreateBook" allow_unregistered_calls: true |
|---|
| id | UsageRule |
|---|
| properties | | allowUnregisteredCalls | | description | If true, the selected method allows unregistered calls, e.g. calls that don't identify any user or application. |
|---|
| type | boolean |
|---|
|
|---|
| defaultApiKey | | description | A default API key for Chemist checks when the incoming request is not authenticated with a client project and doesn't come with an API key. Some authentication methods, such as HTTP Basic Authentication and HTTP Cookie, don't carry information about the client project. Such authentication methods must be used with an API key. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| skipServiceControl | | description | If true, the selected method should skip service control and the control plane features, such as quota and billing, will not be available. This flag is used by Google Cloud Endpoints to bypass checks for internal methods, such as service health check methods. |
|---|
| type | boolean |
|---|
|
|---|
| skipServiceControlForStubby | | description | WARNING: The correct name for this field should be `enable_stubby_proxy_mode`. However, it is too costly to rename this field, so we will leave it as is. If true, enable the Stubby proxy mode for ESF, and ESF will behave like a normal Stubby proxy and **all** One Platform features will be skipped for Stubby traffic. This feature may only be enabled for private APIs. See go/api-launch for the definition of private APIs. This feature MUST NOT be used with public Google APIs. Public Google APIs must satisfy all public product requirements. Providing backdoor to Stubby traffic introduces unknown security and privacy risks. Google has hundreds of thousand LOAS roles, so we cannot give blanket trust to Stubby traffic or LOAS roles. |
|---|
| type | boolean |
|---|
|
|---|
| skipStreamingApiMetrics | | description | Unimplemented. Do not use. If true, API proxies shall not report API metrics for streaming methods. This feature may only be enabled for API services with streaming methods. |
|---|
| type | boolean |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| UserAttributionCondition | | description | A condition to limit the user attribution. For example, this condition could be used to only match authorities attributed to members of `bcid-level-3`. Note that this condition checks the principal of an authority, ignoring any authority selector that might be present. |
|---|
| id | UserAttributionCondition |
|---|
| properties | | includes | | description | User-specified variables for templated user attribution. The variables are resolved through supplying instantiation with matching keys. Ex: includes: 'bcid-user' WARNING: this field is only supported for policies in the RpcSP central repo (google3/configs/security/rpcsp). See go/rpcsp2-templating for usage. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| localProdGroups | | description | Matches if the authority user is a member of any of the given local prod groups (for use by special low-dependency services -- go/aclrep-ld) |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodGroups | | description | Matches if the authority user is a member of any of the given prod ("MDB") groups. Specified without suffix and with the @prod.google.com suffix implied (e.g., 'bcid-level-3'). More info: go/ganpati2-faq#ganpati-chubby. go/ganpati-expansion#chubby-expansion |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| prodUsers | | description | Matches if the authority user is any of the given prod users. Specified without prefix and with @prod.google.com suffix. implied (e.g., 'gmail-lookup-batch' or 'sundar'). |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
| self | | $ref | Empty |
|---|
| description | Matches if the authority user is the same as the user the service is running as. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1AddVisibilityLabelsResponse | | description | Response message for the `AddVisibilityLabels` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1AddVisibilityLabelsResponse |
|---|
| properties | | labels | | description | The updated set of visibility labels for this consumer on this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1BatchSetProducerOverridesResponse | | description | This is the response payload of the batch quota override method. Consumer quota settings for multiple quota limits. |
|---|
| id | V1BatchSetProducerOverridesResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1Beta1BatchCreateProducerOverridesResponse | | description | Response message for BatchCreateProducerOverrides |
|---|
| id | V1Beta1BatchCreateProducerOverridesResponse |
|---|
| properties | | overrides | | description | The overrides that were created. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1Beta1DisableConsumerResponse | | description | Response message for the `DisableConsumer` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1Beta1DisableConsumerResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1Beta1EnableConsumerResponse | | description | Response message for the `EnableConsumer` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1Beta1EnableConsumerResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1Beta1GenerateServiceIdentityResponse | | description | Response message for the `GenerateServiceIdentity` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1Beta1GenerateServiceIdentityResponse |
|---|
| properties | | identity | | $ref | V1Beta1ServiceIdentity |
|---|
| description | ServiceIdentity that was created or retrieved. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1Beta1ImportProducerOverridesResponse | | description | Response message for ImportProducerOverrides |
|---|
| id | V1Beta1ImportProducerOverridesResponse |
|---|
| properties | | overrides | | description | The overrides that were created from the imported data. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1Beta1ImportProducerQuotaPoliciesResponse | | description | Response message for ImportProducerQuotaPolicies |
|---|
| id | V1Beta1ImportProducerQuotaPoliciesResponse |
|---|
| properties | | policies | | description | The policies that were created from the imported data. |
|---|
| items | | $ref | V1Beta1ProducerQuotaPolicy |
|---|
|
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1Beta1ProducerQuotaPolicy | | description | Quota policy created by service producer. |
|---|
| id | V1Beta1ProducerQuotaPolicy |
|---|
| properties | | container | | description | The cloud resource container at which the quota policy is created. The format is {container_type}/{container_number} |
|---|
| type | string |
|---|
|
|---|
| dimensions | | additionalProperties | |
|---|
| description | If this map is nonempty, then this policy applies only to specific values for dimensions defined in the limit unit. For example, an policy on a limit with the unit 1/{project}/{region} could contain an entry with the key "region" and the value "us-east-1"; the policy is only applied to quota consumed in that region. This map has the following restrictions: * Keys that are not defined in the limit's unit are not valid keys. Any string appearing in {brackets} in the unit (besides {project} or {user}) is a defined key. * "project" is not a valid key; the project is already specified in the parent resource name. * "user" is not a valid key; the API does not support quota polcies that apply only to a specific user. * If "region" appears as a key, its value must be a valid Cloud region. * If "zone" appears as a key, its value must be a valid Cloud zone. * If any valid key other than "region" or "zone" appears in the map, then all valid keys other than "region" or "zone" must also appear in the map. |
|---|
| type | object |
|---|
|
|---|
| metric | | description | The name of the metric to which this policy applies. An example name would be: `compute.googleapis.com/cpus` |
|---|
| type | string |
|---|
|
|---|
| name | | description | The resource name of the producer policy. An example name would be: `services/compute.googleapis.com/organizations/123/consumerQuotaMetrics/compute.googleapis.com%2Fcpus/limits/%2Fproject%2Fregion/producerQuotaPolicies/4a3f2c1d` |
|---|
| type | string |
|---|
|
|---|
| policyValue | | description | The quota policy value. Can be any nonnegative integer, or -1 (unlimited quota). |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| unit | | description | The limit unit of the limit to which this policy applies. An example unit would be: `1/{project}/{region}` Note that `{project}` and `{region}` are not placeholders in this example; the literal characters `{` and `}` occur in the string. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1Beta1QuotaOverride | | description | A quota override |
|---|
| id | V1Beta1QuotaOverride |
|---|
| properties | | adminOverrideAncestor | | description | The resource name of the ancestor that requested the override. For example: "organizations/12345" or "folders/67890". Used by admin overrides only. |
|---|
| type | string |
|---|
|
|---|
| dimensions | | additionalProperties | |
|---|
| description | If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. For example, an override on a limit with the unit 1/{project}/{region} could contain an entry with the key "region" and the value "us-east-1"; the override is only applied to quota consumed in that region. This map has the following restrictions: * Keys that are not defined in the limit's unit are not valid keys. Any string appearing in {brackets} in the unit (besides {project} or {user}) is a defined key. * "project" is not a valid key; the project is already specified in the parent resource name. * "user" is not a valid key; the API does not support quota overrides that apply only to a specific user. * If "region" appears as a key, its value must be a valid Cloud region. * If "zone" appears as a key, its value must be a valid Cloud zone. * If any valid key other than "region" or "zone" appears in the map, then all valid keys other than "region" or "zone" must also appear in the map. |
|---|
| type | object |
|---|
|
|---|
| metric | | description | The name of the metric to which this override applies. An example name would be: `compute.googleapis.com/cpus` |
|---|
| type | string |
|---|
|
|---|
| name | | description | The resource name of the producer override. An example name would be: `services/compute.googleapis.com/projects/123/consumerQuotaMetrics/compute.googleapis.com%2Fcpus/limits/%2Fproject%2Fregion/producerOverrides/4a3f2c1d` |
|---|
| type | string |
|---|
|
|---|
| overrideValue | | description | The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| unit | | description | The limit unit of the limit to which this override applies. An example unit would be: `1/{project}/{region}` Note that `{project}` and `{region}` are not placeholders in this example; the literal characters `{` and `}` occur in the string. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1Beta1RefreshConsumerResponse | | description | Response message for the `RefreshConsumer` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1Beta1RefreshConsumerResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1Beta1ServiceIdentity | | description | A service identity in the Identity and Access Management API. |
|---|
| id | V1Beta1ServiceIdentity |
|---|
| properties | | email | | description | The email address of the service identity. |
|---|
| type | string |
|---|
|
|---|
| name | | description | P4 service identity resource name. An example name would be: `services/serviceconsumermanagement.googleapis.com/projects/123/serviceIdentities/default` |
|---|
| type | string |
|---|
|
|---|
| tag | | description | The P4 service identity configuration tag. This must be defined in activation_grants. If not specified when creating the account, the tag is set to "default". |
|---|
| type | string |
|---|
|
|---|
| uniqueId | | description | The unique and stable id of the service identity. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1ConsumerQuotaLimit | | description | Consumer quota settings for a quota limit. |
|---|
| id | V1ConsumerQuotaLimit |
|---|
| properties | | globalQuota | | $ref | V1QuotaBucket |
|---|
| description | This limit has no regional or zonal buckets. It has a single global bucket. |
|---|
|
|---|
| isPrecise | | description | Whether this limit is precise or imprecise. |
|---|
| type | boolean |
|---|
|
|---|
| metricName | | description | The name of the parent metric of this limit. An example name would be: `compute.googleapis.com/cpus` |
|---|
| type | string |
|---|
|
|---|
| name | | description | The resource name of the quota limit. An example name would be: `services/compute.googleapis.com/projects/123/quotas/metrics/compute.googleapis.com%2Fcpus/limits/%2Fproject%2Fregion` The resource name is intended to be opaque and should not be parsed for its component strings, since its representation could change in the future. |
|---|
| type | string |
|---|
|
|---|
| propagation | | $ref | Operation |
|---|
| description | A long-running operation which tracks the propagation of recent changes to this resource to all affected backends. If this field is empty, all affected backends have been notified of the change. If this field contains an operation in progress, then the most recent change to this resource has not yet been sent out to all backends. If this field contains an operation that has failed with an error, the caller should retry the change. |
|---|
|
|---|
| regionalQuota | | $ref | V1RegionalQuota |
|---|
| description | This limit has different buckets for each region. |
|---|
|
|---|
| unit | | description | The limit unit. An example unit would be: `1/{project}/{region}` |
|---|
| type | string |
|---|
|
|---|
| zonalQuota | | $ref | V1ZonalQuota |
|---|
| description | This limit has different buckets for each zone. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1DefaultIdentity | | description | A default identity in the Identity and Access Management API. |
|---|
| id | V1DefaultIdentity |
|---|
| properties | | email | | description | The email address of the default identity. |
|---|
| type | string |
|---|
|
|---|
| name | | description | Default identity resource name. An example name would be: `services/serviceconsumermanagement.googleapis.com/projects/123/defaultIdentity` |
|---|
| type | string |
|---|
|
|---|
| tag | | description | The Default Identity tag. If specified when creating the account, the tag must be present in activation_grants. If not specified when creating the account, the tag is set to the tag specified in activation_grants. |
|---|
| type | string |
|---|
|
|---|
| uniqueId | | description | The unique and stable id of the default identity. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1DisableConsumerResponse | | description | Response message for the `DisableConsumer` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1DisableConsumerResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1EnableConsumerResponse | | description | Response message for the `EnableConsumer` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1EnableConsumerResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1GenerateDefaultIdentityResponse | | description | Response message for the `GenerateDefaultIdentity` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1GenerateDefaultIdentityResponse |
|---|
| properties | | attachStatus | | description | Status of the role attachment. Under development (go/si-attach-role), currently always return ATTACH_STATUS_UNSPECIFIED) |
|---|
| enum | - ATTACH_STATUS_UNSPECIFIED
- ATTACHED
- ATTACH_SKIPPED
- PREVIOUSLY_ATTACHED
- ATTACH_DENIED_BY_ORG_POLICY
|
|---|
| enumDescriptions | - Indicates that the AttachStatus was not set.
- The default identity was attached to a role successfully in this request.
- The request specified that no attempt should be made to attach the role.
- Role was attached to the consumer project at some point in time. Tenant manager doesn't make assertion about the current state of the identity with respect to the consumer. Role attachment should happen only once after activation and cannot be reattached after customer removes it. (go/si-attach-role)
- Role attachment was denied in this request by customer set org policy. (go/si-attach-role)
|
|---|
| type | string |
|---|
|
|---|
| identity | | $ref | V1DefaultIdentity |
|---|
| description | DefaultIdentity that was created or retrieved. |
|---|
|
|---|
| role | | description | Role attached to consumer project. Empty if not attached in this request. (Under development, currently always return empty.) |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1GenerateServiceAccountResponse | | description | Response message for the `GenerateServiceAccount` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1GenerateServiceAccountResponse |
|---|
| properties | | account | | $ref | V1ServiceAccount |
|---|
| description | ServiceAccount that was created or retrieved. |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1QuotaBucket | | description | QuotaBucket, the bottom quota provisioning unit. |
|---|
| id | V1QuotaBucket |
|---|
| properties | | adminOverride | | description | Admin override on this quota bucket |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| consumerOverride | | description | Consumer override on this quota bucket |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| defaultLimit | |
|---|
| effectiveLimit | | description | The effective limit of this quota bucket. Equal to default_limit if there are no overrides. |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
| producerOverride | | description | Producer override on this quota bucket |
|---|
| format | int64 |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1RefreshConsumerResponse | | description | Response message for the `RefreshConsumer` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1RefreshConsumerResponse |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| V1RegionalQuota | | id | V1RegionalQuota |
|---|
| properties | | baseBucket | | $ref | V1QuotaBucket |
|---|
| description | The base bucket for all regions. If a region does not have its own producer override, it uses the producer override in this bucket if one is present. If a region does not have its own consumer override, it uses the consumer override in this bucket if one is present. If a region does not have its own admin override, it uses the admin override in this bucket if one is present. |
|---|
|
|---|
| regionalBuckets | | additionalProperties | |
|---|
| description | Individual buckets for each region. The map keys are region names. If a region does not have any overrides of its own, it will not appear in this map unless show_buckets_with_no_overrides is set on the request. A region with no overrides has the same effective limit as base_bucket. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1RemoveVisibilityLabelsResponse | | description | Response message for the `RemoveVisibilityLabels` method. This response message is assigned to the `response` field of the returned Operation when that operation is done. |
|---|
| id | V1RemoveVisibilityLabelsResponse |
|---|
| properties | | labels | | description | The updated set of visibility labels for this consumer on this service. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1ServiceAccount | | description | A service account in the Identity and Access Management API. |
|---|
| id | V1ServiceAccount |
|---|
| properties | | email | | description | The email address of the service account. |
|---|
| type | string |
|---|
|
|---|
| iamAccountName | | description | Deprecated. See b/136209818. |
|---|
| type | string |
|---|
|
|---|
| name | | description | P4 SA resource name. An example name would be: `services/serviceconsumermanagement.googleapis.com/projects/123/serviceAccounts/default` |
|---|
| type | string |
|---|
|
|---|
| tag | | description | The P4 SA configuration tag. This must be defined in activation_grants. If not specified when creating the account, the tag is set to "default". |
|---|
| type | string |
|---|
|
|---|
| uniqueId | | description | The unique and stable id of the service account. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| V1ZonalQuota | | description | A collection of quota buckets, organized by zone. |
|---|
| id | V1ZonalQuota |
|---|
| properties | | baseBucket | | $ref | V1QuotaBucket |
|---|
| description | The base bucket for all zones. If a zone does not have its own producer override, it uses the producer override in this bucket if one is present. If a zone does not have its own consumer override, it uses the consumer override in this bucket if one is present. If a zone does not have its own admin override, it uses the admin override in this bucket if one is present. |
|---|
|
|---|
| zonalBuckets | | additionalProperties | |
|---|
| description | Individual buckets for each zone. The map keys are zone names. If a zone does not have any overrides of its own, it will not appear in this map unless show_buckets_with_no_overrides is set on the request. A zone with no overrides has the same effective limit as base_bucket. |
|---|
| type | object |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Visibility | | description | `Visibility` restricts service consumer's access to service elements, such as whether an application can call a visibility-restricted method. The restriction is expressed by applying visibility labels on service elements. The visibility labels are elsewhere linked to service consumers. A service can define multiple visibility labels, but a service consumer should be granted at most one visibility label. Multiple visibility labels for a single service consumer are not supported. If an element and all its parents have no visibility label, its visibility is unconditionally granted. Example: visibility: rules: - selector: google.calendar.Calendar.EnhancedSearch restriction: PREVIEW - selector: google.calendar.Calendar.Delegate restriction: INTERNAL Here, all methods are publicly visible except for the restricted methods EnhancedSearch and Delegate. |
|---|
| id | Visibility |
|---|
| properties | | rules | | description | A list of visibility rules that apply to individual API elements. **NOTE:** All service configuration rules follow "last one wins" order. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| VisibilityRule | | description | A visibility rule provides visibility configuration for an individual API element. |
|---|
| id | VisibilityRule |
|---|
| properties | | restriction | | description | A comma-separated list of visibility labels that apply to the `selector`. Any of the listed labels can be used to grant the visibility. If a rule has multiple labels, removing one of the labels but not all of them can break clients. Example: visibility: rules: - selector: google.calendar.Calendar.EnhancedSearch restriction: INTERNAL, PREVIEW Removing INTERNAL from this restriction will break clients that rely on this method and only had access to it through INTERNAL. |
|---|
| type | string |
|---|
|
|---|
| selector | | description | Selects methods, messages, fields, enums, etc. to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| WebChannelConfig | | description | WebChannel configuration. This rule is used by Apps Framework for its FE API support. Example: experimental: advanced: webchannel_config: - selector: tech.frontend.WebChannelService.Message url_paths: - "/foo/service/channel" - "/foo/service/channel2" |
|---|
| id | WebChannelConfig |
|---|
| properties | | selector | | description | Selects the methods to which this rule applies. Refer to selector for syntax details. |
|---|
| type | string |
|---|
|
|---|
| urlPaths | | description | WebChannel url paths configured for method selected by above selector. |
|---|
| items | |
|---|
| type | array |
|---|
|
|---|
|
|---|
| type | object |
|---|
|
|---|
| Zanzibar | | description | Represents a Zanzibar authorization check. If Zanzibar is listed as an AuthorizationMethod, the authorization obligation is tracked automatically by the Zanzibar client library in Java and C++, but needs to be done manually in Go since there's no client library there: go/rpcsp-authz-obligations. The following RPC methods are in scope for obligation tracking: - /Gateway.Check, GCheck, MCheck - /AclBridge.Check, GCheck, MCheck NOTE: Currently, an MCheck automatically counts as ALLOW only if the specified User is in ALL of the specified UserSetRefs. If this is too strict for your use case, you can manually record the action as an ALLOW; see go/rpcsp-zanzibar-tracking. |
|---|
| id | Zanzibar |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
| ZanzibarAuthorizationCheckCondition | | id | ZanzibarAuthorizationCheckCondition |
|---|
| properties | |
|---|
| type | object |
|---|
|
|---|
|
|---|
|
|---|
| root['title'] | | new_value | Service Management API (Staging) |
|---|
| old_value | Service Consumer Management API (Autopush) |
|---|
|
|---|
|
|---|
| iterable_item_added | | root['resources']['operations']['methods']['get']['scopes'][1] | https://www.googleapis.com/auth/service.management |
|---|
| root['resources']['operations']['methods']['list']['scopes'][1] | https://www.googleapis.com/auth/service.management |
|---|
|
|---|
| iterable_item_removed | | root['resources']['operations']['methods']['list']['parameterOrder'][0] | name |
|---|
|
|---|
|
|---|