diff options
Diffstat (limited to 'third_party/googleapis/google/cloud/accessapproval')
6 files changed, 1173 insertions, 0 deletions
diff --git a/third_party/googleapis/google/cloud/accessapproval/BUILD.bazel b/third_party/googleapis/google/cloud/accessapproval/BUILD.bazel new file mode 100644 index 0000000..919d9c2 --- /dev/null +++ b/third_party/googleapis/google/cloud/accessapproval/BUILD.bazel @@ -0,0 +1,40 @@ +# This build file includes a target for the Ruby wrapper library for +# google-cloud-access_approval. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +# Export yaml configs. +exports_files(glob(["*.yaml"])) + +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", +) + +# Generates a Ruby wrapper client for accessapproval. +# Ruby wrapper clients are versionless, but are generated from source protos +# for a particular service version, v1 in this case. +ruby_cloud_gapic_library( + name = "accessapproval_ruby_wrapper", + srcs = ["//google/cloud/accessapproval/v1:accessapproval_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-access_approval", + "ruby-cloud-env-prefix=ACCESS_APPROVAL", + "ruby-cloud-wrapper-of=v1:0.0", + "ruby-cloud-product-url=https://cloud.google.com/access-approval/", + "ruby-cloud-api-id=accessapproval.googleapis.com", + "ruby-cloud-api-shortname=accessapproval", + ], + ruby_cloud_description = "An API for controlling access to data by Google personnel.", + ruby_cloud_title = "Access Approval", +) + +# Open Source package. +ruby_gapic_assembly_pkg( + name = "google-cloud-accessapproval-ruby", + deps = [ + ":accessapproval_ruby_wrapper", + ], +) diff --git a/third_party/googleapis/google/cloud/accessapproval/v1/BUILD.bazel b/third_party/googleapis/google/cloud/accessapproval/v1/BUILD.bazel new file mode 100644 index 0000000..558bd17 --- /dev/null +++ b/third_party/googleapis/google/cloud/accessapproval/v1/BUILD.bazel @@ -0,0 +1,376 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/gapic-generator/tree/master/rules_gapic/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "accessapproval_proto", + srcs = [ + "accessapproval.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "accessapproval_proto_with_info", + deps = [ + ":accessapproval_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "accessapproval_java_proto", + deps = [":accessapproval_proto"], +) + +java_grpc_library( + name = "accessapproval_java_grpc", + srcs = [":accessapproval_proto"], + deps = [":accessapproval_java_proto"], +) + +java_gapic_library( + name = "accessapproval_java_gapic", + srcs = [":accessapproval_proto_with_info"], + gapic_yaml = "accessapproval_gapic.yaml", + grpc_service_config = "accessapproval_grpc_service_config.json", + test_deps = [ + ":accessapproval_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":accessapproval_java_proto", + ], +) + +java_gapic_test( + name = "accessapproval_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.accessapproval.v1.AccessApprovalAdminClientHttpJsonTest", + "com.google.cloud.accessapproval.v1.AccessApprovalAdminClientTest", + ], + runtime_deps = [":accessapproval_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-accessapproval-v1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":accessapproval_java_gapic", + ":accessapproval_java_grpc", + ":accessapproval_java_proto", + ":accessapproval_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "accessapproval_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/accessapproval/v1", + protos = [":accessapproval_proto"], + deps = [ + "//google/api:annotations_go_proto", + ], +) + +go_gapic_library( + name = "accessapproval_go_gapic", + srcs = [":accessapproval_proto_with_info"], + grpc_service_config = "accessapproval_grpc_service_config.json", + importpath = "cloud.google.com/go/accessapproval/apiv1;accessapproval", + service_yaml = "accessapproval_v1.yaml", + transport = "grpc+rest", + deps = [ + ":accessapproval_go_proto", + ], +) + +go_test( + name = "accessapproval_go_gapic_test", + srcs = [":accessapproval_go_gapic_srcjar_test"], + embed = [":accessapproval_go_gapic"], + importpath = "cloud.google.com/go/accessapproval/apiv1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-accessapproval-v1-go", + deps = [ + ":accessapproval_go_gapic", + ":accessapproval_go_gapic_srcjar-test.srcjar", + ":accessapproval_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "accessapproval_py_gapic", + srcs = [":accessapproval_proto"], + grpc_service_config = "accessapproval_grpc_service_config.json", + opt_args = [ + "warehouse-package-name=google-cloud-access-approval", + ], + transport = "grpc", +) + +py_test( + name = "accessapproval_py_gapic_test", + srcs = [ + "accessapproval_py_gapic_pytest.py", + "accessapproval_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":accessapproval_py_gapic"], +) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "accessapproval-v1-py", + deps = [ + ":accessapproval_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "accessapproval_php_proto", + deps = [":accessapproval_proto"], +) + +php_grpc_library( + name = "accessapproval_php_grpc", + srcs = [":accessapproval_proto"], + deps = [":accessapproval_php_proto"], +) + +php_gapic_library( + name = "accessapproval_php_gapic", + srcs = [":accessapproval_proto_with_info"], + grpc_service_config = "accessapproval_grpc_service_config.json", + deps = [ + ":accessapproval_php_grpc", + ":accessapproval_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-accessapproval-v1-php", + deps = [ + ":accessapproval_php_gapic", + ":accessapproval_php_grpc", + ":accessapproval_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "accessapproval_nodejs_gapic", + package_name = "@google-cloud/access-approval", + src = ":accessapproval_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "accessapproval_grpc_service_config.json", + package = "google.cloud.accessapproval.v1", + service_yaml = "accessapproval_v1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "accessapproval-v1-nodejs", + deps = [ + ":accessapproval_nodejs_gapic", + ":accessapproval_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "accessapproval_ruby_proto", + deps = [":accessapproval_proto"], +) + +ruby_grpc_library( + name = "accessapproval_ruby_grpc", + srcs = [":accessapproval_proto"], + deps = [":accessapproval_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "accessapproval_ruby_gapic", + srcs = [":accessapproval_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-access_approval-v1", + "ruby-cloud-env-prefix=ACCESS_APPROVAL", + "ruby-cloud-product-url=https://cloud.google.com/access-approval/", + "ruby-cloud-api-id=accessapproval.googleapis.com", + "ruby-cloud-api-shortname=accessapproval", + ], + grpc_service_config = "accessapproval_grpc_service_config.json", + ruby_cloud_description = "An API for controlling access to data by Google personnel.", + ruby_cloud_title = "Access Approval V1", + deps = [ + ":accessapproval_ruby_grpc", + ":accessapproval_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-accessapproval-v1-ruby", + deps = [ + ":accessapproval_ruby_gapic", + ":accessapproval_ruby_grpc", + ":accessapproval_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "accessapproval_csharp_proto", + deps = [":accessapproval_proto"], +) + +csharp_grpc_library( + name = "accessapproval_csharp_grpc", + srcs = [":accessapproval_proto"], + deps = [":accessapproval_csharp_proto"], +) + +csharp_gapic_library( + name = "accessapproval_csharp_gapic", + srcs = [":accessapproval_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "accessapproval_grpc_service_config.json", + service_yaml = "accessapproval_v1.yaml", + deps = [ + ":accessapproval_csharp_grpc", + ":accessapproval_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-accessapproval-v1-csharp", + deps = [ + ":accessapproval_csharp_gapic", + ":accessapproval_csharp_grpc", + ":accessapproval_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "accessapproval_cc_proto", + deps = [":accessapproval_proto"], +) + +cc_grpc_library( + name = "accessapproval_cc_grpc", + srcs = [":accessapproval_proto"], + grpc_only = True, + deps = [":accessapproval_cc_proto"], +) diff --git a/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval.proto b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval.proto new file mode 100644 index 0000000..adeccff --- /dev/null +++ b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval.proto @@ -0,0 +1,697 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.accessapproval.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.AccessApproval.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/accessapproval/v1;accessapproval"; +option java_multiple_files = true; +option java_outer_classname = "AccessApprovalProto"; +option java_package = "com.google.cloud.accessapproval.v1"; +option php_namespace = "Google\\Cloud\\AccessApproval\\V1"; +option ruby_package = "Google::Cloud::AccessApproval::V1"; + +// This API allows a customer to manage accesses to cloud resources by +// Google personnel. It defines the following resource model: +// +// - The API has a collection of +// [ApprovalRequest][google.cloud.accessapproval.v1.ApprovalRequest] +// resources, named `approvalRequests/{approval_request}` +// - The API has top-level settings per Project/Folder/Organization, named +// `accessApprovalSettings` +// +// The service also periodically emails a list of recipients, defined at the +// Project/Folder/Organization level in the accessApprovalSettings, when there +// is a pending ApprovalRequest for them to act on. The ApprovalRequests can +// also optionally be published to a Pub/Sub topic owned by the customer +// (contact support if you would like to enable Pub/Sub notifications). +// +// ApprovalRequests can be approved or dismissed. Google personnel can only +// access the indicated resource or resources if the request is approved +// (subject to some exclusions: +// https://cloud.google.com/access-approval/docs/overview#exclusions). +// +// Note: Using Access Approval functionality will mean that Google may not be +// able to meet the SLAs for your chosen products, as any support response times +// may be dramatically increased. As such the SLAs do not apply to any service +// disruption to the extent impacted by Customer's use of Access Approval. Do +// not enable Access Approval for projects where you may require high service +// availability and rapid response by Google Cloud Support. +// +// After a request is approved or dismissed, no further action may be taken on +// it. Requests with the requested_expiration in the past or with no activity +// for 14 days are considered dismissed. When an approval expires, the request +// is considered dismissed. +// +// If a request is not approved or dismissed, we call it pending. +service AccessApproval { + option (google.api.default_host) = "accessapproval.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Lists approval requests associated with a project, folder, or organization. + // Approval requests can be filtered by state (pending, active, dismissed). + // The order is reverse chronological. + rpc ListApprovalRequests(ListApprovalRequestsMessage) returns (ListApprovalRequestsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*}/approvalRequests" + additional_bindings { + get: "/v1/{parent=folders/*}/approvalRequests" + } + additional_bindings { + get: "/v1/{parent=organizations/*}/approvalRequests" + } + }; + option (google.api.method_signature) = "parent"; + } + + // Gets an approval request. Returns NOT_FOUND if the request does not exist. + rpc GetApprovalRequest(GetApprovalRequestMessage) returns (ApprovalRequest) { + option (google.api.http) = { + get: "/v1/{name=projects/*/approvalRequests/*}" + additional_bindings { + get: "/v1/{name=folders/*/approvalRequests/*}" + } + additional_bindings { + get: "/v1/{name=organizations/*/approvalRequests/*}" + } + }; + option (google.api.method_signature) = "name"; + } + + // Approves a request and returns the updated ApprovalRequest. + // + // Returns NOT_FOUND if the request does not exist. Returns + // FAILED_PRECONDITION if the request exists but is not in a pending state. + rpc ApproveApprovalRequest(ApproveApprovalRequestMessage) returns (ApprovalRequest) { + option (google.api.http) = { + post: "/v1/{name=projects/*/approvalRequests/*}:approve" + body: "*" + additional_bindings { + post: "/v1/{name=folders/*/approvalRequests/*}:approve" + body: "*" + } + additional_bindings { + post: "/v1/{name=organizations/*/approvalRequests/*}:approve" + body: "*" + } + }; + } + + // Dismisses a request. Returns the updated ApprovalRequest. + // + // NOTE: This does not deny access to the resource if another request has been + // made and approved. It is equivalent in effect to ignoring the request + // altogether. + // + // Returns NOT_FOUND if the request does not exist. + // + // Returns FAILED_PRECONDITION if the request exists but is not in a pending + // state. + rpc DismissApprovalRequest(DismissApprovalRequestMessage) returns (ApprovalRequest) { + option (google.api.http) = { + post: "/v1/{name=projects/*/approvalRequests/*}:dismiss" + body: "*" + additional_bindings { + post: "/v1/{name=folders/*/approvalRequests/*}:dismiss" + body: "*" + } + additional_bindings { + post: "/v1/{name=organizations/*/approvalRequests/*}:dismiss" + body: "*" + } + }; + } + + // Invalidates an existing ApprovalRequest. Returns the updated + // ApprovalRequest. + // + // NOTE: This does not deny access to the resource if another request has been + // made and approved. It only invalidates a single approval. + // + // Returns FAILED_PRECONDITION if the request exists but is not in an approved + // state. + rpc InvalidateApprovalRequest(InvalidateApprovalRequestMessage) returns (ApprovalRequest) { + option (google.api.http) = { + post: "/v1/{name=projects/*/approvalRequests/*}:invalidate" + body: "*" + additional_bindings { + post: "/v1/{name=folders/*/approvalRequests/*}:invalidate" + body: "*" + } + additional_bindings { + post: "/v1/{name=organizations/*/approvalRequests/*}:invalidate" + body: "*" + } + }; + } + + // Gets the settings associated with a project, folder, or organization. + rpc GetAccessApprovalSettings(GetAccessApprovalSettingsMessage) returns (AccessApprovalSettings) { + option (google.api.http) = { + get: "/v1/{name=projects/*/accessApprovalSettings}" + additional_bindings { + get: "/v1/{name=folders/*/accessApprovalSettings}" + } + additional_bindings { + get: "/v1/{name=organizations/*/accessApprovalSettings}" + } + }; + option (google.api.method_signature) = "name"; + } + + // Updates the settings associated with a project, folder, or organization. + // Settings to update are determined by the value of field_mask. + rpc UpdateAccessApprovalSettings(UpdateAccessApprovalSettingsMessage) returns (AccessApprovalSettings) { + option (google.api.http) = { + patch: "/v1/{settings.name=projects/*/accessApprovalSettings}" + body: "settings" + additional_bindings { + patch: "/v1/{settings.name=folders/*/accessApprovalSettings}" + body: "settings" + } + additional_bindings { + patch: "/v1/{settings.name=organizations/*/accessApprovalSettings}" + body: "settings" + } + }; + option (google.api.method_signature) = "settings,update_mask"; + } + + // Deletes the settings associated with a project, folder, or organization. + // This will have the effect of disabling Access Approval for the project, + // folder, or organization, but only if all ancestors also have Access + // Approval disabled. If Access Approval is enabled at a higher level of the + // hierarchy, then Access Approval will still be enabled at this level as + // the settings are inherited. + rpc DeleteAccessApprovalSettings(DeleteAccessApprovalSettingsMessage) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1/{name=projects/*/accessApprovalSettings}" + additional_bindings { + delete: "/v1/{name=folders/*/accessApprovalSettings}" + } + additional_bindings { + delete: "/v1/{name=organizations/*/accessApprovalSettings}" + } + }; + option (google.api.method_signature) = "name"; + } + + // Retrieves the service account that is used by Access Approval to access KMS + // keys for signing approved approval requests. + rpc GetAccessApprovalServiceAccount(GetAccessApprovalServiceAccountMessage) returns (AccessApprovalServiceAccount) { + option (google.api.http) = { + get: "/v1/{name=projects/*/serviceAccount}" + additional_bindings { + get: "/v1/{name=folders/*/serviceAccount}" + } + additional_bindings { + get: "/v1/{name=organizations/*/serviceAccount}" + } + }; + option (google.api.method_signature) = "name"; + } +} + +// Home office and physical location of the principal. +message AccessLocations { + // The "home office" location of the principal. A two-letter country code + // (ISO 3166-1 alpha-2), such as "US", "DE" or "GB" or a region code. In some + // limited situations Google systems may refer refer to a region code instead + // of a country code. + // Possible Region Codes: + // + // * ASI: Asia + // * EUR: Europe + // * OCE: Oceania + // * AFR: Africa + // * NAM: North America + // * SAM: South America + // * ANT: Antarctica + // * ANY: Any location + string principal_office_country = 1; + + // Physical location of the principal at the time of the access. A + // two-letter country code (ISO 3166-1 alpha-2), such as "US", "DE" or "GB" or + // a region code. In some limited situations Google systems may refer refer to + // a region code instead of a country code. + // Possible Region Codes: + // + // * ASI: Asia + // * EUR: Europe + // * OCE: Oceania + // * AFR: Africa + // * NAM: North America + // * SAM: South America + // * ANT: Antarctica + // * ANY: Any location + string principal_physical_location_country = 2; +} + +message AccessReason { + // Type of access justification. + enum Type { + // Default value for proto, shouldn't be used. + TYPE_UNSPECIFIED = 0; + + // Customer made a request or raised an issue that required the principal to + // access customer data. `detail` is of the form ("#####" is the issue ID): + // + // * "Feedback Report: #####" + // * "Case Number: #####" + // * "Case ID: #####" + // * "E-PIN Reference: #####" + // * "Google-#####" + // * "T-#####" + CUSTOMER_INITIATED_SUPPORT = 1; + + // The principal accessed customer data in order to diagnose or resolve a + // suspected issue in services. Often this access is used to confirm that + // customers are not affected by a suspected service issue or to remediate a + // reversible system issue. + GOOGLE_INITIATED_SERVICE = 2; + + // Google initiated service for security, fraud, abuse, or compliance + // purposes. + GOOGLE_INITIATED_REVIEW = 3; + + // The principal was compelled to access customer data in order to respond + // to a legal third party data request or process, including legal processes + // from customers themselves. + THIRD_PARTY_DATA_REQUEST = 4; + + // The principal accessed customer data in order to diagnose or resolve a + // suspected issue in services or a known outage. + GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5; + } + + // Type of access justification. + Type type = 1; + + // More detail about certain reason types. See comments for each type above. + string detail = 2; +} + +// Information about the digital signature of the resource. +message SignatureInfo { + // The digital signature. + bytes signature = 1; + + // How this signature may be verified. + oneof verification_info { + // The public key for the Google default signing, encoded in PEM format. The + // signature was created using a private key which may be verified using + // this public key. + string google_public_key_pem = 2; + + // The resource name of the customer CryptoKeyVersion used for signing. + string customer_kms_key_version = 3; + } +} + +// A decision that has been made to approve access to a resource. +message ApproveDecision { + // The time at which approval was granted. + google.protobuf.Timestamp approve_time = 1; + + // The time at which the approval expires. + google.protobuf.Timestamp expire_time = 2; + + // If set, denotes the timestamp at which the approval is invalidated. + google.protobuf.Timestamp invalidate_time = 3; + + // The signature for the ApprovalRequest and details on how it was signed. + SignatureInfo signature_info = 4; + + // True when the request has been auto-approved. + bool auto_approved = 5; +} + +// A decision that has been made to dismiss an approval request. +message DismissDecision { + // The time at which the approval request was dismissed. + google.protobuf.Timestamp dismiss_time = 1; + + // This field will be true if the ApprovalRequest was implicitly dismissed due + // to inaction by the access approval approvers (the request is not acted + // on by the approvers before the exiration time). + bool implicit = 2; +} + +// The properties associated with the resource of the request. +message ResourceProperties { + // Whether an approval will exclude the descendants of the resource being + // requested. + bool excludes_descendants = 1; +} + +// A request for the customer to approve access to a resource. +message ApprovalRequest { + option (google.api.resource) = { + type: "accessapproval.googleapis.com/ApprovalRequest" + pattern: "projects/{project}/approvalRequests/{approval_request}" + pattern: "folders/{folder}/approvalRequests/{approval_request}" + pattern: "organizations/{organization}/approvalRequests/{approval_request}" + }; + + // The resource name of the request. Format is + // "{projects|folders|organizations}/{id}/approvalRequests/{approval_request}". + string name = 1; + + // The resource for which approval is being requested. The format of the + // resource name is defined at + // https://cloud.google.com/apis/design/resource_names. The resource name here + // may either be a "full" resource name (e.g. + // "//library.googleapis.com/shelves/shelf1/books/book2") or a "relative" + // resource name (e.g. "shelves/shelf1/books/book2") as described in the + // resource name specification. + string requested_resource_name = 2; + + // Properties related to the resource represented by requested_resource_name. + ResourceProperties requested_resource_properties = 9; + + // The justification for which approval is being requested. + AccessReason requested_reason = 3; + + // The locations for which approval is being requested. + AccessLocations requested_locations = 4; + + // The time at which approval was requested. + google.protobuf.Timestamp request_time = 5; + + // The requested expiration for the approval. If the request is approved, + // access will be granted from the time of approval until the expiration time. + google.protobuf.Timestamp requested_expiration = 6; + + // The current decision on the approval request. + oneof decision { + // Access was approved. + ApproveDecision approve = 7; + + // The request was dismissed. + DismissDecision dismiss = 8; + } +} + +// Represents the type of enrollment for a given service to Access Approval. +enum EnrollmentLevel { + // Default value for proto, shouldn't be used. + ENROLLMENT_LEVEL_UNSPECIFIED = 0; + + // Service is enrolled in Access Approval for all requests + BLOCK_ALL = 1; +} + +// Represents the enrollment of a cloud resource into a specific service. +message EnrolledService { + // The product for which Access Approval will be enrolled. Allowed values are + // listed below (case-sensitive): + // + // * all + // * GA + // * App Engine + // * BigQuery + // * Cloud Bigtable + // * Cloud Key Management Service + // * Compute Engine + // * Cloud Dataflow + // * Cloud Dataproc + // * Cloud DLP + // * Cloud EKM + // * Cloud HSM + // * Cloud Identity and Access Management + // * Cloud Logging + // * Cloud Pub/Sub + // * Cloud Spanner + // * Cloud SQL + // * Cloud Storage + // * Google Kubernetes Engine + // * Organization Policy Serivice + // * Persistent Disk + // * Resource Manager + // * Secret Manager + // * Speaker ID + // + // Note: These values are supported as input for legacy purposes, but will not + // be returned from the API. + // + // * all + // * ga-only + // * appengine.googleapis.com + // * bigquery.googleapis.com + // * bigtable.googleapis.com + // * container.googleapis.com + // * cloudkms.googleapis.com + // * cloudresourcemanager.googleapis.com + // * cloudsql.googleapis.com + // * compute.googleapis.com + // * dataflow.googleapis.com + // * dataproc.googleapis.com + // * dlp.googleapis.com + // * iam.googleapis.com + // * logging.googleapis.com + // * orgpolicy.googleapis.com + // * pubsub.googleapis.com + // * spanner.googleapis.com + // * secretmanager.googleapis.com + // * speakerid.googleapis.com + // * storage.googleapis.com + // + // Calls to UpdateAccessApprovalSettings using 'all' or any of the + // XXX.googleapis.com will be translated to the associated product name + // ('all', 'App Engine', etc.). + // + // Note: 'all' will enroll the resource in all products supported at both 'GA' + // and 'Preview' levels. + // + // More information about levels of support is available at + // https://cloud.google.com/access-approval/docs/supported-services + string cloud_product = 1; + + // The enrollment level of the service. + EnrollmentLevel enrollment_level = 2; +} + +// Settings on a Project/Folder/Organization related to Access Approval. +message AccessApprovalSettings { + option (google.api.resource) = { + type: "accessapproval.googleapis.com/AccessApprovalSettings" + pattern: "projects/{project}/accessApprovalSettings" + pattern: "folders/{folder}/accessApprovalSettings" + pattern: "organizations/{organization}/accessApprovalSettings" + }; + + // The resource name of the settings. Format is one of: + // + // * "projects/{project}/accessApprovalSettings" + // * "folders/{folder}/accessApprovalSettings" + // * "organizations/{organization}/accessApprovalSettings" + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/AccessApprovalSettings" + }]; + + // A list of email addresses to which notifications relating to approval + // requests should be sent. Notifications relating to a resource will be sent + // to all emails in the settings of ancestor resources of that resource. A + // maximum of 50 email addresses are allowed. + repeated string notification_emails = 2; + + // A list of Google Cloud Services for which the given resource has Access + // Approval enrolled. Access requests for the resource given by name against + // any of these services contained here will be required to have explicit + // approval. If name refers to an organization, enrollment can be done for + // individual services. If name refers to a folder or project, enrollment can + // only be done on an all or nothing basis. + // + // If a cloud_product is repeated in this list, the first entry will be + // honored and all following entries will be discarded. A maximum of 10 + // enrolled services will be enforced, to be expanded as the set of supported + // services is expanded. + repeated EnrolledService enrolled_services = 3; + + // Output only. This field is read only (not settable via + // UpdateAccessApprovalSettings method). If the field is true, that + // indicates that at least one service is enrolled for Access Approval in one + // or more ancestors of the Project or Folder (this field will always be + // unset for the organization since organizations do not have ancestors). + bool enrolled_ancestor = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The asymmetric crypto key version to use for signing approval requests. + // Empty active_key_version indicates that a Google-managed key should be used + // for signing. This property will be ignored if set by an ancestor of this + // resource, and new non-empty values may not be set. + string active_key_version = 6; + + // Output only. This field is read only (not settable via UpdateAccessApprovalSettings + // method). If the field is true, that indicates that an ancestor of this + // Project or Folder has set active_key_version (this field will always be + // unset for the organization since organizations do not have ancestors). + bool ancestor_has_active_key_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. This field is read only (not settable via UpdateAccessApprovalSettings + // method). If the field is true, that indicates that there is some + // configuration issue with the active_key_version configured at this level in + // the resource hierarchy (e.g. it doesn't exist or the Access Approval + // service account doesn't have the correct permissions on it, etc.) This key + // version is not necessarily the effective key version at this level, as key + // versions are inherited top-down. + bool invalid_key_version = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// Access Approval service account related to a project/folder/organization. +message AccessApprovalServiceAccount { + option (google.api.resource) = { + type: "accessapproval.googleapis.com/AccessApprovalServiceAccount" + pattern: "projects/{project}/serviceAccount" + pattern: "folders/{folder}/serviceAccount" + pattern: "organizations/{organization}/serviceAccount" + }; + + // The resource name of the Access Approval service account. Format is one of: + // + // * "projects/{project}/serviceAccount" + // * "folders/{folder}/serviceAccount" + // * "organizations/{organization}/serviceAccount" + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/AccessApprovalServiceAccount" + }]; + + // Email address of the service account. + string account_email = 2; +} + +// Request to list approval requests. +message ListApprovalRequestsMessage { + // The parent resource. This may be "projects/{project}", + // "folders/{folder}", or "organizations/{organization}". + string parent = 1 [(google.api.resource_reference) = { + child_type: "accessapproval.googleapis.com/ApprovalRequest" + }]; + + // A filter on the type of approval requests to retrieve. Must be one of the + // following values: + // + // * [not set]: Requests that are pending or have active approvals. + // * ALL: All requests. + // * PENDING: Only pending requests. + // * ACTIVE: Only active (i.e. currently approved) requests. + // * DISMISSED: Only requests that have been dismissed, or requests that + // are not approved and past expiration. + // * EXPIRED: Only requests that have been approved, and the approval has + // expired. + // * HISTORY: Active, dismissed and expired requests. + string filter = 2; + + // Requested page size. + int32 page_size = 3; + + // A token identifying the page of results to return. + string page_token = 4; +} + +// Response to listing of ApprovalRequest objects. +message ListApprovalRequestsResponse { + // Approval request details. + repeated ApprovalRequest approval_requests = 1; + + // Token to retrieve the next page of results, or empty if there are no more. + string next_page_token = 2; +} + +// Request to get an approval request. +message GetApprovalRequestMessage { + // The name of the approval request to retrieve. + // Format: + // "{projects|folders|organizations}/{id}/approvalRequests/{approval_request}" + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/ApprovalRequest" + }]; +} + +// Request to approve an ApprovalRequest. +message ApproveApprovalRequestMessage { + // Name of the approval request to approve. + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/ApprovalRequest" + }]; + + // The expiration time of this approval. + google.protobuf.Timestamp expire_time = 2; +} + +// Request to dismiss an approval request. +message DismissApprovalRequestMessage { + // Name of the ApprovalRequest to dismiss. + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/ApprovalRequest" + }]; +} + +// Request to invalidate an existing approval. +message InvalidateApprovalRequestMessage { + // Name of the ApprovalRequest to invalidate. + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/ApprovalRequest" + }]; +} + +// Request to get access approval settings. +message GetAccessApprovalSettingsMessage { + // The name of the AccessApprovalSettings to retrieve. + // Format: "{projects|folders|organizations}/{id}/accessApprovalSettings" + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/AccessApprovalSettings" + }]; +} + +// Request to update access approval settings. +message UpdateAccessApprovalSettingsMessage { + // The new AccessApprovalSettings. + AccessApprovalSettings settings = 1; + + // The update mask applies to the settings. Only the top level fields of + // AccessApprovalSettings (notification_emails & enrolled_services) are + // supported. For each field, if it is included, the currently stored value + // will be entirely overwritten with the value of the field passed in this + // request. + // + // For the `FieldMask` definition, see + // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask + // If this field is left unset, only the notification_emails field will be + // updated. + google.protobuf.FieldMask update_mask = 2; +} + +// Request to delete access approval settings. +message DeleteAccessApprovalSettingsMessage { + // Name of the AccessApprovalSettings to delete. + string name = 1 [(google.api.resource_reference) = { + type: "accessapproval.googleapis.com/AccessApprovalSettings" + }]; +} + +// Request to get an Access Approval service account. +message GetAccessApprovalServiceAccountMessage { + // Name of the AccessApprovalServiceAccount to retrieve. + string name = 1; +} diff --git a/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_gapic.yaml b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_gapic.yaml new file mode 100644 index 0000000..e96f230 --- /dev/null +++ b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_gapic.yaml @@ -0,0 +1,7 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 +language_settings: + java: + package_name: com.google.cloud.accessapproval.v1 + interface_names: + google.cloud.accessapproval.v1.AccessApproval: AccessApprovalAdmin diff --git a/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_grpc_service_config.json b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_grpc_service_config.json new file mode 100644 index 0000000..03f40e1 --- /dev/null +++ b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_grpc_service_config.json @@ -0,0 +1,31 @@ +{ + "methodConfig": [ + { + "name": [ + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "ListApprovalRequests"}, + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "GetApprovalRequest"}, + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "GetAccessApprovalSettings"} + ], + "timeout": "600s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + }, + { + "name": [ + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "ApproveApprovalRequest"}, + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "DismissApprovalRequest"}, + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "InvalidateApprovalRequest"}, + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "UpdateAccessApprovalSettings"}, + {"service": "google.cloud.accessapproval.v1.AccessApproval", "method": "DeleteAccessApprovalSettings"} + ], + "timeout": "600s" + } + ] +} diff --git a/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_v1.yaml b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_v1.yaml new file mode 100644 index 0000000..9893bf2 --- /dev/null +++ b/third_party/googleapis/google/cloud/accessapproval/v1/accessapproval_v1.yaml @@ -0,0 +1,22 @@ +type: google.api.Service +config_version: 3 +name: accessapproval.googleapis.com +title: Access Approval API + +apis: +- name: google.cloud.accessapproval.v1.AccessApproval + +documentation: + summary: An API for controlling access to data by Google personnel. + +backend: + rules: + - selector: 'google.cloud.accessapproval.v1.AccessApproval.*' + deadline: 10.0 + +authentication: + rules: + - selector: 'google.cloud.accessapproval.v1.AccessApproval.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform |