docs: docs update (#911)
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/google-api-python-client/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)
Fixes #<issue_number_goes_here> 🦕
diff --git a/docs/dyn/servicemanagement_v1.services.html b/docs/dyn/servicemanagement_v1.services.html
index b001510..36b3e13 100644
--- a/docs/dyn/servicemanagement_v1.services.html
+++ b/docs/dyn/servicemanagement_v1.services.html
@@ -108,13 +108,13 @@
<code><a href="#get">get(serviceName, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a managed service. Authentication is required unless the service is</p>
<p class="toc_element">
- <code><a href="#getConfig">getConfig(serviceName, configId=None, x__xgafv=None, view=None)</a></code></p>
+ <code><a href="#getConfig">getConfig(serviceName, configId=None, view=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a service configuration (version) for a managed service.</p>
<p class="toc_element">
<code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the access control policy for a resource.</p>
<p class="toc_element">
- <code><a href="#list">list(producerProjectId=None, pageSize=None, pageToken=None, consumerId=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(consumerId=None, pageToken=None, pageSize=None, producerProjectId=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists managed services.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -149,9 +149,9 @@
{ # The full representation of a Service that is managed by
# Google Service Management.
- "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
+ "producerProjectId": "A String", # ID of the project that produces and owns this service.
+ "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
# for naming requirements.
- "producerProjectId": "A String", # ID of the project that produces and owns this service.
}
x__xgafv: string, V1 error format.
@@ -164,34 +164,16 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "metadata": { # Service-specific metadata associated with the operation. It typically
+ "metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
- "response": { # The normal response of the operation in case of success. If the original
+ "response": { # The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
# `Get`/`Create`/`Update`, the response should be the resource. For other
@@ -199,11 +181,29 @@
# is the original method name. For example, if the original method name
# is `TakeSnapshot()`, the inferred response type is
# `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ },
}</pre>
</div>
@@ -229,34 +229,16 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "metadata": { # Service-specific metadata associated with the operation. It typically
+ "metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
- "response": { # The normal response of the operation in case of success. If the original
+ "response": { # The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
# `Get`/`Create`/`Update`, the response should be the resource. For other
@@ -264,11 +246,29 @@
# is the original method name. For example, if the original method name
# is `TakeSnapshot()`, the inferred response type is
# `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ },
}</pre>
</div>
@@ -287,12 +287,12 @@
The object takes the form of:
{ # Request message for DisableService method.
- "consumerId": "A String", # Required. The identity of consumer resource which service disablement will be
+ "consumerId": "A String", # Required. The identity of consumer resource which service disablement will be
# applied to.
#
# The Google Service Management implementation accepts the following
# forms:
- # - "project:<project_id>"
+ # - "project:<project_id>"
#
# Note: this is made compatible with
# google.api.servicecontrol.v1.Operation.consumer_id.
@@ -308,34 +308,16 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "metadata": { # Service-specific metadata associated with the operation. It typically
+ "metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
- "response": { # The normal response of the operation in case of success. If the original
+ "response": { # The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
# `Get`/`Create`/`Update`, the response should be the resource. For other
@@ -343,11 +325,29 @@
# is the original method name. For example, if the original method name
# is `TakeSnapshot()`, the inferred response type is
# `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ },
}</pre>
</div>
@@ -367,12 +367,12 @@
The object takes the form of:
{ # Request message for EnableService method.
- "consumerId": "A String", # Required. The identity of consumer resource which service enablement will be
+ "consumerId": "A String", # Required. The identity of consumer resource which service enablement will be
# applied to.
#
# The Google Service Management implementation accepts the following
# forms:
- # - "project:<project_id>"
+ # - "project:<project_id>"
#
# Note: this is made compatible with
# google.api.servicecontrol.v1.Operation.consumer_id.
@@ -388,34 +388,16 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "metadata": { # Service-specific metadata associated with the operation. It typically
+ "metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
- "response": { # The normal response of the operation in case of success. If the original
+ "response": { # The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
# `Get`/`Create`/`Update`, the response should be the resource. For other
@@ -423,11 +405,29 @@
# is the original method name. For example, if the original method name
# is `TakeSnapshot()`, the inferred response type is
# `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ },
}</pre>
</div>
@@ -450,19 +450,19 @@
The object takes the form of:
{ # Request message for GenerateConfigReport method.
- "newConfig": { # Required. Service configuration for which we want to generate the report.
+ "oldConfig": { # Optional. Service configuration against which the comparison will be done.
# For this version of API, the supported types are
# google.api.servicemanagement.v1.ConfigRef,
# google.api.servicemanagement.v1.ConfigSource,
# and google.api.Service
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "oldConfig": { # Optional. Service configuration against which the comparison will be done.
+ "newConfig": { # Required. Service configuration for which we want to generate the report.
# For this version of API, the supported types are
# google.api.servicemanagement.v1.ConfigRef,
# google.api.servicemanagement.v1.ConfigSource,
# and google.api.Service
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
}
@@ -475,60 +475,60 @@
An object of the form:
{ # Response message for GenerateConfigReport method.
- "serviceName": "A String", # Name of the service this report belongs to.
- "changeReports": [ # list of ChangeReport, each corresponding to comparison between two
+ "changeReports": [ # list of ChangeReport, each corresponding to comparison between two
# service configurations.
{ # Change report associated with a particular service configuration.
#
# It contains a list of ConfigChanges based on the comparison between
# two service configurations.
- "configChanges": [ # List of changes between two service configurations.
+ "configChanges": [ # List of changes between two service configurations.
# The changes will be alphabetically sorted based on the identifier
# of each change.
# A ConfigChange identifier is a dot separated path to the configuration.
- # Example: visibility.rules[selector='LibraryService.CreateBook'].restriction
+ # Example: visibility.rules[selector='LibraryService.CreateBook'].restriction
{ # Output generated from semantically comparing two versions of a service
# configuration.
#
# Includes detailed information about a field that have changed with
# applicable advice about potential consequences for the change, such as
# backwards-incompatibility.
- "advices": [ # Collection of advice provided for this change, useful for determining the
+ "element": "A String", # Object hierarchy path to the change, with levels separated by a '.'
+ # character. For repeated fields, an applicable unique identifier field is
+ # used for the index (usually selector, name, or id). For maps, the term
+ # 'key' is used. If the field has no unique identifier, the numeric index
+ # is used.
+ # Examples:
+ # - visibility.rules[selector=="google.LibraryService.ListBooks"].restriction
+ # - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value
+ # - logging.producer_destinations[0]
+ "oldValue": "A String", # Value of the changed object in the old Service configuration,
+ # in JSON format. This field will not be populated if ChangeType == ADDED.
+ "advices": [ # Collection of advice provided for this change, useful for determining the
# possible impact of this change.
{ # Generated advice about this change, used for providing more
# information about how a change will affect the existing service.
- "description": "A String", # Useful description for why this advice was applied and what actions should
+ "description": "A String", # Useful description for why this advice was applied and what actions should
# be taken to mitigate any implied risks.
},
],
- "changeType": "A String", # The type for this change, either ADDED, REMOVED, or MODIFIED.
- "newValue": "A String", # Value of the changed object in the new Service configuration,
+ "newValue": "A String", # Value of the changed object in the new Service configuration,
# in JSON format. This field will not be populated if ChangeType == REMOVED.
- "oldValue": "A String", # Value of the changed object in the old Service configuration,
- # in JSON format. This field will not be populated if ChangeType == ADDED.
- "element": "A String", # Object hierarchy path to the change, with levels separated by a '.'
- # character. For repeated fields, an applicable unique identifier field is
- # used for the index (usually selector, name, or id). For maps, the term
- # 'key' is used. If the field has no unique identifier, the numeric index
- # is used.
- # Examples:
- # - visibility.rules[selector=="google.LibraryService.ListBooks"].restriction
- # - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value
- # - logging.producer_destinations[0]
+ "changeType": "A String", # The type for this change, either ADDED, REMOVED, or MODIFIED.
},
],
},
],
- "id": "A String", # ID of the service configuration this report belongs to.
- "diagnostics": [ # Errors / Linter warnings associated with the service definition this
+ "id": "A String", # ID of the service configuration this report belongs to.
+ "diagnostics": [ # Errors / Linter warnings associated with the service definition this
# report
# belongs to.
{ # Represents a diagnostic message (error or warning)
- "kind": "A String", # The kind of diagnostic information provided.
- "message": "A String", # Message describing the error or warning.
- "location": "A String", # File name and line number of the error or warning.
+ "kind": "A String", # The kind of diagnostic information provided.
+ "message": "A String", # Message describing the error or warning.
+ "location": "A String", # File name and line number of the error or warning.
},
],
+ "serviceName": "A String", # Name of the service this report belongs to.
}</pre>
</div>
@@ -550,14 +550,14 @@
{ # The full representation of a Service that is managed by
# Google Service Management.
- "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
+ "producerProjectId": "A String", # ID of the project that produces and owns this service.
+ "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
# for naming requirements.
- "producerProjectId": "A String", # ID of the project that produces and owns this service.
}</pre>
</div>
<div class="method">
- <code class="details" id="getConfig">getConfig(serviceName, configId=None, x__xgafv=None, view=None)</code>
+ <code class="details" id="getConfig">getConfig(serviceName, configId=None, view=None, x__xgafv=None)</code>
<pre>Gets a service configuration (version) for a managed service.
Args:
@@ -567,12 +567,12 @@
This field must be specified for the server to return all fields, including
`SourceInfo`.
+ view: string, Specifies which parts of the Service Config should be returned in the
+response.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
- view: string, Specifies which parts of the Service Config should be returned in the
-response.
Returns:
An object of the form:
@@ -597,240 +597,10 @@
# jwks_uri: https://www.googleapis.com/oauth2/v1/certs
# issuer: https://securetoken.google.com
# rules:
- # - selector: "*"
+ # - selector: "*"
# requirements:
# provider_id: google_calendar_auth
- "control": { # Selects and configures the service controller used by the service. The # Configuration for the service control plane.
- # service controller handles features like abuse, quota, billing, logging,
- # monitoring, etc.
- "environment": "A String", # The service control environment to use. If empty, no control plane
- # feature (like quota and billing) will be enabled.
- },
- "monitoredResources": [ # Defines the monitored resources used by this service. This is required
- # by the Service.monitoring and Service.logging configurations.
- { # An object that describes the schema of a MonitoredResource object using a
- # type name and a set of labels. For example, the monitored resource
- # descriptor for Google Compute Engine VM instances has a type of
- # `"gce_instance"` and specifies the use of the labels `"instance_id"` and
- # `"zone"` to identify particular VM instances.
- #
- # Different APIs can support different monitored resource types. APIs generally
- # provide a `list` method that returns the monitored resource descriptors used
- # by the API.
- "displayName": "A String", # Optional. A concise name for the monitored resource type that might be
- # displayed in user interfaces. It should be a Title Cased Noun Phrase,
- # without any article or other determiners. For example,
- # `"Google Cloud SQL Database"`.
- "description": "A String", # Optional. A detailed description of the monitored resource type that might
- # be used in documentation.
- "labels": [ # Required. A set of labels used to describe instances of this monitored
- # resource type. For example, an individual Google Cloud SQL database is
- # identified by values for the labels `"database_id"` and `"zone"`.
- { # A description of a label.
- "valueType": "A String", # The type of data that can be assigned to the label.
- "description": "A String", # A human-readable description for the label.
- "key": "A String", # The label key.
- },
- ],
- "launchStage": "A String", # Optional. The launch stage of the monitored resource definition.
- "type": "A String", # Required. The monitored resource type. For example, the type
- # `"cloudsql_database"` represents databases in Google Cloud SQL.
- # The maximum length of this value is 256 characters.
- "name": "A String", # Optional. The resource name of the monitored resource descriptor:
- # `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where
- # {type} is the value of the `type` field in this object and
- # {project_id} is a project ID that provides API-specific context for
- # accessing the type. APIs that do not use project information can use the
- # resource name format `"monitoredResourceDescriptors/{type}"`.
- },
- ],
- "logs": [ # Defines the logs used by this service.
- { # A description of a log type. Example in YAML format:
- #
- # - name: library.googleapis.com/activity_history
- # description: The history of borrowing and returning library items.
- # display_name: Activity
- # labels:
- # - key: /customer_id
- # description: Identifier of a library customer
- "labels": [ # The set of labels that are available to describe a specific log entry.
- # Runtime requests that contain labels not specified here are
- # considered invalid.
- { # A description of a label.
- "valueType": "A String", # The type of data that can be assigned to the label.
- "description": "A String", # A human-readable description for the label.
- "key": "A String", # The label key.
- },
- ],
- "displayName": "A String", # The human-readable name for this log. This information appears on
- # the user interface and should be concise.
- "name": "A String", # The name of the log. It must be less than 512 characters long and can
- # include the following characters: upper- and lower-case alphanumeric
- # characters [A-Za-z0-9], and punctuation characters including
- # slash, underscore, hyphen, period [/_-.].
- "description": "A String", # A human-readable description of this log. This information appears in
- # the documentation and can contain details.
- },
- ],
- "systemParameters": { # ### System parameter configuration # System parameter configuration.
- #
- # A system parameter is a special kind of parameter defined by the API
- # system, not by an individual API. It is typically mapped to an HTTP header
- # and/or a URL query parameter. This configuration specifies which methods
- # change the names of the system parameters.
- "rules": [ # Define system parameters.
- #
- # The parameters defined here will override the default parameters
- # implemented by the system. If this field is missing from the service
- # config, default system parameters will be used. Default system parameters
- # and names is implementation-dependent.
- #
- # Example: define api key for all methods
- #
- # system_parameters
- # rules:
- # - selector: "*"
- # parameters:
- # - name: api_key
- # url_query_parameter: api_key
- #
- #
- # Example: define 2 api key names for a specific method.
- #
- # system_parameters
- # rules:
- # - selector: "/ListShelves"
- # parameters:
- # - name: api_key
- # http_header: Api-Key1
- # - name: api_key
- # http_header: Api-Key2
- #
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # Define a system parameter rule mapping system parameter definitions to
- # methods.
- "parameters": [ # Define parameters. Multiple names may be defined for a parameter.
- # For a given method call, only one of them should be used. If multiple
- # names are used the behavior is implementation-dependent.
- # If none of the specified names are present the behavior is
- # parameter-dependent.
- { # Define a parameter's name and location. The parameter may be passed as either
- # an HTTP header or a URL query parameter, and if both are passed the behavior
- # is implementation-dependent.
- "urlQueryParameter": "A String", # Define the URL query parameter name to use for the parameter. It is case
- # sensitive.
- "httpHeader": "A String", # Define the HTTP header name to use for the parameter. It is case
- # insensitive.
- "name": "A String", # Define the name of the parameter, such as "api_key" . It is case sensitive.
- },
- ],
- "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
- # methods in all APIs.
- #
- # Refer to selector for syntax details.
- },
- ],
- },
- "backend": { # `Backend` defines the backend configuration for a service. # API backend configuration.
- "rules": [ # A list of API backend rules that apply to individual API methods.
- #
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # A backend rule provides configuration for an individual API element.
- "jwtAudience": "A String", # The JWT audience is used when generating a JWT ID token for the backend.
- # This ID token will be added in the HTTP "authorization" header, and sent
- # to the backend.
- "protocol": "A String", # The protocol used for sending a request to the backend.
- # The supported values are "http/1.1" and "h2".
- #
- # The default value is inferred from the scheme in the
- # address field:
- #
- # SCHEME PROTOCOL
- # http:// http/1.1
- # https:// http/1.1
- # grpc:// h2
- # grpcs:// h2
- #
- # For secure HTTP backends (https://) that support HTTP/2, set this field
- # to "h2" for improved performance.
- #
- # Configuring this field to non-default values is only supported for secure
- # HTTP backends. This field will be ignored for all other backends.
- #
- # See
- # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
- # for more details on the supported values.
- "pathTranslation": "A String",
- "minDeadline": 3.14, # Minimum deadline in seconds needed for this method. Calls having deadline
- # value lower than this will be rejected.
- "selector": "A String", # Selects the methods to which this rule applies.
- #
- # Refer to selector for syntax details.
- "operationDeadline": 3.14, # The number of seconds to wait for the completion of a long running
- # operation. The default is no deadline.
- "deadline": 3.14, # The number of seconds to wait for a response from a request. The default
- # varies based on the request protocol and deployment environment.
- "disableAuth": True or False, # When disable_auth is true, a JWT ID token won't be generated and the
- # original "Authorization" HTTP header will be preserved. If the header is
- # used to carry the original token and is expected by the backend, this
- # field must be set to true to preserve the header.
- "address": "A String", # The address of the API backend.
- #
- # The scheme is used to determine the backend protocol and security.
- # The following schemes are accepted:
- #
- # SCHEME PROTOCOL SECURITY
- # http:// HTTP None
- # https:// HTTP TLS
- # grpc:// gRPC None
- # grpcs:// gRPC TLS
- #
- # It is recommended to explicitly include a scheme. Leaving out the scheme
- # may cause constrasting behaviors across platforms.
- #
- # If the port is unspecified, the default is:
- # - 80 for schemes without TLS
- # - 443 for schemes with TLS
- #
- # For HTTP backends, use protocol
- # to specify the protocol version.
- "renameTo": "A String", # Unimplemented. Do not use.
- #
- # The new name the selected proto elements should be renamed to.
- #
- # The package, the service and the method can all be renamed.
- # The backend server should implement the renamed proto. However, clients
- # should call the original method, and ESF routes the traffic to the renamed
- # method.
- #
- # HTTP clients should call the URL mapped to the original method.
- # gRPC and Stubby clients should call the original method with package name.
- #
- # For legacy reasons, ESF allows Stubby clients to call with the
- # short name (without the package name). However, for API Versioning(or
- # multiple methods mapped to the same short name), all Stubby clients must
- # call the method's full name with the package name, otherwise the first one
- # (selector) wins.
- #
- # If this `rename_to` is specified with a trailing `*`, the `selector` must
- # be specified with a trailing `*` as well. The all element short names
- # matched by the `*` in the selector will be kept in the `rename_to`.
- #
- # For example,
- # rename_rules:
- # - selector: |-
- # google.example.library.v1.*
- # rename_to: google.example.library.*
- #
- # The selector matches `google.example.library.v1.Library.CreateShelf` and
- # `google.example.library.v1.Library.CreateBook`, they will be renamed to
- # `google.example.library.Library.CreateShelf` and
- # `google.example.library.Library.CreateBook`. It essentially renames the
- # proto package name section of the matched proto service and methods.
- },
- ],
- },
- "monitoring": { # Monitoring configuration of the service. # Monitoring configuration.
+ "monitoring": { # Monitoring configuration of the service. # Monitoring configuration.
#
# The example below shows how to configure monitored resources and metrics
# for monitoring. In the example, a monitored resource and two metrics are
@@ -867,23 +637,7 @@
# metrics:
# - library.googleapis.com/book/returned_count
# - library.googleapis.com/book/overdue_count
- "producerDestinations": [ # Monitoring configurations for sending metrics to the producer project.
- # There can be multiple producer destinations. A monitored resouce type may
- # appear in multiple monitoring destinations if different aggregations are
- # needed for different sets of metrics associated with that monitored
- # resource type. A monitored resource and metric pair may only be used once
- # in the Monitoring configuration.
- { # Configuration of a specific monitoring destination (the producer project
- # or the consumer project).
- "monitoredResource": "A String", # The monitored resource type. The type must be defined in
- # Service.monitored_resources section.
- "metrics": [ # Types of the metrics to report to this monitoring destination.
- # Each type must be defined in Service.metrics section.
- "A String",
- ],
- },
- ],
- "consumerDestinations": [ # Monitoring configurations for sending metrics to the consumer project.
+ "consumerDestinations": [ # Monitoring configurations for sending metrics to the consumer project.
# There can be multiple consumer destinations. A monitored resouce type may
# appear in multiple monitoring destinations if different aggregations are
# needed for different sets of metrics associated with that monitored
@@ -891,306 +645,630 @@
# in the Monitoring configuration.
{ # Configuration of a specific monitoring destination (the producer project
# or the consumer project).
- "monitoredResource": "A String", # The monitored resource type. The type must be defined in
+ "monitoredResource": "A String", # The monitored resource type. The type must be defined in
# Service.monitored_resources section.
- "metrics": [ # Types of the metrics to report to this monitoring destination.
+ "metrics": [ # Types of the metrics to report to this monitoring destination.
# Each type must be defined in Service.metrics section.
- "A String",
+ "A String",
+ ],
+ },
+ ],
+ "producerDestinations": [ # Monitoring configurations for sending metrics to the producer project.
+ # There can be multiple producer destinations. A monitored resouce type may
+ # appear in multiple monitoring destinations if different aggregations are
+ # needed for different sets of metrics associated with that monitored
+ # resource type. A monitored resource and metric pair may only be used once
+ # in the Monitoring configuration.
+ { # Configuration of a specific monitoring destination (the producer project
+ # or the consumer project).
+ "monitoredResource": "A String", # The monitored resource type. The type must be defined in
+ # Service.monitored_resources section.
+ "metrics": [ # Types of the metrics to report to this monitoring destination.
+ # Each type must be defined in Service.metrics section.
+ "A String",
],
},
],
},
- "billing": { # Billing related configuration of the service. # Billing configuration.
+ "systemTypes": [ # A list of all proto message types included in this API service.
+ # It serves similar purpose as [google.api.Service.types], except that
+ # these types are not needed by user-defined APIs. Therefore, they will not
+ # show up in the generated discovery doc. This field should only be used
+ # to define system APIs in ESF.
+ { # A protocol buffer message type.
+ "options": [ # The protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "fields": [ # The list of fields.
+ { # A single field of a message type.
+ "defaultValue": "A String", # The string value of the default value of this field. Proto2 syntax only.
+ "name": "A String", # The field name.
+ "typeUrl": "A String", # The field type URL, without the scheme, for message or enumeration
+ # types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
+ "number": 42, # The field number.
+ "kind": "A String", # The field type.
+ "jsonName": "A String", # The field JSON name.
+ "options": [ # The protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "oneofIndex": 42, # The index of the field type in `Type.oneofs`, for message or enumeration
+ # types. The first type has index 1; zero means the type is not in the list.
+ "packed": True or False, # Whether to use alternative packed wire representation.
+ "cardinality": "A String", # The field cardinality.
+ },
+ ],
+ "name": "A String", # The fully qualified message name.
+ "oneofs": [ # The list of types appearing in `oneof` definitions in this type.
+ "A String",
+ ],
+ "syntax": "A String", # The source syntax.
+ "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
+ # protobuf element, like the file in which it is defined.
+ "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
+ # protobuf element. For example: `"google/protobuf/source_context.proto"`.
+ },
+ },
+ ],
+ "producerProjectId": "A String", # The Google project that owns this service.
+ "quota": { # Quota configuration helps to achieve fairness and budgeting in service # Quota configuration.
+ # usage.
+ #
+ # The metric based quota configuration works this way:
+ # - The service configuration defines a set of metrics.
+ # - For API calls, the quota.metric_rules maps methods to metrics with
+ # corresponding costs.
+ # - The quota.limits defines limits on the metrics, which will be used for
+ # quota checks at runtime.
+ #
+ # An example quota configuration in yaml format:
+ #
+ # quota:
+ # limits:
+ #
+ # - name: apiWriteQpsPerProject
+ # metric: library.googleapis.com/write_calls
+ # unit: "1/min/{project}" # rate limit for consumer projects
+ # values:
+ # STANDARD: 10000
+ #
+ #
+ # # The metric rules bind all methods to the read_calls metric,
+ # # except for the UpdateBook and DeleteBook methods. These two methods
+ # # are mapped to the write_calls metric, with the UpdateBook method
+ # # consuming at twice rate as the DeleteBook method.
+ # metric_rules:
+ # - selector: "*"
+ # metric_costs:
+ # library.googleapis.com/read_calls: 1
+ # - selector: google.example.library.v1.LibraryService.UpdateBook
+ # metric_costs:
+ # library.googleapis.com/write_calls: 2
+ # - selector: google.example.library.v1.LibraryService.DeleteBook
+ # metric_costs:
+ # library.googleapis.com/write_calls: 1
+ #
+ # Corresponding Metric definition:
+ #
+ # metrics:
+ # - name: library.googleapis.com/read_calls
+ # display_name: Read requests
+ # metric_kind: DELTA
+ # value_type: INT64
+ #
+ # - name: library.googleapis.com/write_calls
+ # display_name: Write requests
+ # metric_kind: DELTA
+ # value_type: INT64
+ #
+ "limits": [ # List of `QuotaLimit` definitions for the service.
+ { # `QuotaLimit` defines a specific limit that applies over a specified duration
+ # for a limit type. There can be at most one limit for a duration and limit
+ # type combination defined within a `QuotaGroup`.
+ "name": "A String", # Name of the quota limit.
+ #
+ # The name must be provided, and it must be unique within the service. The
+ # name can only include alphanumeric characters as well as '-'.
+ #
+ # The maximum length of the limit name is 64 characters.
+ "freeTier": "A String", # Free tier value displayed in the Developers Console for this limit.
+ # The free tier is the number of tokens that will be subtracted from the
+ # billed amount when billing is enabled.
+ # This field can only be set on a limit with duration "1d", in a billable
+ # group; it is invalid on any other limit. If this field is not set, it
+ # defaults to 0, indicating that there is no free tier for this service.
+ #
+ # Used by group-based quotas only.
+ "duration": "A String", # Duration of this limit in textual notation. Must be "100s" or "1d".
+ #
+ # Used by group-based quotas only.
+ "defaultLimit": "A String", # Default number of tokens that can be consumed during the specified
+ # duration. This is the number of tokens assigned when a client
+ # application developer activates the service for his/her project.
+ #
+ # Specifying a value of 0 will block all requests. This can be used if you
+ # are provisioning quota to selected consumers and blocking others.
+ # Similarly, a value of -1 will indicate an unlimited quota. No other
+ # negative values are allowed.
+ #
+ # Used by group-based quotas only.
+ "description": "A String", # Optional. User-visible, extended description for this quota limit.
+ # Should be used only when more context is needed to understand this limit
+ # than provided by the limit's display name (see: `display_name`).
+ "metric": "A String", # The name of the metric this quota limit applies to. The quota limits with
+ # the same metric will be checked together during runtime. The metric must be
+ # defined within the service config.
+ "displayName": "A String", # User-visible display name for this limit.
+ # Optional. If not set, the UI will provide a default display name based on
+ # the quota configuration. This field can be used to override the default
+ # display name generated from the configuration.
+ "values": { # Tiered limit values. You must specify this as a key:value pair, with an
+ # integer value that is the maximum number of requests allowed for the
+ # specified unit. Currently only STANDARD is supported.
+ "a_key": "A String",
+ },
+ "unit": "A String", # Specify the unit of the quota limit. It uses the same syntax as
+ # Metric.unit. The supported unit kinds are determined by the quota
+ # backend system.
+ #
+ # Here are some examples:
+ # * "1/min/{project}" for quota per minute per project.
+ #
+ # Note: the order of unit components is insignificant.
+ # The "1" at the beginning is required to follow the metric unit syntax.
+ "maxLimit": "A String", # Maximum number of tokens that can be consumed during the specified
+ # duration. Client application developers can override the default limit up
+ # to this maximum. If specified, this value cannot be set to a value less
+ # than the default limit. If not specified, it is set to the default limit.
+ #
+ # To allow clients to apply overrides with no upper bound, set this to -1,
+ # indicating unlimited maximum quota.
+ #
+ # Used by group-based quotas only.
+ },
+ ],
+ "metricRules": [ # List of `MetricRule` definitions, each one mapping a selected method to one
+ # or more metrics.
+ { # Bind API methods to metrics. Binding a method to a metric causes that
+ # metric's configured quota behaviors to apply to the method call.
+ "selector": "A String", # Selects the methods to which this rule applies.
+ #
+ # Refer to selector for syntax details.
+ "metricCosts": { # Metrics to update when the selected methods are called, and the associated
+ # cost applied to each metric.
+ #
+ # The key of the map is the metric name, and the values are the amount
+ # increased for the metric against which the quota limits are defined.
+ # The value must not be negative.
+ "a_key": "A String",
+ },
+ },
+ ],
+ },
+ "name": "A String", # The service name, which is a DNS-like logical identifier for the
+ # service, such as `calendar.googleapis.com`. The service name
+ # typically goes through DNS verification to make sure the owner
+ # of the service also owns the DNS name.
+ "billing": { # Billing related configuration of the service. # Billing configuration.
#
# The following example shows how to configure monitored resources and metrics
- # for billing:
+ # for billing, `consumer_destinations` is the only supported destination and
+ # the monitored resources need at least one label key
+ # `cloud.googleapis.com/location` to indicate the location of the billing
+ # usage, using different monitored resources between monitoring and billing is
+ # recommended so they can be evolved independently:
+ #
#
# monitored_resources:
- # - type: library.googleapis.com/branch
+ # - type: library.googleapis.com/billing_branch
# labels:
- # - key: /city
- # description: The city where the library branch is located in.
- # - key: /name
- # description: The name of the branch.
+ # - key: cloud.googleapis.com/location
+ # description: |
+ # Predefined label to support billing location restriction.
+ # - key: city
+ # description: |
+ # Custom label to define the city where the library branch is located
+ # in.
+ # - key: name
+ # description: Custom label to define the name of the library branch.
# metrics:
# - name: library.googleapis.com/book/borrowed_count
# metric_kind: DELTA
# value_type: INT64
+ # unit: "1"
# billing:
# consumer_destinations:
- # - monitored_resource: library.googleapis.com/branch
+ # - monitored_resource: library.googleapis.com/billing_branch
# metrics:
# - library.googleapis.com/book/borrowed_count
- "consumerDestinations": [ # Billing configurations for sending metrics to the consumer project.
+ "consumerDestinations": [ # Billing configurations for sending metrics to the consumer project.
# There can be multiple consumer destinations per service, each one must have
# a different monitored resource type. A metric can be used in at most
# one consumer destination.
{ # Configuration of a specific billing destination (Currently only support
# bill against consumer project).
- "metrics": [ # Names of the metrics to report to this billing destination.
- # Each name must be defined in Service.metrics section.
- "A String",
- ],
- "monitoredResource": "A String", # The monitored resource type. The type must be defined in
+ "monitoredResource": "A String", # The monitored resource type. The type must be defined in
# Service.monitored_resources section.
+ "metrics": [ # Names of the metrics to report to this billing destination.
+ # Each name must be defined in Service.metrics section.
+ "A String",
+ ],
},
],
},
- "title": "A String", # The product title for this service.
- "id": "A String", # A unique ID for a specific instance of this message, typically assigned
- # by the client for tracking purpose. Must be no longer than 63 characters
- # and only lower case letters, digits, '.', '_' and '-' are allowed. If
- # empty, the server may choose to generate one instead.
- "authentication": { # `Authentication` defines the authentication configuration for an API. # Auth configuration.
+ "customError": { # Customize service error responses. For example, list any service # Custom error configuration.
+ # specific protobuf types that can appear in error detail lists of
+ # error responses.
#
- # Example for an API targeted for external use:
+ # Example:
#
- # name: calendar.googleapis.com
- # authentication:
- # providers:
- # - id: google_calendar_auth
- # jwks_uri: https://www.googleapis.com/oauth2/v1/certs
- # issuer: https://securetoken.google.com
- # rules:
- # - selector: "*"
- # requirements:
- # provider_id: google_calendar_auth
- "rules": [ # A list of authentication rules that apply to individual API methods.
+ # custom_error:
+ # types:
+ # - google.foo.v1.CustomError
+ # - google.foo.v1.AnotherError
+ "rules": [ # The list of custom error rules that apply to individual API messages.
#
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # Authentication rules for the service.
- #
- # By default, if a method has any authentication requirements, every request
- # must include a valid credential matching one of the requirements.
- # It's an error to include more than one kind of credential in a single
- # request.
- #
- # If a method doesn't have any auth requirements, request credentials will be
- # ignored.
- "oauth": { # OAuth scopes are a way to define data and permissions on data. For example, # The requirements for OAuth credentials.
- # there are scopes defined for "Read-only access to Google Calendar" and
- # "Access to Cloud Platform". Users can consent to a scope for an application,
- # giving it permission to access that data on their behalf.
- #
- # OAuth scope specifications should be fairly coarse grained; a user will need
- # to see and understand the text description of what your scope means.
- #
- # In most cases: use one or at most two OAuth scopes for an entire family of
- # products. If your product has multiple APIs, you should probably be sharing
- # the OAuth scope across all of those APIs.
- #
- # When you need finer grained OAuth consent screens: talk with your product
- # management about how developers will use them in practice.
- #
- # Please note that even though each of the canonical scopes is enough for a
- # request to be accepted and passed to the backend, a request can still fail
- # due to the backend requiring additional scopes or permissions.
- "canonicalScopes": "A String", # The list of publicly documented OAuth scopes that are allowed access. An
- # OAuth token containing any of these scopes will be accepted.
- #
- # Example:
- #
- # canonical_scopes: https://www.googleapis.com/auth/calendar,
- # https://www.googleapis.com/auth/calendar.read
- },
- "requirements": [ # Requirements for additional authentication providers.
- { # User-defined authentication requirements, including support for
- # [JSON Web Token
- # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
- "providerId": "A String", # id from authentication provider.
- #
- # Example:
- #
- # provider_id: bookstore_auth
- "audiences": "A String", # NOTE: This will be deprecated soon, once AuthProvider.audiences is
- # implemented and accepted in all the runtime components.
- #
- # The list of JWT
- # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
- # that are allowed to access. A JWT containing any of these audiences will
- # be accepted. When this setting is absent, only JWTs with audience
- # "https://Service_name/API_name"
- # will be accepted. For example, if no audiences are in the setting,
- # LibraryService API will only accept JWTs with the following audience
- # "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
- #
- # Example:
- #
- # audiences: bookstore_android.apps.googleusercontent.com,
- # bookstore_web.apps.googleusercontent.com
- },
- ],
- "allowWithoutCredential": True or False, # If true, the service accepts API keys without any other credential.
- "selector": "A String", # Selects the methods to which this rule applies.
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # A custom error rule.
+ "isErrorType": True or False, # Mark this message as possible payload in error response. Otherwise,
+ # objects of this type will be filtered when they appear in error payload.
+ "selector": "A String", # Selects messages to which this rule applies.
#
# Refer to selector for syntax details.
},
],
- "providers": [ # Defines a set of authentication providers that a service supports.
- { # Configuration for an authentication provider, including support for
- # [JSON Web Token
- # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
- "jwtLocations": [ # Defines the locations to extract the JWT.
- #
- # JWT locations can be either from HTTP headers or URL query parameters.
- # The rule is that the first match wins. The checking order is: checking
- # all headers first, then URL query parameters.
- #
- # If not specified, default to use following 3 locations:
- # 1) Authorization: Bearer
- # 2) x-goog-iap-jwt-assertion
- # 3) access_token query parameter
- #
- # Default locations can be specified as followings:
- # jwt_locations:
- # - header: Authorization
- # value_prefix: "Bearer "
- # - header: x-goog-iap-jwt-assertion
- # - query: access_token
- { # Specifies a location to extract JWT from an API request.
- "query": "A String", # Specifies URL query parameter name to extract JWT token.
- "valuePrefix": "A String", # The value prefix. The value format is "value_prefix{token}"
- # Only applies to "in" header type. Must be empty for "in" query type.
- # If not empty, the header value has to match (case sensitive) this prefix.
- # If not matched, JWT will not be extracted. If matched, JWT will be
- # extracted after the prefix is removed.
- #
- # For example, for "Authorization: Bearer {JWT}",
- # value_prefix="Bearer " with a space at the end.
- "header": "A String", # Specifies HTTP header name to extract JWT token.
- },
- ],
- "audiences": "A String", # The list of JWT
- # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
- # that are allowed to access. A JWT containing any of these audiences will
- # be accepted. When this setting is absent, JWTs with audiences:
- # - "https://[service.name]/[google.protobuf.Api.name]"
- # - "https://[service.name]/"
- # will be accepted.
- # For example, if no audiences are in the setting, LibraryService API will
- # accept JWTs with the following audiences:
- # -
- # https://library-example.googleapis.com/google.example.library.v1.LibraryService
- # - https://library-example.googleapis.com/
- #
- # Example:
- #
- # audiences: bookstore_android.apps.googleusercontent.com,
- # bookstore_web.apps.googleusercontent.com
- "jwksUri": "A String", # URL of the provider's public key set to validate signature of the JWT. See
- # [OpenID
- # Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
- # Optional if the key set document:
- # - can be retrieved from
- # [OpenID
- # Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of
- # the issuer.
- # - can be inferred from the email domain of the issuer (e.g. a Google
- # service account).
- #
- # Example: https://www.googleapis.com/oauth2/v1/certs
- "id": "A String", # The unique identifier of the auth provider. It will be referred to by
- # `AuthRequirement.provider_id`.
- #
- # Example: "bookstore_auth".
- "authorizationUrl": "A String", # Redirect URL if JWT token is required but not present or is expired.
- # Implement authorizationUrl of securityDefinitions in OpenAPI spec.
- "issuer": "A String", # Identifies the principal that issued the JWT. See
- # https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
- # Usually a URL or an email address.
- #
- # Example: https://securetoken.google.com
- # Example: 1234567-compute@developer.gserviceaccount.com
- },
+ "types": [ # The list of custom error detail types, e.g. 'google.foo.v1.CustomError'.
+ "A String",
],
},
- "usage": { # Configuration controlling usage of a service. # Configuration controlling usage of this service.
- "rules": [ # A list of usage rules that apply to individual API methods.
+ "title": "A String", # The product title for this service.
+ "endpoints": [ # Configuration for network endpoints. If this is empty, then an endpoint
+ # with the same name as the service is automatically generated to service all
+ # defined APIs.
+ { # `Endpoint` describes a network endpoint that serves a set of APIs.
+ # A service may expose any number of endpoints, and all endpoints share the
+ # same service configuration, such as quota configuration and monitoring
+ # configuration.
#
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # Usage configuration rules for the service.
- #
- # NOTE: Under development.
- #
- #
- # Use this rule to configure unregistered calls for the service. Unregistered
- # calls are calls that do not contain consumer project identity.
- # (Example: calls that do not contain an API key).
- # By default, API methods do not allow unregistered calls, and each method call
- # must be identified by a consumer project identity. Use this rule to
- # allow/disallow unregistered calls.
- #
- # Example of an API that wants to allow unregistered calls for entire service.
- #
- # usage:
- # rules:
- # - selector: "*"
- # allow_unregistered_calls: true
- #
- # Example of a method that wants to allow unregistered calls.
- #
- # usage:
- # rules:
- # - selector: "google.example.library.v1.LibraryService.CreateBook"
- # allow_unregistered_calls: true
- "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
- # methods in all APIs.
- #
- # Refer to selector for syntax details.
- "skipServiceControl": True or False, # If true, the selected method should skip service control and the control
- # plane features, such as quota and billing, will not be available.
- # This flag is used by Google Cloud Endpoints to bypass checks for internal
- # methods, such as service health check methods.
- "allowUnregisteredCalls": True or False, # If true, the selected method allows unregistered calls, e.g. calls
- # that don't identify any user or application.
- },
- ],
- "serviceIdentity": { # The per-product per-project service identity for a service. # The configuration of a per-product per-project service identity.
+ # Example service configuration:
#
- #
- # Use this field to configure per-product per-project service identity.
- # Example of a service identity configuration.
- #
- # usage:
- # service_identity:
- # - service_account_parent: "projects/123456789"
- # display_name: "Cloud XXX Service Agent"
- # description: "Used as the identity of Cloud XXX to access resources"
- "displayName": "A String", # Optional. A user-specified name for the service account.
- # Must be less than or equal to 100 UTF-8 bytes.
- "description": "A String", # Optional. A user-specified opaque description of the service account.
- # Must be less than or equal to 256 UTF-8 bytes.
- "serviceAccountParent": "A String", # A service account project that hosts the service accounts.
+ # name: library-example.googleapis.com
+ # endpoints:
+ # # Below entry makes 'google.example.library.v1.Library'
+ # # API be served from endpoint address library-example.googleapis.com.
+ # # It also allows HTTP OPTIONS calls to be passed to the backend, for
+ # # it to decide whether the subsequent cross-origin request is
+ # # allowed to proceed.
+ # - name: library-example.googleapis.com
+ # allow_cors: true
+ "aliases": [ # DEPRECATED: This field is no longer supported. Instead of using aliases,
+ # please specify multiple google.api.Endpoint for each of the intended
+ # aliases.
#
- # An example name would be:
- # `projects/123456789`
+ # Additional names that this endpoint will be hosted on.
+ "A String",
+ ],
+ "features": [ # The list of features enabled on this endpoint.
+ "A String",
+ ],
+ "allowCors": True or False, # Allowing
+ # [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka
+ # cross-domain traffic, would allow the backends served from this endpoint to
+ # receive and respond to HTTP OPTIONS requests. The response will be used by
+ # the browser to determine whether the subsequent cross-origin request is
+ # allowed to proceed.
+ "name": "A String", # The canonical name of this endpoint.
+ "target": "A String", # The specification of an Internet routable address of API frontend that will
+ # handle requests to this [API
+ # Endpoint](https://cloud.google.com/apis/design/glossary). It should be
+ # either a valid IPv4 address or a fully-qualified domain name. For example,
+ # "8.8.8.8" or "myservice.appspot.com".
},
- "producerNotificationChannel": "A String", # The full resource name of a channel used for sending notifications to the
- # service producer.
+ ],
+ "logs": [ # Defines the logs used by this service.
+ { # A description of a log type. Example in YAML format:
#
- # Google Service Management currently only supports
- # [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification
- # channel. To use Google Cloud Pub/Sub as the channel, this must be the name
- # of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format
- # documented in https://cloud.google.com/pubsub/docs/overview.
- "requirements": [ # Requirements that must be satisfied before a consumer project can use the
- # service. Each requirement is of the form <service.name>/<requirement-id>;
- # for example 'serviceusage.googleapis.com/billing-enabled'.
- "A String",
+ # - name: library.googleapis.com/activity_history
+ # description: The history of borrowing and returning library items.
+ # display_name: Activity
+ # labels:
+ # - key: /customer_id
+ # description: Identifier of a library customer
+ "labels": [ # The set of labels that are available to describe a specific log entry.
+ # Runtime requests that contain labels not specified here are
+ # considered invalid.
+ { # A description of a label.
+ "key": "A String", # The label key.
+ "description": "A String", # A human-readable description for the label.
+ "valueType": "A String", # The type of data that can be assigned to the label.
+ },
+ ],
+ "name": "A String", # The name of the log. It must be less than 512 characters long and can
+ # include the following characters: upper- and lower-case alphanumeric
+ # characters [A-Za-z0-9], and punctuation characters including
+ # slash, underscore, hyphen, period [/_-.].
+ "description": "A String", # A human-readable description of this log. This information appears in
+ # the documentation and can contain details.
+ "displayName": "A String", # The human-readable name for this log. This information appears on
+ # the user interface and should be concise.
+ },
+ ],
+ "apis": [ # A list of API interfaces exported by this service. Only the `name` field
+ # of the google.protobuf.Api needs to be provided by the configuration
+ # author, as the remaining fields will be derived from the IDL during the
+ # normalization process. It is an error to specify an API interface here
+ # which cannot be resolved against the associated IDL files.
+ { # Api is a light-weight descriptor for an API Interface.
+ #
+ # Interfaces are also described as "protocol buffer services" in some contexts,
+ # such as by the "service" keyword in a .proto file, but they are different
+ # from API Services, which represent a concrete implementation of an interface
+ # as opposed to simply a description of methods and bindings. They are also
+ # sometimes simply referred to as "APIs" in other contexts, such as the name of
+ # this message itself. See https://cloud.google.com/apis/design/glossary for
+ # detailed terminology.
+ "options": [ # Any metadata attached to the interface.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "methods": [ # The methods of this interface, in unspecified order.
+ { # Method represents a method of an API interface.
+ "responseTypeUrl": "A String", # The URL of the output message type.
+ "options": [ # Any metadata attached to the method.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "responseStreaming": True or False, # If true, the response is streamed.
+ "name": "A String", # The simple name of this method.
+ "requestTypeUrl": "A String", # A URL of the input message type.
+ "requestStreaming": True or False, # If true, the request is streamed.
+ "syntax": "A String", # The source syntax of this method.
+ },
+ ],
+ "name": "A String", # The fully qualified name of this interface, including package name
+ # followed by the interface's simple name.
+ "sourceContext": { # `SourceContext` represents information about the source of a # Source context for the protocol buffer service represented by this
+ # message.
+ # protobuf element, like the file in which it is defined.
+ "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
+ # protobuf element. For example: `"google/protobuf/source_context.proto"`.
+ },
+ "syntax": "A String", # The source syntax of the service.
+ "version": "A String", # A version string for this interface. If specified, must have the form
+ # `major-version.minor-version`, as in `1.10`. If the minor version is
+ # omitted, it defaults to zero. If the entire version field is empty, the
+ # major version is derived from the package name, as outlined below. If the
+ # field is not empty, the version in the package name will be verified to be
+ # consistent with what is provided here.
+ #
+ # The versioning schema uses [semantic
+ # versioning](http://semver.org) where the major version number
+ # indicates a breaking change and the minor version an additive,
+ # non-breaking change. Both version numbers are signals to users
+ # what to expect from different versions, and should be carefully
+ # chosen based on the product plan.
+ #
+ # The major version is also reflected in the package name of the
+ # interface, which must end in `v<major-version>`, as in
+ # `google.feature.v1`. For major versions 0 and 1, the suffix can
+ # be omitted. Zero major versions must only be used for
+ # experimental, non-GA interfaces.
+ "mixins": [ # Included interfaces. See Mixin.
+ { # Declares an API Interface to be included in this interface. The including
+ # interface must redeclare all the methods from the included interface, but
+ # documentation and options are inherited as follows:
+ #
+ # - If after comment and whitespace stripping, the documentation
+ # string of the redeclared method is empty, it will be inherited
+ # from the original method.
+ #
+ # - Each annotation belonging to the service config (http,
+ # visibility) which is not set in the redeclared method will be
+ # inherited.
+ #
+ # - If an http annotation is inherited, the path pattern will be
+ # modified as follows. Any version prefix will be replaced by the
+ # version of the including interface plus the root path if
+ # specified.
+ #
+ # Example of a simple mixin:
+ #
+ # package google.acl.v1;
+ # service AccessControl {
+ # // Get the underlying ACL object.
+ # rpc GetAcl(GetAclRequest) returns (Acl) {
+ # option (google.api.http).get = "/v1/{resource=**}:getAcl";
+ # }
+ # }
+ #
+ # package google.storage.v2;
+ # service Storage {
+ # // rpc GetAcl(GetAclRequest) returns (Acl);
+ #
+ # // Get a data record.
+ # rpc GetData(GetDataRequest) returns (Data) {
+ # option (google.api.http).get = "/v2/{resource=**}";
+ # }
+ # }
+ #
+ # Example of a mixin configuration:
+ #
+ # apis:
+ # - name: google.storage.v2.Storage
+ # mixins:
+ # - name: google.acl.v1.AccessControl
+ #
+ # The mixin construct implies that all methods in `AccessControl` are
+ # also declared with same name and request/response types in
+ # `Storage`. A documentation generator or annotation processor will
+ # see the effective `Storage.GetAcl` method after inherting
+ # documentation and annotations as follows:
+ #
+ # service Storage {
+ # // Get the underlying ACL object.
+ # rpc GetAcl(GetAclRequest) returns (Acl) {
+ # option (google.api.http).get = "/v2/{resource=**}:getAcl";
+ # }
+ # ...
+ # }
+ #
+ # Note how the version in the path pattern changed from `v1` to `v2`.
+ #
+ # If the `root` field in the mixin is specified, it should be a
+ # relative path under which inherited HTTP paths are placed. Example:
+ #
+ # apis:
+ # - name: google.storage.v2.Storage
+ # mixins:
+ # - name: google.acl.v1.AccessControl
+ # root: acls
+ #
+ # This implies the following inherited HTTP annotation:
+ #
+ # service Storage {
+ # // Get the underlying ACL object.
+ # rpc GetAcl(GetAclRequest) returns (Acl) {
+ # option (google.api.http).get = "/v2/acls/{resource=**}:getAcl";
+ # }
+ # ...
+ # }
+ "name": "A String", # The fully qualified name of the interface which is included.
+ "root": "A String", # If non-empty specifies a path under which inherited HTTP paths
+ # are rooted.
+ },
+ ],
+ },
+ ],
+ "types": [ # A list of all proto message types included in this API service.
+ # Types referenced directly or indirectly by the `apis` are
+ # automatically included. Messages which are not referenced but
+ # shall be included, such as types used by the `google.protobuf.Any` type,
+ # should be listed here by name. Example:
+ #
+ # types:
+ # - name: google.protobuf.Int32
+ { # A protocol buffer message type.
+ "options": [ # The protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "fields": [ # The list of fields.
+ { # A single field of a message type.
+ "defaultValue": "A String", # The string value of the default value of this field. Proto2 syntax only.
+ "name": "A String", # The field name.
+ "typeUrl": "A String", # The field type URL, without the scheme, for message or enumeration
+ # types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
+ "number": 42, # The field number.
+ "kind": "A String", # The field type.
+ "jsonName": "A String", # The field JSON name.
+ "options": [ # The protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "oneofIndex": 42, # The index of the field type in `Type.oneofs`, for message or enumeration
+ # types. The first type has index 1; zero means the type is not in the list.
+ "packed": True or False, # Whether to use alternative packed wire representation.
+ "cardinality": "A String", # The field cardinality.
+ },
+ ],
+ "name": "A String", # The fully qualified message name.
+ "oneofs": [ # The list of types appearing in `oneof` definitions in this type.
+ "A String",
+ ],
+ "syntax": "A String", # The source syntax.
+ "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
+ # protobuf element, like the file in which it is defined.
+ "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
+ # protobuf element. For example: `"google/protobuf/source_context.proto"`.
+ },
+ },
+ ],
+ "sourceInfo": { # Source information used to create a Service Config # Output only. The source information for this configuration if available.
+ "sourceFiles": [ # All files used during config generation.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
],
},
- "configVersion": 42, # The semantic version of the service configuration. The config version
- # affects the interpretation of the service configuration. For example,
- # certain features are enabled by default for certain config versions.
- #
- # The latest config version is `3`.
- "producerProjectId": "A String", # The Google project that owns this service.
- "http": { # Defines the HTTP configuration for an API service. It contains a list of # HTTP configuration.
+ "http": { # Defines the HTTP configuration for an API service. It contains a list of # HTTP configuration.
# HttpRule, each specifying the mapping of an RPC method
# to one or more HTTP REST API methods.
- "rules": [ # A list of HTTP configuration rules that apply to individual API methods.
+ "fullyDecodeReservedExpansion": True or False, # When set to true, URL path parameters will be fully URI-decoded except in
+ # cases of single segment matches in reserved expansion, where "%2F" will be
+ # left encoded.
#
- # **NOTE:** All service configuration rules follow "last one wins" order.
+ # The default behavior is to not decode RFC 6570 reserved characters in multi
+ # segment matches.
+ "rules": [ # A list of HTTP configuration rules that apply to individual API methods.
+ #
+ # **NOTE:** All service configuration rules follow "last one wins" order.
{ # # gRPC Transcoding
#
# gRPC Transcoding is a feature for mapping between a gRPC method and one or
@@ -1219,7 +1297,7 @@
# service Messaging {
# rpc GetMessage(GetMessageRequest) returns (Message) {
# option (google.api.http) = {
- # get: "/v1/{name=messages/*}"
+ # get: "/v1/{name=messages/*}"
# };
# }
# }
@@ -1234,7 +1312,7 @@
#
# HTTP | gRPC
# -----|-----
- # `GET /v1/messages/123456` | `GetMessage(name: "messages/123456")`
+ # `GET /v1/messages/123456` | `GetMessage(name: "messages/123456")`
#
# Any fields in the request message which are not bound by the path template
# automatically become HTTP query parameters if there is no HTTP request body.
@@ -1243,7 +1321,7 @@
# service Messaging {
# rpc GetMessage(GetMessageRequest) returns (Message) {
# option (google.api.http) = {
- # get:"/v1/messages/{message_id}"
+ # get:"/v1/messages/{message_id}"
# };
# }
# }
@@ -1261,8 +1339,8 @@
# HTTP | gRPC
# -----|-----
# `GET /v1/messages/123456?revision=2&sub.subfield=foo` |
- # `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield:
- # "foo"))`
+ # `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield:
+ # "foo"))`
#
# Note that fields which are mapped to URL query parameters must have a
# primitive type or a repeated primitive type or a non-repeated message type.
@@ -1278,8 +1356,8 @@
# service Messaging {
# rpc UpdateMessage(UpdateMessageRequest) returns (Message) {
# option (google.api.http) = {
- # patch: "/v1/messages/{message_id}"
- # body: "message"
+ # patch: "/v1/messages/{message_id}"
+ # body: "message"
# };
# }
# }
@@ -1294,8 +1372,8 @@
#
# HTTP | gRPC
# -----|-----
- # `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
- # "123456" message { text: "Hi!" })`
+ # `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
+ # "123456" message { text: "Hi!" })`
#
# The special name `*` can be used in the body mapping to define that
# every field not bound by the path template should be mapped to the
@@ -1305,8 +1383,8 @@
# service Messaging {
# rpc UpdateMessage(Message) returns (Message) {
# option (google.api.http) = {
- # patch: "/v1/messages/{message_id}"
- # body: "*"
+ # patch: "/v1/messages/{message_id}"
+ # body: "*"
# };
# }
# }
@@ -1320,14 +1398,14 @@
#
# HTTP | gRPC
# -----|-----
- # `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
- # "123456" text: "Hi!")`
+ # `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
+ # "123456" text: "Hi!")`
#
# Note that when using `*` in the body mapping, it is not possible to
# have HTTP parameters, as all fields not bound by the path end in
# the body. This makes this option more rarely used in practice when
# defining REST APIs. The common usage of `*` is in custom methods
- # which don't use the URL at all for transferring data.
+ # which don't use the URL at all for transferring data.
#
# It is possible to define multiple HTTP methods for one RPC by using
# the `additional_bindings` option. Example:
@@ -1335,9 +1413,9 @@
# service Messaging {
# rpc GetMessage(GetMessageRequest) returns (Message) {
# option (google.api.http) = {
- # get: "/v1/messages/{message_id}"
+ # get: "/v1/messages/{message_id}"
# additional_bindings {
- # get: "/v1/users/{user_id}/messages/{message_id}"
+ # get: "/v1/users/{user_id}/messages/{message_id}"
# }
# };
# }
@@ -1351,9 +1429,9 @@
#
# HTTP | gRPC
# -----|-----
- # `GET /v1/messages/123456` | `GetMessage(message_id: "123456")`
- # `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id:
- # "123456")`
+ # `GET /v1/messages/123456` | `GetMessage(message_id: "123456")`
+ # `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id:
+ # "123456")`
#
# ## Rules for HTTP mapping
#
@@ -1366,19 +1444,19 @@
# parameter name is the field path in the request message. A repeated
# field can be represented as multiple query parameters under the same
# name.
- # 2. If HttpRule.body is "*", there is no URL query parameter, all fields
+ # 2. If HttpRule.body is "*", there is no URL query parameter, all fields
# are passed via URL path and HTTP request body.
# 3. If HttpRule.body is omitted, there is no HTTP request body, all
# fields are passed via URL path and URL query parameters.
#
# ### Path template syntax
#
- # Template = "/" Segments [ Verb ] ;
- # Segments = Segment { "/" Segment } ;
- # Segment = "*" | "**" | LITERAL | Variable ;
- # Variable = "{" FieldPath [ "=" Segments ] "}" ;
- # FieldPath = IDENT { "." IDENT } ;
- # Verb = ":" LITERAL ;
+ # Template = "/" Segments [ Verb ] ;
+ # Segments = Segment { "/" Segment } ;
+ # Segment = "*" | "**" | LITERAL | Variable ;
+ # Variable = "{" FieldPath [ "=" Segments ] "}" ;
+ # FieldPath = IDENT { "." IDENT } ;
+ # Verb = ":" LITERAL ;
#
# The syntax `*` matches a single URL path segment. The syntax `**` matches
# zero or more URL path segments, which must be the last part of the URL path
@@ -1393,18 +1471,18 @@
# contains any reserved character, such characters should be percent-encoded
# before the matching.
#
- # If a variable contains exactly one path segment, such as `"{var}"` or
- # `"{var=*}"`, when such a variable is expanded into a URL path on the client
+ # If a variable contains exactly one path segment, such as `"{var}"` or
+ # `"{var=*}"`, when such a variable is expanded into a URL path on the client
# side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The
# server side does the reverse decoding. Such variables show up in the
# [Discovery
# Document](https://developers.google.com/discovery/v1/reference/apis) as
# `{var}`.
#
- # If a variable contains multiple path segments, such as `"{var=foo/*}"`
- # or `"{var=**}"`, when such a variable is expanded into a URL path on the
+ # If a variable contains multiple path segments, such as `"{var=foo/*}"`
+ # or `"{var=**}"`, when such a variable is expanded into a URL path on the
# client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded.
- # The server side does the reverse decoding, except "%2F" and "%2f" are left
+ # The server side does the reverse decoding, except "%2F" and "%2f" are left
# unchanged. Such variables show up in the
# [Discovery
# Document](https://developers.google.com/discovery/v1/reference/apis) as
@@ -1450,8 +1528,8 @@
# The path variables **must not** refer to any repeated or mapped field,
# because client libraries are not capable of handling such variable expansion.
#
- # The path variables **must not** capture the leading "/" character. The reason
- # is that the most common use case "{var}" does not capture the leading "/"
+ # The path variables **must not** capture the leading "/" character. The reason
+ # is that the most common use case "{var}" does not capture the leading "/"
# character. For consistency, all path variables must share the same behavior.
#
# Repeated message fields must not be mapped to URL query parameters, because
@@ -1460,429 +1538,644 @@
# If an API needs to use a JSON array for request or response body, it can map
# the request or response body to a repeated field. However, some gRPC
# Transcoding implementations may not support this feature.
- "body": "A String", # The name of the request field whose value is mapped to the HTTP request
- # body, or `*` for mapping all request fields not captured by the path
- # pattern to the HTTP body, or omitted for not having any HTTP request body.
- #
- # NOTE: the referred field must be present at the top-level of the request
- # message type.
- "get": "A String", # Maps to HTTP GET. Used for listing and getting information about
- # resources.
- "additionalBindings": [ # Additional HTTP bindings for the selector. Nested bindings must
+ "delete": "A String", # Maps to HTTP DELETE. Used for deleting a resource.
+ "additionalBindings": [ # Additional HTTP bindings for the selector. Nested bindings must
# not contain an `additional_bindings` field themselves (that is,
# the nesting may only be one level deep).
# Object with schema name: HttpRule
],
- "selector": "A String", # Selects a method to which this rule applies.
- #
- # Refer to selector for syntax details.
- "responseBody": "A String", # Optional. The name of the response field whose value is mapped to the HTTP
+ "responseBody": "A String", # Optional. The name of the response field whose value is mapped to the HTTP
# response body. When omitted, the entire response message will be used
# as the HTTP response body.
#
# NOTE: The referred field must be present at the top-level of the response
# message type.
- "allowHalfDuplex": True or False, # When this flag is set to true, HTTP requests will be allowed to invoke a
- # half-duplex streaming method.
- "put": "A String", # Maps to HTTP PUT. Used for replacing a resource.
- "patch": "A String", # Maps to HTTP PATCH. Used for updating a resource.
- "post": "A String", # Maps to HTTP POST. Used for creating a resource or performing an action.
- "custom": { # A custom pattern is used for defining custom HTTP verb. # The custom pattern is used for specifying an HTTP method that is not
- # included in the `pattern` field, such as HEAD, or "*" to leave the
+ "body": "A String", # The name of the request field whose value is mapped to the HTTP request
+ # body, or `*` for mapping all request fields not captured by the path
+ # pattern to the HTTP body, or omitted for not having any HTTP request body.
+ #
+ # NOTE: the referred field must be present at the top-level of the request
+ # message type.
+ "selector": "A String", # Selects a method to which this rule applies.
+ #
+ # Refer to selector for syntax details.
+ "post": "A String", # Maps to HTTP POST. Used for creating a resource or performing an action.
+ "custom": { # A custom pattern is used for defining custom HTTP verb. # The custom pattern is used for specifying an HTTP method that is not
+ # included in the `pattern` field, such as HEAD, or "*" to leave the
# HTTP method unspecified for this rule. The wild-card rule is useful
# for services that provide content to Web (HTML) clients.
- "path": "A String", # The path matched by this custom verb.
- "kind": "A String", # The name of this custom HTTP verb.
+ "kind": "A String", # The name of this custom HTTP verb.
+ "path": "A String", # The path matched by this custom verb.
},
- "delete": "A String", # Maps to HTTP DELETE. Used for deleting a resource.
+ "patch": "A String", # Maps to HTTP PATCH. Used for updating a resource.
+ "get": "A String", # Maps to HTTP GET. Used for listing and getting information about
+ # resources.
+ "allowHalfDuplex": True or False, # When this flag is set to true, HTTP requests will be allowed to invoke a
+ # half-duplex streaming method.
+ "put": "A String", # Maps to HTTP PUT. Used for replacing a resource.
},
],
- "fullyDecodeReservedExpansion": True or False, # When set to true, URL path parameters will be fully URI-decoded except in
- # cases of single segment matches in reserved expansion, where "%2F" will be
- # left encoded.
- #
- # The default behavior is to not decode RFC 6570 reserved characters in multi
- # segment matches.
},
- "apis": [ # A list of API interfaces exported by this service. Only the `name` field
- # of the google.protobuf.Api needs to be provided by the configuration
- # author, as the remaining fields will be derived from the IDL during the
- # normalization process. It is an error to specify an API interface here
- # which cannot be resolved against the associated IDL files.
- { # Api is a light-weight descriptor for an API Interface.
+ "systemParameters": { # ### System parameter configuration # System parameter configuration.
+ #
+ # A system parameter is a special kind of parameter defined by the API
+ # system, not by an individual API. It is typically mapped to an HTTP header
+ # and/or a URL query parameter. This configuration specifies which methods
+ # change the names of the system parameters.
+ "rules": [ # Define system parameters.
#
- # Interfaces are also described as "protocol buffer services" in some contexts,
- # such as by the "service" keyword in a .proto file, but they are different
- # from API Services, which represent a concrete implementation of an interface
- # as opposed to simply a description of methods and bindings. They are also
- # sometimes simply referred to as "APIs" in other contexts, such as the name of
- # this message itself. See https://cloud.google.com/apis/design/glossary for
- # detailed terminology.
- "name": "A String", # The fully qualified name of this interface, including package name
- # followed by the interface's simple name.
- "sourceContext": { # `SourceContext` represents information about the source of a # Source context for the protocol buffer service represented by this
- # message.
- # protobuf element, like the file in which it is defined.
- "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
- # protobuf element. For example: `"google/protobuf/source_context.proto"`.
- },
- "mixins": [ # Included interfaces. See Mixin.
- { # Declares an API Interface to be included in this interface. The including
- # interface must redeclare all the methods from the included interface, but
- # documentation and options are inherited as follows:
- #
- # - If after comment and whitespace stripping, the documentation
- # string of the redeclared method is empty, it will be inherited
- # from the original method.
- #
- # - Each annotation belonging to the service config (http,
- # visibility) which is not set in the redeclared method will be
- # inherited.
- #
- # - If an http annotation is inherited, the path pattern will be
- # modified as follows. Any version prefix will be replaced by the
- # version of the including interface plus the root path if
- # specified.
- #
- # Example of a simple mixin:
- #
- # package google.acl.v1;
- # service AccessControl {
- # // Get the underlying ACL object.
- # rpc GetAcl(GetAclRequest) returns (Acl) {
- # option (google.api.http).get = "/v1/{resource=**}:getAcl";
- # }
- # }
- #
- # package google.storage.v2;
- # service Storage {
- # // rpc GetAcl(GetAclRequest) returns (Acl);
- #
- # // Get a data record.
- # rpc GetData(GetDataRequest) returns (Data) {
- # option (google.api.http).get = "/v2/{resource=**}";
- # }
- # }
- #
- # Example of a mixin configuration:
- #
- # apis:
- # - name: google.storage.v2.Storage
- # mixins:
- # - name: google.acl.v1.AccessControl
- #
- # The mixin construct implies that all methods in `AccessControl` are
- # also declared with same name and request/response types in
- # `Storage`. A documentation generator or annotation processor will
- # see the effective `Storage.GetAcl` method after inherting
- # documentation and annotations as follows:
- #
- # service Storage {
- # // Get the underlying ACL object.
- # rpc GetAcl(GetAclRequest) returns (Acl) {
- # option (google.api.http).get = "/v2/{resource=**}:getAcl";
- # }
- # ...
- # }
- #
- # Note how the version in the path pattern changed from `v1` to `v2`.
- #
- # If the `root` field in the mixin is specified, it should be a
- # relative path under which inherited HTTP paths are placed. Example:
- #
- # apis:
- # - name: google.storage.v2.Storage
- # mixins:
- # - name: google.acl.v1.AccessControl
- # root: acls
- #
- # This implies the following inherited HTTP annotation:
- #
- # service Storage {
- # // Get the underlying ACL object.
- # rpc GetAcl(GetAclRequest) returns (Acl) {
- # option (google.api.http).get = "/v2/acls/{resource=**}:getAcl";
- # }
- # ...
- # }
- "root": "A String", # If non-empty specifies a path under which inherited HTTP paths
- # are rooted.
- "name": "A String", # The fully qualified name of the interface which is included.
- },
- ],
- "syntax": "A String", # The source syntax of the service.
- "version": "A String", # A version string for this interface. If specified, must have the form
- # `major-version.minor-version`, as in `1.10`. If the minor version is
- # omitted, it defaults to zero. If the entire version field is empty, the
- # major version is derived from the package name, as outlined below. If the
- # field is not empty, the version in the package name will be verified to be
- # consistent with what is provided here.
- #
- # The versioning schema uses [semantic
- # versioning](http://semver.org) where the major version number
- # indicates a breaking change and the minor version an additive,
- # non-breaking change. Both version numbers are signals to users
- # what to expect from different versions, and should be carefully
- # chosen based on the product plan.
- #
- # The major version is also reflected in the package name of the
- # interface, which must end in `v<major-version>`, as in
- # `google.feature.v1`. For major versions 0 and 1, the suffix can
- # be omitted. Zero major versions must only be used for
- # experimental, non-GA interfaces.
- "options": [ # Any metadata attached to the interface.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ # The parameters defined here will override the default parameters
+ # implemented by the system. If this field is missing from the service
+ # config, default system parameters will be used. Default system parameters
+ # and names is implementation-dependent.
+ #
+ # Example: define api key for all methods
+ #
+ # system_parameters
+ # rules:
+ # - selector: "*"
+ # parameters:
+ # - name: api_key
+ # url_query_parameter: api_key
+ #
+ #
+ # Example: define 2 api key names for a specific method.
+ #
+ # system_parameters
+ # rules:
+ # - selector: "/ListShelves"
+ # parameters:
+ # - name: api_key
+ # http_header: Api-Key1
+ # - name: api_key
+ # http_header: Api-Key2
+ #
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # Define a system parameter rule mapping system parameter definitions to
+ # methods.
+ "parameters": [ # Define parameters. Multiple names may be defined for a parameter.
+ # For a given method call, only one of them should be used. If multiple
+ # names are used the behavior is implementation-dependent.
+ # If none of the specified names are present the behavior is
+ # parameter-dependent.
+ { # Define a parameter's name and location. The parameter may be passed as either
+ # an HTTP header or a URL query parameter, and if both are passed the behavior
+ # is implementation-dependent.
+ "httpHeader": "A String", # Define the HTTP header name to use for the parameter. It is case
+ # insensitive.
+ "name": "A String", # Define the name of the parameter, such as "api_key" . It is case sensitive.
+ "urlQueryParameter": "A String", # Define the URL query parameter name to use for the parameter. It is case
+ # sensitive.
},
+ ],
+ "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
+ # methods in all APIs.
+ #
+ # Refer to selector for syntax details.
+ },
+ ],
+ },
+ "backend": { # `Backend` defines the backend configuration for a service. # API backend configuration.
+ "rules": [ # A list of API backend rules that apply to individual API methods.
+ #
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # A backend rule provides configuration for an individual API element.
+ "protocol": "A String", # The protocol used for sending a request to the backend.
+ # The supported values are "http/1.1" and "h2".
+ #
+ # The default value is inferred from the scheme in the
+ # address field:
+ #
+ # SCHEME PROTOCOL
+ # http:// http/1.1
+ # https:// http/1.1
+ # grpc:// h2
+ # grpcs:// h2
+ #
+ # For secure HTTP backends (https://) that support HTTP/2, set this field
+ # to "h2" for improved performance.
+ #
+ # Configuring this field to non-default values is only supported for secure
+ # HTTP backends. This field will be ignored for all other backends.
+ #
+ # See
+ # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+ # for more details on the supported values.
+ "selector": "A String", # Selects the methods to which this rule applies.
+ #
+ # Refer to selector for syntax details.
+ "operationDeadline": 3.14, # The number of seconds to wait for the completion of a long running
+ # operation. The default is no deadline.
+ "deadline": 3.14, # The number of seconds to wait for a response from a request. The default
+ # varies based on the request protocol and deployment environment.
+ "minDeadline": 3.14, # Minimum deadline in seconds needed for this method. Calls having deadline
+ # value lower than this will be rejected.
+ "address": "A String", # The address of the API backend.
+ #
+ # The scheme is used to determine the backend protocol and security.
+ # The following schemes are accepted:
+ #
+ # SCHEME PROTOCOL SECURITY
+ # http:// HTTP None
+ # https:// HTTP TLS
+ # grpc:// gRPC None
+ # grpcs:// gRPC TLS
+ #
+ # It is recommended to explicitly include a scheme. Leaving out the scheme
+ # may cause constrasting behaviors across platforms.
+ #
+ # If the port is unspecified, the default is:
+ # - 80 for schemes without TLS
+ # - 443 for schemes with TLS
+ #
+ # For HTTP backends, use protocol
+ # to specify the protocol version.
+ "pathTranslation": "A String",
+ "jwtAudience": "A String", # The JWT audience is used when generating a JWT ID token for the backend.
+ # This ID token will be added in the HTTP "authorization" header, and sent
+ # to the backend.
+ "disableAuth": True or False, # When disable_auth is true, a JWT ID token won't be generated and the
+ # original "Authorization" HTTP header will be preserved. If the header is
+ # used to carry the original token and is expected by the backend, this
+ # field must be set to true to preserve the header.
+ "renameTo": "A String", # Unimplemented. Do not use.
+ #
+ # The new name the selected proto elements should be renamed to.
+ #
+ # The package, the service and the method can all be renamed.
+ # The backend server should implement the renamed proto. However, clients
+ # should call the original method, and ESF routes the traffic to the renamed
+ # method.
+ #
+ # HTTP clients should call the URL mapped to the original method.
+ # gRPC and Stubby clients should call the original method with package name.
+ #
+ # For legacy reasons, ESF allows Stubby clients to call with the
+ # short name (without the package name). However, for API Versioning(or
+ # multiple methods mapped to the same short name), all Stubby clients must
+ # call the method's full name with the package name, otherwise the first one
+ # (selector) wins.
+ #
+ # If this `rename_to` is specified with a trailing `*`, the `selector` must
+ # be specified with a trailing `*` as well. The all element short names
+ # matched by the `*` in the selector will be kept in the `rename_to`.
+ #
+ # For example,
+ # rename_rules:
+ # - selector: |-
+ # google.example.library.v1.*
+ # rename_to: google.example.library.*
+ #
+ # The selector matches `google.example.library.v1.Library.CreateShelf` and
+ # `google.example.library.v1.Library.CreateBook`, they will be renamed to
+ # `google.example.library.Library.CreateShelf` and
+ # `google.example.library.Library.CreateBook`. It essentially renames the
+ # proto package name section of the matched proto service and methods.
+ },
+ ],
+ },
+ "documentation": { # `Documentation` provides the information for describing a service. # Additional API documentation.
+ #
+ # Example:
+ # <pre><code>documentation:
+ # summary: >
+ # The Google Calendar API gives access
+ # to most calendar features.
+ # pages:
+ # - name: Overview
+ # content: &#40;== include google/foo/overview.md ==&#41;
+ # - name: Tutorial
+ # content: &#40;== include google/foo/tutorial.md ==&#41;
+ # subpages;
+ # - name: Java
+ # content: &#40;== include google/foo/tutorial_java.md ==&#41;
+ # rules:
+ # - selector: google.calendar.Calendar.Get
+ # description: >
+ # ...
+ # - selector: google.calendar.Calendar.Put
+ # description: >
+ # ...
+ # </code></pre>
+ # Documentation is provided in markdown syntax. In addition to
+ # standard markdown features, definition lists, tables and fenced
+ # code blocks are supported. Section headers can be provided and are
+ # interpreted relative to the section nesting of the context where
+ # a documentation fragment is embedded.
+ #
+ # Documentation from the IDL is merged with documentation defined
+ # via the config at normalization time, where documentation provided
+ # by config rules overrides IDL provided.
+ #
+ # A number of constructs specific to the API platform are supported
+ # in documentation text.
+ #
+ # In order to reference a proto element, the following
+ # notation can be used:
+ # <pre><code>&#91;fully.qualified.proto.name]&#91;]</code></pre>
+ # To override the display text used for the link, this can be used:
+ # <pre><code>&#91;display text]&#91;fully.qualified.proto.name]</code></pre>
+ # Text can be excluded from doc using the following notation:
+ # <pre><code>&#40;-- internal comment --&#41;</code></pre>
+ #
+ # A few directives are available in documentation. Note that
+ # directives must appear on a single line to be properly
+ # identified. The `include` directive includes a markdown file from
+ # an external source:
+ # <pre><code>&#40;== include path/to/file ==&#41;</code></pre>
+ # The `resource_for` directive marks a message to be the resource of
+ # a collection in REST view. If it is not specified, tools attempt
+ # to infer the resource from the operations in a collection:
+ # <pre><code>&#40;== resource_for v1.shelves.books ==&#41;</code></pre>
+ # The directive `suppress_warning` does not directly affect documentation
+ # and is documented together with service config validation.
+ "documentationRootUrl": "A String", # The URL to the root of documentation.
+ "rules": [ # A list of documentation rules that apply to individual API elements.
+ #
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # A documentation rule provides information about individual API elements.
+ "deprecationDescription": "A String", # Deprecation description of the selected element(s). It can be provided if
+ # an element is marked as `deprecated`.
+ "selector": "A String", # The selector is a comma-separated list of patterns. Each pattern is a
+ # qualified name of the element which may end in "*", indicating a wildcard.
+ # Wildcards are only allowed at the end and for a whole component of the
+ # qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A
+ # wildcard will match one or more components. To specify a default for all
+ # applicable elements, the whole pattern "*" is used.
+ "description": "A String", # Description of the selected API(s).
+ },
+ ],
+ "summary": "A String", # A short summary of what the service does. Can only be provided by
+ # plain text.
+ "overview": "A String", # Declares a single overview page. For example:
+ # <pre><code>documentation:
+ # summary: ...
+ # overview: &#40;== include overview.md ==&#41;
+ # </code></pre>
+ # This is a shortcut for the following declaration (using pages style):
+ # <pre><code>documentation:
+ # summary: ...
+ # pages:
+ # - name: Overview
+ # content: &#40;== include overview.md ==&#41;
+ # </code></pre>
+ # Note: you cannot specify both `overview` field and `pages` field.
+ "pages": [ # The top level pages for the documentation set.
+ { # Represents a documentation page. A page can contain subpages to represent
+ # nested documentation set structure.
+ "name": "A String", # The name of the page. It will be used as an identity of the page to
+ # generate URI of the page, text of the link to this page in navigation,
+ # etc. The full page name (start from the root page name to this page
+ # concatenated with `.`) can be used as reference to the page in your
+ # documentation. For example:
+ # <pre><code>pages:
+ # - name: Tutorial
+ # content: &#40;== include tutorial.md ==&#41;
+ # subpages:
+ # - name: Java
+ # content: &#40;== include tutorial_java.md ==&#41;
+ # </code></pre>
+ # You can reference `Java` page using Markdown reference link syntax:
+ # `Java`.
+ "content": "A String", # The Markdown content of the page. You can use <code>&#40;== include {path}
+ # ==&#41;</code> to include content from a Markdown file.
+ "subpages": [ # Subpages of this page. The order of subpages specified here will be
+ # honored in the generated docset.
+ # Object with schema name: Page
+ ],
+ },
+ ],
+ "serviceRootUrl": "A String", # Specifies the service root url if the default one (the service name
+ # from the yaml file) is not suitable. This can be seen in any fully
+ # specified service urls as well as sections that show a base that other
+ # urls are relative to.
+ },
+ "logging": { # Logging configuration of the service. # Logging configuration.
+ #
+ # The following example shows how to configure logs to be sent to the
+ # producer and consumer projects. In the example, the `activity_history`
+ # log is sent to both the producer and consumer projects, whereas the
+ # `purchase_history` log is only sent to the producer project.
+ #
+ # monitored_resources:
+ # - type: library.googleapis.com/branch
+ # labels:
+ # - key: /city
+ # description: The city where the library branch is located in.
+ # - key: /name
+ # description: The name of the branch.
+ # logs:
+ # - name: activity_history
+ # labels:
+ # - key: /customer_id
+ # - name: purchase_history
+ # logging:
+ # producer_destinations:
+ # - monitored_resource: library.googleapis.com/branch
+ # logs:
+ # - activity_history
+ # - purchase_history
+ # consumer_destinations:
+ # - monitored_resource: library.googleapis.com/branch
+ # logs:
+ # - activity_history
+ "producerDestinations": [ # Logging configurations for sending logs to the producer project.
+ # There can be multiple producer destinations, each one must have a
+ # different monitored resource type. A log can be used in at most
+ # one producer destination.
+ { # Configuration of a specific logging destination (the producer project
+ # or the consumer project).
+ "logs": [ # Names of the logs to be sent to this destination. Each name must
+ # be defined in the Service.logs section. If the log name is
+ # not a domain scoped name, it will be automatically prefixed with
+ # the service name followed by "/".
+ "A String",
+ ],
+ "monitoredResource": "A String", # The monitored resource type. The type must be defined in the
+ # Service.monitored_resources section.
+ },
+ ],
+ "consumerDestinations": [ # Logging configurations for sending logs to the consumer project.
+ # There can be multiple consumer destinations, each one must have a
+ # different monitored resource type. A log can be used in at most
+ # one consumer destination.
+ { # Configuration of a specific logging destination (the producer project
+ # or the consumer project).
+ "logs": [ # Names of the logs to be sent to this destination. Each name must
+ # be defined in the Service.logs section. If the log name is
+ # not a domain scoped name, it will be automatically prefixed with
+ # the service name followed by "/".
+ "A String",
+ ],
+ "monitoredResource": "A String", # The monitored resource type. The type must be defined in the
+ # Service.monitored_resources section.
+ },
+ ],
+ },
+ "monitoredResources": [ # Defines the monitored resources used by this service. This is required
+ # by the Service.monitoring and Service.logging configurations.
+ { # An object that describes the schema of a MonitoredResource object using a
+ # type name and a set of labels. For example, the monitored resource
+ # descriptor for Google Compute Engine VM instances has a type of
+ # `"gce_instance"` and specifies the use of the labels `"instance_id"` and
+ # `"zone"` to identify particular VM instances.
+ #
+ # Different APIs can support different monitored resource types. APIs generally
+ # provide a `list` method that returns the monitored resource descriptors used
+ # by the API.
+ "displayName": "A String", # Optional. A concise name for the monitored resource type that might be
+ # displayed in user interfaces. It should be a Title Cased Noun Phrase,
+ # without any article or other determiners. For example,
+ # `"Google Cloud SQL Database"`.
+ "description": "A String", # Optional. A detailed description of the monitored resource type that might
+ # be used in documentation.
+ "launchStage": "A String", # Optional. The launch stage of the monitored resource definition.
+ "labels": [ # Required. A set of labels used to describe instances of this monitored
+ # resource type. For example, an individual Google Cloud SQL database is
+ # identified by values for the labels `"database_id"` and `"zone"`.
+ { # A description of a label.
+ "key": "A String", # The label key.
+ "description": "A String", # A human-readable description for the label.
+ "valueType": "A String", # The type of data that can be assigned to the label.
},
],
- "methods": [ # The methods of this interface, in unspecified order.
- { # Method represents a method of an API interface.
- "name": "A String", # The simple name of this method.
- "requestStreaming": True or False, # If true, the request is streamed.
- "responseTypeUrl": "A String", # The URL of the output message type.
- "requestTypeUrl": "A String", # A URL of the input message type.
- "responseStreaming": True or False, # If true, the response is streamed.
- "syntax": "A String", # The source syntax of this method.
- "options": [ # Any metadata attached to the method.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- },
- ],
+ "name": "A String", # Optional. The resource name of the monitored resource descriptor:
+ # `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where
+ # {type} is the value of the `type` field in this object and
+ # {project_id} is a project ID that provides API-specific context for
+ # accessing the type. APIs that do not use project information can use the
+ # resource name format `"monitoredResourceDescriptors/{type}"`.
+ "type": "A String", # Required. The monitored resource type. For example, the type
+ # `"cloudsql_database"` represents databases in Google Cloud SQL.
+ # The maximum length of this value is 256 characters.
},
],
- "customError": { # Customize service error responses. For example, list any service # Custom error configuration.
- # specific protobuf types that can appear in error detail lists of
- # error responses.
+ "context": { # `Context` defines which contexts an API requests. # Context configuration.
#
# Example:
#
- # custom_error:
- # types:
- # - google.foo.v1.CustomError
- # - google.foo.v1.AnotherError
- "rules": [ # The list of custom error rules that apply to individual API messages.
+ # context:
+ # rules:
+ # - selector: "*"
+ # requested:
+ # - google.rpc.context.ProjectContext
+ # - google.rpc.context.OriginContext
+ #
+ # The above specifies that all methods in the API request
+ # `google.rpc.context.ProjectContext` and
+ # `google.rpc.context.OriginContext`.
+ #
+ # Available context types are defined in package
+ # `google.rpc.context`.
+ #
+ # This also provides mechanism to whitelist any protobuf message extension that
+ # can be sent in grpc metadata using “x-goog-ext-<extension_id>-bin” and
+ # “x-goog-ext-<extension_id>-jspb” format. For example, list any service
+ # specific protobuf types that can appear in grpc metadata as follows in your
+ # yaml file:
+ #
+ # Example:
+ #
+ # context:
+ # rules:
+ # - selector: "google.example.library.v1.LibraryService.CreateBook"
+ # allowed_request_extensions:
+ # - google.foo.v1.NewExtension
+ # allowed_response_extensions:
+ # - google.foo.v1.NewExtension
+ #
+ # You can also specify extension ID instead of fully qualified extension name
+ # here.
+ "rules": [ # A list of RPC context rules that apply to individual API methods.
#
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # A custom error rule.
- "isErrorType": True or False, # Mark this message as possible payload in error response. Otherwise,
- # objects of this type will be filtered when they appear in error payload.
- "selector": "A String", # Selects messages to which this rule applies.
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # A context rule provides information about the context for an individual API
+ # element.
+ "requested": [ # A list of full type names of requested contexts.
+ "A String",
+ ],
+ "allowedRequestExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
+ # side channel from client to backend.
+ "A String",
+ ],
+ "allowedResponseExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
+ # side channel from backend to client.
+ "A String",
+ ],
+ "selector": "A String", # Selects the methods to which this rule applies.
#
# Refer to selector for syntax details.
- },
- ],
- "types": [ # The list of custom error detail types, e.g. 'google.foo.v1.CustomError'.
- "A String",
- ],
- },
- "quota": { # Quota configuration helps to achieve fairness and budgeting in service # Quota configuration.
- # usage.
- #
- # The metric based quota configuration works this way:
- # - The service configuration defines a set of metrics.
- # - For API calls, the quota.metric_rules maps methods to metrics with
- # corresponding costs.
- # - The quota.limits defines limits on the metrics, which will be used for
- # quota checks at runtime.
- #
- # An example quota configuration in yaml format:
- #
- # quota:
- # limits:
- #
- # - name: apiWriteQpsPerProject
- # metric: library.googleapis.com/write_calls
- # unit: "1/min/{project}" # rate limit for consumer projects
- # values:
- # STANDARD: 10000
- #
- #
- # # The metric rules bind all methods to the read_calls metric,
- # # except for the UpdateBook and DeleteBook methods. These two methods
- # # are mapped to the write_calls metric, with the UpdateBook method
- # # consuming at twice rate as the DeleteBook method.
- # metric_rules:
- # - selector: "*"
- # metric_costs:
- # library.googleapis.com/read_calls: 1
- # - selector: google.example.library.v1.LibraryService.UpdateBook
- # metric_costs:
- # library.googleapis.com/write_calls: 2
- # - selector: google.example.library.v1.LibraryService.DeleteBook
- # metric_costs:
- # library.googleapis.com/write_calls: 1
- #
- # Corresponding Metric definition:
- #
- # metrics:
- # - name: library.googleapis.com/read_calls
- # display_name: Read requests
- # metric_kind: DELTA
- # value_type: INT64
- #
- # - name: library.googleapis.com/write_calls
- # display_name: Write requests
- # metric_kind: DELTA
- # value_type: INT64
- #
- "metricRules": [ # List of `MetricRule` definitions, each one mapping a selected method to one
- # or more metrics.
- { # Bind API methods to metrics. Binding a method to a metric causes that
- # metric's configured quota behaviors to apply to the method call.
- "metricCosts": { # Metrics to update when the selected methods are called, and the associated
- # cost applied to each metric.
- #
- # The key of the map is the metric name, and the values are the amount
- # increased for the metric against which the quota limits are defined.
- # The value must not be negative.
- "a_key": "A String",
- },
- "selector": "A String", # Selects the methods to which this rule applies.
- #
- # Refer to selector for syntax details.
- },
- ],
- "limits": [ # List of `QuotaLimit` definitions for the service.
- { # `QuotaLimit` defines a specific limit that applies over a specified duration
- # for a limit type. There can be at most one limit for a duration and limit
- # type combination defined within a `QuotaGroup`.
- "displayName": "A String", # User-visible display name for this limit.
- # Optional. If not set, the UI will provide a default display name based on
- # the quota configuration. This field can be used to override the default
- # display name generated from the configuration.
- "description": "A String", # Optional. User-visible, extended description for this quota limit.
- # Should be used only when more context is needed to understand this limit
- # than provided by the limit's display name (see: `display_name`).
- "defaultLimit": "A String", # Default number of tokens that can be consumed during the specified
- # duration. This is the number of tokens assigned when a client
- # application developer activates the service for his/her project.
- #
- # Specifying a value of 0 will block all requests. This can be used if you
- # are provisioning quota to selected consumers and blocking others.
- # Similarly, a value of -1 will indicate an unlimited quota. No other
- # negative values are allowed.
- #
- # Used by group-based quotas only.
- "metric": "A String", # The name of the metric this quota limit applies to. The quota limits with
- # the same metric will be checked together during runtime. The metric must be
- # defined within the service config.
- "values": { # Tiered limit values. You must specify this as a key:value pair, with an
- # integer value that is the maximum number of requests allowed for the
- # specified unit. Currently only STANDARD is supported.
- "a_key": "A String",
- },
- "maxLimit": "A String", # Maximum number of tokens that can be consumed during the specified
- # duration. Client application developers can override the default limit up
- # to this maximum. If specified, this value cannot be set to a value less
- # than the default limit. If not specified, it is set to the default limit.
- #
- # To allow clients to apply overrides with no upper bound, set this to -1,
- # indicating unlimited maximum quota.
- #
- # Used by group-based quotas only.
- "duration": "A String", # Duration of this limit in textual notation. Must be "100s" or "1d".
- #
- # Used by group-based quotas only.
- "freeTier": "A String", # Free tier value displayed in the Developers Console for this limit.
- # The free tier is the number of tokens that will be subtracted from the
- # billed amount when billing is enabled.
- # This field can only be set on a limit with duration "1d", in a billable
- # group; it is invalid on any other limit. If this field is not set, it
- # defaults to 0, indicating that there is no free tier for this service.
- #
- # Used by group-based quotas only.
- "unit": "A String", # Specify the unit of the quota limit. It uses the same syntax as
- # Metric.unit. The supported unit kinds are determined by the quota
- # backend system.
- #
- # Here are some examples:
- # * "1/min/{project}" for quota per minute per project.
- #
- # Note: the order of unit components is insignificant.
- # The "1" at the beginning is required to follow the metric unit syntax.
- "name": "A String", # Name of the quota limit.
- #
- # The name must be provided, and it must be unique within the service. The
- # name can only include alphanumeric characters as well as '-'.
- #
- # The maximum length of the limit name is 64 characters.
+ "provided": [ # A list of full type names of provided contexts.
+ "A String",
+ ],
},
],
},
- "metrics": [ # Defines the metrics used by this service.
+ "enums": [ # A list of all enum types included in this API service. Enums
+ # referenced directly or indirectly by the `apis` are automatically
+ # included. Enums which are not referenced but shall be included
+ # should be listed here by name. Example:
+ #
+ # enums:
+ # - name: google.someapi.v1.SomeEnum
+ { # Enum type definition.
+ "name": "A String", # Enum type name.
+ "enumvalue": [ # Enum value definitions.
+ { # Enum value definition.
+ "name": "A String", # Enum value name.
+ "options": [ # Protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "number": 42, # Enum value number.
+ },
+ ],
+ "options": [ # Protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ },
+ ],
+ "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
+ # protobuf element, like the file in which it is defined.
+ "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
+ # protobuf element. For example: `"google/protobuf/source_context.proto"`.
+ },
+ "syntax": "A String", # The source syntax.
+ },
+ ],
+ "id": "A String", # A unique ID for a specific instance of this message, typically assigned
+ # by the client for tracking purpose. Must be no longer than 63 characters
+ # and only lower case letters, digits, '.', '_' and '-' are allowed. If
+ # empty, the server may choose to generate one instead.
+ "usage": { # Configuration controlling usage of a service. # Configuration controlling usage of this service.
+ "producerNotificationChannel": "A String", # The full resource name of a channel used for sending notifications to the
+ # service producer.
+ #
+ # Google Service Management currently only supports
+ # [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification
+ # channel. To use Google Cloud Pub/Sub as the channel, this must be the name
+ # of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format
+ # documented in https://cloud.google.com/pubsub/docs/overview.
+ "rules": [ # A list of usage rules that apply to individual API methods.
+ #
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # Usage configuration rules for the service.
+ #
+ # NOTE: Under development.
+ #
+ #
+ # Use this rule to configure unregistered calls for the service. Unregistered
+ # calls are calls that do not contain consumer project identity.
+ # (Example: calls that do not contain an API key).
+ # By default, API methods do not allow unregistered calls, and each method call
+ # must be identified by a consumer project identity. Use this rule to
+ # allow/disallow unregistered calls.
+ #
+ # Example of an API that wants to allow unregistered calls for entire service.
+ #
+ # usage:
+ # rules:
+ # - selector: "*"
+ # allow_unregistered_calls: true
+ #
+ # Example of a method that wants to allow unregistered calls.
+ #
+ # usage:
+ # rules:
+ # - selector: "google.example.library.v1.LibraryService.CreateBook"
+ # allow_unregistered_calls: true
+ "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
+ # methods in all APIs.
+ #
+ # Refer to selector for syntax details.
+ "skipServiceControl": True or False, # If true, the selected method should skip service control and the control
+ # plane features, such as quota and billing, will not be available.
+ # This flag is used by Google Cloud Endpoints to bypass checks for internal
+ # methods, such as service health check methods.
+ "allowUnregisteredCalls": True or False, # If true, the selected method allows unregistered calls, e.g. calls
+ # that don't identify any user or application.
+ },
+ ],
+ "serviceIdentity": { # The per-product per-project service identity for a service. # The configuration of a per-product per-project service identity.
+ #
+ #
+ # Use this field to configure per-product per-project service identity.
+ # Example of a service identity configuration.
+ #
+ # usage:
+ # service_identity:
+ # - service_account_parent: "projects/123456789"
+ # display_name: "Cloud XXX Service Agent"
+ # description: "Used as the identity of Cloud XXX to access resources"
+ "serviceAccountParent": "A String", # A service account project that hosts the service accounts.
+ #
+ # An example name would be:
+ # `projects/123456789`
+ "displayName": "A String", # Optional. A user-specified name for the service account.
+ # Must be less than or equal to 100 UTF-8 bytes.
+ "description": "A String", # Optional. A user-specified opaque description of the service account.
+ # Must be less than or equal to 256 UTF-8 bytes.
+ },
+ "requirements": [ # Requirements that must be satisfied before a consumer project can use the
+ # service. Each requirement is of the form <service.name>/<requirement-id>;
+ # for example 'serviceusage.googleapis.com/billing-enabled'.
+ "A String",
+ ],
+ },
+ "metrics": [ # Defines the metrics used by this service.
{ # Defines a metric type and its schema. Once a metric descriptor is created,
- # deleting or altering it stops data collection and makes the metric type's
+ # deleting or altering it stops data collection and makes the metric type's
# existing data unusable.
- "displayName": "A String", # A concise name for the metric, which can be displayed in user interfaces.
- # Use sentence case without an ending period, for example "Request count".
- # This field is optional but it is recommended to be set for any metrics
- # associated with user-visible concepts, such as Quota.
- "description": "A String", # A detailed description of the metric, which can be used in documentation.
- "metricKind": "A String", # Whether the metric records instantaneous values, changes to a value, etc.
- # Some combinations of `metric_kind` and `value_type` might not be supported.
- "valueType": "A String", # Whether the measurement is an integer, a floating-point number, etc.
- # Some combinations of `metric_kind` and `value_type` might not be supported.
- "labels": [ # The set of labels that can be used to describe a specific
- # instance of this metric type. For example, the
- # `appengine.googleapis.com/http/server/response_latencies` metric
- # type has a label for the HTTP response code, `response_code`, so
- # you can look at latencies for successful responses or just
- # for responses that failed.
- { # A description of a label.
- "valueType": "A String", # The type of data that can be assigned to the label.
- "description": "A String", # A human-readable description for the label.
- "key": "A String", # The label key.
- },
- ],
- "launchStage": "A String", # Optional. The launch stage of the metric definition.
- "monitoredResourceTypes": [ # Read-only. If present, then a time
- # series, which is identified partially by
- # a metric type and a MonitoredResourceDescriptor, that is associated
- # with this metric type can only be associated with one of the monitored
- # resource types listed here.
- "A String",
- ],
- "metadata": { # Additional annotations that can be used to guide the usage of a metric. # Optional. Metadata which can be used to guide usage of the metric.
- "launchStage": "A String", # Deprecated. Must use the MetricDescriptor.launch_stage instead.
- "ingestDelay": "A String", # The delay of data points caused by ingestion. Data points older than this
- # age are guaranteed to be ingested and available to be read, excluding
- # data loss due to errors.
- "samplePeriod": "A String", # The sampling period of metric data points. For metrics which are written
- # periodically, consecutive data points are stored at this time interval,
- # excluding data loss due to errors. Metrics with a higher granularity have
- # a smaller sampling period.
- },
- "type": "A String", # The metric type, including its DNS name prefix. The type is not
+ "name": "A String", # The resource name of the metric descriptor.
+ "type": "A String", # The metric type, including its DNS name prefix. The type is not
# URL-encoded. All user-defined metric types have the DNS name
# `custom.googleapis.com` or `external.googleapis.com`. Metric types should
# use a natural hierarchical grouping. For example:
#
- # "custom.googleapis.com/invoice/paid/amount"
- # "external.googleapis.com/prometheus/up"
- # "appengine.googleapis.com/http/server/response_latencies"
- "unit": "A String", # The units in which the metric value is reported. It is only applicable
+ # "custom.googleapis.com/invoice/paid/amount"
+ # "external.googleapis.com/prometheus/up"
+ # "appengine.googleapis.com/http/server/response_latencies"
+ "metadata": { # Additional annotations that can be used to guide the usage of a metric. # Optional. Metadata which can be used to guide usage of the metric.
+ "ingestDelay": "A String", # The delay of data points caused by ingestion. Data points older than this
+ # age are guaranteed to be ingested and available to be read, excluding
+ # data loss due to errors.
+ "launchStage": "A String", # Deprecated. Must use the MetricDescriptor.launch_stage instead.
+ "samplePeriod": "A String", # The sampling period of metric data points. For metrics which are written
+ # periodically, consecutive data points are stored at this time interval,
+ # excluding data loss due to errors. Metrics with a higher granularity have
+ # a smaller sampling period.
+ },
+ "valueType": "A String", # Whether the measurement is an integer, a floating-point number, etc.
+ # Some combinations of `metric_kind` and `value_type` might not be supported.
+ "metricKind": "A String", # Whether the metric records instantaneous values, changes to a value, etc.
+ # Some combinations of `metric_kind` and `value_type` might not be supported.
+ "description": "A String", # A detailed description of the metric, which can be used in documentation.
+ "displayName": "A String", # A concise name for the metric, which can be displayed in user interfaces.
+ # Use sentence case without an ending period, for example "Request count".
+ # This field is optional but it is recommended to be set for any metrics
+ # associated with user-visible concepts, such as Quota.
+ "unit": "A String", # The units in which the metric value is reported. It is only applicable
# if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit`
# defines the representation of the stored metric values.
#
@@ -1953,14 +2246,14 @@
#
# The grammar for a unit is as follows:
#
- # Expression = Component { "." Component } { "/" Component } ;
+ # Expression = Component { "." Component } { "/" Component } ;
#
- # Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ]
+ # Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ]
# | Annotation
- # | "1"
+ # | "1"
# ;
#
- # Annotation = "{" NAME "}" ;
+ # Annotation = "{" NAME "}" ;
#
# Notes:
#
@@ -1972,495 +2265,213 @@
# * `1` represents a unitary [dimensionless
# unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such
# as in `1/s`. It is typically used when none of the basic units are
- # appropriate. For example, "new users per day" can be represented as
- # `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new
- # users). Alternatively, "thousands of page views per day" would be
+ # appropriate. For example, "new users per day" can be represented as
+ # `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new
+ # users). Alternatively, "thousands of page views per day" would be
# represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric
- # value of `5.3` would mean "5300 page views per day").
+ # value of `5.3` would mean "5300 page views per day").
# * `%` represents dimensionless value of 1/100, and annotates values giving
# a percentage (so the metric values are typically in the range of 0..100,
- # and a metric value `3` means "3 percent").
+ # and a metric value `3` means "3 percent").
# * `10^2.%` indicates a metric contains a ratio, typically in the range
# 0..1, that will be multiplied by 100 and displayed as a percentage
- # (so a metric value `0.03` means "3 percent").
- "name": "A String", # The resource name of the metric descriptor.
- },
- ],
- "enums": [ # A list of all enum types included in this API service. Enums
- # referenced directly or indirectly by the `apis` are automatically
- # included. Enums which are not referenced but shall be included
- # should be listed here by name. Example:
- #
- # enums:
- # - name: google.someapi.v1.SomeEnum
- { # Enum type definition.
- "syntax": "A String", # The source syntax.
- "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
- # protobuf element, like the file in which it is defined.
- "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
- # protobuf element. For example: `"google/protobuf/source_context.proto"`.
- },
- "options": [ # Protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
+ # (so a metric value `0.03` means "3 percent").
+ "monitoredResourceTypes": [ # Read-only. If present, then a time
+ # series, which is identified partially by
+ # a metric type and a MonitoredResourceDescriptor, that is associated
+ # with this metric type can only be associated with one of the monitored
+ # resource types listed here.
+ "A String",
],
- "name": "A String", # Enum type name.
- "enumvalue": [ # Enum value definitions.
- { # Enum value definition.
- "options": [ # Protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- "number": 42, # Enum value number.
- "name": "A String", # Enum value name.
+ "launchStage": "A String", # Optional. The launch stage of the metric definition.
+ "labels": [ # The set of labels that can be used to describe a specific
+ # instance of this metric type. For example, the
+ # `appengine.googleapis.com/http/server/response_latencies` metric
+ # type has a label for the HTTP response code, `response_code`, so
+ # you can look at latencies for successful responses or just
+ # for responses that failed.
+ { # A description of a label.
+ "key": "A String", # The label key.
+ "description": "A String", # A human-readable description for the label.
+ "valueType": "A String", # The type of data that can be assigned to the label.
},
],
},
],
- "types": [ # A list of all proto message types included in this API service.
- # Types referenced directly or indirectly by the `apis` are
- # automatically included. Messages which are not referenced but
- # shall be included, such as types used by the `google.protobuf.Any` type,
- # should be listed here by name. Example:
+ "authentication": { # `Authentication` defines the authentication configuration for an API. # Auth configuration.
#
- # types:
- # - name: google.protobuf.Int32
- { # A protocol buffer message type.
- "oneofs": [ # The list of types appearing in `oneof` definitions in this type.
- "A String",
- ],
- "name": "A String", # The fully qualified message name.
- "fields": [ # The list of fields.
- { # A single field of a message type.
- "kind": "A String", # The field type.
- "oneofIndex": 42, # The index of the field type in `Type.oneofs`, for message or enumeration
- # types. The first type has index 1; zero means the type is not in the list.
- "typeUrl": "A String", # The field type URL, without the scheme, for message or enumeration
- # types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
- "name": "A String", # The field name.
- "defaultValue": "A String", # The string value of the default value of this field. Proto2 syntax only.
- "jsonName": "A String", # The field JSON name.
- "number": 42, # The field number.
- "cardinality": "A String", # The field cardinality.
- "options": [ # The protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- "packed": True or False, # Whether to use alternative packed wire representation.
- },
- ],
- "syntax": "A String", # The source syntax.
- "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
- # protobuf element, like the file in which it is defined.
- "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
- # protobuf element. For example: `"google/protobuf/source_context.proto"`.
- },
- "options": [ # The protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- },
- ],
- "logging": { # Logging configuration of the service. # Logging configuration.
+ # Example for an API targeted for external use:
#
- # The following example shows how to configure logs to be sent to the
- # producer and consumer projects. In the example, the `activity_history`
- # log is sent to both the producer and consumer projects, whereas the
- # `purchase_history` log is only sent to the producer project.
- #
- # monitored_resources:
- # - type: library.googleapis.com/branch
- # labels:
- # - key: /city
- # description: The city where the library branch is located in.
- # - key: /name
- # description: The name of the branch.
- # logs:
- # - name: activity_history
- # labels:
- # - key: /customer_id
- # - name: purchase_history
- # logging:
- # producer_destinations:
- # - monitored_resource: library.googleapis.com/branch
- # logs:
- # - activity_history
- # - purchase_history
- # consumer_destinations:
- # - monitored_resource: library.googleapis.com/branch
- # logs:
- # - activity_history
- "producerDestinations": [ # Logging configurations for sending logs to the producer project.
- # There can be multiple producer destinations, each one must have a
- # different monitored resource type. A log can be used in at most
- # one producer destination.
- { # Configuration of a specific logging destination (the producer project
- # or the consumer project).
- "monitoredResource": "A String", # The monitored resource type. The type must be defined in the
- # Service.monitored_resources section.
- "logs": [ # Names of the logs to be sent to this destination. Each name must
- # be defined in the Service.logs section. If the log name is
- # not a domain scoped name, it will be automatically prefixed with
- # the service name followed by "/".
- "A String",
- ],
- },
- ],
- "consumerDestinations": [ # Logging configurations for sending logs to the consumer project.
- # There can be multiple consumer destinations, each one must have a
- # different monitored resource type. A log can be used in at most
- # one consumer destination.
- { # Configuration of a specific logging destination (the producer project
- # or the consumer project).
- "monitoredResource": "A String", # The monitored resource type. The type must be defined in the
- # Service.monitored_resources section.
- "logs": [ # Names of the logs to be sent to this destination. Each name must
- # be defined in the Service.logs section. If the log name is
- # not a domain scoped name, it will be automatically prefixed with
- # the service name followed by "/".
- "A String",
- ],
- },
- ],
- },
- "name": "A String", # The service name, which is a DNS-like logical identifier for the
- # service, such as `calendar.googleapis.com`. The service name
- # typically goes through DNS verification to make sure the owner
- # of the service also owns the DNS name.
- "documentation": { # `Documentation` provides the information for describing a service. # Additional API documentation.
- #
- # Example:
- # <pre><code>documentation:
- # summary: >
- # The Google Calendar API gives access
- # to most calendar features.
- # pages:
- # - name: Overview
- # content: &#40;== include google/foo/overview.md ==&#41;
- # - name: Tutorial
- # content: &#40;== include google/foo/tutorial.md ==&#41;
- # subpages;
- # - name: Java
- # content: &#40;== include google/foo/tutorial_java.md ==&#41;
- # rules:
- # - selector: google.calendar.Calendar.Get
- # description: >
- # ...
- # - selector: google.calendar.Calendar.Put
- # description: >
- # ...
- # </code></pre>
- # Documentation is provided in markdown syntax. In addition to
- # standard markdown features, definition lists, tables and fenced
- # code blocks are supported. Section headers can be provided and are
- # interpreted relative to the section nesting of the context where
- # a documentation fragment is embedded.
- #
- # Documentation from the IDL is merged with documentation defined
- # via the config at normalization time, where documentation provided
- # by config rules overrides IDL provided.
- #
- # A number of constructs specific to the API platform are supported
- # in documentation text.
- #
- # In order to reference a proto element, the following
- # notation can be used:
- # <pre><code>&#91;fully.qualified.proto.name]&#91;]</code></pre>
- # To override the display text used for the link, this can be used:
- # <pre><code>&#91;display text]&#91;fully.qualified.proto.name]</code></pre>
- # Text can be excluded from doc using the following notation:
- # <pre><code>&#40;-- internal comment --&#41;</code></pre>
- #
- # A few directives are available in documentation. Note that
- # directives must appear on a single line to be properly
- # identified. The `include` directive includes a markdown file from
- # an external source:
- # <pre><code>&#40;== include path/to/file ==&#41;</code></pre>
- # The `resource_for` directive marks a message to be the resource of
- # a collection in REST view. If it is not specified, tools attempt
- # to infer the resource from the operations in a collection:
- # <pre><code>&#40;== resource_for v1.shelves.books ==&#41;</code></pre>
- # The directive `suppress_warning` does not directly affect documentation
- # and is documented together with service config validation.
- "rules": [ # A list of documentation rules that apply to individual API elements.
- #
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # A documentation rule provides information about individual API elements.
- "description": "A String", # Description of the selected API(s).
- "deprecationDescription": "A String", # Deprecation description of the selected element(s). It can be provided if
- # an element is marked as `deprecated`.
- "selector": "A String", # The selector is a comma-separated list of patterns. Each pattern is a
- # qualified name of the element which may end in "*", indicating a wildcard.
- # Wildcards are only allowed at the end and for a whole component of the
- # qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A
- # wildcard will match one or more components. To specify a default for all
- # applicable elements, the whole pattern "*" is used.
- },
- ],
- "documentationRootUrl": "A String", # The URL to the root of documentation.
- "summary": "A String", # A short summary of what the service does. Can only be provided by
- # plain text.
- "serviceRootUrl": "A String", # Specifies the service root url if the default one (the service name
- # from the yaml file) is not suitable. This can be seen in any fully
- # specified service urls as well as sections that show a base that other
- # urls are relative to.
- "overview": "A String", # Declares a single overview page. For example:
- # <pre><code>documentation:
- # summary: ...
- # overview: &#40;== include overview.md ==&#41;
- # </code></pre>
- # This is a shortcut for the following declaration (using pages style):
- # <pre><code>documentation:
- # summary: ...
- # pages:
- # - name: Overview
- # content: &#40;== include overview.md ==&#41;
- # </code></pre>
- # Note: you cannot specify both `overview` field and `pages` field.
- "pages": [ # The top level pages for the documentation set.
- { # Represents a documentation page. A page can contain subpages to represent
- # nested documentation set structure.
- "content": "A String", # The Markdown content of the page. You can use <code>&#40;== include {path}
- # ==&#41;</code> to include content from a Markdown file.
- "subpages": [ # Subpages of this page. The order of subpages specified here will be
- # honored in the generated docset.
- # Object with schema name: Page
- ],
- "name": "A String", # The name of the page. It will be used as an identity of the page to
- # generate URI of the page, text of the link to this page in navigation,
- # etc. The full page name (start from the root page name to this page
- # concatenated with `.`) can be used as reference to the page in your
- # documentation. For example:
- # <pre><code>pages:
- # - name: Tutorial
- # content: &#40;== include tutorial.md ==&#41;
- # subpages:
- # - name: Java
- # content: &#40;== include tutorial_java.md ==&#41;
- # </code></pre>
- # You can reference `Java` page using Markdown reference link syntax:
- # `Java`.
- },
- ],
- },
- "sourceInfo": { # Source information used to create a Service Config # Output only. The source information for this configuration if available.
- "sourceFiles": [ # All files used during config generation.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "systemTypes": [ # A list of all proto message types included in this API service.
- # It serves similar purpose as [google.api.Service.types], except that
- # these types are not needed by user-defined APIs. Therefore, they will not
- # show up in the generated discovery doc. This field should only be used
- # to define system APIs in ESF.
- { # A protocol buffer message type.
- "oneofs": [ # The list of types appearing in `oneof` definitions in this type.
- "A String",
- ],
- "name": "A String", # The fully qualified message name.
- "fields": [ # The list of fields.
- { # A single field of a message type.
- "kind": "A String", # The field type.
- "oneofIndex": 42, # The index of the field type in `Type.oneofs`, for message or enumeration
- # types. The first type has index 1; zero means the type is not in the list.
- "typeUrl": "A String", # The field type URL, without the scheme, for message or enumeration
- # types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
- "name": "A String", # The field name.
- "defaultValue": "A String", # The string value of the default value of this field. Proto2 syntax only.
- "jsonName": "A String", # The field JSON name.
- "number": 42, # The field number.
- "cardinality": "A String", # The field cardinality.
- "options": [ # The protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- "packed": True or False, # Whether to use alternative packed wire representation.
- },
- ],
- "syntax": "A String", # The source syntax.
- "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
- # protobuf element, like the file in which it is defined.
- "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
- # protobuf element. For example: `"google/protobuf/source_context.proto"`.
- },
- "options": [ # The protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- },
- ],
- "context": { # `Context` defines which contexts an API requests. # Context configuration.
- #
- # Example:
- #
- # context:
+ # name: calendar.googleapis.com
+ # authentication:
+ # providers:
+ # - id: google_calendar_auth
+ # jwks_uri: https://www.googleapis.com/oauth2/v1/certs
+ # issuer: https://securetoken.google.com
# rules:
- # - selector: "*"
- # requested:
- # - google.rpc.context.ProjectContext
- # - google.rpc.context.OriginContext
- #
- # The above specifies that all methods in the API request
- # `google.rpc.context.ProjectContext` and
- # `google.rpc.context.OriginContext`.
- #
- # Available context types are defined in package
- # `google.rpc.context`.
- #
- # This also provides mechanism to whitelist any protobuf message extension that
- # can be sent in grpc metadata using “x-goog-ext-<extension_id>-bin” and
- # “x-goog-ext-<extension_id>-jspb” format. For example, list any service
- # specific protobuf types that can appear in grpc metadata as follows in your
- # yaml file:
- #
- # Example:
- #
- # context:
- # rules:
- # - selector: "google.example.library.v1.LibraryService.CreateBook"
- # allowed_request_extensions:
- # - google.foo.v1.NewExtension
- # allowed_response_extensions:
- # - google.foo.v1.NewExtension
- #
- # You can also specify extension ID instead of fully qualified extension name
- # here.
- "rules": [ # A list of RPC context rules that apply to individual API methods.
+ # - selector: "*"
+ # requirements:
+ # provider_id: google_calendar_auth
+ "rules": [ # A list of authentication rules that apply to individual API methods.
#
- # **NOTE:** All service configuration rules follow "last one wins" order.
- { # A context rule provides information about the context for an individual API
- # element.
- "provided": [ # A list of full type names of provided contexts.
- "A String",
+ # **NOTE:** All service configuration rules follow "last one wins" order.
+ { # Authentication rules for the service.
+ #
+ # By default, if a method has any authentication requirements, every request
+ # must include a valid credential matching one of the requirements.
+ # It's an error to include more than one kind of credential in a single
+ # request.
+ #
+ # If a method doesn't have any auth requirements, request credentials will be
+ # ignored.
+ "requirements": [ # Requirements for additional authentication providers.
+ { # User-defined authentication requirements, including support for
+ # [JSON Web Token
+ # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+ "providerId": "A String", # id from authentication provider.
+ #
+ # Example:
+ #
+ # provider_id: bookstore_auth
+ "audiences": "A String", # NOTE: This will be deprecated soon, once AuthProvider.audiences is
+ # implemented and accepted in all the runtime components.
+ #
+ # The list of JWT
+ # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+ # that are allowed to access. A JWT containing any of these audiences will
+ # be accepted. When this setting is absent, only JWTs with audience
+ # "https://Service_name/API_name"
+ # will be accepted. For example, if no audiences are in the setting,
+ # LibraryService API will only accept JWTs with the following audience
+ # "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
+ #
+ # Example:
+ #
+ # audiences: bookstore_android.apps.googleusercontent.com,
+ # bookstore_web.apps.googleusercontent.com
+ },
],
- "allowedResponseExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
- # side channel from backend to client.
- "A String",
- ],
- "allowedRequestExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
- # side channel from client to backend.
- "A String",
- ],
- "requested": [ # A list of full type names of requested contexts.
- "A String",
- ],
- "selector": "A String", # Selects the methods to which this rule applies.
+ "selector": "A String", # Selects the methods to which this rule applies.
#
# Refer to selector for syntax details.
+ "allowWithoutCredential": True or False, # If true, the service accepts API keys without any other credential.
+ "oauth": { # OAuth scopes are a way to define data and permissions on data. For example, # The requirements for OAuth credentials.
+ # there are scopes defined for "Read-only access to Google Calendar" and
+ # "Access to Cloud Platform". Users can consent to a scope for an application,
+ # giving it permission to access that data on their behalf.
+ #
+ # OAuth scope specifications should be fairly coarse grained; a user will need
+ # to see and understand the text description of what your scope means.
+ #
+ # In most cases: use one or at most two OAuth scopes for an entire family of
+ # products. If your product has multiple APIs, you should probably be sharing
+ # the OAuth scope across all of those APIs.
+ #
+ # When you need finer grained OAuth consent screens: talk with your product
+ # management about how developers will use them in practice.
+ #
+ # Please note that even though each of the canonical scopes is enough for a
+ # request to be accepted and passed to the backend, a request can still fail
+ # due to the backend requiring additional scopes or permissions.
+ "canonicalScopes": "A String", # The list of publicly documented OAuth scopes that are allowed access. An
+ # OAuth token containing any of these scopes will be accepted.
+ #
+ # Example:
+ #
+ # canonical_scopes: https://www.googleapis.com/auth/calendar,
+ # https://www.googleapis.com/auth/calendar.read
+ },
+ },
+ ],
+ "providers": [ # Defines a set of authentication providers that a service supports.
+ { # Configuration for an authentication provider, including support for
+ # [JSON Web Token
+ # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+ "jwksUri": "A String", # URL of the provider's public key set to validate signature of the JWT. See
+ # [OpenID
+ # Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+ # Optional if the key set document:
+ # - can be retrieved from
+ # [OpenID
+ # Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of
+ # the issuer.
+ # - can be inferred from the email domain of the issuer (e.g. a Google
+ # service account).
+ #
+ # Example: https://www.googleapis.com/oauth2/v1/certs
+ "audiences": "A String", # The list of JWT
+ # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+ # that are allowed to access. A JWT containing any of these audiences will
+ # be accepted. When this setting is absent, JWTs with audiences:
+ # - "https://[service.name]/[google.protobuf.Api.name]"
+ # - "https://[service.name]/"
+ # will be accepted.
+ # For example, if no audiences are in the setting, LibraryService API will
+ # accept JWTs with the following audiences:
+ # -
+ # https://library-example.googleapis.com/google.example.library.v1.LibraryService
+ # - https://library-example.googleapis.com/
+ #
+ # Example:
+ #
+ # audiences: bookstore_android.apps.googleusercontent.com,
+ # bookstore_web.apps.googleusercontent.com
+ "authorizationUrl": "A String", # Redirect URL if JWT token is required but not present or is expired.
+ # Implement authorizationUrl of securityDefinitions in OpenAPI spec.
+ "issuer": "A String", # Identifies the principal that issued the JWT. See
+ # https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
+ # Usually a URL or an email address.
+ #
+ # Example: https://securetoken.google.com
+ # Example: 1234567-compute@developer.gserviceaccount.com
+ "id": "A String", # The unique identifier of the auth provider. It will be referred to by
+ # `AuthRequirement.provider_id`.
+ #
+ # Example: "bookstore_auth".
+ "jwtLocations": [ # Defines the locations to extract the JWT.
+ #
+ # JWT locations can be either from HTTP headers or URL query parameters.
+ # The rule is that the first match wins. The checking order is: checking
+ # all headers first, then URL query parameters.
+ #
+ # If not specified, default to use following 3 locations:
+ # 1) Authorization: Bearer
+ # 2) x-goog-iap-jwt-assertion
+ # 3) access_token query parameter
+ #
+ # Default locations can be specified as followings:
+ # jwt_locations:
+ # - header: Authorization
+ # value_prefix: "Bearer "
+ # - header: x-goog-iap-jwt-assertion
+ # - query: access_token
+ { # Specifies a location to extract JWT from an API request.
+ "header": "A String", # Specifies HTTP header name to extract JWT token.
+ "valuePrefix": "A String", # The value prefix. The value format is "value_prefix{token}"
+ # Only applies to "in" header type. Must be empty for "in" query type.
+ # If not empty, the header value has to match (case sensitive) this prefix.
+ # If not matched, JWT will not be extracted. If matched, JWT will be
+ # extracted after the prefix is removed.
+ #
+ # For example, for "Authorization: Bearer {JWT}",
+ # value_prefix="Bearer " with a space at the end.
+ "query": "A String", # Specifies URL query parameter name to extract JWT token.
+ },
+ ],
},
],
},
- "endpoints": [ # Configuration for network endpoints. If this is empty, then an endpoint
- # with the same name as the service is automatically generated to service all
- # defined APIs.
- { # `Endpoint` describes a network endpoint that serves a set of APIs.
- # A service may expose any number of endpoints, and all endpoints share the
- # same service configuration, such as quota configuration and monitoring
- # configuration.
- #
- # Example service configuration:
- #
- # name: library-example.googleapis.com
- # endpoints:
- # # Below entry makes 'google.example.library.v1.Library'
- # # API be served from endpoint address library-example.googleapis.com.
- # # It also allows HTTP OPTIONS calls to be passed to the backend, for
- # # it to decide whether the subsequent cross-origin request is
- # # allowed to proceed.
- # - name: library-example.googleapis.com
- # allow_cors: true
- "allowCors": True or False, # Allowing
- # [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka
- # cross-domain traffic, would allow the backends served from this endpoint to
- # receive and respond to HTTP OPTIONS requests. The response will be used by
- # the browser to determine whether the subsequent cross-origin request is
- # allowed to proceed.
- "target": "A String", # The specification of an Internet routable address of API frontend that will
- # handle requests to this [API
- # Endpoint](https://cloud.google.com/apis/design/glossary). It should be
- # either a valid IPv4 address or a fully-qualified domain name. For example,
- # "8.8.8.8" or "myservice.appspot.com".
- "features": [ # The list of features enabled on this endpoint.
- "A String",
- ],
- "name": "A String", # The canonical name of this endpoint.
- "aliases": [ # DEPRECATED: This field is no longer supported. Instead of using aliases,
- # please specify multiple google.api.Endpoint for each of the intended
- # aliases.
- #
- # Additional names that this endpoint will be hosted on.
- "A String",
- ],
- },
- ],
+ "control": { # Selects and configures the service controller used by the service. The # Configuration for the service control plane.
+ # service controller handles features like abuse, quota, billing, logging,
+ # monitoring, etc.
+ "environment": "A String", # The service control environment to use. If empty, no control plane
+ # feature (like quota and billing) will be enabled.
+ },
+ "configVersion": 42, # The semantic version of the service configuration. The config version
+ # affects the interpretation of the service configuration. For example,
+ # certain features are enabled by default for certain config versions.
+ #
+ # The latest config version is `3`.
}</pre>
</div>
@@ -2477,9 +2488,9 @@
The object takes the form of:
{ # Request message for `GetIamPolicy` method.
- "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
- # `GetIamPolicy`. This field is only used by Cloud IAM.
- "requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
+ "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
+ # `GetIamPolicy`.
+ "requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
#
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
# rejected.
@@ -2487,6 +2498,10 @@
# Requests for policies with any conditional bindings must specify version 3.
# Policies without any conditional bindings may specify any valid value or
# leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
},
}
@@ -2508,36 +2523,40 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
# {
- # "bindings": [
+ # "bindings": [
# {
- # "role": "roles/resourcemanager.organizationAdmin",
- # "members": [
- # "user:mike@example.com",
- # "group:admins@example.com",
- # "domain:google.com",
- # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ # "role": "roles/resourcemanager.organizationAdmin",
+ # "members": [
+ # "user:mike@example.com",
+ # "group:admins@example.com",
+ # "domain:google.com",
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
- # "condition": {
- # "title": "expirable access",
- # "description": "Does not grant access after Sep 2020",
- # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": [
+ # "user:eve@example.com"
+ # ],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
# }
# }
# ],
- # "etag": "BwWWja0YfJA=",
- # "version": 3
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
# **YAML example:**
@@ -2555,63 +2574,190 @@
# condition:
# title: expirable access
# description: Does not grant access after Sep 2020
- # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
# - etag: BwWWja0YfJA=
# - version: 3
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # },
+ # {
+ # "log_type": "ADMIN_READ",
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ "logType": "A String", # The log type that this config enables.
+ },
+ ],
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ },
+ ],
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
# Example (Comparison):
#
- # title: "Summary size limit"
- # description: "Determines if a summary is less than 100 chars"
- # expression: "document.summary.size() < 100"
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
#
# Example (Equality):
#
- # title: "Requestor is owner"
- # description: "Determines if requestor is the document owner"
- # expression: "document.owner == request.auth.claims.email"
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
#
# Example (Logic):
#
- # title: "Public documents"
- # description: "Determine whether the document should be publicly visible"
- # expression: "document.type != 'private' && document.type != 'internal'"
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
#
# Example (Data Manipulation):
#
- # title: "Notification string"
- # description: "Create a notification string with a timestamp."
- # expression: "'New message received at ' + string(document.create_time)"
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
#
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
# * `allUsers`: A special identifier that represents anyone who is
@@ -2654,154 +2800,38 @@
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
- "A String",
+ "A String",
],
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- "logType": "A String", # The log type that this config enables.
- },
- ],
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- },
- ],
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(producerProjectId=None, pageSize=None, pageToken=None, consumerId=None, x__xgafv=None)</code>
+ <code class="details" id="list">list(consumerId=None, pageToken=None, pageSize=None, producerProjectId=None, x__xgafv=None)</code>
<pre>Lists managed services.
Returns all public services. For authenticated users, also returns all
-services the calling user has "servicemanagement.services.get" permission
+services the calling user has "servicemanagement.services.get" permission
for.
**BETA:** If the caller specifies the `consumer_id`, it returns only the
services enabled on the consumer. The `consumer_id` must have the format
-of "project:{PROJECT-ID}".
+of "project:{PROJECT-ID}".
Args:
- producerProjectId: string, Include services produced by the specified project.
- pageSize: integer, The max number of items to include in the response list. Page size is 50
-if not specified. Maximum value is 100.
- pageToken: string, Token identifying which result to start with; returned by a previous list
-call.
consumerId: string, Include services consumed by the specified consumer.
The Google Service Management implementation accepts the following
forms:
- project:<project_id>
+ pageToken: string, Token identifying which result to start with; returned by a previous list
+call.
+ pageSize: integer, The max number of items to include in the response list. Page size is 50
+if not specified. Maximum value is 100.
+ producerProjectId: string, Include services produced by the specified project.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -2811,15 +2841,15 @@
An object of the form:
{ # Response message for `ListServices` method.
- "services": [ # The returned services will only have the name field set.
+ "services": [ # The returned services will only have the name field set.
{ # The full representation of a Service that is managed by
# Google Service Management.
- "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
+ "producerProjectId": "A String", # ID of the project that produces and owns this service.
+ "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
# for naming requirements.
- "producerProjectId": "A String", # ID of the project that produces and owns this service.
},
],
- "nextPageToken": "A String", # Token that can be passed to `ListServices` to resume a paginated query.
+ "nextPageToken": "A String", # Token that can be passed to `ListServices` to resume a paginated query.
}</pre>
</div>
@@ -2832,7 +2862,7 @@
previous_response: The response from the request for the previous page. (required)
Returns:
- A request object that you can call 'execute()' on to request the next
+ A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
</pre>
</div>
@@ -2842,7 +2872,7 @@
<pre>Sets the access control policy on the specified resource. Replaces any
existing policy.
-Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
+Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
Args:
resource: string, REQUIRED: The resource for which the policy is being specified.
@@ -2851,7 +2881,12 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
+ "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+ # the fields in the mask will be modified. If no mask is provided, the
+ # following default mask is used:
+ #
+ # `paths: "bindings, etag"`
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
# the policy is limited to a few 10s of KB. An empty policy is a
# valid policy but certain Cloud Platform services (such as Projects)
# might reject them.
@@ -2864,36 +2899,40 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
# {
- # "bindings": [
+ # "bindings": [
# {
- # "role": "roles/resourcemanager.organizationAdmin",
- # "members": [
- # "user:mike@example.com",
- # "group:admins@example.com",
- # "domain:google.com",
- # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ # "role": "roles/resourcemanager.organizationAdmin",
+ # "members": [
+ # "user:mike@example.com",
+ # "group:admins@example.com",
+ # "domain:google.com",
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
- # "condition": {
- # "title": "expirable access",
- # "description": "Does not grant access after Sep 2020",
- # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": [
+ # "user:eve@example.com"
+ # ],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
# }
# }
# ],
- # "etag": "BwWWja0YfJA=",
- # "version": 3
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
# **YAML example:**
@@ -2911,63 +2950,190 @@
# condition:
# title: expirable access
# description: Does not grant access after Sep 2020
- # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
# - etag: BwWWja0YfJA=
# - version: 3
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # },
+ # {
+ # "log_type": "ADMIN_READ",
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ "logType": "A String", # The log type that this config enables.
+ },
+ ],
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ },
+ ],
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
# Example (Comparison):
#
- # title: "Summary size limit"
- # description: "Determines if a summary is less than 100 chars"
- # expression: "document.summary.size() < 100"
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
#
# Example (Equality):
#
- # title: "Requestor is owner"
- # description: "Determines if requestor is the document owner"
- # expression: "document.owner == request.auth.claims.email"
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
#
# Example (Logic):
#
- # title: "Public documents"
- # description: "Determine whether the document should be publicly visible"
- # expression: "document.type != 'private' && document.type != 'internal'"
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
#
# Example (Data Manipulation):
#
- # title: "Notification string"
- # description: "Create a notification string with a timestamp."
- # expression: "'New message received at ' + string(document.create_time)"
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
#
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
# * `allUsers`: A special identifier that represents anyone who is
@@ -3010,134 +3176,13 @@
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
- "A String",
+ "A String",
],
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- "logType": "A String", # The log type that this config enables.
- },
- ],
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- },
- ],
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
},
- "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
- # the fields in the mask will be modified. If no mask is provided, the
- # following default mask is used:
- # paths: "bindings, etag"
- # This field is only used by Cloud IAM.
}
x__xgafv: string, V1 error format.
@@ -3158,36 +3203,40 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
# {
- # "bindings": [
+ # "bindings": [
# {
- # "role": "roles/resourcemanager.organizationAdmin",
- # "members": [
- # "user:mike@example.com",
- # "group:admins@example.com",
- # "domain:google.com",
- # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+ # "role": "roles/resourcemanager.organizationAdmin",
+ # "members": [
+ # "user:mike@example.com",
+ # "group:admins@example.com",
+ # "domain:google.com",
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
- # "condition": {
- # "title": "expirable access",
- # "description": "Does not grant access after Sep 2020",
- # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": [
+ # "user:eve@example.com"
+ # ],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
# }
# }
# ],
- # "etag": "BwWWja0YfJA=",
- # "version": 3
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
# **YAML example:**
@@ -3205,63 +3254,190 @@
# condition:
# title: expirable access
# description: Does not grant access after Sep 2020
- # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
# - etag: BwWWja0YfJA=
# - version: 3
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # },
+ # {
+ # "log_type": "ADMIN_READ",
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ "logType": "A String", # The log type that this config enables.
+ },
+ ],
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ },
+ ],
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
# Example (Comparison):
#
- # title: "Summary size limit"
- # description: "Determines if a summary is less than 100 chars"
- # expression: "document.summary.size() < 100"
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
#
# Example (Equality):
#
- # title: "Requestor is owner"
- # description: "Determines if requestor is the document owner"
- # expression: "document.owner == request.auth.claims.email"
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
#
# Example (Logic):
#
- # title: "Public documents"
- # description: "Determine whether the document should be publicly visible"
- # expression: "document.type != 'private' && document.type != 'internal'"
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
#
# Example (Data Manipulation):
#
- # title: "Notification string"
- # description: "Create a notification string with a timestamp."
- # expression: "'New message received at ' + string(document.create_time)"
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
#
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
# * `allUsers`: A special identifier that represents anyone who is
@@ -3304,128 +3480,12 @@
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
- "A String",
+ "A String",
],
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- "logType": "A String", # The log type that this config enables.
- },
- ],
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- },
- ],
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
}</pre>
</div>
@@ -3433,11 +3493,11 @@
<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
<pre>Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of
-permissions, not a NOT_FOUND error.
+permissions, not a `NOT_FOUND` error.
Note: This operation is designed to be used for building permission-aware
UIs and command-line tools, not for authorization checking. This operation
-may "fail open" without warning.
+may "fail open" without warning.
Args:
resource: string, REQUIRED: The resource for which the policy detail is being requested.
@@ -3446,11 +3506,11 @@
The object takes the form of:
{ # Request message for `TestIamPermissions` method.
- "permissions": [ # The set of permissions to check for the `resource`. Permissions with
- # wildcards (such as '*' or 'storage.*') are not allowed. For more
+ "permissions": [ # The set of permissions to check for the `resource`. Permissions with
+ # wildcards (such as '*' or 'storage.*') are not allowed. For more
# information see
# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
- "A String",
+ "A String",
],
}
@@ -3463,9 +3523,9 @@
An object of the form:
{ # Response message for `TestIamPermissions` method.
- "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
+ "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
# allowed.
- "A String",
+ "A String",
],
}</pre>
</div>
@@ -3492,34 +3552,16 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "metadata": { # Service-specific metadata associated with the operation. It typically
+ "metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
- "response": { # The normal response of the operation in case of success. If the original
+ "response": { # The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
# `Get`/`Create`/`Update`, the response should be the resource. For other
@@ -3527,11 +3569,29 @@
# is the original method name. For example, if the original method name
# is `TakeSnapshot()`, the inferred response type is
# `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ },
}</pre>
</div>