|
| 1 | +// Copyright 2023 Google LLC |
| 2 | +// |
| 3 | +// Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | +// you may not use this file except in compliance with the License. |
| 5 | +// You may obtain a copy of the License at |
| 6 | +// |
| 7 | +// http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +// |
| 9 | +// Unless required by applicable law or agreed to in writing, software |
| 10 | +// distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +// See the License for the specific language governing permissions and |
| 13 | +// limitations under the License. |
| 14 | + |
| 15 | +syntax = "proto3"; |
| 16 | + |
| 17 | +package google.cloud.cloudcontrolspartner.v1; |
| 18 | + |
| 19 | +import "google/api/field_behavior.proto"; |
| 20 | +import "google/api/resource.proto"; |
| 21 | +import "google/protobuf/timestamp.proto"; |
| 22 | + |
| 23 | +option csharp_namespace = "Google.Cloud.CloudControlsPartner.V1"; |
| 24 | +option go_package = "cloud.google.com/go/cloudcontrolspartner/apiv1/cloudcontrolspartnerpb;cloudcontrolspartnerpb"; |
| 25 | +option java_multiple_files = true; |
| 26 | +option java_outer_classname = "AccessApprovalRequestsProto"; |
| 27 | +option java_package = "com.google.cloud.cloudcontrolspartner.v1"; |
| 28 | +option php_namespace = "Google\\Cloud\\CloudControlsPartner\\V1"; |
| 29 | +option ruby_package = "Google::Cloud::CloudControlsPartner::V1"; |
| 30 | + |
| 31 | +// Details about the Access request. |
| 32 | +message AccessApprovalRequest { |
| 33 | + option (google.api.resource) = { |
| 34 | + type: "cloudcontrolspartner.googleapis.com/AccessApprovalRequest" |
| 35 | + pattern: "organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}" |
| 36 | + plural: "accessApprovalRequests" |
| 37 | + singular: "accessApprovalRequest" |
| 38 | + }; |
| 39 | + |
| 40 | + // Identifier. Format: |
| 41 | + // `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}` |
| 42 | + string name = 1 [(google.api.field_behavior) = IDENTIFIER]; |
| 43 | + |
| 44 | + // The time at which approval was requested. |
| 45 | + google.protobuf.Timestamp request_time = 2; |
| 46 | + |
| 47 | + // The justification for which approval is being requested. |
| 48 | + AccessReason requested_reason = 3; |
| 49 | + |
| 50 | + // The requested expiration for the approval. If the request is approved, |
| 51 | + // access will be granted from the time of approval until the expiration time. |
| 52 | + google.protobuf.Timestamp requested_expiration_time = 4; |
| 53 | +} |
| 54 | + |
| 55 | +// Request for getting the access requests associated with a workload. |
| 56 | +message ListAccessApprovalRequestsRequest { |
| 57 | + // Required. Parent resource |
| 58 | + // Format: |
| 59 | + // `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}` |
| 60 | + string parent = 1 [ |
| 61 | + (google.api.field_behavior) = REQUIRED, |
| 62 | + (google.api.resource_reference) = { |
| 63 | + child_type: "cloudcontrolspartner.googleapis.com/AccessApprovalRequest" |
| 64 | + } |
| 65 | + ]; |
| 66 | + |
| 67 | + // Optional. The maximum number of access requests to return. The service may |
| 68 | + // return fewer than this value. If unspecified, at most 500 access requests |
| 69 | + // will be returned. |
| 70 | + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; |
| 71 | + |
| 72 | + // Optional. A page token, received from a previous |
| 73 | + // `ListAccessApprovalRequests` call. Provide this to retrieve the subsequent |
| 74 | + // page. |
| 75 | + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; |
| 76 | + |
| 77 | + // Optional. Filtering results. |
| 78 | + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; |
| 79 | + |
| 80 | + // Optional. Hint for how to order the results. |
| 81 | + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; |
| 82 | +} |
| 83 | + |
| 84 | +// Response message for list access requests. |
| 85 | +message ListAccessApprovalRequestsResponse { |
| 86 | + // List of access approval requests |
| 87 | + repeated AccessApprovalRequest access_approval_requests = 1; |
| 88 | + |
| 89 | + // A token that can be sent as `page_token` to retrieve the next page. |
| 90 | + // If this field is omitted, there are no subsequent pages. |
| 91 | + string next_page_token = 2; |
| 92 | + |
| 93 | + // Locations that could not be reached. |
| 94 | + repeated string unreachable = 3; |
| 95 | +} |
| 96 | + |
| 97 | +// Reason for the access. |
| 98 | +message AccessReason { |
| 99 | + // Type of access justification. |
| 100 | + enum Type { |
| 101 | + // Default value for proto, shouldn't be used. |
| 102 | + TYPE_UNSPECIFIED = 0; |
| 103 | + |
| 104 | + // Customer made a request or raised an issue that required the principal to |
| 105 | + // access customer data. `detail` is of the form ("#####" is the issue ID): |
| 106 | + // |
| 107 | + // - "Feedback Report: #####" |
| 108 | + // - "Case Number: #####" |
| 109 | + // - "Case ID: #####" |
| 110 | + // - "E-PIN Reference: #####" |
| 111 | + // - "Google-#####" |
| 112 | + // - "T-#####" |
| 113 | + CUSTOMER_INITIATED_SUPPORT = 1; |
| 114 | + |
| 115 | + // The principal accessed customer data in order to diagnose or resolve a |
| 116 | + // suspected issue in services. Often this access is used to confirm that |
| 117 | + // customers are not affected by a suspected service issue or to remediate a |
| 118 | + // reversible system issue. |
| 119 | + GOOGLE_INITIATED_SERVICE = 2; |
| 120 | + |
| 121 | + // Google initiated service for security, fraud, abuse, or compliance |
| 122 | + // purposes. |
| 123 | + GOOGLE_INITIATED_REVIEW = 3; |
| 124 | + |
| 125 | + // The principal was compelled to access customer data in order to respond |
| 126 | + // to a legal third party data request or process, including legal processes |
| 127 | + // from customers themselves. |
| 128 | + THIRD_PARTY_DATA_REQUEST = 4; |
| 129 | + |
| 130 | + // The principal accessed customer data in order to diagnose or resolve a |
| 131 | + // suspected issue in services or a known outage. |
| 132 | + GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5; |
| 133 | + |
| 134 | + // Similar to 'GOOGLE_INITIATED_SERVICE' or 'GOOGLE_INITIATED_REVIEW', but |
| 135 | + // with universe agnostic naming. The principal accessed customer data in |
| 136 | + // order to diagnose or resolve a suspected issue in services or a known |
| 137 | + // outage, or for security, fraud, abuse, or compliance review purposes. |
| 138 | + CLOUD_INITIATED_ACCESS = 6; |
| 139 | + } |
| 140 | + |
| 141 | + // Type of access justification. |
| 142 | + Type type = 1; |
| 143 | + |
| 144 | + // More detail about certain reason types. See comments for each type above. |
| 145 | + string detail = 2; |
| 146 | +} |
![gcf-owl-bot[bot]](https://avatars.githubusercontent.com/in/99011?v=4&size=40){kind=avatar}
0 commit comments