feat!: Replace enum with string representation for predefined ACLs and public_access_prevention

Google APIs · copybara-github · commit 151e02bdb281 · 2022-03-29T11:30:22.000-07:00
fix!: Remove CustomPlacementConfig, which is no longer the way custom dual regions will be specified

feat: Add Autoclass support to Bucket configuration

feat: Add matches_prefix and matches_suffix support to Lifecycle configuration
PiperOrigin-RevId: 438078321
diff --git a/google/storage/v2/storage.proto b/google/storage/v2/storage.proto
@@ -325,10 +325,14 @@ message CreateBucketRequest {
   string bucket_id = 3 [(google.api.field_behavior) = REQUIRED];
 
   // Apply a predefined set of access controls to this bucket.
-  PredefinedBucketAcl predefined_acl = 4;
+  // Valid values are "authenticatedRead", "private", "projectPrivate",
+  // "publicRead", or "publicReadWrite".
+  string predefined_acl = 6;
 
   // Apply a predefined set of default object access controls to this bucket.
-  PredefinedObjectAcl predefined_default_object_acl = 5;
+  // Valid values are "authenticatedRead", "bucketOwnerFullControl",
+  // "bucketOwnerRead", "private", "projectPrivate", or "publicRead".
+  string predefined_default_object_acl = 7;
 }
 
 // Request message for ListBuckets.
@@ -407,10 +411,14 @@ message UpdateBucketRequest {
   optional int64 if_metageneration_not_match = 3;
 
   // Apply a predefined set of access controls to this bucket.
-  PredefinedBucketAcl predefined_acl = 4;
+  // Valid values are "authenticatedRead", "private", "projectPrivate",
+  // "publicRead", or "publicReadWrite".
+  string predefined_acl = 8;
 
   // Apply a predefined set of default object access controls to this bucket.
-  PredefinedObjectAcl predefined_default_object_acl = 5;
+  // Valid values are "authenticatedRead", "bucketOwnerFullControl",
+  // "bucketOwnerRead", "private", "projectPrivate", or "publicRead".
+  string predefined_default_object_acl = 9;
 
   // List of fields to be updated.
   //
@@ -529,7 +537,9 @@ message ComposeObjectRequest {
   repeated SourceObject source_objects = 2;
 
   // Apply a predefined set of access controls to the destination object.
-  PredefinedObjectAcl destination_predefined_acl = 3;
+  // Valid values are "authenticatedRead", "bucketOwnerFullControl",
+  // "bucketOwnerRead", "private", "projectPrivate", or "publicRead".
+  string destination_predefined_acl = 9;
 
   // Makes the operation conditional on whether the object's current generation
   // matches the given value. Setting to 0 makes the operation succeed only if
@@ -708,7 +718,7 @@ message GetObjectRequest {
   optional google.protobuf.FieldMask read_mask = 10;
 }
 
-// Response message for GetObject.
+// Response message for ReadObject.
 message ReadObjectResponse {
   // A portion of the data for the object. The service **may** leave `data`
   // empty for any given `ReadResponse`. This enables the service to inform the
@@ -737,7 +747,9 @@ message WriteObjectSpec {
   Object resource = 1;
 
   // Apply a predefined set of access controls to this object.
-  PredefinedObjectAcl predefined_acl = 2;
+  // Valid values are "authenticatedRead", "bucketOwnerFullControl",
+  // "bucketOwnerRead", "private", "projectPrivate", or "publicRead".
+  string predefined_acl = 7;
 
   // Makes the operation conditional on whether the object's current
   // generation matches the given value. Setting to 0 makes the operation
@@ -984,7 +996,9 @@ message RewriteObjectRequest {
   string rewrite_token = 5;
 
   // Apply a predefined set of access controls to the destination object.
-  PredefinedObjectAcl destination_predefined_acl = 6;
+  // Valid values are "authenticatedRead", "bucketOwnerFullControl",
+  // "bucketOwnerRead", "private", "projectPrivate", or "publicRead".
+  string destination_predefined_acl = 28;
 
   // Makes the operation conditional on whether the object's current generation
   // matches the given value. Setting to 0 makes the operation succeed only if
@@ -1123,7 +1137,9 @@ message UpdateObjectRequest {
   optional int64 if_metageneration_not_match = 5;
 
   // Apply a predefined set of access controls to this object.
-  PredefinedObjectAcl predefined_acl = 6;
+  // Valid values are "authenticatedRead", "bucketOwnerFullControl",
+  // "bucketOwnerRead", "private", "projectPrivate", or "publicRead".
+  string predefined_acl = 10;
 
   // List of fields to be updated.
   //
@@ -1444,26 +1460,12 @@ message Bucket {
       google.protobuf.Timestamp lock_time = 2;
     }
 
-    // Public Access Prevention config values.
-    enum PublicAccessPrevention {
-      // No specified PublicAccessPrevention.
-      PUBLIC_ACCESS_PREVENTION_UNSPECIFIED = 0;
-
-      // Prevents access from being granted to public members 'allUsers' and
-      // 'allAuthenticatedUsers'. Prevents attempts to grant new access to
-      // public members.
-      ENFORCED = 1;
-
-      // This setting is inherited from Org Policy. Does not prevent access from
-      // being granted to public members 'allUsers' or 'allAuthenticatedUsers'.
-      INHERITED = 2;
-    }
-
     // Bucket restriction options currently enforced on the bucket.
     UniformBucketLevelAccess uniform_bucket_level_access = 1;
 
-    // Whether IAM will enforce public access prevention.
-    PublicAccessPrevention public_access_prevention = 2;
+    // Whether IAM will enforce public access prevention. Valid values are
+    // "enforced" or "inherited".
+    string public_access_prevention = 3;
   }
 
   // Lifecycle properties of a bucket.
@@ -1531,6 +1533,14 @@ message Bucket {
         // version satisfies this condition only if it became noncurrent before
         // the specified date in UTC.
         google.type.Date noncurrent_time_before = 10;
+
+        // List of object name prefixes. If any prefix exactly matches the
+        // beginning of the object name, the condition evaluates to true.
+        repeated string matches_prefix = 11;
+
+        // List of object name suffixes. If any suffix exactly matches the
+        // end of the object name, the condition evaluates to true.
+        repeated string matches_suffix = 12;
       }
 
       // The action to take.
@@ -1597,11 +1607,16 @@ message Bucket {
     string not_found_page = 2;
   }
 
-  // Configuration for Custom Dual Regions.  It should specify precisely two
-  // eligible regions within the same Multiregion.
-  message CustomPlacementConfig {
-    // List of locations to use for data placement.
-    repeated string data_locations = 1;
+  // Configuration for a bucket's Autoclass feature.
+  message Autoclass {
+    // Enables Autoclass.
+    bool enabled = 1;
+
+    // Output only. Latest instant at which the `enabled` field was set to true after being
+    // disabled/unconfigured or set to false after being enabled. If Autoclass
+    // is enabled when the bucket is created, the toggle_time is set to the
+    // bucket creation time.
+    google.protobuf.Timestamp toggle_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
   }
 
   // Immutable. The name of the bucket.
@@ -1738,9 +1753,9 @@ message Bucket {
   // Reserved for future use.
   bool satisfies_pzs = 25;
 
-  // Configuration that, if present, specifies the data placement for a Custom
-  // Dual Region.
-  CustomPlacementConfig custom_placement_config = 26;
+  // The bucket's Autoclass configuration. If there is no configuration, the
+  // Autoclass feature will be disabled and have no effect on the bucket.
+  Autoclass autoclass = 28;
 }
 
 // An access-control entry.
@@ -2121,57 +2136,3 @@ message ContentRange {
   // The complete length of the object data.
   int64 complete_length = 3;
 }
-
-// Predefined or "canned" aliases for sets of specific object ACL entries.
-enum PredefinedObjectAcl {
-  // No predefined ACL.
-  PREDEFINED_OBJECT_ACL_UNSPECIFIED = 0;
-
-  // Object owner gets `OWNER` access, and
-  // `allAuthenticatedUsers` get `READER` access.
-  OBJECT_ACL_AUTHENTICATED_READ = 1;
-
-  // Object owner gets `OWNER` access, and project team owners get
-  // `OWNER` access.
-  OBJECT_ACL_BUCKET_OWNER_FULL_CONTROL = 2;
-
-  // Object owner gets `OWNER` access, and project team owners get
-  // `READER` access.
-  OBJECT_ACL_BUCKET_OWNER_READ = 3;
-
-  // Object owner gets `OWNER` access.
-  OBJECT_ACL_PRIVATE = 4;
-
-  // Object owner gets `OWNER` access, and project team members get
-  // access according to their roles.
-  OBJECT_ACL_PROJECT_PRIVATE = 5;
-
-  // Object owner gets `OWNER` access, and `allUsers`
-  // get `READER` access.
-  OBJECT_ACL_PUBLIC_READ = 6;
-}
-
-// A set of predefined, or "canned," ACLs that can be set on a
-// bucket instead of manually specifying a complete ACL.
-enum PredefinedBucketAcl {
-  // No predefined ACL.
-  PREDEFINED_BUCKET_ACL_UNSPECIFIED = 0;
-
-  // Project team owners get `OWNER` access, and
-  // `allAuthenticatedUsers` get `READER` access.
-  BUCKET_ACL_AUTHENTICATED_READ = 1;
-
-  // Project team owners get `OWNER` access.
-  BUCKET_ACL_PRIVATE = 2;
-
-  // Project team members get access according to their roles.
-  BUCKET_ACL_PROJECT_PRIVATE = 3;
-
-  // Project team owners get `OWNER` access, and
-  // `allUsers` get `READER` access.
-  BUCKET_ACL_PUBLIC_READ = 4;
-
-  // Project team owners get `OWNER` access, and
-  // `allUsers` get `WRITER` access.
-  BUCKET_ACL_PUBLIC_READ_WRITE = 5;
-}
