Google Git
Sign in
code / google-api-go-client / refs/tags/v0.30.0 / . / servicecontrol / v2 / servicecontrol-api.json
blob: ddb54efe1ece1481d54b6e0d317c2bb20b0fbac8 [file] [log] [blame]
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
},
"https://www.googleapis.com/auth/servicecontrol": {
"description": "Manage your Google Service Control data"
}
}
}
},
"basePath": "",
"baseUrl": "https://servicecontrol.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Service Control",
"description": "Provides control plane functionality to managed services, such as logging, monitoring, and status checks.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/service-control/",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "servicecontrol:v2",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://servicecontrol.mtls.googleapis.com/",
"name": "servicecontrol",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"services": {
"methods": {
"check": {
"description": "Private Preview. This feature is only available for approved services.\n\nThis method provides admission control for services that are integrated\nwith [Service Infrastructure](/service-infrastructure). It checks whether\nan operation should be allowed based on the service configuration and\nrelevant policies. It must be called before the operation is executed.\nFor more information, see\n[Admission Control](/service-infrastructure/docs/admission-control).\n\nNOTE: The admission control has an expected policy propagation delay of\n60s. The caller **must** not depend on the most recent policy changes.\n\nNOTE: The admission control has a hard limit of 1 referenced resources\nper call. If an operation refers to more than 1 resources, the caller\nmust call the Check method multiple times.\n\nThis method requires the `servicemanagement.services.check` permission\non the specified service. For more information, see\n[Service Control API Access\nControl](https://cloud.google.com/service-infrastructure/docs/service-control/access-control).",
"flatPath": "v2/services/{serviceName}:check",
"httpMethod": "POST",
"id": "servicecontrol.services.check",
"parameterOrder": [
"serviceName"
],
"parameters": {
"serviceName": {
"description": "The service name as specified in its service configuration. For example,\n`\"pubsub.googleapis.com\"`.\n\nSee\n[google.api.Service](https://cloud.google.com/service-management/reference/rpc/google.api#google.api.Service)\nfor the definition of a service name.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v2/services/{serviceName}:check",
"request": {
"$ref": "CheckRequest"
},
"response": {
"$ref": "CheckResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/servicecontrol"
]
},
"report": {
"description": "Private Preview. This feature is only available for approved services.\n\nThis method provides telemetry reporting for services that are integrated\nwith [Service Infrastructure](/service-infrastructure). It reports a list\nof operations that have occurred on a service. It must be called after the\noperations have been executed. For more information, see\n[Telemetry Reporting](/service-infrastructure/docs/telemetry-reporting).\n\nNOTE: The telemetry reporting has a hard limit of 1000 operations and 1MB\nper Report call. It is recommended to have no more than 100 operations per\ncall.\n\nThis method requires the `servicemanagement.services.report` permission\non the specified service. For more information, see\n[Service Control API Access\nControl](https://cloud.google.com/service-infrastructure/docs/service-control/access-control).",
"flatPath": "v2/services/{serviceName}:report",
"httpMethod": "POST",
"id": "servicecontrol.services.report",
"parameterOrder": [
"serviceName"
],
"parameters": {
"serviceName": {
"description": "The service name as specified in its service configuration. For example,\n`\"pubsub.googleapis.com\"`.\n\nSee\n[google.api.Service](https://cloud.google.com/service-management/reference/rpc/google.api#google.api.Service)\nfor the definition of a service name.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v2/services/{serviceName}:report",
"request": {
"$ref": "ReportRequest"
},
"response": {
"$ref": "ReportResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/servicecontrol"
]
}
}
}
},
"revision": "20200727",
"rootUrl": "https://servicecontrol.googleapis.com/",
"schemas": {
"Api": {
"description": "This message defines attributes associated with API operations, such as\na network API request. The terminology is based on the conventions used\nby Google APIs, Istio, and OpenAPI.",
"id": "Api",
"properties": {
"operation": {
"description": "The API operation name. For gRPC requests, it is the fully qualified API\nmethod name, such as \"google.pubsub.v1.Publisher.Publish\". For OpenAPI\nrequests, it is the `operationId`, such as \"getPet\".",
"type": "string"
},
"protocol": {
"description": "The API protocol used for sending the request, such as \"http\", \"https\",\n\"grpc\", or \"internal\".",
"type": "string"
},
"service": {
"description": "The API service name. It is a logical identifier for a networked API,\nsuch as \"pubsub.googleapis.com\". The naming syntax depends on the\nAPI management system being used for handling the request.",
"type": "string"
},
"version": {
"description": "The API version associated with the API operation above, such as \"v1\" or\n\"v1alpha1\".",
"type": "string"
}
},
"type": "object"
},
"AttributeContext": {
"description": "This message defines the standard attribute vocabulary for Google APIs.\n\nAn attribute is a piece of metadata that describes an activity on a network\nservice. For example, the size of an HTTP request, or the status code of\nan HTTP response.\n\nEach attribute has a type and a name, which is logically defined as\na proto message field in `AttributeContext`. The field type becomes the\nattribute type, and the field path becomes the attribute name. For example,\nthe attribute `source.ip` maps to field `AttributeContext.source.ip`.\n\nThis message definition is guaranteed not to have any wire breaking change.\nSo you can use it directly for passing attributes across different systems.\n\nNOTE: Different system may generate different subset of attributes. Please\nverify the system specification before relying on an attribute generated\na system.",
"id": "AttributeContext",
"properties": {
"api": {
"$ref": "Api",
"description": "Represents an API operation that is involved to a network activity."
},
"destination": {
"$ref": "Peer",
"description": "The destination of a network activity, such as accepting a TCP connection.\nIn a multi hop network activity, the destination represents the receiver of\nthe last hop."
},
"extensions": {
"description": "Supports extensions for advanced use cases, such as logs and metrics.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"origin": {
"$ref": "Peer",
"description": "The origin of a network activity. In a multi hop network activity,\nthe origin represents the sender of the first hop. For the first hop,\nthe `source` and the `origin` must have the same content."
},
"request": {
"$ref": "Request",
"description": "Represents a network request, such as an HTTP request."
},
"resource": {
"$ref": "Resource",
"description": "Represents a target resource that is involved with a network activity.\nIf multiple resources are involved with an activity, this must be the\nprimary one."
},
"response": {
"$ref": "Response",
"description": "Represents a network response, such as an HTTP response."
},
"source": {
"$ref": "Peer",
"description": "The source of a network activity, such as starting a TCP connection.\nIn a multi hop network activity, the source represents the sender of the\nlast hop."
}
},
"type": "object"
},
"AuditLog": {
"description": "Common audit log format for Google Cloud Platform API operations.\n\n\n",
"id": "AuditLog",
"properties": {
"authenticationInfo": {
"$ref": "AuthenticationInfo",
"description": "Authentication information."
},
"authorizationInfo": {
"description": "Authorization information. If there are multiple\nresources or permissions involved, then there is\none AuthorizationInfo element for each {resource, permission} tuple.",
"items": {
"$ref": "AuthorizationInfo"
},
"type": "array"
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Other service-specific data about the request, response, and other\ninformation associated with the current audited event.",
"type": "object"
},
"methodName": {
"description": "The name of the service method or operation.\nFor API calls, this should be the name of the API method.\nFor example,\n\n \"google.cloud.bigquery.v2.TableService.InsertTable\"\n \"google.logging.v2.ConfigServiceV2.CreateSink\"",
"type": "string"
},
"numResponseItems": {
"description": "The number of items returned from a List or Query API method,\nif applicable.",
"format": "int64",
"type": "string"
},
"request": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "The operation request. This may not include all request parameters,\nsuch as those that are too large, privacy-sensitive, or duplicated\nelsewhere in the log record.\nIt should never include user-generated data, such as file contents.\nWhen the JSON object represented here has a proto equivalent, the proto\nname will be indicated in the `@type` property.",
"type": "object"
},
"requestMetadata": {
"$ref": "RequestMetadata",
"description": "Metadata about the operation."
},
"resourceLocation": {
"$ref": "ResourceLocation",
"description": "The resource location information."
},
"resourceName": {
"description": "The resource or collection that is the target of the operation.\nThe name is a scheme-less URI, not including the API service name.\nFor example:\n\n \"projects/PROJECT_ID/zones/us-central1-a/instances\"\n \"projects/PROJECT_ID/datasets/DATASET_ID\"",
"type": "string"
},
"resourceOriginalState": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "The resource's original state before mutation. Present only for\noperations which have successfully modified the targeted resource(s).\nIn general, this field should contain all changed fields, except those\nthat are already been included in `request`, `response`, `metadata` or\n`service_data` fields.\nWhen the JSON object represented here has a proto equivalent,\nthe proto name will be indicated in the `@type` property.",
"type": "object"
},
"response": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "The operation response. This may not include all response elements,\nsuch as those that are too large, privacy-sensitive, or duplicated\nelsewhere in the log record.\nIt should never include user-generated data, such as file contents.\nWhen the JSON object represented here has a proto equivalent, the proto\nname will be indicated in the `@type` property.",
"type": "object"
},
"serviceData": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Deprecated. Use the `metadata` field instead.\nOther service-specific data about the request, response, and other\nactivities.",
"type": "object"
},
"serviceName": {
"description": "The name of the API service performing the operation. For example,\n`\"compute.googleapis.com\"`.",
"type": "string"
},
"status": {
"$ref": "Status",
"description": "The status of the overall operation."
}
},
"type": "object"
},
"Auth": {
"description": "This message defines request authentication attributes. Terminology is\nbased on the JSON Web Token (JWT) standard, but the terms also\ncorrelate to concepts in other standards.",
"id": "Auth",
"properties": {
"accessLevels": {
"description": "A list of access level resource names that allow resources to be\naccessed by authenticated requester. It is part of Secure GCP processing\nfor the incoming request. An access level string has the format:\n\"//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}\"\n\nExample:\n\"//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL\"",
"items": {
"type": "string"
},
"type": "array"
},
"audiences": {
"description": "The intended audience(s) for this authentication information. Reflects\nthe audience (`aud`) claim within a JWT. The audience\nvalue(s) depends on the `issuer`, but typically include one or more of\nthe following pieces of information:\n\n* The services intended to receive the credential. For example,\n [\"https://pubsub.googleapis.com/\", \"https://storage.googleapis.com/\"].\n* A set of service-based scopes. For example,\n [\"https://www.googleapis.com/auth/cloud-platform\"].\n* The client id of an app, such as the Firebase project id for JWTs\n from Firebase Auth.\n\nConsult the documentation for the credential issuer to determine the\ninformation provided.",
"items": {
"type": "string"
},
"type": "array"
},
"claims": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Structured claims presented with the credential. JWTs include\n`{key: value}` pairs for standard and private claims. The following\nis a subset of the standard required and optional claims that would\ntypically be presented for a Google-based JWT:\n\n {'iss': 'accounts.google.com',\n 'sub': '113289723416554971153',\n 'aud': ['123456789012', 'pubsub.googleapis.com'],\n 'azp': '123456789012.apps.googleusercontent.com',\n 'email': 'jsmith@example.com',\n 'iat': 1353601026,\n 'exp': 1353604926}\n\nSAML assertions are similarly specified, but with an identity provider\ndependent structure.",
"type": "object"
},
"presenter": {
"description": "The authorized presenter of the credential. Reflects the optional\nAuthorized Presenter (`azp`) claim within a JWT or the\nOAuth client id. For example, a Google Cloud Platform client id looks\nas follows: \"123456789012.apps.googleusercontent.com\".",
"type": "string"
},
"principal": {
"description": "The authenticated principal. Reflects the issuer (`iss`) and subject\n(`sub`) claims within a JWT. The issuer and subject should be `/`\ndelimited, with `/` percent-encoded within the subject fragment. For\nGoogle accounts, the principal format is:\n\"https://accounts.google.com/{id}\"",
"type": "string"
}
},
"type": "object"
},
"AuthenticationInfo": {
"description": "Authentication information for the operation.",
"id": "AuthenticationInfo",
"properties": {
"authoritySelector": {
"description": "The authority selector specified by the requestor, if any.\nIt is not guaranteed that the principal was allowed to use this authority.",
"type": "string"
},
"principalEmail": {
"description": "The email address of the authenticated user (or service account on behalf\nof third party principal) making the request. For privacy reasons, the\nprincipal email address is redacted for all read-only operations that fail\nwith a \"permission denied\" error.",
"type": "string"
},
"principalSubject": {
"description": "String representation of identity of requesting party.\nPopulated for both first and third party identities.",
"type": "string"
},
"serviceAccountDelegationInfo": {
"description": "Identity delegation history of an authenticated service account that makes\nthe request. It contains information on the real authorities that try to\naccess GCP resources by delegating on a service account. When multiple\nauthorities present, they are guaranteed to be sorted based on the original\nordering of the identity delegation events.",
"items": {
"$ref": "ServiceAccountDelegationInfo"
},
"type": "array"
},
"serviceAccountKeyName": {
"description": "The name of the service account key used to create or exchange\ncredentials for authenticating the service account making the request.\nThis is a scheme-less URI full resource name. For example:\n\n\"//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}\"",
"type": "string"
},
"thirdPartyPrincipal": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "The third party identification (if any) of the authenticated user making\nthe request.\nWhen the JSON object represented here has a proto equivalent, the proto\nname will be indicated in the `@type` property.",
"type": "object"
}
},
"type": "object"
},
"AuthorizationInfo": {
"description": "Authorization information for the operation.",
"id": "AuthorizationInfo",
"properties": {
"granted": {
"description": "Whether or not authorization for `resource` and `permission`\nwas granted.",
"type": "boolean"
},
"permission": {
"description": "The required IAM permission.",
"type": "string"
},
"resource": {
"description": "The resource being accessed, as a REST-style string. For example:\n\n bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID",
"type": "string"
},
"resourceAttributes": {
"$ref": "Resource",
"description": "Resource attributes used in IAM condition evaluation. This field contains\nresource attributes like resource type and resource name.\n\nTo get the whole view of the attributes used in IAM\ncondition evaluation, the user must also look into\n`AuditLog.request_metadata.request_attributes`."
}
},
"type": "object"
},
"CheckRequest": {
"description": "Request message for the Check method.",
"id": "CheckRequest",
"properties": {
"attributes": {
"$ref": "AttributeContext",
"description": "Describes attributes about the operation being executed by the service."
},
"resources": {
"description": "Describes the resources and the policies applied to each resource.",
"items": {
"$ref": "ResourceInfo"
},
"type": "array"
},
"serviceConfigId": {
"description": "Specifies the version of the service configuration that should be used to\nprocess the request. Must not be empty. Set this field to 'latest' to\nspecify using the latest configuration.",
"type": "string"
}
},
"type": "object"
},
"CheckResponse": {
"description": "Response message for the Check method.",
"id": "CheckResponse",
"properties": {
"headers": {
"additionalProperties": {
"type": "string"
},
"description": "Returns a set of request contexts generated from the `CheckRequest`.",
"type": "object"
},
"status": {
"$ref": "Status",
"description": "An 'OK' status allows the operation. Any other status indicates a denial;\n[google.rpc.Status.details]() would contain additional details about the\ndenial."
}
},
"type": "object"
},
"FirstPartyPrincipal": {
"description": "First party identity principal.",
"id": "FirstPartyPrincipal",
"properties": {
"principalEmail": {
"description": "The email address of a Google account.\n.",
"type": "string"
},
"serviceMetadata": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Metadata about the service that uses the service account.\n.",
"type": "object"
}
},
"type": "object"
},
"Peer": {
"description": "This message defines attributes for a node that handles a network request.\nThe node can be either a service or an application that sends, forwards,\nor receives the request. Service peers should fill in\n`principal` and `labels` as appropriate.",
"id": "Peer",
"properties": {
"ip": {
"description": "The IP address of the peer.",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "The labels associated with the peer.",
"type": "object"
},
"port": {
"description": "The network port of the peer.",
"format": "int64",
"type": "string"
},
"principal": {
"description": "The identity of this peer. Similar to `Request.auth.principal`, but\nrelative to the peer instead of the request. For example, the\nidenity associated with a load balancer that forwared the request.",
"type": "string"
},
"regionCode": {
"description": "The CLDR country/region code associated with the above IP address.\nIf the IP address is private, the `region_code` should reflect the\nphysical location where this peer is running.",
"type": "string"
}
},
"type": "object"
},
"ReportRequest": {
"description": "Request message for the Report method.",
"id": "ReportRequest",
"properties": {
"operations": {
"description": "Describes the list of operations to be reported. Each operation is\nrepresented as an AttributeContext, and contains all attributes around an\nAPI access.",
"items": {
"$ref": "AttributeContext"
},
"type": "array"
},
"serviceConfigId": {
"description": "Specifies the version of the service configuration that should be used to\nprocess the request. Must not be empty. Set this field to 'latest' to\nspecify using the latest configuration.",
"type": "string"
}
},
"type": "object"
},
"ReportResponse": {
"description": "Response message for the Report method.\nIf the request contains any invalid data, the server returns an RPC error.",
"id": "ReportResponse",
"properties": {},
"type": "object"
},
"Request": {
"description": "This message defines attributes for an HTTP request. If the actual\nrequest is not an HTTP request, the runtime system should try to map\nthe actual request to an equivalent HTTP request.",
"id": "Request",
"properties": {
"auth": {
"$ref": "Auth",
"description": "The request authentication. May be absent for unauthenticated requests.\nDerived from the HTTP request `Authorization` header or equivalent."
},
"headers": {
"additionalProperties": {
"type": "string"
},
"description": "The HTTP request headers. If multiple headers share the same key, they\nmust be merged according to the HTTP spec. All header keys must be\nlowercased, because HTTP header keys are case-insensitive.",
"type": "object"
},
"host": {
"description": "The HTTP request `Host` header value.",
"type": "string"
},
"id": {
"description": "The unique ID for a request, which can be propagated to downstream\nsystems. The ID should have low probability of collision\nwithin a single day for a specific service.",
"type": "string"
},
"method": {
"description": "The HTTP request method, such as `GET`, `POST`.",
"type": "string"
},
"path": {
"description": "The HTTP URL path.",
"type": "string"
},
"protocol": {
"description": "The network protocol used with the request, such as \"http/1.1\",\n\"spdy/3\", \"h2\", \"h2c\", \"webrtc\", \"tcp\", \"udp\", \"quic\". See\nhttps://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids\nfor details.",
"type": "string"
},
"query": {
"description": "The HTTP URL query in the format of `name1=value1\u0026name2=value2`, as it\nappears in the first line of the HTTP request. No decoding is performed.",
"type": "string"
},
"reason": {
"description": "A special parameter for request reason. It is used by security systems\nto associate auditing information with a request.",
"type": "string"
},
"scheme": {
"description": "The HTTP URL scheme, such as `http` and `https`.",
"type": "string"
},
"size": {
"description": "The HTTP request size in bytes. If unknown, it must be -1.",
"format": "int64",
"type": "string"
},
"time": {
"description": "The timestamp when the `destination` service receives the first byte of\nthe request.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"RequestMetadata": {
"description": "Metadata about the request.",
"id": "RequestMetadata",
"properties": {
"callerIp": {
"description": "The IP address of the caller.\nFor caller from internet, this will be public IPv4 or IPv6 address.\nFor caller from a Compute Engine VM with external IP address, this\nwill be the VM's external IP address. For caller from a Compute\nEngine VM without external IP address, if the VM is in the same\norganization (or project) as the accessed resource, `caller_ip` will\nbe the VM's internal IPv4 address, otherwise the `caller_ip` will be\nredacted to \"gce-internal-ip\".\nSee https://cloud.google.com/compute/docs/vpc/ for more information.",
"type": "string"
},
"callerNetwork": {
"description": "The network of the caller.\nSet only if the network host project is part of the same GCP organization\n(or project) as the accessed resource.\nSee https://cloud.google.com/compute/docs/vpc/ for more information.\nThis is a scheme-less URI full resource name. For example:\n\n \"//compute.googleapis.com/projects/PROJECT_ID/global/networks/NETWORK_ID\"",
"type": "string"
},
"callerSuppliedUserAgent": {
"description": "The user agent of the caller.\nThis information is not authenticated and should be treated accordingly.\nFor example:\n\n+ `google-api-python-client/1.4.0`:\n The request was made by the Google API client for Python.\n+ `Cloud SDK Command Line Tool apitools-client/1.0 gcloud/0.9.62`:\n The request was made by the Google Cloud SDK CLI (gcloud).\n+ `AppEngine-Google; (+http://code.google.com/appengine; appid:\ns~my-project`:\n The request was made from the `my-project` App Engine app.\nNOLINT",
"type": "string"
},
"destinationAttributes": {
"$ref": "Peer",
"description": "The destination of a network activity, such as accepting a TCP connection.\nIn a multi hop network activity, the destination represents the receiver of\nthe last hop. Only two fields are used in this message, Peer.port and\nPeer.ip. These fields are optionally populated by those services utilizing\nthe IAM condition feature."
},
"requestAttributes": {
"$ref": "Request",
"description": "Request attributes used in IAM condition evaluation. This field contains\nrequest attributes like request time and access levels associated with\nthe request.\n\n\nTo get the whole view of the attributes used in IAM\ncondition evaluation, the user must also look into\n`AuditLog.authentication_info.resource_attributes`."
}
},
"type": "object"
},
"Resource": {
"description": "This message defines core attributes for a resource. A resource is an\naddressable (named) entity provided by the destination service. For\nexample, a file stored on a network storage service.",
"id": "Resource",
"properties": {
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "The labels or tags on the resource, such as AWS resource tags and\nKubernetes resource labels.",
"type": "object"
},
"name": {
"description": "The stable identifier (name) of a resource on the `service`. A resource\ncan be logically identified as \"//{resource.service}/{resource.name}\".\nThe differences between a resource name and a URI are:\n\n* Resource name is a logical identifier, independent of network\n protocol and API version. For example,\n `//pubsub.googleapis.com/projects/123/topics/news-feed`.\n* URI often includes protocol and version information, so it can\n be used directly by applications. For example,\n `https://pubsub.googleapis.com/v1/projects/123/topics/news-feed`.\n\nSee https://cloud.google.com/apis/design/resource_names for details.",
"type": "string"
},
"service": {
"description": "The name of the service that this resource belongs to, such as\n`pubsub.googleapis.com`. The service may be different from the DNS\nhostname that actually serves the request.",
"type": "string"
},
"type": {
"description": "The type of the resource. The syntax is platform-specific because\ndifferent platforms define their resources differently.\n\nFor Google APIs, the type format must be \"{service}/{kind}\".",
"type": "string"
}
},
"type": "object"
},
"ResourceInfo": {
"description": "Describes a resource referenced in the request.",
"id": "ResourceInfo",
"properties": {
"name": {
"description": "The name of the resource referenced in the request.",
"type": "string"
},
"permission": {
"description": "The resource permission needed for this request.\nThe format must be \"{service}/{plural}.{verb}\".",
"type": "string"
},
"type": {
"description": "The resource type in the format of \"{service}/{kind}\".",
"type": "string"
}
},
"type": "object"
},
"ResourceLocation": {
"description": "Location information about a resource.",
"id": "ResourceLocation",
"properties": {
"currentLocations": {
"description": "The locations of a resource after the execution of the operation.\nRequests to create or delete a location based resource must populate\nthe 'current_locations' field and not the 'original_locations' field.\nFor example:\n\n \"europe-west1-a\"\n \"us-east1\"\n \"nam3\"",
"items": {
"type": "string"
},
"type": "array"
},
"originalLocations": {
"description": "The locations of a resource prior to the execution of the operation.\nRequests that mutate the resource's location must populate both the\n'original_locations' as well as the 'current_locations' fields.\nFor example:\n\n \"europe-west1-a\"\n \"us-east1\"\n \"nam3\"",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"Response": {
"description": "This message defines attributes for a typical network response. It\ngenerally models semantics of an HTTP response.",
"id": "Response",
"properties": {
"code": {
"description": "The HTTP response status code, such as `200` and `404`.",
"format": "int64",
"type": "string"
},
"headers": {
"additionalProperties": {
"type": "string"
},
"description": "The HTTP response headers. If multiple headers share the same key, they\nmust be merged according to HTTP spec. All header keys must be\nlowercased, because HTTP header keys are case-insensitive.",
"type": "object"
},
"size": {
"description": "The HTTP response size in bytes. If unknown, it must be -1.",
"format": "int64",
"type": "string"
},
"time": {
"description": "The timestamp when the `destination` service generates the first byte of\nthe response.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"ServiceAccountDelegationInfo": {
"description": "Identity delegation history of an authenticated service account.",
"id": "ServiceAccountDelegationInfo",
"properties": {
"firstPartyPrincipal": {
"$ref": "FirstPartyPrincipal",
"description": "First party (Google) identity as the real authority."
},
"thirdPartyPrincipal": {
"$ref": "ThirdPartyPrincipal",
"description": "Third party identity as the real authority."
}
},
"type": "object"
},
"SpanContext": {
"description": "The context of a span, attached to\nExemplars\nin Distribution values during aggregation.\n\nIt contains the name of a span with format:\n\n projects/[PROJECT_ID_OR_NUMBER]/traces/[TRACE_ID]/spans/[SPAN_ID]",
"id": "SpanContext",
"properties": {
"spanName": {
"description": "The resource name of the span. The format is:\n\n projects/[PROJECT_ID_OR_NUMBER]/traces/[TRACE_ID]/spans/[SPAN_ID]\n\n`[TRACE_ID]` is a unique identifier for a trace within a project;\nit is a 32-character hexadecimal encoding of a 16-byte array.\n\n`[SPAN_ID]` is a unique identifier for a span within a trace; it\nis a 16-character hexadecimal encoding of an 8-byte array.",
"type": "string"
}
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
},
"ThirdPartyPrincipal": {
"description": "Third party identity principal.",
"id": "ThirdPartyPrincipal",
"properties": {
"thirdPartyClaims": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Metadata about third party identity.",
"type": "object"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Service Control API",
"version": "v2",
"version_module": true
}