suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
googleapis/google/logging/v2/logging_config.proto

1568 lines
58 KiB
Protocol Buffer
Raw Blame History

// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.logging.v2;
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
import "google/api/annotations.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Logging.V2";
option go_package = "google.golang.org/genproto/googleapis/logging/v2;logging";
option java_multiple_files = true;
option java_outer_classname = "LoggingConfigProto";
option java_package = "com.google.logging.v2";
option php_namespace = "Google\\Cloud\\Logging\\V2";
option ruby_package = "Google::Cloud::Logging::V2";
option (google.api.resource_definition) = {
type: "logging.googleapis.com/OrganizationLocation"
pattern: "organizations/{organization}/locations/{location}"
};
option (google.api.resource_definition) = {
type: "logging.googleapis.com/FolderLocation"
pattern: "folders/{folder}/locations/{location}"
};
option (google.api.resource_definition) = {
type: "logging.googleapis.com/BillingAccountLocation"
pattern: "billingAccounts/{billing_account}/locations/{location}"
};
// Service for configuring sinks used to route log entries.
service ConfigServiceV2 {
option (google.api.default_host) = "logging.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform,"
"https://www.googleapis.com/auth/cloud-platform.read-only,"
"https://www.googleapis.com/auth/logging.admin,"
"https://www.googleapis.com/auth/logging.read";
// Lists buckets.
rpc ListBuckets(ListBucketsRequest) returns (ListBucketsResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*/locations/*}/buckets"
additional_bindings {
get: "/v2/{parent=projects/*/locations/*}/buckets"
}
additional_bindings {
get: "/v2/{parent=organizations/*/locations/*}/buckets"
}
additional_bindings {
get: "/v2/{parent=folders/*/locations/*}/buckets"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*/locations/*}/buckets"
}
};
option (google.api.method_signature) = "parent";
}
// Gets a bucket.
rpc GetBucket(GetBucketRequest) returns (LogBucket) {
option (google.api.http) = {
get: "/v2/{name=*/*/locations/*/buckets/*}"
additional_bindings {
get: "/v2/{name=projects/*/locations/*/buckets/*}"
}
additional_bindings {
get: "/v2/{name=organizations/*/locations/*/buckets/*}"
}
additional_bindings {
get: "/v2/{name=folders/*/locations/*/buckets/*}"
}
additional_bindings {
get: "/v2/{name=billingAccounts/*/buckets/*}"
}
};
}
// Creates a bucket that can be used to store log entries. Once a bucket has
// been created, the region cannot be changed.
rpc CreateBucket(CreateBucketRequest) returns (LogBucket) {
option (google.api.http) = {
post: "/v2/{parent=*/*/locations/*}/buckets"
body: "bucket"
additional_bindings {
post: "/v2/{parent=projects/*/locations/*}/buckets"
body: "bucket"
}
additional_bindings {
post: "/v2/{parent=organizations/*/locations/*}/buckets"
body: "bucket"
}
additional_bindings {
post: "/v2/{parent=folders/*/locations/*}/buckets"
body: "bucket"
}
additional_bindings {
post: "/v2/{parent=billingAccounts/*/locations/*}/buckets"
body: "bucket"
}
};
}
// Updates a bucket. This method replaces the following fields in the
// existing bucket with values from the new bucket: `retention_period`
//
// If the retention period is decreased and the bucket is locked,
// FAILED_PRECONDITION will be returned.
//
// If the bucket has a LifecycleState of DELETE_REQUESTED, FAILED_PRECONDITION
// will be returned.
//
// A buckets region may not be modified after it is created.
rpc UpdateBucket(UpdateBucketRequest) returns (LogBucket) {
option (google.api.http) = {
patch: "/v2/{name=*/*/locations/*/buckets/*}"
body: "bucket"
additional_bindings {
patch: "/v2/{name=projects/*/locations/*/buckets/*}"
body: "bucket"
}
additional_bindings {
patch: "/v2/{name=organizations/*/locations/*/buckets/*}"
body: "bucket"
}
additional_bindings {
patch: "/v2/{name=folders/*/locations/*/buckets/*}"
body: "bucket"
}
additional_bindings {
patch: "/v2/{name=billingAccounts/*/locations/*/buckets/*}"
body: "bucket"
}
};
}
// Deletes a bucket.
// Moves the bucket to the DELETE_REQUESTED state. After 7 days, the
// bucket will be purged and all logs in the bucket will be permanently
// deleted.
rpc DeleteBucket(DeleteBucketRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v2/{name=*/*/locations/*/buckets/*}"
additional_bindings {
delete: "/v2/{name=projects/*/locations/*/buckets/*}"
}
additional_bindings {
delete: "/v2/{name=organizations/*/locations/*/buckets/*}"
}
additional_bindings {
delete: "/v2/{name=folders/*/locations/*/buckets/*}"
}
additional_bindings {
delete: "/v2/{name=billingAccounts/*/locations/*/buckets/*}"
}
};
}
// Undeletes a bucket. A bucket that has been deleted may be undeleted within
// the grace period of 7 days.
rpc UndeleteBucket(UndeleteBucketRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/v2/{name=*/*/locations/*/buckets/*}:undelete"
body: "*"
additional_bindings {
post: "/v2/{name=projects/*/locations/*/buckets/*}:undelete"
body: "*"
}
additional_bindings {
post: "/v2/{name=organizations/*/locations/*/buckets/*}:undelete"
body: "*"
}
additional_bindings {
post: "/v2/{name=folders/*/locations/*/buckets/*}:undelete"
body: "*"
}
additional_bindings {
post: "/v2/{name=billingAccounts/*/locations/*/buckets/*}:undelete"
body: "*"
}
};
}
// Lists views on a bucket.
rpc ListViews(ListViewsRequest) returns (ListViewsResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*/locations/*/buckets/*}/views"
additional_bindings {
get: "/v2/{parent=projects/*/locations/*/buckets/*}/views"
}
additional_bindings {
get: "/v2/{parent=organizations/*/locations/*/buckets/*}/views"
}
additional_bindings {
get: "/v2/{parent=folders/*/locations/*/buckets/*}/views"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*/locations/*/buckets/*}/views"
}
};
option (google.api.method_signature) = "parent";
}
// Gets a view.
rpc GetView(GetViewRequest) returns (LogView) {
option (google.api.http) = {
get: "/v2/{name=*/*/locations/*/buckets/*/views/*}"
additional_bindings {
get: "/v2/{name=projects/*/locations/*/buckets/*/views/*}"
}
additional_bindings {
get: "/v2/{name=organizations/*/locations/*/buckets/*/views/*}"
}
additional_bindings {
get: "/v2/{name=folders/*/locations/*/buckets/*/views/*}"
}
additional_bindings {
get: "/v2/{name=billingAccounts/*/buckets/*/views/*}"
}
};
}
// Creates a view over logs in a bucket. A bucket may contain a maximum of
// 50 views.
rpc CreateView(CreateViewRequest) returns (LogView) {
option (google.api.http) = {
post: "/v2/{parent=*/*/locations/*/buckets/*}/views"
body: "view"
additional_bindings {
post: "/v2/{parent=projects/*/locations/*/buckets/*}/views"
body: "view"
}
additional_bindings {
post: "/v2/{parent=organizations/*/locations/*/buckets/*}/views"
body: "view"
}
additional_bindings {
post: "/v2/{parent=folders/*/locations/*/buckets/*}/views"
body: "view"
}
additional_bindings {
post: "/v2/{parent=billingAccounts/*/locations/*/buckets/*}/views"
body: "view"
}
};
}
// Updates a view. This method replaces the following fields in the existing
// view with values from the new view: `filter`.
rpc UpdateView(UpdateViewRequest) returns (LogView) {
option (google.api.http) = {
patch: "/v2/{name=*/*/locations/*/buckets/*/views/*}"
body: "view"
additional_bindings {
patch: "/v2/{name=projects/*/locations/*/buckets/*/views/*}"
body: "view"
}
additional_bindings {
patch: "/v2/{name=organizations/*/locations/*/buckets/*/views/*}"
body: "view"
}
additional_bindings {
patch: "/v2/{name=folders/*/locations/*/buckets/*/views/*}"
body: "view"
}
additional_bindings {
patch: "/v2/{name=billingAccounts/*/locations/*/buckets/*/views/*}"
body: "view"
}
};
}
// Deletes a view from a bucket.
rpc DeleteView(DeleteViewRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v2/{name=*/*/locations/*/buckets/*/views/*}"
additional_bindings {
delete: "/v2/{name=projects/*/locations/*/buckets/*/views/*}"
}
additional_bindings {
delete: "/v2/{name=organizations/*/locations/*/buckets/*/views/*}"
}
additional_bindings {
delete: "/v2/{name=folders/*/locations/*/buckets/*/views/*}"
}
additional_bindings {
delete: "/v2/{name=billingAccounts/*/locations/*/buckets/*/views/*}"
}
};
}
// Lists sinks.
rpc ListSinks(ListSinksRequest) returns (ListSinksResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*}/sinks"
additional_bindings {
get: "/v2/{parent=projects/*}/sinks"
}
additional_bindings {
get: "/v2/{parent=organizations/*}/sinks"
}
additional_bindings {
get: "/v2/{parent=folders/*}/sinks"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*}/sinks"
}
};
option (google.api.method_signature) = "parent";
}
// Gets a sink.
rpc GetSink(GetSinkRequest) returns (LogSink) {
option (google.api.http) = {
get: "/v2/{sink_name=*/*/sinks/*}"
additional_bindings {
get: "/v2/{sink_name=projects/*/sinks/*}"
}
additional_bindings {
get: "/v2/{sink_name=organizations/*/sinks/*}"
}
additional_bindings {
get: "/v2/{sink_name=folders/*/sinks/*}"
}
additional_bindings {
get: "/v2/{sink_name=billingAccounts/*/sinks/*}"
}
};
option (google.api.method_signature) = "sink_name";
}
// Creates a sink that exports specified log entries to a destination. The
// export of newly-ingested log entries begins immediately, unless the sink's
// `writer_identity` is not permitted to write to the destination. A sink can
// export log entries only from the resource owning the sink.
rpc CreateSink(CreateSinkRequest) returns (LogSink) {
option (google.api.http) = {
post: "/v2/{parent=*/*}/sinks"
body: "sink"
additional_bindings {
post: "/v2/{parent=projects/*}/sinks"
body: "sink"
}
additional_bindings {
post: "/v2/{parent=organizations/*}/sinks"
body: "sink"
}
additional_bindings {
post: "/v2/{parent=folders/*}/sinks"
body: "sink"
}
additional_bindings {
post: "/v2/{parent=billingAccounts/*}/sinks"
body: "sink"
}
};
option (google.api.method_signature) = "parent,sink";
}
// Updates a sink. This method replaces the following fields in the existing
// sink with values from the new sink: `destination`, and `filter`.
//
// The updated sink might also have a new `writer_identity`; see the
// `unique_writer_identity` field.
rpc UpdateSink(UpdateSinkRequest) returns (LogSink) {
option (google.api.http) = {
put: "/v2/{sink_name=*/*/sinks/*}"
body: "sink"
additional_bindings {
put: "/v2/{sink_name=projects/*/sinks/*}"
body: "sink"
}
additional_bindings {
put: "/v2/{sink_name=organizations/*/sinks/*}"
body: "sink"
}
additional_bindings {
put: "/v2/{sink_name=folders/*/sinks/*}"
body: "sink"
}
additional_bindings {
put: "/v2/{sink_name=billingAccounts/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=projects/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=organizations/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=folders/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=billingAccounts/*/sinks/*}"
body: "sink"
}
};
option (google.api.method_signature) = "sink_name,sink,update_mask";
option (google.api.method_signature) = "sink_name,sink";
}
// Deletes a sink. If the sink has a unique `writer_identity`, then that
// service account is also deleted.
rpc DeleteSink(DeleteSinkRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v2/{sink_name=*/*/sinks/*}"
additional_bindings {
delete: "/v2/{sink_name=projects/*/sinks/*}"
}
additional_bindings {
delete: "/v2/{sink_name=organizations/*/sinks/*}"
}
additional_bindings {
delete: "/v2/{sink_name=folders/*/sinks/*}"
}
additional_bindings {
delete: "/v2/{sink_name=billingAccounts/*/sinks/*}"
}
};
option (google.api.method_signature) = "sink_name";
}
// Lists all the exclusions in a parent resource.
rpc ListExclusions(ListExclusionsRequest) returns (ListExclusionsResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*}/exclusions"
additional_bindings {
get: "/v2/{parent=projects/*}/exclusions"
}
additional_bindings {
get: "/v2/{parent=organizations/*}/exclusions"
}
additional_bindings {
get: "/v2/{parent=folders/*}/exclusions"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*}/exclusions"
}
};
option (google.api.method_signature) = "parent";
}
// Gets the description of an exclusion.
rpc GetExclusion(GetExclusionRequest) returns (LogExclusion) {
option (google.api.http) = {
get: "/v2/{name=*/*/exclusions/*}"
additional_bindings {
get: "/v2/{name=projects/*/exclusions/*}"
}
additional_bindings {
get: "/v2/{name=organizations/*/exclusions/*}"
}
additional_bindings {
get: "/v2/{name=folders/*/exclusions/*}"
}
additional_bindings {
get: "/v2/{name=billingAccounts/*/exclusions/*}"
}
};
option (google.api.method_signature) = "name";
}
// Creates a new exclusion in a specified parent resource.
// Only log entries belonging to that resource can be excluded.
// You can have up to 10 exclusions in a resource.
rpc CreateExclusion(CreateExclusionRequest) returns (LogExclusion) {
option (google.api.http) = {
post: "/v2/{parent=*/*}/exclusions"
body: "exclusion"
additional_bindings {
post: "/v2/{parent=projects/*}/exclusions"
body: "exclusion"
}
additional_bindings {
post: "/v2/{parent=organizations/*}/exclusions"
body: "exclusion"
}
additional_bindings {
post: "/v2/{parent=folders/*}/exclusions"
body: "exclusion"
}
additional_bindings {
post: "/v2/{parent=billingAccounts/*}/exclusions"
body: "exclusion"
}
};
option (google.api.method_signature) = "parent,exclusion";
}
// Changes one or more properties of an existing exclusion.
rpc UpdateExclusion(UpdateExclusionRequest) returns (LogExclusion) {
option (google.api.http) = {
patch: "/v2/{name=*/*/exclusions/*}"
body: "exclusion"
additional_bindings {
patch: "/v2/{name=projects/*/exclusions/*}"
body: "exclusion"
}
additional_bindings {
patch: "/v2/{name=organizations/*/exclusions/*}"
body: "exclusion"
}
additional_bindings {
patch: "/v2/{name=folders/*/exclusions/*}"
body: "exclusion"
}
additional_bindings {
patch: "/v2/{name=billingAccounts/*/exclusions/*}"
body: "exclusion"
}
};
option (google.api.method_signature) = "name,exclusion,update_mask";
}
// Deletes an exclusion.
rpc DeleteExclusion(DeleteExclusionRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v2/{name=*/*/exclusions/*}"
additional_bindings {
delete: "/v2/{name=projects/*/exclusions/*}"
}
additional_bindings {
delete: "/v2/{name=organizations/*/exclusions/*}"
}
additional_bindings {
delete: "/v2/{name=folders/*/exclusions/*}"
}
additional_bindings {
delete: "/v2/{name=billingAccounts/*/exclusions/*}"
}
};
option (google.api.method_signature) = "name";
}
// Gets the Logs Router CMEK settings for the given resource.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
rpc GetCmekSettings(GetCmekSettingsRequest) returns (CmekSettings) {
option (google.api.http) = {
get: "/v2/{name=*/*}/cmekSettings"
additional_bindings {
get: "/v2/{name=organizations/*}/cmekSettings"
}
};
}
// Updates the Logs Router CMEK settings for the given resource.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
//
// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings]
// will fail if 1) `kms_key_name` is invalid, or 2) the associated service
// account does not have the required
// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key, or
// 3) access to the key is disabled.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
rpc UpdateCmekSettings(UpdateCmekSettingsRequest) returns (CmekSettings) {
option (google.api.http) = {
patch: "/v2/{name=*/*}/cmekSettings"
body: "cmek_settings"
additional_bindings {
patch: "/v2/{name=organizations/*}/cmekSettings"
body: "cmek_settings"
}
};
}
}
// Describes a repository of logs.
message LogBucket {
option (google.api.resource) = {
type: "logging.googleapis.com/LogBucket"
pattern: "projects/{project}/locations/{location}/buckets/{bucket}"
pattern: "organizations/{organization}/locations/{location}/buckets/{bucket}"
pattern: "folders/{folder}/locations/{location}/buckets/{bucket}"
pattern: "billingAccounts/{billing_account}/locations/{location}/buckets/{bucket}"
};
// The resource name of the bucket.
// For example:
// "projects/my-project-id/locations/my-location/buckets/my-bucket-id The
// supported locations are:
// "global"
//
// For the location of `global` it is unspecified where logs are actually
// stored.
// Once a bucket has been created, the location can not be changed.
string name = 1;
// Describes this bucket.
string description = 3;
// Output only. The creation timestamp of the bucket. This is not set for any of the
// default buckets.
google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the bucket.
google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Logs will be retained by default for this amount of time, after which they
// will automatically be deleted. The minimum retention period is 1 day.
// If this value is set to zero at bucket creation time, the default time of
// 30 days will be used.
int32 retention_days = 11;
// Whether the bucket has been locked.
// The retention period on a locked bucket may not be changed.
// Locked buckets may only be deleted if they are empty.
bool locked = 9;
// Output only. The bucket lifecycle state.
LifecycleState lifecycle_state = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// LogBucket lifecycle states.
enum LifecycleState {
// Unspecified state. This is only used/useful for distinguishing
// unset values.
LIFECYCLE_STATE_UNSPECIFIED = 0;
// The normal and active state.
ACTIVE = 1;
// The bucket has been marked for deletion by the user.
DELETE_REQUESTED = 2;
}
// Describes a view over logs in a bucket.
message LogView {
option (google.api.resource) = {
type: "logging.googleapis.com/LogView"
pattern: "projects/{project}/locations/{location}/buckets/{bucket}/views/{view}"
pattern: "organizations/{organization}/locations/{location}/buckets/{bucket}/views/{view}"
pattern: "folders/{folder}/locations/{location}/buckets/{bucket}/views/{view}"
pattern: "billingAccounts/{billing_account}/locations/{location}/buckets/{bucket}/views/{view}"
};
// The resource name of the view.
// For example
// "projects/my-project-id/locations/my-location/buckets/my-bucket-id/views/my-view
string name = 1;
// Describes this view.
string description = 3;
// Output only. The creation timestamp of the view.
google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the view.
google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Filter that restricts which log entries in a bucket are visible in this
// view. Filters are restricted to be a logical AND of ==/!= of any of the
// following:
// originating project/folder/organization/billing account.
// resource type
// log id
// Example: SOURCE("projects/myproject") AND resource.type = "gce_instance"
// AND LOG_ID("stdout")
string filter = 7;
}
// Describes a sink used to export log entries to one of the following
// destinations in any project: a Cloud Storage bucket, a BigQuery dataset, or a
// Cloud Pub/Sub topic. A logs filter controls which log entries are exported.
// The sink must be created within a project, organization, billing account, or
// folder.
message LogSink {
option (google.api.resource) = {
type: "logging.googleapis.com/LogSink"
pattern: "projects/{project}/sinks/{sink}"
pattern: "organizations/{organization}/sinks/{sink}"
pattern: "folders/{folder}/sinks/{sink}"
pattern: "billingAccounts/{billing_account}/sinks/{sink}"
};
// Deprecated. This is unused.
enum VersionFormat {
// An unspecified format version that will default to V2.
VERSION_FORMAT_UNSPECIFIED = 0;
// `LogEntry` version 2 format.
V2 = 1;
// `LogEntry` version 1 format.
V1 = 2;
}
// Required. The client-assigned sink identifier, unique within the project. Example:
// `"my-syslog-errors-to-pubsub"`. Sink identifiers are limited to 100
// characters and can include only the following characters: upper and
// lower-case alphanumeric characters, underscores, hyphens, and periods.
// First character has to be alphanumeric.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The export destination:
//
// "storage.googleapis.com/[GCS_BUCKET]"
// "bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]"
// "pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]"
//
// The sink's `writer_identity`, set when the sink is created, must
// have permission to write to the destination or else the log
// entries are not exported. For more information, see
// [Exporting Logs with
// Sinks](https://cloud.google.com/logging/docs/api/tasks/exporting-logs).
string destination = 3 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "*"
}
];
// Optional. An [advanced logs
// filter](https://cloud.google.com/logging/docs/view/advanced-queries). The
// only exported log entries are those that are in the resource owning the
// sink and that match the filter. For example:
//
// logName="projects/[PROJECT_ID]/logs/[LOG_ID]" AND severity>=ERROR
string filter = 5 [(google.api.field_behavior) = OPTIONAL];
// Optional. A description of this sink.
// The maximum length of the description is 8000 characters.
string description = 18 [(google.api.field_behavior) = OPTIONAL];
// Optional. If set to True, then this sink is disabled and it does not
// export any log entries.
bool disabled = 19 [(google.api.field_behavior) = OPTIONAL];
// Optional. Log entries that match any of the exclusion filters will not be exported.
// If a log entry is matched by both `filter` and one of `exclusion_filters`
// it will not be exported.
repeated LogExclusion exclusions = 16 [(google.api.field_behavior) = OPTIONAL];
// Deprecated. This field is unused.
VersionFormat output_version_format = 6 [deprecated = true];
// Output only. An IAM identity—a service account or group—under which Logging
// writes the exported log entries to the sink's destination. This field is
// set by [sinks.create][google.logging.v2.ConfigServiceV2.CreateSink] and
// [sinks.update][google.logging.v2.ConfigServiceV2.UpdateSink] based on the
// value of `unique_writer_identity` in those methods.
//
// Until you grant this identity write-access to the destination, log entry
// exports from this sink will fail. For more information,
// see [Granting Access for a
// Resource](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource).
// Consult the destination service's documentation to determine the
// appropriate IAM roles to assign to the identity.
string writer_identity = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. This field applies only to sinks owned by organizations and
// folders. If the field is false, the default, only the logs owned by the
// sink's parent resource are available for export. If the field is true, then
// logs from all the projects, folders, and billing accounts contained in the
// sink's parent resource are also available for export. Whether a particular
// log entry from the children is exported depends on the sink's filter
// expression. For example, if this field is true, then the filter
// `resource.type=gce_instance` would export all Compute Engine VM instance
// log entries from all projects in the sink's parent. To only export entries
// from certain child projects, filter on the project part of the log name:
//
// logName:("projects/test-project1/" OR "projects/test-project2/") AND
// resource.type=gce_instance
bool include_children = 9 [(google.api.field_behavior) = OPTIONAL];
// Destination dependent options.
oneof options {
// Optional. Options that affect sinks exporting data to BigQuery.
BigQueryOptions bigquery_options = 12 [(google.api.field_behavior) = OPTIONAL];
}
// Output only. The creation timestamp of the sink.
//
// This field may not be present for older sinks.
google.protobuf.Timestamp create_time = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the sink.
//
// This field may not be present for older sinks.
google.protobuf.Timestamp update_time = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Options that change functionality of a sink exporting data to BigQuery.
message BigQueryOptions {
// Optional. Whether to use [BigQuery's partition
// tables](https://cloud.google.com/bigquery/docs/partitioned-tables). By
// default, Logging creates dated tables based on the log entries' timestamps,
// e.g. syslog_20170523. With partitioned tables the date suffix is no longer
// present and [special query
// syntax](https://cloud.google.com/bigquery/docs/querying-partitioned-tables)
// has to be used instead. In both cases, tables are sharded based on UTC
// timezone.
bool use_partitioned_tables = 1 [(google.api.field_behavior) = OPTIONAL];
// Output only. True if new timestamp column based partitioning is in use,
// false if legacy ingestion-time partitioning is in use.
// All new sinks will have this field set true and will use timestamp column
// based partitioning. If use_partitioned_tables is false, this value has no
// meaning and will be false. Legacy sinks using partitioned tables will have
// this field set to false.
bool uses_timestamp_column_partitioning = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// The parameters to `ListBuckets`.
message ListBucketsRequest {
// Required. The parent resource whose buckets are to be listed:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]"
//
// Note: The locations portion of the resource must be specified, but
// supplying the character `-` in place of [LOCATION_ID] will return all
// buckets.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogBucket"
}
];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// The response from ListBuckets.
message ListBucketsResponse {
// A list of buckets.
repeated LogBucket buckets = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `CreateBucket`.
message CreateBucketRequest {
// Required. The resource in which to create the bucket:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]"
//
// Example: `"projects/my-logging-project/locations/global"`
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogBucket"
}
];
// Required. A client-assigned identifier such as `"my-bucket"`. Identifiers are
// limited to 100 characters and can include only letters, digits,
// underscores, hyphens, and periods.
string bucket_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The new bucket. The region specified in the new bucket must be compliant
// with any Location Restriction Org Policy. The name field in the bucket is
// ignored.
LogBucket bucket = 3 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `UpdateBucket`.
message UpdateBucketRequest {
// Required. The full resource name of the bucket to update.
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id"`. Also
// requires permission "resourcemanager.projects.updateLiens" to set the
// locked property
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogBucket"
}
];
// Required. The updated bucket.
LogBucket bucket = 2 [(google.api.field_behavior) = REQUIRED];
// Required. Field mask that specifies the fields in `bucket` that need an update. A
// bucket field will be overwritten if, and only if, it is in the update
// mask. `name` and output only fields cannot be updated.
//
// For a detailed `FieldMask` definition, see
// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.FieldMask
//
// Example: `updateMask=retention_days`.
google.protobuf.FieldMask update_mask = 4 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `GetBucket`.
message GetBucketRequest {
// Required. The resource name of the bucket:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogBucket"
}
];
}
// The parameters to `DeleteBucket`.
message DeleteBucketRequest {
// Required. The full resource name of the bucket to delete.
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogBucket"
}
];
}
// The parameters to `UndeleteBucket`.
message UndeleteBucketRequest {
// Required. The full resource name of the bucket to undelete.
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogBucket"
}
];
}
// The parameters to `ListViews`.
message ListViewsRequest {
// Required. The bucket whose views are to be listed:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
string parent = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// The response from ListViews.
message ListViewsResponse {
// A list of views.
repeated LogView views = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `CreateView`.
message CreateViewRequest {
// Required. The bucket in which to create the view
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-logging-project/locations/my-location/buckets/my-bucket"`
string parent = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The id to use for this view.
string view_id = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The new view.
LogView view = 3 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `UpdateView`.
message UpdateViewRequest {
// Required. The full resource name of the view to update
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]/views/[VIEW_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id/views/my-view-id"`.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The updated view.
LogView view = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. Field mask that specifies the fields in `view` that need
// an update. A field will be overwritten if, and only if, it is
// in the update mask. `name` and output only fields cannot be updated.
//
// For a detailed `FieldMask` definition, see
// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.FieldMask
//
// Example: `updateMask=filter`.
google.protobuf.FieldMask update_mask = 4 [(google.api.field_behavior) = OPTIONAL];
}
// The parameters to `GetView`.
message GetViewRequest {
// Required. The resource name of the policy:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]/views/[VIEW_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id/views/my-view-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogView"
}
];
}
// The parameters to `DeleteView`.
message DeleteViewRequest {
// Required. The full resource name of the view to delete:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]/views/[VIEW_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id/views/my-view-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogView"
}
];
}
// The parameters to `ListSinks`.
message ListSinksRequest {
// Required. The parent resource whose sinks are to be listed:
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogSink"
}
];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Result returned from `ListSinks`.
message ListSinksResponse {
// A list of sinks.
repeated LogSink sinks = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `GetSink`.
message GetSinkRequest {
// Required. The resource name of the sink:
//
// "projects/[PROJECT_ID]/sinks/[SINK_ID]"
// "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]"
// "folders/[FOLDER_ID]/sinks/[SINK_ID]"
//
// Example: `"projects/my-project-id/sinks/my-sink-id"`.
string sink_name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogSink"
}
];
}
// The parameters to `CreateSink`.
message CreateSinkRequest {
// Required. The resource in which to create the sink:
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
//
// Examples: `"projects/my-logging-project"`, `"organizations/123456789"`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogSink"
}
];
// Required. The new sink, whose `name` parameter is a sink identifier that
// is not already in use.
LogSink sink = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. Determines the kind of IAM identity returned as `writer_identity`
// in the new sink. If this value is omitted or set to false, and if the
// sink's parent is a project, then the value returned as `writer_identity` is
// the same group or service account used by Logging before the addition of
// writer identities to this API. The sink's destination must be in the same
// project as the sink itself.
//
// If this field is set to true, or if the sink is owned by a non-project
// resource such as an organization, then the value of `writer_identity` will
// be a unique service account used only for exports from the new sink. For
// more information, see `writer_identity` in [LogSink][google.logging.v2.LogSink].
bool unique_writer_identity = 3 [(google.api.field_behavior) = OPTIONAL];
}
// The parameters to `UpdateSink`.
message UpdateSinkRequest {
// Required. The full resource name of the sink to update, including the parent
// resource and the sink identifier:
//
// "projects/[PROJECT_ID]/sinks/[SINK_ID]"
// "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]"
// "folders/[FOLDER_ID]/sinks/[SINK_ID]"
//
// Example: `"projects/my-project-id/sinks/my-sink-id"`.
string sink_name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogSink"
}
];
// Required. The updated sink, whose name is the same identifier that appears as part
// of `sink_name`.
LogSink sink = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. See [sinks.create][google.logging.v2.ConfigServiceV2.CreateSink]
// for a description of this field. When updating a sink, the effect of this
// field on the value of `writer_identity` in the updated sink depends on both
// the old and new values of this field:
//
// + If the old and new values of this field are both false or both true,
// then there is no change to the sink's `writer_identity`.
// + If the old value is false and the new value is true, then
// `writer_identity` is changed to a unique service account.
// + It is an error if the old value is true and the new value is
// set to false or defaulted to false.
bool unique_writer_identity = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Field mask that specifies the fields in `sink` that need
// an update. A sink field will be overwritten if, and only if, it is
// in the update mask. `name` and output only fields cannot be updated.
//
// An empty updateMask is temporarily treated as using the following mask
// for backwards compatibility purposes:
// destination,filter,includeChildren
// At some point in the future, behavior will be removed and specifying an
// empty updateMask will be an error.
//
// For a detailed `FieldMask` definition, see
// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.FieldMask
//
// Example: `updateMask=filter`.
google.protobuf.FieldMask update_mask = 4 [(google.api.field_behavior) = OPTIONAL];
}
// The parameters to `DeleteSink`.
message DeleteSinkRequest {
// Required. The full resource name of the sink to delete, including the parent
// resource and the sink identifier:
//
// "projects/[PROJECT_ID]/sinks/[SINK_ID]"
// "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]"
// "folders/[FOLDER_ID]/sinks/[SINK_ID]"
//
// Example: `"projects/my-project-id/sinks/my-sink-id"`.
string sink_name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogSink"
}
];
}
// Specifies a set of log entries that are not to be stored in
// Logging. If your GCP resource receives a large volume of logs, you can
// use exclusions to reduce your chargeable logs. Exclusions are
// processed after log sinks, so you can export log entries before they are
// excluded. Note that organization-level and folder-level exclusions don't
// apply to child resources, and that you can't exclude audit log entries.
message LogExclusion {
option (google.api.resource) = {
type: "logging.googleapis.com/LogExclusion"
pattern: "projects/{project}/exclusions/{exclusion}"
pattern: "organizations/{organization}/exclusions/{exclusion}"
pattern: "folders/{folder}/exclusions/{exclusion}"
pattern: "billingAccounts/{billing_account}/exclusions/{exclusion}"
};
// Required. A client-assigned identifier, such as `"load-balancer-exclusion"`.
// Identifiers are limited to 100 characters and can include only letters,
// digits, underscores, hyphens, and periods. First character has to be
// alphanumeric.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. A description of this exclusion.
string description = 2 [(google.api.field_behavior) = OPTIONAL];
// Required. An [advanced logs
// filter](https://cloud.google.com/logging/docs/view/advanced-queries) that
// matches the log entries to be excluded. By using the [sample
// function](https://cloud.google.com/logging/docs/view/advanced-queries#sample),
// you can exclude less than 100% of the matching log entries.
// For example, the following query matches 99% of low-severity log
// entries from Google Cloud Storage buckets:
//
// `"resource.type=gcs_bucket severity<ERROR sample(insertId, 0.99)"`
string filter = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. If set to True, then this exclusion is disabled and it does not
// exclude any log entries. You can [update an
// exclusion][google.logging.v2.ConfigServiceV2.UpdateExclusion] to change the
// value of this field.
bool disabled = 4 [(google.api.field_behavior) = OPTIONAL];
// Output only. The creation timestamp of the exclusion.
//
// This field may not be present for older exclusions.
google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the exclusion.
//
// This field may not be present for older exclusions.
google.protobuf.Timestamp update_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// The parameters to `ListExclusions`.
message ListExclusionsRequest {
// Required. The parent resource whose exclusions are to be listed.
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogExclusion"
}
];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Result returned from `ListExclusions`.
message ListExclusionsResponse {
// A list of exclusions.
repeated LogExclusion exclusions = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `GetExclusion`.
message GetExclusionRequest {
// Required. The resource name of an existing exclusion:
//
// "projects/[PROJECT_ID]/exclusions/[EXCLUSION_ID]"
// "organizations/[ORGANIZATION_ID]/exclusions/[EXCLUSION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/exclusions/[EXCLUSION_ID]"
// "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
//
// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogExclusion"
}
];
}
// The parameters to `CreateExclusion`.
message CreateExclusionRequest {
// Required. The parent resource in which to create the exclusion:
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
//
// Examples: `"projects/my-logging-project"`, `"organizations/123456789"`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogExclusion"
}
];
// Required. The new exclusion, whose `name` parameter is an exclusion name
// that is not already used in the parent resource.
LogExclusion exclusion = 2 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `UpdateExclusion`.
message UpdateExclusionRequest {
// Required. The resource name of the exclusion to update:
//
// "projects/[PROJECT_ID]/exclusions/[EXCLUSION_ID]"
// "organizations/[ORGANIZATION_ID]/exclusions/[EXCLUSION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/exclusions/[EXCLUSION_ID]"
// "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
//
// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogExclusion"
}
];
// Required. New values for the existing exclusion. Only the fields specified in
// `update_mask` are relevant.
LogExclusion exclusion = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A non-empty list of fields to change in the existing exclusion. New values
// for the fields are taken from the corresponding fields in the
// [LogExclusion][google.logging.v2.LogExclusion] included in this request. Fields not mentioned in
// `update_mask` are not changed and are ignored in the request.
//
// For example, to change the filter and description of an exclusion,
// specify an `update_mask` of `"filter,description"`.
google.protobuf.FieldMask update_mask = 3 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `DeleteExclusion`.
message DeleteExclusionRequest {
// Required. The resource name of an existing exclusion to delete:
//
// "projects/[PROJECT_ID]/exclusions/[EXCLUSION_ID]"
// "organizations/[ORGANIZATION_ID]/exclusions/[EXCLUSION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/exclusions/[EXCLUSION_ID]"
// "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
//
// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogExclusion"
}
];
}
// The parameters to
// [GetCmekSettings][google.logging.v2.ConfigServiceV2.GetCmekSettings].
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption) for
// more information.
message GetCmekSettingsRequest {
// Required. The resource for which to retrieve CMEK settings.
//
// "projects/[PROJECT_ID]/cmekSettings"
// "organizations/[ORGANIZATION_ID]/cmekSettings"
// "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
// "folders/[FOLDER_ID]/cmekSettings"
//
// Example: `"organizations/12345/cmekSettings"`.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/CmekSettings"
}
];
}
// The parameters to
// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings].
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption) for
// more information.
message UpdateCmekSettingsRequest {
// Required. The resource name for the CMEK settings to update.
//
// "projects/[PROJECT_ID]/cmekSettings"
// "organizations/[ORGANIZATION_ID]/cmekSettings"
// "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
// "folders/[FOLDER_ID]/cmekSettings"
//
// Example: `"organizations/12345/cmekSettings"`.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The CMEK settings to update.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
CmekSettings cmek_settings = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. Field mask identifying which fields from `cmek_settings` should
// be updated. A field will be overwritten if and only if it is in the update
// mask. Output only fields cannot be updated.
//
// See [FieldMask][google.protobuf.FieldMask] for more information.
//
// Example: `"updateMask=kmsKeyName"`
google.protobuf.FieldMask update_mask = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Describes the customer-managed encryption key (CMEK) settings associated with
// a project, folder, organization, billing account, or flexible resource.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in the
// GCP organization.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption) for
// more information.
message CmekSettings {
option (google.api.resource) = {
type: "logging.googleapis.com/CmekSettings"
pattern: "projects/{project}/cmekSettings"
pattern: "organizations/{organization}/cmekSettings"
pattern: "folders/{folder}/cmekSettings"
pattern: "billingAccounts/{billing_account}/cmekSettings"
};
// Output only. The resource name of the CMEK settings.
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// The resource name for the configured Cloud KMS key.
//
// KMS key name format:
// "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]"
//
// For example:
// `"projects/my-project-id/locations/my-region/keyRings/key-ring-name/cryptoKeys/key-name"`
//
//
//
// To enable CMEK for the Logs Router, set this field to a valid
// `kms_key_name` for which the associated service account has the required
// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key.
//
// The Cloud KMS key used by the Log Router can be updated by changing the
// `kms_key_name` to a new valid key name. Encryption operations that are in
// progress will be completed with the key that was in use when they started.
// Decryption operations will be completed using the key that was used at the
// time of encryption unless access to that key has been revoked.
//
// To disable CMEK for the Logs Router, set this field to an empty string.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
string kms_key_name = 2;
// Output only. The service account that will be used by the Logs Router to access your
// Cloud KMS key.
//
// Before enabling CMEK for Logs Router, you must first assign the role
// `roles/cloudkms.cryptoKeyEncrypterDecrypter` to the service account that
// the Logs Router will use to access your Cloud KMS key. Use
// [GetCmekSettings][google.logging.v2.ConfigServiceV2.GetCmekSettings] to
// obtain the service account ID.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
string service_account_id = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}
Reference in New Issue View Git Blame Copy Permalink