suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
googleapis/google/logging/v2/logging_config.proto

1179 lines
44 KiB
Protocol Buffer
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.logging.v2;
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
import "google/api/annotations.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Logging.V2";
option go_package = "google.golang.org/genproto/googleapis/logging/v2;logging";
option java_multiple_files = true;
option java_outer_classname = "LoggingConfigProto";
option java_package = "com.google.logging.v2";
option php_namespace = "Google\\Cloud\\Logging\\V2";
option ruby_package = "Google::Cloud::Logging::V2";
option (google.api.resource_definition) = {
type: "logging.googleapis.com/OrganizationLocation"
pattern: "organizations/{organization}/locations/{location}"
};
option (google.api.resource_definition) = {
type: "logging.googleapis.com/FolderLocation"
pattern: "folders/{folder}/locations/{location}"
};
option (google.api.resource_definition) = {
type: "logging.googleapis.com/BillingAccountLocation"
pattern: "billingAccounts/{billing_account}/locations/{location}"
};
// Service for configuring sinks used to route log entries.
service ConfigServiceV2 {
option (google.api.default_host) = "logging.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform,"
"https://www.googleapis.com/auth/cloud-platform.read-only,"
"https://www.googleapis.com/auth/logging.admin,"
"https://www.googleapis.com/auth/logging.read";
// Lists buckets (Beta).
rpc ListBuckets(ListBucketsRequest) returns (ListBucketsResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*/locations/*}/buckets"
additional_bindings {
get: "/v2/{parent=projects/*/locations/*}/buckets"
}
additional_bindings {
get: "/v2/{parent=organizations/*/locations/*}/buckets"
}
additional_bindings {
get: "/v2/{parent=folders/*/locations/*}/buckets"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*/locations/*}/buckets"
}
};
option (google.api.method_signature) = "parent";
}
// Gets a bucket (Beta).
rpc GetBucket(GetBucketRequest) returns (LogBucket) {
option (google.api.http) = {
get: "/v2/{name=*/*/locations/*/buckets/*}"
additional_bindings {
get: "/v2/{name=projects/*/locations/*/buckets/*}"
}
additional_bindings {
get: "/v2/{name=organizations/*/locations/*/buckets/*}"
}
additional_bindings {
get: "/v2/{name=folders/*/locations/*/buckets/*}"
}
additional_bindings {
get: "/v2/{name=billingAccounts/*/buckets/*}"
}
};
}
// Updates a bucket. This method replaces the following fields in the
// existing bucket with values from the new bucket: `retention_period`
//
// If the retention period is decreased and the bucket is locked,
// FAILED_PRECONDITION will be returned.
//
// If the bucket has a LifecycleState of DELETE_REQUESTED, FAILED_PRECONDITION
// will be returned.
//
// A buckets region may not be modified after it is created.
// This method is in Beta.
rpc UpdateBucket(UpdateBucketRequest) returns (LogBucket) {
option (google.api.http) = {
patch: "/v2/{name=*/*/locations/*/buckets/*}"
body: "bucket"
additional_bindings {
patch: "/v2/{name=projects/*/locations/*/buckets/*}"
body: "bucket"
}
additional_bindings {
patch: "/v2/{name=organizations/*/locations/*/buckets/*}"
body: "bucket"
}
additional_bindings {
patch: "/v2/{name=folders/*/locations/*/buckets/*}"
body: "bucket"
}
additional_bindings {
patch: "/v2/{name=billingAccounts/*/locations/*/buckets/*}"
body: "bucket"
}
};
}
// Lists sinks.
rpc ListSinks(ListSinksRequest) returns (ListSinksResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*}/sinks"
additional_bindings {
get: "/v2/{parent=projects/*}/sinks"
}
additional_bindings {
get: "/v2/{parent=organizations/*}/sinks"
}
additional_bindings {
get: "/v2/{parent=folders/*}/sinks"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*}/sinks"
}
};
option (google.api.method_signature) = "parent";
}
// Gets a sink.
rpc GetSink(GetSinkRequest) returns (LogSink) {
option (google.api.http) = {
get: "/v2/{sink_name=*/*/sinks/*}"
additional_bindings {
get: "/v2/{sink_name=projects/*/sinks/*}"
}
additional_bindings {
get: "/v2/{sink_name=organizations/*/sinks/*}"
}
additional_bindings {
get: "/v2/{sink_name=folders/*/sinks/*}"
}
additional_bindings {
get: "/v2/{sink_name=billingAccounts/*/sinks/*}"
}
};
option (google.api.method_signature) = "sink_name";
}
// Creates a sink that exports specified log entries to a destination. The
// export of newly-ingested log entries begins immediately, unless the sink's
// `writer_identity` is not permitted to write to the destination. A sink can
// export log entries only from the resource owning the sink.
rpc CreateSink(CreateSinkRequest) returns (LogSink) {
option (google.api.http) = {
post: "/v2/{parent=*/*}/sinks"
body: "sink"
additional_bindings {
post: "/v2/{parent=projects/*}/sinks"
body: "sink"
}
additional_bindings {
post: "/v2/{parent=organizations/*}/sinks"
body: "sink"
}
additional_bindings {
post: "/v2/{parent=folders/*}/sinks"
body: "sink"
}
additional_bindings {
post: "/v2/{parent=billingAccounts/*}/sinks"
body: "sink"
}
};
option (google.api.method_signature) = "parent,sink";
}
// Updates a sink. This method replaces the following fields in the existing
// sink with values from the new sink: `destination`, and `filter`.
//
// The updated sink might also have a new `writer_identity`; see the
// `unique_writer_identity` field.
rpc UpdateSink(UpdateSinkRequest) returns (LogSink) {
option (google.api.http) = {
put: "/v2/{sink_name=*/*/sinks/*}"
body: "sink"
additional_bindings {
put: "/v2/{sink_name=projects/*/sinks/*}"
body: "sink"
}
additional_bindings {
put: "/v2/{sink_name=organizations/*/sinks/*}"
body: "sink"
}
additional_bindings {
put: "/v2/{sink_name=folders/*/sinks/*}"
body: "sink"
}
additional_bindings {
put: "/v2/{sink_name=billingAccounts/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=projects/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=organizations/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=folders/*/sinks/*}"
body: "sink"
}
additional_bindings {
patch: "/v2/{sink_name=billingAccounts/*/sinks/*}"
body: "sink"
}
};
option (google.api.method_signature) = "sink_name,sink,update_mask";
option (google.api.method_signature) = "sink_name,sink";
}
// Deletes a sink. If the sink has a unique `writer_identity`, then that
// service account is also deleted.
rpc DeleteSink(DeleteSinkRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v2/{sink_name=*/*/sinks/*}"
additional_bindings {
delete: "/v2/{sink_name=projects/*/sinks/*}"
}
additional_bindings {
delete: "/v2/{sink_name=organizations/*/sinks/*}"
}
additional_bindings {
delete: "/v2/{sink_name=folders/*/sinks/*}"
}
additional_bindings {
delete: "/v2/{sink_name=billingAccounts/*/sinks/*}"
}
};
option (google.api.method_signature) = "sink_name";
}
// Lists all the exclusions in a parent resource.
rpc ListExclusions(ListExclusionsRequest) returns (ListExclusionsResponse) {
option (google.api.http) = {
get: "/v2/{parent=*/*}/exclusions"
additional_bindings {
get: "/v2/{parent=projects/*}/exclusions"
}
additional_bindings {
get: "/v2/{parent=organizations/*}/exclusions"
}
additional_bindings {
get: "/v2/{parent=folders/*}/exclusions"
}
additional_bindings {
get: "/v2/{parent=billingAccounts/*}/exclusions"
}
};
option (google.api.method_signature) = "parent";
}
// Gets the description of an exclusion.
rpc GetExclusion(GetExclusionRequest) returns (LogExclusion) {
option (google.api.http) = {
get: "/v2/{name=*/*/exclusions/*}"
additional_bindings {
get: "/v2/{name=projects/*/exclusions/*}"
}
additional_bindings {
get: "/v2/{name=organizations/*/exclusions/*}"
}
additional_bindings {
get: "/v2/{name=folders/*/exclusions/*}"
}
additional_bindings {
get: "/v2/{name=billingAccounts/*/exclusions/*}"
}
};
option (google.api.method_signature) = "name";
}
// Creates a new exclusion in a specified parent resource.
// Only log entries belonging to that resource can be excluded.
// You can have up to 10 exclusions in a resource.
rpc CreateExclusion(CreateExclusionRequest) returns (LogExclusion) {
option (google.api.http) = {
post: "/v2/{parent=*/*}/exclusions"
body: "exclusion"
additional_bindings {
post: "/v2/{parent=projects/*}/exclusions"
body: "exclusion"
}
additional_bindings {
post: "/v2/{parent=organizations/*}/exclusions"
body: "exclusion"
}
additional_bindings {
post: "/v2/{parent=folders/*}/exclusions"
body: "exclusion"
}
additional_bindings {
post: "/v2/{parent=billingAccounts/*}/exclusions"
body: "exclusion"
}
};
option (google.api.method_signature) = "parent,exclusion";
}
// Changes one or more properties of an existing exclusion.
rpc UpdateExclusion(UpdateExclusionRequest) returns (LogExclusion) {
option (google.api.http) = {
patch: "/v2/{name=*/*/exclusions/*}"
body: "exclusion"
additional_bindings {
patch: "/v2/{name=projects/*/exclusions/*}"
body: "exclusion"
}
additional_bindings {
patch: "/v2/{name=organizations/*/exclusions/*}"
body: "exclusion"
}
additional_bindings {
patch: "/v2/{name=folders/*/exclusions/*}"
body: "exclusion"
}
additional_bindings {
patch: "/v2/{name=billingAccounts/*/exclusions/*}"
body: "exclusion"
}
};
option (google.api.method_signature) = "name,exclusion,update_mask";
}
// Deletes an exclusion.
rpc DeleteExclusion(DeleteExclusionRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v2/{name=*/*/exclusions/*}"
additional_bindings {
delete: "/v2/{name=projects/*/exclusions/*}"
}
additional_bindings {
delete: "/v2/{name=organizations/*/exclusions/*}"
}
additional_bindings {
delete: "/v2/{name=folders/*/exclusions/*}"
}
additional_bindings {
delete: "/v2/{name=billingAccounts/*/exclusions/*}"
}
};
option (google.api.method_signature) = "name";
}
// Gets the Logs Router CMEK settings for the given resource.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
rpc GetCmekSettings(GetCmekSettingsRequest) returns (CmekSettings) {
option (google.api.http) = {
get: "/v2/{name=*/*}/cmekSettings"
additional_bindings {
get: "/v2/{name=organizations/*}/cmekSettings"
}
};
}
// Updates the Logs Router CMEK settings for the given resource.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
//
// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings]
// will fail if 1) `kms_key_name` is invalid, or 2) the associated service
// account does not have the required
// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key, or
// 3) access to the key is disabled.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
rpc UpdateCmekSettings(UpdateCmekSettingsRequest) returns (CmekSettings) {
option (google.api.http) = {
patch: "/v2/{name=*/*}/cmekSettings"
body: "cmek_settings"
additional_bindings {
patch: "/v2/{name=organizations/*}/cmekSettings"
body: "cmek_settings"
}
};
}
}
// Describes a repository of logs (Beta).
message LogBucket {
option (google.api.resource) = {
type: "logging.googleapis.com/LogBucket"
pattern: "projects/{project}/locations/{location}/buckets/{bucket}"
pattern: "organizations/{organization}/locations/{location}/buckets/{bucket}"
pattern: "folders/{folder}/locations/{location}/buckets/{bucket}"
pattern: "billingAccounts/{billing_account}/locations/{location}/buckets/{bucket}"
};
// The resource name of the bucket.
// For example:
// "projects/my-project-id/locations/my-location/buckets/my-bucket-id The
// supported locations are:
// "global"
// "us-central1"
//
// For the location of `global` it is unspecified where logs are actually
// stored.
// Once a bucket has been created, the location can not be changed.
string name = 1;
// Describes this bucket.
string description = 3;
// Output only. The creation timestamp of the bucket. This is not set for any of the
// default buckets.
google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the bucket.
google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Logs will be retained by default for this amount of time, after which they
// will automatically be deleted. The minimum retention period is 1 day.
// If this value is set to zero at bucket creation time, the default time of
// 30 days will be used.
int32 retention_days = 11;
// Output only. The bucket lifecycle state.
LifecycleState lifecycle_state = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Describes a sink used to export log entries to one of the following
// destinations in any project: a Cloud Storage bucket, a BigQuery dataset, or a
// Cloud Pub/Sub topic. A logs filter controls which log entries are exported.
// The sink must be created within a project, organization, billing account, or
// folder.
message LogSink {
option (google.api.resource) = {
type: "logging.googleapis.com/LogSink"
pattern: "projects/{project}/sinks/{sink}"
pattern: "organizations/{organization}/sinks/{sink}"
pattern: "folders/{folder}/sinks/{sink}"
pattern: "billingAccounts/{billing_account}/sinks/{sink}"
};
// Deprecated. This is unused.
enum VersionFormat {
// An unspecified format version that will default to V2.
VERSION_FORMAT_UNSPECIFIED = 0;
// `LogEntry` version 2 format.
V2 = 1;
// `LogEntry` version 1 format.
V1 = 2;
}
// Required. The client-assigned sink identifier, unique within the project. Example:
// `"my-syslog-errors-to-pubsub"`. Sink identifiers are limited to 100
// characters and can include only the following characters: upper and
// lower-case alphanumeric characters, underscores, hyphens, and periods.
// First character has to be alphanumeric.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The export destination:
//
// "storage.googleapis.com/[GCS_BUCKET]"
// "bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]"
// "pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]"
//
// The sink's `writer_identity`, set when the sink is created, must
// have permission to write to the destination or else the log
// entries are not exported. For more information, see
// [Exporting Logs with
// Sinks](https://cloud.google.com/logging/docs/api/tasks/exporting-logs).
string destination = 3 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "*"
}
];
// Optional. An [advanced logs
// filter](https://cloud.google.com/logging/docs/view/advanced-queries). The
// only exported log entries are those that are in the resource owning the
// sink and that match the filter. For example:
//
// logName="projects/[PROJECT_ID]/logs/[LOG_ID]" AND severity>=ERROR
string filter = 5 [(google.api.field_behavior) = OPTIONAL];
// Optional. A description of this sink.
// The maximum length of the description is 8000 characters.
string description = 18 [(google.api.field_behavior) = OPTIONAL];
// Optional. If set to True, then this sink is disabled and it does not
// export any log entries.
bool disabled = 19 [(google.api.field_behavior) = OPTIONAL];
// Deprecated. This field is unused.
VersionFormat output_version_format = 6 [deprecated = true];
// Output only. An IAM identitya service account or group—under which Logging
// writes the exported log entries to the sink's destination. This field is
// set by [sinks.create][google.logging.v2.ConfigServiceV2.CreateSink] and
// [sinks.update][google.logging.v2.ConfigServiceV2.UpdateSink] based on the
// value of `unique_writer_identity` in those methods.
//
// Until you grant this identity write-access to the destination, log entry
// exports from this sink will fail. For more information,
// see [Granting Access for a
// Resource](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource).
// Consult the destination service's documentation to determine the
// appropriate IAM roles to assign to the identity.
string writer_identity = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional. This field applies only to sinks owned by organizations and
// folders. If the field is false, the default, only the logs owned by the
// sink's parent resource are available for export. If the field is true, then
// logs from all the projects, folders, and billing accounts contained in the
// sink's parent resource are also available for export. Whether a particular
// log entry from the children is exported depends on the sink's filter
// expression. For example, if this field is true, then the filter
// `resource.type=gce_instance` would export all Compute Engine VM instance
// log entries from all projects in the sink's parent. To only export entries
// from certain child projects, filter on the project part of the log name:
//
// logName:("projects/test-project1/" OR "projects/test-project2/") AND
// resource.type=gce_instance
bool include_children = 9 [(google.api.field_behavior) = OPTIONAL];
// Destination dependent options.
oneof options {
// Optional. Options that affect sinks exporting data to BigQuery.
BigQueryOptions bigquery_options = 12 [(google.api.field_behavior) = OPTIONAL];
}
// Output only. The creation timestamp of the sink.
//
// This field may not be present for older sinks.
google.protobuf.Timestamp create_time = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the sink.
//
// This field may not be present for older sinks.
google.protobuf.Timestamp update_time = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Options that change functionality of a sink exporting data to BigQuery.
message BigQueryOptions {
// Optional. Whether to use [BigQuery's partition
// tables](https://cloud.google.com/bigquery/docs/partitioned-tables). By
// default, Logging creates dated tables based on the log entries' timestamps,
// e.g. syslog_20170523. With partitioned tables the date suffix is no longer
// present and [special query
// syntax](https://cloud.google.com/bigquery/docs/querying-partitioned-tables)
// has to be used instead. In both cases, tables are sharded based on UTC
// timezone.
bool use_partitioned_tables = 1 [(google.api.field_behavior) = OPTIONAL];
// Output only. True if new timestamp column based partitioning is in use,
// false if legacy ingestion-time partitioning is in use.
// All new sinks will have this field set true and will use timestamp column
// based partitioning. If use_partitioned_tables is false, this value has no
// meaning and will be false. Legacy sinks using partitioned tables will have
// this field set to false.
bool uses_timestamp_column_partitioning = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// LogBucket lifecycle states (Beta).
enum LifecycleState {
// Unspecified state. This is only used/useful for distinguishing
// unset values.
LIFECYCLE_STATE_UNSPECIFIED = 0;
// The normal and active state.
ACTIVE = 1;
// The bucket has been marked for deletion by the user.
DELETE_REQUESTED = 2;
}
// The parameters to `ListBuckets` (Beta).
message ListBucketsRequest {
// Required. The parent resource whose buckets are to be listed:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]"
//
// Note: The locations portion of the resource must be specified, but
// supplying the character `-` in place of [LOCATION_ID] will return all
// buckets.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogBucket"
}
];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// The response from ListBuckets (Beta).
message ListBucketsResponse {
// A list of buckets.
repeated LogBucket buckets = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `UpdateBucket` (Beta).
message UpdateBucketRequest {
// Required. The full resource name of the bucket to update.
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id"`. Also
// requires permission "resourcemanager.projects.updateLiens" to set the
// locked property
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogBucket"
}
];
// Required. The updated bucket.
LogBucket bucket = 2 [(google.api.field_behavior) = REQUIRED];
// Required. Field mask that specifies the fields in `bucket` that need an update. A
// bucket field will be overwritten if, and only if, it is in the update
// mask. `name` and output only fields cannot be updated.
//
// For a detailed `FieldMask` definition, see
// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.FieldMask
//
// Example: `updateMask=retention_days`.
google.protobuf.FieldMask update_mask = 4 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `GetBucket` (Beta).
message GetBucketRequest {
// Required. The resource name of the bucket:
//
// "projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "organizations/[ORGANIZATION_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
// "folders/[FOLDER_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]"
//
// Example:
// `"projects/my-project-id/locations/my-location/buckets/my-bucket-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogBucket"
}
];
}
// The parameters to `ListSinks`.
message ListSinksRequest {
// Required. The parent resource whose sinks are to be listed:
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogSink"
}
];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Result returned from `ListSinks`.
message ListSinksResponse {
// A list of sinks.
repeated LogSink sinks = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `GetSink`.
message GetSinkRequest {
// Required. The resource name of the sink:
//
// "projects/[PROJECT_ID]/sinks/[SINK_ID]"
// "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]"
// "folders/[FOLDER_ID]/sinks/[SINK_ID]"
//
// Example: `"projects/my-project-id/sinks/my-sink-id"`.
string sink_name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogSink"
}
];
}
// The parameters to `CreateSink`.
message CreateSinkRequest {
// Required. The resource in which to create the sink:
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
//
// Examples: `"projects/my-logging-project"`, `"organizations/123456789"`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogSink"
}
];
// Required. The new sink, whose `name` parameter is a sink identifier that
// is not already in use.
LogSink sink = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. Determines the kind of IAM identity returned as `writer_identity`
// in the new sink. If this value is omitted or set to false, and if the
// sink's parent is a project, then the value returned as `writer_identity` is
// the same group or service account used by Logging before the addition of
// writer identities to this API. The sink's destination must be in the same
// project as the sink itself.
//
// If this field is set to true, or if the sink is owned by a non-project
// resource such as an organization, then the value of `writer_identity` will
// be a unique service account used only for exports from the new sink. For
// more information, see `writer_identity` in [LogSink][google.logging.v2.LogSink].
bool unique_writer_identity = 3 [(google.api.field_behavior) = OPTIONAL];
}
// The parameters to `UpdateSink`.
message UpdateSinkRequest {
// Required. The full resource name of the sink to update, including the parent
// resource and the sink identifier:
//
// "projects/[PROJECT_ID]/sinks/[SINK_ID]"
// "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]"
// "folders/[FOLDER_ID]/sinks/[SINK_ID]"
//
// Example: `"projects/my-project-id/sinks/my-sink-id"`.
string sink_name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogSink"
}
];
// Required. The updated sink, whose name is the same identifier that appears as part
// of `sink_name`.
LogSink sink = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. See [sinks.create][google.logging.v2.ConfigServiceV2.CreateSink]
// for a description of this field. When updating a sink, the effect of this
// field on the value of `writer_identity` in the updated sink depends on both
// the old and new values of this field:
//
// + If the old and new values of this field are both false or both true,
// then there is no change to the sink's `writer_identity`.
// + If the old value is false and the new value is true, then
// `writer_identity` is changed to a unique service account.
// + It is an error if the old value is true and the new value is
// set to false or defaulted to false.
bool unique_writer_identity = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Field mask that specifies the fields in `sink` that need
// an update. A sink field will be overwritten if, and only if, it is
// in the update mask. `name` and output only fields cannot be updated.
//
// An empty updateMask is temporarily treated as using the following mask
// for backwards compatibility purposes:
// destination,filter,includeChildren
// At some point in the future, behavior will be removed and specifying an
// empty updateMask will be an error.
//
// For a detailed `FieldMask` definition, see
// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.FieldMask
//
// Example: `updateMask=filter`.
google.protobuf.FieldMask update_mask = 4 [(google.api.field_behavior) = OPTIONAL];
}
// The parameters to `DeleteSink`.
message DeleteSinkRequest {
// Required. The full resource name of the sink to delete, including the parent
// resource and the sink identifier:
//
// "projects/[PROJECT_ID]/sinks/[SINK_ID]"
// "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]"
// "folders/[FOLDER_ID]/sinks/[SINK_ID]"
//
// Example: `"projects/my-project-id/sinks/my-sink-id"`.
string sink_name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogSink"
}
];
}
// Specifies a set of log entries that are not to be stored in
// Logging. If your GCP resource receives a large volume of logs, you can
// use exclusions to reduce your chargeable logs. Exclusions are
// processed after log sinks, so you can export log entries before they are
// excluded. Note that organization-level and folder-level exclusions don't
// apply to child resources, and that you can't exclude audit log entries.
message LogExclusion {
option (google.api.resource) = {
type: "logging.googleapis.com/LogExclusion"
pattern: "projects/{project}/exclusions/{exclusion}"
pattern: "organizations/{organization}/exclusions/{exclusion}"
pattern: "folders/{folder}/exclusions/{exclusion}"
pattern: "billingAccounts/{billing_account}/exclusions/{exclusion}"
};
// Required. A client-assigned identifier, such as `"load-balancer-exclusion"`.
// Identifiers are limited to 100 characters and can include only letters,
// digits, underscores, hyphens, and periods. First character has to be
// alphanumeric.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. A description of this exclusion.
string description = 2 [(google.api.field_behavior) = OPTIONAL];
// Required. An [advanced logs
// filter](https://cloud.google.com/logging/docs/view/advanced-queries) that
// matches the log entries to be excluded. By using the [sample
// function](https://cloud.google.com/logging/docs/view/advanced-queries#sample),
// you can exclude less than 100% of the matching log entries.
// For example, the following query matches 99% of low-severity log
// entries from Google Cloud Storage buckets:
//
// `"resource.type=gcs_bucket severity<ERROR sample(insertId, 0.99)"`
string filter = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. If set to True, then this exclusion is disabled and it does not
// exclude any log entries. You can [update an
// exclusion][google.logging.v2.ConfigServiceV2.UpdateExclusion] to change the
// value of this field.
bool disabled = 4 [(google.api.field_behavior) = OPTIONAL];
// Output only. The creation timestamp of the exclusion.
//
// This field may not be present for older exclusions.
google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update timestamp of the exclusion.
//
// This field may not be present for older exclusions.
google.protobuf.Timestamp update_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// The parameters to `ListExclusions`.
message ListExclusionsRequest {
// Required. The parent resource whose exclusions are to be listed.
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogExclusion"
}
];
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `pageToken` must be the value of
// `nextPageToken` from the previous response. The values of other method
// parameters should be identical to those in the previous call.
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The maximum number of results to return from this request.
// Non-positive values are ignored. The presence of `nextPageToken` in the
// response indicates that more results might be available.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Result returned from `ListExclusions`.
message ListExclusionsResponse {
// A list of exclusions.
repeated LogExclusion exclusions = 1;
// If there might be more results than appear in this response, then
// `nextPageToken` is included. To get the next set of results, call the same
// method again using the value of `nextPageToken` as `pageToken`.
string next_page_token = 2;
}
// The parameters to `GetExclusion`.
message GetExclusionRequest {
// Required. The resource name of an existing exclusion:
//
// "projects/[PROJECT_ID]/exclusions/[EXCLUSION_ID]"
// "organizations/[ORGANIZATION_ID]/exclusions/[EXCLUSION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/exclusions/[EXCLUSION_ID]"
// "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
//
// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogExclusion"
}
];
}
// The parameters to `CreateExclusion`.
message CreateExclusionRequest {
// Required. The parent resource in which to create the exclusion:
//
// "projects/[PROJECT_ID]"
// "organizations/[ORGANIZATION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]"
// "folders/[FOLDER_ID]"
//
// Examples: `"projects/my-logging-project"`, `"organizations/123456789"`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "logging.googleapis.com/LogExclusion"
}
];
// Required. The new exclusion, whose `name` parameter is an exclusion name
// that is not already used in the parent resource.
LogExclusion exclusion = 2 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `UpdateExclusion`.
message UpdateExclusionRequest {
// Required. The resource name of the exclusion to update:
//
// "projects/[PROJECT_ID]/exclusions/[EXCLUSION_ID]"
// "organizations/[ORGANIZATION_ID]/exclusions/[EXCLUSION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/exclusions/[EXCLUSION_ID]"
// "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
//
// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogExclusion"
}
];
// Required. New values for the existing exclusion. Only the fields specified in
// `update_mask` are relevant.
LogExclusion exclusion = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A non-empty list of fields to change in the existing exclusion. New values
// for the fields are taken from the corresponding fields in the
// [LogExclusion][google.logging.v2.LogExclusion] included in this request. Fields not mentioned in
// `update_mask` are not changed and are ignored in the request.
//
// For example, to change the filter and description of an exclusion,
// specify an `update_mask` of `"filter,description"`.
google.protobuf.FieldMask update_mask = 3 [(google.api.field_behavior) = REQUIRED];
}
// The parameters to `DeleteExclusion`.
message DeleteExclusionRequest {
// Required. The resource name of an existing exclusion to delete:
//
// "projects/[PROJECT_ID]/exclusions/[EXCLUSION_ID]"
// "organizations/[ORGANIZATION_ID]/exclusions/[EXCLUSION_ID]"
// "billingAccounts/[BILLING_ACCOUNT_ID]/exclusions/[EXCLUSION_ID]"
// "folders/[FOLDER_ID]/exclusions/[EXCLUSION_ID]"
//
// Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/LogExclusion"
}
];
}
// The parameters to
// [GetCmekSettings][google.logging.v2.ConfigServiceV2.GetCmekSettings].
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption) for
// more information.
message GetCmekSettingsRequest {
// Required. The resource for which to retrieve CMEK settings.
//
// "projects/[PROJECT_ID]/cmekSettings"
// "organizations/[ORGANIZATION_ID]/cmekSettings"
// "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
// "folders/[FOLDER_ID]/cmekSettings"
//
// Example: `"organizations/12345/cmekSettings"`.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "logging.googleapis.com/CmekSettings"
}
];
}
// The parameters to
// [UpdateCmekSettings][google.logging.v2.ConfigServiceV2.UpdateCmekSettings].
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption) for
// more information.
message UpdateCmekSettingsRequest {
// Required. The resource name for the CMEK settings to update.
//
// "projects/[PROJECT_ID]/cmekSettings"
// "organizations/[ORGANIZATION_ID]/cmekSettings"
// "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
// "folders/[FOLDER_ID]/cmekSettings"
//
// Example: `"organizations/12345/cmekSettings"`.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in
// the GCP organization.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The CMEK settings to update.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
CmekSettings cmek_settings = 2 [(google.api.field_behavior) = REQUIRED];
// Optional. Field mask identifying which fields from `cmek_settings` should
// be updated. A field will be overwritten if and only if it is in the update
// mask. Output only fields cannot be updated.
//
// See [FieldMask][google.protobuf.FieldMask] for more information.
//
// Example: `"updateMask=kmsKeyName"`
google.protobuf.FieldMask update_mask = 3 [(google.api.field_behavior) = OPTIONAL];
}
// Describes the customer-managed encryption key (CMEK) settings associated with
// a project, folder, organization, billing account, or flexible resource.
//
// Note: CMEK for the Logs Router can currently only be configured for GCP
// organizations. Once configured, it applies to all projects and folders in the
// GCP organization.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption) for
// more information.
message CmekSettings {
option (google.api.resource) = {
type: "logging.googleapis.com/CmekSettings"
pattern: "projects/{project}/cmekSettings"
pattern: "organizations/{organization}/cmekSettings"
pattern: "folders/{folder}/cmekSettings"
pattern: "billingAccounts/{billing_account}/cmekSettings"
};
// Output only. The resource name of the CMEK settings.
string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// The resource name for the configured Cloud KMS key.
//
// KMS key name format:
// "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]"
//
// For example:
// `"projects/my-project-id/locations/my-region/keyRings/key-ring-name/cryptoKeys/key-name"`
//
//
//
// To enable CMEK for the Logs Router, set this field to a valid
// `kms_key_name` for which the associated service account has the required
// `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key.
//
// The Cloud KMS key used by the Log Router can be updated by changing the
// `kms_key_name` to a new valid key name. Encryption operations that are in
// progress will be completed with the key that was in use when they started.
// Decryption operations will be completed using the key that was used at the
// time of encryption unless access to that key has been revoked.
//
// To disable CMEK for the Logs Router, set this field to an empty string.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
string kms_key_name = 2;
// Output only. The service account that will be used by the Logs Router to access your
// Cloud KMS key.
//
// Before enabling CMEK for Logs Router, you must first assign the role
// `roles/cloudkms.cryptoKeyEncrypterDecrypter` to the service account that
// the Logs Router will use to access your Cloud KMS key. Use
// [GetCmekSettings][google.logging.v2.ConfigServiceV2.GetCmekSettings] to
// obtain the service account ID.
//
// See [Enabling CMEK for Logs
// Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
// for more information.
string service_account_id = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
}
Reference in New Issue View Git Blame Copy Permalink