// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.api.servicecontrol.v1; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/servicecontrol/v1/check_error.proto"; import "google/api/servicecontrol/v1/operation.proto"; import "google/rpc/status.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.ServiceControl.V1"; option go_package = "cloud.google.com/go/servicecontrol/apiv1/servicecontrolpb;servicecontrolpb"; option java_multiple_files = true; option java_outer_classname = "ServiceControllerProto"; option java_package = "com.google.api.servicecontrol.v1"; option objc_class_prefix = "GASC"; option php_namespace = "Google\\Cloud\\ServiceControl\\V1"; option ruby_package = "Google::Cloud::ServiceControl::V1"; // [Google Service Control API](/service-control/overview) // // Lets clients check and report operations against a [managed // service](https://cloud.google.com/service-management/reference/rpc/google.api/servicemanagement.v1#google.api.servicemanagement.v1.ManagedService). service ServiceController { option (google.api.default_host) = "servicecontrol.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform," "https://www.googleapis.com/auth/servicecontrol"; // Checks whether an operation on a service should be allowed to proceed // based on the configuration of the service and related policies. It must be // called before the operation is executed. // // If feasible, the client should cache the check results and reuse them for // 60 seconds. In case of any server errors, the client should rely on the // cached results for much longer time to avoid outage. // WARNING: There is general 60s delay for the configuration and policy // propagation, therefore callers MUST NOT depend on the `Check` method having // the latest policy information. // // NOTE: the [CheckRequest][google.api.servicecontrol.v1.CheckRequest] has // the size limit (wire-format byte size) of 1MB. // // This method requires the `servicemanagement.services.check` permission // on the specified service. For more information, see // [Cloud IAM](https://cloud.google.com/iam). rpc Check(CheckRequest) returns (CheckResponse) { option (google.api.http) = { post: "/v1/services/{service_name}:check" body: "*" }; } // Reports operation results to Google Service Control, such as logs and // metrics. It should be called after an operation is completed. // // If feasible, the client should aggregate reporting data for up to 5 // seconds to reduce API traffic. Limiting aggregation to 5 seconds is to // reduce data loss during client crashes. Clients should carefully choose // the aggregation time window to avoid data loss risk more than 0.01% // for business and compliance reasons. // // NOTE: the [ReportRequest][google.api.servicecontrol.v1.ReportRequest] has // the size limit (wire-format byte size) of 1MB. // // This method requires the `servicemanagement.services.report` permission // on the specified service. For more information, see // [Google Cloud IAM](https://cloud.google.com/iam). rpc Report(ReportRequest) returns (ReportResponse) { option (google.api.http) = { post: "/v1/services/{service_name}:report" body: "*" }; } } // Request message for the Check method. message CheckRequest { // The service name as specified in its service configuration. For example, // `"pubsub.googleapis.com"`. // // See // [google.api.Service](https://cloud.google.com/service-management/reference/rpc/google.api#google.api.Service) // for the definition of a service name. string service_name = 1; // The operation to be checked. Operation operation = 2; // Specifies which version of service configuration should be used to process // the request. // // If unspecified or no matching version can be found, the // latest one will be used. string service_config_id = 4; } // Response message for the Check method. message CheckResponse { // Contains additional information about the check operation. message CheckInfo { // A list of fields and label keys that are ignored by the server. // The client doesn't need to send them for following requests to improve // performance and allow better aggregation. repeated string unused_arguments = 1; // Consumer info of this check. ConsumerInfo consumer_info = 2; // The unique id of the api key in the format of "apikey:". // This field will be populated when the consumer passed to Service Control // is an API key and all the API key related validations are successful. string api_key_uid = 5; } // `ConsumerInfo` provides information about the consumer. message ConsumerInfo { // The type of the consumer as defined in // [Google Resource Manager](https://cloud.google.com/resource-manager/). enum ConsumerType { // This is never used. CONSUMER_TYPE_UNSPECIFIED = 0; // The consumer is a Google Cloud Project. PROJECT = 1; // The consumer is a Google Cloud Folder. FOLDER = 2; // The consumer is a Google Cloud Organization. ORGANIZATION = 3; // Service-specific resource container which is defined by the service // producer to offer their users the ability to manage service control // functionalities at a finer level of granularity than the PROJECT. SERVICE_SPECIFIC = 4; } // The Google cloud project number, e.g. 1234567890. A value of 0 indicates // no project number is found. // // NOTE: This field is deprecated after we support flexible consumer // id. New code should not depend on this field anymore. int64 project_number = 1; // The type of the consumer which should have been defined in // [Google Resource Manager](https://cloud.google.com/resource-manager/). ConsumerType type = 2; // The consumer identity number, can be Google cloud project number, folder // number or organization number e.g. 1234567890. A value of 0 indicates no // consumer number is found. int64 consumer_number = 3; } // The same operation_id value used in the // [CheckRequest][google.api.servicecontrol.v1.CheckRequest]. Used for logging // and diagnostics purposes. string operation_id = 1; // Indicate the decision of the check. // // If no check errors are present, the service should process the operation. // Otherwise the service should use the list of errors to determine the // appropriate action. repeated CheckError check_errors = 2; // The actual config id used to process the request. string service_config_id = 5; // The current service rollout id used to process the request. string service_rollout_id = 11; // Feedback data returned from the server during processing a Check request. CheckInfo check_info = 6; } // Request message for the Report method. message ReportRequest { // The service name as specified in its service configuration. For example, // `"pubsub.googleapis.com"`. // // See // [google.api.Service](https://cloud.google.com/service-management/reference/rpc/google.api#google.api.Service) // for the definition of a service name. string service_name = 1; // Operations to be reported. // // Typically the service should report one operation per request. // Putting multiple operations into a single request is allowed, but should // be used only when multiple operations are natually available at the time // of the report. // // There is no limit on the number of operations in the same ReportRequest, // however the ReportRequest size should be no larger than 1MB. See // [ReportResponse.report_errors][google.api.servicecontrol.v1.ReportResponse.report_errors] // for partial failure behavior. repeated Operation operations = 2; // Specifies which version of service config should be used to process the // request. // // If unspecified or no matching version can be found, the // latest one will be used. string service_config_id = 3; } // Response message for the Report method. message ReportResponse { // Represents the processing error of one // [Operation][google.api.servicecontrol.v1.Operation] in the request. message ReportError { // The // [Operation.operation_id][google.api.servicecontrol.v1.Operation.operation_id] // value from the request. string operation_id = 1; // Details of the error when processing the // [Operation][google.api.servicecontrol.v1.Operation]. google.rpc.Status status = 2; } // Partial failures, one for each `Operation` in the request that failed // processing. There are three possible combinations of the RPC status: // // 1. The combination of a successful RPC status and an empty `report_errors` // list indicates a complete success where all `Operations` in the // request are processed successfully. // 2. The combination of a successful RPC status and a non-empty // `report_errors` list indicates a partial success where some // `Operations` in the request succeeded. Each // `Operation` that failed processing has a corresponding item // in this list. // 3. A failed RPC status indicates a general non-deterministic failure. // When this happens, it's impossible to know which of the // 'Operations' in the request succeeded or failed. repeated ReportError report_errors = 1; // The actual config id used to process the request. string service_config_id = 2; // The current service rollout id used to process the request. string service_rollout_id = 4; }