// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.storage.v1; import "google/protobuf/timestamp.proto"; import "google/protobuf/wrappers.proto"; option go_package = "google.golang.org/genproto/googleapis/storage/v1;storage"; option java_multiple_files = true; option java_outer_classname = "CloudStorageResourcesProto"; option java_package = "com.google.storage.v1"; // A bucket. message Bucket { // Billing properties of a bucket. message Billing { // When set to true, Requester Pays is enabled for this bucket. bool requester_pays = 1; } // Cross-Origin Response sharing (CORS) properties for a bucket. // For more on GCS and CORS, see // https://cloud.google.com/storage/docs/cross-origin. // For more on CORS in general, see https://tools.ietf.org/html/rfc6454. message Cors { // The list of Origins eligible to receive CORS response headers. See // [https://tools.ietf.org/html/rfc6454][RFC 6454] for more on origins. // Note: "*" is permitted in the list of origins, and means "any Origin". repeated string origin = 1; // The list of HTTP methods on which to include CORS response headers, // (`GET`, `OPTIONS`, `POST`, etc) Note: "*" is permitted in the list of // methods, and means "any method". repeated string method = 2; // The list of HTTP headers other than the // [https://www.w3.org/TR/cors/#simple-response-header][simple response // headers] to give permission for the user-agent to share across domains. repeated string response_header = 3; // The value, in seconds, to return in the // [https://www.w3.org/TR/cors/#access-control-max-age-response-header][Access-Control-Max-Age // header] used in preflight responses. int32 max_age_seconds = 4; } // Encryption properties of a bucket. message Encryption { // A Cloud KMS key that will be used to encrypt objects inserted into this // bucket, if no encryption method is specified. string default_kms_key_name = 1; } // Bucket restriction options currently enforced on the bucket. message IamConfiguration { message UniformBucketLevelAccess { // If set, access checks only use bucket-level IAM policies or above. bool enabled = 1; // The deadline time for changing // iamConfiguration.uniformBucketLevelAccess.enabled from // true to false in [https://tools.ietf.org/html/rfc3339][RFC 3339]. After // the deadline is passed the field is immutable. google.protobuf.Timestamp locked_time = 2; } // Public Access Prevention configuration values. enum PublicAccessPrevention { // No specified PublicAccessPrevention. PUBLIC_ACCESS_PREVENTION_UNSPECIFIED = 0; // Prevents access from being granted to public members 'allUsers' and // 'allAuthenticatedUsers'. Prevents attempts to grant new access to // public members. ENFORCED = 1; // This setting is inherited from Org Policy. Does not prevent access from // being granted to public members 'allUsers' or 'allAuthenticatedUsers'. INHERITED = 2; } UniformBucketLevelAccess uniform_bucket_level_access = 1; // Whether IAM will enforce public access prevention. PublicAccessPrevention public_access_prevention = 2; } // Lifecycle properties of a bucket. // For more information, see https://cloud.google.com/storage/docs/lifecycle. message Lifecycle { // A lifecycle Rule, combining an action to take on an object and a // condition which will trigger that action. message Rule { // An action to take on an object. message Action { // Type of the action. Currently, only `Delete`, `SetStorageClass`, and // `AbortIncompleteMultipartUpload` are supported. string type = 1; // Target storage class. Required iff the type of the action is // SetStorageClass. string storage_class = 2; } // A condition of an object which triggers some action. message Condition { // Age of an object (in days). This condition is satisfied when an // object reaches the specified age. int32 age = 1; // A date in [RFC 3339][1] format with only the date part (for // instance, "2013-01-15"). This condition is satisfied when an // object is created before midnight of the specified date in UTC. // [1]: https://tools.ietf.org/html/rfc3339 google.protobuf.Timestamp created_before = 2; // Relevant only for versioned objects. If the value is // `true`, this condition matches live objects; if the value // is `false`, it matches archived objects. google.protobuf.BoolValue is_live = 3; // Relevant only for versioned objects. If the value is N, this // condition is satisfied when there are at least N versions (including // the live version) newer than this version of the object. int32 num_newer_versions = 4; // Objects having any of the storage classes specified by this condition // will be matched. Values include `MULTI_REGIONAL`, `REGIONAL`, // `NEARLINE`, `COLDLINE`, `STANDARD`, and // `DURABLE_REDUCED_AVAILABILITY`. repeated string matches_storage_class = 5; // A regular expression that satisfies the RE2 syntax. This condition is // satisfied when the name of the object matches the RE2 pattern. Note: // This feature is currently in the "Early Access" launch stage and is // only available to an allowlisted set of users; that means that this // feature may be changed in backward-incompatible ways and that it is // not guaranteed to be released. string matches_pattern = 6; // Number of days that has elapsed since the custom timestamp set on an // object. int32 days_since_custom_time = 7; // An object matches this condition if the custom timestamp set on the // object is before this timestamp. google.protobuf.Timestamp custom_time_before = 8; // This condition is relevant only for versioned objects. An object // version satisfies this condition only if these many days have been // passed since it became noncurrent. The value of the field must be a // nonnegative integer. If it's zero, the object version will become // eligible for Lifecycle action as soon as it becomes noncurrent. int32 days_since_noncurrent_time = 9; // This condition is relevant only for versioned objects. An object // version satisfies this condition only if it became noncurrent before // the specified timestamp. google.protobuf.Timestamp noncurrent_time_before = 10; // List of object name prefixes. If any prefix exactly matches the // beginning of the object name, the condition evaluates to true. repeated string matches_prefix = 11; // List of object name suffixes. If any suffix exactly matches the // end of the object name, the condition evaluates to true. repeated string matches_suffix = 12; } // The action to take. Action action = 1; // The condition(s) under which the action will be taken. Condition condition = 2; } // A lifecycle management rule, which is made of an action to take and the // condition(s) under which the action will be taken. repeated Rule rule = 1; } // Logging-related properties of a bucket. message Logging { // The destination bucket where the current bucket's logs should be placed. string log_bucket = 1; // A prefix for log object names. string log_object_prefix = 2; } // Retention policy properties of a bucket. message RetentionPolicy { // Server-determined value that indicates the time from which policy was // enforced and effective. This value is in // [https://tools.ietf.org/html/rfc3339][RFC 3339] format. google.protobuf.Timestamp effective_time = 1; // Once locked, an object retention policy cannot be modified. bool is_locked = 2; // The duration in seconds that objects need to be retained. Retention // duration must be greater than zero and less than 100 years. Note that // enforcement of retention periods less than a day is not guaranteed. Such // periods should only be used for testing purposes. int64 retention_period = 3; } // Properties of a bucket related to versioning. // For more on GCS versioning, see // https://cloud.google.com/storage/docs/object-versioning. message Versioning { // While set to true, versioning is fully enabled for this bucket. bool enabled = 1; } // Properties of a bucket related to accessing the contents as a static // website. For more on hosting a static website via GCS, see // https://cloud.google.com/storage/docs/hosting-static-website. message Website { // If the requested object path is missing, the service will ensure the path // has a trailing '/', append this suffix, and attempt to retrieve the // resulting object. This allows the creation of `index.html` // objects to represent directory pages. string main_page_suffix = 1; // If the requested object path is missing, and any // `mainPageSuffix` object is missing, if applicable, the service // will return the named object from this bucket as the content for a // [https://tools.ietf.org/html/rfc7231#section-6.5.4][404 Not Found] // result. string not_found_page = 2; } // Configuration for a bucket's Autoclass feature. message Autoclass { // Enables Autoclass. bool enabled = 1; // Latest instant at which the `enabled` bit was flipped. google.protobuf.Timestamp toggle_time = 2; } // Access controls on the bucket. repeated BucketAccessControl acl = 1; // Default access controls to apply to new objects when no ACL is provided. repeated ObjectAccessControl default_object_acl = 2; // The bucket's lifecycle configuration. See // [https://developers.google.com/storage/docs/lifecycle]Lifecycle Management] // for more information. Lifecycle lifecycle = 3; // The creation time of the bucket in // [https://tools.ietf.org/html/rfc3339][RFC 3339] format. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. google.protobuf.Timestamp time_created = 4; // The ID of the bucket. For buckets, the `id` and `name` properties are the // same. // Attempting to update this field after the bucket is created will result in // a [FieldViolation][google.rpc.BadRequest.FieldViolation]. string id = 5; // The name of the bucket. // Attempting to update this field after the bucket is created will result in // an error. string name = 6; // The project number of the project the bucket belongs to. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. int64 project_number = 7; // The metadata generation of this bucket. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. int64 metageneration = 8; // The bucket's [https://www.w3.org/TR/cors/][Cross-Origin Resource Sharing] // (CORS) configuration. repeated Cors cors = 9; // The location of the bucket. Object data for objects in the bucket resides // in physical storage within this region. Defaults to `US`. See the // [https://developers.google.com/storage/docs/concepts-techniques#specifyinglocations"][developer's // guide] for the authoritative list. Attempting to update this field after // the bucket is created will result in an error. string location = 10; // The bucket's default storage class, used whenever no storageClass is // specified for a newly-created object. This defines how objects in the // bucket are stored and determines the SLA and the cost of storage. // If this value is not specified when the bucket is created, it will default // to `STANDARD`. For more information, see // https://developers.google.com/storage/docs/storage-classes. string storage_class = 11; // HTTP 1.1 [https://tools.ietf.org/html/rfc7232#section-2.3"]Entity tag] // for the bucket. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. string etag = 12; // The modification time of the bucket. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. google.protobuf.Timestamp updated = 13; // The default value for event-based hold on newly created objects in this // bucket. Event-based hold is a way to retain objects indefinitely until an // event occurs, signified by the // hold's release. After being released, such objects will be subject to // bucket-level retention (if any). One sample use case of this flag is for // banks to hold loan documents for at least 3 years after loan is paid in // full. Here, bucket-level retention is 3 years and the event is loan being // paid in full. In this example, these objects will be held intact for any // number of years until the event has occurred (event-based hold on the // object is released) and then 3 more years after that. That means retention // duration of the objects begins from the moment event-based hold // transitioned from true to false. Objects under event-based hold cannot be // deleted, overwritten or archived until the hold is removed. bool default_event_based_hold = 14; // User-provided labels, in key/value pairs. map labels = 15; // The bucket's website configuration, controlling how the service behaves // when accessing bucket contents as a web site. See the // [https://cloud.google.com/storage/docs/static-website][Static Website // Examples] for more information. Website website = 16; // The bucket's versioning configuration. Versioning versioning = 17; // The bucket's logging configuration, which defines the destination bucket // and optional name prefix for the current bucket's logs. Logging logging = 18; // The owner of the bucket. This is always the project team's owner group. Owner owner = 19; // Encryption configuration for a bucket. Encryption encryption = 20; // The bucket's billing configuration. Billing billing = 21; // The bucket's retention policy. The retention policy enforces a minimum // retention time for all objects contained in the bucket, based on their // creation time. Any attempt to overwrite or delete objects younger than the // retention period will result in a PERMISSION_DENIED error. An unlocked // retention policy can be modified or removed from the bucket via a // storage.buckets.update operation. A locked retention policy cannot be // removed or shortened in duration for the lifetime of the bucket. // Attempting to remove or decrease period of a locked retention policy will // result in a PERMISSION_DENIED error. RetentionPolicy retention_policy = 22; // The location type of the bucket (region, dual-region, multi-region, etc). string location_type = 23; // The bucket's IAM configuration. IamConfiguration iam_configuration = 24; // The zone or zones from which the bucket is intended to use zonal quota. // Requests for data from outside the specified affinities are still allowed // but won't be able to use zonal quota. The values are case-insensitive. // Attempting to update this field after bucket is created will result in an // error. repeated string zone_affinity = 25 [deprecated = true]; // Reserved for future use. bool satisfies_pzs = 26; // The bucket's autoclass configuration. If there is no configuration, the // Autoclass feature will be disabled and have no effect on the bucket. Autoclass autoclass = 28; } // An access-control entry. message BucketAccessControl { // The access permission for the entity. string role = 1; // HTTP 1.1 ["https://tools.ietf.org/html/rfc7232#section-2.3][Entity tag] // for the access-control entry. string etag = 2; // The ID of the access-control entry. string id = 3; // The name of the bucket. string bucket = 4; // The entity holding the permission, in one of the following forms: // * `user-{userid}` // * `user-{email}` // * `group-{groupid}` // * `group-{email}` // * `domain-{domain}` // * `project-{team-projectid}` // * `allUsers` // * `allAuthenticatedUsers` // Examples: // * The user `liz@example.com` would be `user-liz@example.com`. // * The group `example@googlegroups.com` would be // `group-example@googlegroups.com` // * All members of the Google Apps for Business domain `example.com` would be // `domain-example.com` string entity = 6; // The ID for the entity, if any. string entity_id = 7; // The email address associated with the entity, if any. string email = 8; // The domain associated with the entity, if any. string domain = 9; // The project team associated with the entity, if any. ProjectTeam project_team = 10; } // The response to a call to BucketAccessControls.ListBucketAccessControls. message ListBucketAccessControlsResponse { // The list of items. repeated BucketAccessControl items = 1; } // The result of a call to Buckets.ListBuckets message ListBucketsResponse { // The list of items. repeated Bucket items = 1; // The continuation token, used to page through large result sets. Provide // this value in a subsequent request to return the next page of results. string next_page_token = 2; } // An notification channel used to watch for resource changes. message Channel { // A UUID or similar unique string that identifies this channel. string id = 1; // An opaque ID that identifies the resource being watched on this channel. // Stable across different API versions. string resource_id = 2; // A version-specific identifier for the watched resource. string resource_uri = 3; // An arbitrary string delivered to the target address with each notification // delivered over this channel. Optional. string token = 4; // Date and time of notification channel expiration. Optional. google.protobuf.Timestamp expiration = 5; // The type of delivery mechanism used for this channel. string type = 6; // The address where notifications are delivered for this channel. string address = 7; // Additional parameters controlling delivery channel behavior. Optional. map params = 8; // A Boolean value to indicate whether payload is wanted. Optional. bool payload = 9; } // The result of a call to Channels.ListChannels message ListChannelsResponse { message Items { // User-specified name for a channel. Needed to unsubscribe. string channel_id = 1; // Opaque value generated by GCS representing a bucket. Needed to // unsubscribe. string resource_id = 2; // Url used to identify where notifications are sent to. string push_url = 3; // Email address of the subscriber. string subscriber_email = 4; // Time when the channel was created. google.protobuf.Timestamp creation_time = 5; } // The list of notification channels for a bucket. repeated Items items = 1; } // Message used to convey content being read or written, along with its // checksum. message ChecksummedData { // The data. bytes content = 1; // CRC32C digest of the contents. google.protobuf.UInt32Value crc32c = 2; } // Message used for storing full (not subrange) object checksums. message ObjectChecksums { // CRC32C digest of the object data. Computed by the GCS service for // all written objects, and validated by the GCS service against // client-supplied values if present in an InsertObjectRequest. google.protobuf.UInt32Value crc32c = 1; // Hex-encoded MD5 hash of the object data (hexdigest). Whether/how this // checksum is provided and validated is service-dependent. string md5_hash = 2; } // A collection of enums used in multiple places throughout the API. message CommonEnums { // A set of properties to return in a response. enum Projection { // No specified projection. PROJECTION_UNSPECIFIED = 0; // Omit `owner`, `acl`, and `defaultObjectAcl` properties. NO_ACL = 1; // Include all properties. FULL = 2; } // Predefined or "canned" aliases for sets of specific bucket ACL entries. enum PredefinedBucketAcl { // No predefined ACL. PREDEFINED_BUCKET_ACL_UNSPECIFIED = 0; // Project team owners get `OWNER` access, and // `allAuthenticatedUsers` get `READER` access. BUCKET_ACL_AUTHENTICATED_READ = 1; // Project team owners get `OWNER` access. BUCKET_ACL_PRIVATE = 2; // Project team members get access according to their roles. BUCKET_ACL_PROJECT_PRIVATE = 3; // Project team owners get `OWNER` access, and // `allUsers` get `READER` access. BUCKET_ACL_PUBLIC_READ = 4; // Project team owners get `OWNER` access, and // `allUsers` get `WRITER` access. BUCKET_ACL_PUBLIC_READ_WRITE = 5; } // Predefined or "canned" aliases for sets of specific object ACL entries. enum PredefinedObjectAcl { // No predefined ACL. PREDEFINED_OBJECT_ACL_UNSPECIFIED = 0; // Object owner gets `OWNER` access, and // `allAuthenticatedUsers` get `READER` access. OBJECT_ACL_AUTHENTICATED_READ = 1; // Object owner gets `OWNER` access, and project team owners get // `OWNER` access. OBJECT_ACL_BUCKET_OWNER_FULL_CONTROL = 2; // Object owner gets `OWNER` access, and project team owners get // `READER` access. OBJECT_ACL_BUCKET_OWNER_READ = 3; // Object owner gets `OWNER` access. OBJECT_ACL_PRIVATE = 4; // Object owner gets `OWNER` access, and project team members get // access according to their roles. OBJECT_ACL_PROJECT_PRIVATE = 5; // Object owner gets `OWNER` access, and `allUsers` // get `READER` access. OBJECT_ACL_PUBLIC_READ = 6; } } // Specifies a requested range of bytes to download. message ContentRange { // The starting offset of the object data. int64 start = 1; // The ending offset of the object data. int64 end = 2; // The complete length of the object data. int64 complete_length = 3; } // Hmac Key Metadata, which includes all information other than the secret. message HmacKeyMetadata { // Resource name ID of the key in the format /. string id = 1; // Globally unique id for keys. string access_id = 2; // The project ID that the hmac key is contained in. string project_id = 3; // Email of the service account the key authenticates as. string service_account_email = 4; // State of the key. One of ACTIVE, INACTIVE, or DELETED. string state = 5; // The creation time of the HMAC key in RFC 3339 format. google.protobuf.Timestamp time_created = 6; // The last modification time of the HMAC key metadata in RFC 3339 format. google.protobuf.Timestamp updated = 7; // Tag updated with each key update. string etag = 8; } // A subscription to receive Google PubSub notifications. message Notification { // The Cloud PubSub topic to which this subscription publishes. Formatted as: // '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}' string topic = 1; // If present, only send notifications about listed event types. If empty, // sent notifications for all event types. repeated string event_types = 2; // An optional list of additional attributes to attach to each Cloud PubSub // message published for this notification subscription. map custom_attributes = 3; // HTTP 1.1 [https://tools.ietf.org/html/rfc7232#section-2.3][Entity tag] // for this subscription notification. string etag = 4; // If present, only apply this notification configuration to object names that // begin with this prefix. string object_name_prefix = 5; // The desired content of the Payload. string payload_format = 6; // The ID of the notification. string id = 7; } // The result of a call to Notifications.ListNotifications message ListNotificationsResponse { // The list of items. repeated Notification items = 1; } // An object. message Object { // Describes the customer-specified mechanism used to store the data at rest. message CustomerEncryption { // The encryption algorithm. string encryption_algorithm = 1; // SHA256 hash value of the encryption key. string key_sha256 = 2; } // Content-Encoding of the object data, matching // [https://tools.ietf.org/html/rfc7231#section-3.1.2.2][RFC 7231 §3.1.2.2] string content_encoding = 1; // Content-Disposition of the object data, matching // [https://tools.ietf.org/html/rfc6266][RFC 6266]. string content_disposition = 2; // Cache-Control directive for the object data, matching // [https://tools.ietf.org/html/rfc7234#section-5.2"][RFC 7234 §5.2]. // If omitted, and the object is accessible to all anonymous users, the // default will be `public, max-age=3600`. string cache_control = 3; // Access controls on the object. repeated ObjectAccessControl acl = 4; // Content-Language of the object data, matching // [https://tools.ietf.org/html/rfc7231#section-3.1.3.2][RFC 7231 §3.1.3.2]. string content_language = 5; // The version of the metadata for this object at this generation. Used for // preconditions and for detecting changes in metadata. A metageneration // number is only meaningful in the context of a particular generation of a // particular object. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. int64 metageneration = 6; // The deletion time of the object. Will be returned if and only if this // version of the object has been deleted. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. google.protobuf.Timestamp time_deleted = 7; // Content-Type of the object data, matching // [https://tools.ietf.org/html/rfc7231#section-3.1.1.5][RFC 7231 §3.1.1.5]. // If an object is stored without a Content-Type, it is served as // `application/octet-stream`. string content_type = 8; // Content-Length of the object data in bytes, matching // [https://tools.ietf.org/html/rfc7230#section-3.3.2][RFC 7230 §3.3.2]. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. int64 size = 9; // The creation time of the object. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. google.protobuf.Timestamp time_created = 10; // CRC32c checksum. For more information about using the CRC32c // checksum, see // [https://cloud.google.com/storage/docs/hashes-etags#json-api][Hashes and // ETags: Best Practices]. This is a server determined value and should not be // supplied by the user when sending an Object. The server will ignore any // value provided. Users should instead use the object_checksums field on the // InsertObjectRequest when uploading an object. google.protobuf.UInt32Value crc32c = 11; // Number of underlying components that make up this object. Components are // accumulated by compose operations. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. int32 component_count = 12; // MD5 hash of the data; encoded using base64 as per // [https://tools.ietf.org/html/rfc4648#section-4][RFC 4648 §4]. For more // information about using the MD5 hash, see // [https://cloud.google.com/storage/docs/hashes-etags#json-api][Hashes and // ETags: Best Practices]. This is a server determined value and should not be // supplied by the user when sending an Object. The server will ignore any // value provided. Users should instead use the object_checksums field on the // InsertObjectRequest when uploading an object. string md5_hash = 13; // HTTP 1.1 Entity tag for the object. See // [https://tools.ietf.org/html/rfc7232#section-2.3][RFC 7232 §2.3]. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. string etag = 14; // The modification time of the object metadata. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. google.protobuf.Timestamp updated = 15; // Storage class of the object. string storage_class = 16; // Cloud KMS Key used to encrypt this object, if the object is encrypted by // such a key. string kms_key_name = 17; // The time at which the object's storage class was last changed. When the // object is initially created, it will be set to time_created. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. google.protobuf.Timestamp time_storage_class_updated = 18; // Whether an object is under temporary hold. While this flag is set to true, // the object is protected against deletion and overwrites. A common use case // of this flag is regulatory investigations where objects need to be retained // while the investigation is ongoing. Note that unlike event-based hold, // temporary hold does not impact retention expiration time of an object. bool temporary_hold = 19; // A server-determined value that specifies the earliest time that the // object's retention period expires. This value is in // [https://tools.ietf.org/html/rfc3339][RFC 3339] format. // Note 1: This field is not provided for objects with an active event-based // hold, since retention expiration is unknown until the hold is removed. // Note 2: This value can be provided even when temporary hold is set (so that // the user can reason about policy without having to first unset the // temporary hold). google.protobuf.Timestamp retention_expiration_time = 20; // User-provided metadata, in key/value pairs. map metadata = 21; // Whether an object is under event-based hold. Event-based hold is a way to // retain objects until an event occurs, which is signified by the // hold's release (i.e. this value is set to false). After being released (set // to false), such objects will be subject to bucket-level retention (if any). // One sample use case of this flag is for banks to hold loan documents for at // least 3 years after loan is paid in full. Here, bucket-level retention is 3 // years and the event is the loan being paid in full. In this example, these // objects will be held intact for any number of years until the event has // occurred (event-based hold on the object is released) and then 3 more years // after that. That means retention duration of the objects begins from the // moment event-based hold transitioned from true to false. google.protobuf.BoolValue event_based_hold = 29; // The name of the object. // Attempting to update this field after the object is created will result in // an error. string name = 23; // The ID of the object, including the bucket name, object name, and // generation number. // Attempting to update this field after the object is created will result in // an error. string id = 24; // The name of the bucket containing this object. // Attempting to update this field after the object is created will result in // an error. string bucket = 25; // The content generation of this object. Used for object versioning. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. int64 generation = 26; // The owner of the object. This will always be the uploader of the object. // Attempting to set or update this field will result in a // [FieldViolation][google.rpc.BadRequest.FieldViolation]. Owner owner = 27; // Metadata of customer-supplied encryption key, if the object is encrypted by // such a key. CustomerEncryption customer_encryption = 28; // A user-specified timestamp set on an object. google.protobuf.Timestamp custom_time = 30; } // An access-control entry. message ObjectAccessControl { // The access permission for the entity. string role = 1; // HTTP 1.1 Entity tag for the access-control entry. // See [https://tools.ietf.org/html/rfc7232#section-2.3][RFC 7232 §2.3]. string etag = 2; // The ID of the access-control entry. string id = 3; // The name of the bucket. string bucket = 4; // The name of the object, if applied to an object. string object = 5; // The content generation of the object, if applied to an object. int64 generation = 6; // The entity holding the permission, in one of the following forms: // * `user-{userid}` // * `user-{email}` // * `group-{groupid}` // * `group-{email}` // * `domain-{domain}` // * `project-{team-projectid}` // * `allUsers` // * `allAuthenticatedUsers` // Examples: // * The user `liz@example.com` would be `user-liz@example.com`. // * The group `example@googlegroups.com` would be // `group-example@googlegroups.com`. // * All members of the Google Apps for Business domain `example.com` would be // `domain-example.com`. string entity = 7; // The ID for the entity, if any. string entity_id = 8; // The email address associated with the entity, if any. string email = 9; // The domain associated with the entity, if any. string domain = 10; // The project team associated with the entity, if any. ProjectTeam project_team = 11; } // The result of a call to ObjectAccessControls.ListObjectAccessControls. message ListObjectAccessControlsResponse { // The list of items. repeated ObjectAccessControl items = 1; } // The result of a call to Objects.ListObjects message ListObjectsResponse { // The list of prefixes of objects matching-but-not-listed up to and including // the requested delimiter. repeated string prefixes = 1; // The list of items. repeated Object items = 2; // The continuation token, used to page through large result sets. Provide // this value in a subsequent request to return the next page of results. string next_page_token = 3; } // Represents the Viewers, Editors, or Owners of a given project. message ProjectTeam { // The project number. string project_number = 1; // The team. string team = 2; } // A subscription to receive Google PubSub notifications. message ServiceAccount { // The ID of the notification. string email_address = 1; } // The owner of a specific resource. message Owner { // The entity, in the form `user-`*userId*. string entity = 1; // The ID for the entity. string entity_id = 2; }