// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.resourcemanager.v3; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/iam/v1/iam_policy.proto"; import "google/iam/v1/policy.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/field_mask.proto"; import "google/protobuf/timestamp.proto"; option csharp_namespace = "Google.Cloud.ResourceManager.V3"; option go_package = "google.golang.org/genproto/googleapis/cloud/resourcemanager/v3;resourcemanager"; option java_multiple_files = true; option java_outer_classname = "FoldersProto"; option java_package = "com.google.cloud.resourcemanager.v3"; option php_namespace = "Google\\Cloud\\ResourceManager\\V3"; option ruby_package = "Google::Cloud::ResourceManager::V3"; // Manages Cloud Platform folder resources. // Folders can be used to organize the resources under an // organization and to control the policies applied to groups of resources. service Folders { option (google.api.default_host) = "cloudresourcemanager.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform," "https://www.googleapis.com/auth/cloud-platform.read-only"; // Retrieves a folder identified by the supplied resource name. // Valid folder resource names have the format `folders/{folder_id}` // (for example, `folders/1234`). // The caller must have `resourcemanager.folders.get` permission on the // identified folder. rpc GetFolder(GetFolderRequest) returns (Folder) { option (google.api.http) = { get: "/v3/{name=folders/*}" }; option (google.api.method_signature) = "name"; } // Lists the folders that are direct descendants of supplied parent resource. // `list()` provides a strongly consistent view of the folders underneath // the specified parent resource. // `list()` returns folders sorted based upon the (ascending) lexical ordering // of their display_name. // The caller must have `resourcemanager.folders.list` permission on the // identified parent. rpc ListFolders(ListFoldersRequest) returns (ListFoldersResponse) { option (google.api.http) = { get: "/v3/folders" }; option (google.api.method_signature) = "parent"; } // Search for folders that match specific filter criteria. // `search()` provides an eventually consistent view of the folders a user has // access to which meet the specified filter criteria. // // This will only return folders on which the caller has the // permission `resourcemanager.folders.get`. rpc SearchFolders(SearchFoldersRequest) returns (SearchFoldersResponse) { option (google.api.http) = { get: "/v3/folders:search" }; option (google.api.method_signature) = "query"; } // Creates a folder in the resource hierarchy. // Returns an `Operation` which can be used to track the progress of the // folder creation workflow. // Upon success, the `Operation.response` field will be populated with the // created Folder. // // In order to succeed, the addition of this new folder must not violate // the folder naming, height, or fanout constraints. // // + The folder's `display_name` must be distinct from all other folders that // share its parent. // + The addition of the folder must not cause the active folder hierarchy // to exceed a height of 10. Note, the full active + deleted folder hierarchy // is allowed to reach a height of 20; this provides additional headroom when // moving folders that contain deleted folders. // + The addition of the folder must not cause the total number of folders // under its parent to exceed 300. // // If the operation fails due to a folder constraint violation, some errors // may be returned by the `CreateFolder` request, with status code // `FAILED_PRECONDITION` and an error description. Other folder constraint // violations will be communicated in the `Operation`, with the specific // `PreconditionFailure` returned in the details list in the `Operation.error` // field. // // The caller must have `resourcemanager.folders.create` permission on the // identified parent. rpc CreateFolder(CreateFolderRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v3/folders" body: "folder" }; option (google.api.method_signature) = "folder"; option (google.longrunning.operation_info) = { response_type: "Folder" metadata_type: "CreateFolderMetadata" }; } // Updates a folder, changing its `display_name`. // Changes to the folder `display_name` will be rejected if they violate // either the `display_name` formatting rules or the naming constraints // described in the [CreateFolder][google.cloud.resourcemanager.v3.Folders.CreateFolder] documentation. // // The folder's `display_name` must start and end with a letter or digit, // may contain letters, digits, spaces, hyphens and underscores and can be // between 3 and 30 characters. This is captured by the regular expression: // `[\p{L}\p{N}][\p{L}\p{N}_- ]{1,28}[\p{L}\p{N}]`. // The caller must have `resourcemanager.folders.update` permission on the // identified folder. // // If the update fails due to the unique name constraint then a // `PreconditionFailure` explaining this violation will be returned // in the Status.details field. rpc UpdateFolder(UpdateFolderRequest) returns (google.longrunning.Operation) { option (google.api.http) = { patch: "/v3/{folder.name=folders/*}" body: "folder" }; option (google.api.method_signature) = "folder,update_mask"; option (google.longrunning.operation_info) = { response_type: "Folder" metadata_type: "UpdateFolderMetadata" }; } // Moves a folder under a new resource parent. // Returns an `Operation` which can be used to track the progress of the // folder move workflow. // Upon success, the `Operation.response` field will be populated with the // moved folder. // Upon failure, a `FolderOperationError` categorizing the failure cause will // be returned - if the failure occurs synchronously then the // `FolderOperationError` will be returned in the `Status.details` field. // If it occurs asynchronously, then the FolderOperation will be returned // in the `Operation.error` field. // In addition, the `Operation.metadata` field will be populated with a // `FolderOperation` message as an aid to stateless clients. // Folder moves will be rejected if they violate either the naming, height, // or fanout constraints described in the // [CreateFolder][google.cloud.resourcemanager.v3.Folders.CreateFolder] documentation. // The caller must have `resourcemanager.folders.move` permission on the // folder's current and proposed new parent. rpc MoveFolder(MoveFolderRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v3/{name=folders/*}:move" body: "*" }; option (google.api.method_signature) = "name,destination_parent"; option (google.longrunning.operation_info) = { response_type: "Folder" metadata_type: "MoveFolderMetadata" }; } // Requests deletion of a folder. The folder is moved into the // [DELETE_REQUESTED][google.cloud.resourcemanager.v3.Folder.State.DELETE_REQUESTED] state // immediately, and is deleted approximately 30 days later. This method may // only be called on an empty folder, where a folder is empty if it doesn't // contain any folders or projects in the [ACTIVE][google.cloud.resourcemanager.v3.Folder.State.ACTIVE] state. // If called on a folder in [DELETE_REQUESTED][google.cloud.resourcemanager.v3.Folder.State.DELETE_REQUESTED] // state the operation will result in a no-op success. // The caller must have `resourcemanager.folders.delete` permission on the // identified folder. rpc DeleteFolder(DeleteFolderRequest) returns (google.longrunning.Operation) { option (google.api.http) = { delete: "/v3/{name=folders/*}" }; option (google.api.method_signature) = "name"; option (google.longrunning.operation_info) = { response_type: "Folder" metadata_type: "DeleteFolderMetadata" }; } // Cancels the deletion request for a folder. This method may be called on a // folder in any state. If the folder is in the [ACTIVE][google.cloud.resourcemanager.v3.Folder.State.ACTIVE] // state the result will be a no-op success. In order to succeed, the folder's // parent must be in the [ACTIVE][google.cloud.resourcemanager.v3.Folder.State.ACTIVE] state. In addition, // reintroducing the folder into the tree must not violate folder naming, // height, and fanout constraints described in the // [CreateFolder][google.cloud.resourcemanager.v3.Folders.CreateFolder] documentation. // The caller must have `resourcemanager.folders.undelete` permission on the // identified folder. rpc UndeleteFolder(UndeleteFolderRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v3/{name=folders/*}:undelete" body: "*" }; option (google.api.method_signature) = "name"; option (google.longrunning.operation_info) = { response_type: "Folder" metadata_type: "UndeleteFolderMetadata" }; } // Gets the access control policy for a folder. The returned policy may be // empty if no such policy or resource exists. The `resource` field should // be the folder's resource name, for example: "folders/1234". // The caller must have `resourcemanager.folders.getIamPolicy` permission // on the identified folder. rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v3/{resource=folders/*}:getIamPolicy" body: "*" }; option (google.api.method_signature) = "resource"; } // Sets the access control policy on a folder, replacing any existing policy. // The `resource` field should be the folder's resource name, for example: // "folders/1234". // The caller must have `resourcemanager.folders.setIamPolicy` permission // on the identified folder. rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v3/{resource=folders/*}:setIamPolicy" body: "*" }; option (google.api.method_signature) = "resource,policy"; } // Returns permissions that a caller has on the specified folder. // The `resource` field should be the folder's resource name, // for example: "folders/1234". // // There are no permissions required for making this API call. rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { option (google.api.http) = { post: "/v3/{resource=folders/*}:testIamPermissions" body: "*" }; option (google.api.method_signature) = "resource,permissions"; } } // A folder in an organization's resource hierarchy, used to // organize that organization's resources. message Folder { option (google.api.resource) = { type: "cloudresourcemanager.googleapis.com/Folder" pattern: "folders/{folder}" style: DECLARATIVE_FRIENDLY }; // Folder lifecycle states. enum State { // Unspecified state. STATE_UNSPECIFIED = 0; // The normal and active state. ACTIVE = 1; // The folder has been marked for deletion by the user. DELETE_REQUESTED = 2; } // Output only. The resource name of the folder. // Its format is `folders/{folder_id}`, for example: "folders/1234". string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; // Required. The folder's parent's resource name. // Updates to the folder's parent must be performed using // [MoveFolder][google.cloud.resourcemanager.v3.Folders.MoveFolder]. string parent = 2 [(google.api.field_behavior) = REQUIRED]; // The folder's display name. // A folder's display name must be unique amongst its siblings. For example, // no two folders with the same parent can share the same display name. // The display name must start and end with a letter or digit, may contain // letters, digits, spaces, hyphens and underscores and can be no longer // than 30 characters. This is captured by the regular expression: // `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. string display_name = 3; // Output only. The lifecycle state of the folder. // Updates to the state must be performed using // [DeleteFolder][google.cloud.resourcemanager.v3.Folders.DeleteFolder] and // [UndeleteFolder][google.cloud.resourcemanager.v3.Folders.UndeleteFolder]. State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Timestamp when the folder was created. google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Timestamp when the folder was last modified. google.protobuf.Timestamp update_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Timestamp when the folder was requested to be deleted. google.protobuf.Timestamp delete_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. A checksum computed by the server based on the current value of the folder // resource. This may be sent on update and delete requests to ensure the // client has an up-to-date value before proceeding. string etag = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; } // The GetFolder request message. message GetFolderRequest { // Required. The resource name of the folder to retrieve. // Must be of the form `folders/{folder_id}`. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "cloudresourcemanager.googleapis.com/Folder" } ]; } // The ListFolders request message. message ListFoldersRequest { // Required. The resource name of the organization or folder whose folders are // being listed. // Must be of the form `folders/{folder_id}` or `organizations/{org_id}`. // Access to this method is controlled by checking the // `resourcemanager.folders.list` permission on the `parent`. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { child_type: "*" } ]; // Optional. The maximum number of folders to return in the response. // If unspecified, server picks an appropriate default. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. A pagination token returned from a previous call to `ListFolders` // that indicates where this listing should continue from. string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; // Optional. Controls whether folders in the // [DELETE_REQUESTED][google.cloud.resourcemanager.v3.Folder.State.DELETE_REQUESTED] // state should be returned. Defaults to false. bool show_deleted = 4 [(google.api.field_behavior) = OPTIONAL]; } // The ListFolders response message. message ListFoldersResponse { // A possibly paginated list of folders that are direct descendants of // the specified parent resource. repeated Folder folders = 1; // A pagination token returned from a previous call to `ListFolders` // that indicates from where listing should continue. string next_page_token = 2; } // The request message for searching folders. message SearchFoldersRequest { // Optional. The maximum number of folders to return in the response. // If unspecified, server picks an appropriate default. int32 page_size = 1 [(google.api.field_behavior) = OPTIONAL]; // Optional. A pagination token returned from a previous call to `SearchFolders` // that indicates from where search should continue. string page_token = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. Search criteria used to select the folders to return. // If no search criteria is specified then all accessible folders will be // returned. // // Query expressions can be used to restrict results based upon displayName, // state and parent, where the operators `=` (`:`) `NOT`, `AND` and `OR` // can be used along with the suffix wildcard symbol `*`. // // The `displayName` field in a query expression should use escaped quotes // for values that include whitespace to prevent unexpected behavior. // // | Field | Description | // |-------------------------|----------------------------------------| // | displayName | Filters by displayName. | // | parent | Filters by parent (for example: folders/123). | // | state, lifecycleState | Filters by state. | // // Some example queries are: // // * Query `displayName=Test*` returns Folder resources whose display name // starts with "Test". // * Query `state=ACTIVE` returns Folder resources with // `state` set to `ACTIVE`. // * Query `parent=folders/123` returns Folder resources that have // `folders/123` as a parent resource. // * Query `parent=folders/123 AND state=ACTIVE` returns active // Folder resources that have `folders/123` as a parent resource. // * Query `displayName=\\"Test String\\"` returns Folder resources with // display names that include both "Test" and "String". string query = 3 [(google.api.field_behavior) = OPTIONAL]; } // The response message for searching folders. message SearchFoldersResponse { // A possibly paginated folder search results. // the specified parent resource. repeated Folder folders = 1; // A pagination token returned from a previous call to `SearchFolders` // that indicates from where searching should continue. string next_page_token = 2; } // The CreateFolder request message. message CreateFolderRequest { // Required. The folder being created, only the display name and parent will be // consulted. All other fields will be ignored. Folder folder = 2 [(google.api.field_behavior) = REQUIRED]; } // Metadata pertaining to the Folder creation process. message CreateFolderMetadata { // The display name of the folder. string display_name = 1; // The resource name of the folder or organization we are creating the folder // under. string parent = 2; } // The request sent to the // [UpdateFolder][google.cloud.resourcemanager.v3.Folder.UpdateFolder] // method. // // Only the `display_name` field can be changed. All other fields will be // ignored. Use the // [MoveFolder][google.cloud.resourcemanager.v3.Folders.MoveFolder] method to // change the `parent` field. message UpdateFolderRequest { // Required. The new definition of the Folder. It must include the `name` field, which // cannot be changed. Folder folder = 1 [(google.api.field_behavior) = REQUIRED]; // Required. Fields to be updated. // Only the `display_name` can be updated. google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; } // A status object which is used as the `metadata` field for the Operation // returned by UpdateFolder. message UpdateFolderMetadata { } // The MoveFolder request message. message MoveFolderRequest { // Required. The resource name of the Folder to move. // Must be of the form folders/{folder_id} string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "cloudresourcemanager.googleapis.com/Folder" } ]; // Required. The resource name of the folder or organization which should be the // folder's new parent. // Must be of the form `folders/{folder_id}` or `organizations/{org_id}`. string destination_parent = 2 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { child_type: "*" } ]; } // Metadata pertaining to the folder move process. message MoveFolderMetadata { // The display name of the folder. string display_name = 1; // The resource name of the folder's parent. string source_parent = 2; // The resource name of the folder or organization to move the folder to. string destination_parent = 3; } // The DeleteFolder request message. message DeleteFolderRequest { // Required. The resource name of the folder to be deleted. // Must be of the form `folders/{folder_id}`. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "cloudresourcemanager.googleapis.com/Folder" } ]; } // A status object which is used as the `metadata` field for the `Operation` // returned by `DeleteFolder`. message DeleteFolderMetadata { } // The UndeleteFolder request message. message UndeleteFolderRequest { // Required. The resource name of the folder to undelete. // Must be of the form `folders/{folder_id}`. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "cloudresourcemanager.googleapis.com/Folder" } ]; } // A status object which is used as the `metadata` field for the `Operation` // returned by `UndeleteFolder`. message UndeleteFolderMetadata { }