1// Copyright 2020 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.api;
18
19import "google/protobuf/descriptor.proto";
20
21option cc_enable_arenas = true;
22option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
23option java_multiple_files = true;
24option java_outer_classname = "ResourceProto";
25option java_package = "com.google.api";
26option objc_class_prefix = "GAPI";
27
28extend google.protobuf.FieldOptions {
29  // An annotation that describes a resource reference, see
30  // [ResourceReference][].
31  google.api.ResourceReference resource_reference = 1055;
32}
33
34extend google.protobuf.FileOptions {
35  // An annotation that describes a resource definition without a corresponding
36  // message; see [ResourceDescriptor][].
37  repeated google.api.ResourceDescriptor resource_definition = 1053;
38}
39
40extend google.protobuf.MessageOptions {
41  // An annotation that describes a resource definition, see
42  // [ResourceDescriptor][].
43  google.api.ResourceDescriptor resource = 1053;
44}
45
46// A simple descriptor of a resource type.
47//
48// ResourceDescriptor annotates a resource message (either by means of a
49// protobuf annotation or use in the service config), and associates the
50// resource's schema, the resource type, and the pattern of the resource name.
51//
52// Example:
53//
54//     message Topic {
55//       // Indicates this message defines a resource schema.
56//       // Declares the resource type in the format of {service}/{kind}.
57//       // For Kubernetes resources, the format is {api group}/{kind}.
58//       option (google.api.resource) = {
59//         type: "pubsub.googleapis.com/Topic"
60//         name_descriptor: {
61//           pattern: "projects/{project}/topics/{topic}"
62//           parent_type: "cloudresourcemanager.googleapis.com/Project"
63//           parent_name_extractor: "projects/{project}"
64//         }
65//       };
66//     }
67//
68// The ResourceDescriptor Yaml config will look like:
69//
70//     resources:
71//     - type: "pubsub.googleapis.com/Topic"
72//       name_descriptor:
73//         - pattern: "projects/{project}/topics/{topic}"
74//           parent_type: "cloudresourcemanager.googleapis.com/Project"
75//           parent_name_extractor: "projects/{project}"
76//
77// Sometimes, resources have multiple patterns, typically because they can
78// live under multiple parents.
79//
80// Example:
81//
82//     message LogEntry {
83//       option (google.api.resource) = {
84//         type: "logging.googleapis.com/LogEntry"
85//         name_descriptor: {
86//           pattern: "projects/{project}/logs/{log}"
87//           parent_type: "cloudresourcemanager.googleapis.com/Project"
88//           parent_name_extractor: "projects/{project}"
89//         }
90//         name_descriptor: {
91//           pattern: "folders/{folder}/logs/{log}"
92//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
93//           parent_name_extractor: "folders/{folder}"
94//         }
95//         name_descriptor: {
96//           pattern: "organizations/{organization}/logs/{log}"
97//           parent_type: "cloudresourcemanager.googleapis.com/Organization"
98//           parent_name_extractor: "organizations/{organization}"
99//         }
100//         name_descriptor: {
101//           pattern: "billingAccounts/{billing_account}/logs/{log}"
102//           parent_type: "billing.googleapis.com/BillingAccount"
103//           parent_name_extractor: "billingAccounts/{billing_account}"
104//         }
105//       };
106//     }
107//
108// The ResourceDescriptor Yaml config will look like:
109//
110//     resources:
111//     - type: 'logging.googleapis.com/LogEntry'
112//       name_descriptor:
113//         - pattern: "projects/{project}/logs/{log}"
114//           parent_type: "cloudresourcemanager.googleapis.com/Project"
115//           parent_name_extractor: "projects/{project}"
116//         - pattern: "folders/{folder}/logs/{log}"
117//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
118//           parent_name_extractor: "folders/{folder}"
119//         - pattern: "organizations/{organization}/logs/{log}"
120//           parent_type: "cloudresourcemanager.googleapis.com/Organization"
121//           parent_name_extractor: "organizations/{organization}"
122//         - pattern: "billingAccounts/{billing_account}/logs/{log}"
123//           parent_type: "billing.googleapis.com/BillingAccount"
124//           parent_name_extractor: "billingAccounts/{billing_account}"
125//
126// For flexible resources, the resource name doesn't contain parent names, but
127// the resource itself has parents for policy evaluation.
128//
129// Example:
130//
131//     message Shelf {
132//       option (google.api.resource) = {
133//         type: "library.googleapis.com/Shelf"
134//         name_descriptor: {
135//           pattern: "shelves/{shelf}"
136//           parent_type: "cloudresourcemanager.googleapis.com/Project"
137//         }
138//         name_descriptor: {
139//           pattern: "shelves/{shelf}"
140//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
141//         }
142//       };
143//     }
144//
145// The ResourceDescriptor Yaml config will look like:
146//
147//     resources:
148//     - type: 'library.googleapis.com/Shelf'
149//       name_descriptor:
150//         - pattern: "shelves/{shelf}"
151//           parent_type: "cloudresourcemanager.googleapis.com/Project"
152//         - pattern: "shelves/{shelf}"
153//           parent_type: "cloudresourcemanager.googleapis.com/Folder"
154message ResourceDescriptor {
155  // A description of the historical or future-looking state of the
156  // resource pattern.
157  enum History {
158    // The "unset" value.
159    HISTORY_UNSPECIFIED = 0;
160
161    // The resource originally had one pattern and launched as such, and
162    // additional patterns were added later.
163    ORIGINALLY_SINGLE_PATTERN = 1;
164
165    // The resource has one pattern, but the API owner expects to add more
166    // later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
167    // that from being necessary once there are multiple patterns.)
168    FUTURE_MULTI_PATTERN = 2;
169  }
170
171  // A flag representing a specific style that a resource claims to conform to.
172  enum Style {
173    // The unspecified value. Do not use.
174    STYLE_UNSPECIFIED = 0;
175
176    // This resource is intended to be "declarative-friendly".
177    //
178    // Declarative-friendly resources must be more strictly consistent, and
179    // setting this to true communicates to tools that this resource should
180    // adhere to declarative-friendly expectations.
181    //
182    // Note: This is used by the API linter (linter.aip.dev) to enable
183    // additional checks.
184    DECLARATIVE_FRIENDLY = 1;
185  }
186
187  // The resource type. It must be in the format of
188  // {service_name}/{resource_type_kind}. The `resource_type_kind` must be
189  // singular and must not include version numbers.
190  //
191  // Example: `storage.googleapis.com/Bucket`
192  //
193  // The value of the resource_type_kind must follow the regular expression
194  // /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
195  // should use PascalCase (UpperCamelCase). The maximum number of
196  // characters allowed for the `resource_type_kind` is 100.
197  string type = 1;
198
199  // Optional. The relative resource name pattern associated with this resource
200  // type. The DNS prefix of the full resource name shouldn't be specified here.
201  //
202  // The path pattern must follow the syntax, which aligns with HTTP binding
203  // syntax:
204  //
205  //     Template = Segment { "/" Segment } ;
206  //     Segment = LITERAL | Variable ;
207  //     Variable = "{" LITERAL "}" ;
208  //
209  // Examples:
210  //
211  //     - "projects/{project}/topics/{topic}"
212  //     - "projects/{project}/knowledgeBases/{knowledge_base}"
213  //
214  // The components in braces correspond to the IDs for each resource in the
215  // hierarchy. It is expected that, if multiple patterns are provided,
216  // the same component name (e.g. "project") refers to IDs of the same
217  // type of resource.
218  repeated string pattern = 2;
219
220  // Optional. The field on the resource that designates the resource name
221  // field. If omitted, this is assumed to be "name".
222  string name_field = 3;
223
224  // Optional. The historical or future-looking state of the resource pattern.
225  //
226  // Example:
227  //
228  //     // The InspectTemplate message originally only supported resource
229  //     // names with organization, and project was added later.
230  //     message InspectTemplate {
231  //       option (google.api.resource) = {
232  //         type: "dlp.googleapis.com/InspectTemplate"
233  //         pattern:
234  //         "organizations/{organization}/inspectTemplates/{inspect_template}"
235  //         pattern: "projects/{project}/inspectTemplates/{inspect_template}"
236  //         history: ORIGINALLY_SINGLE_PATTERN
237  //       };
238  //     }
239  History history = 4;
240
241  // The plural name used in the resource name and permission names, such as
242  // 'projects' for the resource name of 'projects/{project}' and the permission
243  // name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
244  // concept of the `plural` field in k8s CRD spec
245  // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
246  //
247  // Note: The plural form is required even for singleton resources. See
248  // https://aip.dev/156
249  string plural = 5;
250
251  // The same concept of the `singular` field in k8s CRD spec
252  // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
253  // Such as "project" for the `resourcemanager.googleapis.com/Project` type.
254  string singular = 6;
255
256  // Style flag(s) for this resource.
257  // These indicate that a resource is expected to conform to a given
258  // style. See the specific style flags for additional information.
259  repeated Style style = 10;
260}
261
262// Defines a proto annotation that describes a string field that refers to
263// an API resource.
264message ResourceReference {
265  // The resource type that the annotated field references.
266  //
267  // Example:
268  //
269  //     message Subscription {
270  //       string topic = 2 [(google.api.resource_reference) = {
271  //         type: "pubsub.googleapis.com/Topic"
272  //       }];
273  //     }
274  //
275  // Occasionally, a field may reference an arbitrary resource. In this case,
276  // APIs use the special value * in their resource reference.
277  //
278  // Example:
279  //
280  //     message GetIamPolicyRequest {
281  //       string resource = 2 [(google.api.resource_reference) = {
282  //         type: "*"
283  //       }];
284  //     }
285  string type = 1;
286
287  // The resource type of a child collection that the annotated field
288  // references. This is useful for annotating the `parent` field that
289  // doesn't have a fixed resource type.
290  //
291  // Example:
292  //
293  //     message ListLogEntriesRequest {
294  //       string parent = 1 [(google.api.resource_reference) = {
295  //         child_type: "logging.googleapis.com/LogEntry"
296  //       };
297  //     }
298  string child_type = 2;
299}
300