From b558909b0355e5878e4785b76105735e2ca25422 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Fri, 4 Jun 2021 09:18:08 -0700 Subject: [PATCH] feat: Add the `principal` field to the ServiceAccountDelegationInfo proto (#183) This PR was generated using Autosynth. :rainbow: Synth log will be available here: https://source.cloud.google.com/results/invocations/db4319f5-d189-4b36-9003-96a47c22b0bf/targets - [ ] To automatically regenerate this PR, check this box. (May take up to 24 hours.) PiperOrigin-RevId: 377318673 Source-Link: https://github.com/googleapis/googleapis/commit/ba89dace27923254d96ab8339b831dc996e2112f docs: modify some field level comments with new details and examples --- .../java/com/google/cloud/audit/AuditLog.java | 129 ++++++----- .../google/cloud/audit/AuditLogOrBuilder.java | 35 +-- .../com/google/cloud/audit/AuditLogProto.java | 73 +++--- .../cloud/audit/AuthenticationInfo.java | 56 +++-- .../audit/AuthenticationInfoOrBuilder.java | 16 +- .../google/cloud/audit/AuthorizationInfo.java | 35 ++- .../audit/AuthorizationInfoOrBuilder.java | 10 +- .../audit/ServiceAccountDelegationInfo.java | 217 +++++++++++++++++- ...ServiceAccountDelegationInfoOrBuilder.java | 35 +++ .../proto/google/cloud/audit/audit_log.proto | 37 ++- synth.metadata | 5 +- 11 files changed, 486 insertions(+), 162 deletions(-) diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java index d2e768c3..06421079 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java @@ -288,7 +288,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * * 
    * The name of the API service performing the operation. For example,
-   * `"datastore.googleapis.com"`.
+   * `"compute.googleapis.com"`.
    *
* * string service_name = 7; @@ -312,7 +312,7 @@ public java.lang.String getServiceName() { * * 
    * The name of the API service performing the operation. For example,
-   * `"datastore.googleapis.com"`.
+   * `"compute.googleapis.com"`.
    *
* * string service_name = 7; @@ -341,8 +341,8 @@ public com.google.protobuf.ByteString getServiceNameBytes() { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -368,8 +368,8 @@ public java.lang.String getMethodName() { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -398,8 +398,8 @@ public com.google.protobuf.ByteString getMethodNameBytes() { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -425,8 +425,8 @@ public java.lang.String getResourceName() { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -978,16 +978,17 @@ public com.google.protobuf.StructOrBuilder getMetadataOrBuilder() { * * * 
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; * * @return Whether the serviceData field is set. */ @java.lang.Override + @java.lang.Deprecated public boolean hasServiceData() { return serviceData_ != null; } @@ -995,16 +996,17 @@ public boolean hasServiceData() { * * * 
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; * * @return The serviceData. */ @java.lang.Override + @java.lang.Deprecated public com.google.protobuf.Any getServiceData() { return serviceData_ == null ? com.google.protobuf.Any.getDefaultInstance() : serviceData_; } @@ -1012,14 +1014,15 @@ public com.google.protobuf.Any getServiceData() { * * * 
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ @java.lang.Override + @java.lang.Deprecated public com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder() { return getServiceData(); } @@ -1701,7 +1704,7 @@ public Builder mergeFrom( * * 
      * The name of the API service performing the operation. For example,
-     * `"datastore.googleapis.com"`.
+     * `"compute.googleapis.com"`.
      *
* * string service_name = 7; @@ -1724,7 +1727,7 @@ public java.lang.String getServiceName() { * * 
      * The name of the API service performing the operation. For example,
-     * `"datastore.googleapis.com"`.
+     * `"compute.googleapis.com"`.
      *
* * string service_name = 7; @@ -1747,7 +1750,7 @@ public com.google.protobuf.ByteString getServiceNameBytes() { * * 
      * The name of the API service performing the operation. For example,
-     * `"datastore.googleapis.com"`.
+     * `"compute.googleapis.com"`.
      *
* * string service_name = 7; @@ -1769,7 +1772,7 @@ public Builder setServiceName(java.lang.String value) { * * 
      * The name of the API service performing the operation. For example,
-     * `"datastore.googleapis.com"`.
+     * `"compute.googleapis.com"`.
      *
* * string service_name = 7; @@ -1787,7 +1790,7 @@ public Builder clearServiceName() { * * 
      * The name of the API service performing the operation. For example,
-     * `"datastore.googleapis.com"`.
+     * `"compute.googleapis.com"`.
      *
* * string service_name = 7; @@ -1814,8 +1817,8 @@ public Builder setServiceNameBytes(com.google.protobuf.ByteString value) { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -1840,8 +1843,8 @@ public java.lang.String getMethodName() { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -1866,8 +1869,8 @@ public com.google.protobuf.ByteString getMethodNameBytes() { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -1891,8 +1894,8 @@ public Builder setMethodName(java.lang.String value) { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -1912,8 +1915,8 @@ public Builder clearMethodName() { * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -1940,8 +1943,8 @@ public Builder setMethodNameBytes(com.google.protobuf.ByteString value) { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -1966,8 +1969,8 @@ public java.lang.String getResourceName() { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -1992,8 +1995,8 @@ public com.google.protobuf.ByteString getResourceNameBytes() { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -2017,8 +2020,8 @@ public Builder setResourceName(java.lang.String value) { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -2038,8 +2041,8 @@ public Builder clearResourceName() { * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -4120,15 +4123,16 @@ public com.google.protobuf.StructOrBuilder getMetadataOrBuilder() { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; * * @return Whether the serviceData field is set. */ + @java.lang.Deprecated public boolean hasServiceData() { return serviceDataBuilder_ != null || serviceData_ != null; } @@ -4136,15 +4140,16 @@ public boolean hasServiceData() { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; * * @return The serviceData. */ + @java.lang.Deprecated public com.google.protobuf.Any getServiceData() { if (serviceDataBuilder_ == null) { return serviceData_ == null ? com.google.protobuf.Any.getDefaultInstance() : serviceData_; @@ -4156,13 +4161,14 @@ public com.google.protobuf.Any getServiceData() { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated public Builder setServiceData(com.google.protobuf.Any value) { if (serviceDataBuilder_ == null) { if (value == null) { @@ -4180,13 +4186,14 @@ public Builder setServiceData(com.google.protobuf.Any value) { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated public Builder setServiceData(com.google.protobuf.Any.Builder builderForValue) { if (serviceDataBuilder_ == null) { serviceData_ = builderForValue.build(); @@ -4201,13 +4208,14 @@ public Builder setServiceData(com.google.protobuf.Any.Builder builderForValue) { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated public Builder mergeServiceData(com.google.protobuf.Any value) { if (serviceDataBuilder_ == null) { if (serviceData_ != null) { @@ -4227,13 +4235,14 @@ public Builder mergeServiceData(com.google.protobuf.Any value) { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated public Builder clearServiceData() { if (serviceDataBuilder_ == null) { serviceData_ = null; @@ -4249,13 +4258,14 @@ public Builder clearServiceData() { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated public com.google.protobuf.Any.Builder getServiceDataBuilder() { onChanged(); @@ -4265,13 +4275,14 @@ public com.google.protobuf.Any.Builder getServiceDataBuilder() { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated public com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder() { if (serviceDataBuilder_ != null) { return serviceDataBuilder_.getMessageOrBuilder(); @@ -4283,12 +4294,12 @@ public com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder() { * * * 
-     * Deprecated, use `metadata` field instead.
+     * Deprecated. Use the `metadata` field instead.
      * Other service-specific data about the request, response, and other
      * activities.
      *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ private com.google.protobuf.SingleFieldBuilderV3< com.google.protobuf.Any, diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java index a23e114c..29df867a 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java @@ -28,7 +28,7 @@ public interface AuditLogOrBuilder * * 
    * The name of the API service performing the operation. For example,
-   * `"datastore.googleapis.com"`.
+   * `"compute.googleapis.com"`.
    *
* * string service_name = 7; @@ -41,7 +41,7 @@ public interface AuditLogOrBuilder * * 
    * The name of the API service performing the operation. For example,
-   * `"datastore.googleapis.com"`.
+   * `"compute.googleapis.com"`.
    *
* * string service_name = 7; @@ -57,8 +57,8 @@ public interface AuditLogOrBuilder * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -73,8 +73,8 @@ public interface AuditLogOrBuilder * The name of the service method or operation. * For API calls, this should be the name of the API method. * For example, - * "google.datastore.v1.Datastore.RunQuery" - * "google.logging.v1.LoggingService.DeleteLog" + * "google.cloud.bigquery.v2.TableService.InsertTable" + * "google.logging.v2.ConfigServiceV2.CreateSink" * * * string method_name = 8; @@ -90,8 +90,8 @@ public interface AuditLogOrBuilder * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -106,8 +106,8 @@ public interface AuditLogOrBuilder * The resource or collection that is the target of the operation. * The name is a scheme-less URI, not including the API service name. * For example: - * "shelves/SHELF_ID/books" - * "shelves/SHELF_ID/books/BOOK_ID" + * "projects/PROJECT_ID/zones/us-central1-a/instances" + * "projects/PROJECT_ID/datasets/DATASET_ID" * * * string resource_name = 11; @@ -527,40 +527,43 @@ public interface AuditLogOrBuilder * * * 
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; * * @return Whether the serviceData field is set. */ + @java.lang.Deprecated boolean hasServiceData(); /** * * * 
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; * * @return The serviceData. */ + @java.lang.Deprecated com.google.protobuf.Any getServiceData(); /** * * * 
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    *
* - * .google.protobuf.Any service_data = 15; + * .google.protobuf.Any service_data = 15 [deprecated = true]; */ + @java.lang.Deprecated com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder(); } diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java index ac3d7eff..3bea60db 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java @@ -72,7 +72,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { + "ogle.cloud.audit\032\031google/protobuf/any.pr" + "oto\032\034google/protobuf/struct.proto\032*googl" + "e/rpc/context/attribute_context.proto\032\027g" - + "oogle/rpc/status.proto\"\372\004\n\010AuditLog\022\024\n\014s" + + "oogle/rpc/status.proto\"\376\004\n\010AuditLog\022\024\n\014s" + "ervice_name\030\007 \001(\t\022\023\n\013method_name\030\010 \001(\t\022\025" + "\n\rresource_name\030\013 \001(\t\022?\n\021resource_locati" + "on\030\024 \001(\0132$.google.cloud.audit.ResourceLo" @@ -87,40 +87,41 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { + "etadata\022(\n\007request\030\020 \001(\0132\027.google.protob" + "uf.Struct\022)\n\010response\030\021 \001(\0132\027.google.pro" + "tobuf.Struct\022)\n\010metadata\030\022 \001(\0132\027.google." - + "protobuf.Struct\022*\n\014service_data\030\017 \001(\0132\024." - + "google.protobuf.Any\"\231\002\n\022AuthenticationIn" - + "fo\022\027\n\017principal_email\030\001 \001(\t\022\032\n\022authority" - + "_selector\030\002 \001(\t\0226\n\025third_party_principal" - + "\030\004 \001(\0132\027.google.protobuf.Struct\022 \n\030servi" - + "ce_account_key_name\030\005 \001(\t\022Y\n\037service_acc" - + "ount_delegation_info\030\006 \003(\01320.google.clou" - + "d.audit.ServiceAccountDelegationInfo\022\031\n\021" - + "principal_subject\030\010 \001(\t\"\226\001\n\021Authorizatio" - + "nInfo\022\020\n\010resource\030\001 \001(\t\022\022\n\npermission\030\002 " - + "\001(\t\022\017\n\007granted\030\003 \001(\010\022J\n\023resource_attribu" - + "tes\030\005 \001(\0132-.google.rpc.context.Attribute" - + "Context.Resource\"\365\001\n\017RequestMetadata\022\021\n\t" - + "caller_ip\030\001 \001(\t\022\"\n\032caller_supplied_user_" - + "agent\030\002 \001(\t\022\026\n\016caller_network\030\003 \001(\t\022H\n\022r" - + "equest_attributes\030\007 \001(\0132,.google.rpc.con" - + "text.AttributeContext.Request\022I\n\026destina" - + "tion_attributes\030\010 \001(\0132).google.rpc.conte" - + "xt.AttributeContext.Peer\"I\n\020ResourceLoca" - + "tion\022\031\n\021current_locations\030\001 \003(\t\022\032\n\022origi" - + "nal_locations\030\002 \003(\t\"\250\003\n\034ServiceAccountDe" - + "legationInfo\022e\n\025first_party_principal\030\001 " - + "\001(\0132D.google.cloud.audit.ServiceAccountD" - + "elegationInfo.FirstPartyPrincipalH\000\022e\n\025t" - + "hird_party_principal\030\002 \001(\0132D.google.clou" - + "d.audit.ServiceAccountDelegationInfo.Thi" - + "rdPartyPrincipalH\000\032a\n\023FirstPartyPrincipa" - + "l\022\027\n\017principal_email\030\001 \001(\t\0221\n\020service_me" - + "tadata\030\002 \001(\0132\027.google.protobuf.Struct\032J\n" - + "\023ThirdPartyPrincipal\0223\n\022third_party_clai" - + "ms\030\001 \001(\0132\027.google.protobuf.StructB\013\n\tAut" - + "horityBe\n\026com.google.cloud.auditB\rAuditL" - + "ogProtoP\001Z7google.golang.org/genproto/go" - + "ogleapis/cloud/audit;audit\370\001\001b\006proto3" + + "protobuf.Struct\022.\n\014service_data\030\017 \001(\0132\024." + + "google.protobuf.AnyB\002\030\001\"\231\002\n\022Authenticati" + + "onInfo\022\027\n\017principal_email\030\001 \001(\t\022\032\n\022autho" + + "rity_selector\030\002 \001(\t\0226\n\025third_party_princ" + + "ipal\030\004 \001(\0132\027.google.protobuf.Struct\022 \n\030s" + + "ervice_account_key_name\030\005 \001(\t\022Y\n\037service" + + "_account_delegation_info\030\006 \003(\01320.google." + + "cloud.audit.ServiceAccountDelegationInfo" + + "\022\031\n\021principal_subject\030\010 \001(\t\"\226\001\n\021Authoriz" + + "ationInfo\022\020\n\010resource\030\001 \001(\t\022\022\n\npermissio" + + "n\030\002 \001(\t\022\017\n\007granted\030\003 \001(\010\022J\n\023resource_att" + + "ributes\030\005 \001(\0132-.google.rpc.context.Attri" + + "buteContext.Resource\"\365\001\n\017RequestMetadata" + + "\022\021\n\tcaller_ip\030\001 \001(\t\022\"\n\032caller_supplied_u" + + "ser_agent\030\002 \001(\t\022\026\n\016caller_network\030\003 \001(\t\022" + + "H\n\022request_attributes\030\007 \001(\0132,.google.rpc" + + ".context.AttributeContext.Request\022I\n\026des" + + "tination_attributes\030\010 \001(\0132).google.rpc.c" + + "ontext.AttributeContext.Peer\"I\n\020Resource" + + "Location\022\031\n\021current_locations\030\001 \003(\t\022\032\n\022o" + + "riginal_locations\030\002 \003(\t\"\303\003\n\034ServiceAccou" + + "ntDelegationInfo\022\031\n\021principal_subject\030\003 " + + "\001(\t\022e\n\025first_party_principal\030\001 \001(\0132D.goo" + + "gle.cloud.audit.ServiceAccountDelegation" + + "Info.FirstPartyPrincipalH\000\022e\n\025third_part" + + "y_principal\030\002 \001(\0132D.google.cloud.audit.S" + + "erviceAccountDelegationInfo.ThirdPartyPr" + + "incipalH\000\032a\n\023FirstPartyPrincipal\022\027\n\017prin" + + "cipal_email\030\001 \001(\t\0221\n\020service_metadata\030\002 " + + "\001(\0132\027.google.protobuf.Struct\032J\n\023ThirdPar" + + "tyPrincipal\0223\n\022third_party_claims\030\001 \001(\0132" + + "\027.google.protobuf.StructB\013\n\tAuthorityBe\n" + + "\026com.google.cloud.auditB\rAuditLogProtoP\001" + + "Z7google.golang.org/genproto/googleapis/" + + "cloud/audit;audit\370\001\001b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom( @@ -199,7 +200,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( internal_static_google_cloud_audit_ServiceAccountDelegationInfo_descriptor, new java.lang.String[] { - "FirstPartyPrincipal", "ThirdPartyPrincipal", "Authority", + "PrincipalSubject", "FirstPartyPrincipal", "ThirdPartyPrincipal", "Authority", }); internal_static_google_cloud_audit_ServiceAccountDelegationInfo_FirstPartyPrincipal_descriptor = internal_static_google_cloud_audit_ServiceAccountDelegationInfo_descriptor diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java index 8bef65de..63489c2c 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java @@ -176,9 +176,11 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * * 
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    *
* * string principal_email = 1; @@ -202,9 +204,11 @@ public java.lang.String getPrincipalEmail() { * * 
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    *
* * string principal_email = 1; @@ -1002,9 +1006,11 @@ public Builder mergeFrom( * * 
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      *
* * string principal_email = 1; @@ -1027,9 +1033,11 @@ public java.lang.String getPrincipalEmail() { * * 
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      *
* * string principal_email = 1; @@ -1052,9 +1060,11 @@ public com.google.protobuf.ByteString getPrincipalEmailBytes() { * * 
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      *
* * string principal_email = 1; @@ -1076,9 +1086,11 @@ public Builder setPrincipalEmail(java.lang.String value) { * * 
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      *
* * string principal_email = 1; @@ -1096,9 +1108,11 @@ public Builder clearPrincipalEmail() { * * 
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      *
* * string principal_email = 1; diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java index 756a8bab..d00cee31 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java @@ -28,9 +28,11 @@ public interface AuthenticationInfoOrBuilder * * 
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    *
* * string principal_email = 1; @@ -43,9 +45,11 @@ public interface AuthenticationInfoOrBuilder * * 
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    *
* * string principal_email = 1; diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java index 49723116..bca5b604 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java @@ -146,8 +146,11 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * * * 
-   * The resource being accessed, as a REST-style string. For example:
+   * The resource being accessed, as a REST-style or cloud resource string.
+   * For example:
    *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+   * or
+   *     projects/PROJECTID/datasets/DATASETID
    *
* * string resource = 1; @@ -170,8 +173,11 @@ public java.lang.String getResource() { * * * 
-   * The resource being accessed, as a REST-style string. For example:
+   * The resource being accessed, as a REST-style or cloud resource string.
+   * For example:
    *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+   * or
+   *     projects/PROJECTID/datasets/DATASETID
    *
* * string resource = 1; @@ -699,8 +705,11 @@ public Builder mergeFrom( * * * 
-     * The resource being accessed, as a REST-style string. For example:
+     * The resource being accessed, as a REST-style or cloud resource string.
+     * For example:
      *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+     * or
+     *     projects/PROJECTID/datasets/DATASETID
      *
* * string resource = 1; @@ -722,8 +731,11 @@ public java.lang.String getResource() { * * * 
-     * The resource being accessed, as a REST-style string. For example:
+     * The resource being accessed, as a REST-style or cloud resource string.
+     * For example:
      *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+     * or
+     *     projects/PROJECTID/datasets/DATASETID
      *
* * string resource = 1; @@ -745,8 +757,11 @@ public com.google.protobuf.ByteString getResourceBytes() { * * * 
-     * The resource being accessed, as a REST-style string. For example:
+     * The resource being accessed, as a REST-style or cloud resource string.
+     * For example:
      *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+     * or
+     *     projects/PROJECTID/datasets/DATASETID
      *
* * string resource = 1; @@ -767,8 +782,11 @@ public Builder setResource(java.lang.String value) { * * * 
-     * The resource being accessed, as a REST-style string. For example:
+     * The resource being accessed, as a REST-style or cloud resource string.
+     * For example:
      *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+     * or
+     *     projects/PROJECTID/datasets/DATASETID
      *
* * string resource = 1; @@ -785,8 +803,11 @@ public Builder clearResource() { * * * 
-     * The resource being accessed, as a REST-style string. For example:
+     * The resource being accessed, as a REST-style or cloud resource string.
+     * For example:
      *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+     * or
+     *     projects/PROJECTID/datasets/DATASETID
      *
* * string resource = 1; diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java index 716f91c7..fe0764ec 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java @@ -27,8 +27,11 @@ public interface AuthorizationInfoOrBuilder * * * 
-   * The resource being accessed, as a REST-style string. For example:
+   * The resource being accessed, as a REST-style or cloud resource string.
+   * For example:
    *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+   * or
+   *     projects/PROJECTID/datasets/DATASETID
    *
* * string resource = 1; @@ -40,8 +43,11 @@ public interface AuthorizationInfoOrBuilder * * * 
-   * The resource being accessed, as a REST-style string. For example:
+   * The resource being accessed, as a REST-style or cloud resource string.
+   * For example:
    *     bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+   * or
+   *     projects/PROJECTID/datasets/DATASETID
    *
* * string resource = 1; diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java index e86395d9..dabd99af 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java @@ -37,7 +37,9 @@ private ServiceAccountDelegationInfo(com.google.protobuf.GeneratedMessageV3.Buil super(builder); } - private ServiceAccountDelegationInfo() {} + private ServiceAccountDelegationInfo() { + principalSubject_ = ""; + } @java.lang.Override @SuppressWarnings({"unused"}) @@ -116,6 +118,13 @@ private ServiceAccountDelegationInfo( authorityCase_ = 2; break; } + case 26: + { + java.lang.String s = input.readStringRequireUtf8(); + + principalSubject_ = s; + break; + } default: { if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) { @@ -1958,6 +1967,65 @@ public AuthorityCase getAuthorityCase() { return AuthorityCase.forNumber(authorityCase_); } + public static final int PRINCIPAL_SUBJECT_FIELD_NUMBER = 3; + private volatile java.lang.Object principalSubject_; + /** + * + * + * 
+   * A string representing the principal_subject associated with the identity.
+   * For most identities, the format will be
+   * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+   * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+   * that are still in the legacy format `serviceAccount:{identity pool
+   * name}[{subject}]`
+   *
+ * + * string principal_subject = 3; + * + * @return The principalSubject. + */ + @java.lang.Override + public java.lang.String getPrincipalSubject() { + java.lang.Object ref = principalSubject_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + principalSubject_ = s; + return s; + } + } + /** + * + * + * 
+   * A string representing the principal_subject associated with the identity.
+   * For most identities, the format will be
+   * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+   * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+   * that are still in the legacy format `serviceAccount:{identity pool
+   * name}[{subject}]`
+   *
+ * + * string principal_subject = 3; + * + * @return The bytes for principalSubject. + */ + @java.lang.Override + public com.google.protobuf.ByteString getPrincipalSubjectBytes() { + java.lang.Object ref = principalSubject_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref); + principalSubject_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + public static final int FIRST_PARTY_PRINCIPAL_FIELD_NUMBER = 1; /** * @@ -2102,6 +2170,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io output.writeMessage( 2, (com.google.cloud.audit.ServiceAccountDelegationInfo.ThirdPartyPrincipal) authority_); } + if (!getPrincipalSubjectBytes().isEmpty()) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 3, principalSubject_); + } unknownFields.writeTo(output); } @@ -2123,6 +2194,9 @@ public int getSerializedSize() { 2, (com.google.cloud.audit.ServiceAccountDelegationInfo.ThirdPartyPrincipal) authority_); } + if (!getPrincipalSubjectBytes().isEmpty()) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, principalSubject_); + } size += unknownFields.getSerializedSize(); memoizedSize = size; return size; @@ -2139,6 +2213,7 @@ public boolean equals(final java.lang.Object obj) { com.google.cloud.audit.ServiceAccountDelegationInfo other = (com.google.cloud.audit.ServiceAccountDelegationInfo) obj; + if (!getPrincipalSubject().equals(other.getPrincipalSubject())) return false; if (!getAuthorityCase().equals(other.getAuthorityCase())) return false; switch (authorityCase_) { case 1: @@ -2161,6 +2236,8 @@ public int hashCode() { } int hash = 41; hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + PRINCIPAL_SUBJECT_FIELD_NUMBER; + hash = (53 * hash) + getPrincipalSubject().hashCode(); switch (authorityCase_) { case 1: hash = (37 * hash) + FIRST_PARTY_PRINCIPAL_FIELD_NUMBER; @@ -2318,6 +2395,8 @@ private void maybeForceBuilderInitialization() { @java.lang.Override public Builder clear() { super.clear(); + principalSubject_ = ""; + authorityCase_ = 0; authority_ = null; return this; @@ -2347,6 +2426,7 @@ public com.google.cloud.audit.ServiceAccountDelegationInfo build() { public com.google.cloud.audit.ServiceAccountDelegationInfo buildPartial() { com.google.cloud.audit.ServiceAccountDelegationInfo result = new com.google.cloud.audit.ServiceAccountDelegationInfo(this); + result.principalSubject_ = principalSubject_; if (authorityCase_ == 1) { if (firstPartyPrincipalBuilder_ == null) { result.authority_ = authority_; @@ -2412,6 +2492,10 @@ public Builder mergeFrom(com.google.protobuf.Message other) { public Builder mergeFrom(com.google.cloud.audit.ServiceAccountDelegationInfo other) { if (other == com.google.cloud.audit.ServiceAccountDelegationInfo.getDefaultInstance()) return this; + if (!other.getPrincipalSubject().isEmpty()) { + principalSubject_ = other.principalSubject_; + onChanged(); + } switch (other.getAuthorityCase()) { case FIRST_PARTY_PRINCIPAL: { @@ -2472,6 +2556,137 @@ public Builder clearAuthority() { return this; } + private java.lang.Object principalSubject_ = ""; + /** + * + * + * 
+     * A string representing the principal_subject associated with the identity.
+     * For most identities, the format will be
+     * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+     * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+     * that are still in the legacy format `serviceAccount:{identity pool
+     * name}[{subject}]`
+     *
+ * + * string principal_subject = 3; + * + * @return The principalSubject. + */ + public java.lang.String getPrincipalSubject() { + java.lang.Object ref = principalSubject_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + principalSubject_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * + * + * 
+     * A string representing the principal_subject associated with the identity.
+     * For most identities, the format will be
+     * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+     * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+     * that are still in the legacy format `serviceAccount:{identity pool
+     * name}[{subject}]`
+     *
+ * + * string principal_subject = 3; + * + * @return The bytes for principalSubject. + */ + public com.google.protobuf.ByteString getPrincipalSubjectBytes() { + java.lang.Object ref = principalSubject_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref); + principalSubject_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * + * + * 
+     * A string representing the principal_subject associated with the identity.
+     * For most identities, the format will be
+     * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+     * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+     * that are still in the legacy format `serviceAccount:{identity pool
+     * name}[{subject}]`
+     *
+ * + * string principal_subject = 3; + * + * @param value The principalSubject to set. + * @return This builder for chaining. + */ + public Builder setPrincipalSubject(java.lang.String value) { + if (value == null) { + throw new NullPointerException(); + } + + principalSubject_ = value; + onChanged(); + return this; + } + /** + * + * + * 
+     * A string representing the principal_subject associated with the identity.
+     * For most identities, the format will be
+     * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+     * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+     * that are still in the legacy format `serviceAccount:{identity pool
+     * name}[{subject}]`
+     *
+ * + * string principal_subject = 3; + * + * @return This builder for chaining. + */ + public Builder clearPrincipalSubject() { + + principalSubject_ = getDefaultInstance().getPrincipalSubject(); + onChanged(); + return this; + } + /** + * + * + * 
+     * A string representing the principal_subject associated with the identity.
+     * For most identities, the format will be
+     * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+     * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+     * that are still in the legacy format `serviceAccount:{identity pool
+     * name}[{subject}]`
+     *
+ * + * string principal_subject = 3; + * + * @param value The bytes for principalSubject to set. + * @return This builder for chaining. + */ + public Builder setPrincipalSubjectBytes(com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + checkByteStringIsUtf8(value); + + principalSubject_ = value; + onChanged(); + return this; + } + private com.google.protobuf.SingleFieldBuilderV3< com.google.cloud.audit.ServiceAccountDelegationInfo.FirstPartyPrincipal, com.google.cloud.audit.ServiceAccountDelegationInfo.FirstPartyPrincipal.Builder, diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java index d7d6d5f6..6dd5b65c 100644 --- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java +++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java @@ -23,6 +23,41 @@ public interface ServiceAccountDelegationInfoOrBuilder // @@protoc_insertion_point(interface_extends:google.cloud.audit.ServiceAccountDelegationInfo) com.google.protobuf.MessageOrBuilder { + /** + * + * + * 
+   * A string representing the principal_subject associated with the identity.
+   * For most identities, the format will be
+   * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+   * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+   * that are still in the legacy format `serviceAccount:{identity pool
+   * name}[{subject}]`
+   *
+ * + * string principal_subject = 3; + * + * @return The principalSubject. + */ + java.lang.String getPrincipalSubject(); + /** + * + * + * 
+   * A string representing the principal_subject associated with the identity.
+   * For most identities, the format will be
+   * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+   * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+   * that are still in the legacy format `serviceAccount:{identity pool
+   * name}[{subject}]`
+   *
+ * + * string principal_subject = 3; + * + * @return The bytes for principalSubject. + */ + com.google.protobuf.ByteString getPrincipalSubjectBytes(); + /** * * diff --git a/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto b/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto index 66ea0214..33d50083 100644 --- a/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto +++ b/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto @@ -1,4 +1,4 @@ -// Copyright 2020 Google LLC +// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -30,23 +30,23 @@ option java_package = "com.google.cloud.audit"; // Common audit log format for Google Cloud Platform API operations. message AuditLog { // The name of the API service performing the operation. For example, - // `"datastore.googleapis.com"`. + // `"compute.googleapis.com"`. string service_name = 7; // The name of the service method or operation. // For API calls, this should be the name of the API method. // For example, // - // "google.datastore.v1.Datastore.RunQuery" - // "google.logging.v1.LoggingService.DeleteLog" + // "google.cloud.bigquery.v2.TableService.InsertTable" + // "google.logging.v2.ConfigServiceV2.CreateSink" string method_name = 8; // The resource or collection that is the target of the operation. // The name is a scheme-less URI, not including the API service name. // For example: // - // "shelves/SHELF_ID/books" - // "shelves/SHELF_ID/books/BOOK_ID" + // "projects/PROJECT_ID/zones/us-central1-a/instances" + // "projects/PROJECT_ID/datasets/DATASET_ID" string resource_name = 11; // The resource location information. @@ -99,18 +99,20 @@ message AuditLog { // information associated with the current audited event. google.protobuf.Struct metadata = 18; - // Deprecated, use `metadata` field instead. + // Deprecated. Use the `metadata` field instead. // Other service-specific data about the request, response, and other // activities. - google.protobuf.Any service_data = 15; + google.protobuf.Any service_data = 15 [deprecated = true]; } // Authentication information for the operation. message AuthenticationInfo { // The email address of the authenticated user (or service account on behalf - // of third party principal) making the request. For privacy reasons, the - // principal email address is redacted for all read-only operations that fail - // with a "permission denied" error. + // of third party principal) making the request. For third party identity + // callers, the `principal_subject` field is populated instead of this field. + // For privacy reasons, the principal email address is sometimes redacted. + // For more information, see + // https://cloud.google.com/logging/docs/audit#user-id. string principal_email = 1; // The authority selector specified by the requestor, if any. @@ -144,9 +146,12 @@ message AuthenticationInfo { // Authorization information for the operation. message AuthorizationInfo { - // The resource being accessed, as a REST-style string. For example: + // The resource being accessed, as a REST-style or cloud resource string. + // For example: // // bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID + // or + // projects/PROJECTID/datasets/DATASETID string resource = 1; // The required IAM permission. @@ -258,6 +263,14 @@ message ServiceAccountDelegationInfo { google.protobuf.Struct third_party_claims = 1; } + // A string representing the principal_subject associated with the identity. + // For most identities, the format will be + // `principal://iam.googleapis.com/{identity pool name}/subject/{subject)` + // except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) + // that are still in the legacy format `serviceAccount:{identity pool + // name}[{subject}]` + string principal_subject = 3; + // Entity that creates credentials for service account and assumes its // identity for authentication. oneof Authority { diff --git a/synth.metadata b/synth.metadata index 75e43977..50e52a8b 100644 --- a/synth.metadata +++ b/synth.metadata @@ -4,14 +4,15 @@ "git": { "name": ".", "remote": "https://github.com/googleapis/java-common-protos.git", - "sha": "9821b8114ad809bdf017935e3371801b2dfa0d4d" + "sha": "2807c8c5459e59d148d1501e39930be7992b06ca" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "95e75e5c62bbb54110428e9cc4ebb9aa2508df91" + "sha": "ba89dace27923254d96ab8339b831dc996e2112f", + "internalRef": "377318673" } }, {