feat: Add the principal field to the ServiceAccountDelegationInfo proto

proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java

@@ -28,7 +28,7 @@ public interface AuditLogOrBuilder
    *
    * <pre>
    * The name of the API service performing the operation. For example,
-   * `"datastore.googleapis.com"`.
+   * `"compute.googleapis.com"`.
    * </pre>
    *
    * <code>string service_name = 7;</code>
@@ -41,7 +41,7 @@ public interface AuditLogOrBuilder
    *
    * <pre>
    * The name of the API service performing the operation. For example,
-   * `"datastore.googleapis.com"`.
+   * `"compute.googleapis.com"`.
    * </pre>
    *
    * <code>string service_name = 7;</code>
@@ -57,8 +57,8 @@ public interface AuditLogOrBuilder
    * The name of the service method or operation.
    * For API calls, this should be the name of the API method.
    * For example,
-   *     "google.datastore.v1.Datastore.RunQuery"
-   *     "google.logging.v1.LoggingService.DeleteLog"
+   *     "google.cloud.bigquery.v2.TableService.InsertTable"
+   *     "google.logging.v2.ConfigServiceV2.CreateSink"
    * </pre>
    *
    * <code>string method_name = 8;</code>
@@ -73,8 +73,8 @@ public interface AuditLogOrBuilder
    * The name of the service method or operation.
    * For API calls, this should be the name of the API method.
    * For example,
-   *     "google.datastore.v1.Datastore.RunQuery"
-   *     "google.logging.v1.LoggingService.DeleteLog"
+   *     "google.cloud.bigquery.v2.TableService.InsertTable"
+   *     "google.logging.v2.ConfigServiceV2.CreateSink"
    * </pre>
    *
    * <code>string method_name = 8;</code>
@@ -90,8 +90,8 @@ public interface AuditLogOrBuilder
    * The resource or collection that is the target of the operation.
    * The name is a scheme-less URI, not including the API service name.
    * For example:
-   *     "shelves/SHELF_ID/books"
-   *     "shelves/SHELF_ID/books/BOOK_ID"
+   *     "projects/PROJECT_ID/zones/us-central1-a/instances"
+   *     "projects/PROJECT_ID/datasets/DATASET_ID"
    * </pre>
    *
    * <code>string resource_name = 11;</code>
@@ -106,8 +106,8 @@ public interface AuditLogOrBuilder
    * The resource or collection that is the target of the operation.
    * The name is a scheme-less URI, not including the API service name.
    * For example:
-   *     "shelves/SHELF_ID/books"
-   *     "shelves/SHELF_ID/books/BOOK_ID"
+   *     "projects/PROJECT_ID/zones/us-central1-a/instances"
+   *     "projects/PROJECT_ID/datasets/DATASET_ID"
    * </pre>
    *
    * <code>string resource_name = 11;</code>
@@ -527,40 +527,43 @@ public interface AuditLogOrBuilder
    *
    *
    * <pre>
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    * </pre>
    *
-   * <code>.google.protobuf.Any service_data = 15;</code>
+   * <code>.google.protobuf.Any service_data = 15 [deprecated = true];</code>
    *
    * @return Whether the serviceData field is set.
    */
+  @java.lang.Deprecated
   boolean hasServiceData();
   /**
    *
    *
    * <pre>
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    * </pre>
    *
-   * <code>.google.protobuf.Any service_data = 15;</code>
+   * <code>.google.protobuf.Any service_data = 15 [deprecated = true];</code>
    *
    * @return The serviceData.
    */
+  @java.lang.Deprecated
   com.google.protobuf.Any getServiceData();
   /**
    *
    *
    * <pre>
-   * Deprecated, use `metadata` field instead.
+   * Deprecated. Use the `metadata` field instead.
    * Other service-specific data about the request, response, and other
    * activities.
    * </pre>
    *
-   * <code>.google.protobuf.Any service_data = 15;</code>
+   * <code>.google.protobuf.Any service_data = 15 [deprecated = true];</code>
    */
+  @java.lang.Deprecated
   com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder();
 }

proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java

@@ -72,7 +72,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "ogle.cloud.audit\032\031google/protobuf/any.pr"
           + "oto\032\034google/protobuf/struct.proto\032*googl"
           + "e/rpc/context/attribute_context.proto\032\027g"
-          + "oogle/rpc/status.proto\"\372\004\n\010AuditLog\022\024\n\014s"
+          + "oogle/rpc/status.proto\"\376\004\n\010AuditLog\022\024\n\014s"
           + "ervice_name\030\007 \001(\t\022\023\n\013method_name\030\010 \001(\t\022\025"
           + "\n\rresource_name\030\013 \001(\t\022?\n\021resource_locati"
           + "on\030\024 \001(\0132$.google.cloud.audit.ResourceLo"
@@ -87,40 +87,41 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "etadata\022(\n\007request\030\020 \001(\0132\027.google.protob"
           + "uf.Struct\022)\n\010response\030\021 \001(\0132\027.google.pro"
           + "tobuf.Struct\022)\n\010metadata\030\022 \001(\0132\027.google."
-          + "protobuf.Struct\022*\n\014service_data\030\017 \001(\0132\024."
-          + "google.protobuf.Any\"\231\002\n\022AuthenticationIn"
-          + "fo\022\027\n\017principal_email\030\001 \001(\t\022\032\n\022authority"
-          + "_selector\030\002 \001(\t\0226\n\025third_party_principal"
-          + "\030\004 \001(\0132\027.google.protobuf.Struct\022 \n\030servi"
-          + "ce_account_key_name\030\005 \001(\t\022Y\n\037service_acc"
-          + "ount_delegation_info\030\006 \003(\01320.google.clou"
-          + "d.audit.ServiceAccountDelegationInfo\022\031\n\021"
-          + "principal_subject\030\010 \001(\t\"\226\001\n\021Authorizatio"
-          + "nInfo\022\020\n\010resource\030\001 \001(\t\022\022\n\npermission\030\002 "
-          + "\001(\t\022\017\n\007granted\030\003 \001(\010\022J\n\023resource_attribu"
-          + "tes\030\005 \001(\0132-.google.rpc.context.Attribute"
-          + "Context.Resource\"\365\001\n\017RequestMetadata\022\021\n\t"
-          + "caller_ip\030\001 \001(\t\022\"\n\032caller_supplied_user_"
-          + "agent\030\002 \001(\t\022\026\n\016caller_network\030\003 \001(\t\022H\n\022r"
-          + "equest_attributes\030\007 \001(\0132,.google.rpc.con"
-          + "text.AttributeContext.Request\022I\n\026destina"
-          + "tion_attributes\030\010 \001(\0132).google.rpc.conte"
-          + "xt.AttributeContext.Peer\"I\n\020ResourceLoca"
-          + "tion\022\031\n\021current_locations\030\001 \003(\t\022\032\n\022origi"
-          + "nal_locations\030\002 \003(\t\"\250\003\n\034ServiceAccountDe"
-          + "legationInfo\022e\n\025first_party_principal\030\001 "
-          + "\001(\0132D.google.cloud.audit.ServiceAccountD"
-          + "elegationInfo.FirstPartyPrincipalH\000\022e\n\025t"
-          + "hird_party_principal\030\002 \001(\0132D.google.clou"
-          + "d.audit.ServiceAccountDelegationInfo.Thi"
-          + "rdPartyPrincipalH\000\032a\n\023FirstPartyPrincipa"
-          + "l\022\027\n\017principal_email\030\001 \001(\t\0221\n\020service_me"
-          + "tadata\030\002 \001(\0132\027.google.protobuf.Struct\032J\n"
-          + "\023ThirdPartyPrincipal\0223\n\022third_party_clai"
-          + "ms\030\001 \001(\0132\027.google.protobuf.StructB\013\n\tAut"
-          + "horityBe\n\026com.google.cloud.auditB\rAuditL"
-          + "ogProtoP\001Z7google.golang.org/genproto/go"
-          + "ogleapis/cloud/audit;audit\370\001\001b\006proto3"
+          + "protobuf.Struct\022.\n\014service_data\030\017 \001(\0132\024."
+          + "google.protobuf.AnyB\002\030\001\"\231\002\n\022Authenticati"
+          + "onInfo\022\027\n\017principal_email\030\001 \001(\t\022\032\n\022autho"
+          + "rity_selector\030\002 \001(\t\0226\n\025third_party_princ"
+          + "ipal\030\004 \001(\0132\027.google.protobuf.Struct\022 \n\030s"
+          + "ervice_account_key_name\030\005 \001(\t\022Y\n\037service"
+          + "_account_delegation_info\030\006 \003(\01320.google."
+          + "cloud.audit.ServiceAccountDelegationInfo"
+          + "\022\031\n\021principal_subject\030\010 \001(\t\"\226\001\n\021Authoriz"
+          + "ationInfo\022\020\n\010resource\030\001 \001(\t\022\022\n\npermissio"
+          + "n\030\002 \001(\t\022\017\n\007granted\030\003 \001(\010\022J\n\023resource_att"
+          + "ributes\030\005 \001(\0132-.google.rpc.context.Attri"
+          + "buteContext.Resource\"\365\001\n\017RequestMetadata"
+          + "\022\021\n\tcaller_ip\030\001 \001(\t\022\"\n\032caller_supplied_u"
+          + "ser_agent\030\002 \001(\t\022\026\n\016caller_network\030\003 \001(\t\022"
+          + "H\n\022request_attributes\030\007 \001(\0132,.google.rpc"
+          + ".context.AttributeContext.Request\022I\n\026des"
+          + "tination_attributes\030\010 \001(\0132).google.rpc.c"
+          + "ontext.AttributeContext.Peer\"I\n\020Resource"
+          + "Location\022\031\n\021current_locations\030\001 \003(\t\022\032\n\022o"
+          + "riginal_locations\030\002 \003(\t\"\303\003\n\034ServiceAccou"
+          + "ntDelegationInfo\022\031\n\021principal_subject\030\003 "
+          + "\001(\t\022e\n\025first_party_principal\030\001 \001(\0132D.goo"
+          + "gle.cloud.audit.ServiceAccountDelegation"
+          + "Info.FirstPartyPrincipalH\000\022e\n\025third_part"
+          + "y_principal\030\002 \001(\0132D.google.cloud.audit.S"
+          + "erviceAccountDelegationInfo.ThirdPartyPr"
+          + "incipalH\000\032a\n\023FirstPartyPrincipal\022\027\n\017prin"
+          + "cipal_email\030\001 \001(\t\0221\n\020service_metadata\030\002 "
+          + "\001(\0132\027.google.protobuf.Struct\032J\n\023ThirdPar"
+          + "tyPrincipal\0223\n\022third_party_claims\030\001 \001(\0132"
+          + "\027.google.protobuf.StructB\013\n\tAuthorityBe\n"
+          + "\026com.google.cloud.auditB\rAuditLogProtoP\001"
+          + "Z7google.golang.org/genproto/googleapis/"
+          + "cloud/audit;audit\370\001\001b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -199,7 +200,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
         new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
             internal_static_google_cloud_audit_ServiceAccountDelegationInfo_descriptor,
             new java.lang.String[] {
-              "FirstPartyPrincipal", "ThirdPartyPrincipal", "Authority",
+              "PrincipalSubject", "FirstPartyPrincipal", "ThirdPartyPrincipal", "Authority",
             });
     internal_static_google_cloud_audit_ServiceAccountDelegationInfo_FirstPartyPrincipal_descriptor =
         internal_static_google_cloud_audit_ServiceAccountDelegationInfo_descriptor

proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java

@@ -176,9 +176,11 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * <pre>
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    * </pre>
    *
    * <code>string principal_email = 1;</code>
@@ -202,9 +204,11 @@ public java.lang.String getPrincipalEmail() {
    *
    * <pre>
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    * </pre>
    *
    * <code>string principal_email = 1;</code>
@@ -1002,9 +1006,11 @@ public Builder mergeFrom(
      *
      * <pre>
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      * </pre>
      *
      * <code>string principal_email = 1;</code>
@@ -1027,9 +1033,11 @@ public java.lang.String getPrincipalEmail() {
      *
      * <pre>
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      * </pre>
      *
      * <code>string principal_email = 1;</code>
@@ -1052,9 +1060,11 @@ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
      *
      * <pre>
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      * </pre>
      *
      * <code>string principal_email = 1;</code>
@@ -1076,9 +1086,11 @@ public Builder setPrincipalEmail(java.lang.String value) {
      *
      * <pre>
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      * </pre>
      *
      * <code>string principal_email = 1;</code>
@@ -1096,9 +1108,11 @@ public Builder clearPrincipalEmail() {
      *
      * <pre>
      * The email address of the authenticated user (or service account on behalf
-     * of third party principal) making the request. For privacy reasons, the
-     * principal email address is redacted for all read-only operations that fail
-     * with a "permission denied" error.
+     * of third party principal) making the request. For third party identity
+     * callers, the `principal_subject` field is populated instead of this field.
+     * For privacy reasons, the principal email address is sometimes redacted.
+     * For more information, see
+     * https://cloud.google.com/logging/docs/audit#user-id.
      * </pre>
      *
      * <code>string principal_email = 1;</code>

proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java

@@ -28,9 +28,11 @@ public interface AuthenticationInfoOrBuilder
    *
    * <pre>
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    * </pre>
    *
    * <code>string principal_email = 1;</code>
@@ -43,9 +45,11 @@ public interface AuthenticationInfoOrBuilder
    *
    * <pre>
    * The email address of the authenticated user (or service account on behalf
-   * of third party principal) making the request. For privacy reasons, the
-   * principal email address is redacted for all read-only operations that fail
-   * with a "permission denied" error.
+   * of third party principal) making the request. For third party identity
+   * callers, the `principal_subject` field is populated instead of this field.
+   * For privacy reasons, the principal email address is sometimes redacted.
+   * For more information, see
+   * https://cloud.google.com/logging/docs/audit#user-id.
    * </pre>
    *
    * <code>string principal_email = 1;</code>