1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.api; 18 19import "google/protobuf/descriptor.proto"; 20 21option cc_enable_arenas = true; 22option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig"; 23option java_multiple_files = true; 24option java_outer_classname = "PolicyProto"; 25option java_package = "com.google.api"; 26option objc_class_prefix = "GAPI"; 27 28// Provides `google.api.field_policy` annotation at proto fields. 29extend google.protobuf.FieldOptions { 30 // See [FieldPolicy][]. 31 FieldPolicy field_policy = 158361448; 32} 33 34// Provides `google.api.method_policy` annotation at proto methods. 35extend google.protobuf.MethodOptions { 36 // See [MethodPolicy][]. 37 MethodPolicy method_policy = 161893301; 38} 39 40// Google API Policy Annotation 41// 42// This message defines a simple API policy annotation that can be used to 43// annotate API request and response message fields with applicable policies. 44// One field may have multiple applicable policies that must all be satisfied 45// before a request can be processed. This policy annotation is used to 46// generate the overall policy that will be used for automatic runtime 47// policy enforcement and documentation generation. 48message FieldPolicy { 49 // Selects one or more request or response message fields to apply this 50 // `FieldPolicy`. 51 // 52 // When a `FieldPolicy` is used in proto annotation, the selector must 53 // be left as empty. The service config generator will automatically fill 54 // the correct value. 55 // 56 // When a `FieldPolicy` is used in service config, the selector must be a 57 // comma-separated string with valid request or response field paths, 58 // such as "foo.bar" or "foo.bar,foo.baz". 59 string selector = 1; 60 61 // Specifies the required permission(s) for the resource referred to by the 62 // field. It requires the field contains a valid resource reference, and 63 // the request must pass the permission checks to proceed. For example, 64 // "resourcemanager.projects.get". 65 string resource_permission = 2; 66 67 // Specifies the resource type for the resource referred to by the field. 68 string resource_type = 3; 69} 70 71// Defines policies applying to an RPC method. 72message MethodPolicy { 73 // Selects a method to which these policies should be enforced, for example, 74 // "google.pubsub.v1.Subscriber.CreateSubscription". 75 // 76 // Refer to [selector][google.api.DocumentationRule.selector] for syntax 77 // details. 78 // 79 // NOTE: This field must not be set in the proto annotation. It will be 80 // automatically filled by the service config compiler . 81 string selector = 9; 82 83 // Policies that are applicable to the request message. 84 repeated FieldPolicy request_policies = 2; 85} 86