SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
							// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.api;

import "google/protobuf/descriptor.proto";

option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
option java_multiple_files = true;
option java_outer_classname = "PolicyProto";
option java_package = "com.google.api";
option objc_class_prefix = "GAPI";

extend google.protobuf.FieldOptions {
  // See [FieldPolicy][].
  google.api.FieldPolicy field_policy = 158361448;
}

extend google.protobuf.MethodOptions {
  // See [MethodPolicy][].
  google.api.MethodPolicy method_policy = 161893301;
}

// Google API Policy Annotation
//
// This message defines a simple API policy annotation that can be used to
// annotate API request and response message fields with applicable policies.
// One field may have multiple applicable policies that must all be satisfied
// before a request can be processed. This policy annotation is used to
// generate the overall policy that will be used for automatic runtime
// policy enforcement and documentation generation.
message FieldPolicy {
  // Selects one or more request or response message fields to apply this
  // `FieldPolicy`.
  //
  // When a `FieldPolicy` is used in proto annotation, the selector must
  // be left as empty. The service config generator will automatically fill
  // the correct value.
  //
  // When a `FieldPolicy` is used in service config, the selector must be a
  // comma-separated string with valid request or response field paths,
  // such as "foo.bar" or "foo.bar,foo.baz".
  string selector = 1;

  // Specifies the required permission(s) for the resource referred to by the
  // field. It requires the field contains a valid resource reference, and
  // the request must pass the permission checks to proceed. For example,
  // "resourcemanager.projects.get".
  string resource_permission = 2;

  // Specifies the resource type for the resource referred to by the field.
  string resource_type = 3;
}

// Defines policies applying to an RPC method.
message MethodPolicy {
  // Selects a method to which these policies should be enforced, for example,
  // "google.pubsub.v1.Subscriber.CreateSubscription".
  //
  // Refer to [selector][google.api.DocumentationRule.selector] for syntax
  // details.
  //
  // NOTE: This field must not be set in the proto annotation. It will be
  // automatically filled by the service config compiler .
  string selector = 9;

  // Policies that are applicable to the request message.
  repeated FieldPolicy request_policies = 2;
}