|
| 1 | +// Copyright 2022 Google LLC |
| 2 | +// |
| 3 | +// Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | +// you may not use this file except in compliance with the License. |
| 5 | +// You may obtain a copy of the License at |
| 6 | +// |
| 7 | +// http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +// |
| 9 | +// Unless required by applicable law or agreed to in writing, software |
| 10 | +// distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +// See the License for the specific language governing permissions and |
| 13 | +// limitations under the License. |
| 14 | + |
| 15 | +syntax = "proto3"; |
| 16 | + |
| 17 | +package google.cloud.bigquery.datapolicies.v1; |
| 18 | + |
| 19 | +import "google/api/annotations.proto"; |
| 20 | +import "google/api/client.proto"; |
| 21 | +import "google/api/field_behavior.proto"; |
| 22 | +import "google/api/resource.proto"; |
| 23 | +import "google/iam/v1/iam_policy.proto"; |
| 24 | +import "google/iam/v1/policy.proto"; |
| 25 | +import "google/protobuf/empty.proto"; |
| 26 | +import "google/protobuf/field_mask.proto"; |
| 27 | + |
| 28 | +option csharp_namespace = "Google.Cloud.BigQuery.DataPolicies.V1"; |
| 29 | +option go_package = "google.golang.org/genproto/googleapis/cloud/bigquery/datapolicies/v1;datapolicies"; |
| 30 | +option java_multiple_files = true; |
| 31 | +option java_outer_classname = "DataPolicyProto"; |
| 32 | +option java_package = "com.google.cloud.bigquery.datapolicies.v1"; |
| 33 | +option php_namespace = "Google\\Cloud\\BigQuery\\DataPolicies\\V1"; |
| 34 | +option ruby_package = "Google::Cloud::Bigquery::DataPolicies::V1"; |
| 35 | + |
| 36 | +// Data Policy Service provides APIs for managing the label-policy bindings. |
| 37 | +service DataPolicyService { |
| 38 | + option (google.api.default_host) = "bigquerydatapolicy.googleapis.com"; |
| 39 | + option (google.api.oauth_scopes) = |
| 40 | + "https://www.googleapis.com/auth/bigquery," |
| 41 | + "https://www.googleapis.com/auth/cloud-platform"; |
| 42 | + |
| 43 | + // Creates a new data policy under a project with the given `dataPolicyId` |
| 44 | + // (used as the display name), policy tag, and data policy type. |
| 45 | + rpc CreateDataPolicy(CreateDataPolicyRequest) returns (DataPolicy) { |
| 46 | + option (google.api.http) = { |
| 47 | + post: "/v1/{parent=projects/*/locations/*}/dataPolicies" |
| 48 | + body: "data_policy" |
| 49 | + }; |
| 50 | + option (google.api.method_signature) = "parent,data_policy"; |
| 51 | + } |
| 52 | + |
| 53 | + // Updates the metadata for an existing data policy. The target data policy |
| 54 | + // can be specified by the resource name. |
| 55 | + rpc UpdateDataPolicy(UpdateDataPolicyRequest) returns (DataPolicy) { |
| 56 | + option (google.api.http) = { |
| 57 | + patch: "/v1/{data_policy.name=projects/*/locations/*/dataPolicies/*}" |
| 58 | + body: "data_policy" |
| 59 | + }; |
| 60 | + option (google.api.method_signature) = "data_policy,update_mask"; |
| 61 | + } |
| 62 | + |
| 63 | + // Renames the id (display name) of the specified data policy. |
| 64 | + rpc RenameDataPolicy(RenameDataPolicyRequest) returns (DataPolicy) { |
| 65 | + option (google.api.http) = { |
| 66 | + post: "/v1/{name=projects/*/locations/*/dataPolicies/*}:rename" |
| 67 | + body: "*" |
| 68 | + }; |
| 69 | + option (google.api.method_signature) = "name,new_data_policy_id"; |
| 70 | + } |
| 71 | + |
| 72 | + // Deletes the data policy specified by its resource name. |
| 73 | + rpc DeleteDataPolicy(DeleteDataPolicyRequest) |
| 74 | + returns (google.protobuf.Empty) { |
| 75 | + option (google.api.http) = { |
| 76 | + delete: "/v1/{name=projects/*/locations/*/dataPolicies/*}" |
| 77 | + }; |
| 78 | + option (google.api.method_signature) = "name"; |
| 79 | + } |
| 80 | + |
| 81 | + // Gets the data policy specified by its resource name. |
| 82 | + rpc GetDataPolicy(GetDataPolicyRequest) returns (DataPolicy) { |
| 83 | + option (google.api.http) = { |
| 84 | + get: "/v1/{name=projects/*/locations/*/dataPolicies/*}" |
| 85 | + }; |
| 86 | + option (google.api.method_signature) = "name"; |
| 87 | + } |
| 88 | + |
| 89 | + // List all of the data policies in the specified parent project. |
| 90 | + rpc ListDataPolicies(ListDataPoliciesRequest) |
| 91 | + returns (ListDataPoliciesResponse) { |
| 92 | + option (google.api.http) = { |
| 93 | + get: "/v1/{parent=projects/*/locations/*}/dataPolicies" |
| 94 | + }; |
| 95 | + option (google.api.method_signature) = "parent"; |
| 96 | + } |
| 97 | + |
| 98 | + // Gets the IAM policy for the specified data policy. |
| 99 | + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) |
| 100 | + returns (google.iam.v1.Policy) { |
| 101 | + option (google.api.http) = { |
| 102 | + post: "/v1/{resource=projects/*/locations/*/dataPolicies/*}:getIamPolicy" |
| 103 | + body: "*" |
| 104 | + }; |
| 105 | + } |
| 106 | + |
| 107 | + // Sets the IAM policy for the specified data policy. |
| 108 | + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) |
| 109 | + returns (google.iam.v1.Policy) { |
| 110 | + option (google.api.http) = { |
| 111 | + post: "/v1/{resource=projects/*/locations/*/dataPolicies/*}:setIamPolicy" |
| 112 | + body: "*" |
| 113 | + }; |
| 114 | + } |
| 115 | + |
| 116 | + // Returns the caller's permission on the specified data policy resource. |
| 117 | + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) |
| 118 | + returns (google.iam.v1.TestIamPermissionsResponse) { |
| 119 | + option (google.api.http) = { |
| 120 | + post: "/v1/{resource=projects/*/locations/*/dataPolicies/*}:testIamPermissions" |
| 121 | + body: "*" |
| 122 | + }; |
| 123 | + } |
| 124 | +} |
| 125 | + |
| 126 | +// Request message for the CreateDataPolicy method. |
| 127 | +message CreateDataPolicyRequest { |
| 128 | + // Required. Resource name of the project that the data policy will belong to. |
| 129 | + // The format is `projects/{project_number}/locations/{location_id}`. |
| 130 | + string parent = 1 [ |
| 131 | + (google.api.field_behavior) = REQUIRED, |
| 132 | + (google.api.resource_reference) = { |
| 133 | + child_type: "bigquerydatapolicy.googleapis.com/DataPolicy" |
| 134 | + } |
| 135 | + ]; |
| 136 | + |
| 137 | + // Required. The data policy to create. The `name` field does not need to be |
| 138 | + // provided for the data policy creation. |
| 139 | + DataPolicy data_policy = 2 [(google.api.field_behavior) = REQUIRED]; |
| 140 | +} |
| 141 | + |
| 142 | +// Response message for the UpdateDataPolicy method. |
| 143 | +message UpdateDataPolicyRequest { |
| 144 | + // Required. Update the data policy's metadata. |
| 145 | + // |
| 146 | + // The target data policy is determined by the `name` field. |
| 147 | + // Other fields are updated to the specified values based on the field masks. |
| 148 | + DataPolicy data_policy = 1 [(google.api.field_behavior) = REQUIRED]; |
| 149 | + |
| 150 | + // The update mask applies to the resource. For the `FieldMask` definition, |
| 151 | + // see |
| 152 | + // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask |
| 153 | + // If not set, defaults to all of the fields that are allowed to update. |
| 154 | + // |
| 155 | + // Updates to the `name` and `dataPolicyId` fields are not allowed. |
| 156 | + google.protobuf.FieldMask update_mask = 2; |
| 157 | +} |
| 158 | + |
| 159 | +// Request message for the RenameDataPolicy method. |
| 160 | +message RenameDataPolicyRequest { |
| 161 | + // Required. Resource name of the data policy to rename. The format is |
| 162 | + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}` |
| 163 | + string name = 1 [(google.api.field_behavior) = REQUIRED]; |
| 164 | + |
| 165 | + // Required. The new data policy id. |
| 166 | + string new_data_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; |
| 167 | +} |
| 168 | + |
| 169 | +// Request message for the DeleteDataPolicy method. |
| 170 | +message DeleteDataPolicyRequest { |
| 171 | + // Required. Resource name of the data policy to delete. Format is |
| 172 | + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| 173 | + string name = 1 [ |
| 174 | + (google.api.field_behavior) = REQUIRED, |
| 175 | + (google.api.resource_reference) = { |
| 176 | + type: "bigquerydatapolicy.googleapis.com/DataPolicy" |
| 177 | + } |
| 178 | + ]; |
| 179 | +} |
| 180 | + |
| 181 | +// Request message for the GetDataPolicy method. |
| 182 | +message GetDataPolicyRequest { |
| 183 | + // Required. Resource name of the requested data policy. Format is |
| 184 | + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| 185 | + string name = 1 [ |
| 186 | + (google.api.field_behavior) = REQUIRED, |
| 187 | + (google.api.resource_reference) = { |
| 188 | + type: "bigquerydatapolicy.googleapis.com/DataPolicy" |
| 189 | + } |
| 190 | + ]; |
| 191 | +} |
| 192 | + |
| 193 | +// Request message for the ListDataPolicies method. |
| 194 | +message ListDataPoliciesRequest { |
| 195 | + // Required. Resource name of the project for which to list data policies. |
| 196 | + // Format is `projects/{project_number}/locations/{location_id}`. |
| 197 | + string parent = 1 [ |
| 198 | + (google.api.field_behavior) = REQUIRED, |
| 199 | + (google.api.resource_reference) = { |
| 200 | + child_type: "bigquerydatapolicy.googleapis.com/DataPolicy" |
| 201 | + } |
| 202 | + ]; |
| 203 | + |
| 204 | + // The maximum number of data policies to return. Must be a value between 1 |
| 205 | + // and 1000. |
| 206 | + // If not set, defaults to 50. |
| 207 | + int32 page_size = 2; |
| 208 | + |
| 209 | + // The `nextPageToken` value returned from a previous list request, if any. If |
| 210 | + // not set, defaults to an empty string. |
| 211 | + string page_token = 3; |
| 212 | + |
| 213 | + // Filters the data policies by policy tags that they |
| 214 | + // are associated with. Currently filter only supports |
| 215 | + // "policy<span></span>_tag" based filtering and OR based predicates. Sample |
| 216 | + // filter can be "policy<span></span>_tag: |
| 217 | + // `'projects/1/locations/us/taxonomies/2/policyTags/3'`". You may use |
| 218 | + // wildcard such as "policy<span></span>_tag: |
| 219 | + // `'projects/1/locations/us/taxonomies/2/*'`". |
| 220 | + string filter = 4; |
| 221 | +} |
| 222 | + |
| 223 | +// Response message for the ListDataPolicies method. |
| 224 | +message ListDataPoliciesResponse { |
| 225 | + // Data policies that belong to the requested project. |
| 226 | + repeated DataPolicy data_policies = 1; |
| 227 | + |
| 228 | + // Token used to retrieve the next page of results, or empty if there are no |
| 229 | + // more results. |
| 230 | + string next_page_token = 2; |
| 231 | +} |
| 232 | + |
| 233 | +// Represents the label-policy binding. |
| 234 | +message DataPolicy { |
| 235 | + option (google.api.resource) = { |
| 236 | + type: "bigquerydatapolicy.googleapis.com/DataPolicy" |
| 237 | + pattern: "projects/{project}/locations/{location}/dataPolicies/{data_policy}" |
| 238 | + }; |
| 239 | + |
| 240 | + // A list of supported data policy types. |
| 241 | + enum DataPolicyType { |
| 242 | + // Default value for the data policy type. This should not be used. |
| 243 | + DATA_POLICY_TYPE_UNSPECIFIED = 0; |
| 244 | + |
| 245 | + // Used to create a data policy for column-level security, without data |
| 246 | + // masking. |
| 247 | + COLUMN_LEVEL_SECURITY_POLICY = 3; |
| 248 | + |
| 249 | + // Used to create a data policy for data masking. |
| 250 | + DATA_MASKING_POLICY = 2; |
| 251 | + } |
| 252 | + |
| 253 | + // Label that is bound to this data policy. |
| 254 | + oneof matching_label { |
| 255 | + // Policy tag resource name, in the format of |
| 256 | + // `projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}`. |
| 257 | + string policy_tag = 4; |
| 258 | + } |
| 259 | + |
| 260 | + // The policy that is bound to this data policy. |
| 261 | + oneof policy { |
| 262 | + // The data masking policy that specifies the data masking rule to use. |
| 263 | + DataMaskingPolicy data_masking_policy = 5; |
| 264 | + } |
| 265 | + |
| 266 | + // Output only. Resource name of this data policy, in the format of |
| 267 | + // `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| 268 | + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; |
| 269 | + |
| 270 | + // Type of data policy. |
| 271 | + DataPolicyType data_policy_type = 2; |
| 272 | + |
| 273 | + // User-assigned (human readable) ID of the data policy that needs to be |
| 274 | + // unique within a project. Used as {data_policy_id} in part of the resource |
| 275 | + // name. |
| 276 | + string data_policy_id = 3; |
| 277 | +} |
| 278 | + |
| 279 | +// The data masking policy that is used to specify data masking rule. |
| 280 | +message DataMaskingPolicy { |
| 281 | + // The available masking rules. Learn more here: |
| 282 | + // https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. |
| 283 | + enum PredefinedExpression { |
| 284 | + // Default, unspecified predefined expression. No masking will take place |
| 285 | + // since no expression is specified. |
| 286 | + PREDEFINED_EXPRESSION_UNSPECIFIED = 0; |
| 287 | + |
| 288 | + // Masking expression to replace data with SHA-256 hash. |
| 289 | + SHA256 = 3; |
| 290 | + |
| 291 | + // Masking expression to replace data with NULLs. |
| 292 | + ALWAYS_NULL = 5; |
| 293 | + |
| 294 | + // Masking expression to replace data with their default masking values. |
| 295 | + // The default masking values for each type listed as below: |
| 296 | + // |
| 297 | + // * STRING: "" |
| 298 | + // * BYTES: b'' |
| 299 | + // * INTEGER: 0 |
| 300 | + // * FLOAT: 0.0 |
| 301 | + // * NUMERIC: 0 |
| 302 | + // * BOOLEAN: FALSE |
| 303 | + // * TIMESTAMP: 0001-01-01 00:00:00 UTC |
| 304 | + // * DATE: 0001-01-01 |
| 305 | + // * TIME: 00:00:00 |
| 306 | + // * DATETIME: 0001-01-01T00:00:00 |
| 307 | + // * GEOGRAPHY: POINT(0 0) |
| 308 | + // * BIGNUMERIC: 0 |
| 309 | + // * ARRAY: [] |
| 310 | + // * STRUCT: NOT_APPLICABLE |
| 311 | + // * JSON: NULL |
| 312 | + DEFAULT_MASKING_VALUE = 7; |
| 313 | + } |
| 314 | + |
| 315 | + // A masking expression to bind to the data masking rule. |
| 316 | + oneof masking_expression { |
| 317 | + // A predefined masking expression. |
| 318 | + PredefinedExpression predefined_expression = 1; |
| 319 | + } |
| 320 | +} |
![gcf-owl-bot[bot]](https://avatars.githubusercontent.com/in/99011?v=4&size=40){kind=avatar}
0 commit comments