github.com/cloudwan/edgelq-sdk@v1.15.4/audit/proto/v1/resource_change_log_custom.proto (about)

     1  syntax = "proto3";
     2  
     3  package ntt.audit.v1;
     4  
     5  import "edgelq-sdk/audit/proto/v1/common.proto";
     6  import "edgelq-sdk/audit/proto/v1/resource_change_log.proto";
     7  import "edgelq-sdk/common/rpc/status.proto";
     8  import "google/protobuf/timestamp.proto";
     9  
    10  option go_package = "github.com/cloudwan/edgelq-sdk/audit/client/v1/resource_change_log;resource_change_log_client";
    11  option java_multiple_files = false;
    12  option java_outer_classname = "ResourceChangeLogCustomProto";
    13  option java_package = "com.ntt.audit.pb.v1";
    14  
    15  // A request message of the
    16  // [ListResourceChangeLogs](#listresourcechangelogs-method) method.
    17  //
    18  // It returns resource changes for specified time range, region, scope and
    19  // filter.  Note that resource change logs are Resource oriented, primary
    20  // object is resource here. Audit monitors resources that have non-custom
    21  // store.
    22  //
    23  // Note that filter field is mandatory and minimal filters are:
    24  //
    25  // * --filter 'service.name=[SERVICE_NAME] and resource.type=[RESOURCE_NAME]'
    26  //   (what is happening for this resource type)
    27  // * --filter 'request_id=[REQUEST_ID]' (which resources were changed by this
    28  //   request_id?)
    29  //
    30  // Be aware that server will append scope filter condition (and scope IN ...)
    31  // to an any of the above filters. All scopes are extracted from parents field
    32  // in ListResourceChangeLogsRequest body. This ensures that users can view only
    33  // scopes he/she is allowed to.
    34  //
    35  // For all of the above filters you can replace filter condition compare (=)
    36  // with IN operator. You can therefore query for multiple services, methods or
    37  // users at once. Above filters are also preferred as we have optimization for
    38  // them.
    39  //
    40  // Resource change logs can also be filtered by custom labels (field labels in
    41  // ResourceChangeLog - pre and post versions). Labels are custom per each API
    42  // resource - so you must specify service.name and resource.type conditions to
    43  // enable them. For example, suppose you have a VM resource which contains
    44  // "group" field, which is a reference to some other resource. If you create
    45  // label "group" in VM resource spec (in proto model) you can make a following
    46  // query:
    47  //
    48  // ```
    49  // --filter 'service.name=vms.domain.com and \
    50  //           resource.type=VM and \
    51  //           resource.post.labels.group=projects/P/vmgroups/myGroup'
    52  // ```
    53  //
    54  // Examples of usage (with cuttle, we are interested only in one region and
    55  // scope):
    56  //
    57  // * Checks activities within one hour for role binding resources
    58  //
    59  //   ```bash
    60  //   cuttle audit query activity-log --parents 'projects/demo' \
    61  //     --filter 'service.name="iam.edgelq.com" and \
    62  //               resource.type="RoleBinding"' \
    63  //     --interval '{"startTime":"2020-09-08T12:00:00Z",
    64  //     "endTime":"2020-09-08T13:00:00Z"}' \ -o json
    65  //   ```
    66  //
    67  // * Checks modification of specific RoleBinding
    68  //
    69  //   ```bash
    70  //   cuttle audit query activity-log --parents 'projects/demo' \
    71  //     --filter 'service.name="iam.edgelq.com" and \
    72  //               resource.type="RoleBinding" and \
    73  //               resource.name="projects/x/roleBindings/myRB"' \
    74  //     --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
    75  //     -o json
    76  //   ```
    77  //
    78  // * Checks changes on resource RoleBinding made by specific user
    79  //   (we need their email)
    80  //
    81  //   ```bash
    82  //   cuttle audit query resource-change-log --parents 'projects/demo' \
    83  //     --filter 'service.name="iam.edgelq.com" and \
    84  //               resource.type="RoleBinding" and \
    85  //               authentication.principal="user:we.know.who@domain.com"' \
    86  //     --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
    87  //     -o json
    88  //   ```
    89  message ListResourceChangeLogsRequest {
    90    // Parent names of ntt.audit.v1.ResourceChangeLog
    91    repeated string parents = 1;
    92  
    93    // A audit filter that specifies which resource change logs should be returned
    94    string filter = 2;
    95  
    96    // The time interval for which results should be returned. Only logs
    97    // that contain data points in the specified interval are included
    98    // in the response.
    99    TimeInterval interval = 4;
   100  
   101    // Cap on a number of resource change logs to be included in a response.
   102    // Number of logs in an actual response can be higher, since logs are
   103    // read in bulk with second precision - exceed logs above the limit will share
   104    // same timestamp as the logs below the limit.
   105    //
   106    // Results will be adjusted to the "end time" taken from interval field
   107    // (adjusted also by page_token if provided).
   108    int32 page_size = 5;
   109  
   110    // Token which identifies next page with further results. Token should be
   111    // taken from ListResourceChangeLogsResponse
   112    // [ListResourceChangeLogsResponse.next_page_token][ntt.audit.v1.ListResourceChangeLogsResponse.next_page_token].
   113    string page_token = 6;
   114  }
   115  
   116  // A response message of the
   117  // [ListResourceChangeLogs](#listresourcechangelogs-method) method.
   118  //
   119  // Creates resource change log.
   120  //
   121  // This request should not be used by regular users - only API services should
   122  // be able to submit resource change logs. Developers of services should use
   123  // logs exporter package offered along other Audit service packages instead of
   124  // developing own components.
   125  message ListResourceChangeLogsResponse {
   126    // One or more resource change logs that match the filter included in the
   127    // request. Contains results from all queried regions. Its possible however
   128    // that some logs may be missing, for this see execution_errors.
   129    repeated ResourceChangeLog resource_change_logs = 1;
   130  
   131    // If there are more results than have been returned, then this field is set
   132    // to a non-empty value. To see the additional results,
   133    // use that value as `pageToken` in the next call to this method.
   134    string next_page_token = 2;
   135  
   136    // Query execution errors that may have caused the response data returned to
   137    // be incomplete. Because logs are stored only locally (for each region), all
   138    // resource change log queries are split and merged by a receiving request
   139    // server according to the queried regions. Its possible that some regions
   140    // will fail when request is redirected to them, but others not. For each
   141    // failed region, one execution error will be appended. In each ntt.rpc.Status
   142    // message, fields code and message will contain error obtained from failed
   143    // regional server, while field details will contain always one item and this
   144    // item will be of type ErrorDetails.
   145    repeated ntt.rpc.Status execution_errors = 3;
   146  
   147    // ErrorDetails is used when one of the queried regions fails to produce
   148    // results. It is used in execution_errors field (see subfield
   149    // ntt.rpc.Status.details).
   150    message ErrorDetails {
   151      // region id which failed to give results.
   152      string region_id = 1;
   153    }
   154  }
   155  
   156  // A request message of the
   157  // [CreatePreCommittedResourceChangeLogs](#createprecommittedresourcechangelogs-method)
   158  // method.
   159  message CreatePreCommittedResourceChangeLogsRequest {
   160    // ID of the request - must be same as the one used in activity logs
   161    uint64 request_id = 1;
   162  
   163    // Time of the request
   164    google.protobuf.Timestamp timestamp = 2;
   165  
   166    // Authentication data - informs who made a change
   167    Authentication authentication = 3;
   168  
   169    // Information about the service
   170    ServiceData service = 4;
   171  
   172    // Information about transaction
   173    ResourceChangeLog.TransactionInfo transaction = 5;
   174  
   175    // List of changes
   176    repeated ResourceChangeLog.ResourceChange changes = 6;
   177  }
   178  
   179  // A response message of the
   180  // [CreatePreCommittedResourceChangeLogs](#createprecommittedresourcechangelogs-method)
   181  // method.
   182  message CreatePreCommittedResourceChangeLogsResponse {
   183    // Resource change log keys - one key per each resource change, in same order
   184    repeated bytes log_keys = 1;
   185  }
   186  
   187  // A request message of the
   188  // [SetResourceChangeLogsCommitState](#setresourcechangelogscommitstate-method)
   189  // method.
   190  message SetResourceChangeLogsCommitStateRequest {
   191    // list of resource change log keys.
   192    repeated bytes log_keys = 1;
   193  
   194    // Information about the service - must be same as before, used for
   195    // authorization purpose
   196    ServiceData service = 4;
   197  
   198    // Time of the request - must be same as in
   199    // CreatePreCommittedResourceChangeLogsRequest
   200    google.protobuf.Timestamp timestamp = 2;
   201  
   202    // final state of the transaction - must be COMMITTED or ROLLED_BACK
   203    ResourceChangeLog.TransactionInfo.State tx_result = 3;
   204  }
   205  
   206  // A response message of the
   207  // [SetResourceChangeLogsCommitState](#setresourcechangelogscommitstate-method)
   208  // method.
   209  message SetResourceChangeLogsCommitStateResponse {}