github.com/cloudwan/edgelq-sdk@v1.15.4/audit/proto/v1alpha2/resource_change_log_custom.proto

github.com/cloudwan/edgelq-sdk@v1.15.4/audit/proto/v1alpha2/resource_change_log_custom.proto (about)

     1  syntax = "proto3";
     2  
     3  package ntt.audit.v1alpha2;
     4  
     5  import "edgelq-sdk/audit/proto/v1alpha2/common.proto";
     6  import "edgelq-sdk/audit/proto/v1alpha2/resource_change_log.proto";
     7  import "edgelq-sdk/common/rpc/status.proto";
     8  import "google/api/resource.proto";
     9  import "google/protobuf/timestamp.proto";
    10  
    11  option go_package = "github.com/cloudwan/edgelq-sdk/audit/client/v1alpha2/resource_change_log;resource_change_log_client";
    12  option java_multiple_files = false;
    13  option java_outer_classname = "ResourceChangeLogCustomProto";
    14  option java_package = "com.ntt.audit.pb.v1alpha2";
    15  
    16  // Request message for method
    17  // [ListResourceChangeLogs][ntt.audit.v1alpha2.ListResourceChangeLogs]
    18  //
    19  // Returns resource changes for specified time range, region, scope and filter.
    20  // Note that resource change logs are Resource oriented - primary object is
    21  // resource here. Audit monitors resources that have non-custom store.
    22  //
    23  // Note that filter field is mandatory and minimal filters are:
    24  // * --filter 'service.name=[SERVICE_NAME] and resource.type=[RESOURCE_NAME]'
    25  // (what is happening for this resource type)
    26  // * --filter 'request_id=[REQUEST_ID]' (which resources were changed by this
    27  // request_id?)
    28  //
    29  // Be aware that server will append scope filter condition (and scope IN ...) to
    30  // an any of the above filters. All scopes are extracted from parents field in
    31  // ListResourceChangeLogsRequest body. This ensures that users can view only
    32  // scopes he/she is allowed to.
    33  //
    34  // For all of the above filters you can replace filter condition compare (=)
    35  // with IN operator. You can therefore query for multiple services, methods or
    36  // users at once. Above filters are also preferred as we have optimization for
    37  // them.
    38  //
    39  // Resource change logs can also be filtered by custom labels (field labels in
    40  // ResourceChangeLog - pre and post versions). Labels are custom per each API
    41  // resource - so you must specify service.name and resource.type conditions to
    42  // enable them. For example, suppose you have a VM resource which contains
    43  // "group" field, which is a reference to some other resource. If you create
    44  // label "group" in VM resource spec (in proto model) you can make a following
    45  // query:
    46  // *--filter 'service.name=vms.domain.com and resource.type=VM and
    47  // resource.post.labels.group=projects/P/vmgroups/myGroup'*.
    48  //
    49  // Examples of usage (with cuttle - we are interested only in one region and
    50  // scope):
    51  // * Checks activities within one hour for role binding resources
    52  //
    53  // $ cuttle audit query activity-log --parents 'project/demo'
    54  //   --filter 'service.name="IAM.edgelq.com" and resource.type="RoleBinding"'
    55  //   --interval '{"startTime":"2020-09-08T12:00:00Z",
    56  //   "endTime":"2020-09-08T13:00:00Z"}' -o json
    57  //
    58  // * Checks modification of specific RoleBinding
    59  //
    60  // $ cuttle audit query activity-log --parents 'project/demo'
    61  //   --filter 'service.name="IAM.edgelq.com" and resource.type="RoleBinding" and
    62  //   resource.name="projects/x/roleBindings/myRB"'
    63  //   --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json
    64  //
    65  // * Checks changes on resource RoleBinding made by specific user (we need their
    66  // email)
    67  //
    68  // $ cuttle audit query resource-change-log --parents 'project/demo'
    69  //   --filter 'service.name="IAM.edgelq.com" and resource.type="RoleBinding" and
    70  //   authentication.principal="user:we.know.who@domain.com"'
    71  //   --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json
    72  message ListResourceChangeLogsRequest {
    73    // Parent names of ntt.audit.v1alpha2.ResourceChangeLog
    74    repeated string parents = 1;
    75  
    76    // A audit filter that specifies which resource change logs should be returned
    77    string filter = 2;
    78  
    79    // The time interval for which results should be returned. Only logs
    80    // that contain data points in the specified interval are included
    81    // in the response.
    82    TimeInterval interval = 4;
    83  
    84    // Cap on a number of resource change logs to be included in a response.
    85    // Number of logs in an actual response can be higher, since logs are
    86    // read in bulk with second precision - exceed logs above the limit will share
    87    // same timestamp as the logs below the limit.
    88    //
    89    // Results will be adjusted to the "end time" taken from interval field
    90    // (adjusted also by page_token if provided).
    91    int32 page_size = 5;
    92  
    93    // Token which identifies next page with further results. Token should be
    94    // taken from ListResourceChangeLogsResponse
    95    // [ListResourceChangeLogsResponse.next_page_token][ntt.audit.v1alpha2.ListResourceChangeLogsResponse.next_page_token].
    96    string page_token = 6;
    97  }
    98  
    99  // Response message for method
   100  // [ListResourceChangeLogs][ntt.audit.v1alpha2.ListResourceChangeLogs]
   101  message ListResourceChangeLogsResponse {
   102    // One or more resource change logs that match the filter included in the
   103    // request. Contains results from all queried regions. Its possible however
   104    // that some logs may be missing, for this see execution_errors.
   105    repeated ResourceChangeLog resource_change_logs = 1;
   106  
   107    // If there are more results than have been returned, then this field is set
   108    // to a non-empty value. To see the additional results,
   109    // use that value as `pageToken` in the next call to this method.
   110    string next_page_token = 2;
   111  
   112    // Query execution errors that may have caused the response data returned to
   113    // be incomplete. Because logs are stored only locally (for each region), all
   114    // resource change log queries are split and merged by a receiving request
   115    // server according to the queried regions. Its possible that some regions
   116    // will fail when request is redirected to them, but others not. For each
   117    // failed region, one execution error will be appended. In each ntt.rpc.Status
   118    // message, fields code and message will contain error obtained from failed
   119    // regional server, while field details will contain always one item and this
   120    // item will be of type ErrorDetails.
   121    repeated ntt.rpc.Status execution_errors = 3;
   122  
   123    // ErrorDetails is used when one of the queried regions fails to produce
   124    // results. It is used in execution_errors field (see subfield
   125    // ntt.rpc.Status.details).
   126    message ErrorDetails {
   127      // region id which failed to give results.
   128      string region_id = 1;
   129    }
   130  }
   131  
   132  // Request message for method
   133  // [CreatePreCommittedResourceChangeLogs][ntt.audit.v1alpha2.CreatePreCommittedResourceChangeLogs]
   134  //
   135  // Creates resource change log.
   136  //
   137  // This request should not be used by regular users - only API services should
   138  // be able to submit resource change logs. Developers of services should use
   139  // logs exporter package offered along other Audit service packages instead of
   140  // developing own components.
   141  message CreatePreCommittedResourceChangeLogsRequest {
   142    // ID of the request - must be same as the one used in activity logs
   143    uint64 request_id = 1;
   144  
   145    // Time of the request
   146    google.protobuf.Timestamp timestamp = 2;
   147  
   148    // Authentication data - informs who made a change
   149    Authentication authentication = 3;
   150  
   151    // Information about the service
   152    ServiceData service = 4;
   153  
   154    // Information about transaction
   155    ResourceChangeLog.TransactionInfo transaction = 5;
   156  
   157    // List of changes
   158    repeated ResourceChangeLog.ResourceChange changes = 6;
   159  }
   160  
   161  // Response message for method
   162  // [CreateResourceChangeLogs][ntt.audit.v1alpha2.CreateResourceChangeLogs]
   163  message CreatePreCommittedResourceChangeLogsResponse {
   164    // Resource change log keys - one key per each resource change, in same order
   165    repeated bytes log_keys = 1;
   166  }
   167  
   168  // Request message for method
   169  // [SetResourceChangeLogsCommitState][ntt.audit.v1alpha2.SetResourceChangeLogsCommitState]
   170  //
   171  // Sets transaction status of selected resource change logs.
   172  //
   173  // This request should not be used by regular users - only API services should
   174  // be able to modify resource change logs. Developers of services should use
   175  // logs exporter package offered along other Audit service packages instead of
   176  // developing own components.
   177  message SetResourceChangeLogsCommitStateRequest {
   178    // list of resource change log keys.
   179    repeated bytes log_keys = 1;
   180  
   181    // Time of the request - must be same as in
   182    // CreatePreCommittedResourceChangeLogsRequest
   183    google.protobuf.Timestamp timestamp = 2;
   184  
   185    // final state of the transaction - must be COMMITTED or ROLLED_BACK
   186    ResourceChangeLog.TransactionInfo.State tx_result = 3;
   187  }
   188  
   189  // Response message for method
   190  // [SetResourceChangeLogsCommitState][ntt.audit.v1alpha2.SetResourceChangeLogsCommitState]
   191  message SetResourceChangeLogsCommitStateResponse {}