1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.api; 18 19option go_package = "google.golang.org/genproto/googleapis/api/error_reason;error_reason"; 20option java_multiple_files = true; 21option java_outer_classname = "ErrorReasonProto"; 22option java_package = "com.google.api"; 23option objc_class_prefix = "GAPI"; 24 25// Defines the supported values for `google.rpc.ErrorInfo.reason` for the 26// `googleapis.com` error domain. This error domain is reserved for [Service 27// Infrastructure](https://cloud.google.com/service-infrastructure/docs/overview). 28// For each error info of this domain, the metadata key "service" refers to the 29// logical identifier of an API service, such as "pubsub.googleapis.com". The 30// "consumer" refers to the entity that consumes an API Service. It typically is 31// a Google project that owns the client application or the server resource, 32// such as "projects/123". Other metadata keys are specific to each error 33// reason. For more information, see the definition of the specific error 34// reason. 35enum ErrorReason { 36 // Do not use this default value. 37 ERROR_REASON_UNSPECIFIED = 0; 38 39 // The request is calling a disabled service for a consumer. 40 // 41 // Example of an ErrorInfo when the consumer "projects/123" contacting 42 // "pubsub.googleapis.com" service which is disabled: 43 // 44 // { "reason": "SERVICE_DISABLED", 45 // "domain": "googleapis.com", 46 // "metadata": { 47 // "consumer": "projects/123", 48 // "service": "pubsub.googleapis.com" 49 // } 50 // } 51 // 52 // This response indicates the "pubsub.googleapis.com" has been disabled in 53 // "projects/123". 54 SERVICE_DISABLED = 1; 55 56 // The request whose associated billing account is disabled. 57 // 58 // Example of an ErrorInfo when the consumer "projects/123" fails to contact 59 // "pubsub.googleapis.com" service because the associated billing account is 60 // disabled: 61 // 62 // { "reason": "BILLING_DISABLED", 63 // "domain": "googleapis.com", 64 // "metadata": { 65 // "consumer": "projects/123", 66 // "service": "pubsub.googleapis.com" 67 // } 68 // } 69 // 70 // This response indicates the billing account associated has been disabled. 71 BILLING_DISABLED = 2; 72 73 // The request is denied because the provided [API 74 // key](https://cloud.google.com/docs/authentication/api-keys) is invalid. It 75 // may be in a bad format, cannot be found, or has been expired). 76 // 77 // Example of an ErrorInfo when the request is contacting 78 // "storage.googleapis.com" service with an invalid API key: 79 // 80 // { "reason": "API_KEY_INVALID", 81 // "domain": "googleapis.com", 82 // "metadata": { 83 // "service": "storage.googleapis.com", 84 // } 85 // } 86 API_KEY_INVALID = 3; 87 88 // The request is denied because it violates [API key API 89 // restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_api_restrictions). 90 // 91 // Example of an ErrorInfo when the consumer "projects/123" fails to call the 92 // "storage.googleapis.com" service because this service is restricted in the 93 // API key: 94 // 95 // { "reason": "API_KEY_SERVICE_BLOCKED", 96 // "domain": "googleapis.com", 97 // "metadata": { 98 // "consumer": "projects/123", 99 // "service": "storage.googleapis.com" 100 // } 101 // } 102 API_KEY_SERVICE_BLOCKED = 4; 103 104 // The request is denied because it violates [API key HTTP 105 // restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_http_restrictions). 106 // 107 // Example of an ErrorInfo when the consumer "projects/123" fails to call 108 // "storage.googleapis.com" service because the http referrer of the request 109 // violates API key HTTP restrictions: 110 // 111 // { "reason": "API_KEY_HTTP_REFERRER_BLOCKED", 112 // "domain": "googleapis.com", 113 // "metadata": { 114 // "consumer": "projects/123", 115 // "service": "storage.googleapis.com", 116 // } 117 // } 118 API_KEY_HTTP_REFERRER_BLOCKED = 7; 119 120 // The request is denied because it violates [API key IP address 121 // restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_application_restrictions). 122 // 123 // Example of an ErrorInfo when the consumer "projects/123" fails to call 124 // "storage.googleapis.com" service because the caller IP of the request 125 // violates API key IP address restrictions: 126 // 127 // { "reason": "API_KEY_IP_ADDRESS_BLOCKED", 128 // "domain": "googleapis.com", 129 // "metadata": { 130 // "consumer": "projects/123", 131 // "service": "storage.googleapis.com", 132 // } 133 // } 134 API_KEY_IP_ADDRESS_BLOCKED = 8; 135 136 // The request is denied because it violates [API key Android application 137 // restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_application_restrictions). 138 // 139 // Example of an ErrorInfo when the consumer "projects/123" fails to call 140 // "storage.googleapis.com" service because the request from the Android apps 141 // violates the API key Android application restrictions: 142 // 143 // { "reason": "API_KEY_ANDROID_APP_BLOCKED", 144 // "domain": "googleapis.com", 145 // "metadata": { 146 // "consumer": "projects/123", 147 // "service": "storage.googleapis.com" 148 // } 149 // } 150 API_KEY_ANDROID_APP_BLOCKED = 9; 151 152 // The request is denied because it violates [API key iOS application 153 // restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_application_restrictions). 154 // 155 // Example of an ErrorInfo when the consumer "projects/123" fails to call 156 // "storage.googleapis.com" service because the request from the iOS apps 157 // violates the API key iOS application restrictions: 158 // 159 // { "reason": "API_KEY_IOS_APP_BLOCKED", 160 // "domain": "googleapis.com", 161 // "metadata": { 162 // "consumer": "projects/123", 163 // "service": "storage.googleapis.com" 164 // } 165 // } 166 API_KEY_IOS_APP_BLOCKED = 13; 167 168 // The request is denied because there is not enough rate quota for the 169 // consumer. 170 // 171 // Example of an ErrorInfo when the consumer "projects/123" fails to contact 172 // "pubsub.googleapis.com" service because consumer's rate quota usage has 173 // reached the maximum value set for the quota limit 174 // "ReadsPerMinutePerProject" on the quota metric 175 // "pubsub.googleapis.com/read_requests": 176 // 177 // { "reason": "RATE_LIMIT_EXCEEDED", 178 // "domain": "googleapis.com", 179 // "metadata": { 180 // "consumer": "projects/123", 181 // "service": "pubsub.googleapis.com", 182 // "quota_metric": "pubsub.googleapis.com/read_requests", 183 // "quota_limit": "ReadsPerMinutePerProject" 184 // } 185 // } 186 // 187 // Example of an ErrorInfo when the consumer "projects/123" checks quota on 188 // the service "dataflow.googleapis.com" and hits the organization quota 189 // limit "DefaultRequestsPerMinutePerOrganization" on the metric 190 // "dataflow.googleapis.com/default_requests". 191 // 192 // { "reason": "RATE_LIMIT_EXCEEDED", 193 // "domain": "googleapis.com", 194 // "metadata": { 195 // "consumer": "projects/123", 196 // "service": "dataflow.googleapis.com", 197 // "quota_metric": "dataflow.googleapis.com/default_requests", 198 // "quota_limit": "DefaultRequestsPerMinutePerOrganization" 199 // } 200 // } 201 RATE_LIMIT_EXCEEDED = 5; 202 203 // The request is denied because there is not enough resource quota for the 204 // consumer. 205 // 206 // Example of an ErrorInfo when the consumer "projects/123" fails to contact 207 // "compute.googleapis.com" service because consumer's resource quota usage 208 // has reached the maximum value set for the quota limit "VMsPerProject" 209 // on the quota metric "compute.googleapis.com/vms": 210 // 211 // { "reason": "RESOURCE_QUOTA_EXCEEDED", 212 // "domain": "googleapis.com", 213 // "metadata": { 214 // "consumer": "projects/123", 215 // "service": "compute.googleapis.com", 216 // "quota_metric": "compute.googleapis.com/vms", 217 // "quota_limit": "VMsPerProject" 218 // } 219 // } 220 // 221 // Example of an ErrorInfo when the consumer "projects/123" checks resource 222 // quota on the service "dataflow.googleapis.com" and hits the organization 223 // quota limit "jobs-per-organization" on the metric 224 // "dataflow.googleapis.com/job_count". 225 // 226 // { "reason": "RESOURCE_QUOTA_EXCEEDED", 227 // "domain": "googleapis.com", 228 // "metadata": { 229 // "consumer": "projects/123", 230 // "service": "dataflow.googleapis.com", 231 // "quota_metric": "dataflow.googleapis.com/job_count", 232 // "quota_limit": "jobs-per-organization" 233 // } 234 // } 235 RESOURCE_QUOTA_EXCEEDED = 6; 236 237 // The request whose associated billing account address is in a tax restricted 238 // location, violates the local tax restrictions when creating resources in 239 // the restricted region. 240 // 241 // Example of an ErrorInfo when creating the Cloud Storage Bucket in the 242 // container "projects/123" under a tax restricted region 243 // "locations/asia-northeast3": 244 // 245 // { "reason": "LOCATION_TAX_POLICY_VIOLATED", 246 // "domain": "googleapis.com", 247 // "metadata": { 248 // "consumer": "projects/123", 249 // "service": "storage.googleapis.com", 250 // "location": "locations/asia-northeast3" 251 // } 252 // } 253 // 254 // This response indicates creating the Cloud Storage Bucket in 255 // "locations/asia-northeast3" violates the location tax restriction. 256 LOCATION_TAX_POLICY_VIOLATED = 10; 257 258 // The request is denied because the caller does not have required permission 259 // on the user project "projects/123" or the user project is invalid. For more 260 // information, check the [userProject System 261 // Parameters](https://cloud.google.com/apis/docs/system-parameters). 262 // 263 // Example of an ErrorInfo when the caller is calling Cloud Storage service 264 // with insufficient permissions on the user project: 265 // 266 // { "reason": "USER_PROJECT_DENIED", 267 // "domain": "googleapis.com", 268 // "metadata": { 269 // "consumer": "projects/123", 270 // "service": "storage.googleapis.com" 271 // } 272 // } 273 USER_PROJECT_DENIED = 11; 274 275 // The request is denied because the consumer "projects/123" is suspended due 276 // to Terms of Service(Tos) violations. Check [Project suspension 277 // guidelines](https://cloud.google.com/resource-manager/docs/project-suspension-guidelines) 278 // for more information. 279 // 280 // Example of an ErrorInfo when calling Cloud Storage service with the 281 // suspended consumer "projects/123": 282 // 283 // { "reason": "CONSUMER_SUSPENDED", 284 // "domain": "googleapis.com", 285 // "metadata": { 286 // "consumer": "projects/123", 287 // "service": "storage.googleapis.com" 288 // } 289 // } 290 CONSUMER_SUSPENDED = 12; 291 292 // The request is denied because the associated consumer is invalid. It may be 293 // in a bad format, cannot be found, or have been deleted. 294 // 295 // Example of an ErrorInfo when calling Cloud Storage service with the 296 // invalid consumer "projects/123": 297 // 298 // { "reason": "CONSUMER_INVALID", 299 // "domain": "googleapis.com", 300 // "metadata": { 301 // "consumer": "projects/123", 302 // "service": "storage.googleapis.com" 303 // } 304 // } 305 CONSUMER_INVALID = 14; 306 307 // The request is denied because it violates [VPC Service 308 // Controls](https://cloud.google.com/vpc-service-controls/docs/overview). 309 // The 'uid' field is a random generated identifier that customer can use it 310 // to search the audit log for a request rejected by VPC Service Controls. For 311 // more information, please refer [VPC Service Controls 312 // Troubleshooting](https://cloud.google.com/vpc-service-controls/docs/troubleshooting#unique-id) 313 // 314 // Example of an ErrorInfo when the consumer "projects/123" fails to call 315 // Cloud Storage service because the request is prohibited by the VPC Service 316 // Controls. 317 // 318 // { "reason": "SECURITY_POLICY_VIOLATED", 319 // "domain": "googleapis.com", 320 // "metadata": { 321 // "uid": "123456789abcde", 322 // "consumer": "projects/123", 323 // "service": "storage.googleapis.com" 324 // } 325 // } 326 SECURITY_POLICY_VIOLATED = 15; 327 328 // The request is denied because the provided access token has expired. 329 // 330 // Example of an ErrorInfo when the request is calling Cloud Storage service 331 // with an expired access token: 332 // 333 // { "reason": "ACCESS_TOKEN_EXPIRED", 334 // "domain": "googleapis.com", 335 // "metadata": { 336 // "service": "storage.googleapis.com", 337 // "method": "google.storage.v1.Storage.GetObject" 338 // } 339 // } 340 ACCESS_TOKEN_EXPIRED = 16; 341 342 // The request is denied because the provided access token doesn't have at 343 // least one of the acceptable scopes required for the API. Please check 344 // [OAuth 2.0 Scopes for Google 345 // APIs](https://developers.google.com/identity/protocols/oauth2/scopes) for 346 // the list of the OAuth 2.0 scopes that you might need to request to access 347 // the API. 348 // 349 // Example of an ErrorInfo when the request is calling Cloud Storage service 350 // with an access token that is missing required scopes: 351 // 352 // { "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", 353 // "domain": "googleapis.com", 354 // "metadata": { 355 // "service": "storage.googleapis.com", 356 // "method": "google.storage.v1.Storage.GetObject" 357 // } 358 // } 359 ACCESS_TOKEN_SCOPE_INSUFFICIENT = 17; 360 361 // The request is denied because the account associated with the provided 362 // access token is in an invalid state, such as disabled or deleted. 363 // For more information, see https://cloud.google.com/docs/authentication. 364 // 365 // Warning: For privacy reasons, the server may not be able to disclose the 366 // email address for some accounts. The client MUST NOT depend on the 367 // availability of the `email` attribute. 368 // 369 // Example of an ErrorInfo when the request is to the Cloud Storage API with 370 // an access token that is associated with a disabled or deleted [service 371 // account](http://cloud/iam/docs/service-accounts): 372 // 373 // { "reason": "ACCOUNT_STATE_INVALID", 374 // "domain": "googleapis.com", 375 // "metadata": { 376 // "service": "storage.googleapis.com", 377 // "method": "google.storage.v1.Storage.GetObject", 378 // "email": "[email protected]" 379 // } 380 // } 381 ACCOUNT_STATE_INVALID = 18; 382 383 // The request is denied because the type of the provided access token is not 384 // supported by the API being called. 385 // 386 // Example of an ErrorInfo when the request is to the Cloud Storage API with 387 // an unsupported token type. 388 // 389 // { "reason": "ACCESS_TOKEN_TYPE_UNSUPPORTED", 390 // "domain": "googleapis.com", 391 // "metadata": { 392 // "service": "storage.googleapis.com", 393 // "method": "google.storage.v1.Storage.GetObject" 394 // } 395 // } 396 ACCESS_TOKEN_TYPE_UNSUPPORTED = 19; 397 398 // The request is denied because the request doesn't have any authentication 399 // credentials. For more information regarding the supported authentication 400 // strategies for Google Cloud APIs, see 401 // https://cloud.google.com/docs/authentication. 402 // 403 // Example of an ErrorInfo when the request is to the Cloud Storage API 404 // without any authentication credentials. 405 // 406 // { "reason": "CREDENTIALS_MISSING", 407 // "domain": "googleapis.com", 408 // "metadata": { 409 // "service": "storage.googleapis.com", 410 // "method": "google.storage.v1.Storage.GetObject" 411 // } 412 // } 413 CREDENTIALS_MISSING = 20; 414 415 // The request is denied because the provided project owning the resource 416 // which acts as the [API 417 // consumer](https://cloud.google.com/apis/design/glossary#api_consumer) is 418 // invalid. It may be in a bad format or empty. 419 // 420 // Example of an ErrorInfo when the request is to the Cloud Functions API, 421 // but the offered resource project in the request in a bad format which can't 422 // perform the ListFunctions method. 423 // 424 // { "reason": "RESOURCE_PROJECT_INVALID", 425 // "domain": "googleapis.com", 426 // "metadata": { 427 // "service": "cloudfunctions.googleapis.com", 428 // "method": 429 // "google.cloud.functions.v1.CloudFunctionsService.ListFunctions" 430 // } 431 // } 432 RESOURCE_PROJECT_INVALID = 21; 433 434 // The request is denied because the provided session cookie is missing, 435 // invalid or failed to decode. 436 // 437 // Example of an ErrorInfo when the request is calling Cloud Storage service 438 // with a SID cookie which can't be decoded. 439 // 440 // { "reason": "SESSION_COOKIE_INVALID", 441 // "domain": "googleapis.com", 442 // "metadata": { 443 // "service": "storage.googleapis.com", 444 // "method": "google.storage.v1.Storage.GetObject", 445 // "cookie": "SID" 446 // } 447 // } 448 SESSION_COOKIE_INVALID = 23; 449 450 // The request is denied because the user is from a Google Workspace customer 451 // that blocks their users from accessing a particular service. 452 // 453 // Example scenario: https://support.google.com/a/answer/9197205?hl=en 454 // 455 // Example of an ErrorInfo when access to Google Cloud Storage service is 456 // blocked by the Google Workspace administrator: 457 // 458 // { "reason": "USER_BLOCKED_BY_ADMIN", 459 // "domain": "googleapis.com", 460 // "metadata": { 461 // "service": "storage.googleapis.com", 462 // "method": "google.storage.v1.Storage.GetObject", 463 // } 464 // } 465 USER_BLOCKED_BY_ADMIN = 24; 466 467 // The request is denied because the resource service usage is restricted 468 // by administrators according to the organization policy constraint. 469 // For more information see 470 // https://cloud.google.com/resource-manager/docs/organization-policy/restricting-services. 471 // 472 // Example of an ErrorInfo when access to Google Cloud Storage service is 473 // restricted by Resource Usage Restriction policy: 474 // 475 // { "reason": "RESOURCE_USAGE_RESTRICTION_VIOLATED", 476 // "domain": "googleapis.com", 477 // "metadata": { 478 // "consumer": "projects/project-123", 479 // "service": "storage.googleapis.com" 480 // } 481 // } 482 RESOURCE_USAGE_RESTRICTION_VIOLATED = 25; 483 484 // Unimplemented. Do not use. 485 // 486 // The request is denied because it contains unsupported system parameters in 487 // URL query parameters or HTTP headers. For more information, 488 // see https://cloud.google.com/apis/docs/system-parameters 489 // 490 // Example of an ErrorInfo when access "pubsub.googleapis.com" service with 491 // a request header of "x-goog-user-ip": 492 // 493 // { "reason": "SYSTEM_PARAMETER_UNSUPPORTED", 494 // "domain": "googleapis.com", 495 // "metadata": { 496 // "service": "pubsub.googleapis.com" 497 // "parameter": "x-goog-user-ip" 498 // } 499 // } 500 SYSTEM_PARAMETER_UNSUPPORTED = 26; 501 502 // The request is denied because it violates Org Restriction: the requested 503 // resource does not belong to allowed organizations specified in 504 // "X-Goog-Allowed-Resources" header. 505 // 506 // Example of an ErrorInfo when accessing a GCP resource that is restricted by 507 // Org Restriction for "pubsub.googleapis.com" service. 508 // 509 // { 510 // reason: "ORG_RESTRICTION_VIOLATION" 511 // domain: "googleapis.com" 512 // metadata { 513 // "consumer":"projects/123456" 514 // "service": "pubsub.googleapis.com" 515 // } 516 // } 517 ORG_RESTRICTION_VIOLATION = 27; 518 519 // The request is denied because "X-Goog-Allowed-Resources" header is in a bad 520 // format. 521 // 522 // Example of an ErrorInfo when 523 // accessing "pubsub.googleapis.com" service with an invalid 524 // "X-Goog-Allowed-Resources" request header. 525 // 526 // { 527 // reason: "ORG_RESTRICTION_HEADER_INVALID" 528 // domain: "googleapis.com" 529 // metadata { 530 // "consumer":"projects/123456" 531 // "service": "pubsub.googleapis.com" 532 // } 533 // } 534 ORG_RESTRICTION_HEADER_INVALID = 28; 535 536 // Unimplemented. Do not use. 537 // 538 // The request is calling a service that is not visible to the consumer. 539 // 540 // Example of an ErrorInfo when the consumer "projects/123" contacting 541 // "pubsub.googleapis.com" service which is not visible to the consumer. 542 // 543 // { "reason": "SERVICE_NOT_VISIBLE", 544 // "domain": "googleapis.com", 545 // "metadata": { 546 // "consumer": "projects/123", 547 // "service": "pubsub.googleapis.com" 548 // } 549 // } 550 // 551 // This response indicates the "pubsub.googleapis.com" is not visible to 552 // "projects/123" (or it may not exist). 553 SERVICE_NOT_VISIBLE = 29; 554 555 // The request is related to a project for which GCP access is suspended. 556 // 557 // Example of an ErrorInfo when the consumer "projects/123" fails to contact 558 // "pubsub.googleapis.com" service because GCP access is suspended: 559 // 560 // { "reason": "GCP_SUSPENDED", 561 // "domain": "googleapis.com", 562 // "metadata": { 563 // "consumer": "projects/123", 564 // "service": "pubsub.googleapis.com" 565 // } 566 // } 567 // 568 // This response indicates the associated GCP account has been suspended. 569 GCP_SUSPENDED = 30; 570 571 // The request violates the location policies when creating resources in 572 // the restricted region. 573 // 574 // Example of an ErrorInfo when creating the Cloud Storage Bucket by 575 // "projects/123" for service storage.googleapis.com: 576 // 577 // { "reason": "LOCATION_POLICY_VIOLATED", 578 // "domain": "googleapis.com", 579 // "metadata": { 580 // "consumer": "projects/123", 581 // "service": "storage.googleapis.com", 582 // } 583 // } 584 // 585 // This response indicates creating the Cloud Storage Bucket in 586 // "locations/asia-northeast3" violates at least one location policy. 587 // The troubleshooting guidance is provided in the Help links. 588 LOCATION_POLICY_VIOLATED = 31; 589} 590