1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.cloudcontrolspartner.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/timestamp.proto"; 22 23option csharp_namespace = "Google.Cloud.CloudControlsPartner.V1"; 24option go_package = "cloud.google.com/go/cloudcontrolspartner/apiv1/cloudcontrolspartnerpb;cloudcontrolspartnerpb"; 25option java_multiple_files = true; 26option java_outer_classname = "AccessApprovalRequestsProto"; 27option java_package = "com.google.cloud.cloudcontrolspartner.v1"; 28option php_namespace = "Google\\Cloud\\CloudControlsPartner\\V1"; 29option ruby_package = "Google::Cloud::CloudControlsPartner::V1"; 30 31// Details about the Access request. 32message AccessApprovalRequest { 33 option (google.api.resource) = { 34 type: "cloudcontrolspartner.googleapis.com/AccessApprovalRequest" 35 pattern: "organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}" 36 plural: "accessApprovalRequests" 37 singular: "accessApprovalRequest" 38 }; 39 40 // Identifier. Format: 41 // `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/accessApprovalRequests/{access_approval_request}` 42 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 43 44 // The time at which approval was requested. 45 google.protobuf.Timestamp request_time = 2; 46 47 // The justification for which approval is being requested. 48 AccessReason requested_reason = 3; 49 50 // The requested expiration for the approval. If the request is approved, 51 // access will be granted from the time of approval until the expiration time. 52 google.protobuf.Timestamp requested_expiration_time = 4; 53} 54 55// Request for getting the access requests associated with a workload. 56message ListAccessApprovalRequestsRequest { 57 // Required. Parent resource 58 // Format: 59 // `organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}` 60 string parent = 1 [ 61 (google.api.field_behavior) = REQUIRED, 62 (google.api.resource_reference) = { 63 child_type: "cloudcontrolspartner.googleapis.com/AccessApprovalRequest" 64 } 65 ]; 66 67 // Optional. The maximum number of access requests to return. The service may 68 // return fewer than this value. If unspecified, at most 500 access requests 69 // will be returned. 70 int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 71 72 // Optional. A page token, received from a previous 73 // `ListAccessApprovalRequests` call. Provide this to retrieve the subsequent 74 // page. 75 string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 76 77 // Optional. Filtering results. 78 string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 79 80 // Optional. Hint for how to order the results. 81 string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 82} 83 84// Response message for list access requests. 85message ListAccessApprovalRequestsResponse { 86 // List of access approval requests 87 repeated AccessApprovalRequest access_approval_requests = 1; 88 89 // A token that can be sent as `page_token` to retrieve the next page. 90 // If this field is omitted, there are no subsequent pages. 91 string next_page_token = 2; 92 93 // Locations that could not be reached. 94 repeated string unreachable = 3; 95} 96 97// Reason for the access. 98message AccessReason { 99 // Type of access justification. 100 enum Type { 101 // Default value for proto, shouldn't be used. 102 TYPE_UNSPECIFIED = 0; 103 104 // Customer made a request or raised an issue that required the principal to 105 // access customer data. `detail` is of the form ("#####" is the issue ID): 106 // 107 // - "Feedback Report: #####" 108 // - "Case Number: #####" 109 // - "Case ID: #####" 110 // - "E-PIN Reference: #####" 111 // - "Google-#####" 112 // - "T-#####" 113 CUSTOMER_INITIATED_SUPPORT = 1; 114 115 // The principal accessed customer data in order to diagnose or resolve a 116 // suspected issue in services. Often this access is used to confirm that 117 // customers are not affected by a suspected service issue or to remediate a 118 // reversible system issue. 119 GOOGLE_INITIATED_SERVICE = 2; 120 121 // Google initiated service for security, fraud, abuse, or compliance 122 // purposes. 123 GOOGLE_INITIATED_REVIEW = 3; 124 125 // The principal was compelled to access customer data in order to respond 126 // to a legal third party data request or process, including legal processes 127 // from customers themselves. 128 THIRD_PARTY_DATA_REQUEST = 4; 129 130 // The principal accessed customer data in order to diagnose or resolve a 131 // suspected issue in services or a known outage. 132 GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5; 133 134 // Similar to 'GOOGLE_INITIATED_SERVICE' or 'GOOGLE_INITIATED_REVIEW', but 135 // with universe agnostic naming. The principal accessed customer data in 136 // order to diagnose or resolve a suspected issue in services or a known 137 // outage, or for security, fraud, abuse, or compliance review purposes. 138 CLOUD_INITIATED_ACCESS = 6; 139 } 140 141 // Type of access justification. 142 Type type = 1; 143 144 // More detail about certain reason types. See comments for each type above. 145 string detail = 2; 146} 147