1*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.cloudcontrolspartner.v1beta; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/type/interval.proto"; 23*d5c09012SAndroid Build Coastguard Worker 24*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.CloudControlsPartner.V1Beta"; 25*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/cloudcontrolspartner/apiv1beta/cloudcontrolspartnerpb;cloudcontrolspartnerpb"; 26*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 27*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "ViolationsProto"; 28*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.cloudcontrolspartner.v1beta"; 29*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\CloudControlsPartner\\V1beta"; 30*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::CloudControlsPartner::V1beta"; 31*d5c09012SAndroid Build Coastguard Worker 32*d5c09012SAndroid Build Coastguard Worker// Details of resource Violation 33*d5c09012SAndroid Build Coastguard Workermessage Violation { 34*d5c09012SAndroid Build Coastguard Worker option (google.api.resource) = { 35*d5c09012SAndroid Build Coastguard Worker type: "cloudcontrolspartner.googleapis.com/Violation" 36*d5c09012SAndroid Build Coastguard Worker pattern: "organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation}" 37*d5c09012SAndroid Build Coastguard Worker plural: "violations" 38*d5c09012SAndroid Build Coastguard Worker singular: "violation" 39*d5c09012SAndroid Build Coastguard Worker }; 40*d5c09012SAndroid Build Coastguard Worker 41*d5c09012SAndroid Build Coastguard Worker // Represents remediation guidance to resolve compliance violation for 42*d5c09012SAndroid Build Coastguard Worker // AssuredWorkload 43*d5c09012SAndroid Build Coastguard Worker message Remediation { 44*d5c09012SAndroid Build Coastguard Worker // Instructions to remediate violation 45*d5c09012SAndroid Build Coastguard Worker message Instructions { 46*d5c09012SAndroid Build Coastguard Worker // Remediation instructions to resolve violation via gcloud cli 47*d5c09012SAndroid Build Coastguard Worker message Gcloud { 48*d5c09012SAndroid Build Coastguard Worker // Gcloud command to resolve violation 49*d5c09012SAndroid Build Coastguard Worker repeated string gcloud_commands = 1; 50*d5c09012SAndroid Build Coastguard Worker 51*d5c09012SAndroid Build Coastguard Worker // Steps to resolve violation via gcloud cli 52*d5c09012SAndroid Build Coastguard Worker repeated string steps = 2; 53*d5c09012SAndroid Build Coastguard Worker 54*d5c09012SAndroid Build Coastguard Worker // Additional urls for more information about steps 55*d5c09012SAndroid Build Coastguard Worker repeated string additional_links = 3; 56*d5c09012SAndroid Build Coastguard Worker } 57*d5c09012SAndroid Build Coastguard Worker 58*d5c09012SAndroid Build Coastguard Worker // Remediation instructions to resolve violation via cloud console 59*d5c09012SAndroid Build Coastguard Worker message Console { 60*d5c09012SAndroid Build Coastguard Worker // Link to console page where violations can be resolved 61*d5c09012SAndroid Build Coastguard Worker repeated string console_uris = 1; 62*d5c09012SAndroid Build Coastguard Worker 63*d5c09012SAndroid Build Coastguard Worker // Steps to resolve violation via cloud console 64*d5c09012SAndroid Build Coastguard Worker repeated string steps = 2; 65*d5c09012SAndroid Build Coastguard Worker 66*d5c09012SAndroid Build Coastguard Worker // Additional urls for more information about steps 67*d5c09012SAndroid Build Coastguard Worker repeated string additional_links = 3; 68*d5c09012SAndroid Build Coastguard Worker } 69*d5c09012SAndroid Build Coastguard Worker 70*d5c09012SAndroid Build Coastguard Worker // Remediation instructions to resolve violation via gcloud cli 71*d5c09012SAndroid Build Coastguard Worker Gcloud gcloud_instructions = 1; 72*d5c09012SAndroid Build Coastguard Worker 73*d5c09012SAndroid Build Coastguard Worker // Remediation instructions to resolve violation via cloud console 74*d5c09012SAndroid Build Coastguard Worker Console console_instructions = 2; 75*d5c09012SAndroid Build Coastguard Worker } 76*d5c09012SAndroid Build Coastguard Worker 77*d5c09012SAndroid Build Coastguard Worker // Classifying remediation into various types based on the kind of 78*d5c09012SAndroid Build Coastguard Worker // violation. For example, violations caused due to changes in boolean org 79*d5c09012SAndroid Build Coastguard Worker // policy requires different remediation instructions compared to violation 80*d5c09012SAndroid Build Coastguard Worker // caused due to changes in allowed values of list org policy. 81*d5c09012SAndroid Build Coastguard Worker enum RemediationType { 82*d5c09012SAndroid Build Coastguard Worker // Unspecified remediation type 83*d5c09012SAndroid Build Coastguard Worker REMEDIATION_TYPE_UNSPECIFIED = 0; 84*d5c09012SAndroid Build Coastguard Worker 85*d5c09012SAndroid Build Coastguard Worker // Remediation type for boolean org policy 86*d5c09012SAndroid Build Coastguard Worker REMEDIATION_BOOLEAN_ORG_POLICY_VIOLATION = 1; 87*d5c09012SAndroid Build Coastguard Worker 88*d5c09012SAndroid Build Coastguard Worker // Remediation type for list org policy which have allowed values in the 89*d5c09012SAndroid Build Coastguard Worker // monitoring rule 90*d5c09012SAndroid Build Coastguard Worker REMEDIATION_LIST_ALLOWED_VALUES_ORG_POLICY_VIOLATION = 2; 91*d5c09012SAndroid Build Coastguard Worker 92*d5c09012SAndroid Build Coastguard Worker // Remediation type for list org policy which have denied values in the 93*d5c09012SAndroid Build Coastguard Worker // monitoring rule 94*d5c09012SAndroid Build Coastguard Worker REMEDIATION_LIST_DENIED_VALUES_ORG_POLICY_VIOLATION = 3; 95*d5c09012SAndroid Build Coastguard Worker 96*d5c09012SAndroid Build Coastguard Worker // Remediation type for gcp.restrictCmekCryptoKeyProjects 97*d5c09012SAndroid Build Coastguard Worker REMEDIATION_RESTRICT_CMEK_CRYPTO_KEY_PROJECTS_ORG_POLICY_VIOLATION = 4; 98*d5c09012SAndroid Build Coastguard Worker 99*d5c09012SAndroid Build Coastguard Worker // Remediation type for resource violation. 100*d5c09012SAndroid Build Coastguard Worker REMEDIATION_RESOURCE_VIOLATION = 5; 101*d5c09012SAndroid Build Coastguard Worker } 102*d5c09012SAndroid Build Coastguard Worker 103*d5c09012SAndroid Build Coastguard Worker // Required. Remediation instructions to resolve violations 104*d5c09012SAndroid Build Coastguard Worker Instructions instructions = 1 [(google.api.field_behavior) = REQUIRED]; 105*d5c09012SAndroid Build Coastguard Worker 106*d5c09012SAndroid Build Coastguard Worker // Values that can resolve the violation 107*d5c09012SAndroid Build Coastguard Worker // For example: for list org policy violations, this will either be the list 108*d5c09012SAndroid Build Coastguard Worker // of allowed or denied values 109*d5c09012SAndroid Build Coastguard Worker repeated string compliant_values = 2; 110*d5c09012SAndroid Build Coastguard Worker 111*d5c09012SAndroid Build Coastguard Worker // Output only. Remediation type based on the type of org policy values 112*d5c09012SAndroid Build Coastguard Worker // violated 113*d5c09012SAndroid Build Coastguard Worker RemediationType remediation_type = 3 114*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 115*d5c09012SAndroid Build Coastguard Worker } 116*d5c09012SAndroid Build Coastguard Worker 117*d5c09012SAndroid Build Coastguard Worker // Violation State Values 118*d5c09012SAndroid Build Coastguard Worker enum State { 119*d5c09012SAndroid Build Coastguard Worker // Unspecified state. 120*d5c09012SAndroid Build Coastguard Worker STATE_UNSPECIFIED = 0; 121*d5c09012SAndroid Build Coastguard Worker 122*d5c09012SAndroid Build Coastguard Worker // Violation is resolved. 123*d5c09012SAndroid Build Coastguard Worker RESOLVED = 1; 124*d5c09012SAndroid Build Coastguard Worker 125*d5c09012SAndroid Build Coastguard Worker // Violation is Unresolved 126*d5c09012SAndroid Build Coastguard Worker UNRESOLVED = 2; 127*d5c09012SAndroid Build Coastguard Worker 128*d5c09012SAndroid Build Coastguard Worker // Violation is Exception 129*d5c09012SAndroid Build Coastguard Worker EXCEPTION = 3; 130*d5c09012SAndroid Build Coastguard Worker } 131*d5c09012SAndroid Build Coastguard Worker 132*d5c09012SAndroid Build Coastguard Worker // Identifier. Format: 133*d5c09012SAndroid Build Coastguard Worker // organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation} 134*d5c09012SAndroid Build Coastguard Worker string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 135*d5c09012SAndroid Build Coastguard Worker 136*d5c09012SAndroid Build Coastguard Worker // Output only. Description for the Violation. 137*d5c09012SAndroid Build Coastguard Worker // e.g. OrgPolicy gcp.resourceLocations has non compliant value. 138*d5c09012SAndroid Build Coastguard Worker string description = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 139*d5c09012SAndroid Build Coastguard Worker 140*d5c09012SAndroid Build Coastguard Worker // Output only. Time of the event which triggered the Violation. 141*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp begin_time = 3 142*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 143*d5c09012SAndroid Build Coastguard Worker 144*d5c09012SAndroid Build Coastguard Worker // Output only. The last time when the Violation record was updated. 145*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp update_time = 4 146*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 147*d5c09012SAndroid Build Coastguard Worker 148*d5c09012SAndroid Build Coastguard Worker // Output only. Time of the event which fixed the Violation. 149*d5c09012SAndroid Build Coastguard Worker // If the violation is ACTIVE this will be empty. 150*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp resolve_time = 5 151*d5c09012SAndroid Build Coastguard Worker [(google.api.field_behavior) = OUTPUT_ONLY]; 152*d5c09012SAndroid Build Coastguard Worker 153*d5c09012SAndroid Build Coastguard Worker // Output only. Category under which this violation is mapped. 154*d5c09012SAndroid Build Coastguard Worker // e.g. Location, Service Usage, Access, Encryption, etc. 155*d5c09012SAndroid Build Coastguard Worker string category = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 156*d5c09012SAndroid Build Coastguard Worker 157*d5c09012SAndroid Build Coastguard Worker // Output only. State of the violation 158*d5c09012SAndroid Build Coastguard Worker State state = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 159*d5c09012SAndroid Build Coastguard Worker 160*d5c09012SAndroid Build Coastguard Worker // Output only. Immutable. Name of the OrgPolicy which was modified with 161*d5c09012SAndroid Build Coastguard Worker // non-compliant change and resulted this violation. Format: 162*d5c09012SAndroid Build Coastguard Worker // projects/{project_number}/policies/{constraint_name} 163*d5c09012SAndroid Build Coastguard Worker // folders/{folder_id}/policies/{constraint_name} 164*d5c09012SAndroid Build Coastguard Worker // organizations/{organization_id}/policies/{constraint_name} 165*d5c09012SAndroid Build Coastguard Worker string non_compliant_org_policy = 8 [ 166*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = OUTPUT_ONLY, 167*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = IMMUTABLE 168*d5c09012SAndroid Build Coastguard Worker ]; 169*d5c09012SAndroid Build Coastguard Worker 170*d5c09012SAndroid Build Coastguard Worker // The folder_id of the violation 171*d5c09012SAndroid Build Coastguard Worker int64 folder_id = 9; 172*d5c09012SAndroid Build Coastguard Worker 173*d5c09012SAndroid Build Coastguard Worker // Output only. Compliance violation remediation 174*d5c09012SAndroid Build Coastguard Worker Remediation remediation = 13 [(google.api.field_behavior) = OUTPUT_ONLY]; 175*d5c09012SAndroid Build Coastguard Worker} 176*d5c09012SAndroid Build Coastguard Worker 177*d5c09012SAndroid Build Coastguard Worker// Message for requesting list of Violations 178*d5c09012SAndroid Build Coastguard Workermessage ListViolationsRequest { 179*d5c09012SAndroid Build Coastguard Worker // Required. Parent resource 180*d5c09012SAndroid Build Coastguard Worker // Format 181*d5c09012SAndroid Build Coastguard Worker // organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload} 182*d5c09012SAndroid Build Coastguard Worker string parent = 1 [ 183*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 184*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 185*d5c09012SAndroid Build Coastguard Worker child_type: "cloudcontrolspartner.googleapis.com/Violation" 186*d5c09012SAndroid Build Coastguard Worker } 187*d5c09012SAndroid Build Coastguard Worker ]; 188*d5c09012SAndroid Build Coastguard Worker 189*d5c09012SAndroid Build Coastguard Worker // Optional. The maximum number of customers row to return. The service may 190*d5c09012SAndroid Build Coastguard Worker // return fewer than this value. If unspecified, at most 10 customers will be 191*d5c09012SAndroid Build Coastguard Worker // returned. 192*d5c09012SAndroid Build Coastguard Worker int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; 193*d5c09012SAndroid Build Coastguard Worker 194*d5c09012SAndroid Build Coastguard Worker // Optional. A page token, received from a previous `ListViolations` call. 195*d5c09012SAndroid Build Coastguard Worker // Provide this to retrieve the subsequent page. 196*d5c09012SAndroid Build Coastguard Worker string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; 197*d5c09012SAndroid Build Coastguard Worker 198*d5c09012SAndroid Build Coastguard Worker // Optional. Filtering results 199*d5c09012SAndroid Build Coastguard Worker string filter = 4 [(google.api.field_behavior) = OPTIONAL]; 200*d5c09012SAndroid Build Coastguard Worker 201*d5c09012SAndroid Build Coastguard Worker // Optional. Hint for how to order the results 202*d5c09012SAndroid Build Coastguard Worker string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; 203*d5c09012SAndroid Build Coastguard Worker 204*d5c09012SAndroid Build Coastguard Worker // Optional. Specifies the interval for retrieving violations. 205*d5c09012SAndroid Build Coastguard Worker // if unspecified, all violations will be returned. 206*d5c09012SAndroid Build Coastguard Worker google.type.Interval interval = 6 [(google.api.field_behavior) = OPTIONAL]; 207*d5c09012SAndroid Build Coastguard Worker} 208*d5c09012SAndroid Build Coastguard Worker 209*d5c09012SAndroid Build Coastguard Worker// Response message for list customer violation requests 210*d5c09012SAndroid Build Coastguard Workermessage ListViolationsResponse { 211*d5c09012SAndroid Build Coastguard Worker // List of violation 212*d5c09012SAndroid Build Coastguard Worker repeated Violation violations = 1; 213*d5c09012SAndroid Build Coastguard Worker 214*d5c09012SAndroid Build Coastguard Worker // A token that can be sent as `page_token` to retrieve the next page. 215*d5c09012SAndroid Build Coastguard Worker // If this field is omitted, there are no subsequent pages. 216*d5c09012SAndroid Build Coastguard Worker string next_page_token = 2; 217*d5c09012SAndroid Build Coastguard Worker 218*d5c09012SAndroid Build Coastguard Worker // Workloads that could not be reached due to permission errors or any other 219*d5c09012SAndroid Build Coastguard Worker // error. Ref: https://google.aip.dev/217 220*d5c09012SAndroid Build Coastguard Worker repeated string unreachable = 3; 221*d5c09012SAndroid Build Coastguard Worker} 222*d5c09012SAndroid Build Coastguard Worker 223*d5c09012SAndroid Build Coastguard Worker// Message for getting a Violation 224*d5c09012SAndroid Build Coastguard Workermessage GetViolationRequest { 225*d5c09012SAndroid Build Coastguard Worker // Required. Format: 226*d5c09012SAndroid Build Coastguard Worker // organizations/{organization}/locations/{location}/customers/{customer}/workloads/{workload}/violations/{violation} 227*d5c09012SAndroid Build Coastguard Worker string name = 1 [ 228*d5c09012SAndroid Build Coastguard Worker (google.api.field_behavior) = REQUIRED, 229*d5c09012SAndroid Build Coastguard Worker (google.api.resource_reference) = { 230*d5c09012SAndroid Build Coastguard Worker type: "cloudcontrolspartner.googleapis.com/Violation" 231*d5c09012SAndroid Build Coastguard Worker } 232*d5c09012SAndroid Build Coastguard Worker ]; 233*d5c09012SAndroid Build Coastguard Worker} 234