1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.kms.logging.v1; 18 19import "google/rpc/status.proto"; 20 21option go_package = "cloud.google.com/go/kms/logging/apiv1/loggingpb;loggingpb"; 22option java_multiple_files = true; 23option java_outer_classname = "LogsProto"; 24option java_package = "com.google.cloud.kms.logging.v1"; 25 26// This file defines the format of Cloud KMS Platform Logging Logs. 27 28// Log message used to send to Platform Logging for asynchronous 29// CryptoKey events. 30message CryptoKeyEvent { 31 // The event emitted by KMS when performing a scheduled automatic CryptoKey 32 // rotation. See https://cloud.google.com/kms/docs/rotating-keys#automatic 33 message RotationEvent { 34 // The result of the scheduled key rotation. The 'details' field of the 35 // status may contain a google.rpc.PreconditionFailure. 36 google.rpc.Status status = 1; 37 } 38 39 // An event for rotating the primary CryptoKeyVersion of a CryptoKey. 40 RotationEvent rotation_event = 1; 41} 42 43// Log message used to send to Platform Logging for asynchronous 44// CryptoKeyVersion events. 45message CryptoKeyVersionEvent { 46 // The event emitted by KMS when destroying a CryptoKeyVersion scheduled for 47 // destruction. See https://cloud.google.com/kms/docs/destroy-restore#destroy 48 message ScheduledDestructionEvent { 49 // The result of the scheduled key version destruction. The 'details' field 50 // of the status may contain a google.rpc.PreconditionFailure. For EKM keys, 51 // the 'violations' field of a PreconditionFailure will also include EKM 52 // errors. 53 google.rpc.Status status = 1; 54 55 // The Key Access Justification (KAJ) reason associated with the request. 56 // This field is only populated for KAJ enrolled customers for EKM keys. 57 string key_access_justification_reason = 2; 58 } 59 60 // The event emitted by KMS when generating a CryptoKeyVersion. See 61 // https://cloud.google.com/kms/docs/key-states 62 message KeyGenerationEvent { 63 // The result of the key version generation. The 'details' field of the 64 // status may contain a google.rpc.PreconditionFailure. For EKM keys, the 65 // 'violations' field of a PreconditionFailure will also include EKM errors. 66 google.rpc.Status status = 1; 67 68 // The Key Access Justification (KAJ) reason associated with the request. 69 // This field is only populated for KAJ enrolled customers for EKM keys. 70 string key_access_justification_reason = 2; 71 } 72 73 // The event emitted by KMS when importing a CryptoKeyVersion. See 74 // https://cloud.google.com/kms/docs/importing-a-key 75 message ImportEvent { 76 // The result of the key version import. The 'details' field of the status 77 // may contain a google.rpc.PreconditionFailure. 78 google.rpc.Status status = 1; 79 } 80 81 oneof event { 82 // An event for the scheduled destruction of a CryptoKeyVersion. 83 ScheduledDestructionEvent scheduled_destruction_event = 1; 84 85 // An event for the generation of a CryptoKeyVersion. 86 KeyGenerationEvent key_generation_event = 2; 87 88 // An event for the import of key material for a CryptoKeyVersion. 89 ImportEvent import_event = 3; 90 } 91} 92