xref: /aosp_15_r20/external/googleapis/google/cloud/resourcemanager/v2/folders.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2019 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15
16syntax = "proto3";
17
18package google.cloud.resourcemanager.v2;
19
20import "google/api/annotations.proto";
21import "google/api/client.proto";
22import "google/api/field_behavior.proto";
23import "google/api/resource.proto";
24import "google/iam/v1/iam_policy.proto";
25import "google/iam/v1/policy.proto";
26import "google/longrunning/operations.proto";
27import "google/protobuf/field_mask.proto";
28import "google/protobuf/timestamp.proto";
29
30option csharp_namespace = "Google.Cloud.ResourceManager.V2";
31option go_package = "cloud.google.com/go/resourcemanager/apiv2/resourcemanagerpb;resourcemanagerpb";
32option java_multiple_files = true;
33option java_outer_classname = "FoldersProto";
34option java_package = "com.google.cloud.resourcemanager.v2";
35option php_namespace = "Google\\Cloud\\ResourceManager\\V2";
36
37// Manages Cloud Resource Folders.
38// Cloud Resource Folders can be used to organize the resources under an
39// organization and to control the IAM policies applied to groups of resources.
40service Folders {
41  option (google.api.default_host) = "cloudresourcemanager.googleapis.com";
42  option (google.api.oauth_scopes) =
43      "https://www.googleapis.com/auth/cloud-platform,"
44      "https://www.googleapis.com/auth/cloud-platform.read-only";
45
46  // Lists the Folders that are direct descendants of supplied parent resource.
47  // List provides a strongly consistent view of the Folders underneath
48  // the specified parent resource.
49  // List returns Folders sorted based upon the (ascending) lexical ordering
50  // of their display_name.
51  // The caller must have `resourcemanager.folders.list` permission on the
52  // identified parent.
53  rpc ListFolders(ListFoldersRequest) returns (ListFoldersResponse) {
54    option (google.api.http) = {
55      get: "/v2/folders"
56    };
57    option (google.api.method_signature) = "parent,show_deleted";
58  }
59
60  // Search for folders that match specific filter criteria.
61  // Search provides an eventually consistent view of the folders a user has
62  // access to which meet the specified filter criteria.
63  //
64  // This will only return folders on which the caller has the
65  // permission `resourcemanager.folders.get`.
66  rpc SearchFolders(SearchFoldersRequest) returns (SearchFoldersResponse) {
67    option (google.api.http) = {
68      post: "/v2/folders:search"
69      body: "*"
70    };
71    option (google.api.method_signature) = "query";
72  }
73
74  // Retrieves a Folder identified by the supplied resource name.
75  // Valid Folder resource names have the format `folders/{folder_id}`
76  // (for example, `folders/1234`).
77  // The caller must have `resourcemanager.folders.get` permission on the
78  // identified folder.
79  rpc GetFolder(GetFolderRequest) returns (Folder) {
80    option (google.api.http) = {
81      get: "/v2/{name=folders/*}"
82    };
83    option (google.api.method_signature) = "name";
84  }
85
86  // Creates a Folder in the resource hierarchy.
87  // Returns an Operation which can be used to track the progress of the
88  // folder creation workflow.
89  // Upon success the Operation.response field will be populated with the
90  // created Folder.
91  //
92  // In order to succeed, the addition of this new Folder must not violate
93  // the Folder naming, height or fanout constraints.
94  //
95  // + The Folder's display_name must be distinct from all other Folder's that
96  // share its parent.
97  // + The addition of the Folder must not cause the active Folder hierarchy
98  // to exceed a height of 4. Note, the full active + deleted Folder hierarchy
99  // is allowed to reach a height of 8; this provides additional headroom when
100  // moving folders that contain deleted folders.
101  // + The addition of the Folder must not cause the total number of Folders
102  // under its parent to exceed 100.
103  //
104  // If the operation fails due to a folder constraint violation, some errors
105  // may be returned by the CreateFolder request, with status code
106  // FAILED_PRECONDITION and an error description. Other folder constraint
107  // violations will be communicated in the Operation, with the specific
108  // PreconditionFailure returned via the details list in the Operation.error
109  // field.
110  //
111  // The caller must have `resourcemanager.folders.create` permission on the
112  // identified parent.
113  rpc CreateFolder(CreateFolderRequest) returns (google.longrunning.Operation) {
114    option (google.api.http) = {
115      post: "/v2/folders"
116      body: "folder"
117    };
118    option (google.api.method_signature) = "parent,folder";
119    option (google.longrunning.operation_info) = {
120      response_type: "Folder"
121      metadata_type: "FolderOperation"
122    };
123  }
124
125  // Updates a Folder, changing its display_name.
126  // Changes to the folder display_name will be rejected if they violate either
127  // the display_name formatting rules or naming constraints described in
128  // the [CreateFolder][google.cloud.resourcemanager.v2.Folders.CreateFolder] documentation.
129  //
130  // The Folder's display name must start and end with a letter or digit,
131  // may contain letters, digits, spaces, hyphens and underscores and can be
132  // no longer than 30 characters. This is captured by the regular expression:
133  // [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
134  // The caller must have `resourcemanager.folders.update` permission on the
135  // identified folder.
136  //
137  // If the update fails due to the unique name constraint then a
138  // PreconditionFailure explaining this violation will be returned
139  // in the Status.details field.
140  rpc UpdateFolder(UpdateFolderRequest) returns (Folder) {
141    option (google.api.http) = {
142      patch: "/v2/{folder.name=folders/*}"
143      body: "folder"
144    };
145    option (google.api.method_signature) = "folder,update_mask";
146  }
147
148  // Moves a Folder under a new resource parent.
149  // Returns an Operation which can be used to track the progress of the
150  // folder move workflow.
151  // Upon success the Operation.response field will be populated with the
152  // moved Folder.
153  // Upon failure, a FolderOperationError categorizing the failure cause will
154  // be returned - if the failure occurs synchronously then the
155  // FolderOperationError will be returned via the Status.details field
156  // and if it occurs asynchronously then the FolderOperation will be returned
157  // via the Operation.error field.
158  // In addition, the Operation.metadata field will be populated with a
159  // FolderOperation message as an aid to stateless clients.
160  // Folder moves will be rejected if they violate either the naming, height
161  // or fanout constraints described in the
162  // [CreateFolder][google.cloud.resourcemanager.v2.Folders.CreateFolder] documentation.
163  // The caller must have `resourcemanager.folders.move` permission on the
164  // folder's current and proposed new parent.
165  rpc MoveFolder(MoveFolderRequest) returns (google.longrunning.Operation) {
166    option (google.api.http) = {
167      post: "/v2/{name=folders/*}:move"
168      body: "*"
169    };
170    option (google.api.method_signature) = "name,destination_parent";
171    option (google.longrunning.operation_info) = {
172      response_type: "Folder"
173      metadata_type: "FolderOperation"
174    };
175  }
176
177  // Requests deletion of a Folder. The Folder is moved into the
178  // [DELETE_REQUESTED][google.cloud.resourcemanager.v2.Folder.LifecycleState.DELETE_REQUESTED] state
179  // immediately, and is deleted approximately 30 days later. This method may
180  // only be called on an empty Folder in the
181  // [ACTIVE][google.cloud.resourcemanager.v2.Folder.LifecycleState.ACTIVE] state, where a Folder is empty if
182  // it doesn't contain any Folders or Projects in the
183  // [ACTIVE][google.cloud.resourcemanager.v2.Folder.LifecycleState.ACTIVE] state.
184  // The caller must have `resourcemanager.folders.delete` permission on the
185  // identified folder.
186  rpc DeleteFolder(DeleteFolderRequest) returns (Folder) {
187    option (google.api.http) = {
188      delete: "/v2/{name=folders/*}"
189    };
190    option (google.api.method_signature) = "name";
191    option (google.api.method_signature) = "name,recursive_delete";
192  }
193
194  // Cancels the deletion request for a Folder. This method may only be
195  // called on a Folder in the
196  // [DELETE_REQUESTED][google.cloud.resourcemanager.v2.Folder.LifecycleState.DELETE_REQUESTED] state.
197  // In order to succeed, the Folder's parent must be in the
198  // [ACTIVE][google.cloud.resourcemanager.v2.Folder.LifecycleState.ACTIVE] state.
199  // In addition, reintroducing the folder into the tree must not violate
200  // folder naming, height and fanout constraints described in the
201  // [CreateFolder][google.cloud.resourcemanager.v2.Folders.CreateFolder] documentation.
202  // The caller must have `resourcemanager.folders.undelete` permission on the
203  // identified folder.
204  rpc UndeleteFolder(UndeleteFolderRequest) returns (Folder) {
205    option (google.api.http) = {
206      post: "/v2/{name=folders/*}:undelete"
207      body: "*"
208    };
209    option (google.api.method_signature) = "name";
210  }
211
212  // Gets the access control policy for a Folder. The returned policy may be
213  // empty if no such policy or resource exists. The `resource` field should
214  // be the Folder's resource name, e.g. "folders/1234".
215  // The caller must have `resourcemanager.folders.getIamPolicy` permission
216  // on the identified folder.
217  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
218    option (google.api.http) = {
219      post: "/v2/{resource=folders/*}:getIamPolicy"
220      body: "*"
221    };
222    option (google.api.method_signature) = "resource";
223  }
224
225  // Sets the access control policy on a Folder, replacing any existing policy.
226  // The `resource` field should be the Folder's resource name, e.g.
227  // "folders/1234".
228  // The caller must have `resourcemanager.folders.setIamPolicy` permission
229  // on the identified folder.
230  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
231    option (google.api.http) = {
232      post: "/v2/{resource=folders/*}:setIamPolicy"
233      body: "*"
234    };
235    option (google.api.method_signature) = "resource,policy";
236  }
237
238  // Returns permissions that a caller has on the specified Folder.
239  // The `resource` field should be the Folder's resource name,
240  // e.g. "folders/1234".
241  //
242  // There are no permissions required for making this API call.
243  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
244    option (google.api.http) = {
245      post: "/v2/{resource=folders/*}:testIamPermissions"
246      body: "*"
247    };
248    option (google.api.method_signature) = "resource,permissions";
249  }
250}
251
252// A Folder in an Organization's resource hierarchy, used to
253// organize that Organization's resources.
254message Folder {
255  option (google.api.resource) = {
256    type: "cloudresourcemanager.googleapis.com/Folder"
257    pattern: "folders/{folder}"
258  };
259
260  // Folder lifecycle states.
261  enum LifecycleState {
262    // Unspecified state.
263    LIFECYCLE_STATE_UNSPECIFIED = 0;
264
265    // The normal and active state.
266    ACTIVE = 1;
267
268    // The folder has been marked for deletion by the user.
269    DELETE_REQUESTED = 2;
270  }
271
272  // Output only. The resource name of the Folder.
273  // Its format is `folders/{folder_id}`, for example: "folders/1234".
274  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
275
276  // Required. The Folder’s parent's resource name.
277  // Updates to the folder's parent must be performed via
278  // [MoveFolder][google.cloud.resourcemanager.v2.Folders.MoveFolder].
279  string parent = 2 [(google.api.field_behavior) = REQUIRED];
280
281  // The folder’s display name.
282  // A folder’s display name must be unique amongst its siblings, e.g.
283  // no two folders with the same parent can share the same display name.
284  // The display name must start and end with a letter or digit, may contain
285  // letters, digits, spaces, hyphens and underscores and can be no longer
286  // than 30 characters. This is captured by the regular expression:
287  // [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
288  string display_name = 3;
289
290  // Output only. The lifecycle state of the folder.
291  // Updates to the lifecycle_state must be performed via
292  // [DeleteFolder][google.cloud.resourcemanager.v2.Folders.DeleteFolder] and
293  // [UndeleteFolder][google.cloud.resourcemanager.v2.Folders.UndeleteFolder].
294  LifecycleState lifecycle_state = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
295
296  // Output only. Timestamp when the Folder was created. Assigned by the server.
297  google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
298
299  // Output only. Timestamp when the Folder was last modified.
300  google.protobuf.Timestamp update_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
301}
302
303// The ListFolders request message.
304message ListFoldersRequest {
305  // Required. The resource name of the Organization or Folder whose Folders are
306  // being listed.
307  // Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
308  // Access to this method is controlled by checking the
309  // `resourcemanager.folders.list` permission on the `parent`.
310  string parent = 1 [
311    (google.api.field_behavior) = REQUIRED,
312    (google.api.resource_reference) = {
313      child_type: "*"
314    }
315  ];
316
317  // Optional. The maximum number of Folders to return in the response.
318  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
319
320  // Optional. A pagination token returned from a previous call to `ListFolders`
321  // that indicates where this listing should continue from.
322  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
323
324  // Optional. Controls whether Folders in the
325  // [DELETE_REQUESTED][google.cloud.resourcemanager.v2.Folder.LifecycleState.DELETE_REQUESTED]
326  // state should be returned. Defaults to false.
327  bool show_deleted = 4 [(google.api.field_behavior) = OPTIONAL];
328}
329
330// The ListFolders response message.
331message ListFoldersResponse {
332  // A possibly paginated list of Folders that are direct descendants of
333  // the specified parent resource.
334  repeated Folder folders = 1;
335
336  // A pagination token returned from a previous call to `ListFolders`
337  // that indicates from where listing should continue.
338  string next_page_token = 2;
339}
340
341// The request message for searching folders.
342message SearchFoldersRequest {
343  // Optional. The maximum number of folders to return in the response.
344  int32 page_size = 1 [(google.api.field_behavior) = OPTIONAL];
345
346  // Optional. A pagination token returned from a previous call to `SearchFolders`
347  // that indicates from where search should continue.
348  string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
349
350  // Search criteria used to select the Folders to return.
351  // If no search criteria is specified then all accessible folders will be
352  // returned.
353  //
354  // Query expressions can be used to restrict results based upon displayName,
355  // lifecycleState and parent, where the operators `=`, `NOT`, `AND` and `OR`
356  // can be used along with the suffix wildcard symbol `*`.
357  //
358  // The displayName field in a query expression should use escaped quotes
359  // for values that include whitespace to prevent unexpected behavior.
360  //
361  // Some example queries are:
362  //
363  // * Query `displayName=Test*` returns Folder resources whose display name
364  // starts with "Test".
365  // * Query `lifecycleState=ACTIVE` returns Folder resources with
366  // `lifecycleState` set to `ACTIVE`.
367  // * Query `parent=folders/123` returns Folder resources that have
368  // `folders/123` as a parent resource.
369  // * Query `parent=folders/123 AND lifecycleState=ACTIVE` returns active
370  // Folder resources that have `folders/123` as a parent resource.
371  // * Query `displayName=\\"Test String\\"` returns Folder resources with
372  // display names that include both "Test" and "String".
373  string query = 3;
374}
375
376// The response message for searching folders.
377message SearchFoldersResponse {
378  // A possibly paginated folder search results.
379  // the specified parent resource.
380  repeated Folder folders = 1;
381
382  // A pagination token returned from a previous call to `SearchFolders`
383  // that indicates from where searching should continue.
384  string next_page_token = 2;
385}
386
387// The GetFolder request message.
388message GetFolderRequest {
389  // Required. The resource name of the Folder to retrieve.
390  // Must be of the form `folders/{folder_id}`.
391  string name = 1 [
392    (google.api.field_behavior) = REQUIRED,
393    (google.api.resource_reference) = {
394      type: "cloudresourcemanager.googleapis.com/Folder"
395    }
396  ];
397}
398
399// The CreateFolder request message.
400message CreateFolderRequest {
401  // Required. The resource name of the new Folder's parent.
402  // Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
403  string parent = 1 [
404    (google.api.field_behavior) = REQUIRED,
405    (google.api.resource_reference) = {
406      child_type: "*"
407    }
408  ];
409
410  // Required. The Folder being created, only the display name will be consulted.
411  // All other fields will be ignored.
412  Folder folder = 2 [(google.api.field_behavior) = REQUIRED];
413}
414
415// The MoveFolder request message.
416message MoveFolderRequest {
417  // Required. The resource name of the Folder to move.
418  // Must be of the form folders/{folder_id}
419  string name = 1 [
420    (google.api.field_behavior) = REQUIRED,
421    (google.api.resource_reference) = {
422      type: "cloudresourcemanager.googleapis.com/Folder"
423    }
424  ];
425
426  // Required. The resource name of the Folder or Organization to reparent
427  // the folder under.
428  // Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
429  string destination_parent = 2 [
430    (google.api.field_behavior) = REQUIRED,
431    (google.api.resource_reference) = {
432      child_type: "*"
433    }
434  ];
435}
436
437// The request message for updating a folder's display name.
438message UpdateFolderRequest {
439  // Required. The new definition of the Folder. It must include a
440  // a `name` and `display_name` field. The other fields
441  // will be ignored.
442  Folder folder = 1 [(google.api.field_behavior) = REQUIRED];
443
444  // Required. Fields to be updated.
445  // Only the `display_name` can be updated.
446  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
447}
448
449// The DeleteFolder request message.
450message DeleteFolderRequest {
451  // Required. The resource name of the Folder to be deleted.
452  // Must be of the form `folders/{folder_id}`.
453  string name = 1 [
454    (google.api.field_behavior) = REQUIRED,
455    (google.api.resource_reference) = {
456      type: "cloudresourcemanager.googleapis.com/Folder"
457    }
458  ];
459
460  // Instructs DeleteFolderAction to delete a folder even when the folder is not
461  // empty.
462  bool recursive_delete = 2;
463}
464
465// The UndeleteFolder request message.
466message UndeleteFolderRequest {
467  // Required. The resource name of the Folder to undelete.
468  // Must be of the form `folders/{folder_id}`.
469  string name = 1 [
470    (google.api.field_behavior) = REQUIRED,
471    (google.api.resource_reference) = {
472      type: "cloudresourcemanager.googleapis.com/Folder"
473    }
474  ];
475}
476
477// Metadata describing a long running folder operation
478message FolderOperation {
479  // The type of operation that failed.
480  enum OperationType {
481    // Operation type not specified.
482    OPERATION_TYPE_UNSPECIFIED = 0;
483
484    // A create folder operation.
485    CREATE = 1;
486
487    // A move folder operation.
488    MOVE = 2;
489  }
490
491  // The display name of the folder.
492  string display_name = 1;
493
494  // The type of this operation.
495  OperationType operation_type = 2;
496
497  // The resource name of the folder's parent.
498  // Only applicable when the operation_type is MOVE.
499  string source_parent = 3;
500
501  // The resource name of the folder or organization we are either creating
502  // the folder under or moving the folder to.
503  string destination_parent = 4;
504}
505