1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.monitoring.v3; 18 19import "google/api/field_behavior.proto"; 20import "google/api/monitored_resource.proto"; 21import "google/api/resource.proto"; 22import "google/protobuf/duration.proto"; 23 24option csharp_namespace = "Google.Cloud.Monitoring.V3"; 25option go_package = "cloud.google.com/go/monitoring/apiv3/v2/monitoringpb;monitoringpb"; 26option java_multiple_files = true; 27option java_outer_classname = "UptimeProto"; 28option java_package = "com.google.monitoring.v3"; 29option php_namespace = "Google\\Cloud\\Monitoring\\V3"; 30option ruby_package = "Google::Cloud::Monitoring::V3"; 31option (google.api.resource_definition) = { 32 type: "cloudfunctions.googleapis.com/Function" 33 pattern: "projects/{project}/locations/{location}/functions/{function}" 34}; 35 36// An internal checker allows Uptime checks to run on private/internal GCP 37// resources. 38message InternalChecker { 39 option deprecated = true; 40 41 // Operational states for an internal checker. 42 enum State { 43 // An internal checker should never be in the unspecified state. 44 UNSPECIFIED = 0; 45 46 // The checker is being created, provisioned, and configured. A checker in 47 // this state can be returned by `ListInternalCheckers` or 48 // `GetInternalChecker`, as well as by examining the [long running 49 // Operation](https://cloud.google.com/apis/design/design_patterns#long_running_operations) 50 // that created it. 51 CREATING = 1; 52 53 // The checker is running and available for use. A checker in this state 54 // can be returned by `ListInternalCheckers` or `GetInternalChecker` as 55 // well as by examining the [long running 56 // Operation](https://cloud.google.com/apis/design/design_patterns#long_running_operations) 57 // that created it. 58 // If a checker is being torn down, it is neither visible nor usable, so 59 // there is no "deleting" or "down" state. 60 RUNNING = 2; 61 } 62 63 // A unique resource name for this InternalChecker. The format is: 64 // 65 // projects/[PROJECT_ID_OR_NUMBER]/internalCheckers/[INTERNAL_CHECKER_ID] 66 // 67 // `[PROJECT_ID_OR_NUMBER]` is the Cloud Monitoring Metrics Scope project for 68 // the Uptime check config associated with the internal checker. 69 string name = 1; 70 71 // The checker's human-readable name. The display name 72 // should be unique within a Cloud Monitoring Metrics Scope in order to make 73 // it easier to identify; however, uniqueness is not enforced. 74 string display_name = 2; 75 76 // The [GCP VPC network](https://cloud.google.com/vpc/docs/vpc) where the 77 // internal resource lives (ex: "default"). 78 string network = 3; 79 80 // The GCP zone the Uptime check should egress from. Only respected for 81 // internal Uptime checks, where internal_network is specified. 82 string gcp_zone = 4; 83 84 // The GCP project ID where the internal checker lives. Not necessary 85 // the same as the Metrics Scope project. 86 string peer_project_id = 6; 87 88 // The current operational state of the internal checker. 89 State state = 7; 90} 91 92// Describes a Synthetic Monitor to be invoked by Uptime. 93message SyntheticMonitorTarget { 94 // A Synthetic Monitor deployed to a Cloud Functions V2 instance. 95 message CloudFunctionV2Target { 96 // Required. Fully qualified GCFv2 resource name 97 // i.e. `projects/{project}/locations/{location}/functions/{function}` 98 // Required. 99 string name = 1 [ 100 (google.api.field_behavior) = REQUIRED, 101 (google.api.resource_reference) = { 102 type: "cloudfunctions.googleapis.com/Function" 103 } 104 ]; 105 106 // Output only. The `cloud_run_revision` Monitored Resource associated with 107 // the GCFv2. The Synthetic Monitor execution results (metrics, logs, and 108 // spans) are reported against this Monitored Resource. This field is output 109 // only. 110 google.api.MonitoredResource cloud_run_revision = 2 111 [(google.api.field_behavior) = OUTPUT_ONLY]; 112 } 113 114 // Specifies a Synthetic Monitor's execution stack. 115 oneof target { 116 // Target a Synthetic Monitor GCFv2 instance. 117 CloudFunctionV2Target cloud_function_v2 = 1; 118 } 119} 120 121// This message configures which resources and services to monitor for 122// availability. 123message UptimeCheckConfig { 124 option (google.api.resource) = { 125 type: "monitoring.googleapis.com/UptimeCheckConfig" 126 pattern: "projects/{project}/uptimeCheckConfigs/{uptime_check_config}" 127 pattern: "organizations/{organization}/uptimeCheckConfigs/{uptime_check_config}" 128 pattern: "folders/{folder}/uptimeCheckConfigs/{uptime_check_config}" 129 pattern: "*" 130 }; 131 132 // The resource submessage for group checks. It can be used instead of a 133 // monitored resource, when multiple resources are being monitored. 134 message ResourceGroup { 135 // The group of resources being monitored. Should be only the `[GROUP_ID]`, 136 // and not the full-path 137 // `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. 138 string group_id = 1; 139 140 // The resource type of the group members. 141 GroupResourceType resource_type = 2; 142 } 143 144 // Information involved in sending ICMP pings alongside public HTTP/TCP 145 // checks. For HTTP, the pings are performed for each part of the redirect 146 // chain. 147 message PingConfig { 148 // Number of ICMP pings. A maximum of 3 ICMP pings is currently supported. 149 int32 pings_count = 1; 150 } 151 152 // Information involved in an HTTP/HTTPS Uptime check request. 153 message HttpCheck { 154 // The HTTP request method options. 155 enum RequestMethod { 156 // No request method specified. 157 METHOD_UNSPECIFIED = 0; 158 159 // GET request. 160 GET = 1; 161 162 // POST request. 163 POST = 2; 164 } 165 166 // The authentication parameters to provide to the specified resource or 167 // URL that requires a username and password. Currently, only 168 // [Basic HTTP authentication](https://tools.ietf.org/html/rfc7617) is 169 // supported in Uptime checks. 170 message BasicAuthentication { 171 // The username to use when authenticating with the HTTP server. 172 string username = 1; 173 174 // The password to use when authenticating with the HTTP server. 175 string password = 2; 176 } 177 178 // Header options corresponding to the content type of a HTTP request body. 179 enum ContentType { 180 // No content type specified. 181 TYPE_UNSPECIFIED = 0; 182 183 // `body` is in URL-encoded form. Equivalent to setting the `Content-Type` 184 // to `application/x-www-form-urlencoded` in the HTTP request. 185 URL_ENCODED = 1; 186 187 // `body` is in `custom_content_type` form. Equivalent to setting the 188 // `Content-Type` to the contents of `custom_content_type` in the HTTP 189 // request. 190 USER_PROVIDED = 2; 191 } 192 193 // A status to accept. Either a status code class like "2xx", or an integer 194 // status code like "200". 195 message ResponseStatusCode { 196 // An HTTP status code class. 197 enum StatusClass { 198 // Default value that matches no status codes. 199 STATUS_CLASS_UNSPECIFIED = 0; 200 201 // The class of status codes between 100 and 199. 202 STATUS_CLASS_1XX = 100; 203 204 // The class of status codes between 200 and 299. 205 STATUS_CLASS_2XX = 200; 206 207 // The class of status codes between 300 and 399. 208 STATUS_CLASS_3XX = 300; 209 210 // The class of status codes between 400 and 499. 211 STATUS_CLASS_4XX = 400; 212 213 // The class of status codes between 500 and 599. 214 STATUS_CLASS_5XX = 500; 215 216 // The class of all status codes. 217 STATUS_CLASS_ANY = 1000; 218 } 219 220 // Either a specific value or a class of status codes. 221 oneof status_code { 222 // A status code to accept. 223 int32 status_value = 1; 224 225 // A class of status codes to accept. 226 StatusClass status_class = 2; 227 } 228 } 229 230 // Contains information needed for generating an 231 // [OpenID Connect 232 // token](https://developers.google.com/identity/protocols/OpenIDConnect). 233 // The OIDC token will be generated for the Monitoring service agent service 234 // account. 235 message ServiceAgentAuthentication { 236 // Type of authentication. 237 enum ServiceAgentAuthenticationType { 238 // Default value, will result in OIDC Authentication. 239 SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED = 0; 240 241 // OIDC Authentication 242 OIDC_TOKEN = 1; 243 } 244 245 // Type of authentication. 246 ServiceAgentAuthenticationType type = 1; 247 } 248 249 // The HTTP request method to use for the check. If set to 250 // `METHOD_UNSPECIFIED` then `request_method` defaults to `GET`. 251 RequestMethod request_method = 8; 252 253 // If `true`, use HTTPS instead of HTTP to run the check. 254 bool use_ssl = 1; 255 256 // Optional (defaults to "/"). The path to the page against which to run 257 // the check. Will be combined with the `host` (specified within the 258 // `monitored_resource`) and `port` to construct the full URL. If the 259 // provided path does not begin with "/", a "/" will be prepended 260 // automatically. 261 string path = 2; 262 263 // Optional (defaults to 80 when `use_ssl` is `false`, and 443 when 264 // `use_ssl` is `true`). The TCP port on the HTTP server against which to 265 // run the check. Will be combined with host (specified within the 266 // `monitored_resource`) and `path` to construct the full URL. 267 int32 port = 3; 268 269 // The authentication information. Optional when creating an HTTP check; 270 // defaults to empty. 271 // Do not set both `auth_method` and `auth_info`. 272 BasicAuthentication auth_info = 4; 273 274 // Boolean specifying whether to encrypt the header information. 275 // Encryption should be specified for any headers related to authentication 276 // that you do not wish to be seen when retrieving the configuration. The 277 // server will be responsible for encrypting the headers. 278 // On Get/List calls, if `mask_headers` is set to `true` then the headers 279 // will be obscured with `******.` 280 bool mask_headers = 5; 281 282 // The list of headers to send as part of the Uptime check request. 283 // If two headers have the same key and different values, they should 284 // be entered as a single header, with the value being a comma-separated 285 // list of all the desired values as described at 286 // https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). 287 // Entering two separate headers with the same key in a Create call will 288 // cause the first to be overwritten by the second. 289 // The maximum number of headers allowed is 100. 290 map<string, string> headers = 6; 291 292 // The content type header to use for the check. The following 293 // configurations result in errors: 294 // 1. Content type is specified in both the `headers` field and the 295 // `content_type` field. 296 // 2. Request method is `GET` and `content_type` is not `TYPE_UNSPECIFIED` 297 // 3. Request method is `POST` and `content_type` is `TYPE_UNSPECIFIED`. 298 // 4. Request method is `POST` and a "Content-Type" header is provided via 299 // `headers` field. The `content_type` field should be used instead. 300 ContentType content_type = 9; 301 302 // A user provided content type header to use for the check. The invalid 303 // configurations outlined in the `content_type` field apply to 304 // `custom_content_type`, as well as the following: 305 // 1. `content_type` is `URL_ENCODED` and `custom_content_type` is set. 306 // 2. `content_type` is `USER_PROVIDED` and `custom_content_type` is not 307 // set. 308 string custom_content_type = 13; 309 310 // Boolean specifying whether to include SSL certificate validation as a 311 // part of the Uptime check. Only applies to checks where 312 // `monitored_resource` is set to `uptime_url`. If `use_ssl` is `false`, 313 // setting `validate_ssl` to `true` has no effect. 314 bool validate_ssl = 7; 315 316 // The request body associated with the HTTP POST request. If `content_type` 317 // is `URL_ENCODED`, the body passed in must be URL-encoded. Users can 318 // provide a `Content-Length` header via the `headers` field or the API will 319 // do so. If the `request_method` is `GET` and `body` is not empty, the API 320 // will return an error. The maximum byte size is 1 megabyte. 321 // 322 // Note: If client libraries aren't used (which performs the conversion 323 // automatically) base64 encode your `body` data since the field is of 324 // `bytes` type. 325 bytes body = 10; 326 327 // If present, the check will only pass if the HTTP response status code is 328 // in this set of status codes. If empty, the HTTP status code will only 329 // pass if the HTTP status code is 200-299. 330 repeated ResponseStatusCode accepted_response_status_codes = 11; 331 332 // Contains information needed to add pings to an HTTP check. 333 PingConfig ping_config = 12; 334 335 // This field is optional and should be set only by users interested in 336 // an authenticated uptime check. 337 // Do not set both `auth_method` and `auth_info`. 338 oneof auth_method { 339 // If specified, Uptime will generate and attach an OIDC JWT token for the 340 // Monitoring service agent service account as an `Authorization` header 341 // in the HTTP request when probing. 342 ServiceAgentAuthentication service_agent_authentication = 14; 343 } 344 } 345 346 // Information required for a TCP Uptime check request. 347 message TcpCheck { 348 // The TCP port on the server against which to run the check. Will be 349 // combined with host (specified within the `monitored_resource`) to 350 // construct the full URL. Required. 351 int32 port = 1; 352 353 // Contains information needed to add pings to a TCP check. 354 PingConfig ping_config = 2; 355 } 356 357 // Optional. Used to perform content matching. This allows matching based on 358 // substrings and regular expressions, together with their negations. Only the 359 // first 4 MB of an HTTP or HTTPS check's response (and the first 360 // 1 MB of a TCP check's response) are examined for purposes of content 361 // matching. 362 message ContentMatcher { 363 // Options to perform content matching. 364 enum ContentMatcherOption { 365 // No content matcher type specified (maintained for backward 366 // compatibility, but deprecated for future use). 367 // Treated as `CONTAINS_STRING`. 368 CONTENT_MATCHER_OPTION_UNSPECIFIED = 0; 369 370 // Selects substring matching. The match succeeds if the output contains 371 // the `content` string. This is the default value for checks without 372 // a `matcher` option, or where the value of `matcher` is 373 // `CONTENT_MATCHER_OPTION_UNSPECIFIED`. 374 CONTAINS_STRING = 1; 375 376 // Selects negation of substring matching. The match succeeds if the 377 // output does _NOT_ contain the `content` string. 378 NOT_CONTAINS_STRING = 2; 379 380 // Selects regular-expression matching. The match succeeds if the output 381 // matches the regular expression specified in the `content` string. 382 // Regex matching is only supported for HTTP/HTTPS checks. 383 MATCHES_REGEX = 3; 384 385 // Selects negation of regular-expression matching. The match succeeds if 386 // the output does _NOT_ match the regular expression specified in the 387 // `content` string. Regex matching is only supported for HTTP/HTTPS 388 // checks. 389 NOT_MATCHES_REGEX = 4; 390 391 // Selects JSONPath matching. See `JsonPathMatcher` for details on when 392 // the match succeeds. JSONPath matching is only supported for HTTP/HTTPS 393 // checks. 394 MATCHES_JSON_PATH = 5; 395 396 // Selects JSONPath matching. See `JsonPathMatcher` for details on when 397 // the match succeeds. Succeeds when output does _NOT_ match as specified. 398 // JSONPath is only supported for HTTP/HTTPS checks. 399 NOT_MATCHES_JSON_PATH = 6; 400 } 401 402 // Information needed to perform a JSONPath content match. 403 // Used for `ContentMatcherOption::MATCHES_JSON_PATH` and 404 // `ContentMatcherOption::NOT_MATCHES_JSON_PATH`. 405 message JsonPathMatcher { 406 // Options to perform JSONPath content matching. 407 enum JsonPathMatcherOption { 408 // No JSONPath matcher type specified (not valid). 409 JSON_PATH_MATCHER_OPTION_UNSPECIFIED = 0; 410 411 // Selects 'exact string' matching. The match succeeds if the content at 412 // the `json_path` within the output is exactly the same as the 413 // `content` string. 414 EXACT_MATCH = 1; 415 416 // Selects regular-expression matching. The match succeeds if the 417 // content at the `json_path` within the output matches the regular 418 // expression specified in the `content` string. 419 REGEX_MATCH = 2; 420 } 421 422 // JSONPath within the response output pointing to the expected 423 // `ContentMatcher::content` to match against. 424 string json_path = 1; 425 426 // The type of JSONPath match that will be applied to the JSON output 427 // (`ContentMatcher.content`) 428 JsonPathMatcherOption json_matcher = 2; 429 } 430 431 // String, regex or JSON content to match. Maximum 1024 bytes. An empty 432 // `content` string indicates no content matching is to be performed. 433 string content = 1; 434 435 // The type of content matcher that will be applied to the server output, 436 // compared to the `content` string when the check is run. 437 ContentMatcherOption matcher = 2; 438 439 // Certain `ContentMatcherOption` types require additional information. 440 // `MATCHES_JSON_PATH` or `NOT_MATCHES_JSON_PATH` require a 441 // `JsonPathMatcher`; not used for other options. 442 oneof additional_matcher_info { 443 // Matcher information for `MATCHES_JSON_PATH` and `NOT_MATCHES_JSON_PATH` 444 JsonPathMatcher json_path_matcher = 3; 445 } 446 } 447 448 // What kind of checkers are available to be used by the check. 449 enum CheckerType { 450 // The default checker type. Currently converted to `STATIC_IP_CHECKERS` 451 // on creation, the default conversion behavior may change in the future. 452 CHECKER_TYPE_UNSPECIFIED = 0; 453 454 // `STATIC_IP_CHECKERS` are used for uptime checks that perform egress 455 // across the public internet. `STATIC_IP_CHECKERS` use the static IP 456 // addresses returned by `ListUptimeCheckIps`. 457 STATIC_IP_CHECKERS = 1; 458 459 // `VPC_CHECKERS` are used for uptime checks that perform egress using 460 // Service Directory and private network access. When using `VPC_CHECKERS`, 461 // the monitored resource type must be `servicedirectory_service`. 462 VPC_CHECKERS = 3; 463 } 464 465 // Identifier. A unique resource name for this Uptime check configuration. The 466 // format is: 467 // 468 // projects/[PROJECT_ID_OR_NUMBER]/uptimeCheckConfigs/[UPTIME_CHECK_ID] 469 // 470 // `[PROJECT_ID_OR_NUMBER]` is the Workspace host project associated with the 471 // Uptime check. 472 // 473 // This field should be omitted when creating the Uptime check configuration; 474 // on create, the resource name is assigned by the server and included in the 475 // response. 476 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 477 478 // A human-friendly name for the Uptime check configuration. The display name 479 // should be unique within a Cloud Monitoring Workspace in order to make it 480 // easier to identify; however, uniqueness is not enforced. Required. 481 string display_name = 2; 482 483 // The resource the check is checking. Required. 484 oneof resource { 485 // The [monitored 486 // resource](https://cloud.google.com/monitoring/api/resources) associated 487 // with the configuration. 488 // The following monitored resource types are valid for this field: 489 // `uptime_url`, 490 // `gce_instance`, 491 // `gae_app`, 492 // `aws_ec2_instance`, 493 // `aws_elb_load_balancer` 494 // `k8s_service` 495 // `servicedirectory_service` 496 // `cloud_run_revision` 497 google.api.MonitoredResource monitored_resource = 3; 498 499 // The group resource associated with the configuration. 500 ResourceGroup resource_group = 4; 501 502 // Specifies a Synthetic Monitor to invoke. 503 SyntheticMonitorTarget synthetic_monitor = 21; 504 } 505 506 // The type of Uptime check request. 507 oneof check_request_type { 508 // Contains information needed to make an HTTP or HTTPS check. 509 HttpCheck http_check = 5; 510 511 // Contains information needed to make a TCP check. 512 TcpCheck tcp_check = 6; 513 } 514 515 // How often, in seconds, the Uptime check is performed. 516 // Currently, the only supported values are `60s` (1 minute), `300s` 517 // (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, 518 // defaults to `60s`. 519 google.protobuf.Duration period = 7; 520 521 // The maximum amount of time to wait for the request to complete (must be 522 // between 1 and 60 seconds). Required. 523 google.protobuf.Duration timeout = 8; 524 525 // The content that is expected to appear in the data returned by the target 526 // server against which the check is run. Currently, only the first entry 527 // in the `content_matchers` list is supported, and additional entries will 528 // be ignored. This field is optional and should only be specified if a 529 // content match is required as part of the/ Uptime check. 530 repeated ContentMatcher content_matchers = 9; 531 532 // The type of checkers to use to execute the Uptime check. 533 CheckerType checker_type = 17; 534 535 // The list of regions from which the check will be run. 536 // Some regions contain one location, and others contain more than one. 537 // If this field is specified, enough regions must be provided to include a 538 // minimum of 3 locations. Not specifying this field will result in Uptime 539 // checks running from all available regions. 540 repeated UptimeCheckRegion selected_regions = 10; 541 542 // If this is `true`, then checks are made only from the 'internal_checkers'. 543 // If it is `false`, then checks are made only from the 'selected_regions'. 544 // It is an error to provide 'selected_regions' when is_internal is `true`, 545 // or to provide 'internal_checkers' when is_internal is `false`. 546 bool is_internal = 15 [deprecated = true]; 547 548 // The internal checkers that this check will egress from. If `is_internal` is 549 // `true` and this list is empty, the check will egress from all the 550 // InternalCheckers configured for the project that owns this 551 // `UptimeCheckConfig`. 552 repeated InternalChecker internal_checkers = 14 [deprecated = true]; 553 554 // User-supplied key/value data to be used for organizing and 555 // identifying the `UptimeCheckConfig` objects. 556 // 557 // The field can contain up to 64 entries. Each key and value is limited to 558 // 63 Unicode characters or 128 bytes, whichever is smaller. Labels and 559 // values can contain only lowercase letters, numerals, underscores, and 560 // dashes. Keys must begin with a letter. 561 map<string, string> user_labels = 20; 562} 563 564// Contains the region, location, and list of IP 565// addresses where checkers in the location run from. 566message UptimeCheckIp { 567 // A broad region category in which the IP address is located. 568 UptimeCheckRegion region = 1; 569 570 // A more specific location within the region that typically encodes 571 // a particular city/town/metro (and its containing state/province or country) 572 // within the broader umbrella region category. 573 string location = 2; 574 575 // The IP address from which the Uptime check originates. This is a fully 576 // specified IP address (not an IP address range). Most IP addresses, as of 577 // this publication, are in IPv4 format; however, one should not rely on the 578 // IP addresses being in IPv4 format indefinitely, and should support 579 // interpreting this field in either IPv4 or IPv6 format. 580 string ip_address = 3; 581} 582 583// The regions from which an Uptime check can be run. 584enum UptimeCheckRegion { 585 // Default value if no region is specified. Will result in Uptime checks 586 // running from all regions. 587 REGION_UNSPECIFIED = 0; 588 589 // Allows checks to run from locations within the United States of America. 590 USA = 1; 591 592 // Allows checks to run from locations within the continent of Europe. 593 EUROPE = 2; 594 595 // Allows checks to run from locations within the continent of South 596 // America. 597 SOUTH_AMERICA = 3; 598 599 // Allows checks to run from locations within the Asia Pacific area (ex: 600 // Singapore). 601 ASIA_PACIFIC = 4; 602 603 // Allows checks to run from locations within the western United States of 604 // America 605 USA_OREGON = 5; 606 607 // Allows checks to run from locations within the central United States of 608 // America 609 USA_IOWA = 6; 610 611 // Allows checks to run from locations within the eastern United States of 612 // America 613 USA_VIRGINIA = 7; 614} 615 616// The supported resource types that can be used as values of 617// `group_resource.resource_type`. 618// `INSTANCE` includes `gce_instance` and `aws_ec2_instance` resource types. 619// The resource types `gae_app` and `uptime_url` are not valid here because 620// group checks on App Engine modules and URLs are not allowed. 621enum GroupResourceType { 622 // Default value (not valid). 623 RESOURCE_TYPE_UNSPECIFIED = 0; 624 625 // A group of instances from Google Cloud Platform (GCP) or 626 // Amazon Web Services (AWS). 627 INSTANCE = 1; 628 629 // A group of Amazon ELB load balancers. 630 AWS_ELB_LOAD_BALANCER = 2; 631} 632