1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.storage.v1; 18 19import "google/protobuf/timestamp.proto"; 20import "google/protobuf/wrappers.proto"; 21 22option go_package = "google.golang.org/genproto/googleapis/storage/v1;storage"; 23option java_multiple_files = true; 24option java_outer_classname = "CloudStorageResourcesProto"; 25option java_package = "com.google.storage.v1"; 26 27// A bucket. 28message Bucket { 29 // Billing properties of a bucket. 30 message Billing { 31 // When set to true, Requester Pays is enabled for this bucket. 32 bool requester_pays = 1; 33 } 34 35 // Cross-Origin Response sharing (CORS) properties for a bucket. 36 // For more on GCS and CORS, see 37 // https://cloud.google.com/storage/docs/cross-origin. 38 // For more on CORS in general, see https://tools.ietf.org/html/rfc6454. 39 message Cors { 40 // The list of Origins eligible to receive CORS response headers. See 41 // [https://tools.ietf.org/html/rfc6454][RFC 6454] for more on origins. 42 // Note: "*" is permitted in the list of origins, and means "any Origin". 43 repeated string origin = 1; 44 45 // The list of HTTP methods on which to include CORS response headers, 46 // (`GET`, `OPTIONS`, `POST`, etc) Note: "*" is permitted in the list of 47 // methods, and means "any method". 48 repeated string method = 2; 49 50 // The list of HTTP headers other than the 51 // [https://www.w3.org/TR/cors/#simple-response-header][simple response 52 // headers] to give permission for the user-agent to share across domains. 53 repeated string response_header = 3; 54 55 // The value, in seconds, to return in the 56 // [https://www.w3.org/TR/cors/#access-control-max-age-response-header][Access-Control-Max-Age 57 // header] used in preflight responses. 58 int32 max_age_seconds = 4; 59 } 60 61 // Encryption properties of a bucket. 62 message Encryption { 63 // A Cloud KMS key that will be used to encrypt objects inserted into this 64 // bucket, if no encryption method is specified. 65 string default_kms_key_name = 1; 66 } 67 68 // Bucket restriction options currently enforced on the bucket. 69 message IamConfiguration { 70 message UniformBucketLevelAccess { 71 // If set, access checks only use bucket-level IAM policies or above. 72 bool enabled = 1; 73 74 // The deadline time for changing 75 // <code>iamConfiguration.uniformBucketLevelAccess.enabled</code> from 76 // true to false in [https://tools.ietf.org/html/rfc3339][RFC 3339]. After 77 // the deadline is passed the field is immutable. 78 google.protobuf.Timestamp locked_time = 2; 79 } 80 81 // Public Access Prevention configuration values. 82 enum PublicAccessPrevention { 83 // No specified PublicAccessPrevention. 84 PUBLIC_ACCESS_PREVENTION_UNSPECIFIED = 0; 85 86 // Prevents access from being granted to public members 'allUsers' and 87 // 'allAuthenticatedUsers'. Prevents attempts to grant new access to 88 // public members. 89 ENFORCED = 1; 90 91 // This setting is inherited from Org Policy. Does not prevent access from 92 // being granted to public members 'allUsers' or 'allAuthenticatedUsers'. 93 INHERITED = 2; 94 } 95 96 UniformBucketLevelAccess uniform_bucket_level_access = 1; 97 98 // Whether IAM will enforce public access prevention. 99 PublicAccessPrevention public_access_prevention = 2; 100 } 101 102 // Lifecycle properties of a bucket. 103 // For more information, see https://cloud.google.com/storage/docs/lifecycle. 104 message Lifecycle { 105 // A lifecycle Rule, combining an action to take on an object and a 106 // condition which will trigger that action. 107 message Rule { 108 // An action to take on an object. 109 message Action { 110 // Type of the action. Currently, only `Delete`, `SetStorageClass`, and 111 // `AbortIncompleteMultipartUpload` are supported. 112 string type = 1; 113 114 // Target storage class. Required iff the type of the action is 115 // SetStorageClass. 116 string storage_class = 2; 117 } 118 119 // A condition of an object which triggers some action. 120 message Condition { 121 // Age of an object (in days). This condition is satisfied when an 122 // object reaches the specified age. 123 int32 age = 1; 124 125 // A date in [RFC 3339][1] format with only the date part (for 126 // instance, "2013-01-15"). This condition is satisfied when an 127 // object is created before midnight of the specified date in UTC. 128 // [1]: https://tools.ietf.org/html/rfc3339 129 google.protobuf.Timestamp created_before = 2; 130 131 // Relevant only for versioned objects. If the value is 132 // `true`, this condition matches live objects; if the value 133 // is `false`, it matches archived objects. 134 google.protobuf.BoolValue is_live = 3; 135 136 // Relevant only for versioned objects. If the value is N, this 137 // condition is satisfied when there are at least N versions (including 138 // the live version) newer than this version of the object. 139 int32 num_newer_versions = 4; 140 141 // Objects having any of the storage classes specified by this condition 142 // will be matched. Values include `MULTI_REGIONAL`, `REGIONAL`, 143 // `NEARLINE`, `COLDLINE`, `STANDARD`, and 144 // `DURABLE_REDUCED_AVAILABILITY`. 145 repeated string matches_storage_class = 5; 146 147 // A regular expression that satisfies the RE2 syntax. This condition is 148 // satisfied when the name of the object matches the RE2 pattern. Note: 149 // This feature is currently in the "Early Access" launch stage and is 150 // only available to an allowlisted set of users; that means that this 151 // feature may be changed in backward-incompatible ways and that it is 152 // not guaranteed to be released. 153 string matches_pattern = 6; 154 155 // Number of days that has elapsed since the custom timestamp set on an 156 // object. 157 int32 days_since_custom_time = 7; 158 159 // An object matches this condition if the custom timestamp set on the 160 // object is before this timestamp. 161 google.protobuf.Timestamp custom_time_before = 8; 162 163 // This condition is relevant only for versioned objects. An object 164 // version satisfies this condition only if these many days have been 165 // passed since it became noncurrent. The value of the field must be a 166 // nonnegative integer. If it's zero, the object version will become 167 // eligible for Lifecycle action as soon as it becomes noncurrent. 168 int32 days_since_noncurrent_time = 9; 169 170 // This condition is relevant only for versioned objects. An object 171 // version satisfies this condition only if it became noncurrent before 172 // the specified timestamp. 173 google.protobuf.Timestamp noncurrent_time_before = 10; 174 175 // List of object name prefixes. If any prefix exactly matches the 176 // beginning of the object name, the condition evaluates to true. 177 repeated string matches_prefix = 11; 178 179 // List of object name suffixes. If any suffix exactly matches the 180 // end of the object name, the condition evaluates to true. 181 repeated string matches_suffix = 12; 182 } 183 184 // The action to take. 185 Action action = 1; 186 187 // The condition(s) under which the action will be taken. 188 Condition condition = 2; 189 } 190 191 // A lifecycle management rule, which is made of an action to take and the 192 // condition(s) under which the action will be taken. 193 repeated Rule rule = 1; 194 } 195 196 // Logging-related properties of a bucket. 197 message Logging { 198 // The destination bucket where the current bucket's logs should be placed. 199 string log_bucket = 1; 200 201 // A prefix for log object names. 202 string log_object_prefix = 2; 203 } 204 205 // Retention policy properties of a bucket. 206 message RetentionPolicy { 207 // Server-determined value that indicates the time from which policy was 208 // enforced and effective. This value is in 209 // [https://tools.ietf.org/html/rfc3339][RFC 3339] format. 210 google.protobuf.Timestamp effective_time = 1; 211 212 // Once locked, an object retention policy cannot be modified. 213 bool is_locked = 2; 214 215 // The duration in seconds that objects need to be retained. Retention 216 // duration must be greater than zero and less than 100 years. Note that 217 // enforcement of retention periods less than a day is not guaranteed. Such 218 // periods should only be used for testing purposes. 219 int64 retention_period = 3; 220 } 221 222 // Properties of a bucket related to versioning. 223 // For more on GCS versioning, see 224 // https://cloud.google.com/storage/docs/object-versioning. 225 message Versioning { 226 // While set to true, versioning is fully enabled for this bucket. 227 bool enabled = 1; 228 } 229 230 // Properties of a bucket related to accessing the contents as a static 231 // website. For more on hosting a static website via GCS, see 232 // https://cloud.google.com/storage/docs/hosting-static-website. 233 message Website { 234 // If the requested object path is missing, the service will ensure the path 235 // has a trailing '/', append this suffix, and attempt to retrieve the 236 // resulting object. This allows the creation of `index.html` 237 // objects to represent directory pages. 238 string main_page_suffix = 1; 239 240 // If the requested object path is missing, and any 241 // `mainPageSuffix` object is missing, if applicable, the service 242 // will return the named object from this bucket as the content for a 243 // [https://tools.ietf.org/html/rfc7231#section-6.5.4][404 Not Found] 244 // result. 245 string not_found_page = 2; 246 } 247 248 // Configuration for a bucket's Autoclass feature. 249 message Autoclass { 250 // Enables Autoclass. 251 bool enabled = 1; 252 253 // Latest instant at which the `enabled` bit was flipped. 254 google.protobuf.Timestamp toggle_time = 2; 255 } 256 257 // Access controls on the bucket. 258 repeated BucketAccessControl acl = 1; 259 260 // Default access controls to apply to new objects when no ACL is provided. 261 repeated ObjectAccessControl default_object_acl = 2; 262 263 // The bucket's lifecycle configuration. See 264 // [https://developers.google.com/storage/docs/lifecycle]Lifecycle Management] 265 // for more information. 266 Lifecycle lifecycle = 3; 267 268 // The creation time of the bucket in 269 // [https://tools.ietf.org/html/rfc3339][RFC 3339] format. 270 // Attempting to set or update this field will result in a 271 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 272 google.protobuf.Timestamp time_created = 4; 273 274 // The ID of the bucket. For buckets, the `id` and `name` properties are the 275 // same. 276 // Attempting to update this field after the bucket is created will result in 277 // a [FieldViolation][google.rpc.BadRequest.FieldViolation]. 278 string id = 5; 279 280 // The name of the bucket. 281 // Attempting to update this field after the bucket is created will result in 282 // an error. 283 string name = 6; 284 285 // The project number of the project the bucket belongs to. 286 // Attempting to set or update this field will result in a 287 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 288 int64 project_number = 7; 289 290 // The metadata generation of this bucket. 291 // Attempting to set or update this field will result in a 292 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 293 int64 metageneration = 8; 294 295 // The bucket's [https://www.w3.org/TR/cors/][Cross-Origin Resource Sharing] 296 // (CORS) configuration. 297 repeated Cors cors = 9; 298 299 // The location of the bucket. Object data for objects in the bucket resides 300 // in physical storage within this region. Defaults to `US`. See the 301 // [https://developers.google.com/storage/docs/concepts-techniques#specifyinglocations"][developer's 302 // guide] for the authoritative list. Attempting to update this field after 303 // the bucket is created will result in an error. 304 string location = 10; 305 306 // The bucket's default storage class, used whenever no storageClass is 307 // specified for a newly-created object. This defines how objects in the 308 // bucket are stored and determines the SLA and the cost of storage. 309 // If this value is not specified when the bucket is created, it will default 310 // to `STANDARD`. For more information, see 311 // https://developers.google.com/storage/docs/storage-classes. 312 string storage_class = 11; 313 314 // HTTP 1.1 [https://tools.ietf.org/html/rfc7232#section-2.3"]Entity tag] 315 // for the bucket. 316 // Attempting to set or update this field will result in a 317 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 318 string etag = 12; 319 320 // The modification time of the bucket. 321 // Attempting to set or update this field will result in a 322 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 323 google.protobuf.Timestamp updated = 13; 324 325 // The default value for event-based hold on newly created objects in this 326 // bucket. Event-based hold is a way to retain objects indefinitely until an 327 // event occurs, signified by the 328 // hold's release. After being released, such objects will be subject to 329 // bucket-level retention (if any). One sample use case of this flag is for 330 // banks to hold loan documents for at least 3 years after loan is paid in 331 // full. Here, bucket-level retention is 3 years and the event is loan being 332 // paid in full. In this example, these objects will be held intact for any 333 // number of years until the event has occurred (event-based hold on the 334 // object is released) and then 3 more years after that. That means retention 335 // duration of the objects begins from the moment event-based hold 336 // transitioned from true to false. Objects under event-based hold cannot be 337 // deleted, overwritten or archived until the hold is removed. 338 bool default_event_based_hold = 14; 339 340 // User-provided labels, in key/value pairs. 341 map<string, string> labels = 15; 342 343 // The bucket's website configuration, controlling how the service behaves 344 // when accessing bucket contents as a web site. See the 345 // [https://cloud.google.com/storage/docs/static-website][Static Website 346 // Examples] for more information. 347 Website website = 16; 348 349 // The bucket's versioning configuration. 350 Versioning versioning = 17; 351 352 // The bucket's logging configuration, which defines the destination bucket 353 // and optional name prefix for the current bucket's logs. 354 Logging logging = 18; 355 356 // The owner of the bucket. This is always the project team's owner group. 357 Owner owner = 19; 358 359 // Encryption configuration for a bucket. 360 Encryption encryption = 20; 361 362 // The bucket's billing configuration. 363 Billing billing = 21; 364 365 // The bucket's retention policy. The retention policy enforces a minimum 366 // retention time for all objects contained in the bucket, based on their 367 // creation time. Any attempt to overwrite or delete objects younger than the 368 // retention period will result in a PERMISSION_DENIED error. An unlocked 369 // retention policy can be modified or removed from the bucket via a 370 // storage.buckets.update operation. A locked retention policy cannot be 371 // removed or shortened in duration for the lifetime of the bucket. 372 // Attempting to remove or decrease period of a locked retention policy will 373 // result in a PERMISSION_DENIED error. 374 RetentionPolicy retention_policy = 22; 375 376 // The location type of the bucket (region, dual-region, multi-region, etc). 377 string location_type = 23; 378 379 // The bucket's IAM configuration. 380 IamConfiguration iam_configuration = 24; 381 382 // The zone or zones from which the bucket is intended to use zonal quota. 383 // Requests for data from outside the specified affinities are still allowed 384 // but won't be able to use zonal quota. The values are case-insensitive. 385 // Attempting to update this field after bucket is created will result in an 386 // error. 387 repeated string zone_affinity = 25 [deprecated = true]; 388 389 // Reserved for future use. 390 bool satisfies_pzs = 26; 391 392 // The bucket's autoclass configuration. If there is no configuration, the 393 // Autoclass feature will be disabled and have no effect on the bucket. 394 Autoclass autoclass = 28; 395} 396 397// An access-control entry. 398message BucketAccessControl { 399 // The access permission for the entity. 400 string role = 1; 401 402 // HTTP 1.1 ["https://tools.ietf.org/html/rfc7232#section-2.3][Entity tag] 403 // for the access-control entry. 404 string etag = 2; 405 406 // The ID of the access-control entry. 407 string id = 3; 408 409 // The name of the bucket. 410 string bucket = 4; 411 412 // The entity holding the permission, in one of the following forms: 413 // * `user-{userid}` 414 // * `user-{email}` 415 // * `group-{groupid}` 416 // * `group-{email}` 417 // * `domain-{domain}` 418 // * `project-{team-projectid}` 419 // * `allUsers` 420 // * `allAuthenticatedUsers` 421 // Examples: 422 // * The user `[email protected]` would be `[email protected]`. 423 // * The group `[email protected]` would be 424 // `[email protected]` 425 // * All members of the Google Apps for Business domain `example.com` would be 426 // `domain-example.com` 427 string entity = 6; 428 429 // The ID for the entity, if any. 430 string entity_id = 7; 431 432 // The email address associated with the entity, if any. 433 string email = 8; 434 435 // The domain associated with the entity, if any. 436 string domain = 9; 437 438 // The project team associated with the entity, if any. 439 ProjectTeam project_team = 10; 440} 441 442// The response to a call to BucketAccessControls.ListBucketAccessControls. 443message ListBucketAccessControlsResponse { 444 // The list of items. 445 repeated BucketAccessControl items = 1; 446} 447 448// The result of a call to Buckets.ListBuckets 449message ListBucketsResponse { 450 // The list of items. 451 repeated Bucket items = 1; 452 453 // The continuation token, used to page through large result sets. Provide 454 // this value in a subsequent request to return the next page of results. 455 string next_page_token = 2; 456} 457 458// An notification channel used to watch for resource changes. 459message Channel { 460 // A UUID or similar unique string that identifies this channel. 461 string id = 1; 462 463 // An opaque ID that identifies the resource being watched on this channel. 464 // Stable across different API versions. 465 string resource_id = 2; 466 467 // A version-specific identifier for the watched resource. 468 string resource_uri = 3; 469 470 // An arbitrary string delivered to the target address with each notification 471 // delivered over this channel. Optional. 472 string token = 4; 473 474 // Date and time of notification channel expiration. Optional. 475 google.protobuf.Timestamp expiration = 5; 476 477 // The type of delivery mechanism used for this channel. 478 string type = 6; 479 480 // The address where notifications are delivered for this channel. 481 string address = 7; 482 483 // Additional parameters controlling delivery channel behavior. Optional. 484 map<string, string> params = 8; 485 486 // A Boolean value to indicate whether payload is wanted. Optional. 487 bool payload = 9; 488} 489 490// The result of a call to Channels.ListChannels 491message ListChannelsResponse { 492 message Items { 493 // User-specified name for a channel. Needed to unsubscribe. 494 string channel_id = 1; 495 496 // Opaque value generated by GCS representing a bucket. Needed to 497 // unsubscribe. 498 string resource_id = 2; 499 500 // Url used to identify where notifications are sent to. 501 string push_url = 3; 502 503 // Email address of the subscriber. 504 string subscriber_email = 4; 505 506 // Time when the channel was created. 507 google.protobuf.Timestamp creation_time = 5; 508 } 509 510 // The list of notification channels for a bucket. 511 repeated Items items = 1; 512} 513 514// Message used to convey content being read or written, along with its 515// checksum. 516message ChecksummedData { 517 // The data. 518 bytes content = 1; 519 520 // CRC32C digest of the contents. 521 google.protobuf.UInt32Value crc32c = 2; 522} 523 524// Message used for storing full (not subrange) object checksums. 525message ObjectChecksums { 526 // CRC32C digest of the object data. Computed by the GCS service for 527 // all written objects, and validated by the GCS service against 528 // client-supplied values if present in an InsertObjectRequest. 529 google.protobuf.UInt32Value crc32c = 1; 530 531 // Hex-encoded MD5 hash of the object data (hexdigest). Whether/how this 532 // checksum is provided and validated is service-dependent. 533 string md5_hash = 2; 534} 535 536// A collection of enums used in multiple places throughout the API. 537message CommonEnums { 538 // A set of properties to return in a response. 539 enum Projection { 540 // No specified projection. 541 PROJECTION_UNSPECIFIED = 0; 542 543 // Omit `owner`, `acl`, and `defaultObjectAcl` properties. 544 NO_ACL = 1; 545 546 // Include all properties. 547 FULL = 2; 548 } 549 550 // Predefined or "canned" aliases for sets of specific bucket ACL entries. 551 enum PredefinedBucketAcl { 552 // No predefined ACL. 553 PREDEFINED_BUCKET_ACL_UNSPECIFIED = 0; 554 555 // Project team owners get `OWNER` access, and 556 // `allAuthenticatedUsers` get `READER` access. 557 BUCKET_ACL_AUTHENTICATED_READ = 1; 558 559 // Project team owners get `OWNER` access. 560 BUCKET_ACL_PRIVATE = 2; 561 562 // Project team members get access according to their roles. 563 BUCKET_ACL_PROJECT_PRIVATE = 3; 564 565 // Project team owners get `OWNER` access, and 566 // `allUsers` get `READER` access. 567 BUCKET_ACL_PUBLIC_READ = 4; 568 569 // Project team owners get `OWNER` access, and 570 // `allUsers` get `WRITER` access. 571 BUCKET_ACL_PUBLIC_READ_WRITE = 5; 572 } 573 574 // Predefined or "canned" aliases for sets of specific object ACL entries. 575 enum PredefinedObjectAcl { 576 // No predefined ACL. 577 PREDEFINED_OBJECT_ACL_UNSPECIFIED = 0; 578 579 // Object owner gets `OWNER` access, and 580 // `allAuthenticatedUsers` get `READER` access. 581 OBJECT_ACL_AUTHENTICATED_READ = 1; 582 583 // Object owner gets `OWNER` access, and project team owners get 584 // `OWNER` access. 585 OBJECT_ACL_BUCKET_OWNER_FULL_CONTROL = 2; 586 587 // Object owner gets `OWNER` access, and project team owners get 588 // `READER` access. 589 OBJECT_ACL_BUCKET_OWNER_READ = 3; 590 591 // Object owner gets `OWNER` access. 592 OBJECT_ACL_PRIVATE = 4; 593 594 // Object owner gets `OWNER` access, and project team members get 595 // access according to their roles. 596 OBJECT_ACL_PROJECT_PRIVATE = 5; 597 598 // Object owner gets `OWNER` access, and `allUsers` 599 // get `READER` access. 600 OBJECT_ACL_PUBLIC_READ = 6; 601 } 602 603 604} 605 606// Specifies a requested range of bytes to download. 607message ContentRange { 608 // The starting offset of the object data. 609 int64 start = 1; 610 611 // The ending offset of the object data. 612 int64 end = 2; 613 614 // The complete length of the object data. 615 int64 complete_length = 3; 616} 617 618// Hmac Key Metadata, which includes all information other than the secret. 619message HmacKeyMetadata { 620 // Resource name ID of the key in the format <projectId>/<accessId>. 621 string id = 1; 622 623 // Globally unique id for keys. 624 string access_id = 2; 625 626 // The project ID that the hmac key is contained in. 627 string project_id = 3; 628 629 // Email of the service account the key authenticates as. 630 string service_account_email = 4; 631 632 // State of the key. One of ACTIVE, INACTIVE, or DELETED. 633 string state = 5; 634 635 // The creation time of the HMAC key in RFC 3339 format. 636 google.protobuf.Timestamp time_created = 6; 637 638 // The last modification time of the HMAC key metadata in RFC 3339 format. 639 google.protobuf.Timestamp updated = 7; 640 641 // Tag updated with each key update. 642 string etag = 8; 643} 644 645// A subscription to receive Google PubSub notifications. 646message Notification { 647 // The Cloud PubSub topic to which this subscription publishes. Formatted as: 648 // '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}' 649 string topic = 1; 650 651 // If present, only send notifications about listed event types. If empty, 652 // sent notifications for all event types. 653 repeated string event_types = 2; 654 655 // An optional list of additional attributes to attach to each Cloud PubSub 656 // message published for this notification subscription. 657 map<string, string> custom_attributes = 3; 658 659 // HTTP 1.1 [https://tools.ietf.org/html/rfc7232#section-2.3][Entity tag] 660 // for this subscription notification. 661 string etag = 4; 662 663 // If present, only apply this notification configuration to object names that 664 // begin with this prefix. 665 string object_name_prefix = 5; 666 667 // The desired content of the Payload. 668 string payload_format = 6; 669 670 // The ID of the notification. 671 string id = 7; 672} 673 674// The result of a call to Notifications.ListNotifications 675message ListNotificationsResponse { 676 // The list of items. 677 repeated Notification items = 1; 678} 679 680// An object. 681message Object { 682 // Describes the customer-specified mechanism used to store the data at rest. 683 message CustomerEncryption { 684 // The encryption algorithm. 685 string encryption_algorithm = 1; 686 687 // SHA256 hash value of the encryption key. 688 string key_sha256 = 2; 689 } 690 691 // Content-Encoding of the object data, matching 692 // [https://tools.ietf.org/html/rfc7231#section-3.1.2.2][RFC 7231 §3.1.2.2] 693 string content_encoding = 1; 694 695 // Content-Disposition of the object data, matching 696 // [https://tools.ietf.org/html/rfc6266][RFC 6266]. 697 string content_disposition = 2; 698 699 // Cache-Control directive for the object data, matching 700 // [https://tools.ietf.org/html/rfc7234#section-5.2"][RFC 7234 §5.2]. 701 // If omitted, and the object is accessible to all anonymous users, the 702 // default will be `public, max-age=3600`. 703 string cache_control = 3; 704 705 // Access controls on the object. 706 repeated ObjectAccessControl acl = 4; 707 708 // Content-Language of the object data, matching 709 // [https://tools.ietf.org/html/rfc7231#section-3.1.3.2][RFC 7231 §3.1.3.2]. 710 string content_language = 5; 711 712 // The version of the metadata for this object at this generation. Used for 713 // preconditions and for detecting changes in metadata. A metageneration 714 // number is only meaningful in the context of a particular generation of a 715 // particular object. 716 // Attempting to set or update this field will result in a 717 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 718 int64 metageneration = 6; 719 720 // The deletion time of the object. Will be returned if and only if this 721 // version of the object has been deleted. 722 // Attempting to set or update this field will result in a 723 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 724 google.protobuf.Timestamp time_deleted = 7; 725 726 // Content-Type of the object data, matching 727 // [https://tools.ietf.org/html/rfc7231#section-3.1.1.5][RFC 7231 §3.1.1.5]. 728 // If an object is stored without a Content-Type, it is served as 729 // `application/octet-stream`. 730 string content_type = 8; 731 732 // Content-Length of the object data in bytes, matching 733 // [https://tools.ietf.org/html/rfc7230#section-3.3.2][RFC 7230 §3.3.2]. 734 // Attempting to set or update this field will result in a 735 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 736 int64 size = 9; 737 738 // The creation time of the object. 739 // Attempting to set or update this field will result in a 740 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 741 google.protobuf.Timestamp time_created = 10; 742 743 // CRC32c checksum. For more information about using the CRC32c 744 // checksum, see 745 // [https://cloud.google.com/storage/docs/hashes-etags#json-api][Hashes and 746 // ETags: Best Practices]. This is a server determined value and should not be 747 // supplied by the user when sending an Object. The server will ignore any 748 // value provided. Users should instead use the object_checksums field on the 749 // InsertObjectRequest when uploading an object. 750 google.protobuf.UInt32Value crc32c = 11; 751 752 // Number of underlying components that make up this object. Components are 753 // accumulated by compose operations. 754 // Attempting to set or update this field will result in a 755 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 756 int32 component_count = 12; 757 758 // MD5 hash of the data; encoded using base64 as per 759 // [https://tools.ietf.org/html/rfc4648#section-4][RFC 4648 §4]. For more 760 // information about using the MD5 hash, see 761 // [https://cloud.google.com/storage/docs/hashes-etags#json-api][Hashes and 762 // ETags: Best Practices]. This is a server determined value and should not be 763 // supplied by the user when sending an Object. The server will ignore any 764 // value provided. Users should instead use the object_checksums field on the 765 // InsertObjectRequest when uploading an object. 766 string md5_hash = 13; 767 768 // HTTP 1.1 Entity tag for the object. See 769 // [https://tools.ietf.org/html/rfc7232#section-2.3][RFC 7232 §2.3]. 770 // Attempting to set or update this field will result in a 771 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 772 string etag = 14; 773 774 // The modification time of the object metadata. 775 // Attempting to set or update this field will result in a 776 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 777 google.protobuf.Timestamp updated = 15; 778 779 // Storage class of the object. 780 string storage_class = 16; 781 782 // Cloud KMS Key used to encrypt this object, if the object is encrypted by 783 // such a key. 784 string kms_key_name = 17; 785 786 // The time at which the object's storage class was last changed. When the 787 // object is initially created, it will be set to time_created. 788 // Attempting to set or update this field will result in a 789 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 790 google.protobuf.Timestamp time_storage_class_updated = 18; 791 792 // Whether an object is under temporary hold. While this flag is set to true, 793 // the object is protected against deletion and overwrites. A common use case 794 // of this flag is regulatory investigations where objects need to be retained 795 // while the investigation is ongoing. Note that unlike event-based hold, 796 // temporary hold does not impact retention expiration time of an object. 797 bool temporary_hold = 19; 798 799 // A server-determined value that specifies the earliest time that the 800 // object's retention period expires. This value is in 801 // [https://tools.ietf.org/html/rfc3339][RFC 3339] format. 802 // Note 1: This field is not provided for objects with an active event-based 803 // hold, since retention expiration is unknown until the hold is removed. 804 // Note 2: This value can be provided even when temporary hold is set (so that 805 // the user can reason about policy without having to first unset the 806 // temporary hold). 807 google.protobuf.Timestamp retention_expiration_time = 20; 808 809 // User-provided metadata, in key/value pairs. 810 map<string, string> metadata = 21; 811 812 // Whether an object is under event-based hold. Event-based hold is a way to 813 // retain objects until an event occurs, which is signified by the 814 // hold's release (i.e. this value is set to false). After being released (set 815 // to false), such objects will be subject to bucket-level retention (if any). 816 // One sample use case of this flag is for banks to hold loan documents for at 817 // least 3 years after loan is paid in full. Here, bucket-level retention is 3 818 // years and the event is the loan being paid in full. In this example, these 819 // objects will be held intact for any number of years until the event has 820 // occurred (event-based hold on the object is released) and then 3 more years 821 // after that. That means retention duration of the objects begins from the 822 // moment event-based hold transitioned from true to false. 823 google.protobuf.BoolValue event_based_hold = 29; 824 825 // The name of the object. 826 // Attempting to update this field after the object is created will result in 827 // an error. 828 string name = 23; 829 830 // The ID of the object, including the bucket name, object name, and 831 // generation number. 832 // Attempting to update this field after the object is created will result in 833 // an error. 834 string id = 24; 835 836 // The name of the bucket containing this object. 837 // Attempting to update this field after the object is created will result in 838 // an error. 839 string bucket = 25; 840 841 // The content generation of this object. Used for object versioning. 842 // Attempting to set or update this field will result in a 843 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 844 int64 generation = 26; 845 846 // The owner of the object. This will always be the uploader of the object. 847 // Attempting to set or update this field will result in a 848 // [FieldViolation][google.rpc.BadRequest.FieldViolation]. 849 Owner owner = 27; 850 851 // Metadata of customer-supplied encryption key, if the object is encrypted by 852 // such a key. 853 CustomerEncryption customer_encryption = 28; 854 855 // A user-specified timestamp set on an object. 856 google.protobuf.Timestamp custom_time = 30; 857} 858 859// An access-control entry. 860message ObjectAccessControl { 861 // The access permission for the entity. 862 string role = 1; 863 864 // HTTP 1.1 Entity tag for the access-control entry. 865 // See [https://tools.ietf.org/html/rfc7232#section-2.3][RFC 7232 §2.3]. 866 string etag = 2; 867 868 // The ID of the access-control entry. 869 string id = 3; 870 871 // The name of the bucket. 872 string bucket = 4; 873 874 // The name of the object, if applied to an object. 875 string object = 5; 876 877 // The content generation of the object, if applied to an object. 878 int64 generation = 6; 879 880 // The entity holding the permission, in one of the following forms: 881 // * `user-{userid}` 882 // * `user-{email}` 883 // * `group-{groupid}` 884 // * `group-{email}` 885 // * `domain-{domain}` 886 // * `project-{team-projectid}` 887 // * `allUsers` 888 // * `allAuthenticatedUsers` 889 // Examples: 890 // * The user `[email protected]` would be `[email protected]`. 891 // * The group `[email protected]` would be 892 // `[email protected]`. 893 // * All members of the Google Apps for Business domain `example.com` would be 894 // `domain-example.com`. 895 string entity = 7; 896 897 // The ID for the entity, if any. 898 string entity_id = 8; 899 900 // The email address associated with the entity, if any. 901 string email = 9; 902 903 // The domain associated with the entity, if any. 904 string domain = 10; 905 906 // The project team associated with the entity, if any. 907 ProjectTeam project_team = 11; 908} 909 910// The result of a call to ObjectAccessControls.ListObjectAccessControls. 911message ListObjectAccessControlsResponse { 912 // The list of items. 913 repeated ObjectAccessControl items = 1; 914} 915 916// The result of a call to Objects.ListObjects 917message ListObjectsResponse { 918 // The list of prefixes of objects matching-but-not-listed up to and including 919 // the requested delimiter. 920 repeated string prefixes = 1; 921 922 // The list of items. 923 repeated Object items = 2; 924 925 // The continuation token, used to page through large result sets. Provide 926 // this value in a subsequent request to return the next page of results. 927 string next_page_token = 3; 928} 929 930// Represents the Viewers, Editors, or Owners of a given project. 931message ProjectTeam { 932 // The project number. 933 string project_number = 1; 934 935 // The team. 936 string team = 2; 937} 938 939// A subscription to receive Google PubSub notifications. 940message ServiceAccount { 941 // The ID of the notification. 942 string email_address = 1; 943} 944 945// The owner of a specific resource. 946message Owner { 947 // The entity, in the form `user-`*userId*. 948 string entity = 1; 949 950 // The ID for the entity. 951 string entity_id = 2; 952} 953