1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.storage.v2; 18 19import "google/api/client.proto"; 20import "google/api/field_behavior.proto"; 21import "google/api/resource.proto"; 22import "google/api/routing.proto"; 23import "google/iam/v1/iam_policy.proto"; 24import "google/iam/v1/policy.proto"; 25import "google/protobuf/duration.proto"; 26import "google/protobuf/empty.proto"; 27import "google/protobuf/field_mask.proto"; 28import "google/protobuf/timestamp.proto"; 29import "google/type/date.proto"; 30 31option go_package = "cloud.google.com/go/storage/internal/apiv2/storagepb;storagepb"; 32option java_multiple_files = true; 33option java_outer_classname = "StorageProto"; 34option java_package = "com.google.storage.v2"; 35option (google.api.resource_definition) = { 36 type: "cloudkms.googleapis.com/CryptoKey" 37 pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" 38}; 39 40// ## API Overview and Naming Syntax 41// 42// The Cloud Storage gRPC API allows applications to read and write data through 43// the abstractions of buckets and objects. For a description of these 44// abstractions please see https://cloud.google.com/storage/docs. 45// 46// Resources are named as follows: 47// - Projects are referred to as they are defined by the Resource Manager API, 48// using strings like `projects/123456` or `projects/my-string-id`. 49// - Buckets are named using string names of the form: 50// `projects/{project}/buckets/{bucket}` 51// For globally unique buckets, `_` may be substituted for the project. 52// - Objects are uniquely identified by their name along with the name of the 53// bucket they belong to, as separate strings in this API. For example: 54// 55// ReadObjectRequest { 56// bucket: 'projects/_/buckets/my-bucket' 57// object: 'my-object' 58// } 59// Note that object names can contain `/` characters, which are treated as 60// any other character (no special directory semantics). 61service Storage { 62 option (google.api.default_host) = "storage.googleapis.com"; 63 option (google.api.oauth_scopes) = 64 "https://www.googleapis.com/auth/cloud-platform," 65 "https://www.googleapis.com/auth/cloud-platform.read-only," 66 "https://www.googleapis.com/auth/devstorage.full_control," 67 "https://www.googleapis.com/auth/devstorage.read_only," 68 "https://www.googleapis.com/auth/devstorage.read_write"; 69 70 // Permanently deletes an empty bucket. 71 rpc DeleteBucket(DeleteBucketRequest) returns (google.protobuf.Empty) { 72 option (google.api.routing) = { 73 routing_parameters { field: "name" path_template: "{bucket=**}" } 74 }; 75 option (google.api.method_signature) = "name"; 76 } 77 78 // Returns metadata for the specified bucket. 79 rpc GetBucket(GetBucketRequest) returns (Bucket) { 80 option (google.api.routing) = { 81 routing_parameters { field: "name" path_template: "{bucket=**}" } 82 }; 83 option (google.api.method_signature) = "name"; 84 } 85 86 // Creates a new bucket. 87 rpc CreateBucket(CreateBucketRequest) returns (Bucket) { 88 option (google.api.routing) = { 89 routing_parameters { field: "parent" path_template: "{project=**}" } 90 routing_parameters { 91 field: "bucket.project" 92 path_template: "{project=**}" 93 } 94 }; 95 option (google.api.method_signature) = "parent,bucket,bucket_id"; 96 } 97 98 // Retrieves a list of buckets for a given project. 99 rpc ListBuckets(ListBucketsRequest) returns (ListBucketsResponse) { 100 option (google.api.routing) = { 101 routing_parameters { field: "parent" path_template: "{project=**}" } 102 }; 103 option (google.api.method_signature) = "parent"; 104 } 105 106 // Locks retention policy on a bucket. 107 rpc LockBucketRetentionPolicy(LockBucketRetentionPolicyRequest) 108 returns (Bucket) { 109 option (google.api.routing) = { 110 routing_parameters { field: "bucket" path_template: "{bucket=**}" } 111 }; 112 option (google.api.method_signature) = "bucket"; 113 } 114 115 // Gets the IAM policy for a specified bucket. 116 // The `resource` field in the request should be 117 // `projects/_/buckets/{bucket}`. 118 rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) 119 returns (google.iam.v1.Policy) { 120 option (google.api.routing) = { 121 routing_parameters { field: "resource" path_template: "{bucket=**}" } 122 }; 123 option (google.api.method_signature) = "resource"; 124 } 125 126 // Updates an IAM policy for the specified bucket. 127 // The `resource` field in the request should be 128 // `projects/_/buckets/{bucket}`. 129 rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) 130 returns (google.iam.v1.Policy) { 131 option (google.api.routing) = { 132 routing_parameters { field: "resource" path_template: "{bucket=**}" } 133 }; 134 option (google.api.method_signature) = "resource,policy"; 135 } 136 137 // Tests a set of permissions on the given bucket or object to see which, if 138 // any, are held by the caller. 139 // The `resource` field in the request should be 140 // `projects/_/buckets/{bucket}` for a bucket or 141 // `projects/_/buckets/{bucket}/objects/{object}` for an object. 142 rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) 143 returns (google.iam.v1.TestIamPermissionsResponse) { 144 option (google.api.routing) = { 145 routing_parameters { field: "resource" path_template: "{bucket=**}" } 146 routing_parameters { 147 field: "resource" 148 path_template: "{bucket=projects/*/buckets/*}/objects/**" 149 } 150 }; 151 option (google.api.method_signature) = "resource,permissions"; 152 } 153 154 // Updates a bucket. Equivalent to JSON API's storage.buckets.patch method. 155 rpc UpdateBucket(UpdateBucketRequest) returns (Bucket) { 156 option (google.api.routing) = { 157 routing_parameters { field: "bucket.name" path_template: "{bucket=**}" } 158 }; 159 option (google.api.method_signature) = "bucket,update_mask"; 160 } 161 162 // Permanently deletes a NotificationConfig. 163 rpc DeleteNotificationConfig(DeleteNotificationConfigRequest) 164 returns (google.protobuf.Empty) { 165 option (google.api.routing) = { 166 routing_parameters { 167 field: "name" 168 path_template: "{bucket=projects/*/buckets/*}/**" 169 } 170 }; 171 option (google.api.method_signature) = "name"; 172 } 173 174 // View a NotificationConfig. 175 rpc GetNotificationConfig(GetNotificationConfigRequest) 176 returns (NotificationConfig) { 177 option (google.api.routing) = { 178 routing_parameters { 179 field: "name" 180 path_template: "{bucket=projects/*/buckets/*}/**" 181 } 182 }; 183 option (google.api.method_signature) = "name"; 184 } 185 186 // Creates a NotificationConfig for a given bucket. 187 // These NotificationConfigs, when triggered, publish messages to the 188 // specified Pub/Sub topics. See 189 // https://cloud.google.com/storage/docs/pubsub-notifications. 190 rpc CreateNotificationConfig(CreateNotificationConfigRequest) 191 returns (NotificationConfig) { 192 option (google.api.routing) = { 193 routing_parameters { field: "parent" path_template: "{bucket=**}" } 194 }; 195 option (google.api.method_signature) = "parent,notification_config"; 196 } 197 198 // Retrieves a list of NotificationConfigs for a given bucket. 199 rpc ListNotificationConfigs(ListNotificationConfigsRequest) 200 returns (ListNotificationConfigsResponse) { 201 option (google.api.routing) = { 202 routing_parameters { field: "parent" path_template: "{bucket=**}" } 203 }; 204 option (google.api.method_signature) = "parent"; 205 } 206 207 // Concatenates a list of existing objects into a new object in the same 208 // bucket. 209 rpc ComposeObject(ComposeObjectRequest) returns (Object) { 210 option (google.api.routing) = { 211 routing_parameters { 212 field: "destination.bucket" 213 path_template: "{bucket=**}" 214 } 215 }; 216 } 217 218 // Deletes an object and its metadata. 219 // 220 // Deletions are normally permanent when versioning is disabled or whenever 221 // the generation parameter is used. However, if soft delete is enabled for 222 // the bucket, deleted objects can be restored using RestoreObject until the 223 // soft delete retention period has passed. 224 rpc DeleteObject(DeleteObjectRequest) returns (google.protobuf.Empty) { 225 option (google.api.routing) = { 226 routing_parameters { field: "bucket" path_template: "{bucket=**}" } 227 }; 228 option (google.api.method_signature) = "bucket,object"; 229 option (google.api.method_signature) = "bucket,object,generation"; 230 } 231 232 // Restores a soft-deleted object. 233 rpc RestoreObject(RestoreObjectRequest) returns (Object) { 234 option (google.api.routing) = { 235 routing_parameters { field: "bucket" path_template: "{bucket=**}" } 236 }; 237 option (google.api.method_signature) = "bucket,object,generation"; 238 } 239 240 // Cancels an in-progress resumable upload. 241 // 242 // Any attempts to write to the resumable upload after cancelling the upload 243 // will fail. 244 // 245 // The behavior for currently in progress write operations is not guaranteed - 246 // they could either complete before the cancellation or fail if the 247 // cancellation completes first. 248 rpc CancelResumableWrite(CancelResumableWriteRequest) 249 returns (CancelResumableWriteResponse) { 250 option (google.api.routing) = { 251 routing_parameters { 252 field: "upload_id" 253 path_template: "{bucket=projects/*/buckets/*}/**" 254 } 255 }; 256 option (google.api.method_signature) = "upload_id"; 257 } 258 259 // Retrieves an object's metadata. 260 rpc GetObject(GetObjectRequest) returns (Object) { 261 option (google.api.routing) = { 262 routing_parameters { field: "bucket" path_template: "{bucket=**}" } 263 }; 264 option (google.api.method_signature) = "bucket,object"; 265 option (google.api.method_signature) = "bucket,object,generation"; 266 } 267 268 // Reads an object's data. 269 rpc ReadObject(ReadObjectRequest) returns (stream ReadObjectResponse) { 270 option (google.api.routing) = { 271 routing_parameters { field: "bucket" path_template: "{bucket=**}" } 272 }; 273 option (google.api.method_signature) = "bucket,object"; 274 option (google.api.method_signature) = "bucket,object,generation"; 275 } 276 277 // Updates an object's metadata. 278 // Equivalent to JSON API's storage.objects.patch. 279 rpc UpdateObject(UpdateObjectRequest) returns (Object) { 280 option (google.api.routing) = { 281 routing_parameters { field: "object.bucket" path_template: "{bucket=**}" } 282 }; 283 option (google.api.method_signature) = "object,update_mask"; 284 } 285 286 // Stores a new object and metadata. 287 // 288 // An object can be written either in a single message stream or in a 289 // resumable sequence of message streams. To write using a single stream, 290 // the client should include in the first message of the stream an 291 // `WriteObjectSpec` describing the destination bucket, object, and any 292 // preconditions. Additionally, the final message must set 'finish_write' to 293 // true, or else it is an error. 294 // 295 // For a resumable write, the client should instead call 296 // `StartResumableWrite()`, populating a `WriteObjectSpec` into that request. 297 // They should then attach the returned `upload_id` to the first message of 298 // each following call to `WriteObject`. If the stream is closed before 299 // finishing the upload (either explicitly by the client or due to a network 300 // error or an error response from the server), the client should do as 301 // follows: 302 // - Check the result Status of the stream, to determine if writing can be 303 // resumed on this stream or must be restarted from scratch (by calling 304 // `StartResumableWrite()`). The resumable errors are DEADLINE_EXCEEDED, 305 // INTERNAL, and UNAVAILABLE. For each case, the client should use binary 306 // exponential backoff before retrying. Additionally, writes can be 307 // resumed after RESOURCE_EXHAUSTED errors, but only after taking 308 // appropriate measures, which may include reducing aggregate send rate 309 // across clients and/or requesting a quota increase for your project. 310 // - If the call to `WriteObject` returns `ABORTED`, that indicates 311 // concurrent attempts to update the resumable write, caused either by 312 // multiple racing clients or by a single client where the previous 313 // request was timed out on the client side but nonetheless reached the 314 // server. In this case the client should take steps to prevent further 315 // concurrent writes (e.g., increase the timeouts, stop using more than 316 // one process to perform the upload, etc.), and then should follow the 317 // steps below for resuming the upload. 318 // - For resumable errors, the client should call `QueryWriteStatus()` and 319 // then continue writing from the returned `persisted_size`. This may be 320 // less than the amount of data the client previously sent. Note also that 321 // it is acceptable to send data starting at an offset earlier than the 322 // returned `persisted_size`; in this case, the service will skip data at 323 // offsets that were already persisted (without checking that it matches 324 // the previously written data), and write only the data starting from the 325 // persisted offset. Even though the data isn't written, it may still 326 // incur a performance cost over resuming at the correct write offset. 327 // This behavior can make client-side handling simpler in some cases. 328 // - Clients must only send data that is a multiple of 256 KiB per message, 329 // unless the object is being finished with `finish_write` set to `true`. 330 // 331 // The service will not view the object as complete until the client has 332 // sent a `WriteObjectRequest` with `finish_write` set to `true`. Sending any 333 // requests on a stream after sending a request with `finish_write` set to 334 // `true` will cause an error. The client **should** check the response it 335 // receives to determine how much data the service was able to commit and 336 // whether the service views the object as complete. 337 // 338 // Attempting to resume an already finalized object will result in an OK 339 // status, with a WriteObjectResponse containing the finalized object's 340 // metadata. 341 // 342 // Alternatively, the BidiWriteObject operation may be used to write an 343 // object with controls over flushing and the ability to fetch the ability to 344 // determine the current persisted size. 345 rpc WriteObject(stream WriteObjectRequest) returns (WriteObjectResponse) {} 346 347 // Stores a new object and metadata. 348 // 349 // This is similar to the WriteObject call with the added support for 350 // manual flushing of persisted state, and the ability to determine current 351 // persisted size without closing the stream. 352 // 353 // The client may specify one or both of the `state_lookup` and `flush` fields 354 // in each BidiWriteObjectRequest. If `flush` is specified, the data written 355 // so far will be persisted to storage. If `state_lookup` is specified, the 356 // service will respond with a BidiWriteObjectResponse that contains the 357 // persisted size. If both `flush` and `state_lookup` are specified, the flush 358 // will always occur before a `state_lookup`, so that both may be set in the 359 // same request and the returned state will be the state of the object 360 // post-flush. When the stream is closed, a BidiWriteObjectResponse will 361 // always be sent to the client, regardless of the value of `state_lookup`. 362 rpc BidiWriteObject(stream BidiWriteObjectRequest) 363 returns (stream BidiWriteObjectResponse) {} 364 365 // Retrieves a list of objects matching the criteria. 366 rpc ListObjects(ListObjectsRequest) returns (ListObjectsResponse) { 367 option (google.api.routing) = { 368 routing_parameters { field: "parent" path_template: "{bucket=**}" } 369 }; 370 option (google.api.method_signature) = "parent"; 371 } 372 373 // Rewrites a source object to a destination object. Optionally overrides 374 // metadata. 375 rpc RewriteObject(RewriteObjectRequest) returns (RewriteResponse) { 376 option (google.api.routing) = { 377 routing_parameters { field: "source_bucket" } 378 routing_parameters { 379 field: "destination_bucket" 380 path_template: "{bucket=**}" 381 } 382 }; 383 } 384 385 // Starts a resumable write. How long the write operation remains valid, and 386 // what happens when the write operation becomes invalid, are 387 // service-dependent. 388 rpc StartResumableWrite(StartResumableWriteRequest) 389 returns (StartResumableWriteResponse) { 390 option (google.api.routing) = { 391 routing_parameters { 392 field: "write_object_spec.resource.bucket" 393 path_template: "{bucket=**}" 394 } 395 }; 396 } 397 398 // Determines the `persisted_size` for an object that is being written, which 399 // can then be used as the `write_offset` for the next `Write()` call. 400 // 401 // If the object does not exist (i.e., the object has been deleted, or the 402 // first `Write()` has not yet reached the service), this method returns the 403 // error `NOT_FOUND`. 404 // 405 // The client **may** call `QueryWriteStatus()` at any time to determine how 406 // much data has been processed for this object. This is useful if the 407 // client is buffering data and needs to know which data can be safely 408 // evicted. For any sequence of `QueryWriteStatus()` calls for a given 409 // object name, the sequence of returned `persisted_size` values will be 410 // non-decreasing. 411 rpc QueryWriteStatus(QueryWriteStatusRequest) 412 returns (QueryWriteStatusResponse) { 413 option (google.api.routing) = { 414 routing_parameters { 415 field: "upload_id" 416 path_template: "{bucket=projects/*/buckets/*}/**" 417 } 418 }; 419 option (google.api.method_signature) = "upload_id"; 420 } 421 422 // Retrieves the name of a project's Google Cloud Storage service account. 423 rpc GetServiceAccount(GetServiceAccountRequest) returns (ServiceAccount) { 424 option (google.api.routing) = { 425 routing_parameters { field: "project" } 426 }; 427 option (google.api.method_signature) = "project"; 428 } 429 430 // Creates a new HMAC key for the given service account. 431 rpc CreateHmacKey(CreateHmacKeyRequest) returns (CreateHmacKeyResponse) { 432 option (google.api.routing) = { 433 routing_parameters { field: "project" } 434 }; 435 option (google.api.method_signature) = "project,service_account_email"; 436 } 437 438 // Deletes a given HMAC key. Key must be in an INACTIVE state. 439 rpc DeleteHmacKey(DeleteHmacKeyRequest) returns (google.protobuf.Empty) { 440 option (google.api.routing) = { 441 routing_parameters { field: "project" } 442 }; 443 option (google.api.method_signature) = "access_id,project"; 444 } 445 446 // Gets an existing HMAC key metadata for the given id. 447 rpc GetHmacKey(GetHmacKeyRequest) returns (HmacKeyMetadata) { 448 option (google.api.routing) = { 449 routing_parameters { field: "project" } 450 }; 451 option (google.api.method_signature) = "access_id,project"; 452 } 453 454 // Lists HMAC keys under a given project with the additional filters provided. 455 rpc ListHmacKeys(ListHmacKeysRequest) returns (ListHmacKeysResponse) { 456 option (google.api.routing) = { 457 routing_parameters { field: "project" } 458 }; 459 option (google.api.method_signature) = "project"; 460 } 461 462 // Updates a given HMAC key state between ACTIVE and INACTIVE. 463 rpc UpdateHmacKey(UpdateHmacKeyRequest) returns (HmacKeyMetadata) { 464 option (google.api.routing) = { 465 routing_parameters { 466 field: "hmac_key.project" 467 path_template: "{project=**}" 468 } 469 }; 470 option (google.api.method_signature) = "hmac_key,update_mask"; 471 } 472} 473 474// Request message for DeleteBucket. 475message DeleteBucketRequest { 476 // Required. Name of a bucket to delete. 477 string name = 1 [ 478 (google.api.field_behavior) = REQUIRED, 479 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 480 ]; 481 482 // If set, only deletes the bucket if its metageneration matches this value. 483 optional int64 if_metageneration_match = 2; 484 485 // If set, only deletes the bucket if its metageneration does not match this 486 // value. 487 optional int64 if_metageneration_not_match = 3; 488} 489 490// Request message for GetBucket. 491message GetBucketRequest { 492 // Required. Name of a bucket. 493 string name = 1 [ 494 (google.api.field_behavior) = REQUIRED, 495 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 496 ]; 497 498 // If set, and if the bucket's current metageneration does not match the 499 // specified value, the request will return an error. 500 optional int64 if_metageneration_match = 2; 501 502 // If set, and if the bucket's current metageneration matches the specified 503 // value, the request will return an error. 504 optional int64 if_metageneration_not_match = 3; 505 506 // Mask specifying which fields to read. 507 // A "*" field may be used to indicate all fields. 508 // If no mask is specified, will default to all fields. 509 optional google.protobuf.FieldMask read_mask = 5; 510} 511 512// Request message for CreateBucket. 513message CreateBucketRequest { 514 // Required. The project to which this bucket will belong. 515 string parent = 1 [ 516 (google.api.field_behavior) = REQUIRED, 517 (google.api.resource_reference) = { 518 child_type: "storage.googleapis.com/Bucket" 519 } 520 ]; 521 522 // Properties of the new bucket being inserted. 523 // The name of the bucket is specified in the `bucket_id` field. Populating 524 // `bucket.name` field will result in an error. 525 // The project of the bucket must be specified in the `bucket.project` field. 526 // This field must be in `projects/{projectIdentifier}` format, 527 // {projectIdentifier} can be the project ID or project number. The `parent` 528 // field must be either empty or `projects/_`. 529 Bucket bucket = 2; 530 531 // Required. The ID to use for this bucket, which will become the final 532 // component of the bucket's resource name. For example, the value `foo` might 533 // result in a bucket with the name `projects/123456/buckets/foo`. 534 string bucket_id = 3 [(google.api.field_behavior) = REQUIRED]; 535 536 // Apply a predefined set of access controls to this bucket. 537 // Valid values are "authenticatedRead", "private", "projectPrivate", 538 // "publicRead", or "publicReadWrite". 539 string predefined_acl = 6; 540 541 // Apply a predefined set of default object access controls to this bucket. 542 // Valid values are "authenticatedRead", "bucketOwnerFullControl", 543 // "bucketOwnerRead", "private", "projectPrivate", or "publicRead". 544 string predefined_default_object_acl = 7; 545} 546 547// Request message for ListBuckets. 548message ListBucketsRequest { 549 // Required. The project whose buckets we are listing. 550 string parent = 1 [ 551 (google.api.field_behavior) = REQUIRED, 552 (google.api.resource_reference) = { 553 child_type: "storage.googleapis.com/Bucket" 554 } 555 ]; 556 557 // Maximum number of buckets to return in a single response. The service will 558 // use this parameter or 1,000 items, whichever is smaller. If "acl" is 559 // present in the read_mask, the service will use this parameter of 200 items, 560 // whichever is smaller. 561 int32 page_size = 2; 562 563 // A previously-returned page token representing part of the larger set of 564 // results to view. 565 string page_token = 3; 566 567 // Filter results to buckets whose names begin with this prefix. 568 string prefix = 4; 569 570 // Mask specifying which fields to read from each result. 571 // If no mask is specified, will default to all fields except items.owner, 572 // items.acl, and items.default_object_acl. 573 // * may be used to mean "all fields". 574 optional google.protobuf.FieldMask read_mask = 5; 575} 576 577// The result of a call to Buckets.ListBuckets 578message ListBucketsResponse { 579 // The list of items. 580 repeated Bucket buckets = 1; 581 582 // The continuation token, used to page through large result sets. Provide 583 // this value in a subsequent request to return the next page of results. 584 string next_page_token = 2; 585} 586 587// Request message for LockBucketRetentionPolicyRequest. 588message LockBucketRetentionPolicyRequest { 589 // Required. Name of a bucket. 590 string bucket = 1 [ 591 (google.api.field_behavior) = REQUIRED, 592 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 593 ]; 594 595 // Required. Makes the operation conditional on whether bucket's current 596 // metageneration matches the given value. Must be positive. 597 int64 if_metageneration_match = 2 [(google.api.field_behavior) = REQUIRED]; 598} 599 600// Request for UpdateBucket method. 601message UpdateBucketRequest { 602 // Required. The bucket to update. 603 // The bucket's `name` field will be used to identify the bucket. 604 Bucket bucket = 1 [(google.api.field_behavior) = REQUIRED]; 605 606 // If set, will only modify the bucket if its metageneration matches this 607 // value. 608 optional int64 if_metageneration_match = 2; 609 610 // If set, will only modify the bucket if its metageneration does not match 611 // this value. 612 optional int64 if_metageneration_not_match = 3; 613 614 // Apply a predefined set of access controls to this bucket. 615 // Valid values are "authenticatedRead", "private", "projectPrivate", 616 // "publicRead", or "publicReadWrite". 617 string predefined_acl = 8; 618 619 // Apply a predefined set of default object access controls to this bucket. 620 // Valid values are "authenticatedRead", "bucketOwnerFullControl", 621 // "bucketOwnerRead", "private", "projectPrivate", or "publicRead". 622 string predefined_default_object_acl = 9; 623 624 // Required. List of fields to be updated. 625 // 626 // To specify ALL fields, equivalent to the JSON API's "update" function, 627 // specify a single field with the value `*`. Note: not recommended. If a new 628 // field is introduced at a later time, an older client updating with the `*` 629 // may accidentally reset the new field's value. 630 // 631 // Not specifying any fields is an error. 632 google.protobuf.FieldMask update_mask = 6 633 [(google.api.field_behavior) = REQUIRED]; 634} 635 636// Request message for DeleteNotificationConfig. 637message DeleteNotificationConfigRequest { 638 // Required. The parent bucket of the NotificationConfig. 639 string name = 1 [ 640 (google.api.field_behavior) = REQUIRED, 641 (google.api.resource_reference) = { 642 type: "storage.googleapis.com/NotificationConfig" 643 } 644 ]; 645} 646 647// Request message for GetNotificationConfig. 648message GetNotificationConfigRequest { 649 // Required. The parent bucket of the NotificationConfig. 650 // Format: 651 // `projects/{project}/buckets/{bucket}/notificationConfigs/{notificationConfig}` 652 string name = 1 [ 653 (google.api.field_behavior) = REQUIRED, 654 (google.api.resource_reference) = { 655 type: "storage.googleapis.com/NotificationConfig" 656 } 657 ]; 658} 659 660// Request message for CreateNotificationConfig. 661message CreateNotificationConfigRequest { 662 // Required. The bucket to which this NotificationConfig belongs. 663 string parent = 1 [ 664 (google.api.field_behavior) = REQUIRED, 665 (google.api.resource_reference) = { 666 child_type: "storage.googleapis.com/NotificationConfig" 667 } 668 ]; 669 670 // Required. Properties of the NotificationConfig to be inserted. 671 NotificationConfig notification_config = 2 672 [(google.api.field_behavior) = REQUIRED]; 673} 674 675// Request message for ListNotifications. 676message ListNotificationConfigsRequest { 677 // Required. Name of a Google Cloud Storage bucket. 678 string parent = 1 [ 679 (google.api.field_behavior) = REQUIRED, 680 (google.api.resource_reference) = { 681 child_type: "storage.googleapis.com/NotificationConfig" 682 } 683 ]; 684 685 // The maximum number of NotificationConfigs to return. The service may 686 // return fewer than this value. The default value is 100. Specifying a value 687 // above 100 will result in a page_size of 100. 688 int32 page_size = 2; 689 690 // A page token, received from a previous `ListNotificationConfigs` call. 691 // Provide this to retrieve the subsequent page. 692 // 693 // When paginating, all other parameters provided to `ListNotificationConfigs` 694 // must match the call that provided the page token. 695 string page_token = 3; 696} 697 698// The result of a call to ListNotificationConfigs 699message ListNotificationConfigsResponse { 700 // The list of items. 701 repeated NotificationConfig notification_configs = 1; 702 703 // A token, which can be sent as `page_token` to retrieve the next page. 704 // If this field is omitted, there are no subsequent pages. 705 string next_page_token = 2; 706} 707 708// Request message for ComposeObject. 709message ComposeObjectRequest { 710 // Description of a source object for a composition request. 711 message SourceObject { 712 // Preconditions for a source object of a composition request. 713 message ObjectPreconditions { 714 // Only perform the composition if the generation of the source object 715 // that would be used matches this value. If this value and a generation 716 // are both specified, they must be the same value or the call will fail. 717 optional int64 if_generation_match = 1; 718 } 719 720 // Required. The source object's name. All source objects must reside in the 721 // same bucket. 722 string name = 1 [(google.api.field_behavior) = REQUIRED]; 723 724 // The generation of this object to use as the source. 725 int64 generation = 2; 726 727 // Conditions that must be met for this operation to execute. 728 ObjectPreconditions object_preconditions = 3; 729 } 730 731 // Required. Properties of the resulting object. 732 Object destination = 1 [(google.api.field_behavior) = REQUIRED]; 733 734 // The list of source objects that will be concatenated into a single object. 735 repeated SourceObject source_objects = 2; 736 737 // Apply a predefined set of access controls to the destination object. 738 // Valid values are "authenticatedRead", "bucketOwnerFullControl", 739 // "bucketOwnerRead", "private", "projectPrivate", or "publicRead". 740 string destination_predefined_acl = 9; 741 742 // Makes the operation conditional on whether the object's current generation 743 // matches the given value. Setting to 0 makes the operation succeed only if 744 // there are no live versions of the object. 745 optional int64 if_generation_match = 4; 746 747 // Makes the operation conditional on whether the object's current 748 // metageneration matches the given value. 749 optional int64 if_metageneration_match = 5; 750 751 // Resource name of the Cloud KMS key, of the form 752 // `projects/my-project/locations/my-location/keyRings/my-kr/cryptoKeys/my-key`, 753 // that will be used to encrypt the object. Overrides the object 754 // metadata's `kms_key_name` value, if any. 755 string kms_key = 6 [(google.api.resource_reference) = { 756 type: "cloudkms.googleapis.com/CryptoKey" 757 }]; 758 759 // A set of parameters common to Storage API requests concerning an object. 760 CommonObjectRequestParams common_object_request_params = 7; 761 762 // The checksums of the complete object. This will be validated against the 763 // combined checksums of the component objects. 764 ObjectChecksums object_checksums = 10; 765} 766 767// Message for deleting an object. 768// `bucket` and `object` **must** be set. 769message DeleteObjectRequest { 770 // Required. Name of the bucket in which the object resides. 771 string bucket = 1 [ 772 (google.api.field_behavior) = REQUIRED, 773 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 774 ]; 775 776 // Required. The name of the finalized object to delete. 777 // Note: If you want to delete an unfinalized resumable upload please use 778 // `CancelResumableWrite`. 779 string object = 2 [(google.api.field_behavior) = REQUIRED]; 780 781 // If present, permanently deletes a specific revision of this object (as 782 // opposed to the latest version, the default). 783 int64 generation = 4; 784 785 // Makes the operation conditional on whether the object's current generation 786 // matches the given value. Setting to 0 makes the operation succeed only if 787 // there are no live versions of the object. 788 optional int64 if_generation_match = 5; 789 790 // Makes the operation conditional on whether the object's live generation 791 // does not match the given value. If no live object exists, the precondition 792 // fails. Setting to 0 makes the operation succeed only if there is a live 793 // version of the object. 794 optional int64 if_generation_not_match = 6; 795 796 // Makes the operation conditional on whether the object's current 797 // metageneration matches the given value. 798 optional int64 if_metageneration_match = 7; 799 800 // Makes the operation conditional on whether the object's current 801 // metageneration does not match the given value. 802 optional int64 if_metageneration_not_match = 8; 803 804 // A set of parameters common to Storage API requests concerning an object. 805 CommonObjectRequestParams common_object_request_params = 10; 806} 807 808// Message for restoring an object. 809// `bucket`, `object`, and `generation` **must** be set. 810message RestoreObjectRequest { 811 // Required. Name of the bucket in which the object resides. 812 string bucket = 1 [ 813 (google.api.field_behavior) = REQUIRED, 814 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 815 ]; 816 817 // Required. The name of the object to restore. 818 string object = 2 [(google.api.field_behavior) = REQUIRED]; 819 820 // Required. The specific revision of the object to restore. 821 int64 generation = 3 [(google.api.field_behavior) = REQUIRED]; 822 823 // Makes the operation conditional on whether the object's current generation 824 // matches the given value. Setting to 0 makes the operation succeed only if 825 // there are no live versions of the object. 826 optional int64 if_generation_match = 4; 827 828 // Makes the operation conditional on whether the object's live generation 829 // does not match the given value. If no live object exists, the precondition 830 // fails. Setting to 0 makes the operation succeed only if there is a live 831 // version of the object. 832 optional int64 if_generation_not_match = 5; 833 834 // Makes the operation conditional on whether the object's current 835 // metageneration matches the given value. 836 optional int64 if_metageneration_match = 6; 837 838 // Makes the operation conditional on whether the object's current 839 // metageneration does not match the given value. 840 optional int64 if_metageneration_not_match = 7; 841 842 // If false or unset, the bucket's default object ACL will be used. 843 // If true, copy the source object's access controls. 844 // Return an error if bucket has UBLA enabled. 845 optional bool copy_source_acl = 9; 846 847 // A set of parameters common to Storage API requests concerning an object. 848 CommonObjectRequestParams common_object_request_params = 8; 849} 850 851// Message for canceling an in-progress resumable upload. 852// `upload_id` **must** be set. 853message CancelResumableWriteRequest { 854 // Required. The upload_id of the resumable upload to cancel. This should be 855 // copied from the `upload_id` field of `StartResumableWriteResponse`. 856 string upload_id = 1 [(google.api.field_behavior) = REQUIRED]; 857} 858 859// Empty response message for canceling an in-progress resumable upload, will be 860// extended as needed. 861message CancelResumableWriteResponse {} 862 863// Request message for ReadObject. 864message ReadObjectRequest { 865 // Required. The name of the bucket containing the object to read. 866 string bucket = 1 [ 867 (google.api.field_behavior) = REQUIRED, 868 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 869 ]; 870 871 // Required. The name of the object to read. 872 string object = 2 [(google.api.field_behavior) = REQUIRED]; 873 874 // If present, selects a specific revision of this object (as opposed 875 // to the latest version, the default). 876 int64 generation = 3; 877 878 // The offset for the first byte to return in the read, relative to the start 879 // of the object. 880 // 881 // A negative `read_offset` value will be interpreted as the number of bytes 882 // back from the end of the object to be returned. For example, if an object's 883 // length is 15 bytes, a ReadObjectRequest with `read_offset` = -5 and 884 // `read_limit` = 3 would return bytes 10 through 12 of the object. Requesting 885 // a negative offset with magnitude larger than the size of the object will 886 // return the entire object. 887 int64 read_offset = 4; 888 889 // The maximum number of `data` bytes the server is allowed to return in the 890 // sum of all `Object` messages. A `read_limit` of zero indicates that there 891 // is no limit, and a negative `read_limit` will cause an error. 892 // 893 // If the stream returns fewer bytes than allowed by the `read_limit` and no 894 // error occurred, the stream includes all data from the `read_offset` to the 895 // end of the resource. 896 int64 read_limit = 5; 897 898 // Makes the operation conditional on whether the object's current generation 899 // matches the given value. Setting to 0 makes the operation succeed only if 900 // there are no live versions of the object. 901 optional int64 if_generation_match = 6; 902 903 // Makes the operation conditional on whether the object's live generation 904 // does not match the given value. If no live object exists, the precondition 905 // fails. Setting to 0 makes the operation succeed only if there is a live 906 // version of the object. 907 optional int64 if_generation_not_match = 7; 908 909 // Makes the operation conditional on whether the object's current 910 // metageneration matches the given value. 911 optional int64 if_metageneration_match = 8; 912 913 // Makes the operation conditional on whether the object's current 914 // metageneration does not match the given value. 915 optional int64 if_metageneration_not_match = 9; 916 917 // A set of parameters common to Storage API requests concerning an object. 918 CommonObjectRequestParams common_object_request_params = 10; 919 920 // Mask specifying which fields to read. 921 // The checksummed_data field and its children will always be present. 922 // If no mask is specified, will default to all fields except metadata.owner 923 // and metadata.acl. 924 // * may be used to mean "all fields". 925 optional google.protobuf.FieldMask read_mask = 12; 926} 927 928// Request message for GetObject. 929message GetObjectRequest { 930 // Required. Name of the bucket in which the object resides. 931 string bucket = 1 [ 932 (google.api.field_behavior) = REQUIRED, 933 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 934 ]; 935 936 // Required. Name of the object. 937 string object = 2 [(google.api.field_behavior) = REQUIRED]; 938 939 // If present, selects a specific revision of this object (as opposed to the 940 // latest version, the default). 941 int64 generation = 3; 942 943 // If true, return the soft-deleted version of this object. 944 optional bool soft_deleted = 11; 945 946 // Makes the operation conditional on whether the object's current generation 947 // matches the given value. Setting to 0 makes the operation succeed only if 948 // there are no live versions of the object. 949 optional int64 if_generation_match = 4; 950 951 // Makes the operation conditional on whether the object's live generation 952 // does not match the given value. If no live object exists, the precondition 953 // fails. Setting to 0 makes the operation succeed only if there is a live 954 // version of the object. 955 optional int64 if_generation_not_match = 5; 956 957 // Makes the operation conditional on whether the object's current 958 // metageneration matches the given value. 959 optional int64 if_metageneration_match = 6; 960 961 // Makes the operation conditional on whether the object's current 962 // metageneration does not match the given value. 963 optional int64 if_metageneration_not_match = 7; 964 965 // A set of parameters common to Storage API requests concerning an object. 966 CommonObjectRequestParams common_object_request_params = 8; 967 968 // Mask specifying which fields to read. 969 // If no mask is specified, will default to all fields except metadata.acl and 970 // metadata.owner. 971 // * may be used to mean "all fields". 972 optional google.protobuf.FieldMask read_mask = 10; 973} 974 975// Response message for ReadObject. 976message ReadObjectResponse { 977 // A portion of the data for the object. The service **may** leave `data` 978 // empty for any given `ReadResponse`. This enables the service to inform the 979 // client that the request is still live while it is running an operation to 980 // generate more data. 981 ChecksummedData checksummed_data = 1; 982 983 // The checksums of the complete object. If the object is downloaded in full, 984 // the client should compute one of these checksums over the downloaded object 985 // and compare it against the value provided here. 986 ObjectChecksums object_checksums = 2; 987 988 // If read_offset and or read_limit was specified on the 989 // ReadObjectRequest, ContentRange will be populated on the first 990 // ReadObjectResponse message of the read stream. 991 ContentRange content_range = 3; 992 993 // Metadata of the object whose media is being returned. 994 // Only populated in the first response in the stream. 995 Object metadata = 4; 996} 997 998// Describes an attempt to insert an object, possibly over multiple requests. 999message WriteObjectSpec { 1000 // Required. Destination object, including its name and its metadata. 1001 Object resource = 1 [(google.api.field_behavior) = REQUIRED]; 1002 1003 // Apply a predefined set of access controls to this object. 1004 // Valid values are "authenticatedRead", "bucketOwnerFullControl", 1005 // "bucketOwnerRead", "private", "projectPrivate", or "publicRead". 1006 string predefined_acl = 7; 1007 1008 // Makes the operation conditional on whether the object's current 1009 // generation matches the given value. Setting to 0 makes the operation 1010 // succeed only if there are no live versions of the object. 1011 optional int64 if_generation_match = 3; 1012 1013 // Makes the operation conditional on whether the object's live 1014 // generation does not match the given value. If no live object exists, the 1015 // precondition fails. Setting to 0 makes the operation succeed only if 1016 // there is a live version of the object. 1017 optional int64 if_generation_not_match = 4; 1018 1019 // Makes the operation conditional on whether the object's current 1020 // metageneration matches the given value. 1021 optional int64 if_metageneration_match = 5; 1022 1023 // Makes the operation conditional on whether the object's current 1024 // metageneration does not match the given value. 1025 optional int64 if_metageneration_not_match = 6; 1026 1027 // The expected final object size being uploaded. 1028 // If this value is set, closing the stream after writing fewer or more than 1029 // `object_size` bytes will result in an OUT_OF_RANGE error. 1030 // 1031 // This situation is considered a client error, and if such an error occurs 1032 // you must start the upload over from scratch, this time sending the correct 1033 // number of bytes. 1034 optional int64 object_size = 8; 1035} 1036 1037// Request message for WriteObject. 1038message WriteObjectRequest { 1039 // The first message of each stream should set one of the following. 1040 oneof first_message { 1041 // For resumable uploads. This should be the `upload_id` returned from a 1042 // call to `StartResumableWriteResponse`. 1043 string upload_id = 1; 1044 1045 // For non-resumable uploads. Describes the overall upload, including the 1046 // destination bucket and object name, preconditions, etc. 1047 WriteObjectSpec write_object_spec = 2; 1048 } 1049 1050 // Required. The offset from the beginning of the object at which the data 1051 // should be written. 1052 // 1053 // In the first `WriteObjectRequest` of a `WriteObject()` action, it 1054 // indicates the initial offset for the `Write()` call. The value **must** be 1055 // equal to the `persisted_size` that a call to `QueryWriteStatus()` would 1056 // return (0 if this is the first write to the object). 1057 // 1058 // On subsequent calls, this value **must** be no larger than the sum of the 1059 // first `write_offset` and the sizes of all `data` chunks sent previously on 1060 // this stream. 1061 // 1062 // An incorrect value will cause an error. 1063 int64 write_offset = 3 [(google.api.field_behavior) = REQUIRED]; 1064 1065 // A portion of the data for the object. 1066 oneof data { 1067 // The data to insert. If a crc32c checksum is provided that doesn't match 1068 // the checksum computed by the service, the request will fail. 1069 ChecksummedData checksummed_data = 4; 1070 } 1071 1072 // Checksums for the complete object. If the checksums computed by the service 1073 // don't match the specified checksums the call will fail. May only be 1074 // provided in the first or last request (either with first_message, or 1075 // finish_write set). 1076 ObjectChecksums object_checksums = 6; 1077 1078 // If `true`, this indicates that the write is complete. Sending any 1079 // `WriteObjectRequest`s subsequent to one in which `finish_write` is `true` 1080 // will cause an error. 1081 // For a non-resumable write (where the upload_id was not set in the first 1082 // message), it is an error not to set this field in the final message of the 1083 // stream. 1084 bool finish_write = 7; 1085 1086 // A set of parameters common to Storage API requests concerning an object. 1087 CommonObjectRequestParams common_object_request_params = 8; 1088} 1089 1090// Response message for WriteObject. 1091message WriteObjectResponse { 1092 // The response will set one of the following. 1093 oneof write_status { 1094 // The total number of bytes that have been processed for the given object 1095 // from all `WriteObject` calls. Only set if the upload has not finalized. 1096 int64 persisted_size = 1; 1097 1098 // A resource containing the metadata for the uploaded object. Only set if 1099 // the upload has finalized. 1100 Object resource = 2; 1101 } 1102} 1103 1104// Request message for BidiWriteObject. 1105message BidiWriteObjectRequest { 1106 // The first message of each stream should set one of the following. 1107 oneof first_message { 1108 // For resumable uploads. This should be the `upload_id` returned from a 1109 // call to `StartResumableWriteResponse`. 1110 string upload_id = 1; 1111 1112 // For non-resumable uploads. Describes the overall upload, including the 1113 // destination bucket and object name, preconditions, etc. 1114 WriteObjectSpec write_object_spec = 2; 1115 } 1116 1117 // Required. The offset from the beginning of the object at which the data 1118 // should be written. 1119 // 1120 // In the first `WriteObjectRequest` of a `WriteObject()` action, it 1121 // indicates the initial offset for the `Write()` call. The value **must** be 1122 // equal to the `persisted_size` that a call to `QueryWriteStatus()` would 1123 // return (0 if this is the first write to the object). 1124 // 1125 // On subsequent calls, this value **must** be no larger than the sum of the 1126 // first `write_offset` and the sizes of all `data` chunks sent previously on 1127 // this stream. 1128 // 1129 // An invalid value will cause an error. 1130 int64 write_offset = 3 [(google.api.field_behavior) = REQUIRED]; 1131 1132 // A portion of the data for the object. 1133 oneof data { 1134 // The data to insert. If a crc32c checksum is provided that doesn't match 1135 // the checksum computed by the service, the request will fail. 1136 ChecksummedData checksummed_data = 4; 1137 } 1138 1139 // Checksums for the complete object. If the checksums computed by the service 1140 // don't match the specified checksums the call will fail. May only be 1141 // provided in the first or last request (either with first_message, or 1142 // finish_write set). 1143 ObjectChecksums object_checksums = 6; 1144 1145 // For each BidiWriteObjectRequest where state_lookup is `true` or the client 1146 // closes the stream, the service will send a BidiWriteObjectResponse 1147 // containing the current persisted size. The persisted size sent in responses 1148 // covers all the bytes the server has persisted thus far and can be used to 1149 // decide what data is safe for the client to drop. Note that the object's 1150 // current size reported by the BidiWriteObjectResponse may lag behind the 1151 // number of bytes written by the client. This field is ignored if 1152 // `finish_write` is set to true. 1153 bool state_lookup = 7; 1154 1155 // Persists data written on the stream, up to and including the current 1156 // message, to permanent storage. This option should be used sparingly as it 1157 // may reduce performance. Ongoing writes will periodically be persisted on 1158 // the server even when `flush` is not set. This field is ignored if 1159 // `finish_write` is set to true since there's no need to checkpoint or flush 1160 // if this message completes the write. 1161 bool flush = 8; 1162 1163 // If `true`, this indicates that the write is complete. Sending any 1164 // `WriteObjectRequest`s subsequent to one in which `finish_write` is `true` 1165 // will cause an error. 1166 // For a non-resumable write (where the upload_id was not set in the first 1167 // message), it is an error not to set this field in the final message of the 1168 // stream. 1169 bool finish_write = 9; 1170 1171 // A set of parameters common to Storage API requests concerning an object. 1172 CommonObjectRequestParams common_object_request_params = 10; 1173} 1174 1175// Response message for BidiWriteObject. 1176message BidiWriteObjectResponse { 1177 // The response will set one of the following. 1178 oneof write_status { 1179 // The total number of bytes that have been processed for the given object 1180 // from all `WriteObject` calls. Only set if the upload has not finalized. 1181 int64 persisted_size = 1; 1182 1183 // A resource containing the metadata for the uploaded object. Only set if 1184 // the upload has finalized. 1185 Object resource = 2; 1186 } 1187} 1188 1189// Request message for ListObjects. 1190message ListObjectsRequest { 1191 // Required. Name of the bucket in which to look for objects. 1192 string parent = 1 [ 1193 (google.api.field_behavior) = REQUIRED, 1194 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 1195 ]; 1196 1197 // Maximum number of `items` plus `prefixes` to return 1198 // in a single page of responses. As duplicate `prefixes` are 1199 // omitted, fewer total results may be returned than requested. The service 1200 // will use this parameter or 1,000 items, whichever is smaller. 1201 int32 page_size = 2; 1202 1203 // A previously-returned page token representing part of the larger set of 1204 // results to view. 1205 string page_token = 3; 1206 1207 // If set, returns results in a directory-like mode. `items` will contain 1208 // only objects whose names, aside from the `prefix`, do not 1209 // contain `delimiter`. Objects whose names, aside from the 1210 // `prefix`, contain `delimiter` will have their name, 1211 // truncated after the `delimiter`, returned in 1212 // `prefixes`. Duplicate `prefixes` are omitted. 1213 string delimiter = 4; 1214 1215 // If true, objects that end in exactly one instance of `delimiter` 1216 // will have their metadata included in `items` in addition to 1217 // `prefixes`. 1218 bool include_trailing_delimiter = 5; 1219 1220 // Filter results to objects whose names begin with this prefix. 1221 string prefix = 6; 1222 1223 // If `true`, lists all versions of an object as distinct results. 1224 // For more information, see 1225 // [Object 1226 // Versioning](https://cloud.google.com/storage/docs/object-versioning). 1227 bool versions = 7; 1228 1229 // Mask specifying which fields to read from each result. 1230 // If no mask is specified, will default to all fields except items.acl and 1231 // items.owner. 1232 // * may be used to mean "all fields". 1233 optional google.protobuf.FieldMask read_mask = 8; 1234 1235 // Optional. Filter results to objects whose names are lexicographically equal 1236 // to or after lexicographic_start. If lexicographic_end is also set, the 1237 // objects listed have names between lexicographic_start (inclusive) and 1238 // lexicographic_end (exclusive). 1239 string lexicographic_start = 10 [(google.api.field_behavior) = OPTIONAL]; 1240 1241 // Optional. Filter results to objects whose names are lexicographically 1242 // before lexicographic_end. If lexicographic_start is also set, the objects 1243 // listed have names between lexicographic_start (inclusive) and 1244 // lexicographic_end (exclusive). 1245 string lexicographic_end = 11 [(google.api.field_behavior) = OPTIONAL]; 1246 1247 // Optional. If true, only list all soft-deleted versions of the object. 1248 // Soft delete policy is required to set this option. 1249 bool soft_deleted = 12 [(google.api.field_behavior) = OPTIONAL]; 1250 1251 // Optional. If true, will also include folders and managed folders (besides 1252 // objects) in the returned `prefixes`. Requires `delimiter` to be set to '/'. 1253 bool include_folders_as_prefixes = 13 1254 [(google.api.field_behavior) = OPTIONAL]; 1255 1256 // Optional. Filter results to objects and prefixes that match this glob 1257 // pattern. See [List Objects Using 1258 // Glob](https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob) 1259 // for the full syntax. 1260 string match_glob = 14 [(google.api.field_behavior) = OPTIONAL]; 1261} 1262 1263// Request object for `QueryWriteStatus`. 1264message QueryWriteStatusRequest { 1265 // Required. The name of the resume token for the object whose write status is 1266 // being requested. 1267 string upload_id = 1 [(google.api.field_behavior) = REQUIRED]; 1268 1269 // A set of parameters common to Storage API requests concerning an object. 1270 CommonObjectRequestParams common_object_request_params = 2; 1271} 1272 1273// Response object for `QueryWriteStatus`. 1274message QueryWriteStatusResponse { 1275 // The response will set one of the following. 1276 oneof write_status { 1277 // The total number of bytes that have been processed for the given object 1278 // from all `WriteObject` calls. This is the correct value for the 1279 // 'write_offset' field to use when resuming the `WriteObject` operation. 1280 // Only set if the upload has not finalized. 1281 int64 persisted_size = 1; 1282 1283 // A resource containing the metadata for the uploaded object. Only set if 1284 // the upload has finalized. 1285 Object resource = 2; 1286 } 1287} 1288 1289// Request message for RewriteObject. 1290// If the source object is encrypted using a Customer-Supplied Encryption Key 1291// the key information must be provided in the copy_source_encryption_algorithm, 1292// copy_source_encryption_key_bytes, and copy_source_encryption_key_sha256_bytes 1293// fields. If the destination object should be encrypted the keying information 1294// should be provided in the encryption_algorithm, encryption_key_bytes, and 1295// encryption_key_sha256_bytes fields of the 1296// common_object_request_params.customer_encryption field. 1297message RewriteObjectRequest { 1298 // Required. Immutable. The name of the destination object. 1299 // See the 1300 // [Naming Guidelines](https://cloud.google.com/storage/docs/objects#naming). 1301 // Example: `test.txt` 1302 // The `name` field by itself does not uniquely identify a Cloud Storage 1303 // object. A Cloud Storage object is uniquely identified by the tuple of 1304 // (bucket, object, generation). 1305 string destination_name = 24 [ 1306 (google.api.field_behavior) = REQUIRED, 1307 (google.api.field_behavior) = IMMUTABLE 1308 ]; 1309 1310 // Required. Immutable. The name of the bucket containing the destination 1311 // object. 1312 string destination_bucket = 25 [ 1313 (google.api.field_behavior) = REQUIRED, 1314 (google.api.field_behavior) = IMMUTABLE, 1315 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 1316 ]; 1317 1318 // The name of the Cloud KMS key that will be used to encrypt the destination 1319 // object. The Cloud KMS key must be located in same location as the object. 1320 // If the parameter is not specified, the request uses the destination 1321 // bucket's default encryption key, if any, or else the Google-managed 1322 // encryption key. 1323 string destination_kms_key = 27 [(google.api.resource_reference) = { 1324 type: "cloudkms.googleapis.com/CryptoKey" 1325 }]; 1326 1327 // Properties of the destination, post-rewrite object. 1328 // The `name`, `bucket` and `kms_key` fields must not be populated (these 1329 // values are specified in the `destination_name`, `destination_bucket`, and 1330 // `destination_kms_key` fields). 1331 // If `destination` is present it will be used to construct the destination 1332 // object's metadata; otherwise the destination object's metadata will be 1333 // copied from the source object. 1334 Object destination = 1; 1335 1336 // Required. Name of the bucket in which to find the source object. 1337 string source_bucket = 2 [ 1338 (google.api.field_behavior) = REQUIRED, 1339 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 1340 ]; 1341 1342 // Required. Name of the source object. 1343 string source_object = 3 [(google.api.field_behavior) = REQUIRED]; 1344 1345 // If present, selects a specific revision of the source object (as opposed to 1346 // the latest version, the default). 1347 int64 source_generation = 4; 1348 1349 // Include this field (from the previous rewrite response) on each rewrite 1350 // request after the first one, until the rewrite response 'done' flag is 1351 // true. Calls that provide a rewriteToken can omit all other request fields, 1352 // but if included those fields must match the values provided in the first 1353 // rewrite request. 1354 string rewrite_token = 5; 1355 1356 // Apply a predefined set of access controls to the destination object. 1357 // Valid values are "authenticatedRead", "bucketOwnerFullControl", 1358 // "bucketOwnerRead", "private", "projectPrivate", or "publicRead". 1359 string destination_predefined_acl = 28; 1360 1361 // Makes the operation conditional on whether the object's current generation 1362 // matches the given value. Setting to 0 makes the operation succeed only if 1363 // there are no live versions of the object. 1364 optional int64 if_generation_match = 7; 1365 1366 // Makes the operation conditional on whether the object's live generation 1367 // does not match the given value. If no live object exists, the precondition 1368 // fails. Setting to 0 makes the operation succeed only if there is a live 1369 // version of the object. 1370 optional int64 if_generation_not_match = 8; 1371 1372 // Makes the operation conditional on whether the destination object's current 1373 // metageneration matches the given value. 1374 optional int64 if_metageneration_match = 9; 1375 1376 // Makes the operation conditional on whether the destination object's current 1377 // metageneration does not match the given value. 1378 optional int64 if_metageneration_not_match = 10; 1379 1380 // Makes the operation conditional on whether the source object's live 1381 // generation matches the given value. 1382 optional int64 if_source_generation_match = 11; 1383 1384 // Makes the operation conditional on whether the source object's live 1385 // generation does not match the given value. 1386 optional int64 if_source_generation_not_match = 12; 1387 1388 // Makes the operation conditional on whether the source object's current 1389 // metageneration matches the given value. 1390 optional int64 if_source_metageneration_match = 13; 1391 1392 // Makes the operation conditional on whether the source object's current 1393 // metageneration does not match the given value. 1394 optional int64 if_source_metageneration_not_match = 14; 1395 1396 // The maximum number of bytes that will be rewritten per rewrite request. 1397 // Most callers 1398 // shouldn't need to specify this parameter - it is primarily in place to 1399 // support testing. If specified the value must be an integral multiple of 1400 // 1 MiB (1048576). Also, this only applies to requests where the source and 1401 // destination span locations and/or storage classes. Finally, this value must 1402 // not change across rewrite calls else you'll get an error that the 1403 // `rewriteToken` is invalid. 1404 int64 max_bytes_rewritten_per_call = 15; 1405 1406 // The algorithm used to encrypt the source object, if any. Used if the source 1407 // object was encrypted with a Customer-Supplied Encryption Key. 1408 string copy_source_encryption_algorithm = 16; 1409 1410 // The raw bytes (not base64-encoded) AES-256 encryption key used to encrypt 1411 // the source object, if it was encrypted with a Customer-Supplied Encryption 1412 // Key. 1413 bytes copy_source_encryption_key_bytes = 21; 1414 1415 // The raw bytes (not base64-encoded) SHA256 hash of the encryption key used 1416 // to encrypt the source object, if it was encrypted with a Customer-Supplied 1417 // Encryption Key. 1418 bytes copy_source_encryption_key_sha256_bytes = 22; 1419 1420 // A set of parameters common to Storage API requests concerning an object. 1421 CommonObjectRequestParams common_object_request_params = 19; 1422 1423 // The checksums of the complete object. This will be used to validate the 1424 // destination object after rewriting. 1425 ObjectChecksums object_checksums = 29; 1426} 1427 1428// A rewrite response. 1429message RewriteResponse { 1430 // The total bytes written so far, which can be used to provide a waiting user 1431 // with a progress indicator. This property is always present in the response. 1432 int64 total_bytes_rewritten = 1; 1433 1434 // The total size of the object being copied in bytes. This property is always 1435 // present in the response. 1436 int64 object_size = 2; 1437 1438 // `true` if the copy is finished; otherwise, `false` if 1439 // the copy is in progress. This property is always present in the response. 1440 bool done = 3; 1441 1442 // A token to use in subsequent requests to continue copying data. This token 1443 // is present in the response only when there is more data to copy. 1444 string rewrite_token = 4; 1445 1446 // A resource containing the metadata for the copied-to object. This property 1447 // is present in the response only when copying completes. 1448 Object resource = 5; 1449} 1450 1451// Request message StartResumableWrite. 1452message StartResumableWriteRequest { 1453 // Required. The destination bucket, object, and metadata, as well as any 1454 // preconditions. 1455 WriteObjectSpec write_object_spec = 1 1456 [(google.api.field_behavior) = REQUIRED]; 1457 1458 // A set of parameters common to Storage API requests concerning an object. 1459 CommonObjectRequestParams common_object_request_params = 3; 1460 1461 // The checksums of the complete object. This will be used to validate the 1462 // uploaded object. For each upload, object_checksums can be provided with 1463 // either StartResumableWriteRequest or the WriteObjectRequest with 1464 // finish_write set to `true`. 1465 ObjectChecksums object_checksums = 5; 1466} 1467 1468// Response object for `StartResumableWrite`. 1469message StartResumableWriteResponse { 1470 // The upload_id of the newly started resumable write operation. This 1471 // value should be copied into the `WriteObjectRequest.upload_id` field. 1472 string upload_id = 1; 1473} 1474 1475// Request message for UpdateObject. 1476message UpdateObjectRequest { 1477 // Required. The object to update. 1478 // The object's bucket and name fields are used to identify the object to 1479 // update. If present, the object's generation field selects a specific 1480 // revision of this object whose metadata should be updated. Otherwise, 1481 // assumes the live version of the object. 1482 Object object = 1 [(google.api.field_behavior) = REQUIRED]; 1483 1484 // Makes the operation conditional on whether the object's current generation 1485 // matches the given value. Setting to 0 makes the operation succeed only if 1486 // there are no live versions of the object. 1487 optional int64 if_generation_match = 2; 1488 1489 // Makes the operation conditional on whether the object's live generation 1490 // does not match the given value. If no live object exists, the precondition 1491 // fails. Setting to 0 makes the operation succeed only if there is a live 1492 // version of the object. 1493 optional int64 if_generation_not_match = 3; 1494 1495 // Makes the operation conditional on whether the object's current 1496 // metageneration matches the given value. 1497 optional int64 if_metageneration_match = 4; 1498 1499 // Makes the operation conditional on whether the object's current 1500 // metageneration does not match the given value. 1501 optional int64 if_metageneration_not_match = 5; 1502 1503 // Apply a predefined set of access controls to this object. 1504 // Valid values are "authenticatedRead", "bucketOwnerFullControl", 1505 // "bucketOwnerRead", "private", "projectPrivate", or "publicRead". 1506 string predefined_acl = 10; 1507 1508 // Required. List of fields to be updated. 1509 // 1510 // To specify ALL fields, equivalent to the JSON API's "update" function, 1511 // specify a single field with the value `*`. Note: not recommended. If a new 1512 // field is introduced at a later time, an older client updating with the `*` 1513 // may accidentally reset the new field's value. 1514 // 1515 // Not specifying any fields is an error. 1516 google.protobuf.FieldMask update_mask = 7 1517 [(google.api.field_behavior) = REQUIRED]; 1518 1519 // A set of parameters common to Storage API requests concerning an object. 1520 CommonObjectRequestParams common_object_request_params = 8; 1521} 1522 1523// Request message for GetServiceAccount. 1524message GetServiceAccountRequest { 1525 // Required. Project ID, in the format of "projects/{projectIdentifier}". 1526 // {projectIdentifier} can be the project ID or project number. 1527 string project = 1 [ 1528 (google.api.field_behavior) = REQUIRED, 1529 (google.api.resource_reference) = { 1530 type: "cloudresourcemanager.googleapis.com/Project" 1531 } 1532 ]; 1533} 1534 1535// Request message for CreateHmacKey. 1536message CreateHmacKeyRequest { 1537 // Required. The project that the HMAC-owning service account lives in, in the 1538 // format of "projects/{projectIdentifier}". {projectIdentifier} can be the 1539 // project ID or project number. 1540 string project = 1 [ 1541 (google.api.field_behavior) = REQUIRED, 1542 (google.api.resource_reference) = { 1543 type: "cloudresourcemanager.googleapis.com/Project" 1544 } 1545 ]; 1546 1547 // Required. The service account to create the HMAC for. 1548 string service_account_email = 2 [(google.api.field_behavior) = REQUIRED]; 1549} 1550 1551// Create hmac response. The only time the secret for an HMAC will be returned. 1552message CreateHmacKeyResponse { 1553 // Key metadata. 1554 HmacKeyMetadata metadata = 1; 1555 1556 // HMAC key secret material. 1557 // In raw bytes format (not base64-encoded). 1558 bytes secret_key_bytes = 3; 1559} 1560 1561// Request object to delete a given HMAC key. 1562message DeleteHmacKeyRequest { 1563 // Required. The identifying key for the HMAC to delete. 1564 string access_id = 1 [(google.api.field_behavior) = REQUIRED]; 1565 1566 // Required. The project that owns the HMAC key, in the format of 1567 // "projects/{projectIdentifier}". 1568 // {projectIdentifier} can be the project ID or project number. 1569 string project = 2 [ 1570 (google.api.field_behavior) = REQUIRED, 1571 (google.api.resource_reference) = { 1572 type: "cloudresourcemanager.googleapis.com/Project" 1573 } 1574 ]; 1575} 1576 1577// Request object to get metadata on a given HMAC key. 1578message GetHmacKeyRequest { 1579 // Required. The identifying key for the HMAC to delete. 1580 string access_id = 1 [(google.api.field_behavior) = REQUIRED]; 1581 1582 // Required. The project the HMAC key lies in, in the format of 1583 // "projects/{projectIdentifier}". 1584 // {projectIdentifier} can be the project ID or project number. 1585 string project = 2 [ 1586 (google.api.field_behavior) = REQUIRED, 1587 (google.api.resource_reference) = { 1588 type: "cloudresourcemanager.googleapis.com/Project" 1589 } 1590 ]; 1591} 1592 1593// Request to fetch a list of HMAC keys under a given project. 1594message ListHmacKeysRequest { 1595 // Required. The project to list HMAC keys for, in the format of 1596 // "projects/{projectIdentifier}". 1597 // {projectIdentifier} can be the project ID or project number. 1598 string project = 1 [ 1599 (google.api.field_behavior) = REQUIRED, 1600 (google.api.resource_reference) = { 1601 type: "cloudresourcemanager.googleapis.com/Project" 1602 } 1603 ]; 1604 1605 // The maximum number of keys to return. 1606 int32 page_size = 2; 1607 1608 // A previously returned token from ListHmacKeysResponse to get the next page. 1609 string page_token = 3; 1610 1611 // If set, filters to only return HMAC keys for specified service account. 1612 string service_account_email = 4; 1613 1614 // If set, return deleted keys that have not yet been wiped out. 1615 bool show_deleted_keys = 5; 1616} 1617 1618// Hmac key list response with next page information. 1619message ListHmacKeysResponse { 1620 // The list of items. 1621 repeated HmacKeyMetadata hmac_keys = 1; 1622 1623 // The continuation token, used to page through large result sets. Provide 1624 // this value in a subsequent request to return the next page of results. 1625 string next_page_token = 2; 1626} 1627 1628// Request object to update an HMAC key state. 1629// HmacKeyMetadata.state is required and the only writable field in 1630// UpdateHmacKey operation. Specifying fields other than state will result in an 1631// error. 1632message UpdateHmacKeyRequest { 1633 // Required. The HMAC key to update. 1634 // If present, the hmac_key's `id` field will be used to identify the key. 1635 // Otherwise, the hmac_key's access_id and project fields will be used to 1636 // identify the key. 1637 HmacKeyMetadata hmac_key = 1 [(google.api.field_behavior) = REQUIRED]; 1638 1639 // Update mask for hmac_key. 1640 // Not specifying any fields will mean only the `state` field is updated to 1641 // the value specified in `hmac_key`. 1642 google.protobuf.FieldMask update_mask = 3; 1643} 1644 1645// Parameters that can be passed to any object request. 1646message CommonObjectRequestParams { 1647 // Encryption algorithm used with the Customer-Supplied Encryption Keys 1648 // feature. 1649 string encryption_algorithm = 1; 1650 1651 // Encryption key used with the Customer-Supplied Encryption Keys feature. 1652 // In raw bytes format (not base64-encoded). 1653 bytes encryption_key_bytes = 4; 1654 1655 // SHA256 hash of encryption key used with the Customer-Supplied Encryption 1656 // Keys feature. 1657 bytes encryption_key_sha256_bytes = 5; 1658} 1659 1660// Shared constants. 1661message ServiceConstants { 1662 // A collection of constant values meaningful to the Storage API. 1663 enum Values { 1664 option allow_alias = true; 1665 1666 // Unused. Proto3 requires first enum to be 0. 1667 VALUES_UNSPECIFIED = 0; 1668 1669 // The maximum size chunk that can will be returned in a single 1670 // ReadRequest. 1671 // 2 MiB. 1672 MAX_READ_CHUNK_BYTES = 2097152; 1673 1674 // The maximum size chunk that can be sent in a single WriteObjectRequest. 1675 // 2 MiB. 1676 MAX_WRITE_CHUNK_BYTES = 2097152; 1677 1678 // The maximum size of an object in MB - whether written in a single stream 1679 // or composed from multiple other objects. 1680 // 5 TiB. 1681 MAX_OBJECT_SIZE_MB = 5242880; 1682 1683 // The maximum length field name that can be sent in a single 1684 // custom metadata field. 1685 // 1 KiB. 1686 MAX_CUSTOM_METADATA_FIELD_NAME_BYTES = 1024; 1687 1688 // The maximum length field value that can be sent in a single 1689 // custom_metadata field. 1690 // 4 KiB. 1691 MAX_CUSTOM_METADATA_FIELD_VALUE_BYTES = 4096; 1692 1693 // The maximum total bytes that can be populated into all field names and 1694 // values of the custom_metadata for one object. 1695 // 8 KiB. 1696 MAX_CUSTOM_METADATA_TOTAL_SIZE_BYTES = 8192; 1697 1698 // The maximum total bytes that can be populated into all bucket metadata 1699 // fields. 1700 // 20 KiB. 1701 MAX_BUCKET_METADATA_TOTAL_SIZE_BYTES = 20480; 1702 1703 // The maximum number of NotificationConfigs that can be registered 1704 // for a given bucket. 1705 MAX_NOTIFICATION_CONFIGS_PER_BUCKET = 100; 1706 1707 // The maximum number of LifecycleRules that can be registered for a given 1708 // bucket. 1709 MAX_LIFECYCLE_RULES_PER_BUCKET = 100; 1710 1711 // The maximum number of custom attributes per NotificationConfigs. 1712 MAX_NOTIFICATION_CUSTOM_ATTRIBUTES = 5; 1713 1714 // The maximum length of a custom attribute key included in 1715 // NotificationConfig. 1716 MAX_NOTIFICATION_CUSTOM_ATTRIBUTE_KEY_LENGTH = 256; 1717 1718 // The maximum length of a custom attribute value included in a 1719 // NotificationConfig. 1720 MAX_NOTIFICATION_CUSTOM_ATTRIBUTE_VALUE_LENGTH = 1024; 1721 1722 // The maximum number of key/value entries per bucket label. 1723 MAX_LABELS_ENTRIES_COUNT = 64; 1724 1725 // The maximum character length of the key or value in a bucket 1726 // label map. 1727 MAX_LABELS_KEY_VALUE_LENGTH = 63; 1728 1729 // The maximum byte size of the key or value in a bucket label 1730 // map. 1731 MAX_LABELS_KEY_VALUE_BYTES = 128; 1732 1733 // The maximum number of object IDs that can be included in a 1734 // DeleteObjectsRequest. 1735 MAX_OBJECT_IDS_PER_DELETE_OBJECTS_REQUEST = 1000; 1736 1737 // The maximum number of days for which a token returned by the 1738 // GetListObjectsSplitPoints RPC is valid. 1739 SPLIT_TOKEN_MAX_VALID_DAYS = 14; 1740 } 1741} 1742 1743// A bucket. 1744message Bucket { 1745 option (google.api.resource) = { 1746 type: "storage.googleapis.com/Bucket" 1747 pattern: "projects/{project}/buckets/{bucket}" 1748 }; 1749 1750 // Billing properties of a bucket. 1751 message Billing { 1752 // When set to true, Requester Pays is enabled for this bucket. 1753 bool requester_pays = 1; 1754 } 1755 1756 // Cross-Origin Response sharing (CORS) properties for a bucket. 1757 // For more on Cloud Storage and CORS, see 1758 // https://cloud.google.com/storage/docs/cross-origin. 1759 // For more on CORS in general, see https://tools.ietf.org/html/rfc6454. 1760 message Cors { 1761 // The list of Origins eligible to receive CORS response headers. See 1762 // [https://tools.ietf.org/html/rfc6454][RFC 6454] for more on origins. 1763 // Note: "*" is permitted in the list of origins, and means "any Origin". 1764 repeated string origin = 1; 1765 1766 // The list of HTTP methods on which to include CORS response headers, 1767 // (`GET`, `OPTIONS`, `POST`, etc) Note: "*" is permitted in the list of 1768 // methods, and means "any method". 1769 repeated string method = 2; 1770 1771 // The list of HTTP headers other than the 1772 // [https://www.w3.org/TR/cors/#simple-response-header][simple response 1773 // headers] to give permission for the user-agent to share across domains. 1774 repeated string response_header = 3; 1775 1776 // The value, in seconds, to return in the 1777 // [https://www.w3.org/TR/cors/#access-control-max-age-response-header][Access-Control-Max-Age 1778 // header] used in preflight responses. 1779 int32 max_age_seconds = 4; 1780 } 1781 1782 // Encryption properties of a bucket. 1783 message Encryption { 1784 // The name of the Cloud KMS key that will be used to encrypt objects 1785 // inserted into this bucket, if no encryption method is specified. 1786 string default_kms_key = 1 [(google.api.resource_reference) = { 1787 type: "cloudkms.googleapis.com/CryptoKey" 1788 }]; 1789 } 1790 1791 // Bucket restriction options. 1792 message IamConfig { 1793 // Settings for Uniform Bucket level access. 1794 // See https://cloud.google.com/storage/docs/uniform-bucket-level-access. 1795 message UniformBucketLevelAccess { 1796 // If set, access checks only use bucket-level IAM policies or above. 1797 bool enabled = 1; 1798 1799 // The deadline time for changing 1800 // `iam_config.uniform_bucket_level_access.enabled` from `true` to 1801 // `false`. Mutable until the specified deadline is reached, but not 1802 // afterward. 1803 google.protobuf.Timestamp lock_time = 2; 1804 } 1805 1806 // Bucket restriction options currently enforced on the bucket. 1807 UniformBucketLevelAccess uniform_bucket_level_access = 1; 1808 1809 // Whether IAM will enforce public access prevention. Valid values are 1810 // "enforced" or "inherited". 1811 string public_access_prevention = 3; 1812 } 1813 1814 // Lifecycle properties of a bucket. 1815 // For more information, see https://cloud.google.com/storage/docs/lifecycle. 1816 message Lifecycle { 1817 // A lifecycle Rule, combining an action to take on an object and a 1818 // condition which will trigger that action. 1819 message Rule { 1820 // An action to take on an object. 1821 message Action { 1822 // Type of the action. Currently, only `Delete`, `SetStorageClass`, and 1823 // `AbortIncompleteMultipartUpload` are supported. 1824 string type = 1; 1825 1826 // Target storage class. Required iff the type of the action is 1827 // SetStorageClass. 1828 string storage_class = 2; 1829 } 1830 1831 // A condition of an object which triggers some action. 1832 message Condition { 1833 // Age of an object (in days). This condition is satisfied when an 1834 // object reaches the specified age. 1835 // A value of 0 indicates that all objects immediately match this 1836 // condition. 1837 optional int32 age_days = 1; 1838 1839 // This condition is satisfied when an object is created before midnight 1840 // of the specified date in UTC. 1841 google.type.Date created_before = 2; 1842 1843 // Relevant only for versioned objects. If the value is 1844 // `true`, this condition matches live objects; if the value 1845 // is `false`, it matches archived objects. 1846 optional bool is_live = 3; 1847 1848 // Relevant only for versioned objects. If the value is N, this 1849 // condition is satisfied when there are at least N versions (including 1850 // the live version) newer than this version of the object. 1851 optional int32 num_newer_versions = 4; 1852 1853 // Objects having any of the storage classes specified by this condition 1854 // will be matched. Values include `MULTI_REGIONAL`, `REGIONAL`, 1855 // `NEARLINE`, `COLDLINE`, `STANDARD`, and 1856 // `DURABLE_REDUCED_AVAILABILITY`. 1857 repeated string matches_storage_class = 5; 1858 1859 // Number of days that have elapsed since the custom timestamp set on an 1860 // object. 1861 // The value of the field must be a nonnegative integer. 1862 optional int32 days_since_custom_time = 7; 1863 1864 // An object matches this condition if the custom timestamp set on the 1865 // object is before the specified date in UTC. 1866 google.type.Date custom_time_before = 8; 1867 1868 // This condition is relevant only for versioned objects. An object 1869 // version satisfies this condition only if these many days have been 1870 // passed since it became noncurrent. The value of the field must be a 1871 // nonnegative integer. If it's zero, the object version will become 1872 // eligible for Lifecycle action as soon as it becomes noncurrent. 1873 optional int32 days_since_noncurrent_time = 9; 1874 1875 // This condition is relevant only for versioned objects. An object 1876 // version satisfies this condition only if it became noncurrent before 1877 // the specified date in UTC. 1878 google.type.Date noncurrent_time_before = 10; 1879 1880 // List of object name prefixes. If any prefix exactly matches the 1881 // beginning of the object name, the condition evaluates to true. 1882 repeated string matches_prefix = 11; 1883 1884 // List of object name suffixes. If any suffix exactly matches the 1885 // end of the object name, the condition evaluates to true. 1886 repeated string matches_suffix = 12; 1887 } 1888 1889 // The action to take. 1890 Action action = 1; 1891 1892 // The condition(s) under which the action will be taken. 1893 Condition condition = 2; 1894 } 1895 1896 // A lifecycle management rule, which is made of an action to take and the 1897 // condition(s) under which the action will be taken. 1898 repeated Rule rule = 1; 1899 } 1900 1901 // Logging-related properties of a bucket. 1902 message Logging { 1903 // The destination bucket where the current bucket's logs should be placed, 1904 // using path format (like `projects/123456/buckets/foo`). 1905 string log_bucket = 1; 1906 1907 // A prefix for log object names. 1908 string log_object_prefix = 2; 1909 } 1910 1911 // Retention policy properties of a bucket. 1912 message RetentionPolicy { 1913 // Server-determined value that indicates the time from which policy was 1914 // enforced and effective. 1915 google.protobuf.Timestamp effective_time = 1; 1916 1917 // Once locked, an object retention policy cannot be modified. 1918 bool is_locked = 2; 1919 1920 // The duration that objects need to be retained. Retention duration must be 1921 // greater than zero and less than 100 years. Note that enforcement of 1922 // retention periods less than a day is not guaranteed. Such periods should 1923 // only be used for testing purposes. Any `nanos` value specified will be 1924 // rounded down to the nearest second. 1925 google.protobuf.Duration retention_duration = 4; 1926 } 1927 1928 // Soft delete policy properties of a bucket. 1929 message SoftDeletePolicy { 1930 // The period of time that soft-deleted objects in the bucket must be 1931 // retained and cannot be permanently deleted. The duration must be greater 1932 // than or equal to 7 days and less than 1 year. 1933 optional google.protobuf.Duration retention_duration = 1; 1934 1935 // Time from which the policy was effective. This is service-provided. 1936 optional google.protobuf.Timestamp effective_time = 2; 1937 } 1938 1939 // Properties of a bucket related to versioning. 1940 // For more on Cloud Storage versioning, see 1941 // https://cloud.google.com/storage/docs/object-versioning. 1942 message Versioning { 1943 // While set to true, versioning is fully enabled for this bucket. 1944 bool enabled = 1; 1945 } 1946 1947 // Properties of a bucket related to accessing the contents as a static 1948 // website. For more on hosting a static website via Cloud Storage, see 1949 // https://cloud.google.com/storage/docs/hosting-static-website. 1950 message Website { 1951 // If the requested object path is missing, the service will ensure the path 1952 // has a trailing '/', append this suffix, and attempt to retrieve the 1953 // resulting object. This allows the creation of `index.html` 1954 // objects to represent directory pages. 1955 string main_page_suffix = 1; 1956 1957 // If the requested object path is missing, and any 1958 // `mainPageSuffix` object is missing, if applicable, the service 1959 // will return the named object from this bucket as the content for a 1960 // [https://tools.ietf.org/html/rfc7231#section-6.5.4][404 Not Found] 1961 // result. 1962 string not_found_page = 2; 1963 } 1964 1965 // Configuration for Custom Dual Regions. It should specify precisely two 1966 // eligible regions within the same Multiregion. More information on regions 1967 // may be found [https://cloud.google.com/storage/docs/locations][here]. 1968 message CustomPlacementConfig { 1969 // List of locations to use for data placement. 1970 repeated string data_locations = 1; 1971 } 1972 1973 // Configuration for a bucket's Autoclass feature. 1974 message Autoclass { 1975 // Enables Autoclass. 1976 bool enabled = 1; 1977 1978 // Output only. Latest instant at which the `enabled` field was set to true 1979 // after being disabled/unconfigured or set to false after being enabled. If 1980 // Autoclass is enabled when the bucket is created, the toggle_time is set 1981 // to the bucket creation time. 1982 google.protobuf.Timestamp toggle_time = 2 1983 [(google.api.field_behavior) = OUTPUT_ONLY]; 1984 1985 // An object in an Autoclass bucket will eventually cool down to the 1986 // terminal storage class if there is no access to the object. 1987 // The only valid values are NEARLINE and ARCHIVE. 1988 optional string terminal_storage_class = 3; 1989 1990 // Output only. Latest instant at which the autoclass terminal storage class 1991 // was updated. 1992 optional google.protobuf.Timestamp terminal_storage_class_update_time = 4 1993 [(google.api.field_behavior) = OUTPUT_ONLY]; 1994 } 1995 1996 // Configuration for a bucket's hierarchical namespace feature. 1997 message HierarchicalNamespace { 1998 // Optional. Enables the hierarchical namespace feature. 1999 bool enabled = 1 [(google.api.field_behavior) = OPTIONAL]; 2000 } 2001 2002 // Immutable. The name of the bucket. 2003 // Format: `projects/{project}/buckets/{bucket}` 2004 string name = 1 [(google.api.field_behavior) = IMMUTABLE]; 2005 2006 // Output only. The user-chosen part of the bucket name. The `{bucket}` 2007 // portion of the `name` field. For globally unique buckets, this is equal to 2008 // the "bucket name" of other Cloud Storage APIs. Example: "pub". 2009 string bucket_id = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 2010 2011 // The etag of the bucket. 2012 // If included in the metadata of an UpdateBucketRequest, the operation will 2013 // only be performed if the etag matches that of the bucket. 2014 string etag = 29; 2015 2016 // Immutable. The project which owns this bucket, in the format of 2017 // "projects/{projectIdentifier}". 2018 // {projectIdentifier} can be the project ID or project number. 2019 string project = 3 [ 2020 (google.api.field_behavior) = IMMUTABLE, 2021 (google.api.resource_reference) = { 2022 type: "cloudresourcemanager.googleapis.com/Project" 2023 } 2024 ]; 2025 2026 // Output only. The metadata generation of this bucket. 2027 int64 metageneration = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 2028 2029 // Immutable. The location of the bucket. Object data for objects in the 2030 // bucket resides in physical storage within this region. Defaults to `US`. 2031 // See the 2032 // [https://developers.google.com/storage/docs/concepts-techniques#specifyinglocations"][developer's 2033 // guide] for the authoritative list. Attempting to update this field after 2034 // the bucket is created will result in an error. 2035 string location = 5 [(google.api.field_behavior) = IMMUTABLE]; 2036 2037 // Output only. The location type of the bucket (region, dual-region, 2038 // multi-region, etc). 2039 string location_type = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 2040 2041 // The bucket's default storage class, used whenever no storageClass is 2042 // specified for a newly-created object. This defines how objects in the 2043 // bucket are stored and determines the SLA and the cost of storage. 2044 // If this value is not specified when the bucket is created, it will default 2045 // to `STANDARD`. For more information, see 2046 // https://developers.google.com/storage/docs/storage-classes. 2047 string storage_class = 7; 2048 2049 // The recovery point objective for cross-region replication of the bucket. 2050 // Applicable only for dual- and multi-region buckets. "DEFAULT" uses default 2051 // replication. "ASYNC_TURBO" enables turbo replication, valid for dual-region 2052 // buckets only. If rpo is not specified when the bucket is created, it 2053 // defaults to "DEFAULT". For more information, see 2054 // https://cloud.google.com/storage/docs/availability-durability#turbo-replication. 2055 string rpo = 27; 2056 2057 // Access controls on the bucket. 2058 // If iam_config.uniform_bucket_level_access is enabled on this bucket, 2059 // requests to set, read, or modify acl is an error. 2060 repeated BucketAccessControl acl = 8; 2061 2062 // Default access controls to apply to new objects when no ACL is provided. 2063 // If iam_config.uniform_bucket_level_access is enabled on this bucket, 2064 // requests to set, read, or modify acl is an error. 2065 repeated ObjectAccessControl default_object_acl = 9; 2066 2067 // The bucket's lifecycle config. See 2068 // [https://developers.google.com/storage/docs/lifecycle]Lifecycle Management] 2069 // for more information. 2070 Lifecycle lifecycle = 10; 2071 2072 // Output only. The creation time of the bucket. 2073 google.protobuf.Timestamp create_time = 11 2074 [(google.api.field_behavior) = OUTPUT_ONLY]; 2075 2076 // The bucket's [https://www.w3.org/TR/cors/][Cross-Origin Resource Sharing] 2077 // (CORS) config. 2078 repeated Cors cors = 12; 2079 2080 // Output only. The modification time of the bucket. 2081 google.protobuf.Timestamp update_time = 13 2082 [(google.api.field_behavior) = OUTPUT_ONLY]; 2083 2084 // The default value for event-based hold on newly created objects in this 2085 // bucket. Event-based hold is a way to retain objects indefinitely until an 2086 // event occurs, signified by the 2087 // hold's release. After being released, such objects will be subject to 2088 // bucket-level retention (if any). One sample use case of this flag is for 2089 // banks to hold loan documents for at least 3 years after loan is paid in 2090 // full. Here, bucket-level retention is 3 years and the event is loan being 2091 // paid in full. In this example, these objects will be held intact for any 2092 // number of years until the event has occurred (event-based hold on the 2093 // object is released) and then 3 more years after that. That means retention 2094 // duration of the objects begins from the moment event-based hold 2095 // transitioned from true to false. Objects under event-based hold cannot be 2096 // deleted, overwritten or archived until the hold is removed. 2097 bool default_event_based_hold = 14; 2098 2099 // User-provided labels, in key/value pairs. 2100 map<string, string> labels = 15; 2101 2102 // The bucket's website config, controlling how the service behaves 2103 // when accessing bucket contents as a web site. See the 2104 // [https://cloud.google.com/storage/docs/static-website][Static Website 2105 // Examples] for more information. 2106 Website website = 16; 2107 2108 // The bucket's versioning config. 2109 Versioning versioning = 17; 2110 2111 // The bucket's logging config, which defines the destination bucket 2112 // and name prefix (if any) for the current bucket's logs. 2113 Logging logging = 18; 2114 2115 // Output only. The owner of the bucket. This is always the project team's 2116 // owner group. 2117 Owner owner = 19 [(google.api.field_behavior) = OUTPUT_ONLY]; 2118 2119 // Encryption config for a bucket. 2120 Encryption encryption = 20; 2121 2122 // The bucket's billing config. 2123 Billing billing = 21; 2124 2125 // The bucket's retention policy. The retention policy enforces a minimum 2126 // retention time for all objects contained in the bucket, based on their 2127 // creation time. Any attempt to overwrite or delete objects younger than the 2128 // retention period will result in a PERMISSION_DENIED error. An unlocked 2129 // retention policy can be modified or removed from the bucket via a 2130 // storage.buckets.update operation. A locked retention policy cannot be 2131 // removed or shortened in duration for the lifetime of the bucket. 2132 // Attempting to remove or decrease period of a locked retention policy will 2133 // result in a PERMISSION_DENIED error. 2134 RetentionPolicy retention_policy = 22; 2135 2136 // The bucket's IAM config. 2137 IamConfig iam_config = 23; 2138 2139 // Reserved for future use. 2140 bool satisfies_pzs = 25; 2141 2142 // Configuration that, if present, specifies the data placement for a 2143 // [https://cloud.google.com/storage/docs/use-dual-regions][Dual Region]. 2144 CustomPlacementConfig custom_placement_config = 26; 2145 2146 // The bucket's Autoclass configuration. If there is no configuration, the 2147 // Autoclass feature will be disabled and have no effect on the bucket. 2148 Autoclass autoclass = 28; 2149 2150 // Optional. The bucket's hierarchical namespace configuration. If there is no 2151 // configuration, the hierarchical namespace feature will be disabled and have 2152 // no effect on the bucket. 2153 HierarchicalNamespace hierarchical_namespace = 32 2154 [(google.api.field_behavior) = OPTIONAL]; 2155 2156 // Optional. The bucket's soft delete policy. The soft delete policy prevents 2157 // soft-deleted objects from being permanently deleted. 2158 SoftDeletePolicy soft_delete_policy = 31 2159 [(google.api.field_behavior) = OPTIONAL]; 2160} 2161 2162// An access-control entry. 2163message BucketAccessControl { 2164 // The access permission for the entity. 2165 string role = 1; 2166 2167 // The ID of the access-control entry. 2168 string id = 2; 2169 2170 // The entity holding the permission, in one of the following forms: 2171 // * `user-{userid}` 2172 // * `user-{email}` 2173 // * `group-{groupid}` 2174 // * `group-{email}` 2175 // * `domain-{domain}` 2176 // * `project-{team}-{projectnumber}` 2177 // * `project-{team}-{projectid}` 2178 // * `allUsers` 2179 // * `allAuthenticatedUsers` 2180 // Examples: 2181 // * The user `[email protected]` would be `[email protected]`. 2182 // * The group `[email protected]` would be 2183 // `[email protected]` 2184 // * All members of the Google Apps for Business domain `example.com` would be 2185 // `domain-example.com` 2186 // For project entities, `project-{team}-{projectnumber}` format will be 2187 // returned on response. 2188 string entity = 3; 2189 2190 // Output only. The alternative entity format, if exists. For project 2191 // entities, `project-{team}-{projectid}` format will be returned on response. 2192 string entity_alt = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 2193 2194 // The ID for the entity, if any. 2195 string entity_id = 4; 2196 2197 // The etag of the BucketAccessControl. 2198 // If included in the metadata of an update or delete request message, the 2199 // operation operation will only be performed if the etag matches that of the 2200 // bucket's BucketAccessControl. 2201 string etag = 8; 2202 2203 // The email address associated with the entity, if any. 2204 string email = 5; 2205 2206 // The domain associated with the entity, if any. 2207 string domain = 6; 2208 2209 // The project team associated with the entity, if any. 2210 ProjectTeam project_team = 7; 2211} 2212 2213// Message used to convey content being read or written, along with an optional 2214// checksum. 2215message ChecksummedData { 2216 // Optional. The data. 2217 bytes content = 1 [ctype = CORD, (google.api.field_behavior) = OPTIONAL]; 2218 2219 // If set, the CRC32C digest of the content field. 2220 optional fixed32 crc32c = 2; 2221} 2222 2223// Message used for storing full (not subrange) object checksums. 2224message ObjectChecksums { 2225 // CRC32C digest of the object data. Computed by the Cloud Storage service for 2226 // all written objects. 2227 // If set in a WriteObjectRequest, service will validate that the stored 2228 // object matches this checksum. 2229 optional fixed32 crc32c = 1; 2230 2231 // 128 bit MD5 hash of the object data. 2232 // For more information about using the MD5 hash, see 2233 // [https://cloud.google.com/storage/docs/hashes-etags#json-api][Hashes and 2234 // ETags: Best Practices]. 2235 // Not all objects will provide an MD5 hash. For example, composite objects 2236 // provide only crc32c hashes. 2237 // This value is equivalent to running `cat object.txt | openssl md5 -binary` 2238 bytes md5_hash = 2; 2239} 2240 2241// Hmac Key Metadata, which includes all information other than the secret. 2242message HmacKeyMetadata { 2243 // Immutable. Resource name ID of the key in the format 2244 // {projectIdentifier}/{accessId}. 2245 // {projectIdentifier} can be the project ID or project number. 2246 string id = 1 [(google.api.field_behavior) = IMMUTABLE]; 2247 2248 // Immutable. Globally unique id for keys. 2249 string access_id = 2 [(google.api.field_behavior) = IMMUTABLE]; 2250 2251 // Immutable. Identifies the project that owns the service account of the 2252 // specified HMAC key, in the format "projects/{projectIdentifier}". 2253 // {projectIdentifier} can be the project ID or project number. 2254 string project = 3 [ 2255 (google.api.field_behavior) = IMMUTABLE, 2256 (google.api.resource_reference) = { 2257 type: "cloudresourcemanager.googleapis.com/Project" 2258 } 2259 ]; 2260 2261 // Output only. Email of the service account the key authenticates as. 2262 string service_account_email = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 2263 2264 // State of the key. One of ACTIVE, INACTIVE, or DELETED. 2265 // Writable, can be updated by UpdateHmacKey operation. 2266 string state = 5; 2267 2268 // Output only. The creation time of the HMAC key. 2269 google.protobuf.Timestamp create_time = 6 2270 [(google.api.field_behavior) = OUTPUT_ONLY]; 2271 2272 // Output only. The last modification time of the HMAC key metadata. 2273 google.protobuf.Timestamp update_time = 7 2274 [(google.api.field_behavior) = OUTPUT_ONLY]; 2275 2276 // The etag of the HMAC key. 2277 string etag = 8; 2278} 2279 2280// A directive to publish Pub/Sub notifications upon changes to a bucket. 2281message NotificationConfig { 2282 option (google.api.resource) = { 2283 type: "storage.googleapis.com/NotificationConfig" 2284 pattern: "projects/{project}/buckets/{bucket}/notificationConfigs/{notification_config}" 2285 }; 2286 2287 // Required. The resource name of this NotificationConfig. 2288 // Format: 2289 // `projects/{project}/buckets/{bucket}/notificationConfigs/{notificationConfig}` 2290 // The `{project}` portion may be `_` for globally unique buckets. 2291 string name = 1 [(google.api.field_behavior) = REQUIRED]; 2292 2293 // Required. The Pub/Sub topic to which this subscription publishes. Formatted 2294 // as: 2295 // '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}' 2296 string topic = 2 [(google.api.field_behavior) = REQUIRED]; 2297 2298 // The etag of the NotificationConfig. 2299 // If included in the metadata of GetNotificationConfigRequest, the operation 2300 // will only be performed if the etag matches that of the NotificationConfig. 2301 string etag = 7; 2302 2303 // If present, only send notifications about listed event types. If 2304 // empty, sent notifications for all event types. 2305 repeated string event_types = 3; 2306 2307 // A list of additional attributes to attach to each Pub/Sub 2308 // message published for this NotificationConfig. 2309 map<string, string> custom_attributes = 4; 2310 2311 // If present, only apply this NotificationConfig to object names that 2312 // begin with this prefix. 2313 string object_name_prefix = 5; 2314 2315 // Required. The desired content of the Payload. 2316 string payload_format = 6 [(google.api.field_behavior) = REQUIRED]; 2317} 2318 2319// Describes the Customer-Supplied Encryption Key mechanism used to store an 2320// Object's data at rest. 2321message CustomerEncryption { 2322 // The encryption algorithm. 2323 string encryption_algorithm = 1; 2324 2325 // SHA256 hash value of the encryption key. 2326 // In raw bytes format (not base64-encoded). 2327 bytes key_sha256_bytes = 3; 2328} 2329 2330// An object. 2331message Object { 2332 // Immutable. The name of this object. Nearly any sequence of unicode 2333 // characters is valid. See 2334 // [Guidelines](https://cloud.google.com/storage/docs/objects#naming). 2335 // Example: `test.txt` 2336 // The `name` field by itself does not uniquely identify a Cloud Storage 2337 // object. A Cloud Storage object is uniquely identified by the tuple of 2338 // (bucket, object, generation). 2339 string name = 1 [(google.api.field_behavior) = IMMUTABLE]; 2340 2341 // Immutable. The name of the bucket containing this object. 2342 string bucket = 2 [ 2343 (google.api.field_behavior) = IMMUTABLE, 2344 (google.api.resource_reference) = { type: "storage.googleapis.com/Bucket" } 2345 ]; 2346 2347 // The etag of the object. 2348 // If included in the metadata of an update or delete request message, the 2349 // operation will only be performed if the etag matches that of the live 2350 // object. 2351 string etag = 27; 2352 2353 // Immutable. The content generation of this object. Used for object 2354 // versioning. 2355 int64 generation = 3 [(google.api.field_behavior) = IMMUTABLE]; 2356 2357 // Output only. The version of the metadata for this generation of this 2358 // object. Used for preconditions and for detecting changes in metadata. A 2359 // metageneration number is only meaningful in the context of a particular 2360 // generation of a particular object. 2361 int64 metageneration = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 2362 2363 // Storage class of the object. 2364 string storage_class = 5; 2365 2366 // Output only. Content-Length of the object data in bytes, matching 2367 // [https://tools.ietf.org/html/rfc7230#section-3.3.2][RFC 7230 §3.3.2]. 2368 int64 size = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 2369 2370 // Content-Encoding of the object data, matching 2371 // [https://tools.ietf.org/html/rfc7231#section-3.1.2.2][RFC 7231 §3.1.2.2] 2372 string content_encoding = 7; 2373 2374 // Content-Disposition of the object data, matching 2375 // [https://tools.ietf.org/html/rfc6266][RFC 6266]. 2376 string content_disposition = 8; 2377 2378 // Cache-Control directive for the object data, matching 2379 // [https://tools.ietf.org/html/rfc7234#section-5.2"][RFC 7234 §5.2]. 2380 // If omitted, and the object is accessible to all anonymous users, the 2381 // default will be `public, max-age=3600`. 2382 string cache_control = 9; 2383 2384 // Access controls on the object. 2385 // If iam_config.uniform_bucket_level_access is enabled on the parent 2386 // bucket, requests to set, read, or modify acl is an error. 2387 repeated ObjectAccessControl acl = 10; 2388 2389 // Content-Language of the object data, matching 2390 // [https://tools.ietf.org/html/rfc7231#section-3.1.3.2][RFC 7231 §3.1.3.2]. 2391 string content_language = 11; 2392 2393 // Output only. If this object is noncurrent, this is the time when the object 2394 // became noncurrent. 2395 google.protobuf.Timestamp delete_time = 12 2396 [(google.api.field_behavior) = OUTPUT_ONLY]; 2397 2398 // Content-Type of the object data, matching 2399 // [https://tools.ietf.org/html/rfc7231#section-3.1.1.5][RFC 7231 §3.1.1.5]. 2400 // If an object is stored without a Content-Type, it is served as 2401 // `application/octet-stream`. 2402 string content_type = 13; 2403 2404 // Output only. The creation time of the object. 2405 google.protobuf.Timestamp create_time = 14 2406 [(google.api.field_behavior) = OUTPUT_ONLY]; 2407 2408 // Output only. Number of underlying components that make up this object. 2409 // Components are accumulated by compose operations. 2410 int32 component_count = 15 [(google.api.field_behavior) = OUTPUT_ONLY]; 2411 2412 // Output only. Hashes for the data part of this object. This field is used 2413 // for output only and will be silently ignored if provided in requests. 2414 ObjectChecksums checksums = 16 [(google.api.field_behavior) = OUTPUT_ONLY]; 2415 2416 // Output only. The modification time of the object metadata. 2417 // Set initially to object creation time and then updated whenever any 2418 // metadata of the object changes. This includes changes made by a requester, 2419 // such as modifying custom metadata, as well as changes made by Cloud Storage 2420 // on behalf of a requester, such as changing the storage class based on an 2421 // Object Lifecycle Configuration. 2422 google.protobuf.Timestamp update_time = 17 2423 [(google.api.field_behavior) = OUTPUT_ONLY]; 2424 2425 // Cloud KMS Key used to encrypt this object, if the object is encrypted by 2426 // such a key. 2427 string kms_key = 18 [(google.api.resource_reference) = { 2428 type: "cloudkms.googleapis.com/CryptoKey" 2429 }]; 2430 2431 // Output only. The time at which the object's storage class was last changed. 2432 // When the object is initially created, it will be set to time_created. 2433 google.protobuf.Timestamp update_storage_class_time = 19 2434 [(google.api.field_behavior) = OUTPUT_ONLY]; 2435 2436 // Whether an object is under temporary hold. While this flag is set to true, 2437 // the object is protected against deletion and overwrites. A common use case 2438 // of this flag is regulatory investigations where objects need to be retained 2439 // while the investigation is ongoing. Note that unlike event-based hold, 2440 // temporary hold does not impact retention expiration time of an object. 2441 bool temporary_hold = 20; 2442 2443 // A server-determined value that specifies the earliest time that the 2444 // object's retention period expires. 2445 // Note 1: This field is not provided for objects with an active event-based 2446 // hold, since retention expiration is unknown until the hold is removed. 2447 // Note 2: This value can be provided even when temporary hold is set (so that 2448 // the user can reason about policy without having to first unset the 2449 // temporary hold). 2450 google.protobuf.Timestamp retention_expire_time = 21; 2451 2452 // User-provided metadata, in key/value pairs. 2453 map<string, string> metadata = 22; 2454 2455 // Whether an object is under event-based hold. 2456 // An event-based hold is a way to force the retention of an object until 2457 // after some event occurs. Once the hold is released by explicitly setting 2458 // this field to false, the object will become subject to any bucket-level 2459 // retention policy, except that the retention duration will be calculated 2460 // from the time the event based hold was lifted, rather than the time the 2461 // object was created. 2462 // 2463 // In a WriteObject request, not setting this field implies that the value 2464 // should be taken from the parent bucket's "default_event_based_hold" field. 2465 // In a response, this field will always be set to true or false. 2466 optional bool event_based_hold = 23; 2467 2468 // Output only. The owner of the object. This will always be the uploader of 2469 // the object. 2470 Owner owner = 24 [(google.api.field_behavior) = OUTPUT_ONLY]; 2471 2472 // Metadata of Customer-Supplied Encryption Key, if the object is encrypted by 2473 // such a key. 2474 CustomerEncryption customer_encryption = 25; 2475 2476 // A user-specified timestamp set on an object. 2477 google.protobuf.Timestamp custom_time = 26; 2478 2479 // Output only. This is the time when the object became soft-deleted. 2480 // 2481 // Soft-deleted objects are only accessible if a soft_delete_policy is 2482 // enabled. Also see hard_delete_time. 2483 optional google.protobuf.Timestamp soft_delete_time = 28 2484 [(google.api.field_behavior) = OUTPUT_ONLY]; 2485 2486 // Output only. The time when the object will be permanently deleted. 2487 // 2488 // Only set when an object becomes soft-deleted with a soft_delete_policy. 2489 // Otherwise, the object will not be accessible. 2490 optional google.protobuf.Timestamp hard_delete_time = 29 2491 [(google.api.field_behavior) = OUTPUT_ONLY]; 2492} 2493 2494// An access-control entry. 2495message ObjectAccessControl { 2496 // The access permission for the entity. 2497 string role = 1; 2498 2499 // The ID of the access-control entry. 2500 string id = 2; 2501 2502 // The entity holding the permission, in one of the following forms: 2503 // * `user-{userid}` 2504 // * `user-{email}` 2505 // * `group-{groupid}` 2506 // * `group-{email}` 2507 // * `domain-{domain}` 2508 // * `project-{team}-{projectnumber}` 2509 // * `project-{team}-{projectid}` 2510 // * `allUsers` 2511 // * `allAuthenticatedUsers` 2512 // Examples: 2513 // * The user `[email protected]` would be `[email protected]`. 2514 // * The group `[email protected]` would be 2515 // `[email protected]`. 2516 // * All members of the Google Apps for Business domain `example.com` would be 2517 // `domain-example.com`. 2518 // For project entities, `project-{team}-{projectnumber}` format will be 2519 // returned on response. 2520 string entity = 3; 2521 2522 // Output only. The alternative entity format, if exists. For project 2523 // entities, `project-{team}-{projectid}` format will be returned on response. 2524 string entity_alt = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 2525 2526 // The ID for the entity, if any. 2527 string entity_id = 4; 2528 2529 // The etag of the ObjectAccessControl. 2530 // If included in the metadata of an update or delete request message, the 2531 // operation will only be performed if the etag matches that of the live 2532 // object's ObjectAccessControl. 2533 string etag = 8; 2534 2535 // The email address associated with the entity, if any. 2536 string email = 5; 2537 2538 // The domain associated with the entity, if any. 2539 string domain = 6; 2540 2541 // The project team associated with the entity, if any. 2542 ProjectTeam project_team = 7; 2543} 2544 2545// The result of a call to Objects.ListObjects 2546message ListObjectsResponse { 2547 // The list of items. 2548 repeated Object objects = 1; 2549 2550 // The list of prefixes of objects matching-but-not-listed up to and including 2551 // the requested delimiter. 2552 repeated string prefixes = 2; 2553 2554 // The continuation token, used to page through large result sets. Provide 2555 // this value in a subsequent request to return the next page of results. 2556 string next_page_token = 3; 2557} 2558 2559// Represents the Viewers, Editors, or Owners of a given project. 2560message ProjectTeam { 2561 // The project number. 2562 string project_number = 1; 2563 2564 // The team. 2565 string team = 2; 2566} 2567 2568// A service account, owned by Cloud Storage, which may be used when taking 2569// action on behalf of a given project, for example to publish Pub/Sub 2570// notifications or to retrieve security keys. 2571message ServiceAccount { 2572 // The ID of the notification. 2573 string email_address = 1; 2574} 2575 2576// The owner of a specific resource. 2577message Owner { 2578 // The entity, in the form `user-`*userId*. 2579 string entity = 1; 2580 2581 // The ID for the entity. 2582 string entity_id = 2; 2583} 2584 2585// Specifies a requested range of bytes to download. 2586message ContentRange { 2587 // The starting offset of the object data. This value is inclusive. 2588 int64 start = 1; 2589 2590 // The ending offset of the object data. This value is exclusive. 2591 int64 end = 2; 2592 2593 // The complete length of the object data. 2594 int64 complete_length = 3; 2595} 2596