"description":"A string for filtering Operations.\n The following filter fields are supported:\n\n * serviceName: Required. Only `=` operator is allowed.\n * startTime: The time this job was started, in ISO 8601 format.\n Allowed operators are `\u003e=`, `\u003e`, `\u003c=`, and `\u003c`.\n * status: Can be `done`, `in_progress`, or `failed`. Allowed\n operators are `=`, and `!=`.\n\n Filter expression supports conjunction (AND) and disjunction (OR)\n logical operators. However, the serviceName restriction must be at the\n top-level and can only be combined with other restrictions via the AND\n logical operator.\n\n Examples:\n\n * `serviceName={some-service}.googleapis.com`\n * `serviceName={some-service}.googleapis.com AND startTime\u003e=\"2017-02-01\"`\n * `serviceName={some-service}.googleapis.com AND status=done`\n * `serviceName={some-service}.googleapis.com AND (status=done OR startTime\u003e=\"2017-02-01\")`",
"description":"Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice."
"description":"Creates a new managed service.\nPlease note one producer project can own no more than 20 services.\n\nOperation\u003cresponse: ManagedService\u003e",
"description":"Generates and returns a report (errors, warnings and changes from\nexisting configurations) associated with\nGenerateConfigReportRequest.new_value\n\nIf GenerateConfigReportRequest.old_value is specified,\nGenerateConfigReportRequest will contain a single ChangeReport based on the\ncomparison between GenerateConfigReportRequest.new_value and\nGenerateConfigReportRequest.old_value.\nIf GenerateConfigReportRequest.old_value is not specified, this method\nwill compare GenerateConfigReportRequest.new_value with the last pushed\nservice configuration.",
"description":"REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"description":"Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"Deletes a managed service. This method will change the service to the\n`Soft-Delete` state for 30 days. Within this period, service producers may\ncall UndeleteService to restore the service.\nAfter 30 days, the service will be permanently deleted.\n\nOperation\u003cresponse: google.protobuf.Empty\u003e",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"Enables a service for a project, so it can be used\nfor the project. See\n[Cloud Auth Guide](https://cloud.google.com/docs/authentication) for\nmore information.\n\nOperation\u003cresponse: EnableServiceResponse\u003e",
"description":"REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"description":"Sets the access control policy on the specified resource. Replaces any\nexisting policy."
},
"disable":{
"flatPath":"v1/services/{serviceName}:disable",
"path":"v1/services/{serviceName}:disable",
"id":"servicemanagement.services.disable",
"request":{
"$ref":"DisableServiceRequest"
},
"description":"Disables a service for a project, so it can no longer be\nbe used for the project. It prevents accidental usage that may cause\nunexpected billing charges or security leaks.\n\nOperation\u003cresponse: DisableServiceResponse\u003e",
"response":{
"$ref":"Operation"
},
"parameterOrder":[
"serviceName"
],
"httpMethod":"POST",
"parameters":{
"serviceName":{
"location":"path",
"description":"Name of the service to disable. Specifying an unknown service name\nwill cause the request to fail.",
"description":"REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"description":"Gets the access control policy for a resource.\nReturns an empty policy if the resource exists and does not have a policy\nset.",
"request":{
"$ref":"GetIamPolicyRequest"
}
},
"undelete":{
"httpMethod":"POST",
"parameterOrder":[
"serviceName"
],
"response":{
"$ref":"Operation"
},
"parameters":{
"serviceName":{
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"Revives a previously deleted managed service. The method restores the\nservice using the configuration at the time the service was deleted.\nThe target service must exist and must have been deleted within the\nlast 30 days.\n\nOperation\u003cresponse: UndeleteServiceResponse\u003e"
},
"list":{
"description":"Lists managed services.\n\nReturns all public services. For authenticated users, also returns all\nservices the calling user has \"servicemanagement.services.get\" permission\nfor.\n\n**BETA:** If the caller specifies the `consumer_id`, it returns only the\nservices enabled on the consumer. The `consumer_id` must have the format\nof \"project:{PROJECT-ID}\".",
"description":"Token identifying which result to start with; returned by a previous list\ncall.",
"type":"string"
},
"pageSize":{
"description":"Requested size of the next page of data.",
"format":"int32",
"type":"integer",
"location":"query"
},
"producerProjectId":{
"type":"string",
"location":"query",
"description":"Include services produced by the specified project."
},
"consumerId":{
"location":"query",
"description":"Include services consumed by the specified consumer.\n\nThe Google Service Management implementation accepts the following\nforms:\n- project:\u003cproject_id\u003e",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`."
}
},
"flatPath":"v1/services/{serviceName}/configs",
"path":"v1/services/{serviceName}/configs",
"id":"servicemanagement.services.configs.create",
"description":"Creates a new service configuration (version) for a managed service.\nThis method only stores the service configuration. To roll out the service\nconfiguration to backend systems please call\nCreateServiceRollout.",
"description":"Creates a new service configuration (version) for a managed service based\non\nuser-supplied configuration source files (for example: OpenAPI\nSpecification). This method stores the source configurations as well as the\ngenerated service configuration. To rollout the service configuration to\nother services,\nplease call CreateServiceRollout.\n\nOperation\u003cresponse: SubmitConfigSourceResponse\u003e",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"description":"Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description":"REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"description":"REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`.",
"description":"Use `filter` to return subset of rollouts.\nThe following filters are supported:\n -- To limit the results to only those in\n [status](google.api.servicemanagement.v1.RolloutStatus) 'SUCCESS',\n use filter='status=SUCCESS'\n -- To limit the results to those in\n [status](google.api.servicemanagement.v1.RolloutStatus) 'CANCELLED'\n or 'FAILED', use filter='status=CANCELLED OR status=FAILED'",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`."
"description":"Creates a new service configuration rollout. Based on rollout, the\nGoogle Service Management will roll out the service configurations to\ndifferent backend services. For example, the logging configuration will be\npushed to Google Cloud Logging.\n\nPlease note that any previous pending and running Rollouts and associated\nOperations will be automatically cancelled so that the latest Rollout will\nnot be blocked by previous Rollouts.\n\nOperation\u003cresponse: Rollout\u003e",
"description":"The name of the service. See the [overview](/service-management/overview)\nfor naming requirements. For example: `example.googleapis.com`."
"description":"Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"description":"API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"description":"Google Service Management allows service producers to publish their services on Google Cloud Platform so that they can be discovered and used by service consumers.",
"description":"The metadata associated with a long running operation resource.",
"type":"object",
"properties":{
"surface":{
"enum":[
"UNSPECIFIED_OP_SERVICE",
"SERVICE_MANAGEMENT",
"SERVICE_USAGE",
"SERVICE_CONSUMER_MANAGEMENT"
],
"type":"string",
"enumDescriptions":[
"",
"",
"",
"TenancyUnit, ServiceNetworking fall under this"
]
},
"resourceNames":{
"description":"The full name of the resources that this flow is directly associated with.",
"type":"array",
"items":{
"type":"string"
}
},
"flowName":{
"type":"string",
"description":"The name of the top-level flow corresponding to this operation.\nMust be equal to the \"name\" field for a FlowName enum."
},
"cancelState":{
"description":"The state of the operation with respect to cancellation.",
"type":"string",
"enumDescriptions":[
"Default state, cancellable but not cancelled.",
"The operation has proceeded past the point of no return and cannot\nbe cancelled.",
"The operation has been cancelled, work should cease\nand any needed rollback steps executed."
],
"enum":[
"RUNNING",
"UNCANCELLABLE",
"CANCELLED"
]
},
"deadline":{
"description":"Deadline for the flow to complete, to prevent orphaned Operations.\n\nIf the flow has not completed by this time, it may be terminated by\nthe engine, or force-failed by Operation lookup.\n\nNote that this is not a hard deadline after which the Flow will\ndefinitely be failed, rather it is a deadline after which it is reasonable\nto suspect a problem and other parts of the system may kill operation\nto ensure we don't have orphans.\nsee also: go/prevent-orphaned-operations",
"format":"google-datetime",
"type":"string"
},
"operationType":{
"description":"Operation type which is a flow type and subtype info as that is missing in\nour datastore otherwise. This maps to the ordinal value of the enum:\njcg/api/tenant/operations/OperationNamespace.java",
"format":"int32",
"type":"integer"
},
"startTime":{
"description":"The start time of the operation.",
"format":"google-datetime",
"type":"string"
}
},
"id":"FlowOperationMetadata"
},
"CustomError":{
"properties":{
"types":{
"description":"The list of custom error detail types, e.g. 'google.foo.v1.CustomError'.",
"type":"array",
"items":{
"type":"string"
}
},
"rules":{
"description":"The list of custom error rules that apply to individual API messages.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order.",
"type":"array",
"items":{
"$ref":"CustomErrorRule"
}
}
},
"id":"CustomError",
"description":"Customize service error responses. For example, list any service\nspecific protobuf types that can appear in error detail lists of\nerror responses.\n\nExample:\n\n custom_error:\n types:\n - google.foo.v1.CustomError\n - google.foo.v1.AnotherError",
"description":"Defines the HTTP configuration for an API service. It contains a list of\nHttpRule, each specifying the mapping of an RPC method\nto one or more HTTP REST API methods.",
"description":"When set to true, URL path parmeters will be fully URI-decoded except in\ncases of single segment matches in reserved expansion, where \"%2F\" will be\nleft encoded.\n\nThe default behavior is to not decode RFC 6570 reserved characters in multi\nsegment matches.",
"type":"boolean"
},
"rules":{
"description":"A list of HTTP configuration rules that apply to individual API methods.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order.",
"description":"Selects and configures the service controller used by the service. The\nservice controller handles features like abuse, quota, billing, logging,\nmonitoring, etc.",
"type":"object",
"properties":{
"environment":{
"description":"The service control environment to use. If empty, no control plane\nfeature (like quota and billing) will be enabled.",
"type":"string"
}
},
"id":"Control"
},
"SystemParameter":{
"description":"Define a parameter's name and location. The parameter may be passed as either\nan HTTP header or a URL query parameter, and if both are passed the behavior\nis implementation-dependent.",
"description":"Define the HTTP header name to use for the parameter. It is case\ninsensitive."
},
"name":{
"type":"string",
"description":"Define the name of the parameter, such as \"api_key\" . It is case sensitive."
},
"urlQueryParameter":{
"description":"Define the URL query parameter name to use for the parameter. It is case\nsensitive.",
"type":"string"
}
},
"id":"SystemParameter"
},
"Field":{
"properties":{
"defaultValue":{
"description":"The string value of the default value of this field. Proto2 syntax only.",
"type":"string"
},
"name":{
"description":"The field name.",
"type":"string"
},
"typeUrl":{
"description":"The field type URL, without the scheme, for message or enumeration\ntypes. Example: `\"type.googleapis.com/google.protobuf.Timestamp\"`.",
"description":"The index of the field type in `Type.oneofs`, for message or enumeration\ntypes. The first type has index 1; zero means the type is not in the list.",
"description":"A single field of a message type.",
"type":"object"
},
"Monitoring":{
"properties":{
"consumerDestinations":{
"description":"Monitoring configurations for sending metrics to the consumer project.\nThere can be multiple consumer destinations, each one must have a\ndifferent monitored resource type. A metric can be used in at most\none consumer destination.",
"description":"Monitoring configurations for sending metrics to the producer project.\nThere can be multiple producer destinations, each one must have a\ndifferent monitored resource type. A metric can be used in at most\none producer destination.",
"description":"Monitoring configuration of the service.\n\nThe example below shows how to configure monitored resources and metrics\nfor monitoring. In the example, a monitored resource and two metrics are\ndefined. The `library.googleapis.com/book/returned_count` metric is sent\nto both producer and consumer projects, whereas the\n`library.googleapis.com/book/overdue_count` metric is only sent to the\nconsumer project.\n\n monitored_resources:\n - type: library.googleapis.com/branch\n labels:\n - key: /city\n description: The city where the library branch is located in.\n - key: /name\n description: The name of the branch.\n metrics:\n - name: library.googleapis.com/book/returned_count\n metric_kind: DELTA\n value_type: INT64\n labels:\n - key: /customer_id\n - name: library.googleapis.com/book/overdue_count\n metric_kind: GAUGE\n value_type: INT64\n labels:\n - key: /customer_id\n monitoring:\n producer_destinations:\n - monitored_resource: library.googleapis.com/branch\n metrics:\n - library.googleapis.com/book/returned_count\n consumer_destinations:\n - monitored_resource: library.googleapis.com/branch\n metrics:\n - library.googleapis.com/book/returned_count\n - library.googleapis.com/book/overdue_count",
"description":"The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"description":"File name and line number of the error or warning.",
"type":"string"
}
}
},
"EnableServiceRequest":{
"type":"object",
"properties":{
"consumerId":{
"description":"The identity of consumer resource which service enablement will be\napplied to.\n\nThe Google Service Management implementation accepts the following\nforms:\n- \"project:\u003cproject_id\u003e\"\n\nNote: this is made compatible with\ngoogle.api.servicecontrol.v1.Operation.consumer_id.",
"description":"Experimental service configuration. These configuration options can\nonly be used by whitelisted users."
},
"Backend":{
"description":"`Backend` defines the backend configuration for a service.",
"type":"object",
"properties":{
"rules":{
"type":"array",
"items":{
"$ref":"BackendRule"
},
"description":"A list of API backend rules that apply to individual API methods.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order."
"description":"Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"fooservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:bar@gmail.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts foo@gmail.com from DATA_READ logging, and\nbar@gmail.com from DATA_WRITE logging.",
"description":"Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.",
"description":"Optional. If set, this will result in the generation of a\n`google.api.Service` configuration based on the `ConfigSource` provided,\nbut the generated config and the sources will NOT be persisted.",
"description":"The selector is a comma-separated list of patterns. Each pattern is a\nqualified name of the element which may end in \"*\", indicating a wildcard.\nWildcards are only allowed at the end and for a whole component of the\nqualified name, i.e. \"foo.*\" is ok, but not \"foo.b*\" or \"foo.*.bar\". To\nspecify a default for all applicable elements, the whole pattern \"*\"\nis used.",
"description":"Configuration of authorization.\n\nThis section determines the authorization provider, if unspecified, then no\nauthorization check will be done.\n\nExample:\n\n experimental:\n authorization:\n provider: firebaserules.googleapis.com",
"type":"object",
"properties":{
"provider":{
"description":"The name of the authorization provider, such as\nfirebaserules.googleapis.com.",
"description":"The path-qualified name of the .proto file that contained the associated\nprotobuf element. For example: `\"google/protobuf/source_context.proto\"`.",
"description":"The unit in which the metric value is reported. It is only applicable\nif the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The\nsupported units are a subset of [The Unified Code for Units of\nMeasure](http://unitsofmeasure.org/ucum.html) standard:\n\n**Basic units (UNIT)**\n\n* `bit` bit\n* `By` byte\n* `s` second\n* `min` minute\n* `h` hour\n* `d` day\n\n**Prefixes (PREFIX)**\n\n* `k` kilo (10**3)\n* `M` mega (10**6)\n* `G` giga (10**9)\n* `T` tera (10**12)\n* `P` peta (10**15)\n* `E` exa (10**18)\n* `Z` zetta (10**21)\n* `Y` yotta (10**24)\n* `m` milli (10**-3)\n* `u` micro (10**-6)\n* `n` nano (10**-9)\n* `p` pico (10**-12)\n* `f` femto (10**-15)\n* `a` atto (10**-18)\n* `z` zepto (10**-21)\n* `y` yocto (10**-24)\n* `Ki` kibi (2**10)\n* `Mi` mebi (2**20)\n* `Gi` gibi (2**30)\n* `Ti` tebi (2**40)\n\n**Grammar**\n\nThe grammar includes the dimensionless unit `1`, such as `1/s`.\n\nThe grammar also includes these connectors:\n\n* `/` division (as an infix operator, e.g. `1/s`).\n* `.` multiplication (as an infix operator, e.g. `GBy.d`)\n\nThe grammar for a unit is as follows:\n\n Expression = Component { \".\" Component } { \"/\" Component } ;\n\n Component = [ PREFIX ] UNIT [ Annotation ]\n | Annotation\n | \"1\"\n ;\n\n Annotation = \"{\" NAME \"}\" ;\n\nNotes:\n\n* `Annotation` is just a comment if it follows a `UNIT` and is\n equivalent to `1` if it is used alone. For examples,\n `{requests}/s == 1/s`, `By{transmitted}/s == By/s`.\n* `NAME` is a sequence of non-blank printable ASCII characters not\n containing '{' or '}'."
},
"labels":{
"description":"The set of labels that can be used to describe a specific\ninstance of this metric type. For example, the\n`appengine.googleapis.com/http/server/response_latencies` metric\ntype has a label for the HTTP response code, `response_code`, so\nyou can look at latencies for successful responses or just\nfor responses that failed.",
"description":"The metric type, including its DNS name prefix. The type is not\nURL-encoded. All user-defined custom metric types have the DNS name\n`custom.googleapis.com`. Metric types should use a natural hierarchical\ngrouping. For example:\n\n \"custom.googleapis.com/invoice/paid/amount\"\n \"appengine.googleapis.com/http/server/response_latencies\"",
"description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of `metric_kind` and `value_type` might not be supported.",
"A value accumulated over a time interval. Cumulative\nmeasurements in a time series should have the same start time\nand increasing end times, until an event resets the cumulative\nvalue to zero and sets a new start time for the following\npoints."
"description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of `metric_kind` and `value_type` might not be supported.",
"description":"A concise name for the metric, which can be displayed in user interfaces.\nUse sentence case without an ending period, for example \"Request count\".\nThis field is optional but it is recommended to be set for any metrics\nassociated with user-visible concepts, such as Quota.",
"description":"Defines a metric type and its schema. Once a metric descriptor is created,\ndeleting or altering it stops data collection and makes the metric type's\nexisting data unusable.",
"description":"Billing configurations for sending metrics to the consumer project.\nThere can be multiple consumer destinations per service, each one must have\na different monitored resource type. A metric can be used in at most\none consumer destination.",
"description":"Billing related configuration of the service.\n\nThe following example shows how to configure monitored resources and metrics\nfor billing:\n\n monitored_resources:\n - type: library.googleapis.com/branch\n labels:\n - key: /city\n description: The city where the library branch is located in.\n - key: /name\n description: The name of the branch.\n metrics:\n - name: library.googleapis.com/book/borrowed_count\n metric_kind: DELTA\n value_type: INT64\n billing:\n consumer_destinations:\n - monitored_resource: library.googleapis.com/branch\n metrics:\n - library.googleapis.com/book/borrowed_count"
"description":"Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) \u003e 0\"",
"type":"object",
"properties":{
"title":{
"description":"An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type":"string"
},
"location":{
"description":"An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type":"string"
},
"description":{
"description":"An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type":"string"
},
"expression":{
"description":"Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.",
"type":"string"
}
},
"id":"Expr"
},
"ListServicesResponse":{
"properties":{
"services":{
"description":"The returned services will only have the name field set.",
"description":"`Endpoint` describes a network endpoint that serves a set of APIs.\nA service may expose any number of endpoints, and all endpoints share the\nsame service configuration, such as quota configuration and monitoring\nconfiguration.\n\nExample service configuration:\n\n name: library-example.googleapis.com\n endpoints:\n # Below entry makes 'google.example.library.v1.Library'\n # API be served from endpoint address library-example.googleapis.com.\n # It also allows HTTP OPTIONS calls to be passed to the backend, for\n # it to decide whether the subsequent cross-origin request is\n # allowed to proceed.\n - name: library-example.googleapis.com\n allow_cors: true",
"description":"DEPRECATED: This field is no longer supported. Instead of using aliases,\nplease specify multiple google.api.Endpoint for each of the intended\naliases.\n\nAdditional names that this endpoint will be hosted on.",
"type":"array",
"items":{
"type":"string"
}
},
"features":{
"description":"The list of features enabled on this endpoint.",
"description":"Allowing\n[CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka\ncross-domain traffic, would allow the backends served from this endpoint to\nreceive and respond to HTTP OPTIONS requests. The response will be used by\nthe browser to determine whether the subsequent cross-origin request is\nallowed to proceed.",
"type":"boolean"
},
"name":{
"description":"The canonical name of this endpoint.",
"type":"string"
},
"target":{
"description":"The specification of an Internet routable address of API frontend that will\nhandle requests to this [API Endpoint](https://cloud.google.com/apis/design/glossary).\nIt should be either a valid IPv4 address or a fully-qualified domain name.\nFor example, \"8.8.8.8\" or \"myservice.appspot.com\".",
"description":"OAuth scopes are a way to define data and permissions on data. For example,\nthere are scopes defined for \"Read-only access to Google Calendar\" and\n\"Access to Cloud Platform\". Users can consent to a scope for an application,\ngiving it permission to access that data on their behalf.\n\nOAuth scope specifications should be fairly coarse grained; a user will need\nto see and understand the text description of what your scope means.\n\nIn most cases: use one or at most two OAuth scopes for an entire family of\nproducts. If your product has multiple APIs, you should probably be sharing\nthe OAuth scope across all of those APIs.\n\nWhen you need finer grained OAuth consent screens: talk with your product\nmanagement about how developers will use them in practice.\n\nPlease note that even though each of the canonical scopes is enough for a\nrequest to be accepted and passed to the backend, a request can still fail\ndue to the backend requiring additional scopes or permissions.",
"description":"The list of publicly documented OAuth scopes that are allowed access. An\nOAuth token containing any of these scopes will be accepted.\n\nExample:\n\n canonical_scopes: https://www.googleapis.com/auth/calendar,\n https://www.googleapis.com/auth/calendar.read",
"description":"The full resource name of a channel used for sending notifications to the\nservice producer.\n\nGoogle Service Management currently only supports\n[Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification\nchannel. To use Google Cloud Pub/Sub as the channel, this must be the name\nof a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format\ndocumented in https://cloud.google.com/pubsub/docs/overview.",
"description":"A list of usage rules that apply to individual API methods.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order."
"description":"Requirements that must be satisfied before a consumer project can use the\nservice. Each requirement is of the form \u003cservice.name\u003e/\u003crequirement-id\u003e;\nfor example 'serviceusage.googleapis.com/billing-enabled'.",
"description":"`Context` defines which contexts an API requests.\n\nExample:\n\n context:\n rules:\n - selector: \"*\"\n requested:\n - google.rpc.context.ProjectContext\n - google.rpc.context.OriginContext\n\nThe above specifies that all methods in the API request\n`google.rpc.context.ProjectContext` and\n`google.rpc.context.OriginContext`.\n\nAvailable context types are defined in package\n`google.rpc.context`.",
"description":"A list of RPC context rules that apply to individual API methods.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order.",
"description":"A description of a log type. Example in YAML format:\n\n - name: library.googleapis.com/activity_history\n description: The history of borrowing and returning library items.\n display_name: Activity\n labels:\n - key: /customer_id\n description: Identifier of a library customer",
"description":"The name of the log. It must be less than 512 characters long and can\ninclude the following characters: upper- and lower-case alphanumeric\ncharacters [A-Za-z0-9], and punctuation characters including\nslash, underscore, hyphen, period [/_-.].",
"description":"The set of labels that are available to describe a specific log entry.\nRuntime requests that contain labels not specified here are\nconsidered invalid.",
"FileDescriptorSet, generated by protoc.\n\nTo generate, use protoc with imports and source info included.\nFor an example test.proto file, the following command would put the value\nin a new file named out.pb.\n\n$protoc --include_imports --include_source_info test.proto -o out.pb",
"Uncompiled Proto file. Used for storage and display purposes only,\ncurrently server-side compilation is not supported. Should match the\ninputs to 'protoc' command used to generated FILE_DESCRIPTOR_SET_PROTO. A\nfile of this type can only be included if at least one file of type\nFILE_DESCRIPTOR_SET_PROTO is included."
"description":"Mark this message as possible payload in error response. Otherwise,\nobjects of this type will be filtered when they appear in error payload."
"description":"Selects messages to which this rule applies.\n\nRefer to selector for syntax details.",
"type":"string"
}
},
"id":"CustomErrorRule"
},
"MonitoredResourceDescriptor":{
"description":"An object that describes the schema of a MonitoredResource object using a\ntype name and a set of labels. For example, the monitored resource\ndescriptor for Google Compute Engine VM instances has a type of\n`\"gce_instance\"` and specifies the use of the labels `\"instance_id\"` and\n`\"zone\"` to identify particular VM instances.\n\nDifferent APIs can support different monitored resource types. APIs generally\nprovide a `list` method that returns the monitored resource descriptors used\nby the API.",
"description":"Optional. The resource name of the monitored resource descriptor:\n`\"projects/{project_id}/monitoredResourceDescriptors/{type}\"` where\n{type} is the value of the `type` field in this object and\n{project_id} is a project ID that provides API-specific context for\naccessing the type. APIs that do not use project information can use the\nresource name format `\"monitoredResourceDescriptors/{type}\"`.",
"description":"Optional. A concise name for the monitored resource type that might be\ndisplayed in user interfaces. It should be a Title Cased Noun Phrase,\nwithout any article or other determiners. For example,\n`\"Google Cloud SQL Database\"`.",
"description":"Required. The monitored resource type. For example, the type\n`\"cloudsql_database\"` represents databases in Google Cloud SQL.\nThe maximum length of this value is 256 characters.",
"description":"Required. A set of labels used to describe instances of this monitored\nresource type. For example, an individual Google Cloud SQL database is\nidentified by values for the labels `\"database_id\"` and `\"zone\"`."
"description":"A configuration string containing connection information for the\nauthentication provider, typically formatted as a SmartService string\n(go/smartservice)."
"description":"Defines the Media configuration for a service in case of a download.\nUse this only for Scotty Requests. Do not use this for media support using\nBytestream, add instead [][google.bytestream.RestByteStream] as an API to\nyour configuration for Bytestream methods.",
"description":"Change report associated with a particular service configuration.\n\nIt contains a list of ConfigChanges based on the comparison between\ntwo service configurations.",
"description":"List of changes between two service configurations.\nThe changes will be alphabetically sorted based on the identifier\nof each change.\nA ConfigChange identifier is a dot separated path to the configuration.\nExample: visibility.rules[selector='LibraryService.CreateBook'].restriction"
"description":"The identity of consumer resource which service disablement will be\napplied to.\n\nThe Google Service Management implementation accepts the following\nforms:\n- \"project:\u003cproject_id\u003e\"\n\nNote: this is made compatible with\ngoogle.api.servicecontrol.v1.Operation.consumer_id."
"description":"Defines the Media configuration for a service in case of an upload.\nUse this only for Scotty Requests. Do not use this for media support using\nBytestream, add instead [][google.bytestream.RestByteStream] as an API to\nyour configuration for Bytestream methods.",
"description":"A boolean that determines whether a notification for the completion of an\nupload should be sent to the backend. These notifications will not be seen\nby the client and will not consume quota.",
"description":"Selects the methods to which this rule applies. Use '*' to indicate all\nmethods in all APIs.\n\nRefer to selector for syntax details.",
"description":"True, if the method should skip service control. If so, no control plane\nfeature (like quota and billing) will be enabled.\nThis flag is used by ESP to allow some Endpoints customers to bypass\nGoogle internal checks.",
"description":"Usage configuration rules for the service.\n\nNOTE: Under development.\n\n\nUse this rule to configure unregistered calls for the service. Unregistered\ncalls are calls that do not contain consumer project identity.\n(Example: calls that do not contain an API key).\nBy default, API methods do not allow unregistered calls, and each method call\nmust be identified by a consumer project identity. Use this rule to\nallow/disallow unregistered calls.\n\nExample of an API that wants to allow unregistered calls for entire service.\n\n usage:\n rules:\n - selector: \"*\"\n allow_unregistered_calls: true\n\nExample of a method that wants to allow unregistered calls.\n\n usage:\n rules:\n - selector: \"google.example.library.v1.LibraryService.CreateBook\"\n allow_unregistered_calls: true"
"description":"Strategy that specifies how clients of Google Service Controller want to\nsend traffic to use different config versions. This is generally\nused by API proxy to split traffic based on your configured precentage for\neach config version.\n\nOne example of how to gradually rollout a new service configuration using\nthis\nstrategy:\nDay 1\n\n Rollout {\n id: \"example.googleapis.com/rollout_20160206\"\n traffic_percent_strategy {\n percentages: {\n \"example.googleapis.com/20160201\": 70.00\n \"example.googleapis.com/20160206\": 30.00\n }\n }\n }\n\nDay 2\n\n Rollout {\n id: \"example.googleapis.com/rollout_20160207\"\n traffic_percent_strategy: {\n percentages: {\n \"example.googleapis.com/20160206\": 100.00\n }\n }\n }",
"type":"object",
"properties":{
"percentages":{
"description":"Maps service configuration IDs to their corresponding traffic percentage.\nKey is the service configuration ID, Value is the traffic percentage\nwhich must be greater than 0.0 and the sum must equal to 100.0.",
"description":"User-defined authentication requirements, including support for\n[JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).",
"description":"NOTE: This will be deprecated soon, once AuthProvider.audiences is\nimplemented and accepted in all the runtime components.\n\nThe list of JWT\n[audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).\nthat are allowed to access. A JWT containing any of these audiences will\nbe accepted. When this setting is absent, only JWTs with audience\n\"https://Service_name/API_name\"\nwill be accepted. For example, if no audiences are in the setting,\nLibraryService API will only accept JWTs with the following audience\n\"https://library-example.googleapis.com/google.example.library.v1.LibraryService\".\n\nExample:\n\n audiences: bookstore_android.apps.googleusercontent.com,\n bookstore_web.apps.googleusercontent.com",
"description":"`Documentation` provides the information for describing a service.\n\nExample:\n\u003cpre\u003e\u003ccode\u003edocumentation:\n summary: \u003e\n The Google Calendar API gives access\n to most calendar features.\n pages:\n - name: Overview\n content: (== include google/foo/overview.md ==)\n - name: Tutorial\n content: (== include google/foo/tutorial.md ==)\n subpages;\n - name: Java\n content: (== include google/foo/tutorial_java.md ==)\n rules:\n - selector: google.calendar.Calendar.Get\n description: \u003e\n ...\n - selector: google.calendar.Calendar.Put\n description: \u003e\n ...\n\u003c/code\u003e\u003c/pre\u003e\nDocumentation is provided in markdown syntax. In addition to\nstandard markdown features, definition lists, tables and fenced\ncode blocks are supported. Section headers can be provided and are\ninterpreted relative to the section nesting of the context where\na documentation fragment is embedded.\n\nDocumentation from the IDL is merged with documentation defined\nvia the config at normalization time, where documentation provided\nby config rules overrides IDL provided.\n\nA number of constructs specific to the API platform are supported\nin documentation text.\n\nIn order to reference a proto element, the following\nnotation can be used:\n\u003cpre\u003e\u003ccode\u003e[fully.qualified.proto.name][]\u003c/code\u003e\u003c/pre\u003e\nTo override the display text used for the link, this can be used:\n\u003cpre\u003e\u003ccode\u003e[display text][fully.qualified.proto.name]\u003c/code\u003e\u003c/pre\u003e\nText can be excluded from doc using the following notation:\n\u003cpre\u003e\u003ccode\u003e(-- internal comment --)\u003c/code\u003e\u003c/pre\u003e\nComments can be made conditional using a visibility label. The below\ntext will be only rendered if the `BETA` label is available:\n\u003cpre\u003e\u003ccode\u003e(--BETA: comment for BETA users --)\u003c/code\u003e\u003c/pre\u003e\nA few directives are available in documentation. Note that\ndirectives must appear on a single line to be properly\nidentified. The `include` directive includes a markdown file from\nan external source:\n\u003cpre\u003e\u003ccode\u003e(== include path/to/file ==)\u003c/code\u003e\u003c/pre\u003e\nThe `resource_for` directive marks a message to be the resource of\na collection in REST view. If it is not specified, tools attempt\nto infer the resource from the operations in a collection:\n\u003cpre\u003e\u003ccode\u003e(== resource_for v1.shelves.books ==)\u003c/code\u003e\u003c/pre\u003e\nThe directive `suppress_warning` does not directly affect documentation\nand is documented together with service config validation.",
"description":"A list of documentation rules that apply to individual API elements.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order."
"description":"Declares a single overview page. For example:\n\u003cpre\u003e\u003ccode\u003edocumentation:\n summary: ...\n overview: (== include overview.md ==)\n\u003c/code\u003e\u003c/pre\u003e\nThis is a shortcut for the following declaration (using pages style):\n\u003cpre\u003e\u003ccode\u003edocumentation:\n summary: ...\n pages:\n - name: Overview\n content: (== include overview.md ==)\n\u003c/code\u003e\u003c/pre\u003e\nNote: you cannot specify both `overview` field and `pages` field.",
"description":"The top level pages for the documentation set.",
"type":"array",
"items":{
"$ref":"Page"
}
}
},
"id":"Documentation"
},
"AuditLogConfig":{
"description":"Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.",
"type":"object",
"properties":{
"exemptedMembers":{
"description":"Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
"description":"A unique ID for a specific instance of this message, typically assigned\nby the client for tracking purpose. If empty, the server may choose to\ngenerate one instead.",
"type":"string"
},
"files":{
"description":"Set of source configuration files that are used to generate a service\nconfiguration (`google.api.Service`).",
"description":"Authentication rules for the service.\n\nBy default, if a method has any authentication requirements, every request\nmust include a valid credential matching one of the requirements.\nIt's an error to include more than one kind of credential in a single\nrequest.\n\nIf a method doesn't have any auth requirements, request credentials will be\nignored.",
"description":"Whether to allow requests without a credential. The credential can be\nan OAuth token, Google cookies (first-party auth) or EndUserCreds.\n\nFor requests without credentials, if the service control environment is\nspecified, each incoming request **must** be associated with a service\nconsumer. This can be done by passing an API key that belongs to a consumer\nproject.",
"description":"Selects the methods to which this rule applies.\n\nRefer to selector for syntax details.",
"type":"string"
},
"deadline":{
"description":"The number of seconds to wait for a response from a request. The default\ndeadline for gRPC is infinite (no deadline) and HTTP requests is 5 seconds.",
"description":"Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `Binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\",\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam).",
"description":"Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.",
"type":"array",
"items":{
"$ref":"Binding"
}
},
"iamOwned":{
"type":"boolean"
},
"etag":{
"description":"`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.",
"description":"Api is a light-weight descriptor for an API Interface.\n\nInterfaces are also described as \"protocol buffer services\" in some contexts,\nsuch as by the \"service\" keyword in a .proto file, but they are different\nfrom API Services, which represent a concrete implementation of an interface\nas opposed to simply a description of methods and bindings. They are also\nsometimes simply referred to as \"APIs\" in other contexts, such as the name of\nthis message itself. See https://cloud.google.com/apis/design/glossary for\ndetailed terminology.",
"description":"Source context for the protocol buffer service represented by this\nmessage."
},
"version":{
"description":"A version string for this interface. If specified, must have the form\n`major-version.minor-version`, as in `1.10`. If the minor version is\nomitted, it defaults to zero. If the entire version field is empty, the\nmajor version is derived from the package name, as outlined below. If the\nfield is not empty, the version in the package name will be verified to be\nconsistent with what is provided here.\n\nThe versioning schema uses [semantic\nversioning](http://semver.org) where the major version number\nindicates a breaking change and the minor version an additive,\nnon-breaking change. Both version numbers are signals to users\nwhat to expect from different versions, and should be carefully\nchosen based on the product plan.\n\nThe major version is also reflected in the package name of the\ninterface, which must end in `v\u003cmajor-version\u003e`, as in\n`google.feature.v1`. For major versions 0 and 1, the suffix can\nbe omitted. Zero major versions must only be used for\nexperimental, non-GA interfaces.\n",
"description":"Bind API methods to metrics. Binding a method to a metric causes that\nmetric's configured quota behaviors to apply to the method call.",
"description":"Metrics to update when the selected methods are called, and the associated\ncost applied to each metric.\n\nThe key of the map is the metric name, and the values are the amount\nincreased for the metric against which the quota limits are defined.\nThe value must not be negative.",
"description":"`Authentication` defines the authentication configuration for an API.\n\nExample for an API targeted for external use:\n\n name: calendar.googleapis.com\n authentication:\n providers:\n - id: google_calendar_auth\n jwks_uri: https://www.googleapis.com/oauth2/v1/certs\n issuer: https://securetoken.google.com\n rules:\n - selector: \"*\"\n requirements:\n provider_id: google_calendar_auth",
"description":"A list of authentication rules that apply to individual API methods.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order.",
"description":"If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"description":"The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`."
"description":"The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
"description":"Properties of the object. Contains field @type with type URL.",
"type":"any"
},
"description":"Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"description":"The name of the page. It will be used as an identity of the page to\ngenerate URI of the page, text of the link to this page in navigation,\netc. The full page name (start from the root page name to this page\nconcatenated with `.`) can be used as reference to the page in your\ndocumentation. For example:\n\u003cpre\u003e\u003ccode\u003epages:\n- name: Tutorial\n content: (== include tutorial.md ==)\n subpages:\n - name: Java\n content: (== include tutorial_java.md ==)\n\u003c/code\u003e\u003c/pre\u003e\nYou can reference `Java` page using Markdown reference link syntax:\n`Java`.",
"description":"The Markdown content of the page. You can use \u003ccode\u003e(== include {path} ==)\u003c/code\u003e\nto include content from a Markdown file.",
"description":"The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed. The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n it may embed the `Status` in the normal response to indicate the partial\n errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n `Status` message should be used directly inside batch response, one for\n each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n results in its response, the status of those operations should be\n represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n be used directly after any stripping needed for security/privacy reasons.",
"description":"The status code, which should be an enum value of google.rpc.Code.",
"format":"int32",
"type":"integer"
},
"message":{
"description":"A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"description":"Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` or `joe@example.com`.\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: A Google Apps domain name that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"description":"The condition that is associated with this binding.\nNOTE: an unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently.\nThis field is GOOGLE_INTERNAL."
"description":"Configuration for an anthentication provider, including support for\n[JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).",
"description":"The list of JWT\n[audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).\nthat are allowed to access. A JWT containing any of these audiences will\nbe accepted. When this setting is absent, only JWTs with audience\n\"https://Service_name/API_name\"\nwill be accepted. For example, if no audiences are in the setting,\nLibraryService API will only accept JWTs with the following audience\n\"https://library-example.googleapis.com/google.example.library.v1.LibraryService\".\n\nExample:\n\n audiences: bookstore_android.apps.googleusercontent.com,\n bookstore_web.apps.googleusercontent.com",
"type":"string"
},
"id":{
"description":"The unique identifier of the auth provider. It will be referred to by\n`AuthRequirement.provider_id`.\n\nExample: \"bookstore_auth\".",
"description":"Identifies the principal that issued the JWT. See\nhttps://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1\nUsually a URL or an email address.\n\nExample: https://securetoken.google.com\nExample: 1234567-compute@developer.gserviceaccount.com"
"description":"Redirect URL if JWT token is required but no present or is expired.\nImplement authorizationUrl of securityDefinitions in OpenAPI spec.",
"description":"URL of the provider's public key set to validate signature of the JWT. See\n[OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).\nOptional if the key set document:\n - can be retrieved from\n [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html\n of the issuer.\n - can be inferred from the email domain of the issuer (e.g. a Google service account).\n\nExample: https://www.googleapis.com/oauth2/v1/certs",
"description":"A list of all enum types included in this API service. Enums\nreferenced directly or indirectly by the `apis` are automatically\nincluded. Enums which are not referenced but shall be included\nshould be listed here by name. Example:\n\n enums:\n - name: google.someapi.v1.SomeEnum",
"description":"A unique ID for a specific instance of this message, typically assigned\nby the client for tracking purpose. If empty, the server may choose to\ngenerate one instead.",
"description":"Configuration for the service control plane."
},
"configVersion":{
"description":"The semantic version of the service configuration. The config version\naffects the interpretation of the service configuration. For example,\ncertain features are enabled by default for certain config versions.\nThe latest config version is `3`.",
"description":"A list of all proto message types included in this API service.\nIt serves similar purpose as [google.api.Service.types], except that\nthese types are not needed by user-defined APIs. Therefore, they will not\nshow up in the generated discovery doc. This field should only be used\nto define system APIs in ESF.",
"type":"array",
"items":{
"$ref":"Type"
}
},
"visibility":{
"$ref":"Visibility",
"description":"API visibility configuration."
},
"quota":{
"$ref":"Quota",
"description":"Quota configuration."
},
"name":{
"description":"The DNS address at which this service is available,\ne.g. `calendar.googleapis.com`.",
"description":"Configuration for network endpoints. If this is empty, then an endpoint\nwith the same name as the service is automatically generated to service all\ndefined APIs.",
"description":"A list of API interfaces exported by this service. Only the `name` field\nof the google.protobuf.Api needs to be provided by the configuration\nauthor, as the remaining fields will be derived from the IDL during the\nnormalization process. It is an error to specify an API interface here\nwhich cannot be resolved against the associated IDL files.",
"description":"A list of all proto message types included in this API service.\nTypes referenced directly or indirectly by the `apis` are\nautomatically included. Messages which are not referenced but\nshall be included, such as types used by the `google.protobuf.Any` type,\nshould be listed here by name. Example:\n\n types:\n - name: google.protobuf.Int32",
"type":"array",
"items":{
"$ref":"Type"
}
},
"sourceInfo":{
"$ref":"SourceInfo",
"description":"Output only. The source information for this configuration if available."
"description":"`Service` is the root object of Google service configuration schema. It\ndescribes basic information about a service, such as the name and the\ntitle, and delegates other aspects to sub-sections. Each sub-section is\neither a proto message or a repeated proto message that configures a\nspecific aspect, such as auth. See each proto message definition for details.\n\nExample:\n\n type: google.api.Service\n config_version: 3\n name: calendar.googleapis.com\n title: Google Calendar API\n apis:\n - name: google.calendar.v3.Calendar\n authentication:\n providers:\n - id: google_calendar_auth\n jwks_uri: https://www.googleapis.com/oauth2/v1/certs\n issuer: https://securetoken.google.com\n rules:\n - selector: \"*\"\n requirements:\n provider_id: google_calendar_auth",
"description":"Define parameters. Multiple names may be defined for a parameter.\nFor a given method call, only one of them should be used. If multiple\nnames are used the behavior is implementation-dependent.\nIf none of the specified names are present the behavior is\nparameter-dependent.",
"description":"Selects the methods to which this rule applies. Use '*' to indicate all\nmethods in all APIs.\n\nRefer to selector for syntax details.",
"description":"A comma-separated list of visibility labels that apply to the `selector`.\nAny of the listed labels can be used to grant the visibility.\n\nIf a rule has multiple labels, removing one of the labels but not all of\nthem can break clients.\n\nExample:\n\n visibility:\n rules:\n - selector: google.calendar.Calendar.EnhancedSearch\n restriction: GOOGLE_INTERNAL, TRUSTED_TESTER\n\nRemoving GOOGLE_INTERNAL from this restriction will break clients that\nrely on this method and only had access to it through GOOGLE_INTERNAL.",
"type":"string"
},
"selector":{
"description":"Selects methods, messages, fields, enums, etc. to which this rule applies.\n\nRefer to selector for syntax details.",
"type":"string"
}
},
"id":"VisibilityRule",
"description":"A visibility rule provides visibility configuration for an individual API\nelement."
},
"HttpRule":{
"properties":{
"body":{
"description":"The name of the request field whose value is mapped to the HTTP body, or\n`*` for mapping all fields not captured by the path pattern to the HTTP\nbody. NOTE: the referred field must not be a repeated field and must be\npresent at the top-level of request message type.",
"description":"Use this only for Scotty Requests. Do not use this for bytestream methods.\nFor media support, add instead [][google.bytestream.RestByteStream] as an\nAPI to your configuration."
"description":"Additional HTTP bindings for the selector. Nested bindings must\nnot contain an `additional_bindings` field themselves (that is,\nthe nesting may only be one level deep).",
"description":"The name of the response field whose value is mapped to the HTTP body of\nresponse. Other response fields are ignored. This field is optional. When\nnot set, the response message will be used as HTTP body of response.\nNOTE: the referred field must be not a repeated field and must be present\nat the top-level of response message type.",
"description":"Use this only for Scotty Requests. Do not use this for media support using\nBytestream, add instead\n[][google.bytestream.RestByteStream] as an API to your\nconfiguration for Bytestream methods."
"description":"The custom pattern is used for specifying an HTTP method that is not\nincluded in the `pattern` field, such as HEAD, or \"*\" to leave the\nHTTP method unspecified for this rule. The wild-card rule is useful\nfor services that provide content to Web (HTML) clients."
"description":"`HttpRule` defines the mapping of an RPC method to one or more HTTP\nREST API methods. The mapping specifies how different portions of the RPC\nrequest message are mapped to URL path, URL query parameters, and\nHTTP request body. The mapping is typically specified as an\n`google.api.http` annotation on the RPC method,\nsee \"google/api/annotations.proto\" for details.\n\nThe mapping consists of a field specifying the path template and\nmethod kind. The path template can refer to fields in the request\nmessage, as in the example below which describes a REST GET\noperation on a resource collection of messages:\n\n\n service Messaging {\n rpc GetMessage(GetMessageRequest) returns (Message) {\n option (google.api.http).get = \"/v1/messages/{message_id}/{sub.subfield}\";\n }\n }\n message GetMessageRequest {\n message SubMessage {\n string subfield = 1;\n }\n string message_id = 1; // mapped to the URL\n SubMessage sub = 2; // `sub.subfield` is url-mapped\n }\n message Message {\n string text = 1; // content of the resource\n }\n\nThe same http annotation can alternatively be expressed inside the\n`GRPC API Configuration` YAML file.\n\n http:\n rules:\n - selector: \u003cproto_package_name\u003e.Messaging.GetMessage\n get: /v1/messages/{message_id}/{sub.subfield}\n\nThis definition enables an automatic, bidrectional mapping of HTTP\nJSON to RPC. Example:\n\nHTTP | RPC\n-----|-----\n`GET /v1/messages/123456/foo` | `GetMessage(message_id: \"123456\" sub: SubMessage(subfield: \"foo\"))`\n\nIn general, not only fields but also field paths can be referenced\nfrom a path pattern. Fields mapped to the path pattern cannot be\nrepeated and must have a primitive (non-message) type.\n\nAny fields in the request message which are not bound by the path\npattern automatically become (optional) HTTP query\nparameters. Assume the following definition of the request message:\n\n\n service Messaging {\n rpc GetMessage(GetMessageRequest) returns (Message) {\n option (google.api.http).get = \"/v1/messages/{message_id}\";\n }\n }\n message GetMessageRequest {\n message SubMessage {\n string subfield = 1;\n }\n string message_id = 1; // mapped to the URL\n int64 revision = 2; // becomes a parameter\n SubMessage sub = 3; // `sub.subfield` becomes a parameter\n }\n\n\nThis enables a HTTP JSON to RPC mapping as below:\n\nHTTP | RPC\n-----|-----\n`GET /v1/messages/123456?revision=2&sub.subfield=foo` | `GetMessage(message_id: \"123456\" revision: 2 sub: SubMessage(subfield: \"foo\"))`\n\nNote that fields which are mapped to HTTP parameters must have a\nprimitive type or a repeated primitive type. Message types are not\nallowed. In the case of a repeated type, the parameter can be\nrepeated in the URL, as in `...?param=A¶m=B`.\n\nFor HTTP method kinds which allow a request body, the `body` field\nspecifies the mapping. Consider a REST update method on the\nmessage resource collection:\n\n\n service Messaging {\n rpc UpdateMessage(UpdateMessageRequest) returns (Message) {\n option (google.api.http) = {\n put: \"/v1/messages/{message_id}\"\n body: \"message\"\n };\n }\n }\n message UpdateMessageRequest {\n string message_id = 1; // mapped to the URL\n Message message = 2; // mapped to the body\n }\n\n\nThe following HTTP JSON to RPC mapping is enabled, where the\nrepresentation of the JSON in the request body is determined by\nprotos JSON encoding:\n\nHTTP | RPC\n-----|-----\n`PUT /v1/messages/123456 { \"text\": \"Hi!\" }` | `UpdateMessage(message_id: \"123456\" message { text: \"Hi!\"})`\n\nThespecialname`*`canbeusedinthebodymappingtodefinethat\neveryfieldnotboundbythepathtemplateshouldbemappedtothe\nrequestbody.Thisenablesthefollowingalternativedefinitionof\ntheupdatemethod:\n\nserviceMessaging{\nrpcUpdateMessage(Message)returns(Message){\nop
"description":"`Visibility` defines restrictions for the visibility of service\nelements. Restrictions are specified using visibility labels\n(e.g., TRUSTED_TESTER) that are elsewhere linked to users and projects.\n\nUsers and projects can have access to more than one visibility label. The\neffective visibility for multiple labels is the union of each label's\nelements, plus any unrestricted elements.\n\nIf an element and its parents have no restrictions, visibility is\nunconditionally granted.\n\nExample:\n\n visibility:\n rules:\n - selector: google.calendar.Calendar.EnhancedSearch\n restriction: TRUSTED_TESTER\n - selector: google.calendar.Calendar.Delegate\n restriction: GOOGLE_INTERNAL\n\nHere, all methods are publicly visible except for the restricted methods\nEnhancedSearch and Delegate.",
"type":"object",
"properties":{
"rules":{
"description":"A list of visibility rules that apply to individual API elements.\n\n**NOTE:** All service configuration rules follow \"last one wins\" order.",
"type":"array",
"items":{
"$ref":"VisibilityRule"
}
}
},
"id":"Visibility"
},
"ConfigChange":{
"description":"Output generated from semantically comparing two versions of a service\nconfiguration.\n\nIncludes detailed information about a field that have changed with\napplicable advice about potential consequences for the change, such as\nbackwards-incompatibility.",
"type":"object",
"properties":{
"newValue":{
"description":"Value of the changed object in the new Service configuration,\nin JSON format. This field will not be populated if ChangeType == REMOVED.",
"description":"Object hierarchy path to the change, with levels separated by a '.'\ncharacter. For repeated fields, an applicable unique identifier field is\nused for the index (usually selector, name, or id). For maps, the term\n'key' is used. If the field has no unique identifier, the numeric index\nis used.\nExamples:\n- visibility.rules[selector==\"google.LibraryService.CreateBook\"].restriction\n- quota.metric_rules[selector==\"google\"].metric_costs[key==\"reads\"].value\n- logging.producer_destinations[0]",
"type":"string"
},
"oldValue":{
"description":"Value of the changed object in the old Service configuration,\nin JSON format. This field will not be populated if ChangeType == ADDED.",
"type":"string"
},
"advices":{
"description":"Collection of advice provided for this change, useful for determining the\npossible impact of this change.",
"description":"Define system parameters.\n\nThe parameters defined here will override the default parameters\nimplemented by the system. If this field is missing from the service\nconfig, default system parameters will be used. Default system parameters\nand names is implementation-dependent.\n\nExample: define api key for all methods\n\n system_parameters\n rules:\n - selector: \"*\"\n parameters:\n - name: api_key\n url_query_parameter: api_key\n\n\nExample: define 2 api key names for a specific method.\n\n system_parameters\n rules:\n - selector: \"/ListShelves\"\n parameters:\n - name: api_key\n http_header: Api-Key1\n - name: api_key\n http_header: Api-Key2\n\n**NOTE:** All service configuration rules follow \"last one wins\" order.",
"type":"array",
"items":{
"$ref":"SystemParameterRule"
}
}
},
"id":"SystemParameters",
"description":"### System parameter configuration\n\nA system parameter is a special kind of parameter defined by the API\nsystem, not by an individual API. It is typically mapped to an HTTP header\nand/or a URL query parameter. This configuration specifies which methods\nchange the names of the system parameters."
"description":"A rollout resource that defines how service configuration versions are pushed\nto control plane systems. Typically, you create a new version of the\nservice config, and then create a Rollout to push the service config.",
"type":"object",
"properties":{
"createTime":{
"description":"Creation time of the rollout. Readonly.",
"description":"The status of this rollout. Readonly. In case of a failed rollout,\nthe system will automatically rollback to the current Rollout\nversion. Readonly."
"description":"Optional unique identifier of this Rollout. Only lower case letters, digits\n and '-' are allowed.\n\nIf not specified by client, the server will generate one. The generated id\nwill have the form of \u003cdate\u003e\u003crevision number\u003e, where \"date\" is the create\ndate in ISO 8601 format. \"revision number\" is a monotonically increasing\npositive number that is reset every day for each service.\nAn example of the generated rollout_id is '2016-02-16r1'",
"description":"Quota configuration helps to achieve fairness and budgeting in service\nusage.\n\nThe quota configuration works this way:\n- The service configuration defines a set of metrics.\n- For API calls, the quota.metric_rules maps methods to metrics with\n corresponding costs.\n- The quota.limits defines limits on the metrics, which will be used for\n quota checks at runtime.\n\nAn example quota configuration in yaml format:\n\n quota:\n\n - name: apiWriteQpsPerProject\n metric: library.googleapis.com/write_calls\n unit: \"1/min/{project}\" # rate limit for consumer projects\n values:\n STANDARD: 10000\n\n\n # The metric rules bind all methods to the read_calls metric,\n # except for the UpdateBook and DeleteBook methods. These two methods\n # are mapped to the write_calls metric, with the UpdateBook method\n # consuming at twice rate as the DeleteBook method.\n metric_rules:\n - selector: \"*\"\n metric_costs:\n library.googleapis.com/read_calls: 1\n - selector: google.example.library.v1.LibraryService.UpdateBook\n metric_costs:\n library.googleapis.com/write_calls: 2\n - selector: google.example.library.v1.LibraryService.DeleteBook\n metric_costs:\n library.googleapis.com/write_calls: 1\n\n Corresponding Metric definition:\n\n metrics:\n - name: library.googleapis.com/read_calls\n display_name: Read requests\n metric_kind: DELTA\n value_type: INT64\n\n - name: library.googleapis.com/write_calls\n display_name: Write requests\n metric_kind: DELTA\n value_type: INT64",
"description":"Request message for GenerateConfigReport method.",
"type":"object",
"properties":{
"oldConfig":{
"additionalProperties":{
"description":"Properties of the object. Contains field @type with type URL.",
"type":"any"
},
"description":"Service configuration against which the comparison will be done.\nFor this version of API, the supported types are\ngoogle.api.servicemanagement.v1.ConfigRef,\ngoogle.api.servicemanagement.v1.ConfigSource,\nand google.api.Service",
"type":"object"
},
"newConfig":{
"type":"object",
"additionalProperties":{
"description":"Properties of the object. Contains field @type with type URL.",
"description":"Service configuration for which we want to generate the report.\nFor this version of API, the supported types are\ngoogle.api.servicemanagement.v1.ConfigRef,\ngoogle.api.servicemanagement.v1.ConfigSource,\nand google.api.Service"
"description":"OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description":"REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
"description":"Configuration of a specific logging destination (the producer project\nor the consumer project).",
"type":"object",
"properties":{
"logs":{
"description":"Names of the logs to be sent to this destination. Each name must\nbe defined in the Service.logs section. If the log name is\nnot a domain scoped name, it will be automatically prefixed with\nthe service name followed by \"/\".",
"description":"The option's name. For protobuf built-in options (options defined in\ndescriptor.proto), this is the short name. For example, `\"map_entry\"`.\nFor custom options, it should be the fully-qualified name. For example,\n`\"google.api.http\"`.",
"description":"The option's value packed in an Any message. If the value is a primitive,\nthe corresponding wrapper type defined in google/protobuf/wrappers.proto\nshould be used. If the value is an enum, it should be stored as an int32\nvalue using the google.protobuf.Int32Value type.",
"description":"Logging configuration of the service.\n\nThe following example shows how to configure logs to be sent to the\nproducer and consumer projects. In the example, the `activity_history`\nlog is sent to both the producer and consumer projects, whereas the\n`purchase_history` log is only sent to the producer project.\n\n monitored_resources:\n - type: library.googleapis.com/branch\n labels:\n - key: /city\n description: The city where the library branch is located in.\n - key: /name\n description: The name of the branch.\n logs:\n - name: activity_history\n labels:\n - key: /customer_id\n - name: purchase_history\n logging:\n producer_destinations:\n - monitored_resource: library.googleapis.com/branch\n logs:\n - activity_history\n - purchase_history\n consumer_destinations:\n - monitored_resource: library.googleapis.com/branch\n logs:\n - activity_history",
"description":"Logging configurations for sending logs to the consumer project.\nThere can be multiple consumer destinations, each one must have a\ndifferent monitored resource type. A log can be used in at most\none consumer destination.",
"description":"Logging configurations for sending logs to the producer project.\nThere can be multiple producer destinations, each one must have a\ndifferent monitored resource type. A log can be used in at most\none producer destination."
"description":"`QuotaLimit` defines a specific limit that applies over a specified duration\nfor a limit type. There can be at most one limit for a duration and limit\ntype combination defined within a `QuotaGroup`.",
"description":"Maximum number of tokens that can be consumed during the specified\nduration. Client application developers can override the default limit up\nto this maximum. If specified, this value cannot be set to a value less\nthan the default limit. If not specified, it is set to the default limit.\n\nTo allow clients to apply overrides with no upper bound, set this to -1,\nindicating unlimited maximum quota.\n\nUsed by group-based quotas only.",
"description":"Name of the quota limit.\n\nThe name must be provided, and it must be unique within the service. The\nname can only include alphanumeric characters as well as '-'.\n\nThe maximum length of the limit name is 64 characters.",
"description":"Free tier value displayed in the Developers Console for this limit.\nThe free tier is the number of tokens that will be subtracted from the\nbilled amount when billing is enabled.\nThis field can only be set on a limit with duration \"1d\", in a billable\ngroup; it is invalid on any other limit. If this field is not set, it\ndefaults to 0, indicating that there is no free tier for this service.\n\nUsed by group-based quotas only.",
"description":"Duration of this limit in textual notation. Example: \"100s\", \"24h\", \"1d\".\nFor duration longer than a day, only multiple of days is supported. We\nsupport only \"100s\" and \"1d\" for now. Additional support will be added in\nthe future. \"0\" indicates indefinite duration.\n\nUsed by group-based quotas only.",
"description":"Default number of tokens that can be consumed during the specified\nduration. This is the number of tokens assigned when a client\napplication developer activates the service for his/her project.\n\nSpecifying a value of 0 will block all requests. This can be used if you\nare provisioning quota to selected consumers and blocking others.\nSimilarly, a value of -1 will indicate an unlimited quota. No other\nnegative values are allowed.\n\nUsed by group-based quotas only.",
"description":"User-visible display name for this limit.\nOptional. If not set, the UI will provide a default display name based on\nthe quota configuration. This field can be used to override the default\ndisplay name generated from the configuration.",
"description":"The name of the metric this quota limit applies to. The quota limits with\nthe same metric will be checked together during runtime. The metric must be\ndefined within the service config.",
"description":"Optional. User-visible, extended description for this quota limit.\nShould be used only when more context is needed to understand this limit\nthan provided by the limit's display name (see: `display_name`).",
"description":"Tiered limit values. You must specify this as a key:value pair, with an\ninteger value that is the maximum number of requests allowed for the\nspecified unit. Currently only STANDARD is supported."
"description":"Specify the unit of the quota limit. It uses the same syntax as\nMetric.unit. The supported unit kinds are determined by the quota\nbackend system.\n\nHere are some examples:\n* \"1/min/{project}\" for quota per minute per project.\n\nNote: the order of unit components is insignificant.\nThe \"1\" at the beginning is required to follow the metric unit syntax."
"description":"Declares an API Interface to be included in this interface. The including\ninterface must redeclare all the methods from the included interface, but\ndocumentation and options are inherited as follows:\n\n- If after comment and whitespace stripping, the documentation\n string of the redeclared method is empty, it will be inherited\n from the original method.\n\n- Each annotation belonging to the service config (http,\n visibility) which is not set in the redeclared method will be\n inherited.\n\n- If an http annotation is inherited, the path pattern will be\n modified as follows. Any version prefix will be replaced by the\n version of the including interface plus the root path if\n specified.\n\nExample of a simple mixin:\n\n package google.acl.v1;\n service AccessControl {\n // Get the underlying ACL object.\n rpc GetAcl(GetAclRequest) returns (Acl) {\n option (google.api.http).get = \"/v1/{resource=**}:getAcl\";\n }\n }\n\n package google.storage.v2;\n service Storage {\n // rpc GetAcl(GetAclRequest) returns (Acl);\n\n // Get a data record.\n rpc GetData(GetDataRequest) returns (Data) {\n option (google.api.http).get = \"/v2/{resource=**}\";\n }\n }\n\nExample of a mixin configuration:\n\n apis:\n - name: google.storage.v2.Storage\n mixins:\n - name: google.acl.v1.AccessControl\n\nThe mixin construct implies that all methods in `AccessControl` are\nalso declared with same name and request/response types in\n`Storage`. A documentation generator or annotation processor will\nsee the effective `Storage.GetAcl` method after inherting\ndocumentation and annotations as follows:\n\n service Storage {\n // Get the underlying ACL object.\n rpc GetAcl(GetAclRequest) returns (Acl) {\n option (google.api.http).get = \"/v2/{resource=**}:getAcl\";\n }\n ...\n }\n\nNote how the version in the path pattern changed from `v1` to `v2`.\n\nIf the `root` field in the mixin is specified, it should be a\nrelative path under which inherited HTTP paths are placed. Example:\n\n apis:\n - name: google.storage.v2.Storage\n mixins:\n - name: google.acl.v1.AccessControl\n root: acls\n\nThis implies the following inherited HTTP annotation:\n\n service Storage {\n // Get the underlying ACL object.\n rpc GetAcl(GetAclRequest) returns (Acl) {\n option (google.api.http).get = \"/v2/acls/{resource=**}:getAcl\";\n }\n ...\n }",