ja-JP
ja-JP

Operations

GetProject
rpc GetProject(GetProjectRequest) returns (Project)

GetProject

BatchGetProjects
rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

BatchGetProjects

ListProjects
rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

ListProjects

WatchProject
rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

WatchProject

WatchProjects
rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

WatchProjects

CreateProject
rpc CreateProject(CreateProjectRequest) returns (Project)

CreateProject

UpdateProject
rpc UpdateProject(UpdateProjectRequest) returns (Project)

UpdateProject

DeleteProject
rpc DeleteProject(DeleteProjectRequest) returns (Empty)

DeleteProject

Messages

GetProjectRequest

Request message for method [GetProject][ntt.audit.v1alpha.GetProject]

Fields
name
string

Reference of ntt.audit.v1alpha.Project

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetProjectsRequest

Request message for method [BatchGetProjects][ntt.audit.v1alpha.BatchGetProjects]

Fields
parent
string

Optional parent ntt.audit.v1alpha.Project

names
repeated string

Names of Projects

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetProjectsResponse

BatchGetProjectsResponse

Fields
projects
repeated Project

found Projects

missing
repeated string

list of not found Projects

ListProjectsRequest

Request message for method [ListProjects][ntt.audit.v1alpha.ListProjects]

Fields
page_size
int32

Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return. Typically, this is the value of [ListProjectsResponse.next_page_token][ntt.audit.v1alpha.ListProjectsResponse.next_page_token]

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either 'asc' or 'desc'. If direction is not provided, 'asc' is assumed. e.g. "state.nested_field asc, state.something.else desc, theme"

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

ListProjectsResponse

Request message for method [ListProjects][ntt.audit.v1alpha.ListProjects]

Fields
projects
repeated Project

The list of Projects

prev_page_token
string

A token to retrieve previous page of results. Pass this value in the [ListProjectsRequest.page_token][ntt.audit.v1alpha.ListProjectsRequest.page_token]

next_page_token
string

A token to retrieve next page of results. Pass this value in the [ListProjectsRequest.page_token][ntt.audit.v1alpha.ListProjectsRequest.page_token]

WatchProjectRequest

Request message for method [WatchProject][ntt.audit.v1alpha.WatchProject]

Fields
name
string

Reference to ntt.audit.v1alpha.Project

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse

WatchProjectResponse

Fields
change
ProjectChange
WatchProjectsRequest

Request message for method [WatchProjects][ntt.audit.v1alpha.WatchProjects]

Fields
page_size
int32

Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return.

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don't affect any of masked fields won't be sent back.

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don't affect any of masked fields won't be sent back.

WatchProjectsResponse

WatchProjectsResponse

Fields
project_changes
repeated ProjectChange

Changes of Projects

page_token_change
WatchProjectsResponse.PageTokenChange

When present, PageTokens used for page navigation should be updated.

WatchProjectsResponse.PageTokenChange
Fields
prev_page_token
string

New token to retrieve previous page of results.

next_page_token
string

New token to retrieve next page of results.

CreateProjectRequest

Request message for method [CreateProject][ntt.audit.v1alpha.CreateProject]

Fields
project
Project

Project resource body

UpdateProjectRequest

Request message for method [UpdateProject][ntt.audit.v1alpha.UpdateProject]

Fields
project
Project

Project resource body

update_mask
.google.protobuf.FieldMask

FieldMask applied to request - change will be applied only for fields in the mask

DeleteProjectRequest

Request message for method [DeleteProject][ntt.audit.v1alpha.DeleteProject]

Fields
name
string

Reference of ntt.audit.v1alpha.Project

Organization

Organization Resource

Fields
name
string

Name of Organization

Operations

GetOrganization
rpc GetOrganization(GetOrganizationRequest) returns (Organization)

GetOrganization

BatchGetOrganizations
rpc BatchGetOrganizations(BatchGetOrganizationsRequest) returns (BatchGetOrganizationsResponse)

BatchGetOrganizations

ListOrganizations
rpc ListOrganizations(ListOrganizationsRequest) returns (ListOrganizationsResponse)

ListOrganizations

WatchOrganization
rpc WatchOrganization(WatchOrganizationRequest) returns (WatchOrganizationResponse)

WatchOrganization

WatchOrganizations
rpc WatchOrganizations(WatchOrganizationsRequest) returns (WatchOrganizationsResponse)

WatchOrganizations

CreateOrganization
rpc CreateOrganization(CreateOrganizationRequest) returns (Organization)

CreateOrganization

UpdateOrganization
rpc UpdateOrganization(UpdateOrganizationRequest) returns (Organization)

UpdateOrganization

DeleteOrganization
rpc DeleteOrganization(DeleteOrganizationRequest) returns (Empty)

DeleteOrganization

Messages

GetOrganizationRequest

Request message for method [GetOrganization][ntt.audit.v1alpha.GetOrganization]

Fields
name
string

Reference of ntt.audit.v1alpha.Organization

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetOrganizationsRequest

Request message for method [BatchGetOrganizations][ntt.audit.v1alpha.BatchGetOrganizations]

Fields
parent
string

Optional parent ntt.audit.v1alpha.Organization

names
repeated string

Names of Organizations

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetOrganizationsResponse

BatchGetOrganizationsResponse

Fields
organizations
repeated Organization

found Organizations

missing
repeated string

list of not found Organizations

ListOrganizationsRequest

Request message for method [ListOrganizations][ntt.audit.v1alpha.ListOrganizations]

Fields
page_size
int32

Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return. Typically, this is the value of [ListOrganizationsResponse.next_page_token][ntt.audit.v1alpha.ListOrganizationsResponse.next_page_token]

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either 'asc' or 'desc'. If direction is not provided, 'asc' is assumed. e.g. "state.nested_field asc, state.something.else desc, theme"

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

ListOrganizationsResponse

Request message for method [ListOrganizations][ntt.audit.v1alpha.ListOrganizations]

Fields
organizations
repeated Organization

The list of Organizations

prev_page_token
string

A token to retrieve previous page of results. Pass this value in the [ListOrganizationsRequest.page_token][ntt.audit.v1alpha.ListOrganizationsRequest.page_token]

next_page_token
string

A token to retrieve next page of results. Pass this value in the [ListOrganizationsRequest.page_token][ntt.audit.v1alpha.ListOrganizationsRequest.page_token]

WatchOrganizationRequest

Request message for method [WatchOrganization][ntt.audit.v1alpha.WatchOrganization]

Fields
name
string

Reference to ntt.audit.v1alpha.Organization

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOrganizationResponse

WatchOrganizationResponse

Fields
change
OrganizationChange
WatchOrganizationsRequest

Request message for method [WatchOrganizations][ntt.audit.v1alpha.WatchOrganizations]

Fields
page_size
int32

Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return.

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Organization that don't affect any of masked fields won't be sent back.

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Organization that don't affect any of masked fields won't be sent back.

WatchOrganizationsResponse

WatchOrganizationsResponse

Fields
organization_changes
repeated OrganizationChange

Changes of Organizations

page_token_change
WatchOrganizationsResponse.PageTokenChange

When present, PageTokens used for page navigation should be updated.

WatchOrganizationsResponse.PageTokenChange
Fields
prev_page_token
string

New token to retrieve previous page of results.

next_page_token
string

New token to retrieve next page of results.

CreateOrganizationRequest

Request message for method [CreateOrganization][ntt.audit.v1alpha.CreateOrganization]

Fields
organization
Organization

Organization resource body

UpdateOrganizationRequest

Request message for method [UpdateOrganization][ntt.audit.v1alpha.UpdateOrganization]

Fields
organization
Organization

Organization resource body

update_mask
.google.protobuf.FieldMask

FieldMask applied to request - change will be applied only for fields in the mask

DeleteOrganizationRequest

Request message for method [DeleteOrganization][ntt.audit.v1alpha.DeleteOrganization]

Fields
name
string

Reference of ntt.audit.v1alpha.Organization

AuditedResourceDescriptor

AuditedResourceDescriptor Resource

Fields
name
string

Name of AuditedResourceDescriptor - must combine service and type fields with '/' as separator, for example: "IAM/RoleBinding".

display_name
string

Optional. A concise name for the audited object type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.

description
string

Optional. A detailed description of the audited object type that might be used in documentation.

labels
repeated LabelDescriptor

Required. A set of labels used to describe instances of this audited resource type. For example, for "RoleBinding" we can define name+member. This can allow us to make query like "who allowed user X to do those things?"

promoted_label_key_sets
repeated LabelKeySet

Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.

Operations

GetAuditedResourceDescriptor
rpc GetAuditedResourceDescriptor(GetAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

GetAuditedResourceDescriptor

BatchGetAuditedResourceDescriptors
rpc BatchGetAuditedResourceDescriptors(BatchGetAuditedResourceDescriptorsRequest) returns (BatchGetAuditedResourceDescriptorsResponse)

BatchGetAuditedResourceDescriptors

ListAuditedResourceDescriptors
rpc ListAuditedResourceDescriptors(ListAuditedResourceDescriptorsRequest) returns (ListAuditedResourceDescriptorsResponse)

ListAuditedResourceDescriptors

WatchAuditedResourceDescriptor
rpc WatchAuditedResourceDescriptor(WatchAuditedResourceDescriptorRequest) returns (WatchAuditedResourceDescriptorResponse)

WatchAuditedResourceDescriptor

WatchAuditedResourceDescriptors
rpc WatchAuditedResourceDescriptors(WatchAuditedResourceDescriptorsRequest) returns (WatchAuditedResourceDescriptorsResponse)

WatchAuditedResourceDescriptors

CreateAuditedResourceDescriptor
rpc CreateAuditedResourceDescriptor(CreateAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

CreateAuditedResourceDescriptor

UpdateAuditedResourceDescriptor
rpc UpdateAuditedResourceDescriptor(UpdateAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

UpdateAuditedResourceDescriptor

Messages

GetAuditedResourceDescriptorRequest

Request message for method [GetAuditedResourceDescriptor][ntt.audit.v1alpha.GetAuditedResourceDescriptor]

Fields
name
string

Reference of ntt.audit.v1alpha.AuditedResourceDescriptor

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetAuditedResourceDescriptorsRequest

Request message for method [BatchGetAuditedResourceDescriptors][ntt.audit.v1alpha.BatchGetAuditedResourceDescriptors]

Fields
parent
string

Optional parent ntt.audit.v1alpha.AuditedResourceDescriptor

names
repeated string

Names of AuditedResourceDescriptors

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetAuditedResourceDescriptorsResponse

BatchGetAuditedResourceDescriptorsResponse

Fields
audited_resource_descriptors
repeated AuditedResourceDescriptor

found AuditedResourceDescriptors

missing
repeated string

list of not found AuditedResourceDescriptors

ListAuditedResourceDescriptorsRequest

Request message for method [ListAuditedResourceDescriptors][ntt.audit.v1alpha.ListAuditedResourceDescriptors]

Fields
page_size
int32

Requested page size. Server may return fewer AuditedResourceDescriptors than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return. Typically, this is the value of [ListAuditedResourceDescriptorsResponse.next_page_token][ntt.audit.v1alpha.ListAuditedResourceDescriptorsResponse.next_page_token]

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either 'asc' or 'desc'. If direction is not provided, 'asc' is assumed. e.g. "state.nested_field asc, state.something.else desc, theme"

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

ListAuditedResourceDescriptorsResponse

Request message for method [ListAuditedResourceDescriptors][ntt.audit.v1alpha.ListAuditedResourceDescriptors]

Fields
audited_resource_descriptors
repeated AuditedResourceDescriptor

The list of AuditedResourceDescriptors

prev_page_token
string

A token to retrieve previous page of results. Pass this value in the [ListAuditedResourceDescriptorsRequest.page_token][ntt.audit.v1alpha.ListAuditedResourceDescriptorsRequest.page_token]

next_page_token
string

A token to retrieve next page of results. Pass this value in the [ListAuditedResourceDescriptorsRequest.page_token][ntt.audit.v1alpha.ListAuditedResourceDescriptorsRequest.page_token]

WatchAuditedResourceDescriptorRequest

Request message for method [WatchAuditedResourceDescriptor][ntt.audit.v1alpha.WatchAuditedResourceDescriptor]

Fields
name
string

Reference to ntt.audit.v1alpha.AuditedResourceDescriptor

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAuditedResourceDescriptorResponse

WatchAuditedResourceDescriptorResponse

Fields
change
AuditedResourceDescriptorChange
WatchAuditedResourceDescriptorsRequest

Request message for method [WatchAuditedResourceDescriptors][ntt.audit.v1alpha.WatchAuditedResourceDescriptors]

Fields
page_size
int32

Requested page size. Server may return fewer AuditedResourceDescriptors than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return.

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AuditedResourceDescriptor that don't affect any of masked fields won't be sent back.

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AuditedResourceDescriptor that don't affect any of masked fields won't be sent back.

WatchAuditedResourceDescriptorsResponse

WatchAuditedResourceDescriptorsResponse

Fields
audited_resource_descriptor_changes
repeated AuditedResourceDescriptorChange

Changes of AuditedResourceDescriptors

page_token_change
WatchAuditedResourceDescriptorsResponse.PageTokenChange

When present, PageTokens used for page navigation should be updated.

WatchAuditedResourceDescriptorsResponse.PageTokenChange
Fields
prev_page_token
string

New token to retrieve previous page of results.

next_page_token
string

New token to retrieve next page of results.

CreateAuditedResourceDescriptorRequest

Request message for method [CreateAuditedResourceDescriptor][ntt.audit.v1alpha.CreateAuditedResourceDescriptor]

Fields
audited_resource_descriptor
AuditedResourceDescriptor

AuditedResourceDescriptor resource body

UpdateAuditedResourceDescriptorRequest

Request message for method [UpdateAuditedResourceDescriptor][ntt.audit.v1alpha.UpdateAuditedResourceDescriptor]

Fields
audited_resource_descriptor
AuditedResourceDescriptor

AuditedResourceDescriptor resource body

update_mask
.google.protobuf.FieldMask

FieldMask applied to request - change will be applied only for fields in the mask

MethodDescriptor

MethodDescriptor Resource - describes

Fields
name
string

Name of MethodDescriptor - must combine service and method type values with '/' as separator, for example: "IAM/UpdateRoleBinding".

display_name
string

Optional. A concise name for the audited object type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.

description
string

Optional. A detailed description of the audited method type that might be used in documentation.

labels
repeated LabelDescriptor

A set of labels used to describe instances of this audited method type. For example, for "UpdateRoleBinding" we can define member label. This can allow us to make query like "who tried to give user X permissions to those things?"

promoted_label_key_sets
repeated LabelKeySet

Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.

Operations

GetMethodDescriptor
rpc GetMethodDescriptor(GetMethodDescriptorRequest) returns (MethodDescriptor)

GetMethodDescriptor

BatchGetMethodDescriptors
rpc BatchGetMethodDescriptors(BatchGetMethodDescriptorsRequest) returns (BatchGetMethodDescriptorsResponse)

BatchGetMethodDescriptors

ListMethodDescriptors
rpc ListMethodDescriptors(ListMethodDescriptorsRequest) returns (ListMethodDescriptorsResponse)

ListMethodDescriptors

WatchMethodDescriptor
rpc WatchMethodDescriptor(WatchMethodDescriptorRequest) returns (WatchMethodDescriptorResponse)

WatchMethodDescriptor

WatchMethodDescriptors
rpc WatchMethodDescriptors(WatchMethodDescriptorsRequest) returns (WatchMethodDescriptorsResponse)

WatchMethodDescriptors

CreateMethodDescriptor
rpc CreateMethodDescriptor(CreateMethodDescriptorRequest) returns (MethodDescriptor)

CreateMethodDescriptor

UpdateMethodDescriptor
rpc UpdateMethodDescriptor(UpdateMethodDescriptorRequest) returns (MethodDescriptor)

UpdateMethodDescriptor

Messages

GetMethodDescriptorRequest

Request message for method [GetMethodDescriptor][ntt.audit.v1alpha.GetMethodDescriptor]

Fields
name
string

Reference of ntt.audit.v1alpha.MethodDescriptor

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetMethodDescriptorsRequest

Request message for method [BatchGetMethodDescriptors][ntt.audit.v1alpha.BatchGetMethodDescriptors]

Fields
parent
string

Optional parent ntt.audit.v1alpha.MethodDescriptor

names
repeated string

Names of MethodDescriptors

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

BatchGetMethodDescriptorsResponse

BatchGetMethodDescriptorsResponse

Fields
method_descriptors
repeated MethodDescriptor

found MethodDescriptors

missing
repeated string

list of not found MethodDescriptors

ListMethodDescriptorsRequest

Request message for method [ListMethodDescriptors][ntt.audit.v1alpha.ListMethodDescriptors]

Fields
page_size
int32

Requested page size. Server may return fewer MethodDescriptors than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return. Typically, this is the value of [ListMethodDescriptorsResponse.next_page_token][ntt.audit.v1alpha.ListMethodDescriptorsResponse.next_page_token]

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either 'asc' or 'desc'. If direction is not provided, 'asc' is assumed. e.g. "state.nested_field asc, state.something.else desc, theme"

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

skip_cache
bool

If true, server will skip checking if query result is present in it's cache

ListMethodDescriptorsResponse

Request message for method [ListMethodDescriptors][ntt.audit.v1alpha.ListMethodDescriptors]

Fields
method_descriptors
repeated MethodDescriptor

The list of MethodDescriptors

prev_page_token
string

A token to retrieve previous page of results. Pass this value in the [ListMethodDescriptorsRequest.page_token][ntt.audit.v1alpha.ListMethodDescriptorsRequest.page_token]

next_page_token
string

A token to retrieve next page of results. Pass this value in the [ListMethodDescriptorsRequest.page_token][ntt.audit.v1alpha.ListMethodDescriptorsRequest.page_token]

WatchMethodDescriptorRequest

Request message for method [WatchMethodDescriptor][ntt.audit.v1alpha.WatchMethodDescriptor]

Fields
name
string

Reference to ntt.audit.v1alpha.MethodDescriptor

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMethodDescriptorResponse

WatchMethodDescriptorResponse

Fields
change
MethodDescriptorChange
WatchMethodDescriptorsRequest

Request message for method [WatchMethodDescriptors][ntt.audit.v1alpha.WatchMethodDescriptors]

Fields
page_size
int32

Requested page size. Server may return fewer MethodDescriptors than requested. If unspecified, server will pick an appropriate default.

page_token
string

A token identifying a page of results the server should return.

order_by
string

Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination

filter
string

Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL | NaN . Combine conditions with OR | AND example: 'meta.labels CONTAINS "severity:important" OR (state.last_error_time > "2018-11-15T10:00:00Z" AND state.status = "ERROR")'

field_mask
.google.protobuf.FieldMask

A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MethodDescriptor that don't affect any of masked fields won't be sent back.

view
.goten.view.View

View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MethodDescriptor that don't affect any of masked fields won't be sent back.

WatchMethodDescriptorsResponse

WatchMethodDescriptorsResponse

Fields
method_descriptor_changes
repeated MethodDescriptorChange

Changes of MethodDescriptors

page_token_change
WatchMethodDescriptorsResponse.PageTokenChange

When present, PageTokens used for page navigation should be updated.

WatchMethodDescriptorsResponse.PageTokenChange
Fields
prev_page_token
string

New token to retrieve previous page of results.

next_page_token
string

New token to retrieve next page of results.

CreateMethodDescriptorRequest

Request message for method [CreateMethodDescriptor][ntt.audit.v1alpha.CreateMethodDescriptor]

Fields
method_descriptor
MethodDescriptor

MethodDescriptor resource body

UpdateMethodDescriptorRequest

Request message for method [UpdateMethodDescriptor][ntt.audit.v1alpha.UpdateMethodDescriptor]

Fields
method_descriptor
MethodDescriptor

MethodDescriptor resource body

update_mask
.google.protobuf.FieldMask

FieldMask applied to request - change will be applied only for fields in the mask

ActivityLog

ActivityLog Resource - describes notification of activity triggered by a request sent to an API service. ActivityLog creation is triggered by an API service when it receives either unary or stream request.

ActivityLog contains messages exchanged between client and server within single API call and finally exit status. ActivityLog is method oriented - service name + method name (for example IAM/CreateRoleBinding) is a leading information.

ActivityLog can have N associated ResourceChangeLog objects, if API call it describes made some changes in a data store. You can combine ActivityLog and ResourceChangeLog by making queries with request_id specified in a filter.

</tbody> </table>

Operations

ListActivityLogs
rpc ListActivityLogs(ListActivityLogsRequest) returns (ListActivityLogsResponse)

ListActivityLogs

CreateActivityLogs
rpc CreateActivityLogs(CreateActivityLogsRequest) returns (CreateActivityLogsResponse)

CreateActivityLogs

Messages

ActivityLog.MessageEvent

Describes a message event (client or server)

Fields
name
string

Name of ActivityLog. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope request_id authentication.principal authorization.granted_permissions authorization.denied_permissions service.name method.type labels

Key is not to be decoded outside of service, but treated as opaque string

scope
string

Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Example formats are:

  • organization/umbrella
  • projects/mars_exploration
  • </li> </ul> </td></tr>
request_id
uint64

Generated ID of the request. Same ID must be used in ResourceChangeLog objects associated with this request.

authentication
Authentication

Authentication data - informs who made a request

authorization
Authorization

Authorization data - informs what permissions were granted or denied for associated request

service
ServiceData

Information about the service

method
ActivityLog.Method

Information about the method

labels
string

List of query-able labels

events
repeated ActivityLog.Event

List of events attached to this log

Fields
data
.google.protobuf.Any

Message contents

time
.google.protobuf.Timestamp

Time of a message

ActivityLog.ExitEvent

Describes exit event (request finished)

Fields
status
.ntt.rpc.Status

Final status of a request

time
.google.protobuf.Timestamp

Time when request finished

ActivityLog.Event

Event associated with activity.

Fields
client_message
ActivityLog.MessageEvent

Client message received event

server_message
ActivityLog.MessageEvent

Server message sent event

exit
ActivityLog.ExitEvent

Request finished event

ActivityLog.Method

Description of the executed method

Fields
type
string

Type name of a method, for example "UpdateRoleBinding"

ListActivityLogsRequest

Request message for method [ListActivityLogs][ntt.audit.v1alpha.ListActivityLogs]

Returns activities for specified time range and within specified filter. Note that activity logs are API oriented - primary object is method rather than resource.

Note that filter field is mandatory and minimal filters are:

  • --filter 'service.name=[SERVICE_NAME]' (what is happening in this service)
  • --filter 'service.name=[SERVICE_NAME] and method.type=[METHOD_NAME]' (what is happening for this API call)
  • --filter 'authentication.principal=[PRINCIPAL_NAME]' (what that person is doing)
  • --filter 'request_id=[REQUEST_ID]' (I have request ID, what is actually this?)
  • --filter 'service.name=[SERVICE_NAME] and labels.resource_name=[FULL_RESOURCE_NAME]' (can I see activities on this resource?)

Be aware, that server will append scope filter condition (and scope=...) to an any of the above filters. Scope is extracted from parent field in ListActivityLogsRequest body. This ensures only one scope if being browsed by an authorized for it user.

For all of the above filters you can replace filter condition compare (=) with IN operator. You can therefore query for multiple services, methods or users at once. Above filters are also preferred as we have optimization for them.

Activity logs can be filtered by custom labels (field labels in ActivityLog). Labels are define per each API method - so you must specify service.name and method.type conditions to be able to query by labels (with exception of "standard" labels to be described later).

For example, suppose you have a CreateVM method, which creates resource "VM". Suppose there is a field "group" within resource body, which is reference to other resource. If you want to make a query like "who was creating VMs for that group", then you need to create label "group" inside resource body. Then you will be able to make a query with following filter condition: --filter 'service.name=vms.domain.com and method.type=CreateVM and labels.group=mySpecialVMGroup'.

Be aware, that Create/Update requests, which have resource object in their own bodies, will automatically inherit resource labels. So, basically you need to define "group" label in resource spec, not inside request. This is useful, as both Create/Update methods will have this label. This also allows code-gen to continue maintaining *derived.proto files.

However, there is one standard label: resource_name, which is widely used across methods operating on single resource. Audit-gen tool generates this automatically for derived methods. For custom requests you need to provide label yourself in audit spec. This allows you to make following query: --filter 'service.name=vms.domain.com and labels.resource_name=projects/myP/vms/myVM'

Filters with conditions service + resource_name are also indexed for performance reasons.

Examples of usage (with cuttle):

  • Checks connections to all devices within ssh-demo project starting from 8th of September 12 UTC time

$ cuttle audit query activity-log --project ssh-demo --filter 'service.name="devices.edgelq.com" and method.type="ConnectToDevice"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

*Checks connections to device demo-device within ssh-demo project starting from 8th of September 12 UTC time

$ cuttle audit query activity-log --project ssh-demo --filter 'service.name="devices.edgelq.com" and method.type="ConnectToDevice" and labels.resource_name="projects/ssh-demo/devices/demo-device"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

  • Checks what is happening within whole iam service for project demo starting from 8th of September 12 UTC time

$ cuttle audit query activity-log --project demo --filter 'service.name="IAM.edgelq.com"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

  • Checks activities within one hour for whole iam service for selected methods

$ cuttle audit query activity-log --project demo --filter 'service.name="IAM.edgelq.com" and method.type IN ["CreateRoleBinding", "UpdateRoleBinding", "DeleteRoleBinding"]' --interval '{"startTime":"2020-09-08T12:00:00Z", "endTime":"2020-09-08T13:00:00Z"}' -o json

  • Checks modification of RoleBinding

$ cuttle audit query activity-log --project demo --filter 'service.name="IAM.edgelq.com" and method.type="UpdateRoleBinding" and labels.resource_name="projects/x/roleBindings/myRB"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

  • Checks what was happening with some device

$ cuttle audit query activity-log --project demo --filter 'service.name="devices.edgelq.com" and labels.resource_name="projects/x/devices/myDevice"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

  • Checks activities made by specific user (we need their email)

$ cuttle audit query activity-log --project demo --filter 'authentication.principal="user:we.know.who@domain.com"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

  • Checks activities made by specific service account (we need it's email)

$ cuttle audit query activity-log --project demo --filter 'authentication.principal="serviceAccount:myServiceAccount@domain.com"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

Fields
parent
string

Parent reference of ntt.audit.v1alpha.ActivityLog

filter
string

A audit filter that specifies which activity logs should be returned

interval
TimeInterval

The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.

page_size
int32

Cap on a number of activity logs to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit.

Results will be adjusted to the "end time" taken from interval field (adjusted also by page_token if provided).

page_token
string

Token which identifies next page with further results. Token should be taken from [ListActivityLogsResponse.next_page_token][ntt.audit.v1alpha.ListActivityLogsResponse.next_page_token].

ListActivityLogsResponse

Response message for method [ListActivityLogs][ntt.audit.v1alpha.ListActivityLogs]

Fields
activity_logs
repeated ActivityLog

One or more activity method logs that match the filter included in the request.

next_page_token
string

If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.

execution_errors
repeated .ntt.rpc.Status

Query execution errors that may have caused the response data returned to be incomplete.

CreateActivityLogsRequest

Request message for method [CreateActivityLogs][ntt.audit.v1alpha.CreateActivityLogs]

Creates many activity logs at once - or appends existing, if some of the activity logs already exist (their name is already known).

This request should not be used by regular users - only API services should be able to submit activity logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Fields
activity_logs
repeated ActivityLog

List of activity logs to be added to service. Can be coming from different scopes.

CreateActivityLogsResponse

Response message for method [CreateActivityLogs][ntt.audit.v1alpha.CreateActivityLogs]

Fields
log_names
repeated string

Resource change log names - one name per each activity log, in same order as in the request

ResourceChangeLog

ResourceChangeLog Resource - describes notification of resource change. This log is resource oriented - it strictly is associated with single resource, where service name, resource type and resource name are the strongest attributes.

All resource changes are happening via API calls made to API services. Therefore, each ResourceChangeLog has associated ActivityLog. Relation is 1-N between activity and resource change logs, as one API call can modify multiple resources.

</tbody> </table>

Operations

ListResourceChangeLogs
rpc ListResourceChangeLogs(ListResourceChangeLogsRequest) returns (ListResourceChangeLogsResponse)

ListResourceChangeLogs

CreatePreCommittedResourceChangeLogs
rpc CreatePreCommittedResourceChangeLogs(CreatePreCommittedResourceChangeLogsRequest) returns (CreatePreCommittedResourceChangeLogsResponse)

CreatePreCommittedResourceChangeLogs

SetResourceChangeLogsCommitState
rpc SetResourceChangeLogsCommitState(SetResourceChangeLogsCommitStateRequest) returns (SetResourceChangeLogsCommitStateResponse)

SetResourceChangeLogsCommitState

Messages

ResourceChangeLog.ResourceChange

Description of change on the resource

Fields
name
string

Name of ResourceChangeLog. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope request_id authentication.principal service.name resource.name resource.type resource.pre.labels resource.post.labels

ID part should not be decoded, but treated as opaque string

scope
string

Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Supported formats are:

  • organization/umbrella
  • projects/mars_exploration
  • </li> </ul> </td></tr>
request_id
uint64

Unique identifier of request - it must match the one in the associated activity log.

timestamp
.google.protobuf.Timestamp

Time of the change - equal to request timestamp (activity log)

authentication
Authentication

Authentication data - informs who made a change

service
ServiceData

Information about the service

resource
ResourceChangeLog.ResourceChange

Describes change on the resource

transaction
ResourceChangeLog.TransactionInfo

Describes state of the transaction

Fields
name
string

Fully qualified name of the resource (eg. "RoleBinding/Public") that has changed from this request (if successful)

type
string

Name of the resource type for example "RoleBinding".

action
ResourceChangeLog.ResourceChange.Action

Action on the resource

pre
ObjectState

State of the resource before change. It is empty if action is CREATE

post
ObjectState

State of the resource after change. It is empty if action is DELETE

ResourceChangeLog.TransactionInfo

Information about transaction where change has been executed

Fields
identifier
string

unique identifier of the transaction.

try_counter
int32

Indicator of try counter. If transaction has been concluded at first try, try_counter will be 1. If on the second try, then number will be 2 (etc).

state
ResourceChangeLog.TransactionInfo.State

State of the transaction.

ListResourceChangeLogsRequest

Request message for method [ListResourceChangeLogs][ntt.audit.v1alpha.ListResourceChangeLogs]

Returns resource changes for specified time range and within specified filter. Note that resource change logs are Resource oriented - primary object is resource here. Audit monitors resources that have non-custom store.

Note that filter field is mandatory and minimal filters are:

  • --filter 'service.name=[SERVICE_NAME] and resource.type=[RESOURCE_NAME]' (what is happening for this resource type)
  • --filter 'request_id=[REQUEST_ID]' (which resources were changed by this request_id?)

Be aware that server will append scope filter condition (and scope=...) to an any of the above filters. Scope is extracted from parent field in ListResourceChangeLogsRequest body. This ensures only one scope if being browsed by an authorized for it user.

For all of the above filters you can replace filter condition compare (=) with IN operator. You can therefore query for multiple services, methods or users at once. Above filters are also preferred as we have optimization for them.

Resource change logs can also be filtered by custom labels (field labels in ResourceChangeLog - pre and post versions). Labels are custom per each API resource - so you must specify service.name and resource.type conditions to enable them. For example, suppose you have a VM resource which contains "group" field, which is a reference to some other resource. If you create label "group" in VM resource spec (in proto model) you can make a following query: --filter 'service.name=vms.domain.com and resource.type=VM and resource.post.labels.group=projects/P/vmgroups/myGroup'.

Examples of usage (with cuttle):

  • Checks activities within one hour for role binding resources

$ cuttle audit query activity-log --project demo --filter 'service.name="IAM.edgelq.com" and resource.type="RoleBinding"' --interval '{"startTime":"2020-09-08T12:00:00Z", "endTime":"2020-09-08T13:00:00Z"}' -o json

  • Checks modification of specific RoleBinding

$ cuttle audit query activity-log --project demo --filter 'service.name="IAM.edgelq.com" and resource.type="RoleBinding" and resource.name="projects/x/roleBindings/myRB"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

  • Checks changes on resource RoleBinding made by specific user (we need their email)

$ cuttle audit query resource-change-log --project demo --filter 'service.name="IAM.edgelq.com" and resource.type="RoleBinding" and authentication.principal="user:we.know.who@domain.com"' --interval '{"startTime":"2020-09-08T12:00:00Z"}' -o json

Fields
parent
string

Parent reference of ntt.audit.v1alpha.ResourceChangeLog

filter
string

A audit filter that specifies which resource change logs should be returned

interval
TimeInterval

The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.

page_size
int32

Cap on a number of resource change logs to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit.

Results will be adjusted to the "end time" taken from interval field (adjusted also by page_token if provided).

page_token
string

Token which identifies next page with further results. Token should be taken from [ListResourceChangeLogsResponse.next_page_token][ntt.audit.v1alpha.ListResourceChangeLogsResponse.next_page_token].

ListResourceChangeLogsResponse

Response message for method [ListResourceChangeLogs][ntt.audit.v1alpha.ListResourceChangeLogs]

Fields
resource_change_logs
repeated ResourceChangeLog

One or more resource change logs that match the filter included in the request.

next_page_token
string

If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.

execution_errors
repeated .ntt.rpc.Status

Query execution errors that may have caused the response data returned to be incomplete.

CreatePreCommittedResourceChangeLogsRequest

Request message for method [CreatePreCommittedResourceChangeLogs][ntt.audit.v1alpha.CreatePreCommittedResourceChangeLogs]

Creates resource change log.

This request should not be used by regular users - only API services should be able to submit resource change logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Fields
request_id
uint64

ID of the request - must be same as the one used in activity logs

timestamp
.google.protobuf.Timestamp

Time of the request

authentication
Authentication

Authentication data - informs who made a change

service
ServiceData

Information about the service

transaction
ResourceChangeLog.TransactionInfo

Information about transaction

changes
repeated ResourceChangeLog.ResourceChange

List of changes

CreatePreCommittedResourceChangeLogsResponse

Response message for method [CreateResourceChangeLogs][ntt.audit.v1alpha.CreateResourceChangeLogs]

Fields
log_keys
repeated bytes

Resource change log keys - one key per each resource change, in same order

SetResourceChangeLogsCommitStateRequest

Request message for method [SetResourceChangeLogsCommitState][ntt.audit.v1alpha.SetResourceChangeLogsCommitState]

Sets transaction status of selected resource change logs.

This request should not be used by regular users - only API services should be able to modify resource change logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Fields
log_keys
repeated bytes

list of resource change log keys.

timestamp
.google.protobuf.Timestamp

Time of the request - must be same as in CreatePreCommittedResourceChangeLogsRequest

tx_result
ResourceChangeLog.TransactionInfo.State

final state of the transaction - must be COMMITTED or ROLLED_BACK

SetResourceChangeLogsCommitStateResponse

Response message for method [SetResourceChangeLogsCommitState][ntt.audit.v1alpha.SetResourceChangeLogsCommitState]

Fields
none

Enums

ResourceChangeLog.ResourceChange.Action

Type of change

Values
UNDEFINED
CREATE
UPDATE
DELETE
ResourceChangeLog.TransactionInfo.State

State of the transaction.

Values
UNDEFINED
PRE_COMMITTED

Indicates that this change did not happen - it is just proposal of the change. Such a log should be followed by another ResourceChangeLog with value COMMITTED or ROLLED_BACK. If one transaction has been retried multiple times, then there may be multiple records with PRE_COMMITTED, last record should indicate final transaction state.

COMMITTED

Indicates change has been committed successfully.

ROLLED_BACK

Indicates that change did not happen. Log of this type should be treated as attempt of change.

Shared Resources

Operations
Messages
AuditedResourceDescriptorChange

AuditedResourceDescriptorChange is used by Watch notifications Responses to describe change of single AuditedResourceDescriptor One of Added, Modified, Removed

Fields
added
AuditedResourceDescriptorChange.Added

Added is returned when watched document is added, either created or enters Query view

modified
AuditedResourceDescriptorChange.Modified

Modified is returned when watched document is modified

removed
AuditedResourceDescriptorChange.Removed

Removed is returned when AuditedResourceDescriptor is deleted or leaves Query view

AuditedResourceDescriptorChange.Added

AuditedResourceDescriptor has been added to query view

Fields
audited_resource_descriptor
AuditedResourceDescriptor
view_index
int32

Integer describing index of added AuditedResourceDescriptor in resulting query view.

AuditedResourceDescriptorChange.Modified

AuditedResourceDescriptor changed some of it's fields - contains either full document or masked change

Fields
name
string

Name of modified AuditedResourceDescriptor

audited_resource_descriptor
AuditedResourceDescriptor

New version of AuditedResourceDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchAuditedResourceDescriptorRequest] or [WatchAuditedResourceDescriptorsRequest]

field_mask
.google.protobuf.FieldMask

Used when mask_changes is set, contains field paths of modified properties.

previous_view_index
int32

Previous view index specifies previous position of modified AuditedResourceDescriptor. When modification doesn't affect sorted order, value will remain identical to [view_index].

view_index
int32

Integer specifying AuditedResourceDescriptor new index in resulting query view.

AuditedResourceDescriptorChange.Removed

Removed is returned when AuditedResourceDescriptor is deleted or leaves Query view

Fields
name
string
view_index
int32

Integer specifying removed AuditedResourceDescriptor index.

Authentication

Information about authorized principal who sent a request

Fields
principal
string

Name of the principal, for example: "user:our_new_admin@example.com"

Authorization

Information about authorization applicable for a request.

Fields
granted_permissions
repeated string

List of permissions that were granted

denied_permissions
repeated string

List of permissions that were denied

BigTableConfig
Fields
init
bool
instance_id
string
logs_table_id
string
activity_log_retention
.google.protobuf.Duration
resource_change_log_retention
.google.protobuf.Duration
tsuid_cache_max_size_mb
int32
Config
Fields
common_config
.ntt.environment.server.ServerEnvironment
big_table
BigTableConfig

BigTable config

LabelDescriptor
Fields
key
string

The label key.

LabelKeySet

LabelKeySet is used for defining PromotedLabelKeySets on Object descriptors

Fields
label_keys
repeated string
MethodDescriptorChange

MethodDescriptorChange is used by Watch notifications Responses to describe change of single MethodDescriptor One of Added, Modified, Removed

Fields
added
MethodDescriptorChange.Added

Added is returned when watched document is added, either created or enters Query view

modified
MethodDescriptorChange.Modified

Modified is returned when watched document is modified

removed
MethodDescriptorChange.Removed

Removed is returned when MethodDescriptor is deleted or leaves Query view

MethodDescriptorChange.Added

MethodDescriptor has been added to query view

Fields
method_descriptor
MethodDescriptor
view_index
int32

Integer describing index of added MethodDescriptor in resulting query view.

MethodDescriptorChange.Modified

MethodDescriptor changed some of it's fields - contains either full document or masked change

Fields
name
string

Name of modified MethodDescriptor

method_descriptor
MethodDescriptor

New version of MethodDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMethodDescriptorRequest] or [WatchMethodDescriptorsRequest]

field_mask
.google.protobuf.FieldMask

Used when mask_changes is set, contains field paths of modified properties.

previous_view_index
int32

Previous view index specifies previous position of modified MethodDescriptor. When modification doesn't affect sorted order, value will remain identical to [view_index].

view_index
int32

Integer specifying MethodDescriptor new index in resulting query view.

MethodDescriptorChange.Removed

Removed is returned when MethodDescriptor is deleted or leaves Query view

Fields
name
string
view_index
int32

Integer specifying removed MethodDescriptor index.

ObjectState

State of the object - can be resource, request or response.

Fields
data
.google.protobuf.Any

Object data

labels
string

Values for all of the labels listed in the associated audited object descriptor - they are extracted from protobuf object and used for filtering

OrganizationChange

OrganizationChange is used by Watch notifications Responses to describe change of single Organization One of Added, Modified, Removed

Fields
added
OrganizationChange.Added

Added is returned when watched document is added, either created or enters Query view

modified
OrganizationChange.Modified

Modified is returned when watched document is modified

removed
OrganizationChange.Removed

Removed is returned when Organization is deleted or leaves Query view

OrganizationChange.Added

Organization has been added to query view

Fields
organization
Organization
view_index
int32

Integer describing index of added Organization in resulting query view.

OrganizationChange.Modified

Organization changed some of it's fields - contains either full document or masked change

Fields
name
string

Name of modified Organization

organization
Organization

New version of Organization or masked difference, depending on mask_changes instrumentation of issued [WatchOrganizationRequest] or [WatchOrganizationsRequest]

field_mask
.google.protobuf.FieldMask

Used when mask_changes is set, contains field paths of modified properties.

previous_view_index
int32

Previous view index specifies previous position of modified Organization. When modification doesn't affect sorted order, value will remain identical to [view_index].

view_index
int32

Integer specifying Organization new index in resulting query view.

OrganizationChange.Removed

Removed is returned when Organization is deleted or leaves Query view

Fields
name
string
view_index
int32

Integer specifying removed Organization index.

ProjectChange

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Fields
added
ProjectChange.Added

Added is returned when watched document is added, either created or enters Query view

modified
ProjectChange.Modified

Modified is returned when watched document is modified

removed
ProjectChange.Removed

Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added

Project has been added to query view

Fields
project
Project
view_index
int32

Integer describing index of added Project in resulting query view.

ProjectChange.Modified

Project changed some of it's fields - contains either full document or masked change

Fields
name
string

Name of modified Project

project
Project

New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]

field_mask
.google.protobuf.FieldMask

Used when mask_changes is set, contains field paths of modified properties.

previous_view_index
int32

Previous view index specifies previous position of modified Project. When modification doesn't affect sorted order, value will remain identical to [view_index].

view_index
int32

Integer specifying Project new index in resulting query view.

ProjectChange.Removed

Removed is returned when Project is deleted or leaves Query view

Fields
name
string
view_index
int32

Integer specifying removed Project index.

ServiceData

Information about service processing a request

Fields
name
string

Fully qualified service name executing a request

TimeInterval

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Fields
end_time
.google.protobuf.Timestamp

Optional - end of the time interval. If not provided, current time will be assumed.

start_time
.google.protobuf.Timestamp

Required. The beginning of the time interval. The start time must not be later than the end time.