diff --git a/audit/api/api.go b/audit/api/api.go index c1ed7ad..a60f1fd 100644 --- a/audit/api/api.go +++ b/audit/api/api.go @@ -46,7 +46,7 @@ type AuditApi interface { */ Log( ctx context.Context, - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -55,7 +55,7 @@ type AuditApi interface { // ValidateAndSerialize validates and serializes the event into a byte representation. // The result has to be sent explicitly by calling the Send method. ValidateAndSerialize( - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -114,6 +114,9 @@ type CloudEvent struct { // The object type (i.e. the fully qualified protobuf type name) dataType string + // The identifier of the referring object. + subject string + // The serialized payload data []byte } diff --git a/audit/api/api_common.go b/audit/api/api_common.go index 7dfc723..49b7606 100644 --- a/audit/api/api_common.go +++ b/audit/api/api_common.go @@ -50,7 +50,7 @@ var ErrSerializedPayloadNil = errors.New("serialized payload nil") func validateAndSerializePartially( validator *ProtobufValidator, - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -162,6 +162,7 @@ func send( applicationAttributes["cloudEvents:time"] = cloudEvent.time.UnixMilli() applicationAttributes["cloudEvents:datacontenttype"] = cloudEvent.dataContentType applicationAttributes["cloudEvents:type"] = cloudEvent.dataType + applicationAttributes["cloudEvents:subject"] = cloudEvent.subject return (*messagingApi).Send( ctx, diff --git a/audit/api/api_legacy.go b/audit/api/api_legacy.go index ecbea01..8fceef4 100644 --- a/audit/api/api_legacy.go +++ b/audit/api/api_legacy.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "github.com/google/uuid" + "net/url" "time" "dev.azure.com/schwarzit/schwarzit.stackit-core-platform/common-audit.git/audit/messaging" @@ -68,7 +69,7 @@ func NewLegacyAuditApi( // Log implements AuditApi.Log func (a *LegacyAuditApi) Log( ctx context.Context, - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -85,7 +86,7 @@ func (a *LegacyAuditApi) Log( // ValidateAndSerialize implements AuditApi.ValidateAndSerialize. // It serializes the event into the byte representation of the legacy audit log system. func (a *LegacyAuditApi) ValidateAndSerialize( - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -109,13 +110,16 @@ func (a *LegacyAuditApi) ValidateAndSerialize( } message := CloudEvent{ - specVersion: "1.0", - source: event.EventSource, + specVersion: "1.0", + source: event.ProtoPayload.ServiceName, + // TODO what is the correct id? id: uuid.NewString(), - time: event.EventTimeStamp.AsTime(), + time: event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(), dataContentType: "application/cloudevents+protobuf", dataType: fmt.Sprintf("%v", routableEvent.ProtoReflect().Descriptor().FullName()), - data: legacyBytes, + // TODO check if this is correct + subject: event.ProtoPayload.ResourceName, + data: legacyBytes, } return &message, nil } @@ -132,7 +136,7 @@ func (a *LegacyAuditApi) Send( // convertAndSerializeIntoLegacyFormat converts the protobuf events into the json serialized legacy audit log format func (a *LegacyAuditApi) convertAndSerializeIntoLegacyFormat( - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, routableEvent *auditV1.RoutableAuditEvent, ) ([]byte, error) { @@ -152,45 +156,53 @@ func (a *LegacyAuditApi) convertAndSerializeIntoLegacyFormat( if len(event.ProtoPayload.AuthenticationInfo.ServiceAccountDelegationInfo) > 0 { var principals []LegacyAuditEventPrincipal for _, principal := range event.ProtoPayload.AuthenticationInfo.ServiceAccountDelegationInfo { - if principal != nil { - p := LegacyAuditEventPrincipal{ - Id: principal.GetFirstPartyPrincipal().Id, - Email: &principal.GetFirstPartyPrincipal().PrincipalEmail, - } - principals = append(principals, p) + switch principalValue := principal.Authority.(type) { + case *auditV1.ServiceAccountDelegationInfo_IdpPrincipal_: + principals = append(principals, LegacyAuditEventPrincipal{ + Id: principalValue.IdpPrincipal.PrincipalId, + Email: principalValue.IdpPrincipal.PrincipalEmail, + }) + case *auditV1.ServiceAccountDelegationInfo_SystemPrincipal_: + principals = append(principals, LegacyAuditEventPrincipal{ + Id: "system", + }) + } } serviceAccountDelegationInfo = &LegacyAuditEventServiceAccountDelegationInfo{Principals: principals} } - // Request var request LegacyAuditEventRequest - if event.Request == nil { + if event.ProtoPayload.RequestMetadata.RequestAttributes == nil { request = LegacyAuditEventRequest{ Endpoint: "none", } } else { var parameters map[string]interface{} = nil - if event.Request.Parameters != nil { - parameters = event.Request.Parameters.AsMap() + if event.ProtoPayload.RequestMetadata.RequestAttributes.Path != "" && event.ProtoPayload.RequestMetadata.RequestAttributes.Query != "" { + parsedUrl, err := url.Parse(fmt.Sprintf("%s?%s", event.ProtoPayload.RequestMetadata.RequestAttributes.Path, event.ProtoPayload.RequestMetadata.RequestAttributes.Query)) + if err != nil { + return nil, err + } + for k, v := range parsedUrl.Query() { + parameters[k] = v + } } var body map[string]interface{} = nil - if event.Request.Body != nil { - body = event.Request.Body.AsMap() + if event.ProtoPayload.Request != nil { + body = event.ProtoPayload.Request.AsMap() } var headers map[string]interface{} = nil - if event.Request.Headers != nil { + if event.ProtoPayload.RequestMetadata.RequestAttributes.Headers != nil { headers = map[string]interface{}{} - for _, header := range event.Request.Headers { - if header != nil { - headers[header.Key] = header.Value - } + for key, value := range event.ProtoPayload.RequestMetadata.RequestAttributes.Headers { + headers[key] = value } } request = LegacyAuditEventRequest{ - Endpoint: event.Request.Endpoint, + Endpoint: event.ProtoPayload.RequestMetadata.RequestAttributes.Path, Parameters: ¶meters, Body: &body, Headers: &headers, @@ -205,7 +217,7 @@ func (a *LegacyAuditApi) convertAndSerializeIntoLegacyFormat( eventType = "ADMIN_ACTIVITY" if ref.ObjectIdentifier.Type == auditV1.ObjectType_OBJECT_TYPE_ORGANIZATION { messageContext = &LegacyAuditEventContext{ - OrganizationId: nil, + OrganizationId: &ref.ObjectIdentifier.Identifier, FolderId: nil, ProjectId: nil, } @@ -213,14 +225,14 @@ func (a *LegacyAuditApi) convertAndSerializeIntoLegacyFormat( } else if ref.ObjectIdentifier.Type == auditV1.ObjectType_OBJECT_TYPE_FOLDER { messageContext = &LegacyAuditEventContext{ OrganizationId: nil, - FolderId: nil, + FolderId: &ref.ObjectIdentifier.Identifier, ProjectId: nil, } } else if ref.ObjectIdentifier.Type == auditV1.ObjectType_OBJECT_TYPE_PROJECT { messageContext = &LegacyAuditEventContext{ OrganizationId: nil, FolderId: nil, - ProjectId: nil, + ProjectId: &ref.ObjectIdentifier.Identifier, } } else { return nil, ErrUnsupportedObjectIdentifierType @@ -233,36 +245,30 @@ func (a *LegacyAuditApi) convertAndSerializeIntoLegacyFormat( } // Details - var details map[string]interface{} = nil - if event.Details != nil { - details = event.Details.AsMap() - } + var details = event.ProtoPayload.Request.AsMap() // Result - var result map[string]interface{} = nil - if event.Result != nil { - result = event.Result.AsMap() - } + var result = event.ProtoPayload.Response.AsMap() // Instantiate the legacy event - missing values are filled with defaults legacyAuditEvent := LegacyAuditEvent{ Severity: "INFO", Visibility: routableEvent.Visibility.String(), EventType: eventType, - EventTimeStamp: event.EventTimeStamp.AsTime(), - EventName: event.EventName, + EventTimeStamp: event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(), + EventName: event.LogName, SourceIpAddress: sourceIpAddress, UserAgent: userAgent, Initiator: LegacyAuditEventPrincipal{ - Id: event.Initiator.Id, - Email: event.Initiator.Email, + Id: event.ProtoPayload.AuthenticationInfo.PrincipalId, + Email: &event.ProtoPayload.AuthenticationInfo.PrincipalEmail, }, ServiceAccountDelegationInfo: serviceAccountDelegationInfo, Request: request, Context: messageContext, - ResourceId: event.ResourceId, - ResourceName: event.ResourceName, - CorrelationId: event.CorrelationId, + ResourceId: &event.LogName, + ResourceName: &event.ProtoPayload.ResourceName, + CorrelationId: &event.CorrelationId, Result: &result, Details: &details, } diff --git a/audit/api/api_mock.go b/audit/api/api_mock.go index b977bbb..4769f86 100644 --- a/audit/api/api_mock.go +++ b/audit/api/api_mock.go @@ -30,7 +30,7 @@ func NewMockAuditApi() (*AuditApi, error) { // Validates and serializes the event but doesn't send it. func (a *MockAuditApi) Log( _ context.Context, - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -42,7 +42,7 @@ func (a *MockAuditApi) Log( // ValidateAndSerialize implements AuditApi.ValidateAndSerialize func (a *MockAuditApi) ValidateAndSerialize( - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -59,13 +59,16 @@ func (a *MockAuditApi) ValidateAndSerialize( } message := CloudEvent{ - specVersion: "1.0", - source: event.EventSource, + specVersion: "1.0", + source: event.ProtoPayload.ServiceName, + // TODO what is the correct id? id: uuid.NewString(), - time: event.EventTimeStamp.AsTime(), + time: event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(), dataContentType: "application/cloudevents+protobuf", dataType: fmt.Sprintf("%v", routableEvent.ProtoReflect().Descriptor().FullName()), - data: routableEventBytes, + // TODO check if this is correct + subject: event.ProtoPayload.ResourceName, + data: routableEventBytes, } return &message, nil diff --git a/audit/api/api_routable.go b/audit/api/api_routable.go index b276bee..5d78535 100644 --- a/audit/api/api_routable.go +++ b/audit/api/api_routable.go @@ -84,7 +84,7 @@ func newRoutableAuditApi( // Log implements AuditApi.Log func (a *routableAuditApi) Log( ctx context.Context, - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -100,7 +100,7 @@ func (a *routableAuditApi) Log( // ValidateAndSerialize implements AuditApi.ValidateAndSerialize func (a *routableAuditApi) ValidateAndSerialize( - event *auditV1.AuditEvent, + event *auditV1.AuditLogEntry, visibility auditV1.Visibility, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier, @@ -123,13 +123,16 @@ func (a *routableAuditApi) ValidateAndSerialize( } message := CloudEvent{ - specVersion: "1.0", - source: event.EventSource, + specVersion: "1.0", + source: event.ProtoPayload.ServiceName, + // TODO what is the correct id? id: uuid.NewString(), - time: event.EventTimeStamp.AsTime(), + time: event.ProtoPayload.RequestMetadata.RequestAttributes.Time.AsTime(), dataContentType: "application/cloudevents+protobuf", dataType: fmt.Sprintf("%v", routableEvent.ProtoReflect().Descriptor().FullName()), - data: routableEventBytes, + // TODO check if this is correct + subject: event.ProtoPayload.ResourceName, + data: routableEventBytes, } return &message, nil diff --git a/audit/api/test_data.go b/audit/api/test_data.go index 7dc8a68..e5352ff 100644 --- a/audit/api/test_data.go +++ b/audit/api/test_data.go @@ -13,16 +13,16 @@ import ( func NewOrganizationAuditEvent( customization *func( - *auditV1.AuditEvent, + *auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier, )) ( - *auditV1.AuditEvent, + *auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier, ) { - auditEvent := &auditV1.AuditEvent{ + auditEvent := &auditV1.AuditLogEntry{ EventSource: "resource-manager", Region: auditV1.Region_REGION_EU01, SequenceNumber: wrapperspb.Int64(0), @@ -53,10 +53,10 @@ func NewOrganizationAuditEvent( return auditEvent, routingIdentifier, objectIdentifier } -func NewOrganizationAuditEventWithDetails() (*auditV1.AuditEvent, +func NewOrganizationAuditEventWithDetails() (*auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier) { - customization := func(event *auditV1.AuditEvent, + customization := func(event *auditV1.AuditLogEntry, routingIdentifier *RoutingIdentifier, objectIdentifier *auditV1.ObjectIdentifier) { userAgent := "firefox" @@ -100,16 +100,16 @@ func NewOrganizationAuditEventWithDetails() (*auditV1.AuditEvent, func NewFolderAuditEvent( customization *func( - *auditV1.AuditEvent, + *auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier, )) ( - *auditV1.AuditEvent, + *auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier, ) { - auditEvent := &auditV1.AuditEvent{ + auditEvent := &auditV1.AuditLogEntry{ EventSource: "resource-manager", Region: auditV1.Region_REGION_EU01, SequenceNumber: wrapperspb.Int64(0), @@ -141,16 +141,16 @@ func NewFolderAuditEvent( func NewProjectAuditEvent( customization *func( - *auditV1.AuditEvent, + *auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier, )) ( - *auditV1.AuditEvent, + *auditV1.AuditLogEntry, *RoutingIdentifier, *auditV1.ObjectIdentifier, ) { - auditEvent := &auditV1.AuditEvent{ + auditEvent := &auditV1.AuditLogEntry{ EventSource: "resource-manager", Region: auditV1.Region_REGION_EU01, SequenceNumber: wrapperspb.Int64(0), @@ -182,9 +182,9 @@ func NewProjectAuditEvent( } func NewSystemAuditEvent( - customization *func(*auditV1.AuditEvent)) *auditV1.AuditEvent { + customization *func(*auditV1.AuditLogEntry)) *auditV1.AuditLogEntry { - auditEvent := &auditV1.AuditEvent{ + auditEvent := &auditV1.AuditLogEntry{ EventSource: "resource-manager", Region: auditV1.Region_REGION_EU01, SequenceNumber: wrapperspb.Int64(0), diff --git a/gen/go/audit/v1/audit_event.pb.go b/gen/go/audit/v1/audit_event.pb.go index d060ca4..3d2e9ef 100644 --- a/gen/go/audit/v1/audit_event.pb.go +++ b/gen/go/audit/v1/audit_event.pb.go @@ -10,7 +10,7 @@ import ( _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - anypb "google.golang.org/protobuf/types/known/anypb" + _ "google.golang.org/protobuf/types/known/anypb" structpb "google.golang.org/protobuf/types/known/structpb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" @@ -107,56 +107,50 @@ func (LogSeverity) EnumDescriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{0} } -// The data within all Cloud Audit Logs log entry events. -// Equivalent to Google's LogEntryData. -type AuditEvent struct { +// The audit log entry can be used to record an incident in the audit log. +type AuditLogEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The resource name of the log to which this log entry belongs. + // Example: projects//logs/ LogName string `protobuf:"bytes,12,opt,name=log_name,json=logName,proto3" json:"log_name,omitempty"` - // The monitored resource that produced this log entry. - // - // Example: a log entry that reports a database error would be associated with - // the monitored resource designating the particular database that reported - // the error. - Resource *MonitoredResource `protobuf:"bytes,8,opt,name=resource,proto3" json:"resource,omitempty"` - // The log entry payload, which is always an AuditLog for Cloud Audit Log - // events. + // The log entry payload, which is always an AuditLog for STACKIT Audit Log events. ProtoPayload *AuditLog `protobuf:"bytes,2,opt,name=proto_payload,json=protoPayload,proto3" json:"proto_payload,omitempty"` + // TODO can we specify how the format should look like? + // TODO Encode sequence number into it? + // https://softwaremind.com/blog/the-unique-features-of-snowflake-id-and-its-comparison-to-uuid/ // A unique identifier for the log entry. + // Is generated and set by the SDK. + // Format: + // /// InsertId string `protobuf:"bytes,4,opt,name=insert_id,json=insertId,proto3" json:"insert_id,omitempty"` // A set of user-defined (key, value) data that provides additional // information about the log entry. Labels map[string]string `protobuf:"bytes,11,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Information about an operation associated with the log entry, if - // applicable. - Operation *LogEntryOperation `protobuf:"bytes,15,opt,name=operation,proto3" json:"operation,omitempty"` + // Correlate multiple audit logs by setting the same id + CorrelationId string `protobuf:"bytes,15,opt,name=correlation_id,json=correlationId,proto3" json:"correlation_id,omitempty"` // The time the event described by the log entry occurred. Timestamp *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - // The time the log entry was received by Logging. - ReceiveTimestamp *timestamppb.Timestamp `protobuf:"bytes,24,opt,name=receive_timestamp,json=receiveTimestamp,proto3" json:"receive_timestamp,omitempty"` // The severity of the log entry. Severity LogSeverity `protobuf:"varint,10,opt,name=severity,proto3,enum=audit.v1.LogSeverity" json:"severity,omitempty"` - // Resource name of the trace associated with the log entry, if any. If it - // contains a relative resource name, the name is assumed to be relative to - // `//tracing.googleapis.com`. Example: - // `projects/my-projectid/traces/06796866738c859f2f19b7cfb3214824` - Trace string `protobuf:"bytes,22,opt,name=trace,proto3" json:"trace,omitempty"` - // The span ID within the trace associated with the log entry, if any. + // W3C conform trace parent header: + // https://www.w3.org/TR/trace-context/#traceparent-header // - // For Trace spans, this is the same format that the Trace API v2 uses: a - // 16-character hexadecimal encoding of an 8-byte array, such as - // `000000000000004a`. - SpanId string `protobuf:"bytes,27,opt,name=span_id,json=spanId,proto3" json:"span_id,omitempty"` - // Information indicating this LogEntry is part of a sequence of multiple logs - // split from a single LogEntry. - Split *LogSplit `protobuf:"bytes,35,opt,name=split,proto3" json:"split,omitempty"` + // Example: + // `00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01` + TraceParent string `protobuf:"bytes,22,opt,name=trace_parent,json=traceParent,proto3" json:"trace_parent,omitempty"` + // W3C conform trace state header: + // https://www.w3.org/TR/trace-context/#tracestate-header + // + // Example: + // `rojo=00f067aa0ba902b7,congo=t61rcWkgMzE`. + TraceState string `protobuf:"bytes,27,opt,name=trace_state,json=traceState,proto3" json:"trace_state,omitempty"` } -func (x *AuditEvent) Reset() { - *x = AuditEvent{} +func (x *AuditLogEntry) Reset() { + *x = AuditLogEntry{} if protoimpl.UnsafeEnabled { mi := &file_audit_v1_audit_event_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -164,13 +158,13 @@ func (x *AuditEvent) Reset() { } } -func (x *AuditEvent) String() string { +func (x *AuditLogEntry) String() string { return protoimpl.X.MessageStringOf(x) } -func (*AuditEvent) ProtoMessage() {} +func (*AuditLogEntry) ProtoMessage() {} -func (x *AuditEvent) ProtoReflect() protoreflect.Message { +func (x *AuditLogEntry) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -182,278 +176,101 @@ func (x *AuditEvent) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use AuditEvent.ProtoReflect.Descriptor instead. -func (*AuditEvent) Descriptor() ([]byte, []int) { +// Deprecated: Use AuditLogEntry.ProtoReflect.Descriptor instead. +func (*AuditLogEntry) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{0} } -func (x *AuditEvent) GetLogName() string { +func (x *AuditLogEntry) GetLogName() string { if x != nil { return x.LogName } return "" } -func (x *AuditEvent) GetResource() *MonitoredResource { - if x != nil { - return x.Resource - } - return nil -} - -func (x *AuditEvent) GetProtoPayload() *AuditLog { +func (x *AuditLogEntry) GetProtoPayload() *AuditLog { if x != nil { return x.ProtoPayload } return nil } -func (x *AuditEvent) GetInsertId() string { +func (x *AuditLogEntry) GetInsertId() string { if x != nil { return x.InsertId } return "" } -func (x *AuditEvent) GetLabels() map[string]string { +func (x *AuditLogEntry) GetLabels() map[string]string { if x != nil { return x.Labels } return nil } -func (x *AuditEvent) GetOperation() *LogEntryOperation { +func (x *AuditLogEntry) GetCorrelationId() string { if x != nil { - return x.Operation + return x.CorrelationId } - return nil + return "" } -func (x *AuditEvent) GetTimestamp() *timestamppb.Timestamp { +func (x *AuditLogEntry) GetTimestamp() *timestamppb.Timestamp { if x != nil { return x.Timestamp } return nil } -func (x *AuditEvent) GetReceiveTimestamp() *timestamppb.Timestamp { - if x != nil { - return x.ReceiveTimestamp - } - return nil -} - -func (x *AuditEvent) GetSeverity() LogSeverity { +func (x *AuditLogEntry) GetSeverity() LogSeverity { if x != nil { return x.Severity } return LogSeverity_DEFAULT } -func (x *AuditEvent) GetTrace() string { +func (x *AuditLogEntry) GetTraceParent() string { if x != nil { - return x.Trace + return x.TraceParent } return "" } -func (x *AuditEvent) GetSpanId() string { +func (x *AuditLogEntry) GetTraceState() string { if x != nil { - return x.SpanId + return x.TraceState } return "" } -func (x *AuditEvent) GetSplit() *LogSplit { - if x != nil { - return x.Split - } - return nil -} - -// An object representing a resource that can be used for monitoring, logging, -// billing, or other purposes. -type MonitoredResource struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. The monitored resource type. For example, the type of a - // Compute Engine VM instance is `gce_instance`. - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - // Values for all of the labels listed in the associated monitored - // resource descriptor. For example, Compute Engine VM instances use the - // labels `"project_id"`, `"instance_id"`, and `"zone"`. - Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *MonitoredResource) Reset() { - *x = MonitoredResource{} - if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MonitoredResource) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MonitoredResource) ProtoMessage() {} - -func (x *MonitoredResource) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MonitoredResource.ProtoReflect.Descriptor instead. -func (*MonitoredResource) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{1} -} - -func (x *MonitoredResource) GetType() string { - if x != nil { - return x.Type - } - return "" -} - -func (x *MonitoredResource) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -// Additional information about a potentially long-running operation with which -// a log entry is associated. -type LogEntryOperation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // An arbitrary operation identifier. Log entries with the same - // identifier are assumed to be part of the same operation. - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // An arbitrary producer identifier. The combination of `id` and - // `producer` must be globally unique. Examples for `producer`: - // `"MyDivision.MyBigCompany.com"`, `"github.com/MyProject/MyApplication"`. - Producer string `protobuf:"bytes,2,opt,name=producer,proto3" json:"producer,omitempty"` - // True if this is the first log entry in the operation. - First bool `protobuf:"varint,3,opt,name=first,proto3" json:"first,omitempty"` - // True if this is the last log entry in the operation. - Last bool `protobuf:"varint,4,opt,name=last,proto3" json:"last,omitempty"` -} - -func (x *LogEntryOperation) Reset() { - *x = LogEntryOperation{} - if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LogEntryOperation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LogEntryOperation) ProtoMessage() {} - -func (x *LogEntryOperation) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LogEntryOperation.ProtoReflect.Descriptor instead. -func (*LogEntryOperation) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{2} -} - -func (x *LogEntryOperation) GetId() string { - if x != nil { - return x.Id - } - return "" -} - -func (x *LogEntryOperation) GetProducer() string { - if x != nil { - return x.Producer - } - return "" -} - -func (x *LogEntryOperation) GetFirst() bool { - if x != nil { - return x.First - } - return false -} - -func (x *LogEntryOperation) GetLast() bool { - if x != nil { - return x.Last - } - return false -} - -// Common audit log format for Google Cloud Platform API operations. -// Copied from -// https://github.com/googleapis/googleapis/blob/master/google/cloud/audit/audit_log.proto, -// but changing service_data from Any to Struct. +// Common audit log format for STACKIT API operations. type AuditLog struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The name of the API service performing the operation. For example, - // `"datastore.googleapis.com"`. + // `"resource-manager"`. ServiceName string `protobuf:"bytes,7,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"` + // TODO: Add extra field to open api spec for the method_name // The name of the service method or operation. - // For API calls, this should be the name of the API method. + // The format should is: + // stackit.... + // // For example, // - // "google.datastore.v1.Datastore.RunQuery" - // "google.logging.v1.LoggingService.DeleteLog" - MethodName string `protobuf:"bytes,8,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty"` + // "stackit.resourcemanager.v1.organization.created" + // "stackit.authorization.v2.organization.moved" + // "stackit.authorization.v2.folder.moved" + MethodName *string `protobuf:"bytes,8,opt,name=method_name,json=methodName,proto3,oneof" json:"method_name,omitempty"` // The resource or collection that is the target of the operation. // The name is a scheme-less URI, not including the API service name. // For example: // - // "shelves/SHELF_ID/books" - // "shelves/SHELF_ID/books/BOOK_ID" + // "projects//vms/" + // "projects//vms//ports/" ResourceName string `protobuf:"bytes,11,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"` - // The resource location information. - ResourceLocation *ResourceLocation `protobuf:"bytes,20,opt,name=resource_location,json=resourceLocation,proto3" json:"resource_location,omitempty"` - // The resource's original state before mutation. Present only for - // operations which have successfully modified the targeted resource(s). - // In general, this field should contain all changed fields, except those - // that are already been included in `request`, `response`, `metadata` or - // `service_data` fields. - // When the JSON object represented here has a proto equivalent, - // the proto name will be indicated in the `@type` property. - ResourceOriginalState *structpb.Struct `protobuf:"bytes,19,opt,name=resource_original_state,json=resourceOriginalState,proto3" json:"resource_original_state,omitempty"` - // The number of items returned from a List or Query API method, - // if applicable. - NumResponseItems int64 `protobuf:"varint,12,opt,name=num_response_items,json=numResponseItems,proto3" json:"num_response_items,omitempty"` - // The status of the overall operation. - Status *RpcStatus `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` // Authentication information. AuthenticationInfo *AuthenticationInfo `protobuf:"bytes,3,opt,name=authentication_info,json=authenticationInfo,proto3" json:"authentication_info,omitempty"` // Authorization information. If there are multiple @@ -466,31 +283,25 @@ type AuditLog struct { // such as those that are too large, privacy-sensitive, or duplicated // elsewhere in the log record. // It should never include user-generated data, such as file contents. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. Request *structpb.Struct `protobuf:"bytes,16,opt,name=request,proto3" json:"request,omitempty"` + // The status of the overall operation. + Status *ResponseStatus `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` + // The number of items returned from a List or Query API method, + // if applicable. + NumResponseItems *int64 `protobuf:"varint,12,opt,name=num_response_items,json=numResponseItems,proto3,oneof" json:"num_response_items,omitempty"` // The operation response. This may not include all response elements, // such as those that are too large, privacy-sensitive, or duplicated // elsewhere in the log record. - // It should never include user-generated data, such as file contents. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. Response *structpb.Struct `protobuf:"bytes,17,opt,name=response,proto3" json:"response,omitempty"` // Other service-specific data about the request, response, and other // information associated with the current audited event. Metadata *structpb.Struct `protobuf:"bytes,18,opt,name=metadata,proto3" json:"metadata,omitempty"` - // Deprecated: Use `metadata` field instead. - // Other service-specific data about the request, response, and other - // activities. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. - ServiceData *structpb.Struct `protobuf:"bytes,15,opt,name=service_data,json=serviceData,proto3" json:"service_data,omitempty"` } func (x *AuditLog) Reset() { *x = AuditLog{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[3] + mi := &file_audit_v1_audit_event_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -503,7 +314,7 @@ func (x *AuditLog) String() string { func (*AuditLog) ProtoMessage() {} func (x *AuditLog) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[3] + mi := &file_audit_v1_audit_event_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -516,7 +327,7 @@ func (x *AuditLog) ProtoReflect() protoreflect.Message { // Deprecated: Use AuditLog.ProtoReflect.Descriptor instead. func (*AuditLog) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{3} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{1} } func (x *AuditLog) GetServiceName() string { @@ -527,8 +338,8 @@ func (x *AuditLog) GetServiceName() string { } func (x *AuditLog) GetMethodName() string { - if x != nil { - return x.MethodName + if x != nil && x.MethodName != nil { + return *x.MethodName } return "" } @@ -540,34 +351,6 @@ func (x *AuditLog) GetResourceName() string { return "" } -func (x *AuditLog) GetResourceLocation() *ResourceLocation { - if x != nil { - return x.ResourceLocation - } - return nil -} - -func (x *AuditLog) GetResourceOriginalState() *structpb.Struct { - if x != nil { - return x.ResourceOriginalState - } - return nil -} - -func (x *AuditLog) GetNumResponseItems() int64 { - if x != nil { - return x.NumResponseItems - } - return 0 -} - -func (x *AuditLog) GetStatus() *RpcStatus { - if x != nil { - return x.Status - } - return nil -} - func (x *AuditLog) GetAuthenticationInfo() *AuthenticationInfo { if x != nil { return x.AuthenticationInfo @@ -596,6 +379,20 @@ func (x *AuditLog) GetRequest() *structpb.Struct { return nil } +func (x *AuditLog) GetStatus() *ResponseStatus { + if x != nil { + return x.Status + } + return nil +} + +func (x *AuditLog) GetNumResponseItems() int64 { + if x != nil && x.NumResponseItems != nil { + return *x.NumResponseItems + } + return 0 +} + func (x *AuditLog) GetResponse() *structpb.Struct { if x != nil { return x.Response @@ -610,55 +407,34 @@ func (x *AuditLog) GetMetadata() *structpb.Struct { return nil } -func (x *AuditLog) GetServiceData() *structpb.Struct { - if x != nil { - return x.ServiceData - } - return nil -} - // Authentication information for the operation. type AuthenticationInfo struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The email address of the authenticated user (or service account on behalf - // of third party principal) making the request. For third party identity - // callers, the `principal_subject` field is populated instead of this field. - // For privacy reasons, the principal email address is sometimes redacted. - // For more information, see [Caller identities in audit - // logs](https://cloud.google.com/logging/docs/audit#user-id). - PrincipalEmail string `protobuf:"bytes,1,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"` - // The authority selector specified by the requestor, if any. - // It is not guaranteed that the principal was allowed to use this authority. - AuthoritySelector string `protobuf:"bytes,2,opt,name=authority_selector,json=authoritySelector,proto3" json:"authority_selector,omitempty"` - // The third party identification (if any) of the authenticated user making - // the request. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. - ThirdPartyPrincipal *structpb.Struct `protobuf:"bytes,4,opt,name=third_party_principal,json=thirdPartyPrincipal,proto3" json:"third_party_principal,omitempty"` - // The name of the service account key used to create or exchange + // Principal id + PrincipalId string `protobuf:"bytes,1,opt,name=principal_id,json=principalId,proto3" json:"principal_id,omitempty"` + // The email address of the authenticated user + PrincipalEmail string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"` + // The name of the service account used to create or exchange // credentials for authenticating the service account making the request. - // This is a scheme-less URI full resource name. For example: + // Example: // - // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" - ServiceAccountKeyName string `protobuf:"bytes,5,opt,name=service_account_key_name,json=serviceAccountKeyName,proto3" json:"service_account_key_name,omitempty"` + // "projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}" + ServiceAccountName *string `protobuf:"bytes,5,opt,name=service_account_name,json=serviceAccountName,proto3,oneof" json:"service_account_name,omitempty"` // Identity delegation history of an authenticated service account that makes // the request. It contains information on the real authorities that try to - // access GCP resources by delegating on a service account. When multiple + // access STACKIT resources by delegating on a service account. When multiple // authorities present, they are guaranteed to be sorted based on the original // ordering of the identity delegation events. ServiceAccountDelegationInfo []*ServiceAccountDelegationInfo `protobuf:"bytes,6,rep,name=service_account_delegation_info,json=serviceAccountDelegationInfo,proto3" json:"service_account_delegation_info,omitempty"` - // String representation of identity of requesting party. - // Populated for both first and third party identities. - PrincipalSubject string `protobuf:"bytes,8,opt,name=principal_subject,json=principalSubject,proto3" json:"principal_subject,omitempty"` } func (x *AuthenticationInfo) Reset() { *x = AuthenticationInfo{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[4] + mi := &file_audit_v1_audit_event_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -671,7 +447,7 @@ func (x *AuthenticationInfo) String() string { func (*AuthenticationInfo) ProtoMessage() {} func (x *AuthenticationInfo) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[4] + mi := &file_audit_v1_audit_event_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -684,7 +460,14 @@ func (x *AuthenticationInfo) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthenticationInfo.ProtoReflect.Descriptor instead. func (*AuthenticationInfo) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{2} +} + +func (x *AuthenticationInfo) GetPrincipalId() string { + if x != nil { + return x.PrincipalId + } + return "" } func (x *AuthenticationInfo) GetPrincipalEmail() string { @@ -694,23 +477,9 @@ func (x *AuthenticationInfo) GetPrincipalEmail() string { return "" } -func (x *AuthenticationInfo) GetAuthoritySelector() string { - if x != nil { - return x.AuthoritySelector - } - return "" -} - -func (x *AuthenticationInfo) GetThirdPartyPrincipal() *structpb.Struct { - if x != nil { - return x.ThirdPartyPrincipal - } - return nil -} - -func (x *AuthenticationInfo) GetServiceAccountKeyName() string { - if x != nil { - return x.ServiceAccountKeyName +func (x *AuthenticationInfo) GetServiceAccountName() string { + if x != nil && x.ServiceAccountName != nil { + return *x.ServiceAccountName } return "" } @@ -722,19 +491,13 @@ func (x *AuthenticationInfo) GetServiceAccountDelegationInfo() []*ServiceAccount return nil } -func (x *AuthenticationInfo) GetPrincipalSubject() string { - if x != nil { - return x.PrincipalSubject - } - return "" -} - // Authorization information for the operation. type AuthorizationInfo struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // TODO check example // The resource being accessed, as a REST-style string. For example: // // bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID @@ -749,14 +512,14 @@ type AuthorizationInfo struct { // // To get the whole view of the attributes used in IAM // condition evaluation, the user must also look into - // `AuditLogData.request_metadata.request_attributes`. + // `AuditLog.request_metadata.request_attributes`. ResourceAttributes *AttributeContext_Resource `protobuf:"bytes,5,opt,name=resource_attributes,json=resourceAttributes,proto3" json:"resource_attributes,omitempty"` } func (x *AuthorizationInfo) Reset() { *x = AuthorizationInfo{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[5] + mi := &file_audit_v1_audit_event_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -769,7 +532,7 @@ func (x *AuthorizationInfo) String() string { func (*AuthorizationInfo) ProtoMessage() {} func (x *AuthorizationInfo) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[5] + mi := &file_audit_v1_audit_event_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -782,7 +545,7 @@ func (x *AuthorizationInfo) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthorizationInfo.ProtoReflect.Descriptor instead. func (*AuthorizationInfo) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{5} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{3} } func (x *AuthorizationInfo) GetResource() string { @@ -813,7 +576,8 @@ func (x *AuthorizationInfo) GetResourceAttributes() *AttributeContext_Resource { return nil } -// This message defines the standard attribute vocabulary for Google APIs. +// TODO check description +// This message defines the standard attribute vocabulary for STACKIT APIs. // // An attribute is a piece of metadata that describes an activity on a network // service. For example, the size of an HTTP request, or the status code of @@ -839,7 +603,7 @@ type AttributeContext struct { func (x *AttributeContext) Reset() { *x = AttributeContext{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[6] + mi := &file_audit_v1_audit_event_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -852,7 +616,7 @@ func (x *AttributeContext) String() string { func (*AttributeContext) ProtoMessage() {} func (x *AttributeContext) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[6] + mi := &file_audit_v1_audit_event_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -865,7 +629,7 @@ func (x *AttributeContext) ProtoReflect() protoreflect.Message { // Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead. func (*AttributeContext) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4} } // Metadata about the request. @@ -876,14 +640,10 @@ type RequestMetadata struct { // The IP address of the caller. // For caller from internet, this will be public IPv4 or IPv6 address. - // For caller from a Compute Engine VM with external IP address, this - // will be the VM's external IP address. For caller from a Compute - // Engine VM without external IP address, if the VM is in the same - // organization (or project) as the accessed resource, `caller_ip` will - // be the VM's internal IPv4 address, otherwise the `caller_ip` will be - // redacted to "gce-internal-ip". - // See https://cloud.google.com/compute/docs/vpc/ for more information. + // For caller from a VM / K8s Service / etc, this + // will be the SIT proxy's IPv4 address. CallerIp string `protobuf:"bytes,1,opt,name=caller_ip,json=callerIp,proto3" json:"caller_ip,omitempty"` + // TODO check description // The user agent of the caller. // This information is not authenticated and should be treated accordingly. // For example: @@ -898,14 +658,7 @@ type RequestMetadata struct { // // The request was made from the `my-project` App Engine app. CallerSuppliedUserAgent string `protobuf:"bytes,2,opt,name=caller_supplied_user_agent,json=callerSuppliedUserAgent,proto3" json:"caller_supplied_user_agent,omitempty"` - // The network of the caller. - // Set only if the network host project is part of the same GCP organization - // (or project) as the accessed resource. - // See https://cloud.google.com/compute/docs/vpc/ for more information. - // This is a scheme-less URI full resource name. For example: - // - // "//compute.googleapis.com/projects/PROJECT_ID/global/networks/NETWORK_ID" - CallerNetwork string `protobuf:"bytes,3,opt,name=caller_network,json=callerNetwork,proto3" json:"caller_network,omitempty"` + // TODO check description // Request attributes used in IAM condition evaluation. This field contains // request attributes like request time and access levels associated with // the request. @@ -914,18 +667,12 @@ type RequestMetadata struct { // condition evaluation, the user must also look into // `AuditLog.authentication_info.resource_attributes`. RequestAttributes *AttributeContext_Request `protobuf:"bytes,7,opt,name=request_attributes,json=requestAttributes,proto3" json:"request_attributes,omitempty"` - // The destination of a network activity, such as accepting a TCP connection. - // In a multi hop network activity, the destination represents the receiver of - // the last hop. Only two fields are used in this message, Peer.port and - // Peer.ip. These fields are optionally populated by those services utilizing - // the IAM condition feature. - DestinationAttributes *AttributeContext_Peer `protobuf:"bytes,8,opt,name=destination_attributes,json=destinationAttributes,proto3" json:"destination_attributes,omitempty"` } func (x *RequestMetadata) Reset() { *x = RequestMetadata{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[7] + mi := &file_audit_v1_audit_event_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -938,7 +685,7 @@ func (x *RequestMetadata) String() string { func (*RequestMetadata) ProtoMessage() {} func (x *RequestMetadata) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[7] + mi := &file_audit_v1_audit_event_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -951,7 +698,7 @@ func (x *RequestMetadata) ProtoReflect() protoreflect.Message { // Deprecated: Use RequestMetadata.ProtoReflect.Descriptor instead. func (*RequestMetadata) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{5} } func (x *RequestMetadata) GetCallerIp() string { @@ -968,13 +715,6 @@ func (x *RequestMetadata) GetCallerSuppliedUserAgent() string { return "" } -func (x *RequestMetadata) GetCallerNetwork() string { - if x != nil { - return x.CallerNetwork - } - return "" -} - func (x *RequestMetadata) GetRequestAttributes() *AttributeContext_Request { if x != nil { return x.RequestAttributes @@ -982,125 +722,40 @@ func (x *RequestMetadata) GetRequestAttributes() *AttributeContext_Request { return nil } -func (x *RequestMetadata) GetDestinationAttributes() *AttributeContext_Peer { - if x != nil { - return x.DestinationAttributes - } - return nil -} - -// Location information about a resource. -type ResourceLocation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The locations of a resource after the execution of the operation. - // Requests to create or delete a location based resource must populate - // the 'current_locations' field and not the 'original_locations' field. - // For example: - // - // "europe-west1-a" - // "us-east1" - // "nam3" - CurrentLocations []string `protobuf:"bytes,1,rep,name=current_locations,json=currentLocations,proto3" json:"current_locations,omitempty"` - // The locations of a resource prior to the execution of the operation. - // Requests that mutate the resource's location must populate both the - // 'original_locations' as well as the 'current_locations' fields. - // For example: - // - // "europe-west1-a" - // "us-east1" - // "nam3" - OriginalLocations []string `protobuf:"bytes,2,rep,name=original_locations,json=originalLocations,proto3" json:"original_locations,omitempty"` -} - -func (x *ResourceLocation) Reset() { - *x = ResourceLocation{} - if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ResourceLocation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ResourceLocation) ProtoMessage() {} - -func (x *ResourceLocation) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ResourceLocation.ProtoReflect.Descriptor instead. -func (*ResourceLocation) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{8} -} - -func (x *ResourceLocation) GetCurrentLocations() []string { - if x != nil { - return x.CurrentLocations - } - return nil -} - -func (x *ResourceLocation) GetOriginalLocations() []string { - if x != nil { - return x.OriginalLocations - } - return nil -} - // The `Status` type defines a logical error model that is suitable for -// different programming environments, including REST APIs and RPC APIs. It is -// used by [gRPC](https://github.com/grpc). Each `Status` message contains -// three pieces of data: error code, error message, and error details. -// -// You can find out more about this error model and how to work with it in the -// [API Design Guide](https://cloud.google.com/apis/design/errors). -type RpcStatus struct { +// different programming environments, including REST APIs and RPC APIs. +// Each `ResponseStatus` message contains three pieces of data: +// error code, error message, and error details. +type ResponseStatus struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. + // The http or gRPC status code. Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"` - // A developer-facing error message, which should be in English. Any - // user-facing error message should be localized and sent in the - // [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. + // Short description of the error Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` - // A list of messages that carry the error details. There is a common set of - // message types for APIs to use. - Details []*anypb.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"` + // Error details + Details []*structpb.Struct `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"` } -func (x *RpcStatus) Reset() { - *x = RpcStatus{} +func (x *ResponseStatus) Reset() { + *x = ResponseStatus{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[9] + mi := &file_audit_v1_audit_event_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } -func (x *RpcStatus) String() string { +func (x *ResponseStatus) String() string { return protoimpl.X.MessageStringOf(x) } -func (*RpcStatus) ProtoMessage() {} +func (*ResponseStatus) ProtoMessage() {} -func (x *RpcStatus) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[9] +func (x *ResponseStatus) ProtoReflect() protoreflect.Message { + mi := &file_audit_v1_audit_event_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1111,26 +766,26 @@ func (x *RpcStatus) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use RpcStatus.ProtoReflect.Descriptor instead. -func (*RpcStatus) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{9} +// Deprecated: Use ResponseStatus.ProtoReflect.Descriptor instead. +func (*ResponseStatus) Descriptor() ([]byte, []int) { + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6} } -func (x *RpcStatus) GetCode() int32 { +func (x *ResponseStatus) GetCode() int32 { if x != nil { return x.Code } return 0 } -func (x *RpcStatus) GetMessage() string { +func (x *ResponseStatus) GetMessage() string { if x != nil { return x.Message } return "" } -func (x *RpcStatus) GetDetails() []*anypb.Any { +func (x *ResponseStatus) GetDetails() []*structpb.Struct { if x != nil { return x.Details } @@ -1148,15 +803,15 @@ type ServiceAccountDelegationInfo struct { // // Types that are assignable to Authority: // - // *ServiceAccountDelegationInfo_FirstPartyPrincipal_ - // *ServiceAccountDelegationInfo_ThirdPartyPrincipal_ + // *ServiceAccountDelegationInfo_SystemPrincipal_ + // *ServiceAccountDelegationInfo_IdpPrincipal_ Authority isServiceAccountDelegationInfo_Authority `protobuf_oneof:"Authority"` } func (x *ServiceAccountDelegationInfo) Reset() { *x = ServiceAccountDelegationInfo{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[10] + mi := &file_audit_v1_audit_event_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1169,7 +824,7 @@ func (x *ServiceAccountDelegationInfo) String() string { func (*ServiceAccountDelegationInfo) ProtoMessage() {} func (x *ServiceAccountDelegationInfo) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[10] + mi := &file_audit_v1_audit_event_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1182,7 +837,7 @@ func (x *ServiceAccountDelegationInfo) ProtoReflect() protoreflect.Message { // Deprecated: Use ServiceAccountDelegationInfo.ProtoReflect.Descriptor instead. func (*ServiceAccountDelegationInfo) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{10} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7} } func (m *ServiceAccountDelegationInfo) GetAuthority() isServiceAccountDelegationInfo_Authority { @@ -1192,16 +847,16 @@ func (m *ServiceAccountDelegationInfo) GetAuthority() isServiceAccountDelegation return nil } -func (x *ServiceAccountDelegationInfo) GetFirstPartyPrincipal() *ServiceAccountDelegationInfo_FirstPartyPrincipal { - if x, ok := x.GetAuthority().(*ServiceAccountDelegationInfo_FirstPartyPrincipal_); ok { - return x.FirstPartyPrincipal +func (x *ServiceAccountDelegationInfo) GetSystemPrincipal() *ServiceAccountDelegationInfo_SystemPrincipal { + if x, ok := x.GetAuthority().(*ServiceAccountDelegationInfo_SystemPrincipal_); ok { + return x.SystemPrincipal } return nil } -func (x *ServiceAccountDelegationInfo) GetThirdPartyPrincipal() *ServiceAccountDelegationInfo_ThirdPartyPrincipal { - if x, ok := x.GetAuthority().(*ServiceAccountDelegationInfo_ThirdPartyPrincipal_); ok { - return x.ThirdPartyPrincipal +func (x *ServiceAccountDelegationInfo) GetIdpPrincipal() *ServiceAccountDelegationInfo_IdpPrincipal { + if x, ok := x.GetAuthority().(*ServiceAccountDelegationInfo_IdpPrincipal_); ok { + return x.IdpPrincipal } return nil } @@ -1210,185 +865,19 @@ type isServiceAccountDelegationInfo_Authority interface { isServiceAccountDelegationInfo_Authority() } -type ServiceAccountDelegationInfo_FirstPartyPrincipal_ struct { - // First party (Google) identity as the real authority. - FirstPartyPrincipal *ServiceAccountDelegationInfo_FirstPartyPrincipal `protobuf:"bytes,1,opt,name=first_party_principal,json=firstPartyPrincipal,proto3,oneof"` +type ServiceAccountDelegationInfo_SystemPrincipal_ struct { + // System identity + SystemPrincipal *ServiceAccountDelegationInfo_SystemPrincipal `protobuf:"bytes,1,opt,name=system_principal,json=systemPrincipal,proto3,oneof"` } -type ServiceAccountDelegationInfo_ThirdPartyPrincipal_ struct { - // Third party identity as the real authority. - ThirdPartyPrincipal *ServiceAccountDelegationInfo_ThirdPartyPrincipal `protobuf:"bytes,2,opt,name=third_party_principal,json=thirdPartyPrincipal,proto3,oneof"` +type ServiceAccountDelegationInfo_IdpPrincipal_ struct { + // STACKIT IDP identity + IdpPrincipal *ServiceAccountDelegationInfo_IdpPrincipal `protobuf:"bytes,2,opt,name=idp_principal,json=idpPrincipal,proto3,oneof"` } -func (*ServiceAccountDelegationInfo_FirstPartyPrincipal_) isServiceAccountDelegationInfo_Authority() { -} +func (*ServiceAccountDelegationInfo_SystemPrincipal_) isServiceAccountDelegationInfo_Authority() {} -func (*ServiceAccountDelegationInfo_ThirdPartyPrincipal_) isServiceAccountDelegationInfo_Authority() { -} - -// Additional information used to correlate multiple LogEntries. Used when a -// single LogEntry would exceed the Google Cloud Logging size limit and is split -// across multiple entries. -type LogSplit struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A globally unique identifier for all LogEntries in a sequence of split - // logs. All LogEntries with the same |LogSplit.uid| are assumed to be part of - // the same sequence of split logs. - Uid string `protobuf:"bytes,1,opt,name=uid,proto3" json:"uid,omitempty"` - // The index of this LogEntry in the sequence of split logs. LogEntries are - // given |index| values 0, 1, ..., n-1 for a sequence of n entries. - Index int32 `protobuf:"varint,2,opt,name=index,proto3" json:"index,omitempty"` - // The total number of logs that the original LogEntry was split into. - TotalSplits int32 `protobuf:"varint,3,opt,name=total_splits,json=totalSplits,proto3" json:"total_splits,omitempty"` -} - -func (x *LogSplit) Reset() { - *x = LogSplit{} - if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LogSplit) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LogSplit) ProtoMessage() {} - -func (x *LogSplit) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LogSplit.ProtoReflect.Descriptor instead. -func (*LogSplit) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{11} -} - -func (x *LogSplit) GetUid() string { - if x != nil { - return x.Uid - } - return "" -} - -func (x *LogSplit) GetIndex() int32 { - if x != nil { - return x.Index - } - return 0 -} - -func (x *LogSplit) GetTotalSplits() int32 { - if x != nil { - return x.TotalSplits - } - return 0 -} - -// This message defines attributes for a node that handles a network request. -// The node can be either a service or an application that sends, forwards, -// or receives the request. Service peers should fill in -// `principal` and `labels` as appropriate. -type AttributeContext_Peer struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The IP address of the peer. - Ip string `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"` - // The network port of the peer. - Port int64 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` - // The labels associated with the peer. - Labels map[string]string `protobuf:"bytes,6,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // The identity of this peer. Similar to `Request.auth.principal`, but - // relative to the peer instead of the request. For example, the - // idenity associated with a load balancer that forwared the request. - Principal string `protobuf:"bytes,7,opt,name=principal,proto3" json:"principal,omitempty"` - // The CLDR country/region code associated with the above IP address. - // If the IP address is private, the `region_code` should reflect the - // physical location where this peer is running. - RegionCode string `protobuf:"bytes,8,opt,name=region_code,json=regionCode,proto3" json:"region_code,omitempty"` -} - -func (x *AttributeContext_Peer) Reset() { - *x = AttributeContext_Peer{} - if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AttributeContext_Peer) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AttributeContext_Peer) ProtoMessage() {} - -func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AttributeContext_Peer.ProtoReflect.Descriptor instead. -func (*AttributeContext_Peer) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6, 0} -} - -func (x *AttributeContext_Peer) GetIp() string { - if x != nil { - return x.Ip - } - return "" -} - -func (x *AttributeContext_Peer) GetPort() int64 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *AttributeContext_Peer) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *AttributeContext_Peer) GetPrincipal() string { - if x != nil { - return x.Principal - } - return "" -} - -func (x *AttributeContext_Peer) GetRegionCode() string { - if x != nil { - return x.RegionCode - } - return "" -} +func (*ServiceAccountDelegationInfo_IdpPrincipal_) isServiceAccountDelegationInfo_Authority() {} // This message defines request authentication attributes. Terminology is // based on the JSON Web Token (JWT) standard, but the terms also @@ -1398,12 +887,14 @@ type AttributeContext_Auth struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // TODO check description // The authenticated principal. Reflects the issuer (`iss`) and subject // (`sub`) claims within a JWT. The issuer and subject should be `/` // delimited, with `/` percent-encoded within the subject fragment. For // Google accounts, the principal format is: // "https://accounts.google.com/{id}" Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"` + // TODO check description // The intended audience(s) for this authentication information. Reflects // the audience (`aud`) claim within a JWT. The audience // value(s) depends on the `issuer`, but typically include one or more of @@ -1419,11 +910,13 @@ type AttributeContext_Auth struct { // Consult the documentation for the credential issuer to determine the // information provided. Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` + // TODO check description // The authorized presenter of the credential. Reflects the optional // Authorized Presenter (`azp`) claim within a JWT or the // OAuth client id. For example, a Google Cloud Platform client id looks // as follows: "123456789012.apps.googleusercontent.com". Presenter string `protobuf:"bytes,3,opt,name=presenter,proto3" json:"presenter,omitempty"` + // TODO check description // Structured claims presented with the credential. JWTs include // `{key: value}` pairs for standard and private claims. The following // is a subset of the standard required and optional claims that would @@ -1440,6 +933,7 @@ type AttributeContext_Auth struct { // SAML assertions are similarly specified, but with an identity provider // dependent structure. Claims *structpb.Struct `protobuf:"bytes,4,opt,name=claims,proto3" json:"claims,omitempty"` + // TODO check description // A list of access level resource names that allow resources to be // accessed by authenticated requester. It is part of Secure GCP processing // for the incoming request. An access level string has the format: @@ -1453,7 +947,7 @@ type AttributeContext_Auth struct { func (x *AttributeContext_Auth) Reset() { *x = AttributeContext_Auth{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[15] + mi := &file_audit_v1_audit_event_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1466,7 +960,7 @@ func (x *AttributeContext_Auth) String() string { func (*AttributeContext_Auth) ProtoMessage() {} func (x *AttributeContext_Auth) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[15] + mi := &file_audit_v1_audit_event_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1479,7 +973,7 @@ func (x *AttributeContext_Auth) ProtoReflect() protoreflect.Message { // Deprecated: Use AttributeContext_Auth.ProtoReflect.Descriptor instead. func (*AttributeContext_Auth) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6, 1} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 0} } func (x *AttributeContext_Auth) GetPrincipal() string { @@ -1547,16 +1041,11 @@ type AttributeContext_Request struct { // The timestamp when the `destination` service receives the first byte of // the request. Time *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=time,proto3" json:"time,omitempty"` - // The HTTP request size in bytes. If unknown, it must be -1. - Size int64 `protobuf:"varint,10,opt,name=size,proto3" json:"size,omitempty"` // The network protocol used with the request, such as "http/1.1", // "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids // for details. Protocol string `protobuf:"bytes,11,opt,name=protocol,proto3" json:"protocol,omitempty"` - // A special parameter for request reason. It is used by security systems - // to associate auditing information with a request. - Reason string `protobuf:"bytes,12,opt,name=reason,proto3" json:"reason,omitempty"` // The request authentication. May be absent for unauthenticated requests. // Derived from the HTTP request `Authorization` header or equivalent. Auth *AttributeContext_Auth `protobuf:"bytes,13,opt,name=auth,proto3" json:"auth,omitempty"` @@ -1565,7 +1054,7 @@ type AttributeContext_Request struct { func (x *AttributeContext_Request) Reset() { *x = AttributeContext_Request{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[16] + mi := &file_audit_v1_audit_event_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1578,7 +1067,7 @@ func (x *AttributeContext_Request) String() string { func (*AttributeContext_Request) ProtoMessage() {} func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[16] + mi := &file_audit_v1_audit_event_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1591,7 +1080,7 @@ func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message { // Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead. func (*AttributeContext_Request) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6, 2} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 1} } func (x *AttributeContext_Request) GetId() string { @@ -1650,13 +1139,6 @@ func (x *AttributeContext_Request) GetTime() *timestamppb.Timestamp { return nil } -func (x *AttributeContext_Request) GetSize() int64 { - if x != nil { - return x.Size - } - return 0 -} - func (x *AttributeContext_Request) GetProtocol() string { if x != nil { return x.Protocol @@ -1664,13 +1146,6 @@ func (x *AttributeContext_Request) GetProtocol() string { return "" } -func (x *AttributeContext_Request) GetReason() string { - if x != nil { - return x.Reason - } - return "" -} - func (x *AttributeContext_Request) GetAuth() *AttributeContext_Auth { if x != nil { return x.Auth @@ -1701,7 +1176,7 @@ type AttributeContext_Response struct { func (x *AttributeContext_Response) Reset() { *x = AttributeContext_Response{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[17] + mi := &file_audit_v1_audit_event_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1714,7 +1189,7 @@ func (x *AttributeContext_Response) String() string { func (*AttributeContext_Response) ProtoMessage() {} func (x *AttributeContext_Response) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[17] + mi := &file_audit_v1_audit_event_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1727,7 +1202,7 @@ func (x *AttributeContext_Response) ProtoReflect() protoreflect.Message { // Deprecated: Use AttributeContext_Response.ProtoReflect.Descriptor instead. func (*AttributeContext_Response) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6, 3} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 2} } func (x *AttributeContext_Response) GetCode() int64 { @@ -1766,10 +1241,12 @@ type AttributeContext_Resource struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // TODO check description // The name of the service that this resource belongs to, such as // `pubsub.googleapis.com`. The service may be different from the DNS // hostname that actually serves the request. Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"` + // TODO check description // The stable identifier (name) of a resource on the `service`. A resource // can be logically identified as "//{resource.service}/{resource.name}". // The differences between a resource name and a URI are: @@ -1783,11 +1260,13 @@ type AttributeContext_Resource struct { // // See https://cloud.google.com/apis/design/resource_names for details. Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + // TODO check description // The type of the resource. The syntax is platform-specific because // different platforms define their resources differently. // // For Google APIs, the type format must be "{service}/{kind}". Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` + // TODO check description (AWS) // The labels or tags on the resource, such as AWS resource tags and // Kubernetes resource labels. Labels map[string]string `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` @@ -1796,7 +1275,7 @@ type AttributeContext_Resource struct { func (x *AttributeContext_Resource) Reset() { *x = AttributeContext_Resource{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[18] + mi := &file_audit_v1_audit_event_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1809,7 +1288,7 @@ func (x *AttributeContext_Resource) String() string { func (*AttributeContext_Resource) ProtoMessage() {} func (x *AttributeContext_Resource) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[18] + mi := &file_audit_v1_audit_event_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1822,7 +1301,7 @@ func (x *AttributeContext_Resource) ProtoReflect() protoreflect.Message { // Deprecated: Use AttributeContext_Resource.ProtoReflect.Descriptor instead. func (*AttributeContext_Resource) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6, 4} + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 3} } func (x *AttributeContext_Resource) GetService() string { @@ -1853,35 +1332,33 @@ func (x *AttributeContext_Resource) GetLabels() map[string]string { return nil } -// First party identity principal. -type ServiceAccountDelegationInfo_FirstPartyPrincipal struct { +// Anonymous system principal to be used when no user identity is available. +type ServiceAccountDelegationInfo_SystemPrincipal struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The email address of a Google account. - PrincipalEmail string `protobuf:"bytes,1,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"` // Metadata about the service that uses the service account. - ServiceMetadata *structpb.Struct `protobuf:"bytes,2,opt,name=service_metadata,json=serviceMetadata,proto3" json:"service_metadata,omitempty"` + ServiceMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=service_metadata,json=serviceMetadata,proto3" json:"service_metadata,omitempty"` } -func (x *ServiceAccountDelegationInfo_FirstPartyPrincipal) Reset() { - *x = ServiceAccountDelegationInfo_FirstPartyPrincipal{} +func (x *ServiceAccountDelegationInfo_SystemPrincipal) Reset() { + *x = ServiceAccountDelegationInfo_SystemPrincipal{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[23] + mi := &file_audit_v1_audit_event_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } -func (x *ServiceAccountDelegationInfo_FirstPartyPrincipal) String() string { +func (x *ServiceAccountDelegationInfo_SystemPrincipal) String() string { return protoimpl.X.MessageStringOf(x) } -func (*ServiceAccountDelegationInfo_FirstPartyPrincipal) ProtoMessage() {} +func (*ServiceAccountDelegationInfo_SystemPrincipal) ProtoMessage() {} -func (x *ServiceAccountDelegationInfo_FirstPartyPrincipal) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[23] +func (x *ServiceAccountDelegationInfo_SystemPrincipal) ProtoReflect() protoreflect.Message { + mi := &file_audit_v1_audit_event_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1892,52 +1369,49 @@ func (x *ServiceAccountDelegationInfo_FirstPartyPrincipal) ProtoReflect() protor return mi.MessageOf(x) } -// Deprecated: Use ServiceAccountDelegationInfo_FirstPartyPrincipal.ProtoReflect.Descriptor instead. -func (*ServiceAccountDelegationInfo_FirstPartyPrincipal) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{10, 0} +// Deprecated: Use ServiceAccountDelegationInfo_SystemPrincipal.ProtoReflect.Descriptor instead. +func (*ServiceAccountDelegationInfo_SystemPrincipal) Descriptor() ([]byte, []int) { + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7, 0} } -func (x *ServiceAccountDelegationInfo_FirstPartyPrincipal) GetPrincipalEmail() string { - if x != nil { - return x.PrincipalEmail - } - return "" -} - -func (x *ServiceAccountDelegationInfo_FirstPartyPrincipal) GetServiceMetadata() *structpb.Struct { +func (x *ServiceAccountDelegationInfo_SystemPrincipal) GetServiceMetadata() *structpb.Struct { if x != nil { return x.ServiceMetadata } return nil } -// Third party identity principal. -type ServiceAccountDelegationInfo_ThirdPartyPrincipal struct { +// STACKIT idp principal. +type ServiceAccountDelegationInfo_IdpPrincipal struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Metadata about third party identity. - ThirdPartyClaims *structpb.Struct `protobuf:"bytes,1,opt,name=third_party_claims,json=thirdPartyClaims,proto3" json:"third_party_claims,omitempty"` + // STACKIT principal id + PrincipalId string `protobuf:"bytes,1,opt,name=principal_id,json=principalId,proto3" json:"principal_id,omitempty"` + // Optional email address + PrincipalEmail *string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3,oneof" json:"principal_email,omitempty"` + // Metadata about the service that uses the service account. + ServiceMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=service_metadata,json=serviceMetadata,proto3" json:"service_metadata,omitempty"` } -func (x *ServiceAccountDelegationInfo_ThirdPartyPrincipal) Reset() { - *x = ServiceAccountDelegationInfo_ThirdPartyPrincipal{} +func (x *ServiceAccountDelegationInfo_IdpPrincipal) Reset() { + *x = ServiceAccountDelegationInfo_IdpPrincipal{} if protoimpl.UnsafeEnabled { - mi := &file_audit_v1_audit_event_proto_msgTypes[24] + mi := &file_audit_v1_audit_event_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } -func (x *ServiceAccountDelegationInfo_ThirdPartyPrincipal) String() string { +func (x *ServiceAccountDelegationInfo_IdpPrincipal) String() string { return protoimpl.X.MessageStringOf(x) } -func (*ServiceAccountDelegationInfo_ThirdPartyPrincipal) ProtoMessage() {} +func (*ServiceAccountDelegationInfo_IdpPrincipal) ProtoMessage() {} -func (x *ServiceAccountDelegationInfo_ThirdPartyPrincipal) ProtoReflect() protoreflect.Message { - mi := &file_audit_v1_audit_event_proto_msgTypes[24] +func (x *ServiceAccountDelegationInfo_IdpPrincipal) ProtoReflect() protoreflect.Message { + mi := &file_audit_v1_audit_event_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1948,14 +1422,28 @@ func (x *ServiceAccountDelegationInfo_ThirdPartyPrincipal) ProtoReflect() protor return mi.MessageOf(x) } -// Deprecated: Use ServiceAccountDelegationInfo_ThirdPartyPrincipal.ProtoReflect.Descriptor instead. -func (*ServiceAccountDelegationInfo_ThirdPartyPrincipal) Descriptor() ([]byte, []int) { - return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{10, 1} +// Deprecated: Use ServiceAccountDelegationInfo_IdpPrincipal.ProtoReflect.Descriptor instead. +func (*ServiceAccountDelegationInfo_IdpPrincipal) Descriptor() ([]byte, []int) { + return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7, 1} } -func (x *ServiceAccountDelegationInfo_ThirdPartyPrincipal) GetThirdPartyClaims() *structpb.Struct { +func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetPrincipalId() string { if x != nil { - return x.ThirdPartyClaims + return x.PrincipalId + } + return "" +} + +func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetPrincipalEmail() string { + if x != nil && x.PrincipalEmail != nil { + return *x.PrincipalEmail + } + return "" +} + +func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetServiceMetadata() *structpb.Struct { + if x != nil { + return x.ServiceMetadata } return nil } @@ -1974,305 +1462,224 @@ var file_audit_v1_audit_event_proto_rawDesc = []byte{ 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf5, 0x04, 0x0a, 0x0a, 0x41, 0x75, 0x64, 0x69, 0x74, 0x45, 0x76, - 0x65, 0x6e, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, - 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1b, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x6f, 0x6e, 0x69, - 0x74, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x08, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x37, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x5f, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, - 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, - 0x6f, 0x67, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, - 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x6e, 0x73, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x38, 0x0a, - 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, - 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x45, 0x76, - 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x39, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x61, 0x75, 0x64, - 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x4f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x47, 0x0a, 0x11, - 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, - 0x61, 0x6d, 0x70, 0x52, 0x10, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x54, 0x69, 0x6d, 0x65, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd0, 0x03, 0x0a, 0x0d, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, + 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x37, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x5f, 0x70, 0x61, 0x79, 0x6c, 0x6f, + 0x61, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x52, 0x0c, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x6e, + 0x73, 0x65, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, + 0x6e, 0x73, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x3b, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, + 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, + 0x76, 0x31, 0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, + 0x62, 0x65, 0x6c, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x72, 0x65, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, + 0x72, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x38, 0x0a, 0x09, 0x74, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x31, 0x0a, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x52, 0x08, - 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x72, 0x61, 0x63, - 0x65, 0x18, 0x16, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x72, 0x61, 0x63, 0x65, 0x12, 0x17, - 0x0a, 0x07, 0x73, 0x70, 0x61, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x73, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x12, 0x28, 0x0a, 0x05, 0x73, 0x70, 0x6c, 0x69, 0x74, - 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, - 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x70, 0x6c, 0x69, 0x74, 0x52, 0x05, 0x73, 0x70, 0x6c, 0x69, - 0x74, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa3, 0x01, 0x0a, - 0x11, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3f, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, - 0x31, 0x2e, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0x69, 0x0a, 0x11, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x4f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x64, 0x75, - 0x63, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x64, 0x75, - 0x63, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x61, 0x73, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x6c, 0x61, 0x73, 0x74, 0x22, 0xa2, 0x06, - 0x0a, 0x08, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, - 0x0b, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, - 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, - 0x61, 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4f, 0x0a, 0x17, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, - 0x6c, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, + 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x72, 0x61, 0x63, + 0x65, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x16, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x74, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x74, + 0x72, 0x61, 0x63, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0a, 0x74, 0x72, 0x61, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x1a, 0x39, 0x0a, 0x0b, + 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x82, 0x05, 0x0a, 0x08, 0x41, 0x75, 0x64, 0x69, + 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0b, 0x6d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, + 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x23, 0x0a, + 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x4d, 0x0a, 0x13, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1c, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, + 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x12, 0x61, + 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, + 0x6f, 0x12, 0x4a, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, + 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x11, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, + 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, + 0x76, 0x31, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x52, 0x0f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x12, 0x31, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x10, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x30, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x31, 0x0a, 0x12, 0x6e, 0x75, 0x6d, 0x5f, + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x0c, + 0x20, 0x01, 0x28, 0x03, 0x48, 0x01, 0x52, 0x10, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x08, 0x72, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x15, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x0a, - 0x12, 0x6e, 0x75, 0x6d, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x69, 0x74, - 0x65, 0x6d, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x75, 0x6d, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x2b, 0x0a, 0x06, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x75, - 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x4d, 0x0a, 0x13, 0x61, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, - 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, - 0x6e, 0x66, 0x6f, 0x52, 0x12, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4a, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x09, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, - 0x52, 0x11, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, - 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x10, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x6d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, - 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x0f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x31, 0x0a, 0x07, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, - 0x75, 0x63, 0x74, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x33, 0x0a, 0x08, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x08, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3a, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, - 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x61, - 0x74, 0x61, 0x22, 0x8e, 0x03, 0x0a, 0x12, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x69, - 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0e, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x45, 0x6d, 0x61, - 0x69, 0x6c, 0x12, 0x2d, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, - 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x12, 0x4b, 0x0a, 0x15, 0x74, 0x68, 0x69, 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, - 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x13, 0x74, 0x68, 0x69, 0x72, 0x64, - 0x50, 0x61, 0x72, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x37, - 0x0a, 0x18, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x15, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x4b, 0x65, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x6d, 0x0a, 0x1f, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x64, 0x65, 0x6c, 0x65, 0x67, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x26, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x1c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2b, 0x0a, 0x11, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, - 0x70, 0x61, 0x6c, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x10, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x53, 0x75, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x22, 0xbf, 0x01, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x6d, 0x69, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64, 0x12, - 0x54, 0x0a, 0x13, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, + 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x08, 0x6d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x6e, 0x75, 0x6d, 0x5f, 0x72, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x22, 0x9f, 0x02, 0x0a, + 0x12, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, + 0x6e, 0x66, 0x6f, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, + 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x69, 0x6e, 0x63, + 0x69, 0x70, 0x61, 0x6c, 0x49, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, + 0x70, 0x61, 0x6c, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0e, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x12, + 0x35, 0x0a, 0x14, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, + 0x12, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x4e, + 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x6d, 0x0a, 0x1f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x26, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x1c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xbf, + 0x01, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, + 0x12, 0x18, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64, 0x12, 0x54, 0x0a, 0x13, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, + 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, + 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, + 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x12, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, + 0x22, 0x9d, 0x08, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, + 0x6e, 0x74, 0x65, 0x78, 0x74, 0x1a, 0xb6, 0x01, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68, 0x12, 0x1c, + 0x0a, 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, + 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x09, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x72, + 0x65, 0x73, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, + 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2f, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, + 0x6d, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, + 0x74, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x1a, 0x8f, + 0x03, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x12, 0x49, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, 0x0a, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, + 0x68, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x71, 0x75, + 0x65, 0x72, 0x79, 0x12, 0x2e, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, + 0x69, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, + 0x33, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, + 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x52, 0x04, + 0x61, 0x75, 0x74, 0x68, 0x1a, 0x3a, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0xea, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, + 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x4a, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x73, 0x12, 0x2e, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, + 0x65, 0x1a, 0x3a, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xd0, 0x01, + 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x47, 0x0a, 0x06, + 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x12, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x73, 0x22, 0xb5, 0x0a, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x1a, 0xe9, 0x01, 0x0a, 0x04, 0x50, - 0x65, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x02, 0x69, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x43, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, - 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, - 0x65, 0x78, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1c, 0x0a, 0x09, - 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, - 0x67, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x64, 0x65, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xb6, 0x01, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68, 0x12, - 0x1c, 0x0a, 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x1c, 0x0a, - 0x09, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x09, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x70, - 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2f, 0x0a, 0x06, 0x63, 0x6c, 0x61, - 0x69, 0x6d, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, - 0x63, 0x74, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x73, 0x1a, - 0xbb, 0x03, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, - 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x12, 0x49, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, - 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x14, - 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x71, - 0x75, 0x65, 0x72, 0x79, 0x12, 0x2e, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, - 0x74, 0x69, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0a, 0x20, 0x01, - 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x0c, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x33, 0x0a, 0x04, - 0x61, 0x75, 0x74, 0x68, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x75, 0x64, + 0x65, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0xbe, 0x01, 0x0a, 0x0f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x69, + 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x49, + 0x70, 0x12, 0x3b, 0x0a, 0x1a, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x70, 0x70, + 0x6c, 0x69, 0x65, 0x64, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x53, 0x75, 0x70, + 0x70, 0x6c, 0x69, 0x65, 0x64, 0x55, 0x73, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x51, + 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, - 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x52, 0x04, 0x61, 0x75, 0x74, - 0x68, 0x1a, 0x3a, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xea, 0x01, - 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, - 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x12, - 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, - 0x7a, 0x65, 0x12, 0x4a, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2e, - 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x1a, 0x3a, - 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xd0, 0x01, 0x0a, 0x08, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x47, 0x0a, 0x06, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x61, 0x75, 0x64, 0x69, - 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, - 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xbd, 0x02, - 0x0a, 0x0f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, - 0x61, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x69, 0x70, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x49, 0x70, 0x12, 0x3b, - 0x0a, 0x1a, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6c, 0x69, 0x65, - 0x64, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x17, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x53, 0x75, 0x70, 0x70, 0x6c, 0x69, - 0x65, 0x64, 0x55, 0x73, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x63, - 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x12, 0x51, 0x0a, 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x61, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, - 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x56, 0x0a, 0x16, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, - 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, - 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x52, 0x15, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x22, 0x6e, 0x0a, - 0x10, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x63, 0x75, - 0x72, 0x72, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2d, - 0x0a, 0x12, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x6f, 0x72, 0x69, 0x67, - 0x69, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x69, 0x0a, - 0x09, 0x52, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, - 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, - 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, - 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, - 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0xf2, 0x03, 0x0a, 0x1c, 0x53, 0x65, 0x72, + 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x11, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, + 0x73, 0x22, 0x71, 0x0a, 0x0e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x12, 0x31, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x07, 0x64, 0x65, 0x74, + 0x61, 0x69, 0x6c, 0x73, 0x22, 0xfd, 0x03, 0x0a, 0x1c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x63, 0x0a, 0x10, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, + 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x36, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x50, 0x72, + 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x0f, 0x73, 0x79, 0x73, 0x74, 0x65, + 0x6d, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x5a, 0x0a, 0x0d, 0x69, 0x64, + 0x70, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x33, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x70, 0x0a, 0x15, 0x66, 0x69, 0x72, - 0x73, 0x74, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, - 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x61, 0x75, 0x64, 0x69, 0x74, - 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, - 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, - 0x2e, 0x46, 0x69, 0x72, 0x73, 0x74, 0x50, 0x61, 0x72, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6e, 0x63, - 0x69, 0x70, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x13, 0x66, 0x69, 0x72, 0x73, 0x74, 0x50, 0x61, 0x72, - 0x74, 0x79, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x70, 0x0a, 0x15, 0x74, - 0x68, 0x69, 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, - 0x69, 0x70, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x61, 0x75, 0x64, - 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, - 0x66, 0x6f, 0x2e, 0x54, 0x68, 0x69, 0x72, 0x64, 0x50, 0x61, 0x72, 0x74, 0x79, 0x50, 0x72, 0x69, - 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x13, 0x74, 0x68, 0x69, 0x72, 0x64, 0x50, - 0x61, 0x72, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x1a, 0x82, 0x01, - 0x0a, 0x13, 0x46, 0x69, 0x72, 0x73, 0x74, 0x50, 0x61, 0x72, 0x74, 0x79, 0x50, 0x72, 0x69, 0x6e, - 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, - 0x61, 0x6c, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, - 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x42, - 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, - 0x74, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x1a, 0x5c, 0x0a, 0x13, 0x54, 0x68, 0x69, 0x72, 0x64, 0x50, 0x61, 0x72, 0x74, 0x79, - 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x45, 0x0a, 0x12, 0x74, 0x68, 0x69, - 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x5f, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x10, - 0x74, 0x68, 0x69, 0x72, 0x64, 0x50, 0x61, 0x72, 0x74, 0x79, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, - 0x42, 0x0b, 0x0a, 0x09, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x55, 0x0a, - 0x08, 0x4c, 0x6f, 0x67, 0x53, 0x70, 0x6c, 0x69, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x69, - 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, - 0x78, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x73, 0x70, 0x6c, 0x69, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x53, 0x70, - 0x6c, 0x69, 0x74, 0x73, 0x2a, 0x82, 0x01, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x65, 0x76, 0x65, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x49, 0x64, 0x70, 0x50, 0x72, 0x69, + 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x0c, 0x69, 0x64, 0x70, 0x50, 0x72, 0x69, + 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x1a, 0x55, 0x0a, 0x0f, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, + 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x42, 0x0a, 0x10, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0f, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0xb7, 0x01, + 0x0a, 0x0c, 0x49, 0x64, 0x70, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x21, + 0x0a, 0x0c, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x49, + 0x64, 0x12, 0x2c, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x65, + 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x70, 0x72, + 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x88, 0x01, 0x01, 0x12, + 0x42, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, + 0x63, 0x74, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, + 0x6c, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x42, 0x0b, 0x0a, 0x09, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x2a, 0x82, 0x01, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x64, 0x12, 0x09, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0xc8, 0x01, 0x12, 0x0b, 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, 0x43, @@ -2305,81 +1712,62 @@ func file_audit_v1_audit_event_proto_rawDescGZIP() []byte { } var file_audit_v1_audit_event_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_audit_v1_audit_event_proto_msgTypes = make([]protoimpl.MessageInfo, 25) +var file_audit_v1_audit_event_proto_msgTypes = make([]protoimpl.MessageInfo, 18) var file_audit_v1_audit_event_proto_goTypes = []interface{}{ (LogSeverity)(0), // 0: audit.v1.LogSeverity - (*AuditEvent)(nil), // 1: audit.v1.AuditEvent - (*MonitoredResource)(nil), // 2: audit.v1.MonitoredResource - (*LogEntryOperation)(nil), // 3: audit.v1.LogEntryOperation - (*AuditLog)(nil), // 4: audit.v1.AuditLog - (*AuthenticationInfo)(nil), // 5: audit.v1.AuthenticationInfo - (*AuthorizationInfo)(nil), // 6: audit.v1.AuthorizationInfo - (*AttributeContext)(nil), // 7: audit.v1.AttributeContext - (*RequestMetadata)(nil), // 8: audit.v1.RequestMetadata - (*ResourceLocation)(nil), // 9: audit.v1.ResourceLocation - (*RpcStatus)(nil), // 10: audit.v1.RpcStatus - (*ServiceAccountDelegationInfo)(nil), // 11: audit.v1.ServiceAccountDelegationInfo - (*LogSplit)(nil), // 12: audit.v1.LogSplit - nil, // 13: audit.v1.AuditEvent.LabelsEntry - nil, // 14: audit.v1.MonitoredResource.LabelsEntry - (*AttributeContext_Peer)(nil), // 15: audit.v1.AttributeContext.Peer - (*AttributeContext_Auth)(nil), // 16: audit.v1.AttributeContext.Auth - (*AttributeContext_Request)(nil), // 17: audit.v1.AttributeContext.Request - (*AttributeContext_Response)(nil), // 18: audit.v1.AttributeContext.Response - (*AttributeContext_Resource)(nil), // 19: audit.v1.AttributeContext.Resource - nil, // 20: audit.v1.AttributeContext.Peer.LabelsEntry - nil, // 21: audit.v1.AttributeContext.Request.HeadersEntry - nil, // 22: audit.v1.AttributeContext.Response.HeadersEntry - nil, // 23: audit.v1.AttributeContext.Resource.LabelsEntry - (*ServiceAccountDelegationInfo_FirstPartyPrincipal)(nil), // 24: audit.v1.ServiceAccountDelegationInfo.FirstPartyPrincipal - (*ServiceAccountDelegationInfo_ThirdPartyPrincipal)(nil), // 25: audit.v1.ServiceAccountDelegationInfo.ThirdPartyPrincipal - (*timestamppb.Timestamp)(nil), // 26: google.protobuf.Timestamp - (*structpb.Struct)(nil), // 27: google.protobuf.Struct - (*anypb.Any)(nil), // 28: google.protobuf.Any + (*AuditLogEntry)(nil), // 1: audit.v1.AuditLogEntry + (*AuditLog)(nil), // 2: audit.v1.AuditLog + (*AuthenticationInfo)(nil), // 3: audit.v1.AuthenticationInfo + (*AuthorizationInfo)(nil), // 4: audit.v1.AuthorizationInfo + (*AttributeContext)(nil), // 5: audit.v1.AttributeContext + (*RequestMetadata)(nil), // 6: audit.v1.RequestMetadata + (*ResponseStatus)(nil), // 7: audit.v1.ResponseStatus + (*ServiceAccountDelegationInfo)(nil), // 8: audit.v1.ServiceAccountDelegationInfo + nil, // 9: audit.v1.AuditLogEntry.LabelsEntry + (*AttributeContext_Auth)(nil), // 10: audit.v1.AttributeContext.Auth + (*AttributeContext_Request)(nil), // 11: audit.v1.AttributeContext.Request + (*AttributeContext_Response)(nil), // 12: audit.v1.AttributeContext.Response + (*AttributeContext_Resource)(nil), // 13: audit.v1.AttributeContext.Resource + nil, // 14: audit.v1.AttributeContext.Request.HeadersEntry + nil, // 15: audit.v1.AttributeContext.Response.HeadersEntry + nil, // 16: audit.v1.AttributeContext.Resource.LabelsEntry + (*ServiceAccountDelegationInfo_SystemPrincipal)(nil), // 17: audit.v1.ServiceAccountDelegationInfo.SystemPrincipal + (*ServiceAccountDelegationInfo_IdpPrincipal)(nil), // 18: audit.v1.ServiceAccountDelegationInfo.IdpPrincipal + (*timestamppb.Timestamp)(nil), // 19: google.protobuf.Timestamp + (*structpb.Struct)(nil), // 20: google.protobuf.Struct } var file_audit_v1_audit_event_proto_depIdxs = []int32{ - 2, // 0: audit.v1.AuditEvent.resource:type_name -> audit.v1.MonitoredResource - 4, // 1: audit.v1.AuditEvent.proto_payload:type_name -> audit.v1.AuditLog - 13, // 2: audit.v1.AuditEvent.labels:type_name -> audit.v1.AuditEvent.LabelsEntry - 3, // 3: audit.v1.AuditEvent.operation:type_name -> audit.v1.LogEntryOperation - 26, // 4: audit.v1.AuditEvent.timestamp:type_name -> google.protobuf.Timestamp - 26, // 5: audit.v1.AuditEvent.receive_timestamp:type_name -> google.protobuf.Timestamp - 0, // 6: audit.v1.AuditEvent.severity:type_name -> audit.v1.LogSeverity - 12, // 7: audit.v1.AuditEvent.split:type_name -> audit.v1.LogSplit - 14, // 8: audit.v1.MonitoredResource.labels:type_name -> audit.v1.MonitoredResource.LabelsEntry - 9, // 9: audit.v1.AuditLog.resource_location:type_name -> audit.v1.ResourceLocation - 27, // 10: audit.v1.AuditLog.resource_original_state:type_name -> google.protobuf.Struct - 10, // 11: audit.v1.AuditLog.status:type_name -> audit.v1.RpcStatus - 5, // 12: audit.v1.AuditLog.authentication_info:type_name -> audit.v1.AuthenticationInfo - 6, // 13: audit.v1.AuditLog.authorization_info:type_name -> audit.v1.AuthorizationInfo - 8, // 14: audit.v1.AuditLog.request_metadata:type_name -> audit.v1.RequestMetadata - 27, // 15: audit.v1.AuditLog.request:type_name -> google.protobuf.Struct - 27, // 16: audit.v1.AuditLog.response:type_name -> google.protobuf.Struct - 27, // 17: audit.v1.AuditLog.metadata:type_name -> google.protobuf.Struct - 27, // 18: audit.v1.AuditLog.service_data:type_name -> google.protobuf.Struct - 27, // 19: audit.v1.AuthenticationInfo.third_party_principal:type_name -> google.protobuf.Struct - 11, // 20: audit.v1.AuthenticationInfo.service_account_delegation_info:type_name -> audit.v1.ServiceAccountDelegationInfo - 19, // 21: audit.v1.AuthorizationInfo.resource_attributes:type_name -> audit.v1.AttributeContext.Resource - 17, // 22: audit.v1.RequestMetadata.request_attributes:type_name -> audit.v1.AttributeContext.Request - 15, // 23: audit.v1.RequestMetadata.destination_attributes:type_name -> audit.v1.AttributeContext.Peer - 28, // 24: audit.v1.RpcStatus.details:type_name -> google.protobuf.Any - 24, // 25: audit.v1.ServiceAccountDelegationInfo.first_party_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.FirstPartyPrincipal - 25, // 26: audit.v1.ServiceAccountDelegationInfo.third_party_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.ThirdPartyPrincipal - 20, // 27: audit.v1.AttributeContext.Peer.labels:type_name -> audit.v1.AttributeContext.Peer.LabelsEntry - 27, // 28: audit.v1.AttributeContext.Auth.claims:type_name -> google.protobuf.Struct - 21, // 29: audit.v1.AttributeContext.Request.headers:type_name -> audit.v1.AttributeContext.Request.HeadersEntry - 26, // 30: audit.v1.AttributeContext.Request.time:type_name -> google.protobuf.Timestamp - 16, // 31: audit.v1.AttributeContext.Request.auth:type_name -> audit.v1.AttributeContext.Auth - 22, // 32: audit.v1.AttributeContext.Response.headers:type_name -> audit.v1.AttributeContext.Response.HeadersEntry - 26, // 33: audit.v1.AttributeContext.Response.time:type_name -> google.protobuf.Timestamp - 23, // 34: audit.v1.AttributeContext.Resource.labels:type_name -> audit.v1.AttributeContext.Resource.LabelsEntry - 27, // 35: audit.v1.ServiceAccountDelegationInfo.FirstPartyPrincipal.service_metadata:type_name -> google.protobuf.Struct - 27, // 36: audit.v1.ServiceAccountDelegationInfo.ThirdPartyPrincipal.third_party_claims:type_name -> google.protobuf.Struct - 37, // [37:37] is the sub-list for method output_type - 37, // [37:37] is the sub-list for method input_type - 37, // [37:37] is the sub-list for extension type_name - 37, // [37:37] is the sub-list for extension extendee - 0, // [0:37] is the sub-list for field type_name + 2, // 0: audit.v1.AuditLogEntry.proto_payload:type_name -> audit.v1.AuditLog + 9, // 1: audit.v1.AuditLogEntry.labels:type_name -> audit.v1.AuditLogEntry.LabelsEntry + 19, // 2: audit.v1.AuditLogEntry.timestamp:type_name -> google.protobuf.Timestamp + 0, // 3: audit.v1.AuditLogEntry.severity:type_name -> audit.v1.LogSeverity + 3, // 4: audit.v1.AuditLog.authentication_info:type_name -> audit.v1.AuthenticationInfo + 4, // 5: audit.v1.AuditLog.authorization_info:type_name -> audit.v1.AuthorizationInfo + 6, // 6: audit.v1.AuditLog.request_metadata:type_name -> audit.v1.RequestMetadata + 20, // 7: audit.v1.AuditLog.request:type_name -> google.protobuf.Struct + 7, // 8: audit.v1.AuditLog.status:type_name -> audit.v1.ResponseStatus + 20, // 9: audit.v1.AuditLog.response:type_name -> google.protobuf.Struct + 20, // 10: audit.v1.AuditLog.metadata:type_name -> google.protobuf.Struct + 8, // 11: audit.v1.AuthenticationInfo.service_account_delegation_info:type_name -> audit.v1.ServiceAccountDelegationInfo + 13, // 12: audit.v1.AuthorizationInfo.resource_attributes:type_name -> audit.v1.AttributeContext.Resource + 11, // 13: audit.v1.RequestMetadata.request_attributes:type_name -> audit.v1.AttributeContext.Request + 20, // 14: audit.v1.ResponseStatus.details:type_name -> google.protobuf.Struct + 17, // 15: audit.v1.ServiceAccountDelegationInfo.system_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.SystemPrincipal + 18, // 16: audit.v1.ServiceAccountDelegationInfo.idp_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.IdpPrincipal + 20, // 17: audit.v1.AttributeContext.Auth.claims:type_name -> google.protobuf.Struct + 14, // 18: audit.v1.AttributeContext.Request.headers:type_name -> audit.v1.AttributeContext.Request.HeadersEntry + 19, // 19: audit.v1.AttributeContext.Request.time:type_name -> google.protobuf.Timestamp + 10, // 20: audit.v1.AttributeContext.Request.auth:type_name -> audit.v1.AttributeContext.Auth + 15, // 21: audit.v1.AttributeContext.Response.headers:type_name -> audit.v1.AttributeContext.Response.HeadersEntry + 19, // 22: audit.v1.AttributeContext.Response.time:type_name -> google.protobuf.Timestamp + 16, // 23: audit.v1.AttributeContext.Resource.labels:type_name -> audit.v1.AttributeContext.Resource.LabelsEntry + 20, // 24: audit.v1.ServiceAccountDelegationInfo.SystemPrincipal.service_metadata:type_name -> google.protobuf.Struct + 20, // 25: audit.v1.ServiceAccountDelegationInfo.IdpPrincipal.service_metadata:type_name -> google.protobuf.Struct + 26, // [26:26] is the sub-list for method output_type + 26, // [26:26] is the sub-list for method input_type + 26, // [26:26] is the sub-list for extension type_name + 26, // [26:26] is the sub-list for extension extendee + 0, // [0:26] is the sub-list for field type_name } func init() { file_audit_v1_audit_event_proto_init() } @@ -2390,7 +1778,7 @@ func file_audit_v1_audit_event_proto_init() { file_audit_v1_common_proto_init() if !protoimpl.UnsafeEnabled { file_audit_v1_audit_event_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AuditEvent); i { + switch v := v.(*AuditLogEntry); i { case 0: return &v.state case 1: @@ -2402,30 +1790,6 @@ func file_audit_v1_audit_event_proto_init() { } } file_audit_v1_audit_event_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MonitoredResource); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_audit_v1_audit_event_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LogEntryOperation); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_audit_v1_audit_event_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuditLog); i { case 0: return &v.state @@ -2437,7 +1801,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuthenticationInfo); i { case 0: return &v.state @@ -2449,7 +1813,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuthorizationInfo); i { case 0: return &v.state @@ -2461,7 +1825,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttributeContext); i { case 0: return &v.state @@ -2473,7 +1837,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RequestMetadata); i { case 0: return &v.state @@ -2485,8 +1849,8 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResourceLocation); i { + file_audit_v1_audit_event_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ResponseStatus); i { case 0: return &v.state case 1: @@ -2497,19 +1861,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RpcStatus); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_audit_v1_audit_event_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ServiceAccountDelegationInfo); i { case 0: return &v.state @@ -2521,31 +1873,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LogSplit); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_audit_v1_audit_event_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttributeContext_Peer); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_audit_v1_audit_event_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttributeContext_Auth); i { case 0: return &v.state @@ -2557,7 +1885,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttributeContext_Request); i { case 0: return &v.state @@ -2569,7 +1897,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttributeContext_Response); i { case 0: return &v.state @@ -2581,7 +1909,7 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + file_audit_v1_audit_event_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttributeContext_Resource); i { case 0: return &v.state @@ -2593,8 +1921,8 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceAccountDelegationInfo_FirstPartyPrincipal); i { + file_audit_v1_audit_event_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceAccountDelegationInfo_SystemPrincipal); i { case 0: return &v.state case 1: @@ -2605,8 +1933,8 @@ func file_audit_v1_audit_event_proto_init() { return nil } } - file_audit_v1_audit_event_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceAccountDelegationInfo_ThirdPartyPrincipal); i { + file_audit_v1_audit_event_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceAccountDelegationInfo_IdpPrincipal); i { case 0: return &v.state case 1: @@ -2618,17 +1946,20 @@ func file_audit_v1_audit_event_proto_init() { } } } - file_audit_v1_audit_event_proto_msgTypes[10].OneofWrappers = []interface{}{ - (*ServiceAccountDelegationInfo_FirstPartyPrincipal_)(nil), - (*ServiceAccountDelegationInfo_ThirdPartyPrincipal_)(nil), + file_audit_v1_audit_event_proto_msgTypes[1].OneofWrappers = []interface{}{} + file_audit_v1_audit_event_proto_msgTypes[2].OneofWrappers = []interface{}{} + file_audit_v1_audit_event_proto_msgTypes[7].OneofWrappers = []interface{}{ + (*ServiceAccountDelegationInfo_SystemPrincipal_)(nil), + (*ServiceAccountDelegationInfo_IdpPrincipal_)(nil), } + file_audit_v1_audit_event_proto_msgTypes[17].OneofWrappers = []interface{}{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_audit_v1_audit_event_proto_rawDesc, NumEnums: 1, - NumMessages: 25, + NumMessages: 18, NumExtensions: 0, NumServices: 0, }, diff --git a/gen/go/audit/v1/audit_event.pb.validate.go b/gen/go/audit/v1/audit_event.pb.validate.go index f9cebe0..ee81e9b 100644 --- a/gen/go/audit/v1/audit_event.pb.validate.go +++ b/gen/go/audit/v1/audit_event.pb.validate.go @@ -35,22 +35,22 @@ var ( _ = sort.Sort ) -// Validate checks the field values on AuditEvent with the rules defined in the -// proto definition for this message. If any rules are violated, the first +// Validate checks the field values on AuditLogEntry with the rules defined in +// the proto definition for this message. If any rules are violated, the first // error encountered is returned, or nil if there are no violations. -func (m *AuditEvent) Validate() error { +func (m *AuditLogEntry) Validate() error { return m.validate(false) } -// ValidateAll checks the field values on AuditEvent with the rules defined in -// the proto definition for this message. If any rules are violated, the -// result is a list of violation errors wrapped in AuditEventMultiError, or +// ValidateAll checks the field values on AuditLogEntry with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AuditLogEntryMultiError, or // nil if none found. -func (m *AuditEvent) ValidateAll() error { +func (m *AuditLogEntry) ValidateAll() error { return m.validate(true) } -func (m *AuditEvent) validate(all bool) error { +func (m *AuditLogEntry) validate(all bool) error { if m == nil { return nil } @@ -59,40 +59,11 @@ func (m *AuditEvent) validate(all bool) error { // no validation rules for LogName - if all { - switch v := interface{}(m.GetResource()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "Resource", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "Resource", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetResource()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditEventValidationError{ - field: "Resource", - reason: "embedded message failed validation", - cause: err, - } - } - } - if all { switch v := interface{}(m.GetProtoPayload()).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditEventValidationError{ + errors = append(errors, AuditLogEntryValidationError{ field: "ProtoPayload", reason: "embedded message failed validation", cause: err, @@ -100,7 +71,7 @@ func (m *AuditEvent) validate(all bool) error { } case interface{ Validate() error }: if err := v.Validate(); err != nil { - errors = append(errors, AuditEventValidationError{ + errors = append(errors, AuditLogEntryValidationError{ field: "ProtoPayload", reason: "embedded message failed validation", cause: err, @@ -109,7 +80,7 @@ func (m *AuditEvent) validate(all bool) error { } } else if v, ok := interface{}(m.GetProtoPayload()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { - return AuditEventValidationError{ + return AuditLogEntryValidationError{ field: "ProtoPayload", reason: "embedded message failed validation", cause: err, @@ -121,40 +92,13 @@ func (m *AuditEvent) validate(all bool) error { // no validation rules for Labels - if all { - switch v := interface{}(m.GetOperation()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "Operation", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "Operation", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetOperation()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditEventValidationError{ - field: "Operation", - reason: "embedded message failed validation", - cause: err, - } - } - } + // no validation rules for CorrelationId if all { switch v := interface{}(m.GetTimestamp()).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditEventValidationError{ + errors = append(errors, AuditLogEntryValidationError{ field: "Timestamp", reason: "embedded message failed validation", cause: err, @@ -162,7 +106,7 @@ func (m *AuditEvent) validate(all bool) error { } case interface{ Validate() error }: if err := v.Validate(); err != nil { - errors = append(errors, AuditEventValidationError{ + errors = append(errors, AuditLogEntryValidationError{ field: "Timestamp", reason: "embedded message failed validation", cause: err, @@ -171,7 +115,7 @@ func (m *AuditEvent) validate(all bool) error { } } else if v, ok := interface{}(m.GetTimestamp()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { - return AuditEventValidationError{ + return AuditLogEntryValidationError{ field: "Timestamp", reason: "embedded message failed validation", cause: err, @@ -179,187 +123,26 @@ func (m *AuditEvent) validate(all bool) error { } } - if all { - switch v := interface{}(m.GetReceiveTimestamp()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "ReceiveTimestamp", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "ReceiveTimestamp", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetReceiveTimestamp()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditEventValidationError{ - field: "ReceiveTimestamp", - reason: "embedded message failed validation", - cause: err, - } - } - } - // no validation rules for Severity - // no validation rules for Trace + // no validation rules for TraceParent - // no validation rules for SpanId - - if all { - switch v := interface{}(m.GetSplit()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "Split", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditEventValidationError{ - field: "Split", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetSplit()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditEventValidationError{ - field: "Split", - reason: "embedded message failed validation", - cause: err, - } - } - } + // no validation rules for TraceState if len(errors) > 0 { - return AuditEventMultiError(errors) + return AuditLogEntryMultiError(errors) } return nil } -// AuditEventMultiError is an error wrapping multiple validation errors -// returned by AuditEvent.ValidateAll() if the designated constraints aren't met. -type AuditEventMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m AuditEventMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m AuditEventMultiError) AllErrors() []error { return m } - -// AuditEventValidationError is the validation error returned by -// AuditEvent.Validate if the designated constraints aren't met. -type AuditEventValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e AuditEventValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e AuditEventValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e AuditEventValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e AuditEventValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e AuditEventValidationError) ErrorName() string { return "AuditEventValidationError" } - -// Error satisfies the builtin error interface -func (e AuditEventValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sAuditEvent.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = AuditEventValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = AuditEventValidationError{} - -// Validate checks the field values on MonitoredResource with the rules defined -// in the proto definition for this message. If any rules are violated, the -// first error encountered is returned, or nil if there are no violations. -func (m *MonitoredResource) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on MonitoredResource with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// MonitoredResourceMultiError, or nil if none found. -func (m *MonitoredResource) ValidateAll() error { - return m.validate(true) -} - -func (m *MonitoredResource) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for Type - - // no validation rules for Labels - - if len(errors) > 0 { - return MonitoredResourceMultiError(errors) - } - - return nil -} - -// MonitoredResourceMultiError is an error wrapping multiple validation errors -// returned by MonitoredResource.ValidateAll() if the designated constraints +// AuditLogEntryMultiError is an error wrapping multiple validation errors +// returned by AuditLogEntry.ValidateAll() if the designated constraints // aren't met. -type MonitoredResourceMultiError []error +type AuditLogEntryMultiError []error // Error returns a concatenation of all the error messages it wraps. -func (m MonitoredResourceMultiError) Error() string { +func (m AuditLogEntryMultiError) Error() string { var msgs []string for _, err := range m { msgs = append(msgs, err.Error()) @@ -368,11 +151,11 @@ func (m MonitoredResourceMultiError) Error() string { } // AllErrors returns a list of validation violation errors. -func (m MonitoredResourceMultiError) AllErrors() []error { return m } +func (m AuditLogEntryMultiError) AllErrors() []error { return m } -// MonitoredResourceValidationError is the validation error returned by -// MonitoredResource.Validate if the designated constraints aren't met. -type MonitoredResourceValidationError struct { +// AuditLogEntryValidationError is the validation error returned by +// AuditLogEntry.Validate if the designated constraints aren't met. +type AuditLogEntryValidationError struct { field string reason string cause error @@ -380,24 +163,22 @@ type MonitoredResourceValidationError struct { } // Field function returns field value. -func (e MonitoredResourceValidationError) Field() string { return e.field } +func (e AuditLogEntryValidationError) Field() string { return e.field } // Reason function returns reason value. -func (e MonitoredResourceValidationError) Reason() string { return e.reason } +func (e AuditLogEntryValidationError) Reason() string { return e.reason } // Cause function returns cause value. -func (e MonitoredResourceValidationError) Cause() error { return e.cause } +func (e AuditLogEntryValidationError) Cause() error { return e.cause } // Key function returns key value. -func (e MonitoredResourceValidationError) Key() bool { return e.key } +func (e AuditLogEntryValidationError) Key() bool { return e.key } // ErrorName returns error name. -func (e MonitoredResourceValidationError) ErrorName() string { - return "MonitoredResourceValidationError" -} +func (e AuditLogEntryValidationError) ErrorName() string { return "AuditLogEntryValidationError" } // Error satisfies the builtin error interface -func (e MonitoredResourceValidationError) Error() string { +func (e AuditLogEntryValidationError) Error() string { cause := "" if e.cause != nil { cause = fmt.Sprintf(" | caused by: %v", e.cause) @@ -409,14 +190,14 @@ func (e MonitoredResourceValidationError) Error() string { } return fmt.Sprintf( - "invalid %sMonitoredResource.%s: %s%s", + "invalid %sAuditLogEntry.%s: %s%s", key, e.field, e.reason, cause) } -var _ error = MonitoredResourceValidationError{} +var _ error = AuditLogEntryValidationError{} var _ interface { Field() string @@ -424,117 +205,7 @@ var _ interface { Key() bool Cause() error ErrorName() string -} = MonitoredResourceValidationError{} - -// Validate checks the field values on LogEntryOperation with the rules defined -// in the proto definition for this message. If any rules are violated, the -// first error encountered is returned, or nil if there are no violations. -func (m *LogEntryOperation) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on LogEntryOperation with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// LogEntryOperationMultiError, or nil if none found. -func (m *LogEntryOperation) ValidateAll() error { - return m.validate(true) -} - -func (m *LogEntryOperation) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for Id - - // no validation rules for Producer - - // no validation rules for First - - // no validation rules for Last - - if len(errors) > 0 { - return LogEntryOperationMultiError(errors) - } - - return nil -} - -// LogEntryOperationMultiError is an error wrapping multiple validation errors -// returned by LogEntryOperation.ValidateAll() if the designated constraints -// aren't met. -type LogEntryOperationMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m LogEntryOperationMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m LogEntryOperationMultiError) AllErrors() []error { return m } - -// LogEntryOperationValidationError is the validation error returned by -// LogEntryOperation.Validate if the designated constraints aren't met. -type LogEntryOperationValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e LogEntryOperationValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e LogEntryOperationValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e LogEntryOperationValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e LogEntryOperationValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e LogEntryOperationValidationError) ErrorName() string { - return "LogEntryOperationValidationError" -} - -// Error satisfies the builtin error interface -func (e LogEntryOperationValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sLogEntryOperation.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = LogEntryOperationValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = LogEntryOperationValidationError{} +} = AuditLogEntryValidationError{} // Validate checks the field values on AuditLog with the rules defined in the // proto definition for this message. If any rules are violated, the first @@ -560,99 +231,8 @@ func (m *AuditLog) validate(all bool) error { // no validation rules for ServiceName - // no validation rules for MethodName - // no validation rules for ResourceName - if all { - switch v := interface{}(m.GetResourceLocation()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "ResourceLocation", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "ResourceLocation", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetResourceLocation()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditLogValidationError{ - field: "ResourceLocation", - reason: "embedded message failed validation", - cause: err, - } - } - } - - if all { - switch v := interface{}(m.GetResourceOriginalState()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "ResourceOriginalState", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "ResourceOriginalState", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetResourceOriginalState()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditLogValidationError{ - field: "ResourceOriginalState", - reason: "embedded message failed validation", - cause: err, - } - } - } - - // no validation rules for NumResponseItems - - if all { - switch v := interface{}(m.GetStatus()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "Status", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "Status", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetStatus()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditLogValidationError{ - field: "Status", - reason: "embedded message failed validation", - cause: err, - } - } - } - if all { switch v := interface{}(m.GetAuthenticationInfo()).(type) { case interface{ ValidateAll() error }: @@ -774,6 +354,35 @@ func (m *AuditLog) validate(all bool) error { } } + if all { + switch v := interface{}(m.GetStatus()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AuditLogValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AuditLogValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetStatus()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AuditLogValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + } + } + } + if all { switch v := interface{}(m.GetResponse()).(type) { case interface{ ValidateAll() error }: @@ -832,33 +441,12 @@ func (m *AuditLog) validate(all bool) error { } } - if all { - switch v := interface{}(m.GetServiceData()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "ServiceData", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuditLogValidationError{ - field: "ServiceData", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetServiceData()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuditLogValidationError{ - field: "ServiceData", - reason: "embedded message failed validation", - cause: err, - } - } + if m.MethodName != nil { + // no validation rules for MethodName + } + + if m.NumResponseItems != nil { + // no validation rules for NumResponseItems } if len(errors) > 0 { @@ -960,41 +548,10 @@ func (m *AuthenticationInfo) validate(all bool) error { var errors []error + // no validation rules for PrincipalId + // no validation rules for PrincipalEmail - // no validation rules for AuthoritySelector - - if all { - switch v := interface{}(m.GetThirdPartyPrincipal()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, AuthenticationInfoValidationError{ - field: "ThirdPartyPrincipal", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, AuthenticationInfoValidationError{ - field: "ThirdPartyPrincipal", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetThirdPartyPrincipal()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return AuthenticationInfoValidationError{ - field: "ThirdPartyPrincipal", - reason: "embedded message failed validation", - cause: err, - } - } - } - - // no validation rules for ServiceAccountKeyName - for idx, item := range m.GetServiceAccountDelegationInfo() { _, _ = idx, item @@ -1029,7 +586,9 @@ func (m *AuthenticationInfo) validate(all bool) error { } - // no validation rules for PrincipalSubject + if m.ServiceAccountName != nil { + // no validation rules for ServiceAccountName + } if len(errors) > 0 { return AuthenticationInfoMultiError(errors) @@ -1374,8 +933,6 @@ func (m *RequestMetadata) validate(all bool) error { // no validation rules for CallerSuppliedUserAgent - // no validation rules for CallerNetwork - if all { switch v := interface{}(m.GetRequestAttributes()).(type) { case interface{ ValidateAll() error }: @@ -1405,35 +962,6 @@ func (m *RequestMetadata) validate(all bool) error { } } - if all { - switch v := interface{}(m.GetDestinationAttributes()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, RequestMetadataValidationError{ - field: "DestinationAttributes", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, RequestMetadataValidationError{ - field: "DestinationAttributes", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetDestinationAttributes()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return RequestMetadataValidationError{ - field: "DestinationAttributes", - reason: "embedded message failed validation", - cause: err, - } - } - } - if len(errors) > 0 { return RequestMetadataMultiError(errors) } @@ -1512,122 +1040,22 @@ var _ interface { ErrorName() string } = RequestMetadataValidationError{} -// Validate checks the field values on ResourceLocation with the rules defined -// in the proto definition for this message. If any rules are violated, the -// first error encountered is returned, or nil if there are no violations. -func (m *ResourceLocation) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on ResourceLocation with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// ResourceLocationMultiError, or nil if none found. -func (m *ResourceLocation) ValidateAll() error { - return m.validate(true) -} - -func (m *ResourceLocation) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - if len(errors) > 0 { - return ResourceLocationMultiError(errors) - } - - return nil -} - -// ResourceLocationMultiError is an error wrapping multiple validation errors -// returned by ResourceLocation.ValidateAll() if the designated constraints -// aren't met. -type ResourceLocationMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m ResourceLocationMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m ResourceLocationMultiError) AllErrors() []error { return m } - -// ResourceLocationValidationError is the validation error returned by -// ResourceLocation.Validate if the designated constraints aren't met. -type ResourceLocationValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e ResourceLocationValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e ResourceLocationValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e ResourceLocationValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e ResourceLocationValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e ResourceLocationValidationError) ErrorName() string { return "ResourceLocationValidationError" } - -// Error satisfies the builtin error interface -func (e ResourceLocationValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sResourceLocation.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = ResourceLocationValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = ResourceLocationValidationError{} - -// Validate checks the field values on RpcStatus with the rules defined in the -// proto definition for this message. If any rules are violated, the first +// Validate checks the field values on ResponseStatus with the rules defined in +// the proto definition for this message. If any rules are violated, the first // error encountered is returned, or nil if there are no violations. -func (m *RpcStatus) Validate() error { +func (m *ResponseStatus) Validate() error { return m.validate(false) } -// ValidateAll checks the field values on RpcStatus with the rules defined in -// the proto definition for this message. If any rules are violated, the -// result is a list of violation errors wrapped in RpcStatusMultiError, or nil -// if none found. -func (m *RpcStatus) ValidateAll() error { +// ValidateAll checks the field values on ResponseStatus with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in ResponseStatusMultiError, +// or nil if none found. +func (m *ResponseStatus) ValidateAll() error { return m.validate(true) } -func (m *RpcStatus) validate(all bool) error { +func (m *ResponseStatus) validate(all bool) error { if m == nil { return nil } @@ -1645,7 +1073,7 @@ func (m *RpcStatus) validate(all bool) error { switch v := interface{}(item).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { - errors = append(errors, RpcStatusValidationError{ + errors = append(errors, ResponseStatusValidationError{ field: fmt.Sprintf("Details[%v]", idx), reason: "embedded message failed validation", cause: err, @@ -1653,7 +1081,7 @@ func (m *RpcStatus) validate(all bool) error { } case interface{ Validate() error }: if err := v.Validate(); err != nil { - errors = append(errors, RpcStatusValidationError{ + errors = append(errors, ResponseStatusValidationError{ field: fmt.Sprintf("Details[%v]", idx), reason: "embedded message failed validation", cause: err, @@ -1662,7 +1090,7 @@ func (m *RpcStatus) validate(all bool) error { } } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { - return RpcStatusValidationError{ + return ResponseStatusValidationError{ field: fmt.Sprintf("Details[%v]", idx), reason: "embedded message failed validation", cause: err, @@ -1673,18 +1101,19 @@ func (m *RpcStatus) validate(all bool) error { } if len(errors) > 0 { - return RpcStatusMultiError(errors) + return ResponseStatusMultiError(errors) } return nil } -// RpcStatusMultiError is an error wrapping multiple validation errors returned -// by RpcStatus.ValidateAll() if the designated constraints aren't met. -type RpcStatusMultiError []error +// ResponseStatusMultiError is an error wrapping multiple validation errors +// returned by ResponseStatus.ValidateAll() if the designated constraints +// aren't met. +type ResponseStatusMultiError []error // Error returns a concatenation of all the error messages it wraps. -func (m RpcStatusMultiError) Error() string { +func (m ResponseStatusMultiError) Error() string { var msgs []string for _, err := range m { msgs = append(msgs, err.Error()) @@ -1693,11 +1122,11 @@ func (m RpcStatusMultiError) Error() string { } // AllErrors returns a list of validation violation errors. -func (m RpcStatusMultiError) AllErrors() []error { return m } +func (m ResponseStatusMultiError) AllErrors() []error { return m } -// RpcStatusValidationError is the validation error returned by -// RpcStatus.Validate if the designated constraints aren't met. -type RpcStatusValidationError struct { +// ResponseStatusValidationError is the validation error returned by +// ResponseStatus.Validate if the designated constraints aren't met. +type ResponseStatusValidationError struct { field string reason string cause error @@ -1705,22 +1134,22 @@ type RpcStatusValidationError struct { } // Field function returns field value. -func (e RpcStatusValidationError) Field() string { return e.field } +func (e ResponseStatusValidationError) Field() string { return e.field } // Reason function returns reason value. -func (e RpcStatusValidationError) Reason() string { return e.reason } +func (e ResponseStatusValidationError) Reason() string { return e.reason } // Cause function returns cause value. -func (e RpcStatusValidationError) Cause() error { return e.cause } +func (e ResponseStatusValidationError) Cause() error { return e.cause } // Key function returns key value. -func (e RpcStatusValidationError) Key() bool { return e.key } +func (e ResponseStatusValidationError) Key() bool { return e.key } // ErrorName returns error name. -func (e RpcStatusValidationError) ErrorName() string { return "RpcStatusValidationError" } +func (e ResponseStatusValidationError) ErrorName() string { return "ResponseStatusValidationError" } // Error satisfies the builtin error interface -func (e RpcStatusValidationError) Error() string { +func (e ResponseStatusValidationError) Error() string { cause := "" if e.cause != nil { cause = fmt.Sprintf(" | caused by: %v", e.cause) @@ -1732,14 +1161,14 @@ func (e RpcStatusValidationError) Error() string { } return fmt.Sprintf( - "invalid %sRpcStatus.%s: %s%s", + "invalid %sResponseStatus.%s: %s%s", key, e.field, e.reason, cause) } -var _ error = RpcStatusValidationError{} +var _ error = ResponseStatusValidationError{} var _ interface { Field() string @@ -1747,7 +1176,7 @@ var _ interface { Key() bool Cause() error ErrorName() string -} = RpcStatusValidationError{} +} = ResponseStatusValidationError{} // Validate checks the field values on ServiceAccountDelegationInfo with the // rules defined in the proto definition for this message. If any rules are @@ -1772,7 +1201,7 @@ func (m *ServiceAccountDelegationInfo) validate(all bool) error { var errors []error switch v := m.Authority.(type) { - case *ServiceAccountDelegationInfo_FirstPartyPrincipal_: + case *ServiceAccountDelegationInfo_SystemPrincipal_: if v == nil { err := ServiceAccountDelegationInfoValidationError{ field: "Authority", @@ -1785,11 +1214,11 @@ func (m *ServiceAccountDelegationInfo) validate(all bool) error { } if all { - switch v := interface{}(m.GetFirstPartyPrincipal()).(type) { + switch v := interface{}(m.GetSystemPrincipal()).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { errors = append(errors, ServiceAccountDelegationInfoValidationError{ - field: "FirstPartyPrincipal", + field: "SystemPrincipal", reason: "embedded message failed validation", cause: err, }) @@ -1797,23 +1226,23 @@ func (m *ServiceAccountDelegationInfo) validate(all bool) error { case interface{ Validate() error }: if err := v.Validate(); err != nil { errors = append(errors, ServiceAccountDelegationInfoValidationError{ - field: "FirstPartyPrincipal", + field: "SystemPrincipal", reason: "embedded message failed validation", cause: err, }) } } - } else if v, ok := interface{}(m.GetFirstPartyPrincipal()).(interface{ Validate() error }); ok { + } else if v, ok := interface{}(m.GetSystemPrincipal()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ServiceAccountDelegationInfoValidationError{ - field: "FirstPartyPrincipal", + field: "SystemPrincipal", reason: "embedded message failed validation", cause: err, } } } - case *ServiceAccountDelegationInfo_ThirdPartyPrincipal_: + case *ServiceAccountDelegationInfo_IdpPrincipal_: if v == nil { err := ServiceAccountDelegationInfoValidationError{ field: "Authority", @@ -1826,11 +1255,11 @@ func (m *ServiceAccountDelegationInfo) validate(all bool) error { } if all { - switch v := interface{}(m.GetThirdPartyPrincipal()).(type) { + switch v := interface{}(m.GetIdpPrincipal()).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { errors = append(errors, ServiceAccountDelegationInfoValidationError{ - field: "ThirdPartyPrincipal", + field: "IdpPrincipal", reason: "embedded message failed validation", cause: err, }) @@ -1838,16 +1267,16 @@ func (m *ServiceAccountDelegationInfo) validate(all bool) error { case interface{ Validate() error }: if err := v.Validate(); err != nil { errors = append(errors, ServiceAccountDelegationInfoValidationError{ - field: "ThirdPartyPrincipal", + field: "IdpPrincipal", reason: "embedded message failed validation", cause: err, }) } } - } else if v, ok := interface{}(m.GetThirdPartyPrincipal()).(interface{ Validate() error }); ok { + } else if v, ok := interface{}(m.GetIdpPrincipal()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ServiceAccountDelegationInfoValidationError{ - field: "ThirdPartyPrincipal", + field: "IdpPrincipal", reason: "embedded message failed validation", cause: err, } @@ -1939,223 +1368,6 @@ var _ interface { ErrorName() string } = ServiceAccountDelegationInfoValidationError{} -// Validate checks the field values on LogSplit with the rules defined in the -// proto definition for this message. If any rules are violated, the first -// error encountered is returned, or nil if there are no violations. -func (m *LogSplit) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on LogSplit with the rules defined in -// the proto definition for this message. If any rules are violated, the -// result is a list of violation errors wrapped in LogSplitMultiError, or nil -// if none found. -func (m *LogSplit) ValidateAll() error { - return m.validate(true) -} - -func (m *LogSplit) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for Uid - - // no validation rules for Index - - // no validation rules for TotalSplits - - if len(errors) > 0 { - return LogSplitMultiError(errors) - } - - return nil -} - -// LogSplitMultiError is an error wrapping multiple validation errors returned -// by LogSplit.ValidateAll() if the designated constraints aren't met. -type LogSplitMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m LogSplitMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m LogSplitMultiError) AllErrors() []error { return m } - -// LogSplitValidationError is the validation error returned by -// LogSplit.Validate if the designated constraints aren't met. -type LogSplitValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e LogSplitValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e LogSplitValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e LogSplitValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e LogSplitValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e LogSplitValidationError) ErrorName() string { return "LogSplitValidationError" } - -// Error satisfies the builtin error interface -func (e LogSplitValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sLogSplit.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = LogSplitValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = LogSplitValidationError{} - -// Validate checks the field values on AttributeContext_Peer with the rules -// defined in the proto definition for this message. If any rules are -// violated, the first error encountered is returned, or nil if there are no violations. -func (m *AttributeContext_Peer) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on AttributeContext_Peer with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// AttributeContext_PeerMultiError, or nil if none found. -func (m *AttributeContext_Peer) ValidateAll() error { - return m.validate(true) -} - -func (m *AttributeContext_Peer) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for Ip - - // no validation rules for Port - - // no validation rules for Labels - - // no validation rules for Principal - - // no validation rules for RegionCode - - if len(errors) > 0 { - return AttributeContext_PeerMultiError(errors) - } - - return nil -} - -// AttributeContext_PeerMultiError is an error wrapping multiple validation -// errors returned by AttributeContext_Peer.ValidateAll() if the designated -// constraints aren't met. -type AttributeContext_PeerMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m AttributeContext_PeerMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m AttributeContext_PeerMultiError) AllErrors() []error { return m } - -// AttributeContext_PeerValidationError is the validation error returned by -// AttributeContext_Peer.Validate if the designated constraints aren't met. -type AttributeContext_PeerValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e AttributeContext_PeerValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e AttributeContext_PeerValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e AttributeContext_PeerValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e AttributeContext_PeerValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e AttributeContext_PeerValidationError) ErrorName() string { - return "AttributeContext_PeerValidationError" -} - -// Error satisfies the builtin error interface -func (e AttributeContext_PeerValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sAttributeContext_Peer.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = AttributeContext_PeerValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = AttributeContext_PeerValidationError{} - // Validate checks the field values on AttributeContext_Auth with the rules // defined in the proto definition for this message. If any rules are // violated, the first error encountered is returned, or nil if there are no violations. @@ -2356,12 +1568,8 @@ func (m *AttributeContext_Request) validate(all bool) error { } } - // no validation rules for Size - // no validation rules for Protocol - // no validation rules for Reason - if all { switch v := interface{}(m.GetAuth()).(type) { case interface{ ValidateAll() error }: @@ -2719,36 +1927,34 @@ var _ interface { } = AttributeContext_ResourceValidationError{} // Validate checks the field values on -// ServiceAccountDelegationInfo_FirstPartyPrincipal with the rules defined in -// the proto definition for this message. If any rules are violated, the first +// ServiceAccountDelegationInfo_SystemPrincipal with the rules defined in the +// proto definition for this message. If any rules are violated, the first // error encountered is returned, or nil if there are no violations. -func (m *ServiceAccountDelegationInfo_FirstPartyPrincipal) Validate() error { +func (m *ServiceAccountDelegationInfo_SystemPrincipal) Validate() error { return m.validate(false) } // ValidateAll checks the field values on -// ServiceAccountDelegationInfo_FirstPartyPrincipal with the rules defined in -// the proto definition for this message. If any rules are violated, the -// result is a list of violation errors wrapped in -// ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError, or nil if none found. -func (m *ServiceAccountDelegationInfo_FirstPartyPrincipal) ValidateAll() error { +// ServiceAccountDelegationInfo_SystemPrincipal with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in +// ServiceAccountDelegationInfo_SystemPrincipalMultiError, or nil if none found. +func (m *ServiceAccountDelegationInfo_SystemPrincipal) ValidateAll() error { return m.validate(true) } -func (m *ServiceAccountDelegationInfo_FirstPartyPrincipal) validate(all bool) error { +func (m *ServiceAccountDelegationInfo_SystemPrincipal) validate(all bool) error { if m == nil { return nil } var errors []error - // no validation rules for PrincipalEmail - if all { switch v := interface{}(m.GetServiceMetadata()).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { - errors = append(errors, ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError{ + errors = append(errors, ServiceAccountDelegationInfo_SystemPrincipalValidationError{ field: "ServiceMetadata", reason: "embedded message failed validation", cause: err, @@ -2756,7 +1962,7 @@ func (m *ServiceAccountDelegationInfo_FirstPartyPrincipal) validate(all bool) er } case interface{ Validate() error }: if err := v.Validate(); err != nil { - errors = append(errors, ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError{ + errors = append(errors, ServiceAccountDelegationInfo_SystemPrincipalValidationError{ field: "ServiceMetadata", reason: "embedded message failed validation", cause: err, @@ -2765,7 +1971,7 @@ func (m *ServiceAccountDelegationInfo_FirstPartyPrincipal) validate(all bool) er } } else if v, ok := interface{}(m.GetServiceMetadata()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { - return ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError{ + return ServiceAccountDelegationInfo_SystemPrincipalValidationError{ field: "ServiceMetadata", reason: "embedded message failed validation", cause: err, @@ -2774,20 +1980,20 @@ func (m *ServiceAccountDelegationInfo_FirstPartyPrincipal) validate(all bool) er } if len(errors) > 0 { - return ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError(errors) + return ServiceAccountDelegationInfo_SystemPrincipalMultiError(errors) } return nil } -// ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError is an error -// wrapping multiple validation errors returned by -// ServiceAccountDelegationInfo_FirstPartyPrincipal.ValidateAll() if the +// ServiceAccountDelegationInfo_SystemPrincipalMultiError is an error wrapping +// multiple validation errors returned by +// ServiceAccountDelegationInfo_SystemPrincipal.ValidateAll() if the // designated constraints aren't met. -type ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError []error +type ServiceAccountDelegationInfo_SystemPrincipalMultiError []error // Error returns a concatenation of all the error messages it wraps. -func (m ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError) Error() string { +func (m ServiceAccountDelegationInfo_SystemPrincipalMultiError) Error() string { var msgs []string for _, err := range m { msgs = append(msgs, err.Error()) @@ -2796,13 +2002,13 @@ func (m ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError) Error() stri } // AllErrors returns a list of validation violation errors. -func (m ServiceAccountDelegationInfo_FirstPartyPrincipalMultiError) AllErrors() []error { return m } +func (m ServiceAccountDelegationInfo_SystemPrincipalMultiError) AllErrors() []error { return m } -// ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError is the +// ServiceAccountDelegationInfo_SystemPrincipalValidationError is the // validation error returned by -// ServiceAccountDelegationInfo_FirstPartyPrincipal.Validate if the designated +// ServiceAccountDelegationInfo_SystemPrincipal.Validate if the designated // constraints aren't met. -type ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError struct { +type ServiceAccountDelegationInfo_SystemPrincipalValidationError struct { field string reason string cause error @@ -2810,30 +2016,24 @@ type ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError struct { } // Field function returns field value. -func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) Field() string { - return e.field -} +func (e ServiceAccountDelegationInfo_SystemPrincipalValidationError) Field() string { return e.field } // Reason function returns reason value. -func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) Reason() string { - return e.reason -} +func (e ServiceAccountDelegationInfo_SystemPrincipalValidationError) Reason() string { return e.reason } // Cause function returns cause value. -func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) Cause() error { - return e.cause -} +func (e ServiceAccountDelegationInfo_SystemPrincipalValidationError) Cause() error { return e.cause } // Key function returns key value. -func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) Key() bool { return e.key } +func (e ServiceAccountDelegationInfo_SystemPrincipalValidationError) Key() bool { return e.key } // ErrorName returns error name. -func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) ErrorName() string { - return "ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError" +func (e ServiceAccountDelegationInfo_SystemPrincipalValidationError) ErrorName() string { + return "ServiceAccountDelegationInfo_SystemPrincipalValidationError" } // Error satisfies the builtin error interface -func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) Error() string { +func (e ServiceAccountDelegationInfo_SystemPrincipalValidationError) Error() string { cause := "" if e.cause != nil { cause = fmt.Sprintf(" | caused by: %v", e.cause) @@ -2845,14 +2045,14 @@ func (e ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError) Error() } return fmt.Sprintf( - "invalid %sServiceAccountDelegationInfo_FirstPartyPrincipal.%s: %s%s", + "invalid %sServiceAccountDelegationInfo_SystemPrincipal.%s: %s%s", key, e.field, e.reason, cause) } -var _ error = ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError{} +var _ error = ServiceAccountDelegationInfo_SystemPrincipalValidationError{} var _ interface { Field() string @@ -2860,76 +2060,82 @@ var _ interface { Key() bool Cause() error ErrorName() string -} = ServiceAccountDelegationInfo_FirstPartyPrincipalValidationError{} +} = ServiceAccountDelegationInfo_SystemPrincipalValidationError{} // Validate checks the field values on -// ServiceAccountDelegationInfo_ThirdPartyPrincipal with the rules defined in -// the proto definition for this message. If any rules are violated, the first +// ServiceAccountDelegationInfo_IdpPrincipal with the rules defined in the +// proto definition for this message. If any rules are violated, the first // error encountered is returned, or nil if there are no violations. -func (m *ServiceAccountDelegationInfo_ThirdPartyPrincipal) Validate() error { +func (m *ServiceAccountDelegationInfo_IdpPrincipal) Validate() error { return m.validate(false) } // ValidateAll checks the field values on -// ServiceAccountDelegationInfo_ThirdPartyPrincipal with the rules defined in -// the proto definition for this message. If any rules are violated, the -// result is a list of violation errors wrapped in -// ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError, or nil if none found. -func (m *ServiceAccountDelegationInfo_ThirdPartyPrincipal) ValidateAll() error { +// ServiceAccountDelegationInfo_IdpPrincipal with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in +// ServiceAccountDelegationInfo_IdpPrincipalMultiError, or nil if none found. +func (m *ServiceAccountDelegationInfo_IdpPrincipal) ValidateAll() error { return m.validate(true) } -func (m *ServiceAccountDelegationInfo_ThirdPartyPrincipal) validate(all bool) error { +func (m *ServiceAccountDelegationInfo_IdpPrincipal) validate(all bool) error { if m == nil { return nil } var errors []error + // no validation rules for PrincipalId + if all { - switch v := interface{}(m.GetThirdPartyClaims()).(type) { + switch v := interface{}(m.GetServiceMetadata()).(type) { case interface{ ValidateAll() error }: if err := v.ValidateAll(); err != nil { - errors = append(errors, ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError{ - field: "ThirdPartyClaims", + errors = append(errors, ServiceAccountDelegationInfo_IdpPrincipalValidationError{ + field: "ServiceMetadata", reason: "embedded message failed validation", cause: err, }) } case interface{ Validate() error }: if err := v.Validate(); err != nil { - errors = append(errors, ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError{ - field: "ThirdPartyClaims", + errors = append(errors, ServiceAccountDelegationInfo_IdpPrincipalValidationError{ + field: "ServiceMetadata", reason: "embedded message failed validation", cause: err, }) } } - } else if v, ok := interface{}(m.GetThirdPartyClaims()).(interface{ Validate() error }); ok { + } else if v, ok := interface{}(m.GetServiceMetadata()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { - return ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError{ - field: "ThirdPartyClaims", + return ServiceAccountDelegationInfo_IdpPrincipalValidationError{ + field: "ServiceMetadata", reason: "embedded message failed validation", cause: err, } } } + if m.PrincipalEmail != nil { + // no validation rules for PrincipalEmail + } + if len(errors) > 0 { - return ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError(errors) + return ServiceAccountDelegationInfo_IdpPrincipalMultiError(errors) } return nil } -// ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError is an error -// wrapping multiple validation errors returned by -// ServiceAccountDelegationInfo_ThirdPartyPrincipal.ValidateAll() if the -// designated constraints aren't met. -type ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError []error +// ServiceAccountDelegationInfo_IdpPrincipalMultiError is an error wrapping +// multiple validation errors returned by +// ServiceAccountDelegationInfo_IdpPrincipal.ValidateAll() if the designated +// constraints aren't met. +type ServiceAccountDelegationInfo_IdpPrincipalMultiError []error // Error returns a concatenation of all the error messages it wraps. -func (m ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError) Error() string { +func (m ServiceAccountDelegationInfo_IdpPrincipalMultiError) Error() string { var msgs []string for _, err := range m { msgs = append(msgs, err.Error()) @@ -2938,13 +2144,12 @@ func (m ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError) Error() stri } // AllErrors returns a list of validation violation errors. -func (m ServiceAccountDelegationInfo_ThirdPartyPrincipalMultiError) AllErrors() []error { return m } +func (m ServiceAccountDelegationInfo_IdpPrincipalMultiError) AllErrors() []error { return m } -// ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError is the -// validation error returned by -// ServiceAccountDelegationInfo_ThirdPartyPrincipal.Validate if the designated -// constraints aren't met. -type ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError struct { +// ServiceAccountDelegationInfo_IdpPrincipalValidationError is the validation +// error returned by ServiceAccountDelegationInfo_IdpPrincipal.Validate if the +// designated constraints aren't met. +type ServiceAccountDelegationInfo_IdpPrincipalValidationError struct { field string reason string cause error @@ -2952,30 +2157,24 @@ type ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError struct { } // Field function returns field value. -func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) Field() string { - return e.field -} +func (e ServiceAccountDelegationInfo_IdpPrincipalValidationError) Field() string { return e.field } // Reason function returns reason value. -func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) Reason() string { - return e.reason -} +func (e ServiceAccountDelegationInfo_IdpPrincipalValidationError) Reason() string { return e.reason } // Cause function returns cause value. -func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) Cause() error { - return e.cause -} +func (e ServiceAccountDelegationInfo_IdpPrincipalValidationError) Cause() error { return e.cause } // Key function returns key value. -func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) Key() bool { return e.key } +func (e ServiceAccountDelegationInfo_IdpPrincipalValidationError) Key() bool { return e.key } // ErrorName returns error name. -func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) ErrorName() string { - return "ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError" +func (e ServiceAccountDelegationInfo_IdpPrincipalValidationError) ErrorName() string { + return "ServiceAccountDelegationInfo_IdpPrincipalValidationError" } // Error satisfies the builtin error interface -func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) Error() string { +func (e ServiceAccountDelegationInfo_IdpPrincipalValidationError) Error() string { cause := "" if e.cause != nil { cause = fmt.Sprintf(" | caused by: %v", e.cause) @@ -2987,14 +2186,14 @@ func (e ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError) Error() } return fmt.Sprintf( - "invalid %sServiceAccountDelegationInfo_ThirdPartyPrincipal.%s: %s%s", + "invalid %sServiceAccountDelegationInfo_IdpPrincipal.%s: %s%s", key, e.field, e.reason, cause) } -var _ error = ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError{} +var _ error = ServiceAccountDelegationInfo_IdpPrincipalValidationError{} var _ interface { Field() string @@ -3002,4 +2201,4 @@ var _ interface { Key() bool Cause() error ErrorName() string -} = ServiceAccountDelegationInfo_ThirdPartyPrincipalValidationError{} +} = ServiceAccountDelegationInfo_IdpPrincipalValidationError{} diff --git a/proto/audit/v1/audit_event.proto b/proto/audit/v1/audit_event.proto index 88bf75b..ba46246 100644 --- a/proto/audit/v1/audit_event.proto +++ b/proto/audit/v1/audit_event.proto @@ -14,99 +14,55 @@ option java_multiple_files = true; option java_package = "com.schwarz.stackit.audit.v1"; // TODO update numbers of elements in messages +// TODO decide which fields should be optional // The audit log entry can be used to record an incident in the audit log. message AuditLogEntry { // The resource name of the log to which this log entry belongs. + // Example: projects//logs/ string log_name = 12; - // The monitored resource that produced this log entry. - // - // Example: a log entry that reports a database error would be associated with - // the monitored resource designating the particular database that reported - // the error. - MonitoredResource resource = 8; - // The log entry payload, which is always an AuditLog for STACKIT Audit Log events. AuditLog proto_payload = 2; + // TODO can we specify how the format should look like? + // TODO Encode sequence number into it? + // https://softwaremind.com/blog/the-unique-features-of-snowflake-id-and-its-comparison-to-uuid/ // A unique identifier for the log entry. + // Is generated and set by the SDK. + // Format: + // /// string insert_id = 4; // A set of user-defined (key, value) data that provides additional // information about the log entry. map labels = 11; - // Information about an operation associated with the log entry, if applicable. - LogEntryOperation operation = 15; + // Correlate multiple audit logs by setting the same id + string correlation_id = 15; // The time the event described by the log entry occurred. google.protobuf.Timestamp timestamp = 9; - // TODO do we need it? where will we set it? - // The time the log entry was received by Logging. - google.protobuf.Timestamp receive_timestamp = 24; - // The severity of the log entry. LogSeverity severity = 10; - // TODO check example - // Resource name of the trace associated with the log entry, if any. It - // contains a relative resource name. Example: - // `projects/my-projectid/traces/06796866738c859f2f19b7cfb3214824` - string trace = 22; - - // TODO check format and description - // The span ID within the trace associated with the log entry, if any. + // W3C conform trace parent header: + // https://www.w3.org/TR/trace-context/#traceparent-header // - // For Trace spans, this is the same format that the Trace API v2 uses: a - // 16-character hexadecimal encoding of an 8-byte array, such as - // `000000000000004a`. - string span_id = 27; + // Example: + // `00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01` + string trace_parent = 22; - // Information indicating this log entry is part of a sequence of multiple logs - // split from a single log entry. - LogSplit split = 35; + // W3C conform trace state header: + // https://www.w3.org/TR/trace-context/#tracestate-header + // + // Example: + // `rojo=00f067aa0ba902b7,congo=t61rcWkgMzE`. + string trace_state = 27; } -// An object representing a resource that can be used for monitoring, logging, -// billing, or other purposes. -message MonitoredResource { - - // Required. The monitored resource type. For example, the type of a - // STACKIT Server instance is `gce_instance`. - string type = 1; - - // TODO check the label values - // Values for all of the labels listed in the associated monitored - // resource descriptor. For example, STACKIT Server instances use the - // labels `"project_id"`, `"instance_id"`, and `"zone"`. - map labels = 2; -} - -// Additional information about a potentially long-running operation with which -// a log entry is associated. -message LogEntryOperation { - - // An arbitrary operation identifier. Log entries with the same - // identifier are assumed to be part of the same operation. - string id = 1; - - // TODO check examples - // An arbitrary producer identifier. The combination of `id` and - // `producer` must be globally unique. Examples for `producer`: - // `"MyDivision.MyBigCompany.com"`, `"github.com/MyProject/MyApplication"`. - string producer = 2; - - // True if this is the first log entry in the operation. - bool first = 3; - - // True if this is the last log entry in the operation. - bool last = 4; -} - -// TODO check description and levels // The severity of the event described in a log entry, expressed as one of the // standard severity levels listed below. For your reference, the levels are // assigned the listed numeric values. The effect of using numeric values other @@ -144,56 +100,34 @@ enum LogSeverity { EMERGENCY = 800; } -// TODO check description // Common audit log format for STACKIT API operations. -// Copied from -// https://github.com/googleapis/googleapis/blob/master/google/cloud/audit/audit_log.proto, -// but changing service_data from Any to Struct. message AuditLog { - // TODO check example // The name of the API service performing the operation. For example, - // `"datastore.googleapis.com"`. + // `"resource-manager"`. string service_name = 7; - // TODO check example + // TODO: Add extra field to open api spec for the method_name // The name of the service method or operation. - // For API calls, this should be the name of the API method. + // The format should is: + // stackit.... + // // For example, // - // "google.datastore.v1.Datastore.RunQuery" - // "google.logging.v1.LoggingService.DeleteLog" - string method_name = 8; + // "stackit.resourcemanager.v1.organization.created" + // "stackit.authorization.v2.organization.moved" + // "stackit.authorization.v2.folder.moved" + optional string method_name = 8; - // TODO check example // The resource or collection that is the target of the operation. // The name is a scheme-less URI, not including the API service name. // For example: // - // "shelves/SHELF_ID/books" - // "shelves/SHELF_ID/books/BOOK_ID" + // "projects//zones//vms/" + // "projects//zones//vms//ports/" + // "projects//zones//instances/instance-20240723-184227 string resource_name = 11; - // The resource location information. - ResourceLocation resource_location = 20; - - // TODO check what's meant with @type property - // The resource's original state before mutation. Present only for - // operations which have successfully modified the targeted resource(s). - // In general, this field should contain all changed fields, except those - // that are already been included in `request`, `response`, `metadata` or - // `service_data` fields. - // When the JSON object represented here has a proto equivalent, - // the proto name will be indicated in the `@type` property. - google.protobuf.Struct resource_original_state = 19; - - // The number of items returned from a List or Query API method, - // if applicable. - int64 num_response_items = 12; - - // The status of the overall operation. - RpcStatus status = 2; - // Authentication information. AuthenticationInfo authentication_info = 3; @@ -205,22 +139,22 @@ message AuditLog { // Metadata about the operation. RequestMetadata request_metadata = 4; - // TODO check what's meant with @type property // The operation request. This may not include all request parameters, // such as those that are too large, privacy-sensitive, or duplicated // elsewhere in the log record. // It should never include user-generated data, such as file contents. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. google.protobuf.Struct request = 16; - // TODO check what's meant with @type property + // The status of the overall operation. + ResponseStatus status = 2; + + // The number of items returned from a List or Query API method, + // if applicable. + optional int64 num_response_items = 12; + // The operation response. This may not include all response elements, // such as those that are too large, privacy-sensitive, or duplicated // elsewhere in the log record. - // It should never include user-generated data, such as file contents. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. google.protobuf.Struct response = 17; // Other service-specific data about the request, response, and other @@ -231,33 +165,18 @@ message AuditLog { // Authentication information for the operation. message AuthenticationInfo { - // TODO check description - do we need the id as well? - // The email address of the authenticated user (or service account on behalf - // of third party principal) making the request. For third party identity - // callers, the `principal_subject` field is populated instead of this field. - // For privacy reasons, the principal email address is sometimes redacted. - // For more information, see [Caller identities in audit - // logs](https://cloud.google.com/logging/docs/audit#user-id). - string principal_email = 1; + // Principal id + string principal_id = 1; - // The authority selector specified by the requestor, if any. - // It is not guaranteed that the principal was allowed to use this authority. - string authority_selector = 2; + // The email address of the authenticated user + string principal_email = 2; - // TODO check @type - // The third party identification (if any) of the authenticated user making - // the request. - // When the JSON object represented here has a proto equivalent, the proto - // name will be indicated in the `@type` property. - google.protobuf.Struct third_party_principal = 4; - - // TODO check example - // The name of the service account key used to create or exchange + // The name of the service account used to create or exchange // credentials for authenticating the service account making the request. - // This is a scheme-less URI full resource name. For example: + // Example: // - // "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}" - string service_account_key_name = 5; + // "projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}" + optional string service_account_name = 5; // Identity delegation history of an authenticated service account that makes // the request. It contains information on the real authorities that try to @@ -265,19 +184,16 @@ message AuthenticationInfo { // authorities present, they are guaranteed to be sorted based on the original // ordering of the identity delegation events. repeated ServiceAccountDelegationInfo service_account_delegation_info = 6; - - // String representation of identity of requesting party. - // Populated for both first and third party identities. - string principal_subject = 8; } // Authorization information for the operation. message AuthorizationInfo { - // TODO check example - // The resource being accessed, as a REST-style string. For example: + // The resource being accessed, as a REST-style string. // - // bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID + // For example: + // Project scoped resource: projects/test-project-123/zones/us-central1-b/instances/instance-20240723-174217 + // Global Resource: projects/_/buckets/adfeaf string resource = 1; // The required IAM permission. @@ -286,14 +202,6 @@ message AuthorizationInfo { // Whether or not authorization for `resource` and `permission` // was granted. bool granted = 3; - - // Resource attributes used in IAM condition evaluation. This field contains - // resource attributes like resource type and resource name. - // - // To get the whole view of the attributes used in IAM - // condition evaluation, the user must also look into - // `AuditLog.request_metadata.request_attributes`. - AttributeContext.Resource resource_attributes = 5; } // TODO check description @@ -316,32 +224,6 @@ message AuthorizationInfo { // a system. message AttributeContext { - // This message defines attributes for a node that handles a network request. - // The node can be either a service or an application that sends, forwards, - // or receives the request. Service peers should fill in - // `principal` and `labels` as appropriate. - message Peer { - - // The IP address of the peer. - string ip = 1; - - // The network port of the peer. - int64 port = 2; - - // The labels associated with the peer. - map labels = 6; - - // The identity of this peer. Similar to `Request.auth.principal`, but - // relative to the peer instead of the request. For example, the - // identity associated with a load balancer that forwarded the request. - string principal = 7; - - // The CLDR country/region code associated with the above IP address. - // If the IP address is private, the `region_code` should reflect the - // physical location where this peer is running. - string region_code = 8; - } - // This message defines request authentication attributes. Terminology is // based on the JSON Web Token (JWT) standard, but the terms also // correlate to concepts in other standards. @@ -396,16 +278,6 @@ message AttributeContext { // SAML assertions are similarly specified, but with an identity provider // dependent structure. google.protobuf.Struct claims = 4; - - // TODO check description - // A list of access level resource names that allow resources to be - // accessed by authenticated requester. It is part of Secure GCP processing - // for the incoming request. An access level string has the format: - // "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}" - // - // Example: - // "//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL" - repeated string access_levels = 5; } // This message defines attributes for an HTTP request. If the actual @@ -443,19 +315,12 @@ message AttributeContext { // the request. google.protobuf.Timestamp time = 9; - // The HTTP request size in bytes. If unknown, it must be -1. - int64 size = 10; - // The network protocol used with the request, such as "http/1.1", // "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids // for details. string protocol = 11; - // A special parameter for request reason. It is used by security systems - // to associate auditing information with a request. - string reason = 12; - // The request authentication. May be absent for unauthenticated requests. // Derived from the HTTP request `Authorization` header or equivalent. Auth auth = 13; @@ -480,60 +345,15 @@ message AttributeContext { // the response. google.protobuf.Timestamp time = 4; } - - // This message defines core attributes for a resource. A resource is an - // addressable (named) entity provided by the destination service. For - // example, a file stored on a network storage service. - message Resource { - - // TODO check description - // The name of the service that this resource belongs to, such as - // `pubsub.googleapis.com`. The service may be different from the DNS - // hostname that actually serves the request. - string service = 1; - - // TODO check description - // The stable identifier (name) of a resource on the `service`. A resource - // can be logically identified as "//{resource.service}/{resource.name}". - // The differences between a resource name and a URI are: - // - // * Resource name is a logical identifier, independent of network - // protocol and API version. For example, - // `//pubsub.googleapis.com/projects/123/topics/news-feed`. - // * URI often includes protocol and version information, so it can - // be used directly by applications. For example, - // `https://pubsub.googleapis.com/v1/projects/123/topics/news-feed`. - // - // See https://cloud.google.com/apis/design/resource_names for details. - string name = 2; - - // TODO check description - // The type of the resource. The syntax is platform-specific because - // different platforms define their resources differently. - // - // For Google APIs, the type format must be "{service}/{kind}". - string type = 3; - - // TODO check description (AWS) - // The labels or tags on the resource, such as AWS resource tags and - // Kubernetes resource labels. - map labels = 4; - } } // Metadata about the request. message RequestMetadata { - // TODO check description // The IP address of the caller. // For caller from internet, this will be public IPv4 or IPv6 address. - // For caller from a Compute Engine VM with external IP address, this - // will be the VM's external IP address. For caller from a Compute - // Engine VM without external IP address, if the VM is in the same - // organization (or project) as the accessed resource, `caller_ip` will - // be the VM's internal IPv4 address, otherwise the `caller_ip` will be - // redacted to "gce-internal-ip". - // See https://cloud.google.com/compute/docs/vpc/ for more information. + // For caller from a VM / K8s Service / etc, this + // will be the SIT proxy's IPv4 address. string caller_ip = 1; // TODO check description @@ -550,16 +370,6 @@ message RequestMetadata { // The request was made from the `my-project` App Engine app. string caller_supplied_user_agent = 2; - // TODO check description - // The network of the caller. - // Set only if the network host project is part of the same GCP organization - // (or project) as the accessed resource. - // See https://cloud.google.com/compute/docs/vpc/ for more information. - // This is a scheme-less URI full resource name. For example: - // - // "//compute.googleapis.com/projects/PROJECT_ID/global/networks/NETWORK_ID" - string caller_network = 3; - // TODO check description // Request attributes used in IAM condition evaluation. This field contains // request attributes like request time and access levels associated with @@ -569,93 +379,47 @@ message RequestMetadata { // condition evaluation, the user must also look into // `AuditLog.authentication_info.resource_attributes`. AttributeContext.Request request_attributes = 7; - - // TODO check description - // The destination of a network activity, such as accepting a TCP connection. - // In a multi hop network activity, the destination represents the receiver of - // the last hop. Only two fields are used in this message, Peer.port and - // Peer.ip. These fields are optionally populated by those services utilizing - // the IAM condition feature. - AttributeContext.Peer destination_attributes = 8; } -// Location information about a resource. -message ResourceLocation { - - // The locations of a resource after the execution of the operation. - // Requests to create or delete a location based resource must populate - // the 'current_locations' field and not the 'original_locations' field. - // For example: - // - // "eu01" - repeated string current_locations = 1; - - // The locations of a resource prior to the execution of the operation. - // Requests that mutate the resource's location must populate both the - // 'original_locations' as well as the 'current_locations' fields. - // For example: - // - // "eu01" - repeated string original_locations = 2; -} - -// TODO check description // The `Status` type defines a logical error model that is suitable for -// different programming environments, including REST APIs and RPC APIs. It is -// used by [gRPC](https://github.com/grpc). Each `Status` message contains -// three pieces of data: error code, error message, and error details. -// -// You can find out more about this error model and how to work with it in the -// [API Design Guide](https://cloud.google.com/apis/design/errors). -message RpcStatus { +// different programming environments, including REST APIs and RPC APIs. +// Each `ResponseStatus` message contains three pieces of data: +// error code, error message, and error details. +message ResponseStatus { - // TODO check description - // The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. + // The http or gRPC status code. int32 code = 1; - // A developer-facing error message, which should be in English. Any - // user-facing error message should be localized and sent in the - // RpcStatus.details field, or localized by the client. + // Short description of the error string message = 2; - // TODO replace any with something different (e.g. struct) and update description - // A list of messages that carry the error details. There is a common set of - // message types for APIs to use. - repeated google.protobuf.Any details = 3; + // Error details + repeated google.protobuf.Struct details = 3; } // Identity delegation history of an authenticated service account. message ServiceAccountDelegationInfo { - // TODO Introduce but check if needed + // Anonymous system principal to be used when no user identity is available. message SystemPrincipal { // Metadata about the service that uses the service account. google.protobuf.Struct service_metadata = 3; } - // First party identity principal. - message FirstPartyPrincipal { + // STACKIT idp principal. + message IdpPrincipal { - // TODO was added - check if correct // STACKIT principal id - string id = 1; + string principal_id = 1; - // The email address + // Optional email address optional string principal_email = 2; // Metadata about the service that uses the service account. google.protobuf.Struct service_metadata = 3; } - // TODO check if needed - // Third party identity principal. - message ThirdPartyPrincipal { - - // Metadata about third party identity. - google.protobuf.Struct third_party_claims = 1; - } - // Entity that creates credentials for service account and assumes its // identity for authentication. oneof Authority { @@ -663,28 +427,7 @@ message ServiceAccountDelegationInfo { // System identity SystemPrincipal system_principal = 1; - // First party (STACKIT) identity as the real authority. - FirstPartyPrincipal first_party_principal = 2; - - // Third party identity as the real authority. - ThirdPartyPrincipal third_party_principal = 3; + // STACKIT IDP identity + IdpPrincipal idp_principal = 2; } -} - -// Additional information used to correlate multiple LogEntries. Used when a -// single log entry would exceed the STACKIT logging size limit and is split -// across multiple entries. -message LogSplit { - - // A globally unique identifier for all log entries in a sequence of split - // logs. All log entries with the same |LogSplit.uid| are assumed to be part of - // the same sequence of split logs. - string uid = 1; - - // The index of this log entry in the sequence of split logs. Log entries are - // given |index| values 0, 1, ..., n-1 for a sequence of n entries. - int32 index = 2; - - // The total number of logs that the original log entry was split into. - int32 total_splits = 3; } \ No newline at end of file