Skip to content

Commit

Permalink
feat: unwrap jsonschema one level (#69)
Browse files Browse the repository at this point in the history 
* feat: unwrap jsonschema one level

Signed-off-by: Grant Timmerman <timmerman+devrel@google.com>

* feat: unwrap and rename

Signed-off-by: Grant Timmerman <timmerman+devrel@google.com>

* feat: update references

Signed-off-by: Grant Timmerman <timmerman+devrel@google.com>
  • Loading branch information
@grant
grant authored Sep 28, 2020
1 parent a0f696a commit dea39da
Show file tree
Hide file tree
Showing 4 changed files with 427 additions and 437 deletions.
387 changes: 387 additions & 0 deletions proto/google/events/cloud/audit/v1/LogEntryData.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,387 @@
{
"$id": "google.events.cloud.audit.v1",
"$schema": "http://json-schema.org/schema",
"title": "Cloud Audit Log LogEntry v1",
"name": "LogEntryData",
"description": "This event is triggered when a new audit log entry is written.",
"type": "object",
"goPackage": "auditv1",
"definitions": {
"MonitoredResource": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"labels": {
"type": "object"
}
}
},
"ResourceLocation": {
"type": "object",
"$comment": "https://cloud.google.com/service-infrastructure/docs/service-control/reference/rpc/google.cloud.audit?hl=en#resourcelocation",
"properties": {
"current_locations": {
"description": "The locations of a resource after the execution of the operation. Requests to create or delete a location based resource must populate the 'current_locations' field and not the 'original_locations' field.",
"type": "array",
"items": {
"type": "string",
"examples": [
"europe-west1-a",
"us-east1",
"nam3"
]
}
},
"original_locations": {
"description": "The locations of a resource prior to the execution of the operation. Requests that mutate the resource's location must populate both the 'original_locations' as well as the 'current_locations' fields. For example:",
"type": "array",
"items": {
"type": "string",
"examples": [
"europe-west1-a",
"us-east1",
"nam3"
]
}
}
}
},
"Status": {
"type": "object",
"properties": {
"code": {
"type": "integer"
},
"message": {
"type": "string"
},
"details": {}
}
},
"ServiceAccountDelegationInfo": {
"description": "Identity delegation history of an authenticated service account",
"$comment": "https://cloud.google.com/service-infrastructure/docs/service-control/reference/rpc/google.cloud.audit?hl=en#serviceaccountdelegationinfo",
"type": "object",
"oneOf": [
{
"properties": {
"principal_email": {
"type": "string"
},
"service_metadata": {
"type": "object"
}
}
},
{
"properties": {
"third_party_claims": {
"type": "object"
}
}
}
]
},
"AuthenticationInfo": {
"type": "object",
"description": "Authentication information for the operation.",
"$comment": "https://cloud.google.com/service-infrastructure/docs/service-control/reference/rpc/google.cloud.audit?hl=en#google.cloud.audit.AuthenticationInfo",
"properties": {
"principal_email": {
"type": "string",
"description": "The email address of the authenticated user (or service account on behalf of third party principal) making the request. For privacy reasons, the principal email address is redacted for all read-only operations that fail with a \"permission denied\" error."
},
"authority_selector": {
"type": "string",
"description": "The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority."
},
"third_party_principal": {
"type": "object",
"description": "The third party identification (if any) of the authenticated user making the request. When the JSON object represented here has a proto equivalent, the proto name will be indicated in the @type property."
},
"service_account_key_name": {
"type": "string",
"description": "The name of the service account key used to create or exchange credentials for authenticating the service account making the request. This is a scheme-less URI full resource name.",
"examples": [
"//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}"
]
},
"service_account_delegation_info": {
"type": "array",
"description": "Identity delegation history of an authenticated service account that makes the request. It contains information on the real authorities that try to access GCP resources by delegating on a service account. When multiple authorities present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.",
"items": {
"$ref": "#/properties/ServiceAccountDelegationInfo"
}
},
"principal_subject": {
"type": "string",
"description": "String representation of identity of requesting party. Populated for both first and third party identities."
}
}
},
"Resource": {
"type": "object",
"properties": {
"service": {
"type": "string"
},
"name": {
"type": "string"
},
"type": {
"type": "string"
},
"labels": {
"type": "object"
}
}
},
"AuthorizationInfo": {
"type": "object",
"$comment": "https://cloud.google.com/service-infrastructure/docs/service-control/reference/rpc/google.cloud.audit?hl=en#authorizationinfo",
"properties": {
"resource": {
"type": "string",
"description": "The resource being accessed, as a REST-style string.",
"examples": [
"bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID"
]
},
"permission": {
"type": "string",
"description": "The required IAM permission."
},
"granted": {
"type": "boolean",
"description": "Whether or not authorization for resource and permission was granted."
},
"resource_attributes": {
"$ref": "#/properties/Resource",
"description": "Resource attributes used in IAM condition evaluation. This field contains resource attributes like resource type and resource name. To get the whole view of the attributes used in IAM condition evaluation, the user must also look into AuditLog.request_metadata.request_attributes."
}
}
},
"Auth": {
"type": "object",
"properties": {
"principal": {
"type": "string"
},
"audiences": {
"type": "array",
"items": {
"type": "string"
}
},
"presenter": {
"type": "string"
},
"claims": {
"type": "object"
},
"access_levels": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"Request": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"method": {
"type": "string"
},
"headers": {
"type": "object"
},
"path": {
"type": "string"
},
"host": {
"type": "string"
},
"scheme": {
"type": "string"
},
"query": {
"type": "string"
},
"time": {
"type": "string"
},
"size": {
"type": "integer"
},
"protocol": {
"type": "string"
},
"reason": {
"type": "string"
},
"auth": {
"$ref": "#/properties/Auth"
}
}
},
"Peer": {
"type": "object",
"properties": {
"ip": {
"type": "string"
},
"port": {
"type": "integer"
},
"labels": {
"type": "object"
},
"principal": {
"type": "string"
},
"region_code": {
"type": "string"
}
}
},
"RequestMetadata": {
"type": "object",
"properties": {
"caller_ip": {
"type": "string"
},
"caller_supplied_user_agent": {
"type": "string"
},
"caller_network": {
"type": "string"
},
"request_attributes": {
"$ref": "#/properties/Request"
},
"destination_attributes": {
"$ref": "#/properties/Peer"
}
}
},
"AuditLog": {
"type": "object",
"properties": {
"service_name": {
"type": "string"
},
"method_name": {
"type": "string"
},
"resource_name": {
"type": "string"
},
"resource_location": {
"$ref": "#/properties/ResourceLocation"
},
"resource_original_state": {
"type": "object"
},
"num_response_items": {
"type": "integer"
},
"status": {
"$ref": "#/properties/Status"
},
"authentication_info": {
"$ref": "#/properties/AuthenticationInfo"
},
"authorization_info": {
"type": "array",
"items": {
"$ref": "#/properties/AuthorizationInfo"
}
},
"request_metadata": {
"$ref": "#/properties/RequestMetadata"
},
"request": {
"type": "object"
},
"response": {
"type": "object"
},
"metadata": {
"type": "object"
},
"service_data": {
"type": "object"
}
}
},
"LogEntryOperation": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"producer": {
"type": "string"
},
"first": {
"type": "boolean"
},
"last": {
"type": "boolean"
}
}
}
},
"properties": {
"log_name": {
"type": "string"
},
"resource": {
"$ref": "#/properties/MonitoredResource"
},
"proto_payload": {
"$ref": "#/properties/AuditLog"
},
"insert_id": {
"type": "string"
},
"labels": {
"type": "object"
},
"operation": {
"$ref": "#/properties/LogEntryOperation"
},
"timestamp": {
"type": "string"
},
"receive_timestamp": {
"type": "string"
},
"severity": {
"type": "integer",
"enum": [
0,
100,
200,
300,
400,
500,
600,
700,
800
]
},
"trace": {
"type": "string"
},
"span_id": {
"type": "string"
}
}
}
Loading

0 comments on commit dea39da

Please sign in to comment.