diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java
index d2e768c3..06421079 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLog.java
@@ -288,7 +288,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -312,7 +312,7 @@ public java.lang.String getServiceName() {
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -341,8 +341,8 @@ public com.google.protobuf.ByteString getServiceNameBytes() {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -368,8 +368,8 @@ public java.lang.String getMethodName() {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -398,8 +398,8 @@ public com.google.protobuf.ByteString getMethodNameBytes() {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -425,8 +425,8 @@ public java.lang.String getResourceName() {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -978,16 +978,17 @@ public com.google.protobuf.StructOrBuilder getMetadataOrBuilder() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*
* @return Whether the serviceData field is set.
*/
@java.lang.Override
+ @java.lang.Deprecated
public boolean hasServiceData() {
return serviceData_ != null;
}
@@ -995,16 +996,17 @@ public boolean hasServiceData() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*
* @return The serviceData.
*/
@java.lang.Override
+ @java.lang.Deprecated
public com.google.protobuf.Any getServiceData() {
return serviceData_ == null ? com.google.protobuf.Any.getDefaultInstance() : serviceData_;
}
@@ -1012,14 +1014,15 @@ public com.google.protobuf.Any getServiceData() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
@java.lang.Override
+ @java.lang.Deprecated
public com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder() {
return getServiceData();
}
@@ -1701,7 +1704,7 @@ public Builder mergeFrom(
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -1724,7 +1727,7 @@ public java.lang.String getServiceName() {
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -1747,7 +1750,7 @@ public com.google.protobuf.ByteString getServiceNameBytes() {
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -1769,7 +1772,7 @@ public Builder setServiceName(java.lang.String value) {
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -1787,7 +1790,7 @@ public Builder clearServiceName() {
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -1814,8 +1817,8 @@ public Builder setServiceNameBytes(com.google.protobuf.ByteString value) {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -1840,8 +1843,8 @@ public java.lang.String getMethodName() {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -1866,8 +1869,8 @@ public com.google.protobuf.ByteString getMethodNameBytes() {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -1891,8 +1894,8 @@ public Builder setMethodName(java.lang.String value) {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -1912,8 +1915,8 @@ public Builder clearMethodName() {
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -1940,8 +1943,8 @@ public Builder setMethodNameBytes(com.google.protobuf.ByteString value) {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -1966,8 +1969,8 @@ public java.lang.String getResourceName() {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -1992,8 +1995,8 @@ public com.google.protobuf.ByteString getResourceNameBytes() {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -2017,8 +2020,8 @@ public Builder setResourceName(java.lang.String value) {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -2038,8 +2041,8 @@ public Builder clearResourceName() {
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -4120,15 +4123,16 @@ public com.google.protobuf.StructOrBuilder getMetadataOrBuilder() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*
* @return Whether the serviceData field is set.
*/
+ @java.lang.Deprecated
public boolean hasServiceData() {
return serviceDataBuilder_ != null || serviceData_ != null;
}
@@ -4136,15 +4140,16 @@ public boolean hasServiceData() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*
* @return The serviceData.
*/
+ @java.lang.Deprecated
public com.google.protobuf.Any getServiceData() {
if (serviceDataBuilder_ == null) {
return serviceData_ == null ? com.google.protobuf.Any.getDefaultInstance() : serviceData_;
@@ -4156,13 +4161,14 @@ public com.google.protobuf.Any getServiceData() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
public Builder setServiceData(com.google.protobuf.Any value) {
if (serviceDataBuilder_ == null) {
if (value == null) {
@@ -4180,13 +4186,14 @@ public Builder setServiceData(com.google.protobuf.Any value) {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
public Builder setServiceData(com.google.protobuf.Any.Builder builderForValue) {
if (serviceDataBuilder_ == null) {
serviceData_ = builderForValue.build();
@@ -4201,13 +4208,14 @@ public Builder setServiceData(com.google.protobuf.Any.Builder builderForValue) {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
public Builder mergeServiceData(com.google.protobuf.Any value) {
if (serviceDataBuilder_ == null) {
if (serviceData_ != null) {
@@ -4227,13 +4235,14 @@ public Builder mergeServiceData(com.google.protobuf.Any value) {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
public Builder clearServiceData() {
if (serviceDataBuilder_ == null) {
serviceData_ = null;
@@ -4249,13 +4258,14 @@ public Builder clearServiceData() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
public com.google.protobuf.Any.Builder getServiceDataBuilder() {
onChanged();
@@ -4265,13 +4275,14 @@ public com.google.protobuf.Any.Builder getServiceDataBuilder() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
public com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder() {
if (serviceDataBuilder_ != null) {
return serviceDataBuilder_.getMessageOrBuilder();
@@ -4283,12 +4294,12 @@ public com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder() {
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
private com.google.protobuf.SingleFieldBuilderV3<
com.google.protobuf.Any,
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java
index a23e114c..29df867a 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogOrBuilder.java
@@ -28,7 +28,7 @@ public interface AuditLogOrBuilder
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -41,7 +41,7 @@ public interface AuditLogOrBuilder
*
*
* The name of the API service performing the operation. For example,
- * `"datastore.googleapis.com"`.
+ * `"compute.googleapis.com"`.
*
*
* string service_name = 7;
@@ -57,8 +57,8 @@ public interface AuditLogOrBuilder
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -73,8 +73,8 @@ public interface AuditLogOrBuilder
* The name of the service method or operation.
* For API calls, this should be the name of the API method.
* For example,
- * "google.datastore.v1.Datastore.RunQuery"
- * "google.logging.v1.LoggingService.DeleteLog"
+ * "google.cloud.bigquery.v2.TableService.InsertTable"
+ * "google.logging.v2.ConfigServiceV2.CreateSink"
*
*
* string method_name = 8;
@@ -90,8 +90,8 @@ public interface AuditLogOrBuilder
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -106,8 +106,8 @@ public interface AuditLogOrBuilder
* The resource or collection that is the target of the operation.
* The name is a scheme-less URI, not including the API service name.
* For example:
- * "shelves/SHELF_ID/books"
- * "shelves/SHELF_ID/books/BOOK_ID"
+ * "projects/PROJECT_ID/zones/us-central1-a/instances"
+ * "projects/PROJECT_ID/datasets/DATASET_ID"
*
*
* string resource_name = 11;
@@ -527,40 +527,43 @@ public interface AuditLogOrBuilder
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*
* @return Whether the serviceData field is set.
*/
+ @java.lang.Deprecated
boolean hasServiceData();
/**
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*
* @return The serviceData.
*/
+ @java.lang.Deprecated
com.google.protobuf.Any getServiceData();
/**
*
*
*
- * Deprecated, use `metadata` field instead.
+ * Deprecated. Use the `metadata` field instead.
* Other service-specific data about the request, response, and other
* activities.
*
*
- * .google.protobuf.Any service_data = 15;
+ * .google.protobuf.Any service_data = 15 [deprecated = true];
*/
+ @java.lang.Deprecated
com.google.protobuf.AnyOrBuilder getServiceDataOrBuilder();
}
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java
index ac3d7eff..3bea60db 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuditLogProto.java
@@ -72,7 +72,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+ "ogle.cloud.audit\032\031google/protobuf/any.pr"
+ "oto\032\034google/protobuf/struct.proto\032*googl"
+ "e/rpc/context/attribute_context.proto\032\027g"
- + "oogle/rpc/status.proto\"\372\004\n\010AuditLog\022\024\n\014s"
+ + "oogle/rpc/status.proto\"\376\004\n\010AuditLog\022\024\n\014s"
+ "ervice_name\030\007 \001(\t\022\023\n\013method_name\030\010 \001(\t\022\025"
+ "\n\rresource_name\030\013 \001(\t\022?\n\021resource_locati"
+ "on\030\024 \001(\0132$.google.cloud.audit.ResourceLo"
@@ -87,40 +87,41 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+ "etadata\022(\n\007request\030\020 \001(\0132\027.google.protob"
+ "uf.Struct\022)\n\010response\030\021 \001(\0132\027.google.pro"
+ "tobuf.Struct\022)\n\010metadata\030\022 \001(\0132\027.google."
- + "protobuf.Struct\022*\n\014service_data\030\017 \001(\0132\024."
- + "google.protobuf.Any\"\231\002\n\022AuthenticationIn"
- + "fo\022\027\n\017principal_email\030\001 \001(\t\022\032\n\022authority"
- + "_selector\030\002 \001(\t\0226\n\025third_party_principal"
- + "\030\004 \001(\0132\027.google.protobuf.Struct\022 \n\030servi"
- + "ce_account_key_name\030\005 \001(\t\022Y\n\037service_acc"
- + "ount_delegation_info\030\006 \003(\01320.google.clou"
- + "d.audit.ServiceAccountDelegationInfo\022\031\n\021"
- + "principal_subject\030\010 \001(\t\"\226\001\n\021Authorizatio"
- + "nInfo\022\020\n\010resource\030\001 \001(\t\022\022\n\npermission\030\002 "
- + "\001(\t\022\017\n\007granted\030\003 \001(\010\022J\n\023resource_attribu"
- + "tes\030\005 \001(\0132-.google.rpc.context.Attribute"
- + "Context.Resource\"\365\001\n\017RequestMetadata\022\021\n\t"
- + "caller_ip\030\001 \001(\t\022\"\n\032caller_supplied_user_"
- + "agent\030\002 \001(\t\022\026\n\016caller_network\030\003 \001(\t\022H\n\022r"
- + "equest_attributes\030\007 \001(\0132,.google.rpc.con"
- + "text.AttributeContext.Request\022I\n\026destina"
- + "tion_attributes\030\010 \001(\0132).google.rpc.conte"
- + "xt.AttributeContext.Peer\"I\n\020ResourceLoca"
- + "tion\022\031\n\021current_locations\030\001 \003(\t\022\032\n\022origi"
- + "nal_locations\030\002 \003(\t\"\250\003\n\034ServiceAccountDe"
- + "legationInfo\022e\n\025first_party_principal\030\001 "
- + "\001(\0132D.google.cloud.audit.ServiceAccountD"
- + "elegationInfo.FirstPartyPrincipalH\000\022e\n\025t"
- + "hird_party_principal\030\002 \001(\0132D.google.clou"
- + "d.audit.ServiceAccountDelegationInfo.Thi"
- + "rdPartyPrincipalH\000\032a\n\023FirstPartyPrincipa"
- + "l\022\027\n\017principal_email\030\001 \001(\t\0221\n\020service_me"
- + "tadata\030\002 \001(\0132\027.google.protobuf.Struct\032J\n"
- + "\023ThirdPartyPrincipal\0223\n\022third_party_clai"
- + "ms\030\001 \001(\0132\027.google.protobuf.StructB\013\n\tAut"
- + "horityBe\n\026com.google.cloud.auditB\rAuditL"
- + "ogProtoP\001Z7google.golang.org/genproto/go"
- + "ogleapis/cloud/audit;audit\370\001\001b\006proto3"
+ + "protobuf.Struct\022.\n\014service_data\030\017 \001(\0132\024."
+ + "google.protobuf.AnyB\002\030\001\"\231\002\n\022Authenticati"
+ + "onInfo\022\027\n\017principal_email\030\001 \001(\t\022\032\n\022autho"
+ + "rity_selector\030\002 \001(\t\0226\n\025third_party_princ"
+ + "ipal\030\004 \001(\0132\027.google.protobuf.Struct\022 \n\030s"
+ + "ervice_account_key_name\030\005 \001(\t\022Y\n\037service"
+ + "_account_delegation_info\030\006 \003(\01320.google."
+ + "cloud.audit.ServiceAccountDelegationInfo"
+ + "\022\031\n\021principal_subject\030\010 \001(\t\"\226\001\n\021Authoriz"
+ + "ationInfo\022\020\n\010resource\030\001 \001(\t\022\022\n\npermissio"
+ + "n\030\002 \001(\t\022\017\n\007granted\030\003 \001(\010\022J\n\023resource_att"
+ + "ributes\030\005 \001(\0132-.google.rpc.context.Attri"
+ + "buteContext.Resource\"\365\001\n\017RequestMetadata"
+ + "\022\021\n\tcaller_ip\030\001 \001(\t\022\"\n\032caller_supplied_u"
+ + "ser_agent\030\002 \001(\t\022\026\n\016caller_network\030\003 \001(\t\022"
+ + "H\n\022request_attributes\030\007 \001(\0132,.google.rpc"
+ + ".context.AttributeContext.Request\022I\n\026des"
+ + "tination_attributes\030\010 \001(\0132).google.rpc.c"
+ + "ontext.AttributeContext.Peer\"I\n\020Resource"
+ + "Location\022\031\n\021current_locations\030\001 \003(\t\022\032\n\022o"
+ + "riginal_locations\030\002 \003(\t\"\303\003\n\034ServiceAccou"
+ + "ntDelegationInfo\022\031\n\021principal_subject\030\003 "
+ + "\001(\t\022e\n\025first_party_principal\030\001 \001(\0132D.goo"
+ + "gle.cloud.audit.ServiceAccountDelegation"
+ + "Info.FirstPartyPrincipalH\000\022e\n\025third_part"
+ + "y_principal\030\002 \001(\0132D.google.cloud.audit.S"
+ + "erviceAccountDelegationInfo.ThirdPartyPr"
+ + "incipalH\000\032a\n\023FirstPartyPrincipal\022\027\n\017prin"
+ + "cipal_email\030\001 \001(\t\0221\n\020service_metadata\030\002 "
+ + "\001(\0132\027.google.protobuf.Struct\032J\n\023ThirdPar"
+ + "tyPrincipal\0223\n\022third_party_claims\030\001 \001(\0132"
+ + "\027.google.protobuf.StructB\013\n\tAuthorityBe\n"
+ + "\026com.google.cloud.auditB\rAuditLogProtoP\001"
+ + "Z7google.golang.org/genproto/googleapis/"
+ + "cloud/audit;audit\370\001\001b\006proto3"
};
descriptor =
com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -199,7 +200,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_google_cloud_audit_ServiceAccountDelegationInfo_descriptor,
new java.lang.String[] {
- "FirstPartyPrincipal", "ThirdPartyPrincipal", "Authority",
+ "PrincipalSubject", "FirstPartyPrincipal", "ThirdPartyPrincipal", "Authority",
});
internal_static_google_cloud_audit_ServiceAccountDelegationInfo_FirstPartyPrincipal_descriptor =
internal_static_google_cloud_audit_ServiceAccountDelegationInfo_descriptor
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java
index 8bef65de..63489c2c 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfo.java
@@ -176,9 +176,11 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -202,9 +204,11 @@ public java.lang.String getPrincipalEmail() {
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -1002,9 +1006,11 @@ public Builder mergeFrom(
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -1027,9 +1033,11 @@ public java.lang.String getPrincipalEmail() {
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -1052,9 +1060,11 @@ public com.google.protobuf.ByteString getPrincipalEmailBytes() {
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -1076,9 +1086,11 @@ public Builder setPrincipalEmail(java.lang.String value) {
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -1096,9 +1108,11 @@ public Builder clearPrincipalEmail() {
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java
index 756a8bab..d00cee31 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthenticationInfoOrBuilder.java
@@ -28,9 +28,11 @@ public interface AuthenticationInfoOrBuilder
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
@@ -43,9 +45,11 @@ public interface AuthenticationInfoOrBuilder
*
*
* The email address of the authenticated user (or service account on behalf
- * of third party principal) making the request. For privacy reasons, the
- * principal email address is redacted for all read-only operations that fail
- * with a "permission denied" error.
+ * of third party principal) making the request. For third party identity
+ * callers, the `principal_subject` field is populated instead of this field.
+ * For privacy reasons, the principal email address is sometimes redacted.
+ * For more information, see
+ * https://cloud.google.com/logging/docs/audit#user-id.
*
*
* string principal_email = 1;
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java
index 49723116..bca5b604 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfo.java
@@ -146,8 +146,11 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -170,8 +173,11 @@ public java.lang.String getResource() {
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -699,8 +705,11 @@ public Builder mergeFrom(
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -722,8 +731,11 @@ public java.lang.String getResource() {
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -745,8 +757,11 @@ public com.google.protobuf.ByteString getResourceBytes() {
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -767,8 +782,11 @@ public Builder setResource(java.lang.String value) {
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -785,8 +803,11 @@ public Builder clearResource() {
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java
index 716f91c7..fe0764ec 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/AuthorizationInfoOrBuilder.java
@@ -27,8 +27,11 @@ public interface AuthorizationInfoOrBuilder
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
@@ -40,8 +43,11 @@ public interface AuthorizationInfoOrBuilder
*
*
*
- * The resource being accessed, as a REST-style string. For example:
+ * The resource being accessed, as a REST-style or cloud resource string.
+ * For example:
* bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ * or
+ * projects/PROJECTID/datasets/DATASETID
*
*
* string resource = 1;
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java
index e86395d9..dabd99af 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfo.java
@@ -37,7 +37,9 @@ private ServiceAccountDelegationInfo(com.google.protobuf.GeneratedMessageV3.Buil
super(builder);
}
- private ServiceAccountDelegationInfo() {}
+ private ServiceAccountDelegationInfo() {
+ principalSubject_ = "";
+ }
@java.lang.Override
@SuppressWarnings({"unused"})
@@ -116,6 +118,13 @@ private ServiceAccountDelegationInfo(
authorityCase_ = 2;
break;
}
+ case 26:
+ {
+ java.lang.String s = input.readStringRequireUtf8();
+
+ principalSubject_ = s;
+ break;
+ }
default:
{
if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
@@ -1958,6 +1967,65 @@ public AuthorityCase getAuthorityCase() {
return AuthorityCase.forNumber(authorityCase_);
}
+ public static final int PRINCIPAL_SUBJECT_FIELD_NUMBER = 3;
+ private volatile java.lang.Object principalSubject_;
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return The principalSubject.
+ */
+ @java.lang.Override
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ return (java.lang.String) ref;
+ } else {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return The bytes for principalSubject.
+ */
+ @java.lang.Override
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof java.lang.String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+
public static final int FIRST_PARTY_PRINCIPAL_FIELD_NUMBER = 1;
/**
*
@@ -2102,6 +2170,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
output.writeMessage(
2, (com.google.cloud.audit.ServiceAccountDelegationInfo.ThirdPartyPrincipal) authority_);
}
+ if (!getPrincipalSubjectBytes().isEmpty()) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 3, principalSubject_);
+ }
unknownFields.writeTo(output);
}
@@ -2123,6 +2194,9 @@ public int getSerializedSize() {
2,
(com.google.cloud.audit.ServiceAccountDelegationInfo.ThirdPartyPrincipal) authority_);
}
+ if (!getPrincipalSubjectBytes().isEmpty()) {
+ size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, principalSubject_);
+ }
size += unknownFields.getSerializedSize();
memoizedSize = size;
return size;
@@ -2139,6 +2213,7 @@ public boolean equals(final java.lang.Object obj) {
com.google.cloud.audit.ServiceAccountDelegationInfo other =
(com.google.cloud.audit.ServiceAccountDelegationInfo) obj;
+ if (!getPrincipalSubject().equals(other.getPrincipalSubject())) return false;
if (!getAuthorityCase().equals(other.getAuthorityCase())) return false;
switch (authorityCase_) {
case 1:
@@ -2161,6 +2236,8 @@ public int hashCode() {
}
int hash = 41;
hash = (19 * hash) + getDescriptor().hashCode();
+ hash = (37 * hash) + PRINCIPAL_SUBJECT_FIELD_NUMBER;
+ hash = (53 * hash) + getPrincipalSubject().hashCode();
switch (authorityCase_) {
case 1:
hash = (37 * hash) + FIRST_PARTY_PRINCIPAL_FIELD_NUMBER;
@@ -2318,6 +2395,8 @@ private void maybeForceBuilderInitialization() {
@java.lang.Override
public Builder clear() {
super.clear();
+ principalSubject_ = "";
+
authorityCase_ = 0;
authority_ = null;
return this;
@@ -2347,6 +2426,7 @@ public com.google.cloud.audit.ServiceAccountDelegationInfo build() {
public com.google.cloud.audit.ServiceAccountDelegationInfo buildPartial() {
com.google.cloud.audit.ServiceAccountDelegationInfo result =
new com.google.cloud.audit.ServiceAccountDelegationInfo(this);
+ result.principalSubject_ = principalSubject_;
if (authorityCase_ == 1) {
if (firstPartyPrincipalBuilder_ == null) {
result.authority_ = authority_;
@@ -2412,6 +2492,10 @@ public Builder mergeFrom(com.google.protobuf.Message other) {
public Builder mergeFrom(com.google.cloud.audit.ServiceAccountDelegationInfo other) {
if (other == com.google.cloud.audit.ServiceAccountDelegationInfo.getDefaultInstance())
return this;
+ if (!other.getPrincipalSubject().isEmpty()) {
+ principalSubject_ = other.principalSubject_;
+ onChanged();
+ }
switch (other.getAuthorityCase()) {
case FIRST_PARTY_PRINCIPAL:
{
@@ -2472,6 +2556,137 @@ public Builder clearAuthority() {
return this;
}
+ private java.lang.Object principalSubject_ = "";
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return The principalSubject.
+ */
+ public java.lang.String getPrincipalSubject() {
+ java.lang.Object ref = principalSubject_;
+ if (!(ref instanceof java.lang.String)) {
+ com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+ java.lang.String s = bs.toStringUtf8();
+ principalSubject_ = s;
+ return s;
+ } else {
+ return (java.lang.String) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return The bytes for principalSubject.
+ */
+ public com.google.protobuf.ByteString getPrincipalSubjectBytes() {
+ java.lang.Object ref = principalSubject_;
+ if (ref instanceof String) {
+ com.google.protobuf.ByteString b =
+ com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+ principalSubject_ = b;
+ return b;
+ } else {
+ return (com.google.protobuf.ByteString) ref;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @param value The principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubject(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearPrincipalSubject() {
+
+ principalSubject_ = getDefaultInstance().getPrincipalSubject();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @param value The bytes for principalSubject to set.
+ * @return This builder for chaining.
+ */
+ public Builder setPrincipalSubjectBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+
+ principalSubject_ = value;
+ onChanged();
+ return this;
+ }
+
private com.google.protobuf.SingleFieldBuilderV3<
com.google.cloud.audit.ServiceAccountDelegationInfo.FirstPartyPrincipal,
com.google.cloud.audit.ServiceAccountDelegationInfo.FirstPartyPrincipal.Builder,
diff --git a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java
index d7d6d5f6..6dd5b65c 100644
--- a/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java
+++ b/proto-google-common-protos/src/main/java/com/google/cloud/audit/ServiceAccountDelegationInfoOrBuilder.java
@@ -23,6 +23,41 @@ public interface ServiceAccountDelegationInfoOrBuilder
// @@protoc_insertion_point(interface_extends:google.cloud.audit.ServiceAccountDelegationInfo)
com.google.protobuf.MessageOrBuilder {
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return The principalSubject.
+ */
+ java.lang.String getPrincipalSubject();
+ /**
+ *
+ *
+ *
+ * A string representing the principal_subject associated with the identity.
+ * For most identities, the format will be
+ * `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ * except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ * that are still in the legacy format `serviceAccount:{identity pool
+ * name}[{subject}]`
+ *
+ *
+ * string principal_subject = 3;
+ *
+ * @return The bytes for principalSubject.
+ */
+ com.google.protobuf.ByteString getPrincipalSubjectBytes();
+
/**
*
*
diff --git a/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto b/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto
index 66ea0214..33d50083 100644
--- a/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto
+++ b/proto-google-common-protos/src/main/proto/google/cloud/audit/audit_log.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -30,23 +30,23 @@ option java_package = "com.google.cloud.audit";
// Common audit log format for Google Cloud Platform API operations.
message AuditLog {
// The name of the API service performing the operation. For example,
- // `"datastore.googleapis.com"`.
+ // `"compute.googleapis.com"`.
string service_name = 7;
// The name of the service method or operation.
// For API calls, this should be the name of the API method.
// For example,
//
- // "google.datastore.v1.Datastore.RunQuery"
- // "google.logging.v1.LoggingService.DeleteLog"
+ // "google.cloud.bigquery.v2.TableService.InsertTable"
+ // "google.logging.v2.ConfigServiceV2.CreateSink"
string method_name = 8;
// The resource or collection that is the target of the operation.
// The name is a scheme-less URI, not including the API service name.
// For example:
//
- // "shelves/SHELF_ID/books"
- // "shelves/SHELF_ID/books/BOOK_ID"
+ // "projects/PROJECT_ID/zones/us-central1-a/instances"
+ // "projects/PROJECT_ID/datasets/DATASET_ID"
string resource_name = 11;
// The resource location information.
@@ -99,18 +99,20 @@ message AuditLog {
// information associated with the current audited event.
google.protobuf.Struct metadata = 18;
- // Deprecated, use `metadata` field instead.
+ // Deprecated. Use the `metadata` field instead.
// Other service-specific data about the request, response, and other
// activities.
- google.protobuf.Any service_data = 15;
+ google.protobuf.Any service_data = 15 [deprecated = true];
}
// Authentication information for the operation.
message AuthenticationInfo {
// The email address of the authenticated user (or service account on behalf
- // of third party principal) making the request. For privacy reasons, the
- // principal email address is redacted for all read-only operations that fail
- // with a "permission denied" error.
+ // of third party principal) making the request. For third party identity
+ // callers, the `principal_subject` field is populated instead of this field.
+ // For privacy reasons, the principal email address is sometimes redacted.
+ // For more information, see
+ // https://cloud.google.com/logging/docs/audit#user-id.
string principal_email = 1;
// The authority selector specified by the requestor, if any.
@@ -144,9 +146,12 @@ message AuthenticationInfo {
// Authorization information for the operation.
message AuthorizationInfo {
- // The resource being accessed, as a REST-style string. For example:
+ // The resource being accessed, as a REST-style or cloud resource string.
+ // For example:
//
// bigquery.googleapis.com/projects/PROJECTID/datasets/DATASETID
+ // or
+ // projects/PROJECTID/datasets/DATASETID
string resource = 1;
// The required IAM permission.
@@ -258,6 +263,14 @@ message ServiceAccountDelegationInfo {
google.protobuf.Struct third_party_claims = 1;
}
+ // A string representing the principal_subject associated with the identity.
+ // For most identities, the format will be
+ // `principal://iam.googleapis.com/{identity pool name}/subject/{subject)`
+ // except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD)
+ // that are still in the legacy format `serviceAccount:{identity pool
+ // name}[{subject}]`
+ string principal_subject = 3;
+
// Entity that creates credentials for service account and assumes its
// identity for authentication.
oneof Authority {
diff --git a/synth.metadata b/synth.metadata
index 75e43977..50e52a8b 100644
--- a/synth.metadata
+++ b/synth.metadata
@@ -4,14 +4,15 @@
"git": {
"name": ".",
"remote": "https://github.com/googleapis/java-common-protos.git",
- "sha": "9821b8114ad809bdf017935e3371801b2dfa0d4d"
+ "sha": "2807c8c5459e59d148d1501e39930be7992b06ca"
}
},
{
"git": {
"name": "googleapis",
"remote": "https://github.com/googleapis/googleapis.git",
- "sha": "95e75e5c62bbb54110428e9cc4ebb9aa2508df91"
+ "sha": "ba89dace27923254d96ab8339b831dc996e2112f",
+ "internalRef": "377318673"
}
},
{