This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

SPEKTRA Edge API Reference Manuals

Here is the list of API reference manuals for the SPEKTRA Edge core services.

They can be accessed via:

1 - SPEKTRA Edge Meta Service API

Understanding the Meta service API.

Meta is a core, reflection service for the whole SPEKTRA Edge ecosystem. It allows all services on the SPEKTRA Edge platform to gain access to the ecosystem which consists of:

Meta service allows us to see in which regions the ecosystem is deployed, what services each region offers, what are possible services in general and what resources they have declared.

It underpins several features like multi-region routing (thanks to knowledge of regions and deployments), Limits (thanks to knowledge of resources), garbage collection (thanks to the knowledge of all service schemas and their relationship with each other).

Note that some services are public, some private (and viewing them may be rejected).

Full API Specifications (with resources):

Resources

Deployments

A deployment represents an instance of a chosen service in a particular region (backend service). It contains some basic information, API version number available (currently active), regional public endpoint, location, etc.

Regions

A region represents a single region where services can hold their deployments.

Services

A service represents some particular service on the SPEKTRA Edge platform, for example, devices.edgelq.com. Organization admins can even deploy their services, too.

Each Service must belong to some service project, from which it inherits all role bindings.

1.1 -

Understanding the meta.goten.com service APIv1, in proto package goten.meta.v1.

Service meta.goten.com in version v1, proto package goten.meta.v1

Here is the list of resources supported in Meta service APIv1:

Deployment Resource

Deployment Resource describes deployment of service in specific regional cluster (may be multi-zonal). It contains accessibility details.

Name patterns:

  • services/{service}/deployments/{deployment}

Parent resources:

This section covers the methods and messages to interact with Deployment resource.

Deployment Methods

Here is the list of Deployment resource methods:

GetDeployment Method

GetDeployment

rpc GetDeployment(GetDeploymentRequest) returns (Deployment)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.get

The equivalent REST API is:

GET /meta/v1/{name=services/*/deployments/*}

BatchGetDeployments Method

BatchGetDeployments

rpc BatchGetDeployments(BatchGetDeploymentsRequest) returns (BatchGetDeploymentsResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.batchGet

The equivalent REST API is:

GET /meta/v1/deployments:batchGet

ListDeployments Method

ListDeployments

rpc ListDeployments(ListDeploymentsRequest) returns (ListDeploymentsResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.list

The equivalent REST API is:

GET /meta/v1/{parent=services/*}/deployments

WatchDeployment Method

WatchDeployment

rpc WatchDeployment(WatchDeploymentRequest) returns (WatchDeploymentResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.watch

The equivalent REST API is:

POST /meta/v1/{name=services/*/deployments/*}:watch

WatchDeployments Method

WatchDeployments

rpc WatchDeployments(WatchDeploymentsRequest) returns (WatchDeploymentsResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.watch

The equivalent REST API is:

POST /meta/v1/{parent=services/*}/deployments:watch

CreateDeployment Method

CreateDeployment

rpc CreateDeployment(CreateDeploymentRequest) returns (Deployment)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.create

The equivalent REST API is:

POST /meta/v1/{parent=services/*}/deployments (BODY: deployment)

UpdateDeployment Method

UpdateDeployment

rpc UpdateDeployment(UpdateDeploymentRequest) returns (Deployment)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.update

The equivalent REST API is:

PUT /meta/v1/{deployment.name=services/*/deployments/*} (BODY: deployment)

DeleteDeployment Method

DeleteDeployment

rpc DeleteDeployment(DeleteDeploymentRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.delete

The equivalent REST API is:

DELETE /meta/v1/{name=services/*/deployments/*}

BeginUpgrade Method

BeginUpgrade

rpc BeginUpgrade(BeginUpgradeRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.beginUpgrade

The equivalent REST API is:

POST /meta/v1/{name=services/*/deployments/*}:beginUpgrade

SetAvailableUpgrade Method

SetAvailableUpgrade

rpc SetAvailableUpgrade(SetAvailableUpgradeRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.setAvailableUpgrade

The equivalent REST API is:

POST /meta/v1/{name=services/*/deployments/*}:setAvailableUpgrade

NotifyShardsUpgradeReadiness Method

NotifyShardsUpgradeReadiness

rpc NotifyShardsUpgradeReadiness(NotifyShardsUpgradeReadinessRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.notifyShardsUpgradeReadiness

The equivalent REST API is:

POST /meta/v1/{name=services/*/deployments/*}:notifyShardsUpgradeReadiness

GetOrRegisterDataUpdateTask Method

GetOrRegisterDataUpdateTask

rpc GetOrRegisterDataUpdateTask(GetOrRegisterDataUpdateTaskRequest) returns (GetOrRegisterDataUpdateTaskResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.getOrRegisterDataUpdateTask

The equivalent REST API is:

POST /meta/v1/{name=services/*/deployments/*}:getOrRegisterDataUpdateTask

UpdateDataTaskUpdate Method

UpdateDataTaskUpdate

rpc UpdateDataTaskUpdate(UpdateDataTaskUpdateRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/deployments.updateDataTaskUpdate

The equivalent REST API is:

POST /meta/v1/{name=services/*/deployments/*}:updateDataTaskUpdate

Deployment Messages

Here is the list of Deployment resource messages:

Deployment Message

Name Type Description
name string (name of Deployment) Name of Deployment ID must be exactly same as region ID it belongs to - it is populated automatically by Goten components.
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
service_name string Service display name - it is lowerCamelCase of service name, but not domain. It is taken from api-skeleton file, under “service.name” path.
region string (reference to Region) Informs in which region cluster running this deployment is located.
public_domain string Public domain indicates under which public address service in this particular region can be accessed.
private_domain string Private domain indicates how to access this service within local private network. However, this address should not be available for anyone outside network. It is only to be used by other service deployments that run within same private network for better performance purposes (less hops). It should be used in conjunction with field local_network_id.
labelled_domains repeated LabelledDomain Additional regional domains with labels where Deployment can be accessed.
local_network_id string Local network identifier - it can be mostly anything, however if two deployments for different services hold same value in same region, then Goten components will try to optimize access by using private_domain field instead of public_domain.
location Deployment.Location Location of given deployment. This value is likely to be equal for all deployments using same underlying cluster. It may be used by Goten to optimize multi-region routing.
is_disabled bool Whether this deployment is disabled. It does not trigger any deployment deletion - it will just notify others (in different regions) that its no longer available and no request should be routed there. It can be used as first step to delete deployment.
env_registry_generation int32 Generation number used by EnvRegistry config to generate this resource.
current_version string The current version of the service. Note this MAY not be the newest version! At the very least, if there was a fresh db upgrade, it will be old version till automatic upgrade finishes (or manual switch happens).
db_data_version string Current version of data in the database, it must follow convention v<Number>.<Number>… (may be more numbers). When deployment is created first time, value is set to the current value. If non-empty lower value is detected, db-controller may run update task locally. Do not confuse this field with “current_version”, which describes API version. If not populated, then “current”/“newest” should be assumed. current_version signals main API version by deployment, while db_data_version indicates underlying database data. It can be used for internal upgrades, database migrations, or simple in-place updates.
db_location_tag string Arbitrary database location tag. This should be used if database migration is needed (different endpoint, backend, namespace…).
automatic_version_switch bool If true, then switch to the new version will be automatic (if there is newer), once db upgrade finishes. Otherwise it will require manual call from operator.
available_upgrade Deployment.AvailableUpgrade
upgrade_state Deployment.UpgradeState Current state of the upgrade task.
data_update_statuses repeated Deployment.DbUpdateTaskStatus Tagged update statuses.

Deployment.Location Message

Location describes deployment location of this deployment. It may be used for multi-region routing to help determine closest deployment.

Name Type Description
continent string Continent
country string Country
agglomeration string Agglomeration
city string City
cloud string Cloud provider (like GCP, Azure, AWS…)

Deployment.UpgradeState Message

UpgradeState describes current state of database major upgrade. This corresponds to database migrations, API upgrades, other internal updates (if needed).

Name Type Description
target_version string
ready_shards repeated int64
pending_shards repeated int64
stage Deployment.UpgradeState.Stage
db_data_target_version string Value to switch once update is completed for db_data_version value.
db_target_location_tag string

Deployment.AvailableUpgrade Message

Name Type Description
api_version string
db_data_version string
db_location_tag string
total_shards_count int64

Deployment.DbUpdateTaskStatus Message

Name Type Description
task_tag string Identifying tag
shards_count int64 Shards count
ready_shards repeated int64 List of completed shards
target_version string Target data version
progress_bar repeated .google.protobuf.Struct Optional generic data submitted by task handler, in case of resharding/controller reboot.

GetDeploymentRequest Message

A request message of the GetDeployment method.

Name Type Description
name string (name of Deployment) Name of goten.meta.v1.Deployment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeploymentsRequest Message

A request message of the BatchGetDeployments method.

Name Type Description
names repeated string (name of Deployment) Names of Deployments
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeploymentsResponse Message

A response message of the BatchGetDeployments method.

Name Type Description
deployments repeated Deployment found Deployments
missing repeated string (name of Deployment) list of not found Deployments

ListDeploymentsRequest Message

A request message of the ListDeployments method.

Name Type Description
parent string (parent name of Deployment) Parent name of goten.meta.v1.Deployment
page_size int32 Requested page size. Server may return fewer Deployments than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Deployment) A token identifying a page of results the server should return. Typically, this is the value of ListDeploymentsResponse.next_page_token.
order_by string (orderBy of Deployment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Deployment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDeploymentsResponse Message

A response message of the ListDeployments method.

Name Type Description
deployments repeated Deployment The list of Deployments
prev_page_token string (cursor of Deployment) A token to retrieve previous page of results. Pass this value in the ListDeploymentsRequest.page_token.
next_page_token string (cursor of Deployment) A token to retrieve next page of results. Pass this value in the ListDeploymentsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Deployments across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeploymentRequest Message

A request message of the WatchDeployment method.

Name Type Description
name string (name of Deployment) Name of goten.meta.v1.Deployment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeploymentResponse Message

A response message of the WatchDeployment method.

Name Type Description
change DeploymentChange

WatchDeploymentsRequest Message

A request message of the WatchDeployments method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Deployment) Parent name of goten.meta.v1.Deployment
page_size int32 Requested page size. Server may return fewer Deployments than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Deployment) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Deployment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Deployment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Deployment that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Deployment that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDeploymentsResponse Message

A response message of the WatchDeployments method.

Name Type Description
deployment_changes repeated DeploymentChange Changes of Deployments
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Deployments will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDeploymentsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Deployments will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDeploymentsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Deployment) New token to retrieve previous page of results.
next_page_token string (cursor of Deployment) New token to retrieve next page of results.

CreateDeploymentRequest Message

A request message of the CreateDeployment method.

Name Type Description
parent string (parent name of Deployment) Parent name of goten.meta.v1.Deployment
deployment Deployment Deployment resource body
response_mask CreateDeploymentRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateDeploymentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateDeploymentRequest Message

A request message of the UpdateDeployment method.

Name Type Description
deployment Deployment Deployment resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateDeploymentRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateDeploymentRequest.ResponseMask reduce message response size.

UpdateDeploymentRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Deployment Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateDeploymentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteDeploymentRequest Message

A request message of the DeleteDeployment method.

Name Type Description
name string (name of Deployment) Name of goten.meta.v1.Deployment
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

BeginUpgradeRequest Message

Request message for method [BeginUpgrade][goten.meta.v1.BeginUpgrade]

Name Type Description
name string (name of Deployment) name of goten.meta.v1.Deployment

SetAvailableUpgradeRequest Message

Request message for method [SetAvailableUpgrade][goten.meta.v1.SetAvailableUpgrade]

Name Type Description
name string (name of Deployment) name of goten.meta.v1.Deployment
target_api_version string
total_shards_count int64
target_db_data_version string
target_db_location_tag string

NotifyShardsUpgradeReadinessRequest Message

Request message for method [NotifyShardsUpgradeReadiness][goten.meta.v1.NotifyShardsUpgradeReadiness]

Name Type Description
name string (name of Deployment) name of goten.meta.v1.Deployment
shards_from int64
shards_to int64
ready bool
total_shards_count int64

GetOrRegisterDataUpdateTaskRequest Message

Request message for method [GetOrRegisterDataUpdateTask][goten.meta.v1.GetOrRegisterDataUpdateTask]

Name Type Description
name string (name of Deployment) name of goten.meta.v1.Deployment
tag string Data task tag
shards_count int64 Number of shards
db_data_target_version string Db data target version

GetOrRegisterDataUpdateTaskResponse Message

Response message for method [GetOrRegisterDataUpdateTask][goten.meta.v1.GetOrRegisterDataUpdateTask]

Name Type Description
status Deployment.DbUpdateTaskStatus

UpdateDataTaskUpdateRequest Message

Request message for method [UpdateDataTaskUpdate][goten.meta.v1.UpdateDataTaskUpdate]

Name Type Description
name string (name of Deployment) name of goten.meta.v1.Deployment
tag string Data task tag
shard int64 Number of shards
done bool Whether it is completed
progress_status .google.protobuf.Struct Information about progress
db_data_target_version string Db data target version

Deployment Enumerations

Here is the list of Deployment resource enumerations:

Deployment.UpgradeState.Stage Enumeration

Name Description
READY
INITIAL_SYNCING
SWITCHING

Region Resource

Region Resource is an auxiliary resource that provides geographic scope to resources in Goten services, ideally should point to narrow geographic location but Goten is not strict about it. This allows case where in single physical location we have multiple clusters using different virtual networks hosting different deployments. Goten uses regions to aid in global scaling, but otherwise tries to abstract from running hardware focusing on services instead.

Name patterns:

  • regions/{region}

This section covers the methods and messages to interact with Region resource.

Region Methods

Here is the list of Region resource methods:

GetRegion Method

GetRegion

rpc GetRegion(GetRegionRequest) returns (Region)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.get

The equivalent REST API is:

GET /meta/v1/{name=regions/*}

BatchGetRegions Method

BatchGetRegions

rpc BatchGetRegions(BatchGetRegionsRequest) returns (BatchGetRegionsResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.batchGet

The equivalent REST API is:

GET /meta/v1/regions:batchGet

ListRegions Method

ListRegions

rpc ListRegions(ListRegionsRequest) returns (ListRegionsResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.list

The equivalent REST API is:

GET /meta/v1/regions

WatchRegion Method

WatchRegion

rpc WatchRegion(WatchRegionRequest) returns (WatchRegionResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.watch

The equivalent REST API is:

POST /meta/v1/{name=regions/*}:watch

WatchRegions Method

WatchRegions

rpc WatchRegions(WatchRegionsRequest) returns (WatchRegionsResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.watch

The equivalent REST API is:

POST /meta/v1/regions:watch

CreateRegion Method

CreateRegion

rpc CreateRegion(CreateRegionRequest) returns (Region)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.create

The equivalent REST API is:

POST /meta/v1/regions (BODY: region)

UpdateRegion Method

UpdateRegion

rpc UpdateRegion(UpdateRegionRequest) returns (Region)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.update

The equivalent REST API is:

PUT /meta/v1/{region.name=regions/*} (BODY: region)

DeleteRegion Method

DeleteRegion

rpc DeleteRegion(DeleteRegionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/regions.delete

The equivalent REST API is:

DELETE /meta/v1/{name=regions/*}

Region Messages

Here is the list of Region resource messages:

Region Message

Name Type Description
name string (name of Region) Name of Region When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
title string Region title

GetRegionRequest Message

A request message of the GetRegion method.

Name Type Description
name string (name of Region) Name of goten.meta.v1.Region
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRegionsRequest Message

A request message of the BatchGetRegions method.

Name Type Description
names repeated string (name of Region) Names of Regions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRegionsResponse Message

A response message of the BatchGetRegions method.

Name Type Description
regions repeated Region found Regions
missing repeated string (name of Region) list of not found Regions

ListRegionsRequest Message

A request message of the ListRegions method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Regions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Region) A token identifying a page of results the server should return. Typically, this is the value of ListRegionsResponse.next_page_token.
order_by string (orderBy of Region) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Region) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRegionsResponse Message

A response message of the ListRegions method.

Name Type Description
regions repeated Region The list of Regions
prev_page_token string (cursor of Region) A token to retrieve previous page of results. Pass this value in the ListRegionsRequest.page_token.
next_page_token string (cursor of Region) A token to retrieve next page of results. Pass this value in the ListRegionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Regions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRegionRequest Message

A request message of the WatchRegion method.

Name Type Description
name string (name of Region) Name of goten.meta.v1.Region
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRegionResponse Message

A response message of the WatchRegion method.

Name Type Description
change RegionChange

WatchRegionsRequest Message

A request message of the WatchRegions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Regions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Region) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Region) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Region) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Region that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Region that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRegionsResponse Message

A response message of the WatchRegions method.

Name Type Description
region_changes repeated RegionChange Changes of Regions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Regions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRegionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Regions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRegionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Region) New token to retrieve previous page of results.
next_page_token string (cursor of Region) New token to retrieve next page of results.

CreateRegionRequest Message

A request message of the CreateRegion method.

Name Type Description
region Region Region resource body
response_mask CreateRegionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRegionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRegionRequest Message

A request message of the UpdateRegion method.

Name Type Description
region Region Region resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRegionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRegionRequest.ResponseMask reduce message response size.

UpdateRegionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Region Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRegionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRegionRequest Message

A request message of the DeleteRegion method.

Name Type Description
name string (name of Region) Name of goten.meta.v1.Region
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Resource Resource

Resource Resource

Name patterns:

  • services/{service}/resources/{resource}

Parent resources:

This section covers the methods and messages to interact with Resource resource.

Resource Methods

Here is the list of Resource resource methods:

GetResource Method

GetResource

rpc GetResource(GetResourceRequest) returns (Resource)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.get

The equivalent REST API is:

GET /meta/v1/{name=services/*/resources/*}

BatchGetResources Method

BatchGetResources

rpc BatchGetResources(BatchGetResourcesRequest) returns (BatchGetResourcesResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.batchGet

The equivalent REST API is:

GET /meta/v1/resources:batchGet

ListResources Method

ListResources

rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.list

The equivalent REST API is:

GET /meta/v1/{parent=services/*}/resources

WatchResource Method

WatchResource

rpc WatchResource(WatchResourceRequest) returns (WatchResourceResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.watch

The equivalent REST API is:

POST /meta/v1/{name=services/*/resources/*}:watch

WatchResources Method

WatchResources

rpc WatchResources(WatchResourcesRequest) returns (WatchResourcesResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.watch

The equivalent REST API is:

POST /meta/v1/{parent=services/*}/resources:watch

CreateResource Method

CreateResource

rpc CreateResource(CreateResourceRequest) returns (Resource)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.create

The equivalent REST API is:

POST /meta/v1/{parent=services/*}/resources (BODY: resource)

UpdateResource Method

UpdateResource

rpc UpdateResource(UpdateResourceRequest) returns (Resource)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.update

The equivalent REST API is:

PUT /meta/v1/{resource.name=services/*/resources/*} (BODY: resource)

DeleteResource Method

DeleteResource

rpc DeleteResource(DeleteResourceRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/resources.delete

The equivalent REST API is:

DELETE /meta/v1/{name=services/*/resources/*}

Resource Messages

Here is the list of Resource resource messages:

Resource Message

Name Type Description
name string (name of Resource) Name of Resource When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
plural_name string Plural name of resource in CamelForm, for example “Devices”
fqn string Fully qualified name, for example devices.edgelq.com/Device. It can also be derived from name too.
versions repeated string List of service versions where this resource is known. This list will be sorted if created by meta service provided by Goten. The newest version is first, the oldest last.
versioned_infos repeated Resource.VersionedInfo Versioned information holds values that may be valid for specific versions only. Sorted exactly like versions list.

Resource.VersionedInfo Message

VersionedInfo contains specification part that is versioned.

Name Type Description
version string Resource version this information applies to.
is_regional bool Whether resource is regional.

GetResourceRequest Message

A request message of the GetResource method.

Name Type Description
name string (name of Resource) Name of goten.meta.v1.Resource
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetResourcesRequest Message

A request message of the BatchGetResources method.

Name Type Description
names repeated string (name of Resource) Names of Resources
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetResourcesResponse Message

A response message of the BatchGetResources method.

Name Type Description
resources repeated Resource found Resources
missing repeated string (name of Resource) list of not found Resources

ListResourcesRequest Message

A request message of the ListResources method.

Name Type Description
parent string (parent name of Resource) Parent name of goten.meta.v1.Resource
page_size int32 Requested page size. Server may return fewer Resources than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Resource) A token identifying a page of results the server should return. Typically, this is the value of ListResourcesResponse.next_page_token.
order_by string (orderBy of Resource) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Resource) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListResourcesResponse Message

A response message of the ListResources method.

Name Type Description
resources repeated Resource The list of Resources
prev_page_token string (cursor of Resource) A token to retrieve previous page of results. Pass this value in the ListResourcesRequest.page_token.
next_page_token string (cursor of Resource) A token to retrieve next page of results. Pass this value in the ListResourcesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Resources across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchResourceRequest Message

A request message of the WatchResource method.

Name Type Description
name string (name of Resource) Name of goten.meta.v1.Resource
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchResourceResponse Message

A response message of the WatchResource method.

Name Type Description
change ResourceChange

WatchResourcesRequest Message

A request message of the WatchResources method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Resource) Parent name of goten.meta.v1.Resource
page_size int32 Requested page size. Server may return fewer Resources than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Resource) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Resource) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Resource) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Resource that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Resource that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchResourcesResponse Message

A response message of the WatchResources method.

Name Type Description
resource_changes repeated ResourceChange Changes of Resources
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Resources will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchResourcesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Resources will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchResourcesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Resource) New token to retrieve previous page of results.
next_page_token string (cursor of Resource) New token to retrieve next page of results.

CreateResourceRequest Message

A request message of the CreateResource method.

Name Type Description
parent string (parent name of Resource) Parent name of goten.meta.v1.Resource
resource Resource Resource resource body
response_mask CreateResourceRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateResourceRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateResourceRequest Message

A request message of the UpdateResource method.

Name Type Description
resource Resource Resource resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateResourceRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateResourceRequest.ResponseMask reduce message response size.

UpdateResourceRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Resource Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateResourceRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteResourceRequest Message

A request message of the DeleteResource method.

Name Type Description
name string (name of Resource) Name of goten.meta.v1.Resource
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Service Resource

Service Resource contains service description like domain under which it can be accessed, versions, imported services and their versions.

Name patterns:

  • services/{service}

This section covers the methods and messages to interact with Service resource.

Service Methods

Here is the list of Service resource methods:

GetService Method

GetService

rpc GetService(GetServiceRequest) returns (Service)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.get

The equivalent REST API is:

GET /meta/v1/{name=services/*}

BatchGetServices Method

BatchGetServices

rpc BatchGetServices(BatchGetServicesRequest) returns (BatchGetServicesResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.batchGet

The equivalent REST API is:

GET /meta/v1/services:batchGet

ListServices Method

ListServices

rpc ListServices(ListServicesRequest) returns (ListServicesResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.list

The equivalent REST API is:

GET /meta/v1/services

WatchService Method

WatchService

rpc WatchService(WatchServiceRequest) returns (WatchServiceResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.watch

The equivalent REST API is:

POST /meta/v1/{name=services/*}:watch

WatchServices Method

WatchServices

rpc WatchServices(WatchServicesRequest) returns (WatchServicesResponse)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.watch

The equivalent REST API is:

POST /meta/v1/services:watch

CreateService Method

CreateService

rpc CreateService(CreateServiceRequest) returns (Service)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.create

The equivalent REST API is:

POST /meta/v1/services (BODY: service)

UpdateService Method

UpdateService

rpc UpdateService(UpdateServiceRequest) returns (Service)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.update

The equivalent REST API is:

PUT /meta/v1/{service.name=services/*} (BODY: service)

DeleteService Method

DeleteService

rpc DeleteService(DeleteServiceRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/meta.goten.com/permissions/services.delete

The equivalent REST API is:

DELETE /meta/v1/{name=services/*}

Service Messages

Here is the list of Service resource messages:

Service Message

Name Type Description
name string (name of Service) Name of Service When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-.]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
multi_region_policy MultiRegionPolicy Multi region policy defines in which region all kid resources (and their kids) will by default belong and cross-region syncing policies.
display_name string Service display name - it is lowerCamelCase of service name, but not domain. It is taken from api-skeleton file, under “service.name” path.
all_versions repeated string All supported versions. This list will be sorted if created by meta service provided by Goten. The newest version is first, the oldest last.
global_domain string Globally available domain for this service. Requests to it should direct to most suitable (usually the nearest/healthy/most performant) region.
labelled_domains repeated LabelledDomain Additional global domains with labels.
leading_service string (name of Service) If given service is part of service group, this value points to the leading service.
imported_services repeated string (reference to Service) All imported on schema-level services. This list declares that resources in those services can be referenced by this service.
used_services repeated string (reference to Service) All used services. Unlike imported, they are not imported on schema level. Its just a declaration that given service may access other services, but does not try to establish any references.
imported_versions repeated Service.ImportedVersions Information containing which imported service version is used by current service version. This does not include any used services.
env_registry_generation int32 Generation number used by EnvRegistry config to generate this resource.
automatic_version_switch bool If true, then switch to the new version will be automatic (if there is newer), once db upgrade finishes. Otherwise it will require manual call from operator.

Service.ImportedVersions Message

ImportedVersions contains information which version of the imported service is used by current service in specific version.

Name Type Description
target_service string (reference to Service) Imported service reference
target_service_version string Version of the imported service
current_service_version string Version of the current service that imports target service in its version.

GetServiceRequest Message

A request message of the GetService method.

Name Type Description
name string (name of Service) Name of goten.meta.v1.Service
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServicesRequest Message

A request message of the BatchGetServices method.

Name Type Description
names repeated string (name of Service) Names of Services
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServicesResponse Message

A response message of the BatchGetServices method.

Name Type Description
services repeated Service found Services
missing repeated string (name of Service) list of not found Services

ListServicesRequest Message

A request message of the ListServices method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Services than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Service) A token identifying a page of results the server should return. Typically, this is the value of ListServicesResponse.next_page_token.
order_by string (orderBy of Service) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Service) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListServicesResponse Message

A response message of the ListServices method.

Name Type Description
services repeated Service The list of Services
prev_page_token string (cursor of Service) A token to retrieve previous page of results. Pass this value in the ListServicesRequest.page_token.
next_page_token string (cursor of Service) A token to retrieve next page of results. Pass this value in the ListServicesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Services across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchServiceRequest Message

A request message of the WatchService method.

Name Type Description
name string (name of Service) Name of goten.meta.v1.Service
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchServiceResponse Message

A response message of the WatchService method.

Name Type Description
change ServiceChange

WatchServicesRequest Message

A request message of the WatchServices method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Services than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Service) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Service) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Service) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Service that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Service that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchServicesResponse Message

A response message of the WatchServices method.

Name Type Description
service_changes repeated ServiceChange Changes of Services
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Services will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchServicesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Services will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchServicesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Service) New token to retrieve previous page of results.
next_page_token string (cursor of Service) New token to retrieve next page of results.

CreateServiceRequest Message

A request message of the CreateService method.

Name Type Description
service Service Service resource body
response_mask CreateServiceRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateServiceRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateServiceRequest Message

A request message of the UpdateService method.

Name Type Description
service Service Service resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateServiceRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateServiceRequest.ResponseMask reduce message response size.

UpdateServiceRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Service Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateServiceRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteServiceRequest Message

A request message of the DeleteService method.

Name Type Description
name string (name of Service) Name of goten.meta.v1.Service
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Meta Service Shared Methods and Messages

Meta Service Shared Messages

Here is the list of Meta service shared messages:

DeploymentChange Message

DeploymentChange is used by Watch notifications Responses to describe change of single Deployment One of Added, Modified, Removed

Name Type Description
added DeploymentChange.Added Added is returned when watched document is added, either created or enters Query view
modified DeploymentChange.Modified Modified is returned when watched document is modified
current DeploymentChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed DeploymentChange.Removed Removed is returned when Deployment is deleted or leaves Query view

DeploymentChange.Added Message

Deployment has been added to query view

Name Type Description
deployment Deployment
view_index int32 Integer describing index of added Deployment in resulting query view.

DeploymentChange.Current Message

Deployment has been added or modified in a query view. Version used for stateless watching

Name Type Description
deployment Deployment

DeploymentChange.Modified Message

Deployment changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Deployment) Name of modified Deployment
deployment Deployment New version of Deployment or masked difference, depending on mask_changes instrumentation of issued [WatchDeploymentRequest] or [WatchDeploymentsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Deployment. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Deployment new index in resulting query view.

DeploymentChange.Removed Message

Removed is returned when Deployment is deleted or leaves Query view

Name Type Description
name string (name of Deployment)
view_index int32 Integer specifying removed Deployment index. Not populated in stateless watch type.

LabelledDomain Message

LabelledDomain provides connectivity information in a context of Service and specific label. Service/Deployment may provide multiple addresses, for example offering different quality class, like optimized for high/low throughput.

Name Type Description
label string
domain string
available_mixins repeated string
web_grpc_available bool
rest_api_available bool
is_private bool

RegionChange Message

RegionChange is used by Watch notifications Responses to describe change of single Region One of Added, Modified, Removed

Name Type Description
added RegionChange.Added Added is returned when watched document is added, either created or enters Query view
modified RegionChange.Modified Modified is returned when watched document is modified
current RegionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RegionChange.Removed Removed is returned when Region is deleted or leaves Query view

RegionChange.Added Message

Region has been added to query view

Name Type Description
region Region
view_index int32 Integer describing index of added Region in resulting query view.

RegionChange.Current Message

Region has been added or modified in a query view. Version used for stateless watching

Name Type Description
region Region

RegionChange.Modified Message

Region changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Region) Name of modified Region
region Region New version of Region or masked difference, depending on mask_changes instrumentation of issued [WatchRegionRequest] or [WatchRegionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Region. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Region new index in resulting query view.

RegionChange.Removed Message

Removed is returned when Region is deleted or leaves Query view

Name Type Description
name string (name of Region)
view_index int32 Integer specifying removed Region index. Not populated in stateless watch type.

ResourceChange Message

ResourceChange is used by Watch notifications Responses to describe change of single Resource One of Added, Modified, Removed

Name Type Description
added ResourceChange.Added Added is returned when watched document is added, either created or enters Query view
modified ResourceChange.Modified Modified is returned when watched document is modified
current ResourceChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ResourceChange.Removed Removed is returned when Resource is deleted or leaves Query view

ResourceChange.Added Message

Resource has been added to query view

Name Type Description
resource Resource
view_index int32 Integer describing index of added Resource in resulting query view.

ResourceChange.Current Message

Resource has been added or modified in a query view. Version used for stateless watching

Name Type Description
resource Resource

ResourceChange.Modified Message

Resource changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Resource) Name of modified Resource
resource Resource New version of Resource or masked difference, depending on mask_changes instrumentation of issued [WatchResourceRequest] or [WatchResourcesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Resource. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Resource new index in resulting query view.

ResourceChange.Removed Message

Removed is returned when Resource is deleted or leaves Query view

Name Type Description
name string (name of Resource)
view_index int32 Integer specifying removed Resource index. Not populated in stateless watch type.

ServiceChange Message

ServiceChange is used by Watch notifications Responses to describe change of single Service One of Added, Modified, Removed

Name Type Description
added ServiceChange.Added Added is returned when watched document is added, either created or enters Query view
modified ServiceChange.Modified Modified is returned when watched document is modified
current ServiceChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ServiceChange.Removed Removed is returned when Service is deleted or leaves Query view

ServiceChange.Added Message

Service has been added to query view

Name Type Description
service Service
view_index int32 Integer describing index of added Service in resulting query view.

ServiceChange.Current Message

Service has been added or modified in a query view. Version used for stateless watching

Name Type Description
service Service

ServiceChange.Modified Message

Service changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Service) Name of modified Service
service Service New version of Service or masked difference, depending on mask_changes instrumentation of issued [WatchServiceRequest] or [WatchServicesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Service. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Service new index in resulting query view.

ServiceChange.Removed Message

Removed is returned when Service is deleted or leaves Query view

Name Type Description
name string (name of Service)
view_index int32 Integer specifying removed Service index. Not populated in stateless watch type.

1.2 -

Understanding the meta.edgelq.com service APIv1alpha2, in proto package ntt.meta.v1alpha2.

Service meta.edgelq.com in version v1alpha2, proto package ntt.meta.v1alpha2

Here is the list of resources supported in Meta service APIv1alpha2:

Deployment Resource

Deployment Resource - describes meta information about deployment of a parent Service.

Name patterns:

  • regions/{region}/deployments/{deployment}

Parent resources:

This section covers the methods and messages to interact with Deployment resource.

Deployment Methods

Here is the list of Deployment resource methods:

GetDeployment Method

GetDeployment

rpc GetDeployment(GetDeploymentRequest) returns (Deployment)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/deployments.get

The equivalent REST API is:

GET /v1alpha2/{name=regions/*/deployments/*}

BatchGetDeployments Method

BatchGetDeployments

rpc BatchGetDeployments(BatchGetDeploymentsRequest) returns (BatchGetDeploymentsResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/deployments.batchGet

The equivalent REST API is:

GET /v1alpha2/deployments:batchGet

ListDeployments Method

ListDeployments

rpc ListDeployments(ListDeploymentsRequest) returns (ListDeploymentsResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/deployments.list

The equivalent REST API is:

GET /v1alpha2/{parent=regions/*}/deployments

WatchDeployment Method

WatchDeployment

rpc WatchDeployment(WatchDeploymentRequest) returns (WatchDeploymentResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/deployments.watch

The equivalent REST API is:

POST /v1alpha2/{name=regions/*/deployments/*}:watch

WatchDeployments Method

WatchDeployments

rpc WatchDeployments(WatchDeploymentsRequest) returns (WatchDeploymentsResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/deployments.watch

The equivalent REST API is:

POST /v1alpha2/{parent=regions/*}/deployments:watch

Deployment Messages

Here is the list of Deployment resource messages:

Deployment Message

Name Type Description
name string (name of Deployment) Name of Deployment When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
service string (reference to Service) Deployed service
metadata Meta Metadata

GetDeploymentRequest Message

A request message of the GetDeployment method.

Name Type Description
name string (name of Deployment) Name of ntt.meta.v1alpha2.Deployment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeploymentsRequest Message

A request message of the BatchGetDeployments method.

Name Type Description
names repeated string (name of Deployment) Names of Deployments
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeploymentsResponse Message

A response message of the BatchGetDeployments method.

Name Type Description
deployments repeated Deployment found Deployments
missing repeated string (name of Deployment) list of not found Deployments

ListDeploymentsRequest Message

A request message of the ListDeployments method.

Name Type Description
parent string (parent name of Deployment) Parent name of ntt.meta.v1alpha2.Deployment
page_size int32 Requested page size. Server may return fewer Deployments than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Deployment) A token identifying a page of results the server should return. Typically, this is the value of ListDeploymentsResponse.next_page_token.
order_by string (orderBy of Deployment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Deployment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDeploymentsResponse Message

A response message of the ListDeployments method.

Name Type Description
deployments repeated Deployment The list of Deployments
prev_page_token string (cursor of Deployment) A token to retrieve previous page of results. Pass this value in the ListDeploymentsRequest.page_token.
next_page_token string (cursor of Deployment) A token to retrieve next page of results. Pass this value in the ListDeploymentsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Deployments across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeploymentRequest Message

A request message of the WatchDeployment method.

Name Type Description
name string (name of Deployment) Name of ntt.meta.v1alpha2.Deployment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeploymentResponse Message

A response message of the WatchDeployment method.

Name Type Description
change DeploymentChange

WatchDeploymentsRequest Message

A request message of the WatchDeployments method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Deployment) Parent name of ntt.meta.v1alpha2.Deployment
page_size int32 Requested page size. Server may return fewer Deployments than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Deployment) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Deployment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Deployment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Deployment that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Deployment that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDeploymentsResponse Message

A response message of the WatchDeployments method.

Name Type Description
deployment_changes repeated DeploymentChange Changes of Deployments
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Deployments will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDeploymentsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Deployments will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDeploymentsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Deployment) New token to retrieve previous page of results.
next_page_token string (cursor of Deployment) New token to retrieve next page of results.

Region Resource

Region Resource

Name patterns:

  • regions/{region}

This section covers the methods and messages to interact with Region resource.

Region Methods

Here is the list of Region resource methods:

GetRegion Method

GetRegion

rpc GetRegion(GetRegionRequest) returns (Region)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/regions.get

The equivalent REST API is:

GET /v1alpha2/{name=regions/*}

BatchGetRegions Method

BatchGetRegions

rpc BatchGetRegions(BatchGetRegionsRequest) returns (BatchGetRegionsResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/regions.batchGet

The equivalent REST API is:

GET /v1alpha2/regions:batchGet

ListRegions Method

ListRegions

rpc ListRegions(ListRegionsRequest) returns (ListRegionsResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/regions.list

The equivalent REST API is:

GET /v1alpha2/regions

WatchRegion Method

WatchRegion

rpc WatchRegion(WatchRegionRequest) returns (WatchRegionResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/regions.watch

The equivalent REST API is:

POST /v1alpha2/{name=regions/*}:watch

WatchRegions Method

WatchRegions

rpc WatchRegions(WatchRegionsRequest) returns (WatchRegionsResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/regions.watch

The equivalent REST API is:

POST /v1alpha2/regions:watch

Region Messages

Here is the list of Region resource messages:

Region Message

Name Type Description
name string (name of Region) Name of Region When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
title string Region title
domain string Region domain, for example us-west.edgelq.com
location Region.RegionLocation Region location
is_default bool Whether is default. Only one record is allowed to have this attribute on.
connectivity_scores repeated Region.RegionConnectivityPreference Hardcoded scores regarding connectivity preference.
metadata Meta Metadata

Region.RegionLocation Message

RegionLocation describes deployment location of a region.

Name Type Description
continent string
country string
agglomeration string
city string
cloud string

Region.RegionConnectivityPreference Message

RegionConnectivityPreference is a hardcoded connectivity score to other region.

Name Type Description
dest string (reference to Region) Destination region
score int32 Hardcoded score

GetRegionRequest Message

A request message of the GetRegion method.

Name Type Description
name string (name of Region) Name of ntt.meta.v1alpha2.Region
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRegionsRequest Message

A request message of the BatchGetRegions method.

Name Type Description
names repeated string (name of Region) Names of Regions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRegionsResponse Message

A response message of the BatchGetRegions method.

Name Type Description
regions repeated Region found Regions
missing repeated string (name of Region) list of not found Regions

ListRegionsRequest Message

A request message of the ListRegions method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Regions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Region) A token identifying a page of results the server should return. Typically, this is the value of ListRegionsResponse.next_page_token.
order_by string (orderBy of Region) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Region) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRegionsResponse Message

A response message of the ListRegions method.

Name Type Description
regions repeated Region The list of Regions
prev_page_token string (cursor of Region) A token to retrieve previous page of results. Pass this value in the ListRegionsRequest.page_token.
next_page_token string (cursor of Region) A token to retrieve next page of results. Pass this value in the ListRegionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Regions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRegionRequest Message

A request message of the WatchRegion method.

Name Type Description
name string (name of Region) Name of ntt.meta.v1alpha2.Region
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRegionResponse Message

A response message of the WatchRegion method.

Name Type Description
change RegionChange

WatchRegionsRequest Message

A request message of the WatchRegions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Regions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Region) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Region) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Region) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Region that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Region that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRegionsResponse Message

A response message of the WatchRegions method.

Name Type Description
region_changes repeated RegionChange Changes of Regions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Regions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRegionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Regions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRegionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Region) New token to retrieve previous page of results.
next_page_token string (cursor of Region) New token to retrieve next page of results.

Resource Resource

Resource Resource

Name patterns:

  • services/{service}/resources/{resource}

Parent resources:

This section covers the methods and messages to interact with Resource resource.

Resource Methods

Here is the list of Resource resource methods:

GetResource Method

GetResource

rpc GetResource(GetResourceRequest) returns (Resource)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/resources.get

The equivalent REST API is:

GET /v1alpha2/{name=services/*/resources/*}

BatchGetResources Method

BatchGetResources

rpc BatchGetResources(BatchGetResourcesRequest) returns (BatchGetResourcesResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/resources.batchGet

The equivalent REST API is:

GET /v1alpha2/resources:batchGet

ListResources Method

ListResources

rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/resources.list

The equivalent REST API is:

GET /v1alpha2/{parent=services/*}/resources

WatchResource Method

WatchResource

rpc WatchResource(WatchResourceRequest) returns (WatchResourceResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/resources.watch

The equivalent REST API is:

POST /v1alpha2/{name=services/*/resources/*}:watch

WatchResources Method

WatchResources

rpc WatchResources(WatchResourcesRequest) returns (WatchResourcesResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/resources.watch

The equivalent REST API is:

POST /v1alpha2/{parent=services/*}/resources:watch

Resource Messages

Here is the list of Resource resource messages:

Resource Message

Name Type Description
name string (name of Resource) Name of Resource in CamelCase, for example “Device”
plural_name string Plural name of resource in CamelForm, for example “Devices”
fqn string Fully qualified name, for example devices.edgelq.com/Device. It can also be derived from name too.
is_regional bool Whether resource is regional
metadata Meta Metadata

GetResourceRequest Message

A request message of the GetResource method.

Name Type Description
name string (name of Resource) Name of ntt.meta.v1alpha2.Resource
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetResourcesRequest Message

A request message of the BatchGetResources method.

Name Type Description
names repeated string (name of Resource) Names of Resources
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetResourcesResponse Message

A response message of the BatchGetResources method.

Name Type Description
resources repeated Resource found Resources
missing repeated string (name of Resource) list of not found Resources

ListResourcesRequest Message

A request message of the ListResources method.

Name Type Description
parent string (parent name of Resource) Parent name of ntt.meta.v1alpha2.Resource
page_size int32 Requested page size. Server may return fewer Resources than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Resource) A token identifying a page of results the server should return. Typically, this is the value of ListResourcesResponse.next_page_token.
order_by string (orderBy of Resource) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Resource) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListResourcesResponse Message

A response message of the ListResources method.

Name Type Description
resources repeated Resource The list of Resources
prev_page_token string (cursor of Resource) A token to retrieve previous page of results. Pass this value in the ListResourcesRequest.page_token.
next_page_token string (cursor of Resource) A token to retrieve next page of results. Pass this value in the ListResourcesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Resources across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchResourceRequest Message

A request message of the WatchResource method.

Name Type Description
name string (name of Resource) Name of ntt.meta.v1alpha2.Resource
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchResourceResponse Message

A response message of the WatchResource method.

Name Type Description
change ResourceChange

WatchResourcesRequest Message

A request message of the WatchResources method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Resource) Parent name of ntt.meta.v1alpha2.Resource
page_size int32 Requested page size. Server may return fewer Resources than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Resource) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Resource) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Resource) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Resource that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Resource that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchResourcesResponse Message

A response message of the WatchResources method.

Name Type Description
resource_changes repeated ResourceChange Changes of Resources
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Resources will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchResourcesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Resources will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchResourcesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Resource) New token to retrieve previous page of results.
next_page_token string (cursor of Resource) New token to retrieve next page of results.

Service Resource

Service Resource

Name patterns:

  • services/{service}

This section covers the methods and messages to interact with Service resource.

Service Methods

Here is the list of Service resource methods:

GetService Method

GetService

rpc GetService(GetServiceRequest) returns (Service)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/services.get

The equivalent REST API is:

GET /v1alpha2/{name=services/*}

BatchGetServices Method

BatchGetServices

rpc BatchGetServices(BatchGetServicesRequest) returns (BatchGetServicesResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/services.batchGet

The equivalent REST API is:

GET /v1alpha2/services:batchGet

ListServices Method

ListServices

rpc ListServices(ListServicesRequest) returns (ListServicesResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/services.list

The equivalent REST API is:

GET /v1alpha2/services

WatchService Method

WatchService

rpc WatchService(WatchServiceRequest) returns (WatchServiceResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/services.watch

The equivalent REST API is:

POST /v1alpha2/{name=services/*}:watch

WatchServices Method

WatchServices

rpc WatchServices(WatchServicesRequest) returns (WatchServicesResponse)

with the following messages:

Required Permissions:

  • services/meta.edgelq.com/permissions/services.watch

The equivalent REST API is:

POST /v1alpha2/services:watch

Service Messages

Here is the list of Service resource messages:

Service Message

Name Type Description
name string (name of Service) Name of Service - it has form of service domain, for example devices.edgelq.com, so full reference name would be like services/devices.edgelq.com
display_name string Display name, for example “Devices” - CamelVersion
current_version string Current version of the service, for example “v1alpha2”
all_versions repeated string All version in order from newest (index 0) to oldest
metadata Meta Metadata

GetServiceRequest Message

A request message of the GetService method.

Name Type Description
name string (name of Service) Name of ntt.meta.v1alpha2.Service
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServicesRequest Message

A request message of the BatchGetServices method.

Name Type Description
names repeated string (name of Service) Names of Services
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServicesResponse Message

A response message of the BatchGetServices method.

Name Type Description
services repeated Service found Services
missing repeated string (name of Service) list of not found Services

ListServicesRequest Message

A request message of the ListServices method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Services than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Service) A token identifying a page of results the server should return. Typically, this is the value of ListServicesResponse.next_page_token.
order_by string (orderBy of Service) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Service) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListServicesResponse Message

A response message of the ListServices method.

Name Type Description
services repeated Service The list of Services
prev_page_token string (cursor of Service) A token to retrieve previous page of results. Pass this value in the ListServicesRequest.page_token.
next_page_token string (cursor of Service) A token to retrieve next page of results. Pass this value in the ListServicesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Services across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchServiceRequest Message

A request message of the WatchService method.

Name Type Description
name string (name of Service) Name of ntt.meta.v1alpha2.Service
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchServiceResponse Message

A response message of the WatchService method.

Name Type Description
change ServiceChange

WatchServicesRequest Message

A request message of the WatchServices method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Services than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Service) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Service) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Service) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Service that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Service that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchServicesResponse Message

A response message of the WatchServices method.

Name Type Description
service_changes repeated ServiceChange Changes of Services
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Services will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchServicesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Services will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchServicesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Service) New token to retrieve previous page of results.
next_page_token string (cursor of Service) New token to retrieve next page of results.

Meta Service Shared Methods and Messages

Meta Service Shared Messages

Here is the list of Meta service shared messages:

DeploymentChange Message

DeploymentChange is used by Watch notifications Responses to describe change of single Deployment One of Added, Modified, Removed

Name Type Description
added DeploymentChange.Added Added is returned when watched document is added, either created or enters Query view
modified DeploymentChange.Modified Modified is returned when watched document is modified
current DeploymentChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed DeploymentChange.Removed Removed is returned when Deployment is deleted or leaves Query view

DeploymentChange.Added Message

Deployment has been added to query view

Name Type Description
deployment Deployment
view_index int32 Integer describing index of added Deployment in resulting query view.

DeploymentChange.Current Message

Deployment has been added or modified in a query view. Version used for stateless watching

Name Type Description
deployment Deployment

DeploymentChange.Modified Message

Deployment changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Deployment) Name of modified Deployment
deployment Deployment New version of Deployment or masked difference, depending on mask_changes instrumentation of issued [WatchDeploymentRequest] or [WatchDeploymentsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Deployment. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Deployment new index in resulting query view.

DeploymentChange.Removed Message

Removed is returned when Deployment is deleted or leaves Query view

Name Type Description
name string (name of Deployment)
view_index int32 Integer specifying removed Deployment index. Not populated in stateless watch type.

RegionChange Message

RegionChange is used by Watch notifications Responses to describe change of single Region One of Added, Modified, Removed

Name Type Description
added RegionChange.Added Added is returned when watched document is added, either created or enters Query view
modified RegionChange.Modified Modified is returned when watched document is modified
current RegionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RegionChange.Removed Removed is returned when Region is deleted or leaves Query view

RegionChange.Added Message

Region has been added to query view

Name Type Description
region Region
view_index int32 Integer describing index of added Region in resulting query view.

RegionChange.Current Message

Region has been added or modified in a query view. Version used for stateless watching

Name Type Description
region Region

RegionChange.Modified Message

Region changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Region) Name of modified Region
region Region New version of Region or masked difference, depending on mask_changes instrumentation of issued [WatchRegionRequest] or [WatchRegionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Region. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Region new index in resulting query view.

RegionChange.Removed Message

Removed is returned when Region is deleted or leaves Query view

Name Type Description
name string (name of Region)
view_index int32 Integer specifying removed Region index. Not populated in stateless watch type.

ResourceChange Message

ResourceChange is used by Watch notifications Responses to describe change of single Resource One of Added, Modified, Removed

Name Type Description
added ResourceChange.Added Added is returned when watched document is added, either created or enters Query view
modified ResourceChange.Modified Modified is returned when watched document is modified
current ResourceChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ResourceChange.Removed Removed is returned when Resource is deleted or leaves Query view

ResourceChange.Added Message

Resource has been added to query view

Name Type Description
resource Resource
view_index int32 Integer describing index of added Resource in resulting query view.

ResourceChange.Current Message

Resource has been added or modified in a query view. Version used for stateless watching

Name Type Description
resource Resource

ResourceChange.Modified Message

Resource changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Resource) Name of modified Resource
resource Resource New version of Resource or masked difference, depending on mask_changes instrumentation of issued [WatchResourceRequest] or [WatchResourcesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Resource. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Resource new index in resulting query view.

ResourceChange.Removed Message

Removed is returned when Resource is deleted or leaves Query view

Name Type Description
name string (name of Resource)
view_index int32 Integer specifying removed Resource index. Not populated in stateless watch type.

ServiceChange Message

ServiceChange is used by Watch notifications Responses to describe change of single Service One of Added, Modified, Removed

Name Type Description
added ServiceChange.Added Added is returned when watched document is added, either created or enters Query view
modified ServiceChange.Modified Modified is returned when watched document is modified
current ServiceChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ServiceChange.Removed Removed is returned when Service is deleted or leaves Query view

ServiceChange.Added Message

Service has been added to query view

Name Type Description
service Service
view_index int32 Integer describing index of added Service in resulting query view.

ServiceChange.Current Message

Service has been added or modified in a query view. Version used for stateless watching

Name Type Description
service Service

ServiceChange.Modified Message

Service changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Service) Name of modified Service
service Service New version of Service or masked difference, depending on mask_changes instrumentation of issued [WatchServiceRequest] or [WatchServicesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Service. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Service new index in resulting query view.

ServiceChange.Removed Message

Removed is returned when Service is deleted or leaves Query view

Name Type Description
name string (name of Service)
view_index int32 Integer specifying removed Service index. Not populated in stateless watch type.

2 - SPEKTRA Edge IAM Service API

Understanding the IAM service API.

The Identity and Access Management (IAM) service provides an authentication and authorization endpoint for both end-user clients such as the cuttle command and other services that require permission checks.

In IAM, organization or project administrators can manage members assigned permissions via role bindings across managed projects, as below:

An example organization hierarchy managed by IAM service.

An example organization hierarchy managed by IAM service.

During the authentication process, backend services extract the Actor (Who) from JWT tokens. During Authorization, backend services are checking in which scopes (Where) actions are happening, what permissions/roles are required (What), and whether an authenticated Actor has necessary RoleBindings (which binds an Actor with Scope with Role).

Apart from that, Organization admins can create so-called Service Projects, in which they can create their Services. Services on their own are additional IAM Scopes, where administrators also can manage RoleBindings.

Full API Specifications (with resources):

Resources

Groups

A group is a set of other members. It facilitates authorization management, admins can assign roles to groups instead of individual principals, groups, nor domains.

Members

A member is a similar concept of principal, but it can also represent a groups of users, e.g. group, domain, or wildcard principals, e.g. any one of them. You can think of it as:

Every principals is a member, but not every member is a principal.

Known member types are:

  • users:$EMAIL

    A Member of User type (also an principal), where $EMAIL is equal to User Email.

  • serviceAccounts:$EMAIL

    A member of service account type (also an principal), where $EMAIL is equal to ServiceAccount E-mail.

  • allUsers

    all principals.

  • allAuthenticatedUsers

    all authenticated principals.

  • domain:$DOMAIN

    Describes all users whose email matches the domain

  • group:$EMAIL

    A member of group type, where $EMAIL is equal to group E-mail.

When project/organization/service administrators manage a role binding, they are binding roles with members, not principals. This allows assigning permissions to individual principal, as well as groups of them (bulk).

Organizations

An organization is a hierarchical grouping of sub-organizations and projects that enables the easier resource management and the visibility across entire hierarchies. Granting or revoking permissions through the creation or deletion of role bindings allows access control to be inherited to all sub-organizations and projects.

Permissions

A permission is an atomic and unique resource that identifies the unit of permittable action.

For example, services/devices.edgelq.com/permissions/devices.get corresponds to GetDevice method of devices.edgelq.com service.

Current SPEKTRA Edge supports three types of Permissions:

  1. verb permissions

    It’s usually an one-to-one mapped to gRPC method, e.g., services/devices.edgelq.com/permissions/devices.get.

    Method either succeeds or fails depending on the presence of required permission.

  2. attach permissions

    With IAM, relationships between resources are protected both ways.

    Role bindings allow the system to control which resources the user is allowed to refer to (or “attach”). For example, the user may have permission to update Device record, but if they try to update spec.serviceAccount, which points to ServiceAccount resource, then the user needs special attach permission on the ServiceAccount itself.

  3. field-level Set/Read permissions

    Annotating resource with ntt.annotations.iam.auth_checks.read_checks or ntt.annotations.iam.auth_checks.set_checks will protect single field. Unless the user has this permission, it will:

    • censor (unset) it to get/list responses; or
    • ignore it in update/create requests.

Principals

A principal represents any single entity interacting with the SPEKTRA Edge system.

IAM service and middleware allow all SPEKTRA Edge services to verify Authentication data attached to incoming requests and ensure security by enforcing Access Controls.

IAM recognizes three types of actors: Users, Service Accounts, and Anonymous.

  1. A user is actual human who interact with our endpoints (most often through Web dashboards or command-line tools).
  2. A service account is usually assigned to a program, like agents, controllers, API servers.
  3. An anonymous principal is any unauthenticated request (not JWT token), on rare occasions, it is still valid to allow such traffic. Disabled by default.

Users identify themselves through authentication providers using their IDs, emails, passwords, or SSOs, while service accounts use cryptographic asymmetric key pairs (RSA).

In many cases, users are subject to the multi-factor authentication.

Each user and service account is represented by IAM resource: User/ServiceAccount.

Projects

A project is a logical container for most of the resources present in the system. All devices, applications, and telemetry have a project attached to them.

The project may define the parent organization and inherit all access control from it.

Unlike sub-organizations switching parent organizations, resources within a given project, like devices or pods, cannot easily move to different projects, so make sure you have large-scale [deployments][] well-planned.

Roles

A role is a set of grants with permissions and optional conditions. Typically, administrators should not assign to members individual permissions, as it would require too much work. Instead, we have Roles that contains set of grants, each has an optional sub-scope, conditions, and list of permissions.

Role Bindings

A role binding follows the general principles of RBAC: Role-Based Access Control.

A role can be granted to a member on a scope by creating a corresponding role binding resource.

This results in all matching principals defined in the member field to be able to perform actions defined in roles on the resource in a given scope and its descendant scopes.

Scopes

A scope provides system wide resource groupings. There are four levels of scopes:

  1. system-wide

    when resource name pattern doesn’t start with either projects/ or organizations/ or services/.

    Normally users don’t interact very often with system-level resources.

  2. organization-scoped

    when the resource name pattern starts with organizations/.

    The organization is a resource in IAM, and it can refer to the parent organization, meaning organizations can form “trees”. Role Bindings are inherited in child organizations. Example: NTT, NTT America, NTT America: Network Innovations

  3. project-scoped

    when the resource name pattern starts with projects/ - projects may point to the parent organization.

    Role Bindings from the parent Organization are inherited too.

  4. service-scoped

    when the resource name pattern starts with services/ - each service should point to a service project.

    Role Bindings from Service projects are inherited too. If the Service Project has a parent organization, then all Role Bindings are inherited from the whole ancestry path.

Service Projects

A service project is a type of project, in which administrators can create [services][]. A service project is responsible for managing the service accounts that are the service administrators of the project, or for storing usage metrics for the project.

Sub-organizations

A sub-organization is an organization under the parent organization which might contain other organizations. All access permissions granted to higher-level organizations are implicitly inherited to the lower-level organizations and/or projects.

This allows the modeling divisions within a company or the logical groupings for managed customers. Organization administrators can move sub-organization to another organization without delay, so long as they have required permissions on both organizations.

There is no hard limit on the depth of hierarchy, but we recommend keeping it ten or less.

Tenant management

Almost all resources on SPEKTRA Edge are managed based on Project. For example, resources such as Devices and Pods are managed by being tied to a Project. A grouping of resources commonly referred to as a “tenant” is called a Project in SPEKTRA Edge.

Organization is a resource for organizing multiple projects, and a project can be a child of Organization if necessary (projects that do not belong to Organization can also exist). Since an Organization itself can also be a child of an Organization, an Organization and a Project form a tree structure.

Projects are managed by the system or a higher level Organization administrator. Users who are only authorized to operate on specific project cannot perform operations such as creating the project itself.

Creating a project

To create a new Project in an Organization, a user must be assigned the role containing permission services/iam.edgelq.com/permissions/projects.create. Well-known roles that satisfy this condition are:

  • services/iam.edgelq.com/roles/scope-admin because it is special Owner role (wildcard)
  • services/iam.edgelq.com/roles/admin-operator administrator of SPEKTRA Edge project or organization (core services only).

To create a new project, use the cuttle iam create project command:

Options Description
--multi-region-policy Specify the region name to be used for multi-region. Specify eu1 for commercial environment and us-west2 for staging environment. This parameter is required.
--enabled-services Specify “services/watchdog.edgelq.com” if you use Service Experience Insights (SEI). 
cuttle iam create project \
  --title "<project name for humans>" \
  --organization $ORGANIZATION \
  --multi-region-policy '{"enabledRegions": ["eu1"], "defaultControlRegion": "eu1"}' \
  --enabled-services 'services/watchdog.edgelq.com' \
  $PROJECT.

Role Bindings management

The RoleBinding is a resource used to assign privileges to specific users, service accounts, or groups within a Project or Organization. Role Binding itself is also a resource within a Project or Organization, and only users with specific privileges (such as the services/iam.edgelq.com/roles/scope-admin role) can manipulate Role Binding resources.

The privileges granted by Role Binding are dictated by the Role resource. For example, scope-admin is defined as the Role of an owner in an IAM scope (project, organization, service). This role serves as a wildcard (all permissions are granted within scope). Otherwise, in practice, a Role is a collection of multiple Permissions, such as services/iam.edgelq.com/permissions/roleBinding.create, that allows to create RoleBinding (but within scope predicted by RoleBinding).

Permission is a resource that represents the permissions needed to perform the actual operation. As in the previous example, services/iam.edgelq.com/permissions/projects.create is the Permission required to create a Project resource. Note that a Permission may be shared by multiple Roles.

When a user performs an operation, they must possess the necessary Permission to ultimately perform that operation. In practice, a user obtains Permission through a Role by being given a Role Binding in a particular Project.

Note that single user may have multiple roles assigned. In this case, the final Permission granted to the user will be the sum of the Permissions derived from all assigned Roles.

Frequently used roles

Default service roles can be listed by using the cuttle iam list roles --service <service> command. It is advisable to add category filter. For example, to see list of Core SPEKTRA Edge roles for users, we can execute the following:

cuttle iam list roles --service iam.edgelq.com --filter \
  'category IN ["USER","OWNER"]'

In SPEKTRA Edge core services (IAM, devices, applications, monitoring, logging,…), we put all user-relevant roles in service iam.edgelq.com. Third party services, including watchdog, have own list.

Currently, user-facing roles in SPEKTRA Edge core services are:

Roles Description
services/iam.edgelq.com/roles/scope-admin Users granted this role can perform all operations in the scope.
services/iam.edgelq.com/roles/admin-operator Users granted this role is administrator of core SPEKTRA Edge services (excludes 3rd party)
services/iam.edgelq.com/roles/devices-operator Users granted this role can perform all operations relevant for Edge devices and applications (pods)
services/iam.edgelq.com/roles/apps-operator Users granted this role can perform all operations relevant for Edge applications (pods)

Creating Role Binding

Role assignments can be performed for users, user groups, and service accounts using the Role Binding resource on IAM.

The following example command assigns devices-operator to a user with an email address of example@edgelq.com. Note that the --member option is in addition to the email address, and that user: is present as a prefix.

cuttle iam create role-binding \
  --role services/iam.edgelq.com/roles/devices-operator \
  --member "user:example@edgelq.com"

Note that the --member option prefix must be serviceAccount: for assigning Role Binding to a service account or group: for a group.

When a Role Binding is created for a group, another one is automatically created for each member in the group. Therefore, multiple Role Bindings may be created even if only one is created from the user’s perspective.

Checking Role Bindings

A list of Role Bindings can be obtained with the following commands:

cuttle iam list role-bindings --organization $ORGANIZATION # for organization
cuttle iam list role-bindings --project $PROJECT # for project
cuttle iam list role-bindings --service $SERVICE # for service (available for service developers)

Checking your access

Check for projects to which you are authorized to access

The command that lists the Project resources present on the system (cuttle iam list projects) cannot be executed by ordinary users for security reasons. If you want to see the projects to which you are entitled, use cuttle iam list-my projects (this command requires -o json, use -o json in combination with jq).

cuttle iam list-my projects -o json | jq .

Check for organizations to which you are authorized to access

The command that lists the Organizations resources present on the system (cuttle iam list organizations) cannot be executed by ordinary users for security reasons, just like for projects. If you want to see the organizations to which you are entitled, use cuttle iam list-my organizations (this command requires -o json, use -o json in combination with jq).

cuttle iam list-my organizations -o json | jq .

Check the roles assigned to you

To check the roles you hold within a particular project, use the cuttle iam check-my role-bindings --project $PROJECT command (this command requires -o json, use jq in combination).

Some example for organization:

cuttle iam check-my role-bindings --parent 'organizations/testing' -o json | jq .
{
  "resolvableGrants": [
    {
      "roleBinding": {
        "name": "roleBindings/edgelq-public-all",
        "role": "services/iam.edgelq.com/roles/edgelq-public"
      },
      "grants": [
        {
          "permissions": [
            "services/meta.goten.com/permissions/regions.batchGet"
            # SKIP lots of other permissions...
          ]
        }
      ]
    },
    {
      "roleBinding": {
        "name": "organizations/testing/roleBindings/fr45545ffffFC",
        "role": "services/iam.edgelq.com/roles/scope-admin",
        "ownedObjects": [
          "-"
        ]
      },
    }
 ]
}

We can use this method to check our RoleBindings in projects and services too. It shows all RoleBindings, including inherited from parent organizations (if exist) and system scope (Role services/iam.edgelq.com/roles/edgelq-public is assigned to all on the system level).

If RoleBinding has ownedObjects, it means we are owners of specified, and we are granted all permissions. Sign - is a wildcard, so we are admins in the whole organization, and we can do whatever we like.

Roles management with conditions

Understanding the Role and its Grants is crucial for effective and secure management of authorization. In the simplest form, The role may look like this:

- name: services/devices.edgelq.com/roles/some-role-name
  displayName: Some Display Name
  category: USER
  grants:
  - permissions:
    - services/devices.edgelq.com/permissions/devices.batchGet
    - services/devices.edgelq.com/permissions/devices.get
    - services/devices.edgelq.com/permissions/devices.list

It allows to read Devices using various methods. Combined with RoleBinding:

- name: projects/test/roleBindings/test
  member: "user:someone@example.com"
  role: services/devices.edgelq.com/roles/some-role-name

Default roles are defined by each service. In core SPEKTRA Edge services, we define all user-facing roles in service iam.edgelq.com.

Project/Organization admins can create their own roles if defualts are not satisfying. Organization and Project administrator will need access to a Service before they are able to create a role with that service permissions.

This will allow a user with a given email to view devices using BatchGet, Get, and List methods in the project test.

However, we can also define some role that allows viewing only a specific device:

- name: services/devices.edgelq.com/roles/single-device-viewer
  displayName: Some Display Name
  category: USER
  scopeParams:
  - name: region
    type: STRING
  - name: device
    type: STRING
  grants:
  - subScope: "regions/{region}/devices/{device}"
    permissions:
    - services/devices.edgelq.com/permissions/devices.batchGet
    - services/devices.edgelq.com/permissions/devices.get

Then we can create RoleBinding:

- name: projects/test/roleBindings/test
  member: "user:someone@example.com"
  role: services/devices.edgelq.com/roles/single-device-viewer
  scopeParams:
  - name: region
    string:
      value: us-west2
  - name: device
    string:
      value: specific-id

This will restrict the user to a specific device: projects/test/regions/us-west2/devices/specific-id. Note that in this case “list” permission makes no sense. Be aware that subScope is APPENDED to the RoleBinding parent name.

We can also give access to multiple devices if we modify the role:

- name: services/devices.edgelq.com/roles/multi-devices-viewer
  scopeParams:
  - name: region
    type: STRING
  - name: device
    type: ARRAY_OF_STRINGS
  ## Other params

RoleBinding could then look like this:

- name: projects/test/roleBindings/test
  member: "user:someone@example.com"
  role: services/devices.edgelq.com/roles/multi-devices-viewer
  scopeParams:
  - name: region
    string:
      value: us-west2
  - name: device
    strings:
      values:
      - specific-id-1
      - specific-id-2

If we wanted to restrict users to some set of devices depending on some condition, we could do something like:

- name: services/devices.edgelq.com/roles/devices-condition-viewer
  displayName: Some Display Name
  category: USER
  scopeParams:
  - name: region
    type: STRING
  - name: tag
    type: STRING
  grants:
  - subScope: "regions/{region}"
    permissions:
    - services/devices.edgelq.com/permissions/devices.batchGet
    - services/devices.edgelq.com/permissions/devices.get
    - services/devices.edgelq.com/permissions/devices.list
    resourceFieldConditions:
    - path: metadata.tags
      value: "{tag}"

The above role will restrict the user to see devices only if their metadata.tags contain a specific tag. Service automatically can detect that field path metadata.tags is an array of strings. If it was a single string, then Role would allow us to see Devices where the tag is EQUAL to the specified value. If you combine ARRAY_OF_STRINGS scope param with the field path containing the array, it will effectively work like CONTAINS ANY.

When it comes to resource field conditions, SPEKTRA Edge Service can automatically detect referenced resources from specified requests. For updates, it will verify two resource states: before and after the update (the user could potentially modify the resource that would match the required condition, but the previous state still matters).

There are more condition types than resource field types, for example, we can reference requests directly:

scopeParams:
- name: service
  type: STRING
grants:
- permissions:
  - services/audit.edgelq.com/permissions/activityLogs.create
  requestFieldConditions:
  - path: activity_logs.service.name
    value: "{service}"

Note that scope params also are used for condition values.

There is a method CreateActivityLogs, which request contains field path activity_logs.service.name, where activity_logs is an array field!

This condition will ensure that for each record in activity_logs array field path service.name has a specified value (both service and name fields are single ones, not arrays).

Note this is a bit of a different behavior compared to resource field conditions: For resources, if the field path contains an array, then it works effectively as CONTAINS condition. In request conditions, each value must satisfy the condition.

TODO: It was more convenient this way, but we will add “allValues” condition separately.

There is also a possibility to use CEL conditions, where we can specify CEL code to execute.

In this example, we allow direct access to internet quality metrics, so a viewing party may request internet quality data per Internet Service Provider for each Province in Japan, but we don’t allow for too narrow filtering or grouping, which could potentially de-anonymize the data, like the exact agent identifier or its location.

First, we need to create iam.edgelq.com/Condition resource:

name: services/watchdog.edgelq.com/conditions/anonymous-time-series
displayName: Watchdog Anonymous Time Series
description: >-
  Inspects Time Series requests to ensure that the user doesn't filter or retrieve private information
  from probe metric labels like name, ID or precise geo-coordinates  
expression: |
  // restrict only Probe/Host Time Series
  (!(request.body.filter.satisfies('resource.type="watchdog.edgelq.com/probe"')) ? true :
   // reduce without identifiable information
   (!request.body.filter.specifies("resource.labels.probe_id") &&
    !request.body.filter.specifies("resource.labels.admin_area3_id") &&
    !request.body.filter.specifies("resource.labels.admin_area3") &&
    !request.body.filter.specifies("resource.labels.admin_area4_id") &&
    !request.body.filter.specifies("resource.labels.admin_area4") &&
    !request.body.filter.specifies("resource.labels.geohash4") &&
    !request.body.filter.specifies("resource.labels.geohash5") &&
    !request.body.filter.specifies("resource.labels.geohash6") &&
    !request.body.filter.specifies("resource.labels.geohash7") &&
    has(request.body.aggregation.cross_series_reducer) &&
    request.body.aggregation.group_by_fields.all(gbf, gbf in [
       "resource.labels.project_id",
       "resource.labels.region_id",
       "resource.labels.probe_group_id",
       "resource.labels.continent",
       "resource.labels.continent_id",
       "resource.labels.country",
       "resource.labels.country_id",
       "resource.labels.admin_area1",
       "resource.labels.admin_area1_id",
       "resource.labels.admin_area2",
       "resource.labels.admin_area2_id",
       "resource.labels.geohash2",
       "resource.labels.geohash3",
       "resource.labels.asn",
       "resource.labels.asn_name",
       "metric.labels.target",
       "metric.labels.target_id",
       "metric.labels.target_group",
       "metric.labels.target_group_id",
       "metric.labels.target_category",
    ])))  
parameterDeclarations: []

CEL Spec: https://github.com/google/cel-spec/blob/v0.7.0/doc/langdef.md.

Then, we can define a Role with grants like:

grants:
- permissions:
  - services/monitoring.edgelq.com/permissions/timeSeries.query
  executableConditions:
  - condition: services/watchdog.edgelq.com/conditions/anonymous-time-series

In the future though (TODO), this condition will be possible to be specified by inline conditions:

scopeParams:
- name: filterCondition
  type: ARRAY_OF_STRINGS
  defaultValues:
  - resource.labels.probe_id
  - ...
  - resource.labels.geohash7
- name: groupByProbeLabels
  type: ARRAY_OF_STRINGS
  defaultValues:
  - resource.labels.project_id
  - ...
  - metric.labels.target_category
grants:
# Access to time series for probes only 
- permissions:
  - services/monitoring.edgelq.com/permissions/timeSeries.query
  requestFieldConditions:
  - path: filter
    doesSatisfy: 'resource.type="watchdog.edgelq.com/probe"'
  - path: filter
    doesNotSpecify: "{filterCondition}"
  - path: aggregation.crossSeriesReducer
    notValue: REDUCE_NONE
  - path: aggregation.groupBy
    valuesAll: "{groupByProbeLabels}"

# Allow for non-probe
- permissions:
  - services/monitoring.edgelq.com/permissions/timeSeries.query
  requestFieldConditions:
  - path: filter
    doesNotSatisfy: 'resource.type="watchdog.edgelq.com/probe"'

SubScopes for collection and single resource actions

When defining subscopes in roles, collection-type actions (list, watch for plural!) must accept subScope without final collection name and resource ID.

For example, all these grants are legal:

# Permissions for non-collection actions and specific device
- subScope: regions/{region}/devices/{device}
  permissions:
  - services/devices.edgelq.com/devices.get
  - services/devices.edgelq.com/devices.batchGet
  - services/devices.edgelq.com/devices.update
  - services/devices.edgelq.com/devices.delete

# Permissions for collection actions and specific region (parent):
- subScope: regions/{region}
  permissions:
  - services/devices.edgelq.com/devices.list
  - services/devices.edgelq.com/devices.create

# Permissions for non-collection actions for specific region
- subScope: regions/{region}
  permissions:
  - services/devices.edgelq.com/devices.get
  - services/devices.edgelq.com/devices.batchGet
  - services/devices.edgelq.com/devices.update
  - services/devices.edgelq.com/devices.delete

But these grants would be not working (illegal):

# Permissions for non-collection actions and specific device
- subScope: regions/{region}/devices/{device}
  permissions:
  - services/devices.edgelq.com/devices.list
  - services/devices.edgelq.com/devices.create

The reason is, that ListDevices and CreateDevice are collection types, and they have “parent” resource field as the primary field for authorization. Name pattern for device parent is projects/{project}/regions/{region}, therefore it will never match subScope. Keep this in mind when defining subScopes!

Watch permissions

Permission for watches is a bit ambiguous. For example, we have two watch requests for each resource type, for example for devices we can specify:

  • WatchDevice - for single device (singular resource method)
  • WatchDevices - for collection of devices (collection method)

However, both of these actions are represented by single permission: services/devices.edgelq.com/devices.watch.

This means, that the following grants will apply to BOTH cases:

# Grants both WatchDevice and WatchDevices
- permissions:
  - services/devices.edgelq.com/devices.watch

# Grants both WatchDevice and WatchDevices, as long as we are restricting
# to a specific region:
- subScope: regions/{region}
  permissions:
  - services/devices.edgelq.com/devices.watch

However, if we specify subScope for a single device, then this grant will only work for a single resource watch:

# Because we specified the device in sub-scope, this grant will never apply
# to plural WatchDevices!
- subScope: regions/{region}/devices/{device}
  permissions:
  - services/devices.edgelq.com/devices.watch

Attach permissions

In the IAM, establishing relationships requires extra permissions - so-called attach checks. For example, if we are updating the Device resource from the devices.edgelq.com service, which has a reference to ServiceAccount via the spec.service_account field (Service iam.edgelq.com), we need two permissions:

  • services/devices.edgelq.com/permissions/devices.update

    We require this permission on the Device resource.

  • services/iam.edgelq.com/permissions/serviceAccounts!attach

    We require this permission on the ServiceAccount resource.

To ensure the user can execute such an update, we may need a role with grants like:

name: <RoleName>
grants:
- permissions:
  - services/devices.edgelq.com/permissions/devices.update
  - services/iam.edgelq.com/permissions/serviceAccounts!attach

If we want to have more granular management, we may separate them by using subScopes and & or resource field conditions:

name: <RoleName>
scopeParams: ... # just regular params...
grants:

- subScope: "regions/{region}/devices/{device}"
  permissions:
  - services/devices.edgelq.com/permissions/devices.update
  resourceFieldConditions:
  - path: metadata.annotations.key
    value: "{value}"

- subScope: "regions/{region}/serviceAccounts/{serviceAccount}"
  permissions:
  - services/iam.edgelq.com/permissions/serviceAccounts!attach
  resourceFieldConditions:
  - path: metadata.tags
    value: "{tagValue}"

Request field conditions do not make sense for attach checks - they apply for a whole call only, affecting the main permission for a method (device.update in this case).

Managing Users (User Resources)

SPEKTRA Edge manages users as independent resources. In other words, a user is not tied to a specific Project or Organization, but exists on its own. In other words, a user can “access” multiple Projects and Organizations, but there is no concept of “belonging” to a Project or Organization. The relationship between a user and a Project or Organization is done as Role Binding.

Note that the SEI dashboard displays Role Binding resources as pseudo “users” so that users can manage user privileges without understanding the detailed IAM specifications. Note that deleting a “user” on the SEI dashboard does not delete the user’s information from the system. What is deleted is the Role Binding resource that the user holds on the relevant Project.

Users usually sign up using an individual email address (called a local user) or register with the system using SSO, which is linked to a Google account, etc. If SSO is used, the user’s registration information is handled by the SSO provider. For local users, password registration and MFA settings are done on SPEKTRA Edge.

The following operations on local users currently require a request to the system administrator.

  • Reset MFA access settings
  • Complete deletion of user information

Service Account and Service Account Key

Service accounts are used to authenticate for M2M. For example, when accessing SPEKTRA Edge’s API with scripts for API integration or various automation tools, a service account can be used instead of a specific user. Service accounts exist as Service Account resources on IAM.

For IAM authorization processing, service accounts are treated much the same as regular users. In other words, in order to allow a service account to access the API, it must be assigned a role. Please refer to the above explanation for how to assign roles.

To create a new service account, use the cuttle iam create service-account command.

cuttle iam create service-account --project $PROJECT \
    $SVCACCNT_NAME

To actually use a service account, a service account key must be created as a credential. Service account keys are created as child resources of the service account. Multiple service account keys can be created for a single service count.

The service account key supports multiple key algorithms. Normally, a 2048-bit key pair using RSA (--algorithm RSA_2048) is used. This key pair can be used for API calls with gRPC and authentication with the cuttle command. On the other hand, if you want to use a short string used as a Bearer token in the Authorization header of a REST request as a key, use the API KEY (--algorithm API_KEY).

The following example shows how to generate a service account key using RSA. When this command is executed, a file named credentails.json containing the freshly generated key will be created in the directory where the command was executed

cuttle iam create service-account-key --project $PROJECT \
  --service-account $SVCACCNT_NAME \
  --algorithm RSA_2048 \
  $SVCACCNT_KEY_NAME

To use the generated key with the cuttle command, load it with the following command

cuttle config account add-service-account credentials.json

The following command is an example of using the loaded service account in the default context (if you are using a staging environment, etc., change it accordingly). (The name of the context can be obtained with the cuttle config context list command). For the account name, enter the email address of the service account as it appears when the above command is read.

cuttle config context set default \
  --account sa@exmaple.eu1.serviceaccounts.iam.edgelq.com

The following example shows how to generate a key using API_KEY.

cuttle iam create service-account-key --project $PROJECT \
    --service-account $SVCACCNT_NAME \
    --algorithm API_KEY \
    $SVCACCNT_KEY_NAME

In this case, the output is written as JSON to standard output, and the value of the .apiKey field is the API key.

Groups

A group is a resource used when operating multiple users together. For example, by assigning roles to groups, it is possible to omit assigning roles to individual users.

A group consists of two resources. The primary resource is the Group resource in IAM, which defines the group itself. To add users to a group, use the Group Member resource, which is a child of the Group resource.

Groups can be created in the System, Organization, and Project scopes, but each requires its own permissions.

The following command is an example of creating a group in the Project scope and adding members; note that, as with Role Binding, the --member option must be prefixed.

## create group
cuttle iam create group --project $PROJECT $GROUP_NAME
## add a member
cuttle iam create group-member --project $PROJECT \
  --group $GROUP_NAME --member "user:example@edgelq.com"

2.1 -

Understanding the iam.edgelq.com service APIv1, in proto package ntt.iam.v1.

Service iam.edgelq.com in version v1, proto package ntt.iam.v1

Here is the list of resources supported in IAM service APIv1:

AttestationDomain Resource

AttestationDomain Resource

Name patterns:

  • projects/{project}/attestationDomains/{attestation_domain}

Parent resources:

This section covers the methods and messages to interact with AttestationDomain resource.

AttestationDomain Methods

Here is the list of AttestationDomain resource methods:

GetAttestationDomain Method

GetAttestationDomain

rpc GetAttestationDomain(GetAttestationDomainRequest) returns (AttestationDomain)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.get

The equivalent REST API is:

GET /v1/{name=projects/*/attestationDomains/*}

BatchGetAttestationDomains Method

BatchGetAttestationDomains

rpc BatchGetAttestationDomains(BatchGetAttestationDomainsRequest) returns (BatchGetAttestationDomainsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.batchGet

The equivalent REST API is:

GET /v1/attestationDomains:batchGet

ListAttestationDomains Method

ListAttestationDomains

rpc ListAttestationDomains(ListAttestationDomainsRequest) returns (ListAttestationDomainsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.list

The equivalent REST API is:

GET /v1/{parent=projects/*}/attestationDomains

WatchAttestationDomain Method

WatchAttestationDomain

rpc WatchAttestationDomain(WatchAttestationDomainRequest) returns (WatchAttestationDomainResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.watch

The equivalent REST API is:

POST /v1/{name=projects/*/attestationDomains/*}:watch

WatchAttestationDomains Method

WatchAttestationDomains

rpc WatchAttestationDomains(WatchAttestationDomainsRequest) returns (WatchAttestationDomainsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.watch

The equivalent REST API is:

POST /v1/{parent=projects/*}/attestationDomains:watch

CreateAttestationDomain Method

CreateAttestationDomain

rpc CreateAttestationDomain(CreateAttestationDomainRequest) returns (AttestationDomain)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.create

The equivalent REST API is:

POST /v1/{parent=projects/*}/attestationDomains (BODY: attestation_domain)

UpdateAttestationDomain Method

UpdateAttestationDomain

rpc UpdateAttestationDomain(UpdateAttestationDomainRequest) returns (AttestationDomain)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.update

The equivalent REST API is:

PUT /v1/{attestation_domain.name=projects/*/attestationDomains/*} (BODY: attestation_domain)

DeleteAttestationDomain Method

DeleteAttestationDomain

rpc DeleteAttestationDomain(DeleteAttestationDomainRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/attestationDomains/*}

Verify Method

Verify

rpc Verify(VerifyRequest) returns (VerifyResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.verify

The equivalent REST API is:

POST /v1/{ask_for_challenge.attestation_domain=projects/*/attestationDomains/*}:verify

AttestationDomain Messages

Here is the list of AttestationDomain resource messages:

AttestationDomain Message

Name Type Description
name string (name of AttestationDomain) Name of AttestationDomain When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display name
insecure_skip_manufacturer_ekcert_verification bool If false (default), attestation verifier SHALL check CA certificate chain up to the TPM chip manufacturers CA (defined in manufacturer_ca_issuers). This step is necessary to prove that the attestation request comes from a genuine TPM device, and not a TPM emulator. If true, attestation verifier SHALL skip EKcert verification - !!INSECURE!! Without this check, any keys may come from a simulated TPM on the device. An attacker may therefore forge any key they want. Therefore, this option should only be changed for development purposes.
policies repeated AttestationDomain.Policy Attestees wanting to attest under this attestation domain SHALL fulfill requirements of at least one of attestation policies defined in this list. Policies are checked in the order they appear on this list.
enrollment_list repeated AttestationDomain.EnrolledKey Attestation policy may require atestees pubkey to be present on enrollment_list.

AttestationDomain.Policy Message

Policy defines a singular attestation policy, that should match a homogenous class of device (i.e. hardware and firmware configuration) in the fleet.

Name Type Description
manufacturer_root_ca_certs_pem string List of acceptable manufacturer’s root CAs certs (in PEM format). To obtain such a cert, run something like: tpm2_getekcertificate -o cert.bin openssl x509 -inform der -in cert.bin -noout -text Then manually download certificate specified in Authority Information Access (AIA). Repeat the above openssl command on the newly downloadedfile (change the value of -in argument). Continue this until you reach a certificate which does not have AIA. It’s the root certificate. Convert it to PEM like so: openssl x509 -inform der -in root.crt -out root.pem Still, we need to encode newlines: awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' root.pem Then paste the output here. Note: multiple PEM certificates may be included here by simple means of concatenation.
require_enrollment bool If true, the attestee’s pubkey SHALL be present on this AttestationDomain’s enrollment list, otherwise fail the attestation.
verify_event_log bool If true, the verifier SHALL parse, replay and verify TPM event log provided by the atestee, otherwise fail the attestation. Note that requiring verification of event does not provide additional security. See https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md#event-type-and-verification-footguns
expected_pcrs repeated PCR List of expected PCR values. All PCRs on this list SHALL match exactly the PCRs provided by the atestee, otherwise the attestation SHALL be failed. The verifier SHALL perform sanity checks: PCR index/digest pairs are unique and the size of the list is sane (TODO). They can be read from TPM by running something like tpm2_pcrread.

AttestationDomain.EnrolledKey Message

EnrolledKey defines an enrolled key.

Name Type Description
pubkey_pem string PEM encoded EK pubkey. It can be read from TPM by running something like tpm2_createek -G rsa -u ek.pub -c key.ctx -f pem.
comment string User’s comments for this entry

GetAttestationDomainRequest Message

A request message of the GetAttestationDomain method.

Name Type Description
name string (name of AttestationDomain) Name of ntt.iam.v1.AttestationDomain
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAttestationDomainsRequest Message

A request message of the BatchGetAttestationDomains method.

Name Type Description
names repeated string (name of AttestationDomain) Names of AttestationDomains
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAttestationDomainsResponse Message

A response message of the BatchGetAttestationDomains method.

Name Type Description
attestation_domains repeated AttestationDomain found AttestationDomains
missing repeated string (name of AttestationDomain) list of not found AttestationDomains

ListAttestationDomainsRequest Message

A request message of the ListAttestationDomains method.

Name Type Description
parent string (parent name of AttestationDomain) Parent name of ntt.iam.v1.AttestationDomain
page_size int32 Requested page size. Server may return fewer AttestationDomains than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AttestationDomain) A token identifying a page of results the server should return. Typically, this is the value of ListAttestationDomainsResponse.next_page_token.
order_by string (orderBy of AttestationDomain) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AttestationDomain) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAttestationDomainsResponse Message

A response message of the ListAttestationDomains method.

Name Type Description
attestation_domains repeated AttestationDomain The list of AttestationDomains
prev_page_token string (cursor of AttestationDomain) A token to retrieve previous page of results. Pass this value in the ListAttestationDomainsRequest.page_token.
next_page_token string (cursor of AttestationDomain) A token to retrieve next page of results. Pass this value in the ListAttestationDomainsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AttestationDomains across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAttestationDomainRequest Message

A request message of the WatchAttestationDomain method.

Name Type Description
name string (name of AttestationDomain) Name of ntt.iam.v1.AttestationDomain
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAttestationDomainResponse Message

A response message of the WatchAttestationDomain method.

Name Type Description
change AttestationDomainChange

WatchAttestationDomainsRequest Message

A request message of the WatchAttestationDomains method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AttestationDomain) Parent name of ntt.iam.v1.AttestationDomain
page_size int32 Requested page size. Server may return fewer AttestationDomains than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AttestationDomain) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AttestationDomain) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AttestationDomain) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AttestationDomain that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AttestationDomain that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAttestationDomainsResponse Message

A response message of the WatchAttestationDomains method.

Name Type Description
attestation_domain_changes repeated AttestationDomainChange Changes of AttestationDomains
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AttestationDomains will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAttestationDomainsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AttestationDomains will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAttestationDomainsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AttestationDomain) New token to retrieve previous page of results.
next_page_token string (cursor of AttestationDomain) New token to retrieve next page of results.

CreateAttestationDomainRequest Message

A request message of the CreateAttestationDomain method.

Name Type Description
parent string (parent name of AttestationDomain) Parent name of ntt.iam.v1.AttestationDomain
attestation_domain AttestationDomain AttestationDomain resource body
response_mask CreateAttestationDomainRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAttestationDomainRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAttestationDomainRequest Message

A request message of the UpdateAttestationDomain method.

Name Type Description
attestation_domain AttestationDomain AttestationDomain resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAttestationDomainRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAttestationDomainRequest.ResponseMask reduce message response size.

UpdateAttestationDomainRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AttestationDomain Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAttestationDomainRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAttestationDomainRequest Message

A request message of the DeleteAttestationDomain method.

Name Type Description
name string (name of AttestationDomain) Name of ntt.iam.v1.AttestationDomain
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

VerifyRequest Message

Request message for method [Verify][ntt.iam.v1.Verify]

Name Type Description
ask_for_challenge VerifyRequest.AskForChallenge
challenge_response VerifyRequest.ChallengeResponse

VerifyRequest.AskForChallenge Message

Name Type Description
subject string This will be used to set “sub” claim for attestation token. This “sub” should be compared to “sub” of JWT access token during validation. “Sub” comparison ties both tokens together and protects against theft/reuse of one of them by another service account.
attestation_domain string (name of AttestationDomain) attestation domain ref
tpm_version TpmVersion
ekpub bytes PKIX encoded EK public
ekcert bytes ASN.1 DER encoded EK certificate.
ekcerturl string For Intel TPMs, Intel hosts certificates at a public URL derived from the Public key. Clients or servers can perform an HTTP GET to this URL, and use ParseEKCertificate on the response body.
akpub bytes https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf TPMT_PUBLIC (TPM 2.0) or TPM_PUBKEY (TPM 1.2)
creation_data bytes TPMS_CREATION_DATA
attest bytes TPMS_ATTEST
signature bytes TPMT_SIGNATURE
challenge_format VerifyRequest.AskForChallenge.ChallengeFormat ChallengeFormat defines the method of generating identity activation challenge by the Verifier (server). It should affect the interpretation ChallengeResponse fields cred_encrypted_by_ekpub and secret_encrypted_by_cred. Attestor (client) is responsible for chosing the right format depending on TPM version and the presence of TrouSerS daemon.

VerifyRequest.ChallengeResponse Message

Name Type Description
ak_activation_decrypted_secret bytes
quotes repeated VerifyRequest.ChallengeResponse.Quote
pcrs repeated PCR
eventlog bytes Binary contents of /sys/kernel/security/tpm0/binary_bios_measurements

VerifyRequest.ChallengeResponse.Quote Message

Name Type Description
quote bytes TPMS_ATTEST (TSS_VALIDATION.Data or TSS_VALIDATION.rgbData) This contains PCR selection information for which the signature was calculated and other required data, like nonce.
signature bytes TSS_VALIDATION.ValidationData or TSS_VALIDATION.rgbValidationData

VerifyResponse Message

Response message for method [Verify][ntt.iam.v1.Verify]

Name Type Description
challenge VerifyResponse.Challenge
attestation_successful VerifyResponse.AttestationSuccessful

VerifyResponse.Challenge Message

Name Type Description
platform_attestation_nonce bytes Platform attestation
cred_encrypted_by_ekpub bytes AK Identity Activation
secret_encrypted_by_cred bytes

VerifyResponse.AttestationSuccessful Message

Name Type Description
attestation_token string

Condition Resource

Condition Resource represents additional that is not built-in into the role. It can be attached to role grant or RoleBinding (applies to all grants then).

Name patterns:

  • conditions/{condition}
  • projects/{project}/conditions/{condition}
  • organizations/{organization}/conditions/{condition}
  • services/{service}/conditions/{condition}

Parent resources:

This section covers the methods and messages to interact with Condition resource.

Condition Methods

Here is the list of Condition resource methods:

GetCondition Method

GetCondition

rpc GetCondition(GetConditionRequest) returns (Condition)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.get

The equivalent REST API is:

GET /v1/{name=conditions/*} 

GET /v1/{name=projects/*/conditions/*} 

GET /v1/{name=organizations/*/conditions/*} 

GET /v1/{name=services/*/conditions/*}

BatchGetConditions Method

BatchGetConditions

rpc BatchGetConditions(BatchGetConditionsRequest) returns (BatchGetConditionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.batchGet

The equivalent REST API is:

GET /v1/conditions:batchGet

ListConditions Method

ListConditions

rpc ListConditions(ListConditionsRequest) returns (ListConditionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.list

The equivalent REST API is:

GET /v1/conditions 

GET /v1/{parent=projects/*}/conditions 

GET /v1/{parent=organizations/*}/conditions 

GET /v1/{parent=services/*}/conditions

WatchCondition Method

WatchCondition

rpc WatchCondition(WatchConditionRequest) returns (WatchConditionResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.watch

The equivalent REST API is:

POST /v1/{name=conditions/*}:watch 

POST /v1/{name=projects/*/conditions/*}:watch 

POST /v1/{name=organizations/*/conditions/*}:watch 

POST /v1/{name=services/*/conditions/*}:watch

WatchConditions Method

WatchConditions

rpc WatchConditions(WatchConditionsRequest) returns (WatchConditionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.watch

The equivalent REST API is:

POST /v1/conditions:watch 

POST /v1/{parent=projects/*}/conditions:watch 

POST /v1/{parent=organizations/*}/conditions:watch 

POST /v1/{parent=services/*}/conditions:watch

CreateCondition Method

CreateCondition

rpc CreateCondition(CreateConditionRequest) returns (Condition)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.create

The equivalent REST API is:

POST /v1/conditions (BODY: condition)

POST /v1/{parent=projects/*}/conditions 

POST /v1/{parent=organizations/*}/conditions 

POST /v1/{parent=services/*}/conditions

UpdateCondition Method

UpdateCondition

rpc UpdateCondition(UpdateConditionRequest) returns (Condition)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.update

The equivalent REST API is:

PUT /v1/{condition.name=conditions/*} (BODY: condition)

PUT /v1/{condition.name=projects/*/conditions/*} 

PUT /v1/{condition.name=organizations/*/conditions/*} 

PUT /v1/{condition.name=services/*/conditions/*}

DeleteCondition Method

DeleteCondition

rpc DeleteCondition(DeleteConditionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.delete

The equivalent REST API is:

DELETE /v1/{name=conditions/*} 

DELETE /v1/{name=projects/*/conditions/*} 

DELETE /v1/{name=organizations/*/conditions/*} 

DELETE /v1/{name=services/*/conditions/*}

Condition Messages

Here is the list of Condition resource messages:

Condition Message

Name Type Description
name string (name of Condition) Name of Condition When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
description string Description
ip_condition Condition.IpCondition
attestation_condition Condition.AttestationCondition
expression string Condition expression in Google CEL, syntax, e.g. resource.name == "projects/xyz/instances/abc" Accessible parameters:
parameter_declarations repeated Condition.ParameterDeclaration Typed parameters declarations. When binding a Condition passed parameters must correspond to declarations. DEPRECATED: Along with expression, CEL conditions are gone.

Condition.ParameterDeclaration Message

Parameter Declarations used

Name Type Description
key string Parameter Key - must be unique within condition. Defined parameter variables are accessible in condition expression via parameters.\<key\>, e.g.parameters.projectId
type Condition.ParameterType Parameter value type

Condition.IpCondition Message

IpCondition presents list of allowed/disallowed source IP addresses.

Name Type Description
allowed_cidrs repeated string Allowed IP cidrs in v4 or v6 format. If specified, at least one must be satisfied during execution.
disabled_cidrs repeated string Disallowed IP cidrs in v4 or v6 format. If specified, client IP must not be in any specified range.

Condition.AttestationCondition Message

AttestationCondition requires that associated roles/grants are authorized only if caller attaches proper attestation token next to authorization one.

Name Type Description
domain string (reference to AttestationDomain) Domain name that must be present in attestation token.
except_permissions repeated string (reference to Permission) List of permissions excepted from this condition. By default, it contains: * services/iam.edgelq.com/permissions/attestationDomains.get * services/iam.edgelq.com/permissions/attestationDomains.verify * services/iam.edgelq.com/permissions/serviceAccounts.get * services/iam.edgelq.com/permissions/serviceAccountKeys.get * services/devices.edgelq.com/permissions/devices.list * services/devices.edgelq.com/permissions/provisioningPolicies.list * services/devices.edgelq.com/permissions/provisioningPolicies.provisionDeviceViaPolicy * services/devices.edgelq.com/permissions/provisioningPolicies.requestProvisioningApproval Those are necessary to obtain attestation token in the first place.

GetConditionRequest Message

A request message of the GetCondition method.

Name Type Description
name string (name of Condition) Name of ntt.iam.v1.Condition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetConditionsRequest Message

A request message of the BatchGetConditions method.

Name Type Description
names repeated string (name of Condition) Names of Conditions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetConditionsResponse Message

A response message of the BatchGetConditions method.

Name Type Description
conditions repeated Condition found Conditions
missing repeated string (name of Condition) list of not found Conditions

ListConditionsRequest Message

A request message of the ListConditions method.

Name Type Description
parent string (parent name of Condition) Parent name of ntt.iam.v1.Condition
page_size int32 Requested page size. Server may return fewer Conditions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Condition) A token identifying a page of results the server should return. Typically, this is the value of ListConditionsResponse.next_page_token.
order_by string (orderBy of Condition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Condition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListConditionsResponse Message

A response message of the ListConditions method.

Name Type Description
conditions repeated Condition The list of Conditions
prev_page_token string (cursor of Condition) A token to retrieve previous page of results. Pass this value in the ListConditionsRequest.page_token.
next_page_token string (cursor of Condition) A token to retrieve next page of results. Pass this value in the ListConditionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Conditions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchConditionRequest Message

A request message of the WatchCondition method.

Name Type Description
name string (name of Condition) Name of ntt.iam.v1.Condition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchConditionResponse Message

A response message of the WatchCondition method.

Name Type Description
change ConditionChange

WatchConditionsRequest Message

A request message of the WatchConditions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Condition) Parent name of ntt.iam.v1.Condition
page_size int32 Requested page size. Server may return fewer Conditions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Condition) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Condition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Condition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Condition that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Condition that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchConditionsResponse Message

A response message of the WatchConditions method.

Name Type Description
condition_changes repeated ConditionChange Changes of Conditions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Conditions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchConditionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Conditions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchConditionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Condition) New token to retrieve previous page of results.
next_page_token string (cursor of Condition) New token to retrieve next page of results.

CreateConditionRequest Message

A request message of the CreateCondition method.

Name Type Description
parent string (parent name of Condition) Parent name of ntt.iam.v1.Condition
condition Condition Condition resource body
response_mask CreateConditionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateConditionRequest Message

A request message of the UpdateCondition method.

Name Type Description
condition Condition Condition resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateConditionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateConditionRequest.ResponseMask reduce message response size.

UpdateConditionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Condition Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteConditionRequest Message

A request message of the DeleteCondition method.

Name Type Description
name string (name of Condition) Name of ntt.iam.v1.Condition
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Condition Enumerations

Here is the list of Condition resource enumerations:

Condition.ParameterType Enumeration

Parameter Type.

Name Description
TYPE_UNSPECIFIED
STRING
INT64
DOUBLE
BOOL
STRING_ARRAY
INT64_ARRAY
DOUBLE_ARRAY
BOOL_ARRAY
OBJECT

Group Resource

Group Resource

Name patterns:

  • groups/{group}
  • projects/{project}/groups/{group}
  • organizations/{organization}/groups/{group}
  • services/{service}/groups/{group}

Parent resources:

This section covers the methods and messages to interact with Group resource.

Group Methods

Here is the list of Group resource methods:

GetGroup Method

GetGroup

rpc GetGroup(GetGroupRequest) returns (Group)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.get

The equivalent REST API is:

GET /v1/{name=groups/*} 

GET /v1/{name=projects/*/groups/*} 

GET /v1/{name=organizations/*/groups/*} 

GET /v1/{name=services/*/groups/*}

BatchGetGroups Method

BatchGetGroups

rpc BatchGetGroups(BatchGetGroupsRequest) returns (BatchGetGroupsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.batchGet

The equivalent REST API is:

GET /v1/groups:batchGet

ListGroups Method

ListGroups

rpc ListGroups(ListGroupsRequest) returns (ListGroupsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.list

The equivalent REST API is:

GET /v1/groups 

GET /v1/{parent=projects/*}/groups 

GET /v1/{parent=organizations/*}/groups 

GET /v1/{parent=services/*}/groups

WatchGroup Method

WatchGroup

rpc WatchGroup(WatchGroupRequest) returns (WatchGroupResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.watch

The equivalent REST API is:

POST /v1/{name=groups/*}:watch 

POST /v1/{name=projects/*/groups/*}:watch 

POST /v1/{name=organizations/*/groups/*}:watch 

POST /v1/{name=services/*/groups/*}:watch

WatchGroups Method

WatchGroups

rpc WatchGroups(WatchGroupsRequest) returns (WatchGroupsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.watch

The equivalent REST API is:

POST /v1/groups:watch 

POST /v1/{parent=projects/*}/groups:watch 

POST /v1/{parent=organizations/*}/groups:watch 

POST /v1/{parent=services/*}/groups:watch

CreateGroup Method

CreateGroup

rpc CreateGroup(CreateGroupRequest) returns (Group)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.create

The equivalent REST API is:

POST /v1/groups (BODY: group)

POST /v1/{parent=projects/*}/groups 

POST /v1/{parent=organizations/*}/groups 

POST /v1/{parent=services/*}/groups

UpdateGroup Method

UpdateGroup

rpc UpdateGroup(UpdateGroupRequest) returns (Group)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.update

The equivalent REST API is:

PUT /v1/{group.name=groups/*} (BODY: group)

PUT /v1/{group.name=projects/*/groups/*} 

PUT /v1/{group.name=organizations/*/groups/*} 

PUT /v1/{group.name=services/*/groups/*}

DeleteGroup Method

DeleteGroup

rpc DeleteGroup(DeleteGroupRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.delete

The equivalent REST API is:

DELETE /v1/{name=groups/*} 

DELETE /v1/{name=projects/*/groups/*} 

DELETE /v1/{name=organizations/*/groups/*} 

DELETE /v1/{name=services/*/groups/*}

Group Messages

Here is the list of Group resource messages:

Group Message

Name Type Description
name string (name of Group) Name of Group When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
description string Optional. Description of the Group
email string Unique email address for this [Group]. Generated based on its [name][ntt.iam.v1alpha2.Group.name] with following rules: 1. System group: {group_id}@groups.iam.edgelq.com 2. Organization group: {group_id}@{organization_id}.groups.iam.edgelq.com 3. Project group: {group_id}@{project_id}.groups.iam.edgelq.com This email can be used in [RoleBindings][ntt.iam.v1alpha2.RoleBinding.member] field. Note: Currently there is way to assign custom domain for [Organization] or [Project].

GetGroupRequest Message

A request message of the GetGroup method.

Name Type Description
name string (name of Group) Name of ntt.iam.v1.Group
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupsRequest Message

A request message of the BatchGetGroups method.

Name Type Description
names repeated string (name of Group) Names of Groups
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupsResponse Message

A response message of the BatchGetGroups method.

Name Type Description
groups repeated Group found Groups
missing repeated string (name of Group) list of not found Groups

ListGroupsRequest Message

A request message of the ListGroups method.

Name Type Description
parent string (parent name of Group) Parent name of ntt.iam.v1.Group
page_size int32 Requested page size. Server may return fewer Groups than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Group) A token identifying a page of results the server should return. Typically, this is the value of ListGroupsResponse.next_page_token.
order_by string (orderBy of Group) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Group) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListGroupsResponse Message

A response message of the ListGroups method.

Name Type Description
groups repeated Group The list of Groups
prev_page_token string (cursor of Group) A token to retrieve previous page of results. Pass this value in the ListGroupsRequest.page_token.
next_page_token string (cursor of Group) A token to retrieve next page of results. Pass this value in the ListGroupsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Groups across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchGroupRequest Message

A request message of the WatchGroup method.

Name Type Description
name string (name of Group) Name of ntt.iam.v1.Group
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchGroupResponse Message

A response message of the WatchGroup method.

Name Type Description
change GroupChange

WatchGroupsRequest Message

A request message of the WatchGroups method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Group) Parent name of ntt.iam.v1.Group
page_size int32 Requested page size. Server may return fewer Groups than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Group) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Group) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Group) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Group that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Group that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchGroupsResponse Message

A response message of the WatchGroups method.

Name Type Description
group_changes repeated GroupChange Changes of Groups
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Groups will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchGroupsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Groups will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchGroupsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Group) New token to retrieve previous page of results.
next_page_token string (cursor of Group) New token to retrieve next page of results.

CreateGroupRequest Message

A request message of the CreateGroup method.

Name Type Description
parent string (parent name of Group) Parent name of ntt.iam.v1.Group
group Group Group resource body
response_mask CreateGroupRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateGroupRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateGroupRequest Message

A request message of the UpdateGroup method.

Name Type Description
group Group Group resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateGroupRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateGroupRequest.ResponseMask reduce message response size.

UpdateGroupRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Group Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateGroupRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteGroupRequest Message

A request message of the DeleteGroup method.

Name Type Description
name string (name of Group) Name of ntt.iam.v1.Group
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GroupMember Resource

GroupMember Resource

Name patterns:

  • groups/{group}/groupMembers/{group_member}
  • projects/{project}/groups/{group}/groupMembers/{group_member}
  • organizations/{organization}/groups/{group}/groupMembers/{group_member}
  • services/{service}/groups/{group}/groupMembers/{group_member}

Parent resources:

This section covers the methods and messages to interact with GroupMember resource.

GroupMember Methods

Here is the list of GroupMember resource methods:

GetGroupMember Method

GetGroupMember

rpc GetGroupMember(GetGroupMemberRequest) returns (GroupMember)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.get

The equivalent REST API is:

GET /v1/{name=groups/*/groupMembers/*} 

GET /v1/{name=projects/*/groups/*/groupMembers/*} 

GET /v1/{name=organizations/*/groups/*/groupMembers/*} 

GET /v1/{name=services/*/groups/*/groupMembers/*}

BatchGetGroupMembers Method

BatchGetGroupMembers

rpc BatchGetGroupMembers(BatchGetGroupMembersRequest) returns (BatchGetGroupMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.batchGet

The equivalent REST API is:

GET /v1/groupMembers:batchGet

ListGroupMembers Method

ListGroupMembers

rpc ListGroupMembers(ListGroupMembersRequest) returns (ListGroupMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.list

The equivalent REST API is:

GET /v1/{parent=groups/*}/groupMembers 

GET /v1/{parent=projects/*/groups/*}/groupMembers 

GET /v1/{parent=organizations/*/groups/*}/groupMembers 

GET /v1/{parent=services/*/groups/*}/groupMembers

WatchGroupMember Method

WatchGroupMember

rpc WatchGroupMember(WatchGroupMemberRequest) returns (WatchGroupMemberResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.watch

The equivalent REST API is:

POST /v1/{name=groups/*/groupMembers/*}:watch 

POST /v1/{name=projects/*/groups/*/groupMembers/*}:watch 

POST /v1/{name=organizations/*/groups/*/groupMembers/*}:watch 

POST /v1/{name=services/*/groups/*/groupMembers/*}:watch

WatchGroupMembers Method

WatchGroupMembers

rpc WatchGroupMembers(WatchGroupMembersRequest) returns (WatchGroupMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.watch

The equivalent REST API is:

POST /v1/{parent=groups/*}/groupMembers:watch 

POST /v1/{parent=projects/*/groups/*}/groupMembers:watch 

POST /v1/{parent=organizations/*/groups/*}/groupMembers:watch 

POST /v1/{parent=services/*/groups/*}/groupMembers:watch

CreateGroupMember Method

CreateGroupMember

rpc CreateGroupMember(CreateGroupMemberRequest) returns (GroupMember)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.create

The equivalent REST API is:

POST /v1/{parent=groups/*}/groupMembers (BODY: group_member)

POST /v1/{parent=projects/*/groups/*}/groupMembers 

POST /v1/{parent=organizations/*/groups/*}/groupMembers 

POST /v1/{parent=services/*/groups/*}/groupMembers

UpdateGroupMember Method

UpdateGroupMember

rpc UpdateGroupMember(UpdateGroupMemberRequest) returns (GroupMember)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.update

The equivalent REST API is:

PUT /v1/{group_member.name=groups/*/groupMembers/*} (BODY: group_member)

PUT /v1/{group_member.name=projects/*/groups/*/groupMembers/*} 

PUT /v1/{group_member.name=organizations/*/groups/*/groupMembers/*} 

PUT /v1/{group_member.name=services/*/groups/*/groupMembers/*}

DeleteGroupMember Method

DeleteGroupMember

rpc DeleteGroupMember(DeleteGroupMemberRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.delete

The equivalent REST API is:

DELETE /v1/{name=groups/*/groupMembers/*} 

DELETE /v1/{name=projects/*/groups/*/groupMembers/*} 

DELETE /v1/{name=organizations/*/groups/*/groupMembers/*} 

DELETE /v1/{name=services/*/groups/*/groupMembers/*}

ListGroupMembersWithMembers Method

ListGroupMembersWithMembers

rpc ListGroupMembersWithMembers(ListGroupMembersWithMembersRequest) returns (ListGroupMembersWithMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.listGroupMembersWithMembers

The equivalent REST API is:

POST /v1/{parent=groups/*}/groupMembers:listGroupMembersWithMembers 

POST /v1/{parent=projects/*/groups/*}/groupMembers:listGroupMembersWithMembers 

POST /v1/{parent=organizations/*/groups/*}/groupMembers:listGroupMembersWithMembers 

POST /v1/{parent=services/*/groups/*}/groupMembers:listGroupMembersWithMembers

GroupMember Messages

Here is the list of GroupMember resource messages:

GroupMember Message

Name Type Description
name string (name of GroupMember) Name of GroupMember When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
member string Format of the string is one of: - “allUsers” (anyone) - “allAuthenticatedUsers” (anyone logged in) - “user:admin.super@example.com” - “serviceAccount:device_agent@watchdog.serviceaccounts.iam.edgelq.com” - “group:nice.group@example.com”
parent_member string Internal field used by the IAM controller to know member ID (email) of a group this member belongs to.
min_ancestry_members repeated string Internal field used the IAM controller to know common ancestors if this group member is actually a copy from another group, which can happen if group is member in another group. List contains member IDs of other groups. Last element is always pointing to the group which made an actual copy and is responsible for deletion when needed. If particular group member is copied multiple times (which also can happen if group is indirect member via multiple memberships) then this field contains list only of common ancestors. This field has purpose of indicating owner (last item in this list) and to break cycles (previous elements). List is always empty if this group member is DIRECT member of this group and controller cannot modify it.

GetGroupMemberRequest Message

A request message of the GetGroupMember method.

Name Type Description
name string (name of GroupMember) Name of ntt.iam.v1.GroupMember
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupMembersRequest Message

A request message of the BatchGetGroupMembers method.

Name Type Description
names repeated string (name of GroupMember) Names of GroupMembers
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupMembersResponse Message

A response message of the BatchGetGroupMembers method.

Name Type Description
group_members repeated GroupMember found GroupMembers
missing repeated string (name of GroupMember) list of not found GroupMembers

ListGroupMembersRequest Message

A request message of the ListGroupMembers method.

Name Type Description
parent string (parent name of GroupMember) Parent name of ntt.iam.v1.GroupMember
page_size int32 Requested page size. Server may return fewer GroupMembers than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of GroupMember) A token identifying a page of results the server should return. Typically, this is the value of ListGroupMembersResponse.next_page_token.
order_by string (orderBy of GroupMember) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of GroupMember) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListGroupMembersResponse Message

A response message of the ListGroupMembers method.

Name Type Description
group_members repeated GroupMember The list of GroupMembers
prev_page_token string (cursor of GroupMember) A token to retrieve previous page of results. Pass this value in the ListGroupMembersRequest.page_token.
next_page_token string (cursor of GroupMember) A token to retrieve next page of results. Pass this value in the ListGroupMembersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total GroupMembers across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchGroupMemberRequest Message

A request message of the WatchGroupMember method.

Name Type Description
name string (name of GroupMember) Name of ntt.iam.v1.GroupMember
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchGroupMemberResponse Message

A response message of the WatchGroupMember method.

Name Type Description
change GroupMemberChange

WatchGroupMembersRequest Message

A request message of the WatchGroupMembers method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of GroupMember) Parent name of ntt.iam.v1.GroupMember
page_size int32 Requested page size. Server may return fewer GroupMembers than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of GroupMember) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of GroupMember) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of GroupMember) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to GroupMember that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to GroupMember that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchGroupMembersResponse Message

A response message of the WatchGroupMembers method.

Name Type Description
group_member_changes repeated GroupMemberChange Changes of GroupMembers
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All GroupMembers will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchGroupMembersResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (GroupMembers will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchGroupMembersResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of GroupMember) New token to retrieve previous page of results.
next_page_token string (cursor of GroupMember) New token to retrieve next page of results.

CreateGroupMemberRequest Message

A request message of the CreateGroupMember method.

Name Type Description
parent string (parent name of GroupMember) Parent name of ntt.iam.v1.GroupMember
group_member GroupMember GroupMember resource body
response_mask CreateGroupMemberRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateGroupMemberRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateGroupMemberRequest Message

A request message of the UpdateGroupMember method.

Name Type Description
group_member GroupMember GroupMember resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateGroupMemberRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateGroupMemberRequest.ResponseMask reduce message response size.

UpdateGroupMemberRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state GroupMember Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateGroupMemberRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteGroupMemberRequest Message

A request message of the DeleteGroupMember method.

Name Type Description
name string (name of GroupMember) Name of ntt.iam.v1.GroupMember
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ListGroupMembersWithMembersRequest Message

A request message of the ListGroupMembersWithMembers method.

Name Type Description
parent string (parent name of GroupMember) Parent name of ntt.iam.v1.GroupMember
page_size int32 Requested page size. Server may return fewer GroupMembers than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of GroupMember) A token identifying a page of results the server should return. Typically, this is the value of ListGroupMembersWithMembersResponse.next_page_token.
order_by string (orderBy of GroupMember) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of GroupMember) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask and user_mask.
members_masks MembersMasks Defines field masks applied to member resources (Users, Service accounts, Groups).
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListGroupMembersWithMembersResponse Message

A response message of the ListGroupMembersWithMembers method.

Name Type Description
group_members repeated GroupMember The list of GroupMembers
matching_members repeated MembersInfo List of matching members per each received group member.
prev_page_token string (cursor of GroupMember) A token to retrieve previous page of results. Pass this value in the ListGroupMembersWithMembersRequest.page_token.
next_page_token string (cursor of GroupMember) A token to retrieve next page of results. Pass this value in the ListGroupMembersWithMembersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total GroupMembers across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

MemberAssignment Resource

MemberAssignment - it is an internal resource, not for end users. It tracks REGIONAL RoleBindings per combination of scope/member for organization and project RoleBindings.

If multiple RoleBindings point to same project/org and member, they will all share single MemberAssignment.

MemberAssignment are managed by IAM Server, they are created/updated/deleted in TX when RoleBinding is created/updated/deleted. MemberAssignment shares same region as RoleBinding, otherwise tx-level synchronization would not be possible.

For example: We create RoleBinding { project = “X”, member = “M”, role = “r1”}. It will create MemberAssignment { scope = “projects/x”, member = “M” }. If another RoleBinding with same project and member would be created, then no additional MemberAssignment is created. When last RoleBinding per scope/member is deleted, MemberAssignment is deleted.

Not all RoleBindings however have MemberAssignment instances. We track only organization and project RoleBindings! Therefore, system and service RoleBindings don’t get their MemberAssignment. However, there is some caveat about this…

When lets say project enables Service “S”, and we create RoleBinding WHERE: {project = “X”, member = “M”, role = “r1”, metadata.services.allowedServices CONTAINS “S”}, then special MemberAssignment is created with params: { scope = “services/S”, member = “M” }, apart of { scope = “projects/x”, member = “M” } mentioned previously. We create those service MemberAssignment only for 3rd party services (non core EdgeLQ), so we know if User/ServiceAccount is eligible user of some service.

Main task of MemberAssignment is to track participations of all users/service accounts in projects/organizations. We use it for things like ListMyProjects, ListMyOrganizations. We also use those special service MemberAssignment instances to track who is using Service by proxy of Project/Organization! With this we can forbid/allow specific users using particular service.

System RoleBindings are managed only by EdgeLQ admins for internal cases, and we dont need this tracking.

Name patterns:

  • regions/{region}/memberAssignments/{member_assignment}

This section covers the methods and messages to interact with MemberAssignment resource.

MemberAssignment Methods

Here is the list of MemberAssignment resource methods:

GetMemberAssignment Method

GetMemberAssignment

rpc GetMemberAssignment(GetMemberAssignmentRequest) returns (MemberAssignment)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.get

The equivalent REST API is:

GET /v1/{name=regions/*/memberAssignments/*}

BatchGetMemberAssignments Method

BatchGetMemberAssignments

rpc BatchGetMemberAssignments(BatchGetMemberAssignmentsRequest) returns (BatchGetMemberAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.batchGet

The equivalent REST API is:

GET /v1/memberAssignments:batchGet

ListMemberAssignments Method

ListMemberAssignments

rpc ListMemberAssignments(ListMemberAssignmentsRequest) returns (ListMemberAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.list

The equivalent REST API is:

GET /v1/{parent=regions/*}/memberAssignments

WatchMemberAssignment Method

WatchMemberAssignment

rpc WatchMemberAssignment(WatchMemberAssignmentRequest) returns (WatchMemberAssignmentResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.watch

The equivalent REST API is:

POST /v1/{name=regions/*/memberAssignments/*}:watch

WatchMemberAssignments Method

WatchMemberAssignments

rpc WatchMemberAssignments(WatchMemberAssignmentsRequest) returns (WatchMemberAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.watch

The equivalent REST API is:

POST /v1/{parent=regions/*}/memberAssignments:watch

UpdateMemberAssignment Method

UpdateMemberAssignment

rpc UpdateMemberAssignment(UpdateMemberAssignmentRequest) returns (MemberAssignment)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.update

The equivalent REST API is:

PUT /v1/{member_assignment.name=regions/*/memberAssignments/*} (BODY: member_assignment)

DeleteMemberAssignment Method

DeleteMemberAssignment

rpc DeleteMemberAssignment(DeleteMemberAssignmentRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.delete

The equivalent REST API is:

DELETE /v1/{name=regions/*/memberAssignments/*}

SearchMemberAssignments Method

SearchMemberAssignments

rpc SearchMemberAssignments(SearchMemberAssignmentsRequest) returns (SearchMemberAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/memberAssignments.search

The equivalent REST API is:

GET /v1/{parent=regions/*}/memberAssignments:search

MemberAssignment Messages

Here is the list of MemberAssignment resource messages:

MemberAssignment Message

Name Type Description
name string (name of MemberAssignment) Name of MemberAssignment First letter is source indicator (p, o, s for project, org, service). Then we have proper scope identifier (projectId etc), then member identifier (like user:$EMAIL).
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
scope string (parent name of RoleBinding) Points to Organization/Project of RoleBindings, OR service for those special MemberAssignments. It is already part of name, but we track in field for filter purpose.
scope_title string Populated for organization/project scopes. Skipped for service ones.
parent_organization string (name of Organization) Populated for organization/project scopes. Skipped for service ones.
scope_metadata Meta It has PARTIAL metadata inherited from scope (labels, annotations, tags). Populated for organization/project scopes. Skipped for service ones.
multi_region_control_region string Populated for organization/project scopes. Skipped for service ones. Contains multi_region_policy.default_control_region
multi_region_enabled_regions repeated string Populated for organization/project scopes. Skipped for service ones. Contains multi_region_policy.enabled_regions
scope_services repeated string (name of Service) Populated for organization/project scopes. Skipped for service ones. Contains allowed or enabled services.
business_tier BusinessTier Populated for organization/project scopes. Skipped for service ones.
member string Member pointed by RoleBinding. Part of name, but we also need for filtering purposes.
member_region string Region ID holding member resource (User, ServiceAccount…)
ctrl_status MemberAssignment.WorkStatus

MemberAssignment.WorkStatus Message

Name Type Description
pending bool if controller has some work on this resource
pending_deletion bool If this resource should be deleted.

GetMemberAssignmentRequest Message

A request message of the GetMemberAssignment method.

Name Type Description
name string (name of MemberAssignment) Name of ntt.iam.v1.MemberAssignment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMemberAssignmentsRequest Message

A request message of the BatchGetMemberAssignments method.

Name Type Description
names repeated string (name of MemberAssignment) Names of MemberAssignments
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMemberAssignmentsResponse Message

A response message of the BatchGetMemberAssignments method.

Name Type Description
member_assignments repeated MemberAssignment found MemberAssignments
missing repeated string (name of MemberAssignment) list of not found MemberAssignments

ListMemberAssignmentsRequest Message

A request message of the ListMemberAssignments method.

Name Type Description
parent string (parent name of MemberAssignment) Parent name of ntt.iam.v1.MemberAssignment
page_size int32 Requested page size. Server may return fewer MemberAssignments than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of MemberAssignment) A token identifying a page of results the server should return. Typically, this is the value of ListMemberAssignmentsResponse.next_page_token.
order_by string (orderBy of MemberAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of MemberAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMemberAssignmentsResponse Message

A response message of the ListMemberAssignments method.

Name Type Description
member_assignments repeated MemberAssignment The list of MemberAssignments
prev_page_token string (cursor of MemberAssignment) A token to retrieve previous page of results. Pass this value in the ListMemberAssignmentsRequest.page_token.
next_page_token string (cursor of MemberAssignment) A token to retrieve next page of results. Pass this value in the ListMemberAssignmentsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MemberAssignments across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchMemberAssignmentRequest Message

A request message of the WatchMemberAssignment method.

Name Type Description
name string (name of MemberAssignment) Name of ntt.iam.v1.MemberAssignment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMemberAssignmentResponse Message

A response message of the WatchMemberAssignment method.

Name Type Description
change MemberAssignmentChange

WatchMemberAssignmentsRequest Message

A request message of the WatchMemberAssignments method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of MemberAssignment) Parent name of ntt.iam.v1.MemberAssignment
page_size int32 Requested page size. Server may return fewer MemberAssignments than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MemberAssignment) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MemberAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MemberAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MemberAssignment that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MemberAssignment that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMemberAssignmentsResponse Message

A response message of the WatchMemberAssignments method.

Name Type Description
member_assignment_changes repeated MemberAssignmentChange Changes of MemberAssignments
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MemberAssignments will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMemberAssignmentsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MemberAssignments will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMemberAssignmentsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MemberAssignment) New token to retrieve previous page of results.
next_page_token string (cursor of MemberAssignment) New token to retrieve next page of results.

UpdateMemberAssignmentRequest Message

A request message of the UpdateMemberAssignment method.

Name Type Description
member_assignment MemberAssignment MemberAssignment resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMemberAssignmentRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
response_mask UpdateMemberAssignmentRequest.ResponseMask Optional masking applied to response object to reduce message response size.

UpdateMemberAssignmentRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MemberAssignment Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMemberAssignmentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteMemberAssignmentRequest Message

A request message of the DeleteMemberAssignment method.

Name Type Description
name string (name of MemberAssignment) Name of ntt.iam.v1.MemberAssignment
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchMemberAssignmentsRequest Message

A request message of the SearchMemberAssignments method.

Name Type Description
parent string (parent name of MemberAssignment) Parent name of ntt.iam.v1.MemberAssignment
page_size int32 Requested page size. Server may return fewer MemberAssignments than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of MemberAssignment) A token identifying a page of results the server should return. Typically, this is the value of SearchMemberAssignmentsResponse.next_page_token.
order_by string (orderBy of MemberAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of MemberAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchMemberAssignmentsResponse Message

A response message of the SearchMemberAssignments method.

Name Type Description
member_assignments repeated MemberAssignment The list of MemberAssignments
prev_page_token string (cursor of MemberAssignment) A token to retrieve previous page of results. Pass this value in the SearchMemberAssignmentsRequest.page_token.
next_page_token string (cursor of MemberAssignment) A token to retrieve next page of results. Pass this value in the SearchMemberAssignmentsRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total MemberAssignments across all pages.

Organization Resource

Organization Resource

Name patterns:

  • organizations/{organization}

This section covers the methods and messages to interact with Organization resource.

Organization Methods

Here is the list of Organization resource methods:

GetOrganization Method

GetOrganization

rpc GetOrganization(GetOrganizationRequest) returns (Organization)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.get

The equivalent REST API is:

GET /v1/{name=organizations/*}

BatchGetOrganizations Method

BatchGetOrganizations

rpc BatchGetOrganizations(BatchGetOrganizationsRequest) returns (BatchGetOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.batchGet

The equivalent REST API is:

GET /v1/organizations:batchGet

ListOrganizations Method

ListOrganizations

rpc ListOrganizations(ListOrganizationsRequest) returns (ListOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.list

The equivalent REST API is:

GET /v1/organizations

WatchOrganization Method

WatchOrganization

rpc WatchOrganization(WatchOrganizationRequest) returns (WatchOrganizationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.watch

The equivalent REST API is:

POST /v1/{name=organizations/*}:watch

WatchOrganizations Method

WatchOrganizations

rpc WatchOrganizations(WatchOrganizationsRequest) returns (WatchOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.watch

The equivalent REST API is:

POST /v1/organizations:watch

CreateOrganization Method

CreateOrganization

rpc CreateOrganization(CreateOrganizationRequest) returns (Organization)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.create

The equivalent REST API is:

POST /v1/organizations (BODY: organization)

UpdateOrganization Method

UpdateOrganization

rpc UpdateOrganization(UpdateOrganizationRequest) returns (Organization)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.update

The equivalent REST API is:

PUT /v1/{organization.name=organizations/*} (BODY: organization)

DeleteOrganization Method

DeleteOrganization

rpc DeleteOrganization(DeleteOrganizationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.delete

The equivalent REST API is:

DELETE /v1/{name=organizations/*}

SearchOrganizations Method

SearchOrganizations

rpc SearchOrganizations(SearchOrganizationsRequest) returns (SearchOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.search

The equivalent REST API is:

GET /v1/organizations:search

ListMyOrganizations Method

ListMyOrganizations

rpc ListMyOrganizations(ListMyOrganizationsRequest) returns (ListMyOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.listMy

The equivalent REST API is:

POST /v1/organizations:listMy

SearchMyOrganizations Method

SearchMyOrganizations

rpc SearchMyOrganizations(SearchMyOrganizationsRequest) returns (SearchMyOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.searchMy

The equivalent REST API is:

POST /v1/organizations:searchMy

Organization Messages

Here is the list of Organization resource messages:

Organization Message

Name Type Description
name string (name of Organization) Name of Organization When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
title string Official Name of Organization
description string Optional. Description of Organization.
parent_organization string (reference to Organization) Parent organization
multi_region_policy MultiRegionPolicy Multi region policy for child resources
allowed_services repeated string (reference to Service) Allowed services for child organizations and projects. This field is checked only for non-core edgelq services.
business_tier BusinessTier Business tier applicable for all allowed services. This value defines: * Default business tier for child projects (if not defined on creation) * Default business tier to this organization.
service_tiers repeated ServiceBusinessTier Overwrites business_tier for each service - it may also override value for a core EdgeLQ service.
root_organization string (name of Organization) Top parent (internal)
ancestry_path repeated string (name of Organization) Full ancestry path (internal)
service_errors map<string, ServiceErrors> Service errors reported for this organization by category
services_generation int64 Internal field for services meta information synchronization

GetOrganizationRequest Message

A request message of the GetOrganization method.

Name Type Description
name string (name of Organization) Name of ntt.iam.v1.Organization
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationsRequest Message

A request message of the BatchGetOrganizations method.

Name Type Description
names repeated string (name of Organization) Names of Organizations
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationsResponse Message

A response message of the BatchGetOrganizations method.

Name Type Description
organizations repeated Organization found Organizations
missing repeated string (name of Organization) list of not found Organizations

ListOrganizationsRequest Message

A request message of the ListOrganizations method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Typically, this is the value of ListOrganizationsResponse.next_page_token.
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListOrganizationsResponse Message

A response message of the ListOrganizations method.

Name Type Description
organizations repeated Organization The list of Organizations
prev_page_token string (cursor of Organization) A token to retrieve previous page of results. Pass this value in the ListOrganizationsRequest.page_token.
next_page_token string (cursor of Organization) A token to retrieve next page of results. Pass this value in the ListOrganizationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Organizations across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchOrganizationRequest Message

A request message of the WatchOrganization method.

Name Type Description
name string (name of Organization) Name of ntt.iam.v1.Organization
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOrganizationResponse Message

A response message of the WatchOrganization method.

Name Type Description
change OrganizationChange

WatchOrganizationsRequest Message

A request message of the WatchOrganizations method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Organization that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Organization that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchOrganizationsResponse Message

A response message of the WatchOrganizations method.

Name Type Description
organization_changes repeated OrganizationChange Changes of Organizations
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Organizations will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchOrganizationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Organizations will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchOrganizationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Organization) New token to retrieve previous page of results.
next_page_token string (cursor of Organization) New token to retrieve next page of results.

CreateOrganizationRequest Message

A request message of the CreateOrganization method.

Name Type Description
organization Organization Organization resource body
response_mask CreateOrganizationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateOrganizationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateOrganizationRequest Message

A request message of the UpdateOrganization method.

Name Type Description
organization Organization Organization resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateOrganizationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateOrganizationRequest.ResponseMask reduce message response size.

UpdateOrganizationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Organization Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateOrganizationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteOrganizationRequest Message

A request message of the DeleteOrganization method.

Name Type Description
name string (name of Organization) Name of ntt.iam.v1.Organization
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchOrganizationsRequest Message

A request message of the SearchOrganizations method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Typically, this is the value of SearchOrganizationsResponse.next_page_token.
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchOrganizationsResponse Message

A response message of the SearchOrganizations method.

Name Type Description
organizations repeated Organization The list of Organizations
prev_page_token string (cursor of Organization) A token to retrieve previous page of results. Pass this value in the SearchOrganizationsRequest.page_token.
next_page_token string (cursor of Organization) A token to retrieve next page of results. Pass this value in the SearchOrganizationsRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total Organizations across all pages.

ListMyOrganizationsRequest Message

Request message for method [ListMyOrganizations][ntt.iam.v1.ListMyOrganizations]

Name Type Description
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Typically, this is the value of [ListOrganizationsResponse.next_page_token][ntt.iam.v1alpha2.ListOrganizationsResponse.next_page_token]
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.
include_paging_info bool

ListMyOrganizationsResponse Message

Response message for method [ListMyOrganizations][ntt.iam.v1.ListMyOrganizations]

Name Type Description
organizations repeated Organization The list of Organizations
prev_page_token string (cursor of Organization) A token to retrieve previous page of results. Pass this value in the [ListOrganizationsRequest.page_token][ntt.iam.v1alpha2.ListOrganizationsRequest.page_token]
next_page_token string (cursor of Organization) A token to retrieve next page of results. Pass this value in the [ListOrganizationsRequest.page_token][ntt.iam.v1alpha2.ListOrganizationsRequest.page_token]
total_count int32
cursor_offset int32

SearchMyOrganizationsRequest Message

Request message for method [SearchMyOrganizations][ntt.iam.v1.SearchMyOrganizations]

Name Type Description
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Typically, this is the value of [SearchOrganizationsResponse.next_page_token][ntt.iam.v1alpha2.SearchOrganizationsResponse.next_page_token]
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.
include_paging_info bool
phrase string

SearchMyOrganizationsResponse Message

Response message for method [SearchMyOrganizations][ntt.iam.v1.SearchMyOrganizations]

Name Type Description
organizations repeated Organization The list of Organizations
prev_page_token string (cursor of Organization) A token to retrieve previous page of results. Pass this value in the [SearchOrganizationsRequest.page_token][ntt.iam.v1alpha2.SearchOrganizationsRequest.page_token]
next_page_token string (cursor of Organization) A token to retrieve next page of results. Pass this value in the [SearchOrganizationsRequest.page_token][ntt.iam.v1alpha2.SearchOrganizationsRequest.page_token]
total_count int32
cursor_offset int32

OrganizationInvitation Resource

OrganizationInvitation Resource

Name patterns:

  • organizations/{organization}/organizationInvitations/{organization_invitation}

Parent resources:

This section covers the methods and messages to interact with OrganizationInvitation resource.

OrganizationInvitation Methods

Here is the list of OrganizationInvitation resource methods:

GetOrganizationInvitation Method

GetOrganizationInvitation

rpc GetOrganizationInvitation(GetOrganizationInvitationRequest) returns (OrganizationInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.get

The equivalent REST API is:

GET /v1/{name=organizations/*/organizationInvitations/*}

BatchGetOrganizationInvitations Method

BatchGetOrganizationInvitations

rpc BatchGetOrganizationInvitations(BatchGetOrganizationInvitationsRequest) returns (BatchGetOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.batchGet

The equivalent REST API is:

GET /v1/organizationInvitations:batchGet

ListOrganizationInvitations Method

ListOrganizationInvitations

rpc ListOrganizationInvitations(ListOrganizationInvitationsRequest) returns (ListOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.list

The equivalent REST API is:

GET /v1/{parent=organizations/*}/organizationInvitations

WatchOrganizationInvitation Method

WatchOrganizationInvitation

rpc WatchOrganizationInvitation(WatchOrganizationInvitationRequest) returns (WatchOrganizationInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.watch

The equivalent REST API is:

POST /v1/{name=organizations/*/organizationInvitations/*}:watch

WatchOrganizationInvitations Method

WatchOrganizationInvitations

rpc WatchOrganizationInvitations(WatchOrganizationInvitationsRequest) returns (WatchOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.watch

The equivalent REST API is:

POST /v1/{parent=organizations/*}/organizationInvitations:watch

CreateOrganizationInvitation Method

CreateOrganizationInvitation

rpc CreateOrganizationInvitation(CreateOrganizationInvitationRequest) returns (OrganizationInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.create

The equivalent REST API is:

POST /v1/{parent=organizations/*}/organizationInvitations (BODY: organization_invitation)

UpdateOrganizationInvitation Method

UpdateOrganizationInvitation

rpc UpdateOrganizationInvitation(UpdateOrganizationInvitationRequest) returns (OrganizationInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.update

The equivalent REST API is:

PUT /v1/{organization_invitation.name=organizations/*/organizationInvitations/*} (BODY: organization_invitation)

DeleteOrganizationInvitation Method

DeleteOrganizationInvitation

rpc DeleteOrganizationInvitation(DeleteOrganizationInvitationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.delete

The equivalent REST API is:

DELETE /v1/{name=organizations/*/organizationInvitations/*}

AcceptOrganizationInvitation Method

AcceptOrganizationInvitation

rpc AcceptOrganizationInvitation(AcceptOrganizationInvitationRequest) returns (AcceptOrganizationInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.accept

The equivalent REST API is:

POST /v1/{name=organizations/*/organizationInvitations/*}:accept

DeclineOrganizationInvitation Method

DeclineOrganizationInvitation

rpc DeclineOrganizationInvitation(DeclineOrganizationInvitationRequest) returns (DeclineOrganizationInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.decline

The equivalent REST API is:

POST /v1/{name=organizations/*/organizationInvitations/*}:decline

ListMyOrganizationInvitations Method

ListMyOrganizationInvitations

rpc ListMyOrganizationInvitations(ListMyOrganizationInvitationsRequest) returns (ListMyOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.listMy

The equivalent REST API is:

POST /v1/{parent=organizations/*}/organizationInvitations:listMy

OrganizationInvitation Messages

Here is the list of OrganizationInvitation resource messages:

OrganizationInvitation Message

Name Type Description
name string (name of OrganizationInvitation) Name of OrganizationInvitation When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
invitation Invitation

GetOrganizationInvitationRequest Message

A request message of the GetOrganizationInvitation method.

Name Type Description
name string (name of OrganizationInvitation) Name of ntt.iam.v1.OrganizationInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationInvitationsRequest Message

A request message of the BatchGetOrganizationInvitations method.

Name Type Description
names repeated string (name of OrganizationInvitation) Names of OrganizationInvitations
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationInvitationsResponse Message

A response message of the BatchGetOrganizationInvitations method.

Name Type Description
organization_invitations repeated OrganizationInvitation found OrganizationInvitations
missing repeated string (name of OrganizationInvitation) list of not found OrganizationInvitations

ListOrganizationInvitationsRequest Message

A request message of the ListOrganizationInvitations method.

Name Type Description
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1.OrganizationInvitation
page_size int32 Requested page size. Server may return fewer OrganizationInvitations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of OrganizationInvitation) A token identifying a page of results the server should return. Typically, this is the value of ListOrganizationInvitationsResponse.next_page_token.
order_by string (orderBy of OrganizationInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of OrganizationInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListOrganizationInvitationsResponse Message

A response message of the ListOrganizationInvitations method.

Name Type Description
organization_invitations repeated OrganizationInvitation The list of OrganizationInvitations
prev_page_token string (cursor of OrganizationInvitation) A token to retrieve previous page of results. Pass this value in the ListOrganizationInvitationsRequest.page_token.
next_page_token string (cursor of OrganizationInvitation) A token to retrieve next page of results. Pass this value in the ListOrganizationInvitationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total OrganizationInvitations across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchOrganizationInvitationRequest Message

A request message of the WatchOrganizationInvitation method.

Name Type Description
name string (name of OrganizationInvitation) Name of ntt.iam.v1.OrganizationInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOrganizationInvitationResponse Message

A response message of the WatchOrganizationInvitation method.

Name Type Description
change OrganizationInvitationChange

WatchOrganizationInvitationsRequest Message

A request message of the WatchOrganizationInvitations method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1.OrganizationInvitation
page_size int32 Requested page size. Server may return fewer OrganizationInvitations than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of OrganizationInvitation) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of OrganizationInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of OrganizationInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to OrganizationInvitation that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to OrganizationInvitation that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchOrganizationInvitationsResponse Message

A response message of the WatchOrganizationInvitations method.

Name Type Description
organization_invitation_changes repeated OrganizationInvitationChange Changes of OrganizationInvitations
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All OrganizationInvitations will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchOrganizationInvitationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (OrganizationInvitations will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchOrganizationInvitationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of OrganizationInvitation) New token to retrieve previous page of results.
next_page_token string (cursor of OrganizationInvitation) New token to retrieve next page of results.

CreateOrganizationInvitationRequest Message

A request message of the CreateOrganizationInvitation method.

Name Type Description
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1.OrganizationInvitation
organization_invitation OrganizationInvitation OrganizationInvitation resource body
response_mask CreateOrganizationInvitationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateOrganizationInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateOrganizationInvitationRequest Message

A request message of the UpdateOrganizationInvitation method.

Name Type Description
organization_invitation OrganizationInvitation OrganizationInvitation resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateOrganizationInvitationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateOrganizationInvitationRequest.ResponseMask reduce message response size.

UpdateOrganizationInvitationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state OrganizationInvitation Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateOrganizationInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteOrganizationInvitationRequest Message

A request message of the DeleteOrganizationInvitation method.

Name Type Description
name string (name of OrganizationInvitation) Name of ntt.iam.v1.OrganizationInvitation
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AcceptOrganizationInvitationRequest Message

Request message for method [AcceptOrganizationInvitation][ntt.iam.v1.AcceptOrganizationInvitation]

Name Type Description
name string (name of OrganizationInvitation) name of ntt.iam.v1.OrganizationInvitation

AcceptOrganizationInvitationResponse Message

Response message for method [AcceptOrganizationInvitation][ntt.iam.v1.AcceptOrganizationInvitation]

Name Type Description
none none none

DeclineOrganizationInvitationRequest Message

Request message for method [DeclineOrganizationInvitation][ntt.iam.v1.DeclineOrganizationInvitation]

Name Type Description
name string (name of OrganizationInvitation) name of ntt.iam.v1.OrganizationInvitation
filter string (filter of ProjectInvitation) Additional filter for invitations, e.g. state = “PENDING”

DeclineOrganizationInvitationResponse Message

Response message for method [DeclineOrganizationInvitation][ntt.iam.v1.DeclineOrganizationInvitation]

Name Type Description
none none none

ListMyOrganizationInvitationsRequest Message

Request message for method [ListMyOrganizationInvitations][ntt.iam.v1.ListMyOrganizationInvitations]

Name Type Description
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1.OrganizationInvitation
filter string (filter of OrganizationInvitation) Additional filter for invitations, e.g. state = “PENDING”

ListMyOrganizationInvitationsResponse Message

Response message for method [ListMyOrganizationInvitations][ntt.iam.v1.ListMyOrganizationInvitations]

Name Type Description
organization_invitations repeated OrganizationInvitation The list of OrganizationInvitations

Permission Resource

Permission Resource

Name patterns:

  • services/{service}/permissions/{permission}

Parent resources:

This section covers the methods and messages to interact with Permission resource.

Permission Methods

Here is the list of Permission resource methods:

GetPermission Method

GetPermission

rpc GetPermission(GetPermissionRequest) returns (Permission)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.get

The equivalent REST API is:

GET /v1/{name=services/*/permissions/*}

BatchGetPermissions Method

BatchGetPermissions

rpc BatchGetPermissions(BatchGetPermissionsRequest) returns (BatchGetPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.batchGet

The equivalent REST API is:

GET /v1/permissions:batchGet

ListPermissions Method

ListPermissions

rpc ListPermissions(ListPermissionsRequest) returns (ListPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.list

The equivalent REST API is:

GET /v1/{parent=services/*}/permissions

WatchPermission Method

WatchPermission

rpc WatchPermission(WatchPermissionRequest) returns (WatchPermissionResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.watch

The equivalent REST API is:

POST /v1/{name=services/*/permissions/*}:watch

WatchPermissions Method

WatchPermissions

rpc WatchPermissions(WatchPermissionsRequest) returns (WatchPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/permissions:watch

CreatePermission Method

CreatePermission

rpc CreatePermission(CreatePermissionRequest) returns (Permission)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.create

The equivalent REST API is:

POST /v1/{parent=services/*}/permissions (BODY: permission)

UpdatePermission Method

UpdatePermission

rpc UpdatePermission(UpdatePermissionRequest) returns (Permission)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.update

The equivalent REST API is:

PUT /v1/{permission.name=services/*/permissions/*} (BODY: permission)

DeletePermission Method

DeletePermission

rpc DeletePermission(DeletePermissionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/permissions/*}

Permission Messages

Here is the list of Permission resource messages:

Permission Message

Name Type Description
name string (name of Permission) Name of Permission
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
title string Title
description string Description

GetPermissionRequest Message

A request message of the GetPermission method.

Name Type Description
name string (name of Permission) Name of ntt.iam.v1.Permission
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPermissionsRequest Message

A request message of the BatchGetPermissions method.

Name Type Description
names repeated string (name of Permission) Names of Permissions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPermissionsResponse Message

A response message of the BatchGetPermissions method.

Name Type Description
permissions repeated Permission found Permissions
missing repeated string (name of Permission) list of not found Permissions

ListPermissionsRequest Message

A request message of the ListPermissions method.

Name Type Description
parent string (parent name of Permission) Parent name of ntt.iam.v1.Permission
page_size int32 Requested page size. Server may return fewer Permissions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Permission) A token identifying a page of results the server should return. Typically, this is the value of ListPermissionsResponse.next_page_token.
order_by string (orderBy of Permission) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Permission) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPermissionsResponse Message

A response message of the ListPermissions method.

Name Type Description
permissions repeated Permission The list of Permissions
prev_page_token string (cursor of Permission) A token to retrieve previous page of results. Pass this value in the ListPermissionsRequest.page_token.
next_page_token string (cursor of Permission) A token to retrieve next page of results. Pass this value in the ListPermissionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Permissions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPermissionRequest Message

A request message of the WatchPermission method.

Name Type Description
name string (name of Permission) Name of ntt.iam.v1.Permission
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPermissionResponse Message

A response message of the WatchPermission method.

Name Type Description
change PermissionChange

WatchPermissionsRequest Message

A request message of the WatchPermissions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Permission) Parent name of ntt.iam.v1.Permission
page_size int32 Requested page size. Server may return fewer Permissions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Permission) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Permission) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Permission) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Permission that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Permission that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPermissionsResponse Message

A response message of the WatchPermissions method.

Name Type Description
permission_changes repeated PermissionChange Changes of Permissions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Permissions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPermissionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Permissions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPermissionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Permission) New token to retrieve previous page of results.
next_page_token string (cursor of Permission) New token to retrieve next page of results.

CreatePermissionRequest Message

A request message of the CreatePermission method.

Name Type Description
parent string (parent name of Permission) Parent name of ntt.iam.v1.Permission
permission Permission Permission resource body
response_mask CreatePermissionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePermissionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePermissionRequest Message

A request message of the UpdatePermission method.

Name Type Description
permission Permission Permission resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePermissionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePermissionRequest.ResponseMask reduce message response size.

UpdatePermissionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Permission Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePermissionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePermissionRequest Message

A request message of the DeletePermission method.

Name Type Description
name string (name of Permission) Name of ntt.iam.v1.Permission
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*}

SearchProjects Method

SearchProjects

rpc SearchProjects(SearchProjectsRequest) returns (SearchProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.search

The equivalent REST API is:

GET /v1/projects:search

ListMyProjects Method

ListMyProjects

rpc ListMyProjects(ListMyProjectsRequest) returns (ListMyProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.listMy

The equivalent REST API is:

POST /v1/projects:listMy

SearchMyProjects Method

SearchMyProjects

rpc SearchMyProjects(SearchMyProjectsRequest) returns (SearchMyProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.searchMy

The equivalent REST API is:

POST /v1/projects:searchMy

ListMyServiceProjects Method

ListMyServiceProjects

rpc ListMyServiceProjects(ListMyServiceProjectsRequest) returns (ListMyServiceProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.listMyServiceProjects

The equivalent REST API is:

POST /v1/projects:listMyServiceProjects

SetupServiceProject Method

SetupServiceProject

rpc SetupServiceProject(SetupServiceProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.setupServiceProject

The equivalent REST API is:

POST /v1/projects:setupServiceProject

ReserveServiceName Method

ReserveServiceName

rpc ReserveServiceName(ReserveServiceNameRequest) returns (ReserveServiceNameResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.reserveServiceName

The equivalent REST API is:

POST /v1/{name=projects/*}:reserveServiceName

DeleteServiceReservation Method

DeleteServiceReservation

rpc DeleteServiceReservation(DeleteServiceReservationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.deleteServiceReservation

The equivalent REST API is:

POST /v1/{name=projects/*}:deleteServiceReservation

ListServiceReservations Method

ListServiceReservations

rpc ListServiceReservations(ListServiceReservationsRequest) returns (ListServiceReservationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.listServiceReservations

The equivalent REST API is:

POST /v1/{name=projects/*}:listServiceReservations

ListProjectServices Method

ListProjectServices

rpc ListProjectServices(ListProjectServicesRequest) returns (ListProjectServicesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.listProjectServices

The equivalent REST API is:

POST /v1/{name=projects/*}:listProjectServices

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
title string Title
description string Description
parent_organization string (reference to Organization) Parent organization
multi_region_policy MultiRegionPolicy Multi region policy
enabled_services repeated string (reference to Service) Enabled services. This field is checked only for non-core edgelq services.
business_tier BusinessTier Default business tier for core EdgeLQ services and all enabled services.
service_tiers repeated ServiceBusinessTier Overwrites business_tier for each service - it may also override value for a core EdgeLQ service.
root_organization string (name of Organization) Top parent
ancestry_path repeated string (name of Organization) Full ancestry path
service_errors map<string, ServiceErrors> Service errors reported for this project
services_generation int64 Internal field for services meta information synchronization

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.iam.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.iam.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.iam.v1.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchProjectsRequest Message

A request message of the SearchProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of SearchProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchProjectsResponse Message

A response message of the SearchProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the SearchProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the SearchProjectsRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total Projects across all pages.

ListMyProjectsRequest Message

Request message for method [ListMyProjects][ntt.iam.v1.ListMyProjects]

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of [ListProjectsResponse.next_page_token][ntt.iam.v1.ListMyProjectsResponse.next_page_token]
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.
include_paging_info bool

ListMyProjectsResponse Message

Response message for method [ListMyProjects][ntt.iam.v1.ListMyProjects]

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the [ListMyProjectsRequest.page_token][ntt.iam.v1.ListMyProjectsRequest.page_token]
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the [ListMyProjectsRequest.page_token][ntt.iam.v1.ListMyProjectsRequest.page_token]
total_count int32
cursor_offset int32

SearchMyProjectsRequest Message

Request message for method [SearchMyProjects][ntt.iam.v1.SearchMyProjects]

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of [SearchProjectsResponse.next_page_token][ntt.iam.v1.SearchMyProjectsResponse.next_page_token]
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.
include_paging_info bool
phrase string

SearchMyProjectsResponse Message

Response message for method [SearchMyProjects][ntt.iam.v1.SearchMyProjects]

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the [SearchMyProjectsRequest.page_token][ntt.iam.v1.SearchMyProjectsRequest.page_token]
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the [SearchMyProjectsRequest.page_token][ntt.iam.v1.SearchMyProjectsRequest.page_token]
total_count int32
cursor_offset int32

ListMyServiceProjectsRequest Message

Request message for method [ListMyServiceProjects][ntt.iam.v1.ListMyServiceProjects]

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of [ListProjectsResponse.next_page_token][ntt.iam.v1.ListMyServiceProjectsResponse.next_page_token]
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.

ListMyServiceProjectsResponse Message

Response message for method [ListMyServiceProjects][ntt.iam.v1.ListMyServiceProjects]

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the [ListMyServiceProjectsRequest.page_token][ntt.iam.v1.ListMyServiceProjectsRequest.page_token]
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the [ListMyServiceProjectsRequest.page_token][ntt.iam.v1.ListMyServiceProjectsRequest.page_token]

SetupServiceProjectRequest Message

Request message for method [SetupServiceProject][ntt.iam.v1.SetupServiceProject]

Name Type Description
name string (name of Project) Project name - unlike in CreateProject, it is mandatory. Must conform to regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
title string Project title
parent_organization string (reference to Organization) Optional parent organization
multi_region_policy MultiRegionPolicy Multi region policy - it will have to match with Service regions later on.
default_business_tier BusinessTier Default business tier to apply to a service project - it determines business tier for core edgelq services, influencing assigned limits. By default XSMALL will be set (UNDEFINED is replaced with XSMALL). If limits are not needed at all for core edgelq services, it is recommended to opt out from them using core_edgelq_service_opt_outs param.
core_edgelq_service_opt_outs repeated string (name of Service) Optional list of core edgelq services which are not needed for this service project. As of now, it has effect on devices/applications. If they are added to this list, then no limits are assigned for resources in those services.
description string Project Description

ReserveServiceNameRequest Message

Request message for method [ReserveServiceName][ntt.iam.v1.ReserveServiceName]

Name Type Description
name string (name of Project) Name of the service project where reservation should be made.
service string (name of Service) Service name to reserve
admin_account string (name of ServiceAccount) Service account name that will be an admin for this Service. If it does not exist, it will be created. If exists this service account will have right to create reserved service.
admin_key ServiceAccountKey Optional admin account key - must be skipped if admin_account already exists and has key already known by user. If provided, then new ServiceAccountKey will be created. If public key was provided in request, then server will use it. Otherwise it will generate private/public pair and provide both in response. If key already exists and admin_key was provided, AlreadyExists will be returned.
admin_account_project_role string (name of Role) Optional Role admin_account will have in the service project. When service is eventually created, admin_account will have full ownership of the Service. However, it wont be able to access Service Project freely - by default minimal role is assigned, that allows to send usage metrics (for example). In some cases it may be necessary for admin_account to have larger access to the service project, for example for devices management.

ReserveServiceNameResponse Message

Response message for method [ReserveServiceName][ntt.iam.v1.ReserveServiceName]

Name Type Description
ntt_admin_credentials ServiceAccount Service account admin credentials are provided if admin_key was populated in the request object. It will have private key data if public key was not provided in the request admin_key. JSON representation of this object must be saved by the caller as ntt-credentials.json file - it will be required during actual application deployment. If user generated private/public pair themselves (and proved public in request object), before saving JSON user will need to populate private key string themselves in the final file. In case of lost credentials, user will need to send DeleteServiceAccountKey and CreateServiceAccountKey requests for admin ServiceAccount - and craft another credentials.

DeleteServiceReservationRequest Message

Response message for method [DeleteServiceReservation][ntt.iam.v1.DeleteServiceReservation]

Name Type Description
name string (name of Project) Name of the service project where reservation exists
service string (name of Service) Service name to remove from reserved

ListServiceReservationsRequest Message

Request message for method [ListServiceReservations][ntt.iam.v1.ListServiceReservations]

Name Type Description
name string (name of Project) Name of the Service Project for which we want to see reservations.

ListServiceReservationsResponse Message

Response message for method [ListServiceReservations][ntt.iam.v1.ListServiceReservations]

Name Type Description
reservations repeated ListServiceReservationsResponse.Reservation List of reserved services with corresponding admin accounts

ListServiceReservationsResponse.Reservation Message

Name Type Description
service string (name of Service) Reserved service name allowed to be created by admin account
admin_account string (name of ServiceAccount) Service account name that will be an admin for this Service.

ListProjectServicesRequest Message

Request message for method [ListProjectServices][ntt.iam.v1.ListProjectServices]

Name Type Description
name string (name of Project) Name of the Service Project for which we want to see services.

ListProjectServicesResponse Message

Response message for method [ListProjectServices][ntt.iam.v1.ListProjectServices]

Name Type Description
services repeated Service List of services

ProjectInvitation Resource

ProjectInvitation Resource

Name patterns:

  • projects/{project}/projectInvitations/{project_invitation}

Parent resources:

This section covers the methods and messages to interact with ProjectInvitation resource.

ProjectInvitation Methods

Here is the list of ProjectInvitation resource methods:

GetProjectInvitation Method

GetProjectInvitation

rpc GetProjectInvitation(GetProjectInvitationRequest) returns (ProjectInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.get

The equivalent REST API is:

GET /v1/{name=projects/*/projectInvitations/*}

BatchGetProjectInvitations Method

BatchGetProjectInvitations

rpc BatchGetProjectInvitations(BatchGetProjectInvitationsRequest) returns (BatchGetProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.batchGet

The equivalent REST API is:

GET /v1/projectInvitations:batchGet

ListProjectInvitations Method

ListProjectInvitations

rpc ListProjectInvitations(ListProjectInvitationsRequest) returns (ListProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.list

The equivalent REST API is:

GET /v1/{parent=projects/*}/projectInvitations

WatchProjectInvitation Method

WatchProjectInvitation

rpc WatchProjectInvitation(WatchProjectInvitationRequest) returns (WatchProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.watch

The equivalent REST API is:

POST /v1/{name=projects/*/projectInvitations/*}:watch

WatchProjectInvitations Method

WatchProjectInvitations

rpc WatchProjectInvitations(WatchProjectInvitationsRequest) returns (WatchProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.watch

The equivalent REST API is:

POST /v1/{parent=projects/*}/projectInvitations:watch

CreateProjectInvitation Method

CreateProjectInvitation

rpc CreateProjectInvitation(CreateProjectInvitationRequest) returns (ProjectInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.create

The equivalent REST API is:

POST /v1/{parent=projects/*}/projectInvitations (BODY: project_invitation)

UpdateProjectInvitation Method

UpdateProjectInvitation

rpc UpdateProjectInvitation(UpdateProjectInvitationRequest) returns (ProjectInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.update

The equivalent REST API is:

PUT /v1/{project_invitation.name=projects/*/projectInvitations/*} (BODY: project_invitation)

DeleteProjectInvitation Method

DeleteProjectInvitation

rpc DeleteProjectInvitation(DeleteProjectInvitationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/projectInvitations/*}

AcceptProjectInvitation Method

AcceptProjectInvitation

rpc AcceptProjectInvitation(AcceptProjectInvitationRequest) returns (AcceptProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.accept

The equivalent REST API is:

POST /v1/{name=projects/*/projectInvitations/*}:accept

DeclineProjectInvitation Method

DeclineProjectInvitation

rpc DeclineProjectInvitation(DeclineProjectInvitationRequest) returns (DeclineProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.decline

The equivalent REST API is:

POST /v1/{name=projects/*/projectInvitations/*}:decline

ListMyProjectInvitations Method

ListMyProjectInvitations

rpc ListMyProjectInvitations(ListMyProjectInvitationsRequest) returns (ListMyProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.listMy

The equivalent REST API is:

POST /v1/{parent=projects/*}/projectInvitations:listMy

ResendProjectInvitation Method

ResendProjectInvitation

rpc ResendProjectInvitation(ResendProjectInvitationRequest) returns (ResendProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.resend

The equivalent REST API is:

POST /v1/{name=projects/*/projectInvitations/*}:resend

ProjectInvitation Messages

Here is the list of ProjectInvitation resource messages:

ProjectInvitation Message

Name Type Description
name string (name of ProjectInvitation) Name of ProjectInvitation When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
project_display_name string project display name (auto-generated). Present here as user doesn’t have yet permission to fetch related project.
invitation Invitation

GetProjectInvitationRequest Message

A request message of the GetProjectInvitation method.

Name Type Description
name string (name of ProjectInvitation) Name of ntt.iam.v1.ProjectInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectInvitationsRequest Message

A request message of the BatchGetProjectInvitations method.

Name Type Description
names repeated string (name of ProjectInvitation) Names of ProjectInvitations
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectInvitationsResponse Message

A response message of the BatchGetProjectInvitations method.

Name Type Description
project_invitations repeated ProjectInvitation found ProjectInvitations
missing repeated string (name of ProjectInvitation) list of not found ProjectInvitations

ListProjectInvitationsRequest Message

A request message of the ListProjectInvitations method.

Name Type Description
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1.ProjectInvitation
page_size int32 Requested page size. Server may return fewer ProjectInvitations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ProjectInvitation) A token identifying a page of results the server should return. Typically, this is the value of ListProjectInvitationsResponse.next_page_token.
order_by string (orderBy of ProjectInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ProjectInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectInvitationsResponse Message

A response message of the ListProjectInvitations method.

Name Type Description
project_invitations repeated ProjectInvitation The list of ProjectInvitations
prev_page_token string (cursor of ProjectInvitation) A token to retrieve previous page of results. Pass this value in the ListProjectInvitationsRequest.page_token.
next_page_token string (cursor of ProjectInvitation) A token to retrieve next page of results. Pass this value in the ListProjectInvitationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ProjectInvitations across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectInvitationRequest Message

A request message of the WatchProjectInvitation method.

Name Type Description
name string (name of ProjectInvitation) Name of ntt.iam.v1.ProjectInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectInvitationResponse Message

A response message of the WatchProjectInvitation method.

Name Type Description
change ProjectInvitationChange

WatchProjectInvitationsRequest Message

A request message of the WatchProjectInvitations method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1.ProjectInvitation
page_size int32 Requested page size. Server may return fewer ProjectInvitations than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ProjectInvitation) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ProjectInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ProjectInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ProjectInvitation that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ProjectInvitation that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectInvitationsResponse Message

A response message of the WatchProjectInvitations method.

Name Type Description
project_invitation_changes repeated ProjectInvitationChange Changes of ProjectInvitations
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ProjectInvitations will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectInvitationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ProjectInvitations will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectInvitationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ProjectInvitation) New token to retrieve previous page of results.
next_page_token string (cursor of ProjectInvitation) New token to retrieve next page of results.

CreateProjectInvitationRequest Message

A request message of the CreateProjectInvitation method.

Name Type Description
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1.ProjectInvitation
project_invitation ProjectInvitation ProjectInvitation resource body
response_mask CreateProjectInvitationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectInvitationRequest Message

A request message of the UpdateProjectInvitation method.

Name Type Description
project_invitation ProjectInvitation ProjectInvitation resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectInvitationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectInvitationRequest.ResponseMask reduce message response size.

UpdateProjectInvitationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ProjectInvitation Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectInvitationRequest Message

A request message of the DeleteProjectInvitation method.

Name Type Description
name string (name of ProjectInvitation) Name of ntt.iam.v1.ProjectInvitation
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AcceptProjectInvitationRequest Message

Request message for method [AcceptProjectInvitation][ntt.iam.v1.AcceptProjectInvitation]

Name Type Description
name string (name of ProjectInvitation) name of ntt.iam.v1.ProjectInvitation

AcceptProjectInvitationResponse Message

Response message for method [AcceptProjectInvitation][ntt.iam.v1.AcceptProjectInvitation]

Name Type Description
none none none

DeclineProjectInvitationRequest Message

Request message for method [DeclineProjectInvitation][ntt.iam.v1.DeclineProjectInvitation]

Name Type Description
name string (name of ProjectInvitation) name of ntt.iam.v1.ProjectInvitation

DeclineProjectInvitationResponse Message

Response message for method [DeclineProjectInvitation][ntt.iam.v1.DeclineProjectInvitation]

Name Type Description
none none none

ListMyProjectInvitationsRequest Message

Request message for method [ListMyProjectInvitations][ntt.iam.v1.ListMyProjectInvitations]

Name Type Description
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1.ProjectInvitation
filter string (filter of ProjectInvitation) Additional filter for invitations, e.g. state = “PENDING”

ListMyProjectInvitationsResponse Message

Response message for method [ListMyProjectInvitations][ntt.iam.v1.ListMyProjectInvitations]

Name Type Description
project_invitations repeated ProjectInvitation

ResendProjectInvitationRequest Message

Request message for method [ResendProjectInvitation][ntt.iam.v1.ResendProjectInvitation]

Name Type Description
name string (name of ProjectInvitation) name of ntt.iam.v1.ProjectInvitation

ResendProjectInvitationResponse Message

Response message for method [ResendProjectInvitation][ntt.iam.v1.ResendProjectInvitation]

Name Type Description
project_invitation ProjectInvitation

Role Resource

Role Resource

Name patterns:

  • services/{service}/roles/{role}
  • projects/{project}/roles/{role}
  • organizations/{organization}/roles/{role}

Parent resources:

This section covers the methods and messages to interact with Role resource.

Role Methods

Here is the list of Role resource methods:

GetRole Method

GetRole

rpc GetRole(GetRoleRequest) returns (Role)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.get

The equivalent REST API is:

GET /v1/{name=services/*/roles/*} 

GET /v1/{name=projects/*/roles/*} 

GET /v1/{name=organizations/*/roles/*}

BatchGetRoles Method

BatchGetRoles

rpc BatchGetRoles(BatchGetRolesRequest) returns (BatchGetRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.batchGet

The equivalent REST API is:

GET /v1/roles:batchGet

ListRoles Method

ListRoles

rpc ListRoles(ListRolesRequest) returns (ListRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.list

The equivalent REST API is:

GET /v1/{parent=services/*}/roles 

GET /v1/{parent=projects/*}/roles 

GET /v1/{parent=organizations/*}/roles

WatchRole Method

WatchRole

rpc WatchRole(WatchRoleRequest) returns (WatchRoleResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.watch

The equivalent REST API is:

POST /v1/{name=services/*/roles/*}:watch 

POST /v1/{name=projects/*/roles/*}:watch 

POST /v1/{name=organizations/*/roles/*}:watch

WatchRoles Method

WatchRoles

rpc WatchRoles(WatchRolesRequest) returns (WatchRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/roles:watch 

POST /v1/{parent=projects/*}/roles:watch 

POST /v1/{parent=organizations/*}/roles:watch

CreateRole Method

CreateRole

rpc CreateRole(CreateRoleRequest) returns (Role)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.create

The equivalent REST API is:

POST /v1/{parent=services/*}/roles (BODY: role)

POST /v1/{parent=projects/*}/roles 

POST /v1/{parent=organizations/*}/roles

UpdateRole Method

UpdateRole

rpc UpdateRole(UpdateRoleRequest) returns (Role)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.update

The equivalent REST API is:

PUT /v1/{role.name=services/*/roles/*} (BODY: role)

PUT /v1/{role.name=projects/*/roles/*} 

PUT /v1/{role.name=organizations/*/roles/*}

DeleteRole Method

DeleteRole

rpc DeleteRole(DeleteRoleRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/roles/*} 

DELETE /v1/{name=projects/*/roles/*} 

DELETE /v1/{name=organizations/*/roles/*}

Role Messages

Here is the list of Role resource messages:

Role Message

Name Type Description
name string (name of Role) Name of Role
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
description string Optional description
category Role.Category Category to which Role belongs to. It cannot be changed.
scope_params repeated Role.ScopeParamType List of scope params, they are used to evaluate object prefixes in grants and values in their field conditions, if any.
const_values repeated ScopeParam List of const scope params for this role
default_values repeated ScopeParam List of default value for the passed scope params
grants repeated Role.Grant List of permissions granted per each object prefix.
owned_objects repeated string List of owned objects templates - during binding of a role, each owned object specified in this role is computed against scope params from role binding to evaluate final owned objects. For example, if owned_objects in Role contains value “regions/{region}/devices/{device}, and RoleBinding specifies region=useast and device=d1, then final owned_object will be regions/useast/devices/d1. Ownership also would include any potential child resources of this device. Note that RoleBinding scope (project, organization, service) will still be prepended before each owned object to form fully qualified name of the owned resource. Owned objects may contain wildcards: ‘-’. As a special case, if owned objects contain string with only single character: ‘-’, then it means member of the role binding is considered as full owner of the scope. This field cannot be modified after role creation.
services repeated string (reference to Service) List of services used by this role. It is being detected by the usage of permissions in grants - or if it has owned objects, it contains all services used by parent service.
rb_spec_generation int64 Internal field used by controller to ensure role bindings are in sync with role updates.

Role.ScopeParamType Message

Name Type Description
name string
type Role.ScopeParamType.Type

Role.Grant Message

Name Type Description
sub_scope string Optional prefix that is APPENDED to the scope inherited from RoleBinding (project, organization, service). If not specified, then scope is equal to the one from RoleBinding.
permissions repeated string (reference to Permission) List of applicable permissions for this grant. Not relevant if is_owner is true.
resource_field_conditions repeated Role.Grant.FieldCondition List of resource field conditions. Values for conditions are extracted from assigned RoleBinding (scope params). Resource extraction is following: - If request has resource body, then it is used. - If request has resource name, then resource is extracted from database and its fields are used. - If request has filter object applicable for collection requests (like list, collection watch…), then service uses resource field paths and values extracted from filter conditions.
request_field_conditions repeated Role.Grant.FieldCondition List of request field conditions. Values for conditions are extracted from assigned RoleBinding (scope params).
executable_conditions repeated ExecutableCondition List of executable conditions to be applied in order to validate this grant. Note that executable conditions are also specified in RoleBinding, as often it is not possible to define all params in the Role itself, before binding. Final executable conditions, in RoleBinding context, are computed in the following way: - Executable conditions from RoleBinding and Role are matched by condition reference. - Params are merged FROM condition in Role into condition in RoleBinding. It is expected that Role defined “common” params and RoleBinding defines remaining ones.

Role.Grant.FieldCondition Message

Name Type Description
path string
value string

GetRoleRequest Message

A request message of the GetRole method.

Name Type Description
name string (name of Role) Name of ntt.iam.v1.Role
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRolesRequest Message

A request message of the BatchGetRoles method.

Name Type Description
names repeated string (name of Role) Names of Roles
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRolesResponse Message

A response message of the BatchGetRoles method.

Name Type Description
roles repeated Role found Roles
missing repeated string (name of Role) list of not found Roles

ListRolesRequest Message

A request message of the ListRoles method.

Name Type Description
parent string (parent name of Role) Parent name of ntt.iam.v1.Role
page_size int32 Requested page size. Server may return fewer Roles than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Role) A token identifying a page of results the server should return. Typically, this is the value of ListRolesResponse.next_page_token.
order_by string (orderBy of Role) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Role) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRolesResponse Message

A response message of the ListRoles method.

Name Type Description
roles repeated Role The list of Roles
prev_page_token string (cursor of Role) A token to retrieve previous page of results. Pass this value in the ListRolesRequest.page_token.
next_page_token string (cursor of Role) A token to retrieve next page of results. Pass this value in the ListRolesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Roles across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRoleRequest Message

A request message of the WatchRole method.

Name Type Description
name string (name of Role) Name of ntt.iam.v1.Role
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRoleResponse Message

A response message of the WatchRole method.

Name Type Description
change RoleChange

WatchRolesRequest Message

A request message of the WatchRoles method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Role) Parent name of ntt.iam.v1.Role
page_size int32 Requested page size. Server may return fewer Roles than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Role) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Role) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Role) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Role that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Role that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRolesResponse Message

A response message of the WatchRoles method.

Name Type Description
role_changes repeated RoleChange Changes of Roles
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Roles will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRolesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Roles will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRolesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Role) New token to retrieve previous page of results.
next_page_token string (cursor of Role) New token to retrieve next page of results.

CreateRoleRequest Message

A request message of the CreateRole method.

Name Type Description
parent string (parent name of Role) Parent name of ntt.iam.v1.Role
role Role Role resource body
response_mask CreateRoleRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRoleRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRoleRequest Message

A request message of the UpdateRole method.

Name Type Description
role Role Role resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRoleRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRoleRequest.ResponseMask reduce message response size.

UpdateRoleRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Role Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRoleRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRoleRequest Message

A request message of the DeleteRole method.

Name Type Description
name string (name of Role) Name of ntt.iam.v1.Role
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Role Enumerations

Here is the list of Role resource enumerations:

Role.Category Enumeration

Category points to the intended role use. It may restrict how RoleBindings are created.

Name Description
UNDEFINED Undefined, not allowed.
PUBLIC Role is intended for public access. Restricted members: allUsers, allAuthenticatedUsers. No RoleBinding scope restrictions.
INTERNAL Role is for internal purposes, defined by a parent service. There are no restrictions to scope and members.
OWNER Special owner role - reserved to “scope-admin” role in IAM. It is de facto reserved category for EdgeLQ core services only, but is also kind of USER type.
SERVICE Role relevant for Service Management, check display name and/or description for more information.
AGENT Role for various edge agents. Restricted to project scope and service account member types. Cannot be assigned to groups.
USER Role relevant for users, provides an access to various actions on organization/project level. Typically should be given to users, but ServiceAccount is also possible. Can be assigned to group members.

Role.ScopeParamType.Type Enumeration

Name Description
UNDEFINED
STRING
ARRAY_OF_STRINGS

RoleBinding Resource

RoleBinding Resource

Name patterns:

  • roleBindings/{role_binding}
  • projects/{project}/roleBindings/{role_binding}
  • organizations/{organization}/roleBindings/{role_binding}
  • services/{service}/roleBindings/{role_binding}

Parent resources:

This section covers the methods and messages to interact with RoleBinding resource.

RoleBinding Methods

Here is the list of RoleBinding resource methods:

CheckMyRoleBindings Method

CheckMyRoleBindings

rpc CheckMyRoleBindings(CheckMyRoleBindingsRequest) returns (CheckMyRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.checkMy

The equivalent REST API is:

POST /v1/roleBindings:checkMy (BODY: *)

POST /v1/{parent=projects/*}/roleBindings:checkMy 

POST /v1/{parent=organizations/*}/roleBindings:checkMy 

POST /v1/{parent=services/*}/roleBindings:checkMy

GetRoleBinding Method

GetRoleBinding

rpc GetRoleBinding(GetRoleBindingRequest) returns (RoleBinding)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.get

The equivalent REST API is:

GET /v1/{name=roleBindings/*} 

GET /v1/{name=projects/*/roleBindings/*} 

GET /v1/{name=organizations/*/roleBindings/*} 

GET /v1/{name=services/*/roleBindings/*}

BatchGetRoleBindings Method

BatchGetRoleBindings

rpc BatchGetRoleBindings(BatchGetRoleBindingsRequest) returns (BatchGetRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.batchGet

The equivalent REST API is:

GET /v1/roleBindings:batchGet

ListRoleBindings Method

ListRoleBindings

rpc ListRoleBindings(ListRoleBindingsRequest) returns (ListRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.list

The equivalent REST API is:

GET /v1/roleBindings 

GET /v1/{parent=projects/*}/roleBindings 

GET /v1/{parent=organizations/*}/roleBindings 

GET /v1/{parent=services/*}/roleBindings

WatchRoleBinding Method

WatchRoleBinding

rpc WatchRoleBinding(WatchRoleBindingRequest) returns (WatchRoleBindingResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.watch

The equivalent REST API is:

POST /v1/{name=roleBindings/*}:watch 

POST /v1/{name=projects/*/roleBindings/*}:watch 

POST /v1/{name=organizations/*/roleBindings/*}:watch 

POST /v1/{name=services/*/roleBindings/*}:watch

WatchRoleBindings Method

WatchRoleBindings

rpc WatchRoleBindings(WatchRoleBindingsRequest) returns (WatchRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.watch

The equivalent REST API is:

POST /v1/roleBindings:watch 

POST /v1/{parent=projects/*}/roleBindings:watch 

POST /v1/{parent=organizations/*}/roleBindings:watch 

POST /v1/{parent=services/*}/roleBindings:watch

CreateRoleBinding Method

CreateRoleBinding

rpc CreateRoleBinding(CreateRoleBindingRequest) returns (RoleBinding)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.create

The equivalent REST API is:

POST /v1/roleBindings (BODY: role_binding)

POST /v1/{parent=projects/*}/roleBindings 

POST /v1/{parent=organizations/*}/roleBindings 

POST /v1/{parent=services/*}/roleBindings

UpdateRoleBinding Method

UpdateRoleBinding

rpc UpdateRoleBinding(UpdateRoleBindingRequest) returns (RoleBinding)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.update

The equivalent REST API is:

PUT /v1/{role_binding.name=roleBindings/*} (BODY: role_binding)

PUT /v1/{role_binding.name=projects/*/roleBindings/*} 

PUT /v1/{role_binding.name=organizations/*/roleBindings/*} 

PUT /v1/{role_binding.name=services/*/roleBindings/*}

DeleteRoleBinding Method

DeleteRoleBinding

rpc DeleteRoleBinding(DeleteRoleBindingRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.delete

The equivalent REST API is:

DELETE /v1/{name=roleBindings/*} 

DELETE /v1/{name=projects/*/roleBindings/*} 

DELETE /v1/{name=organizations/*/roleBindings/*} 

DELETE /v1/{name=services/*/roleBindings/*}

ListRoleBindingsWithMembers Method

ListRoleBindingsWithMembers

rpc ListRoleBindingsWithMembers(ListRoleBindingsWithMembersRequest) returns (ListRoleBindingsWithMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.listRoleBindingsWithMembers

The equivalent REST API is:

POST /v1/roleBindings:listRoleBindingsWithMembers 

POST /v1/{parent=projects/*}/roleBindings:listRoleBindingsWithMembers 

POST /v1/{parent=organizations/*}/roleBindings:listRoleBindingsWithMembers 

POST /v1/{parent=services/*}/roleBindings:listRoleBindingsWithMembers

RoleBinding Messages

Here is the list of RoleBinding resource messages:

RoleBinding Message

Name Type Description
name string (name of RoleBinding) Name of RoleBinding
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
role string (reference to Role) Applied role.
member string Binding members Format of the string is one of: - “allUsers” (anyone) - “allAuthenticatedUsers” (anyone logged in from handling service point of view) - “user:admin.super@example.com” - “serviceAccount:device_agent@watchdog.serviceaccounts.iam.edgelq.com” - “group:nice.group@example.com” - “domain:example.com” (anyone with exact email domain)
scope_params repeated ScopeParam All scope params defined as required by a role
executable_conditions repeated ExecutableCondition optional executable conditions to be added to the role binding. They are matched with the executable conditions in a role grants by condition reference. If there is condition defined in RoleBinding, but not in any role grant, then executable condition is applied to all role grants.
owned_objects repeated string List of owned objects WITHIN role binding scope - for example if role binding is a child of project and owner_objects contain some device, member has all possible permissions for this device in project, regardless of method. In case ownership is for whole role binding scope, it will contain “-” string. This is computed based on a role with wildcard grants.
member_type string Member type, its prefix from member before ‘:’ rune, fo example “user”. If member has no ‘:’ (like allUsers), then it will contain same value.
category Role.Category Role category, taken from role itself, allows for additional filtering.
ancestry_path repeated RoleBinding.Parent Internal field used by IAM controller to note role binding ancestry path for Group type (RoleBindings inherited from Group)
parent_by_org string (reference to RoleBinding) Internal field used by IAM controller to note parent role binding from Parent Organization type. It is much different compared to “ancestry_path”, we just need direct parent. This is because it is simpler - controller for this inheritance does not need full ancestry path for loop detection. Groups are complicated and it is legal for two groups containing each other as members. But organization ancestry path does not allow loops, so we can afford simple field!
spec_generation int64 Internal field used to synchronize role binding with role. This value increases when we spec in a role changes in a way requiring role binding resynchronization.
has_owned_objects bool Internal field indicating if role binding has owned objects. It is used for filtering, as its not possible to filter by len(owned_objects) > 0
disable_for_child_scopes bool If true, then this RoleBinding DOES NOT apply to child entities. TODO: For now IAM Server decides if this RB is not assignable, consider opening this.

RoleBinding.Parent Message

Provides information about inheritance of this role binding - if it was created from another role binding.

Name Type Description
parent string (reference to RoleBinding) Role bindings which have group as member have child for each service account and user in that group. All those role bindings have one common parent pointing at group role binding
member string Member of the parent role binding

CheckMyRoleBindingsRequest Message

Request message for method [CheckMyRoleBindings][ntt.iam.v1.CheckMyRoleBindings]

Name Type Description
parent string (parent name of RoleBinding) Scope determines where roles should be looked from - its either system, service, project or organization scope. However, if it contains an organization or project, CheckMyRoles will perform check on all ancestry path (parent organizations).
filter string (filter of RoleBinding) Optional additional filter to apply on role bindings returned Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
custom_field_mask .google.protobuf.FieldMask Custom field mask to apply on role bindings. By default, is none is specified, following is used: [ “name”, “role”, “scope_params”, “executable_conditions”, “owned_objects” ].

CheckMyRoleBindingsResponse Message

Response message for method [CheckMyRoles][ntt.iam.v1.CheckMyRoles]

Name Type Description
resolvable_grants repeated CheckMyRoleBindingsResponse.ResolvableGrant List of returned role bindings with corresponding grants.

CheckMyRoleBindingsResponse.ResolvableGrant Message

Name Type Description
role_binding RoleBinding Granted RoleBinding for the scope
grants repeated Role.Grant All grants extracted from the Role

GetRoleBindingRequest Message

A request message of the GetRoleBinding method.

Name Type Description
name string (name of RoleBinding) Name of ntt.iam.v1.RoleBinding
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRoleBindingsRequest Message

A request message of the BatchGetRoleBindings method.

Name Type Description
names repeated string (name of RoleBinding) Names of RoleBindings
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRoleBindingsResponse Message

A response message of the BatchGetRoleBindings method.

Name Type Description
role_bindings repeated RoleBinding found RoleBindings
missing repeated string (name of RoleBinding) list of not found RoleBindings

ListRoleBindingsRequest Message

A request message of the ListRoleBindings method.

Name Type Description
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1.RoleBinding
page_size int32 Requested page size. Server may return fewer RoleBindings than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of RoleBinding) A token identifying a page of results the server should return. Typically, this is the value of ListRoleBindingsResponse.next_page_token.
order_by string (orderBy of RoleBinding) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of RoleBinding) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRoleBindingsResponse Message

A response message of the ListRoleBindings method.

Name Type Description
role_bindings repeated RoleBinding The list of RoleBindings
prev_page_token string (cursor of RoleBinding) A token to retrieve previous page of results. Pass this value in the ListRoleBindingsRequest.page_token.
next_page_token string (cursor of RoleBinding) A token to retrieve next page of results. Pass this value in the ListRoleBindingsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total RoleBindings across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRoleBindingRequest Message

A request message of the WatchRoleBinding method.

Name Type Description
name string (name of RoleBinding) Name of ntt.iam.v1.RoleBinding
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRoleBindingResponse Message

A response message of the WatchRoleBinding method.

Name Type Description
change RoleBindingChange

WatchRoleBindingsRequest Message

A request message of the WatchRoleBindings method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1.RoleBinding
page_size int32 Requested page size. Server may return fewer RoleBindings than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of RoleBinding) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of RoleBinding) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of RoleBinding) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to RoleBinding that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to RoleBinding that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRoleBindingsResponse Message

A response message of the WatchRoleBindings method.

Name Type Description
role_binding_changes repeated RoleBindingChange Changes of RoleBindings
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All RoleBindings will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRoleBindingsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (RoleBindings will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRoleBindingsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of RoleBinding) New token to retrieve previous page of results.
next_page_token string (cursor of RoleBinding) New token to retrieve next page of results.

CreateRoleBindingRequest Message

A request message of the CreateRoleBinding method.

Name Type Description
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1.RoleBinding
role_binding RoleBinding RoleBinding resource body
response_mask CreateRoleBindingRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRoleBindingRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRoleBindingRequest Message

A request message of the UpdateRoleBinding method.

Name Type Description
role_binding RoleBinding RoleBinding resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRoleBindingRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRoleBindingRequest.ResponseMask reduce message response size.

UpdateRoleBindingRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state RoleBinding Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRoleBindingRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRoleBindingRequest Message

A request message of the DeleteRoleBinding method.

Name Type Description
name string (name of RoleBinding) Name of ntt.iam.v1.RoleBinding
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ListRoleBindingsWithMembersRequest Message

A request message of the ListRoleBindingsWithMembers method.

Name Type Description
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1.RoleBinding
page_size int32 Requested page size. Server may return fewer RoleBindings than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of RoleBinding) A token identifying a page of results the server should return. Typically, this is the value of ListRoleBindingsWithMembersResponse.next_page_token.
order_by string (orderBy of RoleBinding) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of RoleBinding) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask and user_mask.
members_masks MembersMasks Defines field masks applied to member resources (Users, Service accounts, Groups).
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRoleBindingsWithMembersResponse Message

A response message of the ListRoleBindingsWithMembers method.

Name Type Description
role_bindings repeated RoleBinding The list of RoleBindings
matching_members repeated MembersInfo List of matching members per each received role binding.
prev_page_token string (cursor of RoleBinding) A token to retrieve previous page of results. Pass this value in the ListRoleBindingsWithMembersRequest.page_token.
next_page_token string (cursor of RoleBinding) A token to retrieve next page of results. Pass this value in the ListRoleBindingsWithMembersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total RoleBindings across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

ServiceAccount Resource

ServiceAccount Resource

Name patterns:

  • projects/{project}/regions/{region}/serviceAccounts/{service_account}

Parent resources:

This section covers the methods and messages to interact with ServiceAccount resource.

ServiceAccount Methods

Here is the list of ServiceAccount resource methods:

GetServiceAccount Method

GetServiceAccount

rpc GetServiceAccount(GetServiceAccountRequest) returns (ServiceAccount)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/serviceAccounts/*}

BatchGetServiceAccounts Method

BatchGetServiceAccounts

rpc BatchGetServiceAccounts(BatchGetServiceAccountsRequest) returns (BatchGetServiceAccountsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.batchGet

The equivalent REST API is:

GET /v1/serviceAccounts:batchGet

ListServiceAccounts Method

ListServiceAccounts

rpc ListServiceAccounts(ListServiceAccountsRequest) returns (ListServiceAccountsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/serviceAccounts

WatchServiceAccount Method

WatchServiceAccount

rpc WatchServiceAccount(WatchServiceAccountRequest) returns (WatchServiceAccountResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/serviceAccounts/*}:watch

WatchServiceAccounts Method

WatchServiceAccounts

rpc WatchServiceAccounts(WatchServiceAccountsRequest) returns (WatchServiceAccountsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/serviceAccounts:watch

CreateServiceAccount Method

CreateServiceAccount

rpc CreateServiceAccount(CreateServiceAccountRequest) returns (ServiceAccount)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/serviceAccounts (BODY: service_account)

UpdateServiceAccount Method

UpdateServiceAccount

rpc UpdateServiceAccount(UpdateServiceAccountRequest) returns (ServiceAccount)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.update

The equivalent REST API is:

PUT /v1/{service_account.name=projects/*/regions/*/serviceAccounts/*} (BODY: service_account)

DeleteServiceAccount Method

DeleteServiceAccount

rpc DeleteServiceAccount(DeleteServiceAccountRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/serviceAccounts/*}

GetMyAgentShard Method

GetMyAgentShard

rpc GetMyAgentShard(GetMyAgentShardRequest) returns (GetMyAgentShardResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.getMyAgentShard

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/serviceAccounts/*}:getMyAgentShard

GetShardEndpoints Method

GetShardEndpoints

rpc GetShardEndpoints(GetShardEndpointsRequest) returns (GetShardEndpointsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.getShardEndpoints

The equivalent REST API is:

POST /v1:getShardEndpoints

AddRegionalAdminAccountForServices Method

AddRegionalAdminAccountForServices

rpc AddRegionalAdminAccountForServices(AddRegionalAdminAccountForServicesRequest) returns (AddRegionalAdminAccountForServicesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.addRegionalAdminAccountForServices

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/serviceAccounts:addRegionalAdminAccountForServices

ServiceAccount Messages

Here is the list of ServiceAccount resource messages:

ServiceAccount Message

Name Type Description
name string (name of ServiceAccount) Name of ServiceAccount When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-_]{0,55}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
description string Optional. Description of the account
email string Email
kind ServiceAccount.Kind Agent kind and purpose. Cannot be changed.

GetServiceAccountRequest Message

A request message of the GetServiceAccount method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1.ServiceAccount
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountsRequest Message

A request message of the BatchGetServiceAccounts method.

Name Type Description
names repeated string (name of ServiceAccount) Names of ServiceAccounts
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountsResponse Message

A response message of the BatchGetServiceAccounts method.

Name Type Description
service_accounts repeated ServiceAccount found ServiceAccounts
missing repeated string (name of ServiceAccount) list of not found ServiceAccounts

ListServiceAccountsRequest Message

A request message of the ListServiceAccounts method.

Name Type Description
parent string (parent name of ServiceAccount) Parent name of ntt.iam.v1.ServiceAccount
page_size int32 Requested page size. Server may return fewer ServiceAccounts than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ServiceAccount) A token identifying a page of results the server should return. Typically, this is the value of ListServiceAccountsResponse.next_page_token.
order_by string (orderBy of ServiceAccount) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ServiceAccount) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListServiceAccountsResponse Message

A response message of the ListServiceAccounts method.

Name Type Description
service_accounts repeated ServiceAccount The list of ServiceAccounts
prev_page_token string (cursor of ServiceAccount) A token to retrieve previous page of results. Pass this value in the ListServiceAccountsRequest.page_token.
next_page_token string (cursor of ServiceAccount) A token to retrieve next page of results. Pass this value in the ListServiceAccountsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ServiceAccounts across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchServiceAccountRequest Message

A request message of the WatchServiceAccount method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1.ServiceAccount
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchServiceAccountResponse Message

A response message of the WatchServiceAccount method.

Name Type Description
change ServiceAccountChange

WatchServiceAccountsRequest Message

A request message of the WatchServiceAccounts method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ServiceAccount) Parent name of ntt.iam.v1.ServiceAccount
page_size int32 Requested page size. Server may return fewer ServiceAccounts than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ServiceAccount) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ServiceAccount) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ServiceAccount) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ServiceAccount that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ServiceAccount that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchServiceAccountsResponse Message

A response message of the WatchServiceAccounts method.

Name Type Description
service_account_changes repeated ServiceAccountChange Changes of ServiceAccounts
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ServiceAccounts will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchServiceAccountsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ServiceAccounts will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchServiceAccountsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ServiceAccount) New token to retrieve previous page of results.
next_page_token string (cursor of ServiceAccount) New token to retrieve next page of results.

CreateServiceAccountRequest Message

A request message of the CreateServiceAccount method.

Name Type Description
parent string (parent name of ServiceAccount) Parent name of ntt.iam.v1.ServiceAccount
service_account ServiceAccount ServiceAccount resource body
response_mask CreateServiceAccountRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateServiceAccountRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateServiceAccountRequest Message

A request message of the UpdateServiceAccount method.

Name Type Description
service_account ServiceAccount ServiceAccount resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateServiceAccountRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateServiceAccountRequest.ResponseMask reduce message response size.

UpdateServiceAccountRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ServiceAccount Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateServiceAccountRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteServiceAccountRequest Message

A request message of the DeleteServiceAccount method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1.ServiceAccount
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetMyAgentShardRequest Message

A request message of the GetMyAgentShard method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1.ServiceAccount of Agent type

GetMyAgentShardResponse Message

A response message of the GetMyAgentShard method.

Name Type Description
shard_num int64

GetShardEndpointsRequest Message

A request message of the GetShardEndpoints method.

Name Type Description
shard_num int64

GetShardEndpointsResponse Message

A response message of the GetShardEndpoints method.

Name Type Description
endpoints repeated string

AddRegionalAdminAccountForServicesRequest Message

Request message for method [AddRegionalAdminAccountForServices][ntt.iam.v1.AddRegionalAdminAccountForServices]

Name Type Description
parent string (parent name of ServiceAccount) Parent of ServiceAccount containing Service project and Region. If region is not enabled in project, it will be for this request.
services repeated string (name of Service) List of services in which admin account must participate. They must all belong to the project indicated in the parent.
admin_account string (name of ServiceAccount) Regional service account name that will be an admin for this Service. If it does not exist, it will be created.
admin_key ServiceAccountKey Optional admin account key - must be skipped if admin_account already exists and has key already known by user. If provided, then new ServiceAccountKey will be created. If public key was provided in request, then server will use it. Otherwise it will generate private/public pair and provide both in response. If admin_key already exists and is still provided in request, AlreadyExists will be returned.
admin_account_project_role string (name of Role) Optional Role admin_account will have in the service project. When service is eventually created, admin_account will have full ownership of the Service. However, it wont be able to access Service Project freely - by default minimal role is assigned, that allows to send usage metrics (for example). In some cases it may be necessary for admin_account to have larger access to the service project, for example for devices management.

AddRegionalAdminAccountForServicesResponse Message

Response message for method [AddRegionalAdminAccountForServices][ntt.iam.v1.AddRegionalAdminAccountForServices]

Name Type Description
ntt_admin_credentials ServiceAccount Service account admin credentials are provided if admin_key was populated in the request object. It will have private key data if public key was not provided in the request admin_key. JSON representation of this object must be saved by the caller as ntt-credentials.json file - it will be required during actual regional application deployment. If user generated private/public pair themselves (and proved public in request object), before saving JSON user will need to populate private key string themselves in the final file. In case of lost credentials, user will need to send DeleteServiceAccountKey and CreateServiceAccountKey requests for admin ServiceAccount - and craft another credentials.

ServiceAccount Enumerations

Here is the list of ServiceAccount resource enumerations:

ServiceAccount.Kind Enumeration

Kind indicates purpose of the service account.

Name Description
UNSPECIFIED Any purpose
AGENT Agent indicates that ServiceAccount is associated with some single specific resource, like devices.edgelq.com/Device. Agent Service Accounts are automatically sharded and should ideally use dedicated server instances holding their shard. Agent type accounts are allowed to have only RoleBindings in their projects. They cannot have domain role bindings. They can still benefit from AllUsers/AllAuthenticatedUsers role bindings though.

ServiceAccountKey Resource

ServiceAccountKey Resource

Name patterns:

  • projects/{project}/regions/{region}/serviceAccounts/{service_account}/serviceAccountKeys/{service_account_key}

Parent resources:

This section covers the methods and messages to interact with ServiceAccountKey resource.

ServiceAccountKey Methods

Here is the list of ServiceAccountKey resource methods:

GetServiceAccountKey Method

GetServiceAccountKey

rpc GetServiceAccountKey(GetServiceAccountKeyRequest) returns (ServiceAccountKey)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*}

BatchGetServiceAccountKeys Method

BatchGetServiceAccountKeys

rpc BatchGetServiceAccountKeys(BatchGetServiceAccountKeysRequest) returns (BatchGetServiceAccountKeysResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.batchGet

The equivalent REST API is:

GET /v1/serviceAccountKeys:batchGet

ListServiceAccountKeys Method

ListServiceAccountKeys

rpc ListServiceAccountKeys(ListServiceAccountKeysRequest) returns (ListServiceAccountKeysResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*/serviceAccounts/*}/serviceAccountKeys

WatchServiceAccountKey Method

WatchServiceAccountKey

rpc WatchServiceAccountKey(WatchServiceAccountKeyRequest) returns (WatchServiceAccountKeyResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*}:watch

WatchServiceAccountKeys Method

WatchServiceAccountKeys

rpc WatchServiceAccountKeys(WatchServiceAccountKeysRequest) returns (WatchServiceAccountKeysResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*/serviceAccounts/*}/serviceAccountKeys:watch

CreateServiceAccountKey Method

CreateServiceAccountKey

rpc CreateServiceAccountKey(CreateServiceAccountKeyRequest) returns (ServiceAccountKey)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*/serviceAccounts/*}/serviceAccountKeys (BODY: service_account_key)

UpdateServiceAccountKey Method

UpdateServiceAccountKey

rpc UpdateServiceAccountKey(UpdateServiceAccountKeyRequest) returns (ServiceAccountKey)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.update

The equivalent REST API is:

PUT /v1/{service_account_key.name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*} (BODY: service_account_key)

DeleteServiceAccountKey Method

DeleteServiceAccountKey

rpc DeleteServiceAccountKey(DeleteServiceAccountKeyRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*}

ServiceAccountKey Messages

Here is the list of ServiceAccountKey resource messages:

ServiceAccountKey Message

Name Type Description
name string (name of ServiceAccountKey) Name of ServiceAccountKey When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display name
description string Optional. Description of the key
public_key_data string Public key contents
private_key_data string The private key of the pair. This field is only provided in CreateServiceAccountKey responses. Private keys are NOT stored on the server.
api_key string Api key is set if algorithm is equal to API_KEY and provided in CreateServiceAccountKey responses. They are not stored on the server, so caller is obliged to remember its value. If lost, its is necessary to create new key. Api key must be used in authorization header token when making request: - Authorization: “Bearer $API_KEY” Example for curl: $ curl -X GET -H “Authorization: Bearer $API_KEY” -s $URL
algorithm ServiceAccountKey.Algorithm The algorithm used to generate the key.
valid_not_before .google.protobuf.Timestamp The key is not valid before this timestamp.
valid_not_after .google.protobuf.Timestamp The key is not valid after this timestamp.

GetServiceAccountKeyRequest Message

A request message of the GetServiceAccountKey method.

Name Type Description
name string (name of ServiceAccountKey) Name of ntt.iam.v1.ServiceAccountKey
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountKeysRequest Message

A request message of the BatchGetServiceAccountKeys method.

Name Type Description
names repeated string (name of ServiceAccountKey) Names of ServiceAccountKeys
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountKeysResponse Message

A response message of the BatchGetServiceAccountKeys method.

Name Type Description
service_account_keys repeated ServiceAccountKey found ServiceAccountKeys
missing repeated string (name of ServiceAccountKey) list of not found ServiceAccountKeys

ListServiceAccountKeysRequest Message

A request message of the ListServiceAccountKeys method.

Name Type Description
parent string (parent name of ServiceAccountKey) Parent name of ntt.iam.v1.ServiceAccountKey
page_size int32 Requested page size. Server may return fewer ServiceAccountKeys than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ServiceAccountKey) A token identifying a page of results the server should return. Typically, this is the value of ListServiceAccountKeysResponse.next_page_token.
order_by string (orderBy of ServiceAccountKey) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ServiceAccountKey) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListServiceAccountKeysResponse Message

A response message of the ListServiceAccountKeys method.

Name Type Description
service_account_keys repeated ServiceAccountKey The list of ServiceAccountKeys
prev_page_token string (cursor of ServiceAccountKey) A token to retrieve previous page of results. Pass this value in the ListServiceAccountKeysRequest.page_token.
next_page_token string (cursor of ServiceAccountKey) A token to retrieve next page of results. Pass this value in the ListServiceAccountKeysRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ServiceAccountKeys across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchServiceAccountKeyRequest Message

A request message of the WatchServiceAccountKey method.

Name Type Description
name string (name of ServiceAccountKey) Name of ntt.iam.v1.ServiceAccountKey
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchServiceAccountKeyResponse Message

A response message of the WatchServiceAccountKey method.

Name Type Description
change ServiceAccountKeyChange

WatchServiceAccountKeysRequest Message

A request message of the WatchServiceAccountKeys method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ServiceAccountKey) Parent name of ntt.iam.v1.ServiceAccountKey
page_size int32 Requested page size. Server may return fewer ServiceAccountKeys than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ServiceAccountKey) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ServiceAccountKey) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ServiceAccountKey) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ServiceAccountKey that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ServiceAccountKey that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchServiceAccountKeysResponse Message

A response message of the WatchServiceAccountKeys method.

Name Type Description
service_account_key_changes repeated ServiceAccountKeyChange Changes of ServiceAccountKeys
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ServiceAccountKeys will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchServiceAccountKeysResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ServiceAccountKeys will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchServiceAccountKeysResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ServiceAccountKey) New token to retrieve previous page of results.
next_page_token string (cursor of ServiceAccountKey) New token to retrieve next page of results.

CreateServiceAccountKeyRequest Message

A request message of the CreateServiceAccountKey method.

Name Type Description
parent string (parent name of ServiceAccountKey) Parent name of ntt.iam.v1.ServiceAccountKey
service_account_key ServiceAccountKey ServiceAccountKey resource body
response_mask CreateServiceAccountKeyRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateServiceAccountKeyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateServiceAccountKeyRequest Message

A request message of the UpdateServiceAccountKey method.

Name Type Description
service_account_key ServiceAccountKey ServiceAccountKey resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateServiceAccountKeyRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateServiceAccountKeyRequest.ResponseMask reduce message response size.

UpdateServiceAccountKeyRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ServiceAccountKey Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateServiceAccountKeyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteServiceAccountKeyRequest Message

A request message of the DeleteServiceAccountKey method.

Name Type Description
name string (name of ServiceAccountKey) Name of ntt.iam.v1.ServiceAccountKey
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ServiceAccountKey Enumerations

Here is the list of ServiceAccountKey resource enumerations:

ServiceAccountKey.Algorithm Enumeration

Name Description
KEY_ALGORITHM_UNSPECIFIED
RSA_1024
RSA_2048
RSA_4096
API_KEY

User Resource

User Resource

Name patterns:

  • users/{user}

This section covers the methods and messages to interact with User resource.

User Methods

Here is the list of User resource methods:

GetUser Method

GetUser

rpc GetUser(GetUserRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.get

The equivalent REST API is:

GET /v1/{name=users/*}

BatchGetUsers Method

BatchGetUsers

rpc BatchGetUsers(BatchGetUsersRequest) returns (BatchGetUsersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.batchGet

The equivalent REST API is:

GET /v1/users:batchGet

ListUsers Method

ListUsers

rpc ListUsers(ListUsersRequest) returns (ListUsersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.list

The equivalent REST API is:

GET /v1/users

WatchUser Method

WatchUser

rpc WatchUser(WatchUserRequest) returns (WatchUserResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.watch

The equivalent REST API is:

POST /v1/{name=users/*}:watch

WatchUsers Method

WatchUsers

rpc WatchUsers(WatchUsersRequest) returns (WatchUsersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.watch

The equivalent REST API is:

POST /v1/users:watch

CreateUser Method

CreateUser

rpc CreateUser(CreateUserRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.create

The equivalent REST API is:

POST /v1/users (BODY: user)

UpdateUser Method

UpdateUser

rpc UpdateUser(UpdateUserRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.update

The equivalent REST API is:

PUT /v1/{user.name=users/*} (BODY: user)

DeleteUser Method

DeleteUser

rpc DeleteUser(DeleteUserRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.delete

The equivalent REST API is:

DELETE /v1/{name=users/*}

GetUserByEmail Method

GetUserByEmail

rpc GetUserByEmail(GetUserByEmailRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.getByEmail

The equivalent REST API is:

POST /v1:getByEmail

BatchGetUsersByEmail Method

BatchGetUsersByEmail

rpc BatchGetUsersByEmail(BatchGetUsersByEmailRequest) returns (BatchGetUsersByEmailResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.batchGetByEmail

The equivalent REST API is:

POST /v1/users:batchGetByEmail

GetMySettings Method

GetMySettings

rpc GetMySettings(GetMySettingsRequest) returns (GetMySettingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.getMySettings

The equivalent REST API is:

POST /v1/users:getMySettings

SetMySettings Method

SetMySettings

rpc SetMySettings(SetMySettingsRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.setMySettings

The equivalent REST API is:

POST /v1/users:setMySettings

RefreshUserFromIdToken Method

RefreshUserFromIdToken

rpc RefreshUserFromIdToken(RefreshUserFromIdTokenRequest) returns (RefreshUserFromIdTokenResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.refreshUserFromIdToken

The equivalent REST API is:

POST /v1/users:refreshUserFromIdToken

ResendVerificationEmail Method

ResendVerificationEmail

rpc ResendVerificationEmail(ResendVerificationEmailRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.resendVerificationEmail

The equivalent REST API is:

POST /v1/users:resendVerificationEmail

IsUserVerified Method

IsUserVerified

rpc IsUserVerified(IsUserVerifiedRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.isUserVerified

The equivalent REST API is:

POST /v1/users:isUserVerified

ResetMFAIfRecoveryKeyUsed Method

ResetMFAIfRecoveryKeyUsed

rpc ResetMFAIfRecoveryKeyUsed(ResetMFAIfRecoveryKeyUsedRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.resetMFAIfRecoveryKeyUsed

The equivalent REST API is:

POST /v1/users:resetMFAIfRecoveryKeyUsed

SetUsersNameInAuth0 Method

SetUsersNameInAuth0

rpc SetUsersNameInAuth0(SetUsersNameInAuth0Request) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.setUsersNameInAuth0

The equivalent REST API is:

POST /v1/users:setUsersNameInAuth0

DeleteUsersByCriteria Method

DeleteUsersByCriteria

rpc DeleteUsersByCriteria(DeleteUsersByCriteriaRequest) returns (DeleteUsersByCriteriaResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.deleteUsersByCriteria

The equivalent REST API is:

POST /v1:deleteUsersByCriteria

User Messages

Here is the list of User resource messages:

User Message

Name Type Description
name string (name of User) Name of User When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
full_name string Full Name
email string Email
email_verified bool Is email verified
auth_info User.AuthInfo
settings map<string, string> User settings and preferences
refreshed_time .google.protobuf.Timestamp
ctrl_status User.WorkStatus Internal status used by controller.

User.AuthInfo Message

Name Type Description
provider string auth provider
id string auth provider id

User.WorkStatus Message

Name Type Description
pending bool if controller has some work on this resource

GetUserRequest Message

A request message of the GetUser method.

Name Type Description
name string (name of User) Name of ntt.iam.v1.User
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetUsersRequest Message

A request message of the BatchGetUsers method.

Name Type Description
names repeated string (name of User) Names of Users
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetUsersResponse Message

A response message of the BatchGetUsers method.

Name Type Description
users repeated User found Users
missing repeated string (name of User) list of not found Users

ListUsersRequest Message

A request message of the ListUsers method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Users than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of User) A token identifying a page of results the server should return. Typically, this is the value of ListUsersResponse.next_page_token.
order_by string (orderBy of User) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of User) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListUsersResponse Message

A response message of the ListUsers method.

Name Type Description
users repeated User The list of Users
prev_page_token string (cursor of User) A token to retrieve previous page of results. Pass this value in the ListUsersRequest.page_token.
next_page_token string (cursor of User) A token to retrieve next page of results. Pass this value in the ListUsersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Users across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchUserRequest Message

A request message of the WatchUser method.

Name Type Description
name string (name of User) Name of ntt.iam.v1.User
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchUserResponse Message

A response message of the WatchUser method.

Name Type Description
change UserChange

WatchUsersRequest Message

A request message of the WatchUsers method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Users than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of User) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of User) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of User) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to User that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to User that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchUsersResponse Message

A response message of the WatchUsers method.

Name Type Description
user_changes repeated UserChange Changes of Users
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Users will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchUsersResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Users will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchUsersResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of User) New token to retrieve previous page of results.
next_page_token string (cursor of User) New token to retrieve next page of results.

CreateUserRequest Message

A request message of the CreateUser method.

Name Type Description
user User User resource body
response_mask CreateUserRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateUserRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateUserRequest Message

A request message of the UpdateUser method.

Name Type Description
user User User resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateUserRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateUserRequest.ResponseMask reduce message response size.

UpdateUserRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state User Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateUserRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteUserRequest Message

A request message of the DeleteUser method.

Name Type Description
name string (name of User) Name of ntt.iam.v1.User
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetUserByEmailRequest Message

Request message for method [GetUserByEmail][ntt.iam.v1.GetUserByEmail]

Name Type Description
email string reference of ntt.iam.v1.User
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
skip_cache bool If true, server will skip checking if query result is present in it’s cache

BatchGetUsersByEmailRequest Message

Request message for method [BatchGetUsersByEmail][ntt.iam.v1.BatchGetUsersByEmail]

Name Type Description
emails repeated string Emails of users
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
skip_cache bool If true, server will skip checking if query result is present in it’s cache

BatchGetUsersByEmailResponse Message

Response message for method [BatchGetUsersByEmail][ntt.iam.v1.BatchGetUsersByEmail]

Name Type Description
users repeated User found Users
missing repeated string list of not found user emails

GetMySettingsRequest Message

Request message for method [GetMySettings][ntt.iam.v1.GetMySettings]

Name Type Description
keys repeated string list of keys to retrieve

GetMySettingsResponse Message

Response message for method [GetMySettings][ntt.iam.v1.GetMySettings]

Name Type Description
settings map<string, string> resulting settings

SetMySettingsRequest Message

Request message for method [SetMySettings][ntt.iam.v1.SetMySettings]

Name Type Description
settings map<string, string> Settings to update. Leave empty value to unset key

RefreshUserFromIdTokenRequest Message

Request message for method [RefreshUserFromIdToken][ntt.iam.v1.RefreshUserFromIdToken]

Name Type Description
id_token string JWT-encoded ID token

RefreshUserFromIdTokenResponse Message

Response message for method [RefreshUserFromIdToken][ntt.iam.v1.RefreshUserFromIdToken]

Name Type Description
none none none

ResendVerificationEmailRequest Message

Request message for method [ResendVerificationEmail][ntt.iam.v1.ResendVerificationEmail]

Name Type Description
client_id string Optional Auth client ID. May be defined per application to customize email template.

IsUserVerifiedRequest Message

Request message for method [IsUserVerified][ntt.iam.v1.IsUserVerified]

Name Type Description
none none none

ResetMFAIfRecoveryKeyUsedRequest Message

Request message for method [ResetMFAIfRecoveryKeyUsed][ntt.iam.v1.ResetMFAIfRecoveryKeyUsed]

Name Type Description
none none none

SetUsersNameInAuth0Request Message

Request message for method [SetUsersNameInAuth0][ntt.iam.v1.SetUsersNameInAuth0]

Name Type Description
none none none

DeleteUsersByCriteriaRequest Message

Request message for method [DeleteUsersByCriteria][ntt.iam.v1.DeleteUsersByCriteria]

Name Type Description
by_email DeleteUsersByCriteriaRequest.UserEmails Delete by email criteria
by_name DeleteUsersByCriteriaRequest.UserNames Delete by name criteria
auth_info_provider string Auth info provider type. Optional. If provided, it must match deleted user instances - field auth_info.provider must exactly match specified value.
auth_info_id_prefix string Auth info ID prefix. Optional. If provided, it must match deleted user instances - field auth_info.id must begin with specified prefix.

DeleteUsersByCriteriaRequest.UserEmails Message

Name Type Description
values repeated string

DeleteUsersByCriteriaRequest.UserNames Message

Name Type Description
values repeated string (name of User)

DeleteUsersByCriteriaResponse Message

Response message for method [DeleteUserByCriteria][ntt.iam.v1.DeleteUserByCriteria]

Name Type Description
deleted_users repeated string (name of User) List of deleted user resources

IAM Service Shared Methods and Messages

IAM Service Shared Methods

Here is the list of IAM service shared methods:

GetPrincipal Method

GetPrincipal

rpc GetPrincipal(GetPrincipalRequest) returns (GetPrincipalResponse)

WatchPrincipalUpdates Method

WatchPrincipalUpdates

rpc WatchPrincipalUpdates(WatchPrincipalUpdatesRequest) returns (WatchPrincipalUpdatesResponse)

IAM Service Shared Messages

Here is the list of IAM service shared messages:

Actor Message

Actor is a party performing an action

Name Type Description
user string (reference to User)
service_account string (reference to ServiceAccount)

AttestationDomainChange Message

AttestationDomainChange is used by Watch notifications Responses to describe change of single AttestationDomain One of Added, Modified, Removed

Name Type Description
added AttestationDomainChange.Added Added is returned when watched document is added, either created or enters Query view
modified AttestationDomainChange.Modified Modified is returned when watched document is modified
current AttestationDomainChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AttestationDomainChange.Removed Removed is returned when AttestationDomain is deleted or leaves Query view

AttestationDomainChange.Added Message

AttestationDomain has been added to query view

Name Type Description
attestation_domain AttestationDomain
view_index int32 Integer describing index of added AttestationDomain in resulting query view.

AttestationDomainChange.Current Message

AttestationDomain has been added or modified in a query view. Version used for stateless watching

Name Type Description
attestation_domain AttestationDomain

AttestationDomainChange.Modified Message

AttestationDomain changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AttestationDomain) Name of modified AttestationDomain
attestation_domain AttestationDomain New version of AttestationDomain or masked difference, depending on mask_changes instrumentation of issued [WatchAttestationDomainRequest] or [WatchAttestationDomainsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AttestationDomain. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AttestationDomain new index in resulting query view.

AttestationDomainChange.Removed Message

Removed is returned when AttestationDomain is deleted or leaves Query view

Name Type Description
name string (name of AttestationDomain)
view_index int32 Integer specifying removed AttestationDomain index. Not populated in stateless watch type.

ConditionChange Message

ConditionChange is used by Watch notifications Responses to describe change of single Condition One of Added, Modified, Removed

Name Type Description
added ConditionChange.Added Added is returned when watched document is added, either created or enters Query view
modified ConditionChange.Modified Modified is returned when watched document is modified
current ConditionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ConditionChange.Removed Removed is returned when Condition is deleted or leaves Query view

ConditionChange.Added Message

Condition has been added to query view

Name Type Description
condition Condition
view_index int32 Integer describing index of added Condition in resulting query view.

ConditionChange.Current Message

Condition has been added or modified in a query view. Version used for stateless watching

Name Type Description
condition Condition

ConditionChange.Modified Message

Condition changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Condition) Name of modified Condition
condition Condition New version of Condition or masked difference, depending on mask_changes instrumentation of issued [WatchConditionRequest] or [WatchConditionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Condition. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Condition new index in resulting query view.

ConditionChange.Removed Message

Removed is returned when Condition is deleted or leaves Query view

Name Type Description
name string (name of Condition)
view_index int32 Integer specifying removed Condition index. Not populated in stateless watch type.

ExecutableCondition Message

ExecutableCondition represents instantiation of condition with params, in other words: Executable condition, that is used in Role bindings.

Name Type Description
condition string (reference to Condition) Reference to Condition which may also be parameterized
params .google.protobuf.Struct Parameters in string form. Parameters must match [declarations][ntt.iam.v1.Condition.parameter_declarations] TODO: Only used by deprecated CEL conditions.

GetPrincipalRequest Message

Request message for method [GetPrincipal][ntt.iam.v1.GetPrincipal]

Name Type Description
requesting_service string (name of Service) Service asking for given principal - IAM verifies if given principal has any role bindings in requesting service.
principal_key_id string Principal ID, different for users or service accounts
auth_token string User authorization token

GetPrincipalResponse Message

Response message for method [GetPrincipal][ntt.iam.v1.GetPrincipal]

Name Type Description
json_key string Public json key
principal_key_type string Key type
user User User data mapping principal
service_account ServiceAccount Service account mapping principal
anonymous bool Anonymous principal

GroupChange Message

GroupChange is used by Watch notifications Responses to describe change of single Group One of Added, Modified, Removed

Name Type Description
added GroupChange.Added Added is returned when watched document is added, either created or enters Query view
modified GroupChange.Modified Modified is returned when watched document is modified
current GroupChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed GroupChange.Removed Removed is returned when Group is deleted or leaves Query view

GroupChange.Added Message

Group has been added to query view

Name Type Description
group Group
view_index int32 Integer describing index of added Group in resulting query view.

GroupChange.Current Message

Group has been added or modified in a query view. Version used for stateless watching

Name Type Description
group Group

GroupChange.Modified Message

Group changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Group) Name of modified Group
group Group New version of Group or masked difference, depending on mask_changes instrumentation of issued [WatchGroupRequest] or [WatchGroupsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Group. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Group new index in resulting query view.

GroupChange.Removed Message

Removed is returned when Group is deleted or leaves Query view

Name Type Description
name string (name of Group)
view_index int32 Integer specifying removed Group index. Not populated in stateless watch type.

GroupMemberChange Message

GroupMemberChange is used by Watch notifications Responses to describe change of single GroupMember One of Added, Modified, Removed

Name Type Description
added GroupMemberChange.Added Added is returned when watched document is added, either created or enters Query view
modified GroupMemberChange.Modified Modified is returned when watched document is modified
current GroupMemberChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed GroupMemberChange.Removed Removed is returned when GroupMember is deleted or leaves Query view

GroupMemberChange.Added Message

GroupMember has been added to query view

Name Type Description
group_member GroupMember
view_index int32 Integer describing index of added GroupMember in resulting query view.

GroupMemberChange.Current Message

GroupMember has been added or modified in a query view. Version used for stateless watching

Name Type Description
group_member GroupMember

GroupMemberChange.Modified Message

GroupMember changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of GroupMember) Name of modified GroupMember
group_member GroupMember New version of GroupMember or masked difference, depending on mask_changes instrumentation of issued [WatchGroupMemberRequest] or [WatchGroupMembersRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified GroupMember. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying GroupMember new index in resulting query view.

GroupMemberChange.Removed Message

Removed is returned when GroupMember is deleted or leaves Query view

Name Type Description
name string (name of GroupMember)
view_index int32 Integer specifying removed GroupMember index. Not populated in stateless watch type.

Invitation Message

Common invitation body. It’s used in Project/Organization Invitations

Name Type Description
invitee_email string Invitee Email address
inviter_actor Actor Inviter User
inviter_full_name string Denormalized data - TODO: remove it
inviter_email string Inviter Email
language_code string Invitation ISO language code. Defaults to “en-us” (American English).
binding_roles repeated Invitation.BindingRole List of role bindings for this invitation. They are used for creation of proper RoleBinding resources.
groups repeated string (reference to Group) List of groups where invitee should join after accepting invitation
expiration_date .google.protobuf.Timestamp Expiration date
extras map<string, string> Extra custom fields to further customize invitation experience. Fields should be agreed between sender (usually UI) and documented in the template of email service provider.
state Invitation.State Status of Invitation

Invitation.BindingRole Message

BindingRole is used to create RoleBinding when invitation is accepted.

Name Type Description
role string (reference to Role) Role to be granted
executable_conditions repeated ExecutableCondition List of all applicable condition bindings to be applied when creating RoleBinding.
scope_params repeated ScopeParam List of applicable scope params to be applied when creating RoleBinding.

MemberAssignmentChange Message

MemberAssignmentChange is used by Watch notifications Responses to describe change of single MemberAssignment One of Added, Modified, Removed

Name Type Description
added MemberAssignmentChange.Added Added is returned when watched document is added, either created or enters Query view
modified MemberAssignmentChange.Modified Modified is returned when watched document is modified
current MemberAssignmentChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MemberAssignmentChange.Removed Removed is returned when MemberAssignment is deleted or leaves Query view

MemberAssignmentChange.Added Message

MemberAssignment has been added to query view

Name Type Description
member_assignment MemberAssignment
view_index int32 Integer describing index of added MemberAssignment in resulting query view.

MemberAssignmentChange.Current Message

MemberAssignment has been added or modified in a query view. Version used for stateless watching

Name Type Description
member_assignment MemberAssignment

MemberAssignmentChange.Modified Message

MemberAssignment changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MemberAssignment) Name of modified MemberAssignment
member_assignment MemberAssignment New version of MemberAssignment or masked difference, depending on mask_changes instrumentation of issued [WatchMemberAssignmentRequest] or [WatchMemberAssignmentsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MemberAssignment. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MemberAssignment new index in resulting query view.

MemberAssignmentChange.Removed Message

Removed is returned when MemberAssignment is deleted or leaves Query view

Name Type Description
name string (name of MemberAssignment)
view_index int32 Integer specifying removed MemberAssignment index. Not populated in stateless watch type.

MembersInfo Message

MembersInfo maps Users, ServiceAccounts or Groups to specific member data.

Name Type Description
member string Member identifier - as in format used in RoleBindings/GroupMembers.
users repeated User List of users. May contain more than 1 item, if there are multiple users sharing same email. Array may be empty if member is for service account or group type, or if no user exists with specified email.
service_accounts repeated ServiceAccount List of service accounts. It will be empty if member matches user or group type, or if no matching ServiceAccount was found. Length of this array is from 0 to 1.
groups repeated Group List of groups. It will be empty if member matches user or service account type, or if no matching Group was found. Length of this array is from 0 to 1.

MembersMasks Message

MembersMasks determines what fields should be obtained for matching members to GroupMembers.

Name Type Description
view View View defines list of standard response fields present in member items. Additional fields can be amended by specific field masks.
user_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each member User on top of fields defined by request field view
service_account_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each member ServiceAccount on top of fields defined by request field view
group_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each member Group on top of fields defined by request field view

OrganizationChange Message

OrganizationChange is used by Watch notifications Responses to describe change of single Organization One of Added, Modified, Removed

Name Type Description
added OrganizationChange.Added Added is returned when watched document is added, either created or enters Query view
modified OrganizationChange.Modified Modified is returned when watched document is modified
current OrganizationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed OrganizationChange.Removed Removed is returned when Organization is deleted or leaves Query view

OrganizationChange.Added Message

Organization has been added to query view

Name Type Description
organization Organization
view_index int32 Integer describing index of added Organization in resulting query view.

OrganizationChange.Current Message

Organization has been added or modified in a query view. Version used for stateless watching

Name Type Description
organization Organization

OrganizationChange.Modified Message

Organization changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Organization) Name of modified Organization
organization Organization New version of Organization or masked difference, depending on mask_changes instrumentation of issued [WatchOrganizationRequest] or [WatchOrganizationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Organization. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Organization new index in resulting query view.

OrganizationChange.Removed Message

Removed is returned when Organization is deleted or leaves Query view

Name Type Description
name string (name of Organization)
view_index int32 Integer specifying removed Organization index. Not populated in stateless watch type.

OrganizationInvitationChange Message

OrganizationInvitationChange is used by Watch notifications Responses to describe change of single OrganizationInvitation One of Added, Modified, Removed

Name Type Description
added OrganizationInvitationChange.Added Added is returned when watched document is added, either created or enters Query view
modified OrganizationInvitationChange.Modified Modified is returned when watched document is modified
current OrganizationInvitationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed OrganizationInvitationChange.Removed Removed is returned when OrganizationInvitation is deleted or leaves Query view

OrganizationInvitationChange.Added Message

OrganizationInvitation has been added to query view

Name Type Description
organization_invitation OrganizationInvitation
view_index int32 Integer describing index of added OrganizationInvitation in resulting query view.

OrganizationInvitationChange.Current Message

OrganizationInvitation has been added or modified in a query view. Version used for stateless watching

Name Type Description
organization_invitation OrganizationInvitation

OrganizationInvitationChange.Modified Message

OrganizationInvitation changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of OrganizationInvitation) Name of modified OrganizationInvitation
organization_invitation OrganizationInvitation New version of OrganizationInvitation or masked difference, depending on mask_changes instrumentation of issued [WatchOrganizationInvitationRequest] or [WatchOrganizationInvitationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified OrganizationInvitation. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying OrganizationInvitation new index in resulting query view.

OrganizationInvitationChange.Removed Message

Removed is returned when OrganizationInvitation is deleted or leaves Query view

Name Type Description
name string (name of OrganizationInvitation)
view_index int32 Integer specifying removed OrganizationInvitation index. Not populated in stateless watch type.

PCR Message

Name Type Description
index uint32s
digest_hex string Hex-encoded digest string (without 0x prefix, e.g. “DEADBEEF”)
digest_alg DigestAlg
comment string User’s comments for this entry

PermissionChange Message

PermissionChange is used by Watch notifications Responses to describe change of single Permission One of Added, Modified, Removed

Name Type Description
added PermissionChange.Added Added is returned when watched document is added, either created or enters Query view
modified PermissionChange.Modified Modified is returned when watched document is modified
current PermissionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PermissionChange.Removed Removed is returned when Permission is deleted or leaves Query view

PermissionChange.Added Message

Permission has been added to query view

Name Type Description
permission Permission
view_index int32 Integer describing index of added Permission in resulting query view.

PermissionChange.Current Message

Permission has been added or modified in a query view. Version used for stateless watching

Name Type Description
permission Permission

PermissionChange.Modified Message

Permission changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Permission) Name of modified Permission
permission Permission New version of Permission or masked difference, depending on mask_changes instrumentation of issued [WatchPermissionRequest] or [WatchPermissionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Permission. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Permission new index in resulting query view.

PermissionChange.Removed Message

Removed is returned when Permission is deleted or leaves Query view

Name Type Description
name string (name of Permission)
view_index int32 Integer specifying removed Permission index. Not populated in stateless watch type.

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

ProjectInvitationChange Message

ProjectInvitationChange is used by Watch notifications Responses to describe change of single ProjectInvitation One of Added, Modified, Removed

Name Type Description
added ProjectInvitationChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectInvitationChange.Modified Modified is returned when watched document is modified
current ProjectInvitationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectInvitationChange.Removed Removed is returned when ProjectInvitation is deleted or leaves Query view

ProjectInvitationChange.Added Message

ProjectInvitation has been added to query view

Name Type Description
project_invitation ProjectInvitation
view_index int32 Integer describing index of added ProjectInvitation in resulting query view.

ProjectInvitationChange.Current Message

ProjectInvitation has been added or modified in a query view. Version used for stateless watching

Name Type Description
project_invitation ProjectInvitation

ProjectInvitationChange.Modified Message

ProjectInvitation changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of ProjectInvitation) Name of modified ProjectInvitation
project_invitation ProjectInvitation New version of ProjectInvitation or masked difference, depending on mask_changes instrumentation of issued [WatchProjectInvitationRequest] or [WatchProjectInvitationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified ProjectInvitation. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying ProjectInvitation new index in resulting query view.

ProjectInvitationChange.Removed Message

Removed is returned when ProjectInvitation is deleted or leaves Query view

Name Type Description
name string (name of ProjectInvitation)
view_index int32 Integer specifying removed ProjectInvitation index. Not populated in stateless watch type.

RoleBindingChange Message

RoleBindingChange is used by Watch notifications Responses to describe change of single RoleBinding One of Added, Modified, Removed

Name Type Description
added RoleBindingChange.Added Added is returned when watched document is added, either created or enters Query view
modified RoleBindingChange.Modified Modified is returned when watched document is modified
current RoleBindingChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RoleBindingChange.Removed Removed is returned when RoleBinding is deleted or leaves Query view

RoleBindingChange.Added Message

RoleBinding has been added to query view

Name Type Description
role_binding RoleBinding
view_index int32 Integer describing index of added RoleBinding in resulting query view.

RoleBindingChange.Current Message

RoleBinding has been added or modified in a query view. Version used for stateless watching

Name Type Description
role_binding RoleBinding

RoleBindingChange.Modified Message

RoleBinding changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of RoleBinding) Name of modified RoleBinding
role_binding RoleBinding New version of RoleBinding or masked difference, depending on mask_changes instrumentation of issued [WatchRoleBindingRequest] or [WatchRoleBindingsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified RoleBinding. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying RoleBinding new index in resulting query view.

RoleBindingChange.Removed Message

Removed is returned when RoleBinding is deleted or leaves Query view

Name Type Description
name string (name of RoleBinding)
view_index int32 Integer specifying removed RoleBinding index. Not populated in stateless watch type.

RoleChange Message

RoleChange is used by Watch notifications Responses to describe change of single Role One of Added, Modified, Removed

Name Type Description
added RoleChange.Added Added is returned when watched document is added, either created or enters Query view
modified RoleChange.Modified Modified is returned when watched document is modified
current RoleChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RoleChange.Removed Removed is returned when Role is deleted or leaves Query view

RoleChange.Added Message

Role has been added to query view

Name Type Description
role Role
view_index int32 Integer describing index of added Role in resulting query view.

RoleChange.Current Message

Role has been added or modified in a query view. Version used for stateless watching

Name Type Description
role Role

RoleChange.Modified Message

Role changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Role) Name of modified Role
role Role New version of Role or masked difference, depending on mask_changes instrumentation of issued [WatchRoleRequest] or [WatchRolesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Role. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Role new index in resulting query view.

RoleChange.Removed Message

Removed is returned when Role is deleted or leaves Query view

Name Type Description
name string (name of Role)
view_index int32 Integer specifying removed Role index. Not populated in stateless watch type.

ScopeParam Message

Name Type Description
name string Name of the variable to be used in conditions/scope values.
string ScopeParam.StringValue Value is a single string
strings ScopeParam.ArrayOfStringsValue List of alternative values.
value_from ScopeParam.FromValue Value is extracted dynamically from pointed object type.

ScopeParam.ArrayOfStringsValue Message

ArrayOfStringsValue represents array of strings value

Name Type Description
values repeated string

ScopeParam.FromValue Message

FromValue represents a value(s) from specific dynamic object.

Name Type Description
source ScopeParam.FromValue.Source Source indicates type of dynamic object from where we take value(s).
path string Path within specified object from which exactly we get value(s).

ScopeParam.StringValue Message

StringValue represents single value

Name Type Description
value string

ServiceAccountChange Message

ServiceAccountChange is used by Watch notifications Responses to describe change of single ServiceAccount One of Added, Modified, Removed

Name Type Description
added ServiceAccountChange.Added Added is returned when watched document is added, either created or enters Query view
modified ServiceAccountChange.Modified Modified is returned when watched document is modified
current ServiceAccountChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ServiceAccountChange.Removed Removed is returned when ServiceAccount is deleted or leaves Query view

ServiceAccountChange.Added Message

ServiceAccount has been added to query view

Name Type Description
service_account ServiceAccount
view_index int32 Integer describing index of added ServiceAccount in resulting query view.

ServiceAccountChange.Current Message

ServiceAccount has been added or modified in a query view. Version used for stateless watching

Name Type Description
service_account ServiceAccount

ServiceAccountChange.Modified Message

ServiceAccount changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of ServiceAccount) Name of modified ServiceAccount
service_account ServiceAccount New version of ServiceAccount or masked difference, depending on mask_changes instrumentation of issued [WatchServiceAccountRequest] or [WatchServiceAccountsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified ServiceAccount. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying ServiceAccount new index in resulting query view.

ServiceAccountChange.Removed Message

Removed is returned when ServiceAccount is deleted or leaves Query view

Name Type Description
name string (name of ServiceAccount)
view_index int32 Integer specifying removed ServiceAccount index. Not populated in stateless watch type.

ServiceAccountKeyChange Message

ServiceAccountKeyChange is used by Watch notifications Responses to describe change of single ServiceAccountKey One of Added, Modified, Removed

Name Type Description
added ServiceAccountKeyChange.Added Added is returned when watched document is added, either created or enters Query view
modified ServiceAccountKeyChange.Modified Modified is returned when watched document is modified
current ServiceAccountKeyChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ServiceAccountKeyChange.Removed Removed is returned when ServiceAccountKey is deleted or leaves Query view

ServiceAccountKeyChange.Added Message

ServiceAccountKey has been added to query view

Name Type Description
service_account_key ServiceAccountKey
view_index int32 Integer describing index of added ServiceAccountKey in resulting query view.

ServiceAccountKeyChange.Current Message

ServiceAccountKey has been added or modified in a query view. Version used for stateless watching

Name Type Description
service_account_key ServiceAccountKey

ServiceAccountKeyChange.Modified Message

ServiceAccountKey changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of ServiceAccountKey) Name of modified ServiceAccountKey
service_account_key ServiceAccountKey New version of ServiceAccountKey or masked difference, depending on mask_changes instrumentation of issued [WatchServiceAccountKeyRequest] or [WatchServiceAccountKeysRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified ServiceAccountKey. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying ServiceAccountKey new index in resulting query view.

ServiceAccountKeyChange.Removed Message

Removed is returned when ServiceAccountKey is deleted or leaves Query view

Name Type Description
name string (name of ServiceAccountKey)
view_index int32 Integer specifying removed ServiceAccountKey index. Not populated in stateless watch type.

ServiceBusinessTier Message

ServiceBusinessTier binds specific service with specific business tier. It may be useful if two services use different tier in one organizational entity (project or organization).

Name Type Description
service string (name of Service) Service
business_tier BusinessTier Entity tier value for given service. It may be also set to UNDEFINED, if this service is not supposed to be used at all for given entity. This way we can opt out from core edgelq services if needed.

ServiceErrors Message

ServiceErrors is generic container wrapping errors with services.

Name Type Description
errors repeated ServiceErrors.Error Errors

ServiceErrors.Error Message

Name Type Description
service string (name of Service) Service for which there are error reports. May be skipped if error is cross-service or is about core EdgeLQ components.
message string Error message

UserChange Message

UserChange is used by Watch notifications Responses to describe change of single User One of Added, Modified, Removed

Name Type Description
added UserChange.Added Added is returned when watched document is added, either created or enters Query view
modified UserChange.Modified Modified is returned when watched document is modified
current UserChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed UserChange.Removed Removed is returned when User is deleted or leaves Query view

UserChange.Added Message

User has been added to query view

Name Type Description
user User
view_index int32 Integer describing index of added User in resulting query view.

UserChange.Current Message

User has been added or modified in a query view. Version used for stateless watching

Name Type Description
user User

UserChange.Modified Message

User changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of User) Name of modified User
user User New version of User or masked difference, depending on mask_changes instrumentation of issued [WatchUserRequest] or [WatchUsersRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified User. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying User new index in resulting query view.

UserChange.Removed Message

Removed is returned when User is deleted or leaves Query view

Name Type Description
name string (name of User)
view_index int32 Integer specifying removed User index. Not populated in stateless watch type.

WatchPrincipalUpdatesRequest Message

Request message for method [WatchPrincipalUpdates][ntt.iam.v1.WatchPrincipalUpdates]

Name Type Description
requesting_service string (name of Service)
resume_token string Resume token in case of disconnection

WatchPrincipalUpdatesResponse Message

Response message for method [WatchPrincipalUpdates][ntt.iam.v1.WatchPrincipalUpdates]

Name Type Description
current_principals repeated WatchPrincipalUpdatesResponse.CurrentPrincipal All added or removed principals
removed_principals repeated WatchPrincipalUpdatesResponse.RemovedPrincipal All removed principals
is_current bool Whether list of shadows received by client is in sync
is_reset bool Whether current, pending changes should be reset.
resume_token string Token to resume from.

WatchPrincipalUpdatesResponse.CurrentPrincipal Message

Name Type Description
principal_key_id string
json_key string
principal_key_type string
user User
service_account ServiceAccount

WatchPrincipalUpdatesResponse.RemovedPrincipal Message

Name Type Description
principal_key_id string

IAM Service Shared Enumerations

Here is the list of IAM service shared enumerations:

BusinessTier Enumeration

BusinessTier indicates size of organizational entity (project or organization). Size-type sizes are used in core edgelq services, SKU-types can be used optionally by 3rd party services.

Name Description
UNDEFINED
LARGE
MEDIUM
SMALL
XSMALL
SKU0
SKU1
SKU2
SKU3
SKU4
SKU5
SKU6
SKU7
SKU8
SKU9
SKU10
SKU11
SKU12

DigestAlg Enumeration

Name Description
SHA1
SHA256

Invitation.State Enumeration

Invitation FSM States

Name Description
STATE_UNSPECIFIED
PENDING
ACCEPTED
DECLINED
EXPIRED

ScopeParam.FromValue.Source Enumeration

Source indicates which dynamic object is used to extract value from.

Name Description
UNDEFINED
PRINCIPAL_METADATA Object from which value is taken is metadata. Valid for Service Accounts and user types.
PRINCIPAL_USER Object from which value is taken is User principal. If principal executing an Action is not a User, then value will be empty.
PRINCIPAL_SVCACC Object from which value is taken is ServiceAccount principal. If principal executing an Action is not a ServiceAccount, then value will be empty.

TpmVersion Enumeration

Name Description
TPMVAGNOSTIC
TPMV12
TPMV20

VerifyRequest.AskForChallenge.ChallengeFormat Enumeration

Name Description
TPM20_CREDENTIAL Credential Protection as defined in section 24 of the TPM specification revision 2 part 1 See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ Returned primitives are of type TPM2B_ID_OBJECT and TPM2B_ENCRYPTED_SECRET. NOTE: ECC is not supported. Reference implementation: github.com/google/go-attestation@v0.3.2/attest/activation.go:generateChallengeTPM20, which uses github.com/google/go-tmp@v0.3.2/tmp2/credactivation/credential_activation.go:Generate
TPM12_EKBLOB Challenge as defined in section 15.1 of the TPM 1.2 commands spec See: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-3-Commands_v1.2_rev116_01032011.pdf Returned primitives are of type TPM12_EKBLOB (with TPM_EK_BLOB_ACTIVATE) and bytes. Reference implementation: github.com/google/go-attestation@v0.3.2/attest/activation.go:generateChallengeTPM12, which uses github.com/google/go-attestation@v0.3.2/attest/challenge.go:generateChallenge12
TSPI_EKBLOB TSPI_EKBLOB is a TPM1.2 challenge format accepted by TrouSerS daemon’s Tspi_TPM_ActivateIdentity function. As far as I can tell, it’s not documented except in the code. Returned primitives are of type TPM12_EKBLOB (with TPM_EK_BLOB_ACTIVATE) and bytes. Reference implementation: github.com/google/go-attestation@v0.3.2/attest/activation.go:generateChallengeTPM12, which uses github.com/google/go-tspi@v0.3.0/verification/verification.go:GenerateChallengeEx

2.2 -

Understanding the iam.edgelq.com service APIv1alpha2, in proto package ntt.iam.v1alpha2.

Service iam.edgelq.com in version v1alpha2, proto package ntt.iam.v1alpha2

Here is the list of resources supported in IAM service APIv1alpha2:

AttestationDomain Resource

AttestationDomain represents attestation parameters for a heterogenous fleet of devices.

Name patterns:

  • projects/{project}/attestationDomains/{attestation_domain}

Parent resources:

This section covers the methods and messages to interact with AttestationDomain resource.

AttestationDomain Methods

Here is the list of AttestationDomain resource methods:

GetAttestationDomain Method

GetAttestationDomain

rpc GetAttestationDomain(GetAttestationDomainRequest) returns (AttestationDomain)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/attestationDomains/*}

BatchGetAttestationDomains Method

BatchGetAttestationDomains

rpc BatchGetAttestationDomains(BatchGetAttestationDomainsRequest) returns (BatchGetAttestationDomainsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.batchGet

The equivalent REST API is:

GET /v1alpha2/attestationDomains:batchGet

ListAttestationDomains Method

ListAttestationDomains

rpc ListAttestationDomains(ListAttestationDomainsRequest) returns (ListAttestationDomainsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*}/attestationDomains

WatchAttestationDomain Method

WatchAttestationDomain

rpc WatchAttestationDomain(WatchAttestationDomainRequest) returns (WatchAttestationDomainResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/attestationDomains/*}:watch

WatchAttestationDomains Method

WatchAttestationDomains

rpc WatchAttestationDomains(WatchAttestationDomainsRequest) returns (WatchAttestationDomainsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/attestationDomains:watch

CreateAttestationDomain Method

CreateAttestationDomain

rpc CreateAttestationDomain(CreateAttestationDomainRequest) returns (AttestationDomain)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.create

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/attestationDomains (BODY: attestation_domain)

UpdateAttestationDomain Method

UpdateAttestationDomain

rpc UpdateAttestationDomain(UpdateAttestationDomainRequest) returns (AttestationDomain)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.update

The equivalent REST API is:

PUT /v1alpha2/{attestation_domain.name=projects/*/attestationDomains/*} (BODY: attestation_domain)

DeleteAttestationDomain Method

DeleteAttestationDomain

rpc DeleteAttestationDomain(DeleteAttestationDomainRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/attestationDomains/*}

Verify Method

Verify

rpc Verify(VerifyRequest) returns (VerifyResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/attestationDomains.verify

The equivalent REST API is:

POST /v1alpha2/{ask_for_challenge.attestation_domain=projects/*/attestationDomains/*}:verify

AttestationDomain Messages

Here is the list of AttestationDomain resource messages:

AttestationDomain Message

Name Type Description
metadata Meta Meta
name string (name of AttestationDomain) Name of AttestationDomain When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
display_name string Display name
insecure_skip_manufacturer_ekcert_verification bool If false (default), attestation verifier SHALL check CA certificate chain up to the TPM chip manufacturers CA (defined in manufacturer_ca_issuers). This step is necessary to prove that the attestation request comes from a genuine TPM device, and not a TPM emulator. If true, attestation verifier SHALL skip EKcert verification - !!INSECURE!! Without this check, any keys may come from a simulated TPM on the device. An attacker may therefore forge any key they want. Therefore, this option should only be changed for development purposes.
policies repeated AttestationDomain.Policy Attestees wanting to attest under this attestation domain SHALL fulfill requirements of at least one of attestation policies defined in this list. Policies are checked in the order they appear on this list.
enrollment_list repeated AttestationDomain.EnrolledKey Attestation policy may require atestees pubkey to be present on enrollment_list.

AttestationDomain.Policy Message

Policy defines a singular attestation policy, that should match a homogenous class of device (i.e. hardware and firmware configuration) in the fleet.

Name Type Description
manufacturer_root_ca_certs_pem string List of acceptable manufacturer’s root CAs certs (in PEM format). To obtain such a cert, run something like: tpm2_getekcertificate -o cert.bin openssl x509 -inform der -in cert.bin -noout -text Then manually download certificate specified in Authority Information Access (AIA). Repeat the above openssl command on the newly downloadedfile (change the value of -in argument). Continue this until you reach a certificate which does not have AIA. It’s the root certificate. Convert it to PEM like so: openssl x509 -inform der -in root.crt -out root.pem Still, we need to encode newlines: awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' root.pem Then paste the output here. Note: multiple PEM certificates may be included here by simple means of concatenation.
require_enrollment bool If true, the attestee’s pubkey SHALL be present on this AttestationDomain’s enrollment list, otherwise fail the attestation.
verify_event_log bool If true, the verifier SHALL parse, replay and verify TPM event log provided by the atestee, otherwise fail the attestation. Note that requiring verification of event does not provide additional security. See https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md#event-type-and-verification-footguns
expected_pcrs repeated PCR List of expected PCR values. All PCRs on this list SHALL match exactly the PCRs provided by the atestee, otherwise the attestation SHALL be failed. The verifier SHALL perform sanity checks: PCR index/digest pairs are unique and the size of the list is sane (TODO). They can be read from TPM by running something like tpm2_pcrread.

AttestationDomain.EnrolledKey Message

EnrolledKey defines an enrolled key.

Name Type Description
pubkey_pem string PEM encoded EK pubkey. It can be read from TPM by running something like tpm2_createek -G rsa -u ek.pub -c key.ctx -f pem.
comment string User’s comments for this entry

GetAttestationDomainRequest Message

A request message of the GetAttestationDomain method.

Name Type Description
name string (name of AttestationDomain) Name of ntt.iam.v1alpha2.AttestationDomain
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAttestationDomainsRequest Message

A request message of the BatchGetAttestationDomains method.

Name Type Description
names repeated string (name of AttestationDomain) Names of AttestationDomains
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAttestationDomainsResponse Message

A response message of the BatchGetAttestationDomains method.

Name Type Description
attestation_domains repeated AttestationDomain found AttestationDomains
missing repeated string (name of AttestationDomain) list of not found AttestationDomains

ListAttestationDomainsRequest Message

A request message of the ListAttestationDomains method.

Name Type Description
parent string (parent name of AttestationDomain) Parent name of ntt.iam.v1alpha2.AttestationDomain
page_size int32 Requested page size. Server may return fewer AttestationDomains than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AttestationDomain) A token identifying a page of results the server should return. Typically, this is the value of ListAttestationDomainsResponse.next_page_token.
order_by string (orderBy of AttestationDomain) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AttestationDomain) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAttestationDomainsResponse Message

A response message of the ListAttestationDomains method.

Name Type Description
attestation_domains repeated AttestationDomain The list of AttestationDomains
prev_page_token string (cursor of AttestationDomain) A token to retrieve previous page of results. Pass this value in the ListAttestationDomainsRequest.page_token.
next_page_token string (cursor of AttestationDomain) A token to retrieve next page of results. Pass this value in the ListAttestationDomainsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AttestationDomains across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAttestationDomainRequest Message

A request message of the WatchAttestationDomain method.

Name Type Description
name string (name of AttestationDomain) Name of ntt.iam.v1alpha2.AttestationDomain
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAttestationDomainResponse Message

A response message of the WatchAttestationDomain method.

Name Type Description
change AttestationDomainChange

WatchAttestationDomainsRequest Message

A request message of the WatchAttestationDomains method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AttestationDomain) Parent name of ntt.iam.v1alpha2.AttestationDomain
page_size int32 Requested page size. Server may return fewer AttestationDomains than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AttestationDomain) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AttestationDomain) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AttestationDomain) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AttestationDomain that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AttestationDomain that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAttestationDomainsResponse Message

A response message of the WatchAttestationDomains method.

Name Type Description
attestation_domain_changes repeated AttestationDomainChange Changes of AttestationDomains
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AttestationDomains will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAttestationDomainsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AttestationDomains will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAttestationDomainsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AttestationDomain) New token to retrieve previous page of results.
next_page_token string (cursor of AttestationDomain) New token to retrieve next page of results.

CreateAttestationDomainRequest Message

A request message of the CreateAttestationDomain method.

Name Type Description
parent string (parent name of AttestationDomain) Parent name of ntt.iam.v1alpha2.AttestationDomain
attestation_domain AttestationDomain AttestationDomain resource body
response_mask CreateAttestationDomainRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAttestationDomainRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAttestationDomainRequest Message

A request message of the UpdateAttestationDomain method.

Name Type Description
attestation_domain AttestationDomain AttestationDomain resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAttestationDomainRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAttestationDomainRequest.ResponseMask reduce message response size.

UpdateAttestationDomainRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AttestationDomain Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAttestationDomainRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAttestationDomainRequest Message

A request message of the DeleteAttestationDomain method.

Name Type Description
name string (name of AttestationDomain) Name of ntt.iam.v1alpha2.AttestationDomain
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

VerifyRequest Message

Request message for method [Verify][ntt.iam.v1alpha2.Verify]

Name Type Description
ask_for_challenge VerifyRequest.AskForChallenge
challenge_response VerifyRequest.ChallengeResponse

VerifyRequest.AskForChallenge Message

Name Type Description
subject string This will be used to set “sub” claim for attestation token. This “sub” should be compared to “sub” of JWT access token during validation. “Sub” comparison ties both tokens together and protects against theft/reuse of one of them by another service account.
attestation_domain string (name of AttestationDomain) attestation domain ref
tpm_version TpmVersion
ekpub bytes PKIX encoded EK public
ekcert bytes ASN.1 DER encoded EK certificate.
ekcerturl string For Intel TPMs, Intel hosts certificates at a public URL derived from the Public key. Clients or servers can perform an HTTP GET to this URL, and use ParseEKCertificate on the response body.
akpub bytes https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf TPMT_PUBLIC (TPM 2.0) or TPM_PUBKEY (TPM 1.2)
creation_data bytes TPMS_CREATION_DATA
attest bytes TPMS_ATTEST
signature bytes TPMT_SIGNATURE
challenge_format VerifyRequest.AskForChallenge.ChallengeFormat ChallengeFormat defines the method of generating identity activation challenge by the Verifier (server). It should affect the interpretation ChallengeResponse fields cred_encrypted_by_ekpub and secret_encrypted_by_cred. Attestor (client) is responsible for chosing the right format depending on TPM version and the presence of TrouSerS daemon.

VerifyRequest.ChallengeResponse Message

Name Type Description
ak_activation_decrypted_secret bytes
quotes repeated VerifyRequest.ChallengeResponse.Quote
pcrs repeated PCR
eventlog bytes Binary contents of /sys/kernel/security/tpm0/binary_bios_measurements

VerifyRequest.ChallengeResponse.Quote Message

Name Type Description
quote bytes TPMS_ATTEST (TSS_VALIDATION.Data or TSS_VALIDATION.rgbData) This contains PCR selection information for which the signature was calculated and other required data, like nonce.
signature bytes TSS_VALIDATION.ValidationData or TSS_VALIDATION.rgbValidationData

VerifyResponse Message

Response message for method [Verify][ntt.iam.v1alpha2.Verify]

Name Type Description
challenge VerifyResponse.Challenge
attestation_successful VerifyResponse.AttestationSuccessful

VerifyResponse.Challenge Message

Name Type Description
platform_attestation_nonce bytes Platform attestation
cred_encrypted_by_ekpub bytes AK Identity Activation
secret_encrypted_by_cred bytes

VerifyResponse.AttestationSuccessful Message

Name Type Description
attestation_token string

Condition Resource

Condition Resource provides an extension to primary RBAC model, which allows customizable (scriptable) access. Conditions can only be used to further limit (or narrow) access compared to standard (or unconditional) RBAC.

Usage:

  1. Condition is created with expression and parameter declarations. Consider this a definition, which will be later “bound”.
  2. When creating a [RoleBinding] pass [ConditionBinding] with reference to [Condition] and bound parameters.

When checking for principal access (anonymous, user, service account), for RoleBinding to grant permissions included in bound [Role], both RBAC and Condition expression evaluation must grant access.

Name patterns:

  • conditions/{condition}
  • projects/{project}/conditions/{condition}
  • organizations/{organization}/conditions/{condition}

Parent resources:

This section covers the methods and messages to interact with Condition resource.

Condition Methods

Here is the list of Condition resource methods:

GetCondition Method

GetCondition

rpc GetCondition(GetConditionRequest) returns (Condition)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.get

The equivalent REST API is:

GET /v1alpha2/{name=conditions/*} 

GET /v1alpha2/{name=projects/*/conditions/*} 

GET /v1alpha2/{name=organizations/*/conditions/*}

BatchGetConditions Method

BatchGetConditions

rpc BatchGetConditions(BatchGetConditionsRequest) returns (BatchGetConditionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.batchGet

The equivalent REST API is:

GET /v1alpha2/conditions:batchGet

ListConditions Method

ListConditions

rpc ListConditions(ListConditionsRequest) returns (ListConditionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.list

The equivalent REST API is:

GET /v1alpha2/conditions 

GET /v1alpha2/{parent=projects/*}/conditions 

GET /v1alpha2/{parent=organizations/*}/conditions

WatchCondition Method

WatchCondition

rpc WatchCondition(WatchConditionRequest) returns (WatchConditionResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.watch

The equivalent REST API is:

POST /v1alpha2/{name=conditions/*}:watch 

POST /v1alpha2/{name=projects/*/conditions/*}:watch 

POST /v1alpha2/{name=organizations/*/conditions/*}:watch

WatchConditions Method

WatchConditions

rpc WatchConditions(WatchConditionsRequest) returns (WatchConditionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.watch

The equivalent REST API is:

POST /v1alpha2/conditions:watch 

POST /v1alpha2/{parent=projects/*}/conditions:watch 

POST /v1alpha2/{parent=organizations/*}/conditions:watch

CreateCondition Method

CreateCondition

rpc CreateCondition(CreateConditionRequest) returns (Condition)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.create

The equivalent REST API is:

POST /v1alpha2/conditions (BODY: condition)

POST /v1alpha2/{parent=projects/*}/conditions 

POST /v1alpha2/{parent=organizations/*}/conditions

UpdateCondition Method

UpdateCondition

rpc UpdateCondition(UpdateConditionRequest) returns (Condition)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.update

The equivalent REST API is:

PUT /v1alpha2/{condition.name=conditions/*} (BODY: condition)

PUT /v1alpha2/{condition.name=projects/*/conditions/*} 

PUT /v1alpha2/{condition.name=organizations/*/conditions/*}

DeleteCondition Method

DeleteCondition

rpc DeleteCondition(DeleteConditionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/conditions.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=conditions/*} 

DELETE /v1alpha2/{name=projects/*/conditions/*} 

DELETE /v1alpha2/{name=organizations/*/conditions/*}

Condition Messages

Here is the list of Condition resource messages:

Condition Message

Name Type Description
name string (name of Condition) Name of Condition When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
display_name string Display Name
description string Description
expression string Condition expression in Google CEL, syntax, e.g. resource.name == "projects/xyz/instances/abc" Accessible parameters:
parameter_declarations repeated Condition.ParameterDeclaration Typed parameters declarations. When binding a Condition passed parameters must correspond to declarations.
metadata Meta Metadata

Condition.ParameterDeclaration Message

Parameter Declarations used

Name Type Description
key string Parameter Key - must be unique within condition. Defined parameter variables are accessible in condition expression via parameters.\<key\>, e.g.parameters.projectId
type Condition.ParameterType Parameter value type

GetConditionRequest Message

A request message of the GetCondition method.

Name Type Description
name string (name of Condition) Name of ntt.iam.v1alpha2.Condition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetConditionsRequest Message

A request message of the BatchGetConditions method.

Name Type Description
names repeated string (name of Condition) Names of Conditions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetConditionsResponse Message

A response message of the BatchGetConditions method.

Name Type Description
conditions repeated Condition found Conditions
missing repeated string (name of Condition) list of not found Conditions

ListConditionsRequest Message

A request message of the ListConditions method.

Name Type Description
parent string (parent name of Condition) Parent name of ntt.iam.v1alpha2.Condition
page_size int32 Requested page size. Server may return fewer Conditions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Condition) A token identifying a page of results the server should return. Typically, this is the value of ListConditionsResponse.next_page_token.
order_by string (orderBy of Condition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Condition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListConditionsResponse Message

A response message of the ListConditions method.

Name Type Description
conditions repeated Condition The list of Conditions
prev_page_token string (cursor of Condition) A token to retrieve previous page of results. Pass this value in the ListConditionsRequest.page_token.
next_page_token string (cursor of Condition) A token to retrieve next page of results. Pass this value in the ListConditionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Conditions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchConditionRequest Message

A request message of the WatchCondition method.

Name Type Description
name string (name of Condition) Name of ntt.iam.v1alpha2.Condition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchConditionResponse Message

A response message of the WatchCondition method.

Name Type Description
change ConditionChange

WatchConditionsRequest Message

A request message of the WatchConditions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Condition) Parent name of ntt.iam.v1alpha2.Condition
page_size int32 Requested page size. Server may return fewer Conditions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Condition) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Condition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Condition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Condition that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Condition that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchConditionsResponse Message

A response message of the WatchConditions method.

Name Type Description
condition_changes repeated ConditionChange Changes of Conditions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Conditions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchConditionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Conditions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchConditionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Condition) New token to retrieve previous page of results.
next_page_token string (cursor of Condition) New token to retrieve next page of results.

CreateConditionRequest Message

A request message of the CreateCondition method.

Name Type Description
parent string (parent name of Condition) Parent name of ntt.iam.v1alpha2.Condition
condition Condition Condition resource body
response_mask CreateConditionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateConditionRequest Message

A request message of the UpdateCondition method.

Name Type Description
condition Condition Condition resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateConditionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateConditionRequest.ResponseMask reduce message response size.

UpdateConditionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Condition Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteConditionRequest Message

A request message of the DeleteCondition method.

Name Type Description
name string (name of Condition) Name of ntt.iam.v1alpha2.Condition
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Condition Enumerations

Here is the list of Condition resource enumerations:

Condition.ParameterType Enumeration

Parameter Type.

Name Description
TYPE_UNSPECIFIED
STRING
INT64
DOUBLE
BOOL
STRING_ARRAY
INT64_ARRAY
DOUBLE_ARRAY
BOOL_ARRAY
OBJECT

Group Resource

Group Resource

Allows grouping members like: [ServiceAccounts][ntt.iam.v1alpha2.ServiceAccount], [Users][ntt.iam.v1alpha2.User], or other [Groups][ntt.iam.v1alpha2.Group] by managing [memberships][ntt.iam.v1alpha2.GroupMember].

Groups can then be used to simplify access management by referring to them through via [email][ntt.iam.v1alpha2.Group.email] in [RoleBindings][ntt.iam.v1alpha2.RoleBinding.member].

Name patterns:

  • groups/{group}
  • projects/{project}/groups/{group}
  • organizations/{organization}/groups/{group}

Parent resources:

This section covers the methods and messages to interact with Group resource.

Group Methods

Here is the list of Group resource methods:

GetGroup Method

GetGroup

rpc GetGroup(GetGroupRequest) returns (Group)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.get

The equivalent REST API is:

GET /v1alpha2/{name=groups/*} 

GET /v1alpha2/{name=projects/*/groups/*} 

GET /v1alpha2/{name=organizations/*/groups/*}

BatchGetGroups Method

BatchGetGroups

rpc BatchGetGroups(BatchGetGroupsRequest) returns (BatchGetGroupsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.batchGet

The equivalent REST API is:

GET /v1alpha2/groups:batchGet

ListGroups Method

ListGroups

rpc ListGroups(ListGroupsRequest) returns (ListGroupsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.list

The equivalent REST API is:

GET /v1alpha2/groups 

GET /v1alpha2/{parent=projects/*}/groups 

GET /v1alpha2/{parent=organizations/*}/groups

WatchGroup Method

WatchGroup

rpc WatchGroup(WatchGroupRequest) returns (WatchGroupResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.watch

The equivalent REST API is:

POST /v1alpha2/{name=groups/*}:watch 

POST /v1alpha2/{name=projects/*/groups/*}:watch 

POST /v1alpha2/{name=organizations/*/groups/*}:watch

WatchGroups Method

WatchGroups

rpc WatchGroups(WatchGroupsRequest) returns (WatchGroupsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.watch

The equivalent REST API is:

POST /v1alpha2/groups:watch 

POST /v1alpha2/{parent=projects/*}/groups:watch 

POST /v1alpha2/{parent=organizations/*}/groups:watch

CreateGroup Method

CreateGroup

rpc CreateGroup(CreateGroupRequest) returns (Group)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.create

The equivalent REST API is:

POST /v1alpha2/groups (BODY: group)

POST /v1alpha2/{parent=projects/*}/groups 

POST /v1alpha2/{parent=organizations/*}/groups

UpdateGroup Method

UpdateGroup

rpc UpdateGroup(UpdateGroupRequest) returns (Group)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.update

The equivalent REST API is:

PUT /v1alpha2/{group.name=groups/*} (BODY: group)

PUT /v1alpha2/{group.name=projects/*/groups/*} 

PUT /v1alpha2/{group.name=organizations/*/groups/*}

DeleteGroup Method

DeleteGroup

rpc DeleteGroup(DeleteGroupRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groups.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=groups/*} 

DELETE /v1alpha2/{name=projects/*/groups/*} 

DELETE /v1alpha2/{name=organizations/*/groups/*}

Group Messages

Here is the list of Group resource messages:

Group Message

Name Type Description
name string (name of Group) Name of Group When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
display_name string Display Name
email string Unique email address for this [Group]. Generated based on its [name][ntt.iam.v1alpha2.Group.name] with following rules: 1. System group: {group_id}@groups.iam.edgelq.com 2. Organization group: {group_id}@{organization_id}.groups.iam.edgelq.com 3. Project group: {group_id}@{project_id}.groups.iam.edgelq.com This email can be used in [RoleBindings][ntt.iam.v1alpha2.RoleBinding.member] field. Note: Currently there is way to assign custom domain for [Organization] or [Project].
metadata Meta Metadata

GetGroupRequest Message

A request message of the GetGroup method.

Name Type Description
name string (name of Group) Name of ntt.iam.v1alpha2.Group
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupsRequest Message

A request message of the BatchGetGroups method.

Name Type Description
names repeated string (name of Group) Names of Groups
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupsResponse Message

A response message of the BatchGetGroups method.

Name Type Description
groups repeated Group found Groups
missing repeated string (name of Group) list of not found Groups

ListGroupsRequest Message

A request message of the ListGroups method.

Name Type Description
parent string (parent name of Group) Parent name of ntt.iam.v1alpha2.Group
page_size int32 Requested page size. Server may return fewer Groups than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Group) A token identifying a page of results the server should return. Typically, this is the value of ListGroupsResponse.next_page_token.
order_by string (orderBy of Group) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Group) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListGroupsResponse Message

A response message of the ListGroups method.

Name Type Description
groups repeated Group The list of Groups
prev_page_token string (cursor of Group) A token to retrieve previous page of results. Pass this value in the ListGroupsRequest.page_token.
next_page_token string (cursor of Group) A token to retrieve next page of results. Pass this value in the ListGroupsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Groups across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchGroupRequest Message

A request message of the WatchGroup method.

Name Type Description
name string (name of Group) Name of ntt.iam.v1alpha2.Group
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchGroupResponse Message

A response message of the WatchGroup method.

Name Type Description
change GroupChange

WatchGroupsRequest Message

A request message of the WatchGroups method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Group) Parent name of ntt.iam.v1alpha2.Group
page_size int32 Requested page size. Server may return fewer Groups than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Group) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Group) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Group) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Group that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Group that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchGroupsResponse Message

A response message of the WatchGroups method.

Name Type Description
group_changes repeated GroupChange Changes of Groups
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Groups will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchGroupsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Groups will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchGroupsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Group) New token to retrieve previous page of results.
next_page_token string (cursor of Group) New token to retrieve next page of results.

CreateGroupRequest Message

A request message of the CreateGroup method.

Name Type Description
parent string (parent name of Group) Parent name of ntt.iam.v1alpha2.Group
group Group Group resource body
response_mask CreateGroupRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateGroupRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateGroupRequest Message

A request message of the UpdateGroup method.

Name Type Description
group Group Group resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateGroupRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateGroupRequest.ResponseMask reduce message response size.

UpdateGroupRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Group Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateGroupRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteGroupRequest Message

A request message of the DeleteGroup method.

Name Type Description
name string (name of Group) Name of ntt.iam.v1alpha2.Group
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GroupMember Resource

GroupMember Resource

Name patterns:

  • groups/{group}/groupMembers/{group_member}
  • projects/{project}/groups/{group}/groupMembers/{group_member}
  • organizations/{organization}/groups/{group}/groupMembers/{group_member}

Parent resources:

This section covers the methods and messages to interact with GroupMember resource.

GroupMember Methods

Here is the list of GroupMember resource methods:

GetGroupMember Method

GetGroupMember

rpc GetGroupMember(GetGroupMemberRequest) returns (GroupMember)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.get

The equivalent REST API is:

GET /v1alpha2/{name=groups/*/groupMembers/*} 

GET /v1alpha2/{name=projects/*/groups/*/groupMembers/*} 

GET /v1alpha2/{name=organizations/*/groups/*/groupMembers/*}

BatchGetGroupMembers Method

BatchGetGroupMembers

rpc BatchGetGroupMembers(BatchGetGroupMembersRequest) returns (BatchGetGroupMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.batchGet

The equivalent REST API is:

GET /v1alpha2/groupMembers:batchGet

ListGroupMembers Method

ListGroupMembers

rpc ListGroupMembers(ListGroupMembersRequest) returns (ListGroupMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.list

The equivalent REST API is:

GET /v1alpha2/{parent=groups/*}/groupMembers 

GET /v1alpha2/{parent=projects/*/groups/*}/groupMembers 

GET /v1alpha2/{parent=organizations/*/groups/*}/groupMembers

WatchGroupMember Method

WatchGroupMember

rpc WatchGroupMember(WatchGroupMemberRequest) returns (WatchGroupMemberResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.watch

The equivalent REST API is:

POST /v1alpha2/{name=groups/*/groupMembers/*}:watch 

POST /v1alpha2/{name=projects/*/groups/*/groupMembers/*}:watch 

POST /v1alpha2/{name=organizations/*/groups/*/groupMembers/*}:watch

WatchGroupMembers Method

WatchGroupMembers

rpc WatchGroupMembers(WatchGroupMembersRequest) returns (WatchGroupMembersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.watch

The equivalent REST API is:

POST /v1alpha2/{parent=groups/*}/groupMembers:watch 

POST /v1alpha2/{parent=projects/*/groups/*}/groupMembers:watch 

POST /v1alpha2/{parent=organizations/*/groups/*}/groupMembers:watch

CreateGroupMember Method

CreateGroupMember

rpc CreateGroupMember(CreateGroupMemberRequest) returns (GroupMember)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.create

The equivalent REST API is:

POST /v1alpha2/{parent=groups/*}/groupMembers (BODY: group_member)

POST /v1alpha2/{parent=projects/*/groups/*}/groupMembers 

POST /v1alpha2/{parent=organizations/*/groups/*}/groupMembers

UpdateGroupMember Method

UpdateGroupMember

rpc UpdateGroupMember(UpdateGroupMemberRequest) returns (GroupMember)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.update

The equivalent REST API is:

PUT /v1alpha2/{group_member.name=groups/*/groupMembers/*} (BODY: group_member)

PUT /v1alpha2/{group_member.name=projects/*/groups/*/groupMembers/*} 

PUT /v1alpha2/{group_member.name=organizations/*/groups/*/groupMembers/*}

DeleteGroupMember Method

DeleteGroupMember

rpc DeleteGroupMember(DeleteGroupMemberRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/groupMembers.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=groups/*/groupMembers/*} 

DELETE /v1alpha2/{name=projects/*/groups/*/groupMembers/*} 

DELETE /v1alpha2/{name=organizations/*/groups/*/groupMembers/*}

GroupMember Messages

Here is the list of GroupMember resource messages:

GroupMember Message

Name Type Description
name string (name of GroupMember) Name of GroupMember When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
member string Format of the string is one of: - “allUsers” (anyone) - “allAuthenticatedUsers” (anyone logged in) - “user:admin.super@example.com” - “serviceAccount:device_agent@watchdog.serviceaccounts.iam.edgelq.com” - “group:nice.group@example.com”
parent_member string Internal field used by the IAM controller to know member ID (email) of a group this member belongs to.
min_ancestry_members repeated string Internal field used the IAM controller to know common ancestors if this group member is actually a copy from another group, which can happen if group is member in another group. List contains member IDs of other groups. Last element is always pointing to the group which made an actual copy and is responsible for deletion when needed. If particular group member is copied multiple times (which also can happen if group is indirect member via multiple memberships) then this field contains list only of common ancestors. This field has purpose of indicating owner (last item in this list) and to break cycles (previous elements). List is always empty if this group member is DIRECT member of this group and controller cannot modify it.
metadata Meta Metadata

GetGroupMemberRequest Message

A request message of the GetGroupMember method.

Name Type Description
name string (name of GroupMember) Name of ntt.iam.v1alpha2.GroupMember
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupMembersRequest Message

A request message of the BatchGetGroupMembers method.

Name Type Description
names repeated string (name of GroupMember) Names of GroupMembers
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetGroupMembersResponse Message

A response message of the BatchGetGroupMembers method.

Name Type Description
group_members repeated GroupMember found GroupMembers
missing repeated string (name of GroupMember) list of not found GroupMembers

ListGroupMembersRequest Message

A request message of the ListGroupMembers method.

Name Type Description
parent string (parent name of GroupMember) Parent name of ntt.iam.v1alpha2.GroupMember
page_size int32 Requested page size. Server may return fewer GroupMembers than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of GroupMember) A token identifying a page of results the server should return. Typically, this is the value of ListGroupMembersResponse.next_page_token.
order_by string (orderBy of GroupMember) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of GroupMember) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListGroupMembersResponse Message

A response message of the ListGroupMembers method.

Name Type Description
group_members repeated GroupMember The list of GroupMembers
prev_page_token string (cursor of GroupMember) A token to retrieve previous page of results. Pass this value in the ListGroupMembersRequest.page_token.
next_page_token string (cursor of GroupMember) A token to retrieve next page of results. Pass this value in the ListGroupMembersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total GroupMembers across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchGroupMemberRequest Message

A request message of the WatchGroupMember method.

Name Type Description
name string (name of GroupMember) Name of ntt.iam.v1alpha2.GroupMember
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchGroupMemberResponse Message

A response message of the WatchGroupMember method.

Name Type Description
change GroupMemberChange

WatchGroupMembersRequest Message

A request message of the WatchGroupMembers method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of GroupMember) Parent name of ntt.iam.v1alpha2.GroupMember
page_size int32 Requested page size. Server may return fewer GroupMembers than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of GroupMember) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of GroupMember) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of GroupMember) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to GroupMember that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to GroupMember that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchGroupMembersResponse Message

A response message of the WatchGroupMembers method.

Name Type Description
group_member_changes repeated GroupMemberChange Changes of GroupMembers
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All GroupMembers will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchGroupMembersResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (GroupMembers will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchGroupMembersResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of GroupMember) New token to retrieve previous page of results.
next_page_token string (cursor of GroupMember) New token to retrieve next page of results.

CreateGroupMemberRequest Message

A request message of the CreateGroupMember method.

Name Type Description
parent string (parent name of GroupMember) Parent name of ntt.iam.v1alpha2.GroupMember
group_member GroupMember GroupMember resource body
response_mask CreateGroupMemberRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateGroupMemberRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateGroupMemberRequest Message

A request message of the UpdateGroupMember method.

Name Type Description
group_member GroupMember GroupMember resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateGroupMemberRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateGroupMemberRequest.ResponseMask reduce message response size.

UpdateGroupMemberRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state GroupMember Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateGroupMemberRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteGroupMemberRequest Message

A request message of the DeleteGroupMember method.

Name Type Description
name string (name of GroupMember) Name of ntt.iam.v1alpha2.GroupMember
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Organization Resource

Organization represents higher-level organizational unit, like Company, University or Division

Organizations supports managing hierarchies with [Organization.parent_organization] field. All [Permission] grants through [RoleBinding]s are propagated from organization ancestors to their descendants.

Name patterns:

  • organizations/{organization}

This section covers the methods and messages to interact with Organization resource.

Organization Methods

Here is the list of Organization resource methods:

GetOrganization Method

GetOrganization

rpc GetOrganization(GetOrganizationRequest) returns (Organization)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.get

The equivalent REST API is:

GET /v1alpha2/{name=organizations/*}

BatchGetOrganizations Method

BatchGetOrganizations

rpc BatchGetOrganizations(BatchGetOrganizationsRequest) returns (BatchGetOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.batchGet

The equivalent REST API is:

GET /v1alpha2/organizations:batchGet

ListOrganizations Method

ListOrganizations

rpc ListOrganizations(ListOrganizationsRequest) returns (ListOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.list

The equivalent REST API is:

GET /v1alpha2/organizations

WatchOrganization Method

WatchOrganization

rpc WatchOrganization(WatchOrganizationRequest) returns (WatchOrganizationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.watch

The equivalent REST API is:

POST /v1alpha2/{name=organizations/*}:watch

WatchOrganizations Method

WatchOrganizations

rpc WatchOrganizations(WatchOrganizationsRequest) returns (WatchOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.watch

The equivalent REST API is:

POST /v1alpha2/organizations:watch

CreateOrganization Method

CreateOrganization

rpc CreateOrganization(CreateOrganizationRequest) returns (Organization)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.create

The equivalent REST API is:

POST /v1alpha2/organizations (BODY: organization)

UpdateOrganization Method

UpdateOrganization

rpc UpdateOrganization(UpdateOrganizationRequest) returns (Organization)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.update

The equivalent REST API is:

PUT /v1alpha2/{organization.name=organizations/*} (BODY: organization)

DeleteOrganization Method

DeleteOrganization

rpc DeleteOrganization(DeleteOrganizationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=organizations/*}

ListMyOrganizations Method

ListMyOrganizations

rpc ListMyOrganizations(ListMyOrganizationsRequest) returns (ListMyOrganizationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizations.listMy

The equivalent REST API is:

POST /v1alpha2/organizations:listMy

Organization Messages

Here is the list of Organization resource messages:

Organization Message

Name Type Description
name string (name of Organization) Name of Organization When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
title string Official Name of Organization
parent_organization string (reference to Organization) Parent organization
root_organization string (reference to Organization) Top parent (internal)
ancestry_path repeated string (reference to Organization) Full ancestry path (internal)
metadata Meta Metadata
multi_region_policy MultiRegionPolicy Multi region policy for child resources
allowed_services repeated string (reference to Service) Allowed services for child organizations and projects. This field is checked only for non-core edgelq services.
business_tier BusinessTier Business tier applicable for all allowed services. This value defines: * Default business tier for child projects (if not defined on creation) * Default business tier to this organization.
service_tiers repeated ServiceBusinessTier Overwrites business_tier for each service.
service_errors map<string, ServiceErrors> Service errors reported for this organization by category

GetOrganizationRequest Message

A request message of the GetOrganization method.

Name Type Description
name string (name of Organization) Name of ntt.iam.v1alpha2.Organization
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationsRequest Message

A request message of the BatchGetOrganizations method.

Name Type Description
names repeated string (name of Organization) Names of Organizations
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationsResponse Message

A response message of the BatchGetOrganizations method.

Name Type Description
organizations repeated Organization found Organizations
missing repeated string (name of Organization) list of not found Organizations

ListOrganizationsRequest Message

A request message of the ListOrganizations method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Typically, this is the value of ListOrganizationsResponse.next_page_token.
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListOrganizationsResponse Message

A response message of the ListOrganizations method.

Name Type Description
organizations repeated Organization The list of Organizations
prev_page_token string (cursor of Organization) A token to retrieve previous page of results. Pass this value in the ListOrganizationsRequest.page_token.
next_page_token string (cursor of Organization) A token to retrieve next page of results. Pass this value in the ListOrganizationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Organizations across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchOrganizationRequest Message

A request message of the WatchOrganization method.

Name Type Description
name string (name of Organization) Name of ntt.iam.v1alpha2.Organization
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOrganizationResponse Message

A response message of the WatchOrganization method.

Name Type Description
change OrganizationChange

WatchOrganizationsRequest Message

A request message of the WatchOrganizations method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Organization that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Organization that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchOrganizationsResponse Message

A response message of the WatchOrganizations method.

Name Type Description
organization_changes repeated OrganizationChange Changes of Organizations
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Organizations will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchOrganizationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Organizations will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchOrganizationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Organization) New token to retrieve previous page of results.
next_page_token string (cursor of Organization) New token to retrieve next page of results.

CreateOrganizationRequest Message

A request message of the CreateOrganization method.

Name Type Description
organization Organization Organization resource body
response_mask CreateOrganizationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateOrganizationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateOrganizationRequest Message

A request message of the UpdateOrganization method.

Name Type Description
organization Organization Organization resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateOrganizationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateOrganizationRequest.ResponseMask reduce message response size.

UpdateOrganizationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Organization Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateOrganizationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteOrganizationRequest Message

A request message of the DeleteOrganization method.

Name Type Description
name string (name of Organization) Name of ntt.iam.v1alpha2.Organization
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ListMyOrganizationsRequest Message

Request message for method [ListMyOrganizations][ntt.iam.v1alpha2.ListMyOrganizations]

Name Type Description
page_size int32 Requested page size. Server may return fewer Organizations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Organization) A token identifying a page of results the server should return. Typically, this is the value of [ListOrganizationsResponse.next_page_token][ntt.iam.v1alpha2.ListOrganizationsResponse.next_page_token]
order_by string (orderBy of Organization) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Organization) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.

ListMyOrganizationsResponse Message

Response message for method [ListMyOrganizations][ntt.iam.v1alpha2.ListMyOrganizations]

Name Type Description
organizations repeated Organization The list of Organizations
prev_page_token string (cursor of Organization) A token to retrieve previous page of results. Pass this value in the [ListOrganizationsRequest.page_token][ntt.iam.v1alpha2.ListOrganizationsRequest.page_token]
next_page_token string (cursor of Organization) A token to retrieve next page of results. Pass this value in the [ListOrganizationsRequest.page_token][ntt.iam.v1alpha2.ListOrganizationsRequest.page_token]

OrganizationInvitation Resource

OrganizationInvitation Resource

Name patterns:

  • organizations/{organization}/organizationInvitations/{organization_invitation}

Parent resources:

This section covers the methods and messages to interact with OrganizationInvitation resource.

OrganizationInvitation Methods

Here is the list of OrganizationInvitation resource methods:

GetOrganizationInvitation Method

GetOrganizationInvitation

rpc GetOrganizationInvitation(GetOrganizationInvitationRequest) returns (OrganizationInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.get

The equivalent REST API is:

GET /v1alpha2/{name=organizations/*/organizationInvitations/*}

BatchGetOrganizationInvitations Method

BatchGetOrganizationInvitations

rpc BatchGetOrganizationInvitations(BatchGetOrganizationInvitationsRequest) returns (BatchGetOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.batchGet

The equivalent REST API is:

GET /v1alpha2/organizationInvitations:batchGet

ListOrganizationInvitations Method

ListOrganizationInvitations

rpc ListOrganizationInvitations(ListOrganizationInvitationsRequest) returns (ListOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.list

The equivalent REST API is:

GET /v1alpha2/{parent=organizations/*}/organizationInvitations

WatchOrganizationInvitation Method

WatchOrganizationInvitation

rpc WatchOrganizationInvitation(WatchOrganizationInvitationRequest) returns (WatchOrganizationInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.watch

The equivalent REST API is:

POST /v1alpha2/{name=organizations/*/organizationInvitations/*}:watch

WatchOrganizationInvitations Method

WatchOrganizationInvitations

rpc WatchOrganizationInvitations(WatchOrganizationInvitationsRequest) returns (WatchOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.watch

The equivalent REST API is:

POST /v1alpha2/{parent=organizations/*}/organizationInvitations:watch

CreateOrganizationInvitation Method

CreateOrganizationInvitation

rpc CreateOrganizationInvitation(CreateOrganizationInvitationRequest) returns (OrganizationInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.create

The equivalent REST API is:

POST /v1alpha2/{parent=organizations/*}/organizationInvitations (BODY: organization_invitation)

UpdateOrganizationInvitation Method

UpdateOrganizationInvitation

rpc UpdateOrganizationInvitation(UpdateOrganizationInvitationRequest) returns (OrganizationInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.update

The equivalent REST API is:

PUT /v1alpha2/{organization_invitation.name=organizations/*/organizationInvitations/*} (BODY: organization_invitation)

DeleteOrganizationInvitation Method

DeleteOrganizationInvitation

rpc DeleteOrganizationInvitation(DeleteOrganizationInvitationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=organizations/*/organizationInvitations/*}

AcceptOrganizationInvitation Method

AcceptOrganizationInvitation

rpc AcceptOrganizationInvitation(AcceptOrganizationInvitationRequest) returns (AcceptOrganizationInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.accept

The equivalent REST API is:

POST /v1alpha2/{name=organizations/*/organizationInvitations/*}:accept

DeclineOrganizationInvitation Method

DeclineOrganizationInvitation

rpc DeclineOrganizationInvitation(DeclineOrganizationInvitationRequest) returns (DeclineOrganizationInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.decline

The equivalent REST API is:

POST /v1alpha2/{name=organizations/*/organizationInvitations/*}:decline

ListMyOrganizationInvitations Method

ListMyOrganizationInvitations

rpc ListMyOrganizationInvitations(ListMyOrganizationInvitationsRequest) returns (ListMyOrganizationInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/organizationInvitations.listMy

The equivalent REST API is:

POST /v1alpha2/{parent=organizations/*}/organizationInvitations:listMy

OrganizationInvitation Messages

Here is the list of OrganizationInvitation resource messages:

OrganizationInvitation Message

Name Type Description
name string (name of OrganizationInvitation) Name of OrganizationInvitation When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
invitation Invitation
metadata Meta Metadata

GetOrganizationInvitationRequest Message

A request message of the GetOrganizationInvitation method.

Name Type Description
name string (name of OrganizationInvitation) Name of ntt.iam.v1alpha2.OrganizationInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationInvitationsRequest Message

A request message of the BatchGetOrganizationInvitations method.

Name Type Description
names repeated string (name of OrganizationInvitation) Names of OrganizationInvitations
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOrganizationInvitationsResponse Message

A response message of the BatchGetOrganizationInvitations method.

Name Type Description
organization_invitations repeated OrganizationInvitation found OrganizationInvitations
missing repeated string (name of OrganizationInvitation) list of not found OrganizationInvitations

ListOrganizationInvitationsRequest Message

A request message of the ListOrganizationInvitations method.

Name Type Description
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1alpha2.OrganizationInvitation
page_size int32 Requested page size. Server may return fewer OrganizationInvitations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of OrganizationInvitation) A token identifying a page of results the server should return. Typically, this is the value of ListOrganizationInvitationsResponse.next_page_token.
order_by string (orderBy of OrganizationInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of OrganizationInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListOrganizationInvitationsResponse Message

A response message of the ListOrganizationInvitations method.

Name Type Description
organization_invitations repeated OrganizationInvitation The list of OrganizationInvitations
prev_page_token string (cursor of OrganizationInvitation) A token to retrieve previous page of results. Pass this value in the ListOrganizationInvitationsRequest.page_token.
next_page_token string (cursor of OrganizationInvitation) A token to retrieve next page of results. Pass this value in the ListOrganizationInvitationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total OrganizationInvitations across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchOrganizationInvitationRequest Message

A request message of the WatchOrganizationInvitation method.

Name Type Description
name string (name of OrganizationInvitation) Name of ntt.iam.v1alpha2.OrganizationInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOrganizationInvitationResponse Message

A response message of the WatchOrganizationInvitation method.

Name Type Description
change OrganizationInvitationChange

WatchOrganizationInvitationsRequest Message

A request message of the WatchOrganizationInvitations method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1alpha2.OrganizationInvitation
page_size int32 Requested page size. Server may return fewer OrganizationInvitations than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of OrganizationInvitation) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of OrganizationInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of OrganizationInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to OrganizationInvitation that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to OrganizationInvitation that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchOrganizationInvitationsResponse Message

A response message of the WatchOrganizationInvitations method.

Name Type Description
organization_invitation_changes repeated OrganizationInvitationChange Changes of OrganizationInvitations
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All OrganizationInvitations will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchOrganizationInvitationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (OrganizationInvitations will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchOrganizationInvitationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of OrganizationInvitation) New token to retrieve previous page of results.
next_page_token string (cursor of OrganizationInvitation) New token to retrieve next page of results.

CreateOrganizationInvitationRequest Message

A request message of the CreateOrganizationInvitation method.

Name Type Description
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1alpha2.OrganizationInvitation
organization_invitation OrganizationInvitation OrganizationInvitation resource body
response_mask CreateOrganizationInvitationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateOrganizationInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateOrganizationInvitationRequest Message

A request message of the UpdateOrganizationInvitation method.

Name Type Description
organization_invitation OrganizationInvitation OrganizationInvitation resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateOrganizationInvitationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateOrganizationInvitationRequest.ResponseMask reduce message response size.

UpdateOrganizationInvitationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state OrganizationInvitation Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateOrganizationInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteOrganizationInvitationRequest Message

A request message of the DeleteOrganizationInvitation method.

Name Type Description
name string (name of OrganizationInvitation) Name of ntt.iam.v1alpha2.OrganizationInvitation
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AcceptOrganizationInvitationRequest Message

Request message for method [AcceptOrganizationInvitation][ntt.iam.v1alpha2.AcceptOrganizationInvitation]

Name Type Description
name string (name of OrganizationInvitation) name of ntt.iam.v1alpha2.OrganizationInvitation

AcceptOrganizationInvitationResponse Message

Response message for method [AcceptOrganizationInvitation][ntt.iam.v1alpha2.AcceptOrganizationInvitation]

Name Type Description
none none none

DeclineOrganizationInvitationRequest Message

Request message for method [DeclineOrganizationInvitation][ntt.iam.v1alpha2.DeclineOrganizationInvitation]

Name Type Description
name string (name of OrganizationInvitation) name of ntt.iam.v1alpha2.OrganizationInvitation
filter string (filter of ProjectInvitation) Additional filter for invitations, e.g. state = “PENDING”

DeclineOrganizationInvitationResponse Message

Response message for method [DeclineOrganizationInvitation][ntt.iam.v1alpha2.DeclineOrganizationInvitation]

Name Type Description
none none none

ListMyOrganizationInvitationsRequest Message

Request message for method [ListMyOrganizationInvitations][ntt.iam.v1alpha2.ListMyOrganizationInvitations]

Name Type Description
parent string (parent name of OrganizationInvitation) Parent name of ntt.iam.v1alpha2.OrganizationInvitation
filter string (filter of OrganizationInvitation) Additional filter for invitations, e.g. state = “PENDING”

ListMyOrganizationInvitationsResponse Message

Response message for method [ListMyOrganizationInvitations][ntt.iam.v1alpha2.ListMyOrganizationInvitations]

Name Type Description
organization_invitations repeated OrganizationInvitation The list of OrganizationInvitations

Permission Resource

Permission Resource

Name patterns:

  • permissions/{permission}

This section covers the methods and messages to interact with Permission resource.

Permission Methods

Here is the list of Permission resource methods:

CheckPermissions Method

CheckPermissions

rpc CheckPermissions(CheckPermissionsRequest) returns (CheckPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.check

The equivalent REST API is:

POST /v1alpha2/permissions:check (BODY: *)

CheckMyPermissions Method

CheckMyPermissions

rpc CheckMyPermissions(CheckMyPermissionsRequest) returns (CheckMyPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.checkMy

The equivalent REST API is:

POST /v1alpha2/permissions:checkMy (BODY: *)

GetPermission Method

GetPermission

rpc GetPermission(GetPermissionRequest) returns (Permission)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.get

The equivalent REST API is:

GET /v1alpha2/{name=permissions/*}

BatchGetPermissions Method

BatchGetPermissions

rpc BatchGetPermissions(BatchGetPermissionsRequest) returns (BatchGetPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.batchGet

The equivalent REST API is:

GET /v1alpha2/permissions:batchGet

ListPermissions Method

ListPermissions

rpc ListPermissions(ListPermissionsRequest) returns (ListPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.list

The equivalent REST API is:

GET /v1alpha2/permissions

WatchPermission Method

WatchPermission

rpc WatchPermission(WatchPermissionRequest) returns (WatchPermissionResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.watch

The equivalent REST API is:

POST /v1alpha2/{name=permissions/*}:watch

WatchPermissions Method

WatchPermissions

rpc WatchPermissions(WatchPermissionsRequest) returns (WatchPermissionsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.watch

The equivalent REST API is:

POST /v1alpha2/permissions:watch

CreatePermission Method

CreatePermission

rpc CreatePermission(CreatePermissionRequest) returns (Permission)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.create

The equivalent REST API is:

POST /v1alpha2/permissions (BODY: permission)

UpdatePermission Method

UpdatePermission

rpc UpdatePermission(UpdatePermissionRequest) returns (Permission)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.update

The equivalent REST API is:

PUT /v1alpha2/{permission.name=permissions/*} (BODY: permission)

DeletePermission Method

DeletePermission

rpc DeletePermission(DeletePermissionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/permissions.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=permissions/*}

Permission Messages

Here is the list of Permission resource messages:

Permission Message

Name Type Description
name string (name of Permission) Name of Permission Example: library.site.create
title string Title
description string Description
metadata Meta Metadata

CheckPermissionsRequest Message

Request message for method [CheckPermissions][ntt.iam.v1alpha2.CheckPermissions]

Name Type Description
member string Acting principal, e.g. user or service account Format of the string is one of: - “allUsers” (anyone) - “allAuthenticatedUsers” (anyone logged in) - “user:admin.super@example.com” - “serviceAccount:device_agent@watchdog.serviceaccounts.iam.edgelq.com” - “group:nice.group@example.com” - “domain:example.com” (anyone with exact email domain)
checks repeated Check Checks
skip_cache bool If true, server will skip checking permissions in cache

CheckPermissionsResponse Message

Response message for method [CheckPermissions][ntt.iam.v1alpha2.CheckPermissions]

Name Type Description
check_results repeated CheckResult

CheckMyPermissionsRequest Message

Request message for method [CheckMyPermissions][ntt.iam.v1alpha2.CheckMyPermissions]

Name Type Description
checks repeated Check Checks
skip_cache bool If true, server will skip checking permissions in cache

CheckMyPermissionsResponse Message

Response message for method [CheckMyPermissions][ntt.iam.v1alpha2.CheckMyPermissions]

Name Type Description
check_results repeated CheckResult

GetPermissionRequest Message

A request message of the GetPermission method.

Name Type Description
name string (name of Permission) Name of ntt.iam.v1alpha2.Permission
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPermissionsRequest Message

A request message of the BatchGetPermissions method.

Name Type Description
names repeated string (name of Permission) Names of Permissions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPermissionsResponse Message

A response message of the BatchGetPermissions method.

Name Type Description
permissions repeated Permission found Permissions
missing repeated string (name of Permission) list of not found Permissions

ListPermissionsRequest Message

A request message of the ListPermissions method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Permissions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Permission) A token identifying a page of results the server should return. Typically, this is the value of ListPermissionsResponse.next_page_token.
order_by string (orderBy of Permission) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Permission) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPermissionsResponse Message

A response message of the ListPermissions method.

Name Type Description
permissions repeated Permission The list of Permissions
prev_page_token string (cursor of Permission) A token to retrieve previous page of results. Pass this value in the ListPermissionsRequest.page_token.
next_page_token string (cursor of Permission) A token to retrieve next page of results. Pass this value in the ListPermissionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Permissions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPermissionRequest Message

A request message of the WatchPermission method.

Name Type Description
name string (name of Permission) Name of ntt.iam.v1alpha2.Permission
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPermissionResponse Message

A response message of the WatchPermission method.

Name Type Description
change PermissionChange

WatchPermissionsRequest Message

A request message of the WatchPermissions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Permissions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Permission) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Permission) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Permission) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Permission that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Permission that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPermissionsResponse Message

A response message of the WatchPermissions method.

Name Type Description
permission_changes repeated PermissionChange Changes of Permissions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Permissions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPermissionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Permissions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPermissionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Permission) New token to retrieve previous page of results.
next_page_token string (cursor of Permission) New token to retrieve next page of results.

CreatePermissionRequest Message

A request message of the CreatePermission method.

Name Type Description
permission Permission Permission resource body
response_mask CreatePermissionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePermissionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePermissionRequest Message

A request message of the UpdatePermission method.

Name Type Description
permission Permission Permission resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePermissionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePermissionRequest.ResponseMask reduce message response size.

UpdatePermissionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Permission Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePermissionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePermissionRequest Message

A request message of the DeletePermission method.

Name Type Description
name string (name of Permission) Name of ntt.iam.v1alpha2.Permission
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1alpha2/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1alpha2/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1alpha2/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1alpha2/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1alpha2/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*}

ListMyProjects Method

ListMyProjects

rpc ListMyProjects(ListMyProjectsRequest) returns (ListMyProjectsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projects.listMy

The equivalent REST API is:

POST /v1alpha2/projects:listMy

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
title string Title
parent_organization string (reference to Organization) Parent organization
root_organization string (reference to Organization) Top parent
ancestry_path repeated string (reference to Organization) Full ancestry path
metadata Meta Metadata
multi_region_policy MultiRegionPolicy Multi region policy
enabled_services repeated string (reference to Service) Enabled services. This field is checked only for non-core edgelq services.
business_tier BusinessTier Default business tier for core EdgeLQ services and all enabled services.
service_tiers repeated ServiceBusinessTier Overwrites business_tier for each service.
service_errors map<string, ServiceErrors> Service errors reported for this project

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.iam.v1alpha2.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.iam.v1alpha2.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.iam.v1alpha2.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ListMyProjectsRequest Message

Request message for method [ListMyProjects][ntt.iam.v1alpha2.ListMyProjects]

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of [ListProjectsResponse.next_page_token][ntt.iam.v1alpha2.ListProjectsResponse.next_page_token]
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A FieldMask used to filter response fields. When present, only requested fields will be present in each response item. Omitting field_mask results will cause response items to contain all present fields.

ListMyProjectsResponse Message

Response message for method [ListMyProjects][ntt.iam.v1alpha2.ListMyProjects]

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the [ListProjectsRequest.page_token][ntt.iam.v1alpha2.ListProjectsRequest.page_token]
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the [ListProjectsRequest.page_token][ntt.iam.v1alpha2.ListProjectsRequest.page_token]

ProjectInvitation Resource

ProjectInvitation Resource

Name patterns:

  • projects/{project}/projectInvitations/{project_invitation}

Parent resources:

This section covers the methods and messages to interact with ProjectInvitation resource.

ProjectInvitation Methods

Here is the list of ProjectInvitation resource methods:

GetProjectInvitation Method

GetProjectInvitation

rpc GetProjectInvitation(GetProjectInvitationRequest) returns (ProjectInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/projectInvitations/*}

BatchGetProjectInvitations Method

BatchGetProjectInvitations

rpc BatchGetProjectInvitations(BatchGetProjectInvitationsRequest) returns (BatchGetProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.batchGet

The equivalent REST API is:

GET /v1alpha2/projectInvitations:batchGet

ListProjectInvitations Method

ListProjectInvitations

rpc ListProjectInvitations(ListProjectInvitationsRequest) returns (ListProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*}/projectInvitations

WatchProjectInvitation Method

WatchProjectInvitation

rpc WatchProjectInvitation(WatchProjectInvitationRequest) returns (WatchProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/projectInvitations/*}:watch

WatchProjectInvitations Method

WatchProjectInvitations

rpc WatchProjectInvitations(WatchProjectInvitationsRequest) returns (WatchProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/projectInvitations:watch

CreateProjectInvitation Method

CreateProjectInvitation

rpc CreateProjectInvitation(CreateProjectInvitationRequest) returns (ProjectInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.create

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/projectInvitations (BODY: project_invitation)

UpdateProjectInvitation Method

UpdateProjectInvitation

rpc UpdateProjectInvitation(UpdateProjectInvitationRequest) returns (ProjectInvitation)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.update

The equivalent REST API is:

PUT /v1alpha2/{project_invitation.name=projects/*/projectInvitations/*} (BODY: project_invitation)

DeleteProjectInvitation Method

DeleteProjectInvitation

rpc DeleteProjectInvitation(DeleteProjectInvitationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/projectInvitations/*}

AcceptProjectInvitation Method

AcceptProjectInvitation

rpc AcceptProjectInvitation(AcceptProjectInvitationRequest) returns (AcceptProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.accept

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/projectInvitations/*}:accept

DeclineProjectInvitation Method

DeclineProjectInvitation

rpc DeclineProjectInvitation(DeclineProjectInvitationRequest) returns (DeclineProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.decline

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/projectInvitations/*}:decline

ListMyProjectInvitations Method

ListMyProjectInvitations

rpc ListMyProjectInvitations(ListMyProjectInvitationsRequest) returns (ListMyProjectInvitationsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.listMy

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/projectInvitations:listMy

ResendProjectInvitation Method

ResendProjectInvitation

rpc ResendProjectInvitation(ResendProjectInvitationRequest) returns (ResendProjectInvitationResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/projectInvitations.resend

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/projectInvitations/*}:resend

ProjectInvitation Messages

Here is the list of ProjectInvitation resource messages:

ProjectInvitation Message

Name Type Description
name string (name of ProjectInvitation) Name of ProjectInvitation When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
project_display_name string project display name (auto-generated). Present here as user doesn’t have yet permission to fetch related project.
invitation Invitation
metadata Meta Metadata

GetProjectInvitationRequest Message

A request message of the GetProjectInvitation method.

Name Type Description
name string (name of ProjectInvitation) Name of ntt.iam.v1alpha2.ProjectInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectInvitationsRequest Message

A request message of the BatchGetProjectInvitations method.

Name Type Description
names repeated string (name of ProjectInvitation) Names of ProjectInvitations
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectInvitationsResponse Message

A response message of the BatchGetProjectInvitations method.

Name Type Description
project_invitations repeated ProjectInvitation found ProjectInvitations
missing repeated string (name of ProjectInvitation) list of not found ProjectInvitations

ListProjectInvitationsRequest Message

A request message of the ListProjectInvitations method.

Name Type Description
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1alpha2.ProjectInvitation
page_size int32 Requested page size. Server may return fewer ProjectInvitations than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ProjectInvitation) A token identifying a page of results the server should return. Typically, this is the value of ListProjectInvitationsResponse.next_page_token.
order_by string (orderBy of ProjectInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ProjectInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectInvitationsResponse Message

A response message of the ListProjectInvitations method.

Name Type Description
project_invitations repeated ProjectInvitation The list of ProjectInvitations
prev_page_token string (cursor of ProjectInvitation) A token to retrieve previous page of results. Pass this value in the ListProjectInvitationsRequest.page_token.
next_page_token string (cursor of ProjectInvitation) A token to retrieve next page of results. Pass this value in the ListProjectInvitationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ProjectInvitations across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectInvitationRequest Message

A request message of the WatchProjectInvitation method.

Name Type Description
name string (name of ProjectInvitation) Name of ntt.iam.v1alpha2.ProjectInvitation
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectInvitationResponse Message

A response message of the WatchProjectInvitation method.

Name Type Description
change ProjectInvitationChange

WatchProjectInvitationsRequest Message

A request message of the WatchProjectInvitations method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1alpha2.ProjectInvitation
page_size int32 Requested page size. Server may return fewer ProjectInvitations than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ProjectInvitation) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ProjectInvitation) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ProjectInvitation) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ProjectInvitation that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ProjectInvitation that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectInvitationsResponse Message

A response message of the WatchProjectInvitations method.

Name Type Description
project_invitation_changes repeated ProjectInvitationChange Changes of ProjectInvitations
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ProjectInvitations will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectInvitationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ProjectInvitations will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectInvitationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ProjectInvitation) New token to retrieve previous page of results.
next_page_token string (cursor of ProjectInvitation) New token to retrieve next page of results.

CreateProjectInvitationRequest Message

A request message of the CreateProjectInvitation method.

Name Type Description
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1alpha2.ProjectInvitation
project_invitation ProjectInvitation ProjectInvitation resource body
response_mask CreateProjectInvitationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectInvitationRequest Message

A request message of the UpdateProjectInvitation method.

Name Type Description
project_invitation ProjectInvitation ProjectInvitation resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectInvitationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectInvitationRequest.ResponseMask reduce message response size.

UpdateProjectInvitationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ProjectInvitation Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectInvitationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectInvitationRequest Message

A request message of the DeleteProjectInvitation method.

Name Type Description
name string (name of ProjectInvitation) Name of ntt.iam.v1alpha2.ProjectInvitation
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AcceptProjectInvitationRequest Message

Request message for method [AcceptProjectInvitation][ntt.iam.v1alpha2.AcceptProjectInvitation]

Name Type Description
name string (name of ProjectInvitation) name of ntt.iam.v1alpha2.ProjectInvitation

AcceptProjectInvitationResponse Message

Response message for method [AcceptProjectInvitation][ntt.iam.v1alpha2.AcceptProjectInvitation]

Name Type Description
none none none

DeclineProjectInvitationRequest Message

Request message for method [DeclineProjectInvitation][ntt.iam.v1alpha2.DeclineProjectInvitation]

Name Type Description
name string (name of ProjectInvitation) name of ntt.iam.v1alpha2.ProjectInvitation

DeclineProjectInvitationResponse Message

Response message for method [DeclineProjectInvitation][ntt.iam.v1alpha2.DeclineProjectInvitation]

Name Type Description
none none none

ListMyProjectInvitationsRequest Message

Request message for method [ListMyProjectInvitations][ntt.iam.v1alpha2.ListMyProjectInvitations]

Name Type Description
parent string (parent name of ProjectInvitation) Parent name of ntt.iam.v1alpha2.ProjectInvitation
filter string (filter of ProjectInvitation) Additional filter for invitations, e.g. state = “PENDING”

ListMyProjectInvitationsResponse Message

Response message for method [ListMyProjectInvitations][ntt.iam.v1alpha2.ListMyProjectInvitations]

Name Type Description
project_invitations repeated ProjectInvitation The list of ProjectInvitations

ResendProjectInvitationRequest Message

ResendInvitationRequest

Name Type Description
name string (name of ProjectInvitation) name of ntt.iam.v1alpha2.ProjectInvitation

ResendProjectInvitationResponse Message

ResendInvitationResponse

Name Type Description
project_invitation ProjectInvitation

Role Resource

Role Resource

Name patterns:

  • roles/{role}

This section covers the methods and messages to interact with Role resource.

Role Methods

Here is the list of Role resource methods:

CheckMyRoles Method

CheckMyRoles

rpc CheckMyRoles(CheckMyRolesRequest) returns (CheckMyRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.checkMy

The equivalent REST API is:

POST /v1alpha2/roles:checkMy (BODY: *)

GetRole Method

GetRole

rpc GetRole(GetRoleRequest) returns (Role)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.get

The equivalent REST API is:

GET /v1alpha2/{name=roles/*}

BatchGetRoles Method

BatchGetRoles

rpc BatchGetRoles(BatchGetRolesRequest) returns (BatchGetRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.batchGet

The equivalent REST API is:

GET /v1alpha2/roles:batchGet

ListRoles Method

ListRoles

rpc ListRoles(ListRolesRequest) returns (ListRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.list

The equivalent REST API is:

GET /v1alpha2/roles

WatchRole Method

WatchRole

rpc WatchRole(WatchRoleRequest) returns (WatchRoleResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.watch

The equivalent REST API is:

POST /v1alpha2/{name=roles/*}:watch

WatchRoles Method

WatchRoles

rpc WatchRoles(WatchRolesRequest) returns (WatchRolesResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.watch

The equivalent REST API is:

POST /v1alpha2/roles:watch

CreateRole Method

CreateRole

rpc CreateRole(CreateRoleRequest) returns (Role)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.create

The equivalent REST API is:

POST /v1alpha2/roles (BODY: role)

UpdateRole Method

UpdateRole

rpc UpdateRole(UpdateRoleRequest) returns (Role)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.update

The equivalent REST API is:

PUT /v1alpha2/{role.name=roles/*} (BODY: role)

DeleteRole Method

DeleteRole

rpc DeleteRole(DeleteRoleRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roles.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=roles/*}

Role Messages

Here is the list of Role resource messages:

Role Message

Name Type Description
name string (name of Role) Name of Role
display_name string Display Name
included_permissions repeated string (reference to Permission) Included Permissions in this Role. Binding this role grants all following Permissions.
default_condition_binding ConditionBinding Default conditionBinding (optional), cannot be used with required TODO: Deprecated…
included_condition_bindings repeated ConditionBinding Condition bindings that will be copied into created role bindings TODO: Works only if only one element is specified
required_conditions repeated string (reference to Condition) List of conditions that must be used for this role. Parameters must be defined by client. TODO: Works only if only one element is specified
metadata Meta Metadata

CheckMyRolesRequest Message

Request message for method [CheckMyRoles][ntt.iam.v1alpha2.CheckMyRoles]

Name Type Description
object string Object name forming scope of the check, for example projects/<project_id>

CheckMyRolesResponse Message

Response message for method [CheckMyRoles][ntt.iam.v1alpha2.CheckMyRoles]

Name Type Description
object string Object with scope
granted_roles repeated string (name of Role) All unconditionally granted roles
conditionally_granted_roles repeated CheckMyRolesResponse.ConditionalGrant All conditionally granted roles. Each grant should be checked separately

CheckMyRolesResponse.ConditionalGrant Message

Name Type Description
role string (name of Role) Role name
condition_bindings repeated ConditionBinding All conditions that must be accepted for role to be granted

GetRoleRequest Message

A request message of the GetRole method.

Name Type Description
name string (name of Role) Name of ntt.iam.v1alpha2.Role
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRolesRequest Message

A request message of the BatchGetRoles method.

Name Type Description
names repeated string (name of Role) Names of Roles
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRolesResponse Message

A response message of the BatchGetRoles method.

Name Type Description
roles repeated Role found Roles
missing repeated string (name of Role) list of not found Roles

ListRolesRequest Message

A request message of the ListRoles method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Roles than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Role) A token identifying a page of results the server should return. Typically, this is the value of ListRolesResponse.next_page_token.
order_by string (orderBy of Role) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Role) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRolesResponse Message

A response message of the ListRoles method.

Name Type Description
roles repeated Role The list of Roles
prev_page_token string (cursor of Role) A token to retrieve previous page of results. Pass this value in the ListRolesRequest.page_token.
next_page_token string (cursor of Role) A token to retrieve next page of results. Pass this value in the ListRolesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Roles across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRoleRequest Message

A request message of the WatchRole method.

Name Type Description
name string (name of Role) Name of ntt.iam.v1alpha2.Role
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRoleResponse Message

A response message of the WatchRole method.

Name Type Description
change RoleChange

WatchRolesRequest Message

A request message of the WatchRoles method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Roles than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Role) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Role) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Role) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Role that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Role that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRolesResponse Message

A response message of the WatchRoles method.

Name Type Description
role_changes repeated RoleChange Changes of Roles
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Roles will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRolesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Roles will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRolesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Role) New token to retrieve previous page of results.
next_page_token string (cursor of Role) New token to retrieve next page of results.

CreateRoleRequest Message

A request message of the CreateRole method.

Name Type Description
role Role Role resource body
response_mask CreateRoleRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRoleRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRoleRequest Message

A request message of the UpdateRole method.

Name Type Description
role Role Role resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRoleRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRoleRequest.ResponseMask reduce message response size.

UpdateRoleRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Role Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRoleRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRoleRequest Message

A request message of the DeleteRole method.

Name Type Description
name string (name of Role) Name of ntt.iam.v1alpha2.Role
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

RoleBinding Resource

RoleBinding in iam RBAC model is the way of granting access to a party (user, service account, etc) to edgelq resources. Creating RoleBinding requires user to answer 3 questions:

Who: with member field, e.g. “user:wile.e.coyote@customers.acme.com” What: specify scope (or parent), e.g.: projects/acme/roleBindings/<uuid> How: bind role and optional condition to grant access to resources within above scope

RoleBindings are additive, meaning that creating a new RoleBinding may only extend ability of given member to perform actions. In other words RoleBinding doesn’t affect other RoleBindings and [PermissionCheck][ntt.iam.v1alpha2.PermissionCheck] method needs to find any RoleBinding granting permission

Name patterns:

  • roleBindings/{role_binding}
  • projects/{project}/roleBindings/{role_binding}
  • organizations/{organization}/roleBindings/{role_binding}

Parent resources:

This section covers the methods and messages to interact with RoleBinding resource.

RoleBinding Methods

Here is the list of RoleBinding resource methods:

GetRoleBinding Method

GetRoleBinding

rpc GetRoleBinding(GetRoleBindingRequest) returns (RoleBinding)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.get

The equivalent REST API is:

GET /v1alpha2/{name=roleBindings/*} 

GET /v1alpha2/{name=projects/*/roleBindings/*} 

GET /v1alpha2/{name=organizations/*/roleBindings/*}

BatchGetRoleBindings Method

BatchGetRoleBindings

rpc BatchGetRoleBindings(BatchGetRoleBindingsRequest) returns (BatchGetRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.batchGet

The equivalent REST API is:

GET /v1alpha2/roleBindings:batchGet

ListRoleBindings Method

ListRoleBindings

rpc ListRoleBindings(ListRoleBindingsRequest) returns (ListRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.list

The equivalent REST API is:

GET /v1alpha2/roleBindings 

GET /v1alpha2/{parent=projects/*}/roleBindings 

GET /v1alpha2/{parent=organizations/*}/roleBindings

WatchRoleBinding Method

WatchRoleBinding

rpc WatchRoleBinding(WatchRoleBindingRequest) returns (WatchRoleBindingResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.watch

The equivalent REST API is:

POST /v1alpha2/{name=roleBindings/*}:watch 

POST /v1alpha2/{name=projects/*/roleBindings/*}:watch 

POST /v1alpha2/{name=organizations/*/roleBindings/*}:watch

WatchRoleBindings Method

WatchRoleBindings

rpc WatchRoleBindings(WatchRoleBindingsRequest) returns (WatchRoleBindingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.watch

The equivalent REST API is:

POST /v1alpha2/roleBindings:watch 

POST /v1alpha2/{parent=projects/*}/roleBindings:watch 

POST /v1alpha2/{parent=organizations/*}/roleBindings:watch

CreateRoleBinding Method

CreateRoleBinding

rpc CreateRoleBinding(CreateRoleBindingRequest) returns (RoleBinding)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.create

The equivalent REST API is:

POST /v1alpha2/roleBindings (BODY: role_binding)

POST /v1alpha2/{parent=projects/*}/roleBindings 

POST /v1alpha2/{parent=organizations/*}/roleBindings

UpdateRoleBinding Method

UpdateRoleBinding

rpc UpdateRoleBinding(UpdateRoleBindingRequest) returns (RoleBinding)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.update

The equivalent REST API is:

PUT /v1alpha2/{role_binding.name=roleBindings/*} (BODY: role_binding)

PUT /v1alpha2/{role_binding.name=projects/*/roleBindings/*} 

PUT /v1alpha2/{role_binding.name=organizations/*/roleBindings/*}

DeleteRoleBinding Method

DeleteRoleBinding

rpc DeleteRoleBinding(DeleteRoleBindingRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/roleBindings.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=roleBindings/*} 

DELETE /v1alpha2/{name=projects/*/roleBindings/*} 

DELETE /v1alpha2/{name=organizations/*/roleBindings/*}

RoleBinding Messages

Here is the list of RoleBinding resource messages:

RoleBinding Message

Name Type Description
name string (name of RoleBinding) Name of RoleBinding When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w.
role string (reference to Role) Role
member string Binding members Format of the string is one of: - “allUsers” (anyone) - “allAuthenticatedUsers” (anyone logged in) - “user:admin.super@example.com” - “serviceAccount:device_agent@watchdog.serviceaccounts.iam.edgelq.com” - “group:nice.group@example.com” - “domain:example.com” (anyone with exact email domain)
condition_binding ConditionBinding optional ConditionBinding TODO: Make it repeated and make sure backend will check all before verifying
ancestry_path repeated RoleBinding.Parent Internal field used by IAM controller to note role binding ancestry path
metadata Meta Metadata

RoleBinding.Parent Message

Provides information about inheritance of this role binding - if it was created from another role binding.

Name Type Description
parent string (reference to RoleBinding) Role bindings which have group as member have child for each service account and user in that group. All those role bindings have one common parent pointing at group role binding
member string Member of the parent role binding

GetRoleBindingRequest Message

A request message of the GetRoleBinding method.

Name Type Description
name string (name of RoleBinding) Name of ntt.iam.v1alpha2.RoleBinding
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRoleBindingsRequest Message

A request message of the BatchGetRoleBindings method.

Name Type Description
names repeated string (name of RoleBinding) Names of RoleBindings
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRoleBindingsResponse Message

A response message of the BatchGetRoleBindings method.

Name Type Description
role_bindings repeated RoleBinding found RoleBindings
missing repeated string (name of RoleBinding) list of not found RoleBindings

ListRoleBindingsRequest Message

A request message of the ListRoleBindings method.

Name Type Description
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1alpha2.RoleBinding
page_size int32 Requested page size. Server may return fewer RoleBindings than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of RoleBinding) A token identifying a page of results the server should return. Typically, this is the value of ListRoleBindingsResponse.next_page_token.
order_by string (orderBy of RoleBinding) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of RoleBinding) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRoleBindingsResponse Message

A response message of the ListRoleBindings method.

Name Type Description
role_bindings repeated RoleBinding The list of RoleBindings
prev_page_token string (cursor of RoleBinding) A token to retrieve previous page of results. Pass this value in the ListRoleBindingsRequest.page_token.
next_page_token string (cursor of RoleBinding) A token to retrieve next page of results. Pass this value in the ListRoleBindingsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total RoleBindings across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRoleBindingRequest Message

A request message of the WatchRoleBinding method.

Name Type Description
name string (name of RoleBinding) Name of ntt.iam.v1alpha2.RoleBinding
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRoleBindingResponse Message

A response message of the WatchRoleBinding method.

Name Type Description
change RoleBindingChange

WatchRoleBindingsRequest Message

A request message of the WatchRoleBindings method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1alpha2.RoleBinding
page_size int32 Requested page size. Server may return fewer RoleBindings than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of RoleBinding) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of RoleBinding) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of RoleBinding) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to RoleBinding that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to RoleBinding that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRoleBindingsResponse Message

A response message of the WatchRoleBindings method.

Name Type Description
role_binding_changes repeated RoleBindingChange Changes of RoleBindings
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All RoleBindings will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRoleBindingsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (RoleBindings will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRoleBindingsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of RoleBinding) New token to retrieve previous page of results.
next_page_token string (cursor of RoleBinding) New token to retrieve next page of results.

CreateRoleBindingRequest Message

A request message of the CreateRoleBinding method.

Name Type Description
parent string (parent name of RoleBinding) Parent name of ntt.iam.v1alpha2.RoleBinding
role_binding RoleBinding RoleBinding resource body
response_mask CreateRoleBindingRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRoleBindingRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRoleBindingRequest Message

A request message of the UpdateRoleBinding method.

Name Type Description
role_binding RoleBinding RoleBinding resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRoleBindingRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRoleBindingRequest.ResponseMask reduce message response size.

UpdateRoleBindingRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state RoleBinding Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRoleBindingRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRoleBindingRequest Message

A request message of the DeleteRoleBinding method.

Name Type Description
name string (name of RoleBinding) Name of ntt.iam.v1alpha2.RoleBinding
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ServiceAccount Resource

ServiceAccount Resource

Name patterns:

  • projects/{project}/regions/{region}/serviceAccounts/{service_account}

Parent resources:

This section covers the methods and messages to interact with ServiceAccount resource.

ServiceAccount Methods

Here is the list of ServiceAccount resource methods:

GetServiceAccount Method

GetServiceAccount

rpc GetServiceAccount(GetServiceAccountRequest) returns (ServiceAccount)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/regions/*/serviceAccounts/*}

BatchGetServiceAccounts Method

BatchGetServiceAccounts

rpc BatchGetServiceAccounts(BatchGetServiceAccountsRequest) returns (BatchGetServiceAccountsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.batchGet

The equivalent REST API is:

GET /v1alpha2/serviceAccounts:batchGet

ListServiceAccounts Method

ListServiceAccounts

rpc ListServiceAccounts(ListServiceAccountsRequest) returns (ListServiceAccountsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*/regions/*}/serviceAccounts

WatchServiceAccount Method

WatchServiceAccount

rpc WatchServiceAccount(WatchServiceAccountRequest) returns (WatchServiceAccountResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/regions/*/serviceAccounts/*}:watch

WatchServiceAccounts Method

WatchServiceAccounts

rpc WatchServiceAccounts(WatchServiceAccountsRequest) returns (WatchServiceAccountsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*/regions/*}/serviceAccounts:watch

CreateServiceAccount Method

CreateServiceAccount

rpc CreateServiceAccount(CreateServiceAccountRequest) returns (ServiceAccount)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.create

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*/regions/*}/serviceAccounts (BODY: service_account)

UpdateServiceAccount Method

UpdateServiceAccount

rpc UpdateServiceAccount(UpdateServiceAccountRequest) returns (ServiceAccount)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.update

The equivalent REST API is:

PUT /v1alpha2/{service_account.name=projects/*/regions/*/serviceAccounts/*} (BODY: service_account)

DeleteServiceAccount Method

DeleteServiceAccount

rpc DeleteServiceAccount(DeleteServiceAccountRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccounts.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/regions/*/serviceAccounts/*}

ServiceAccount Messages

Here is the list of ServiceAccount resource messages:

ServiceAccount Message

Name Type Description
name string (name of ServiceAccount) Name of ServiceAccount When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-_]{0,55}[a-z0-9]
display_name string Display Name
email string Email
metadata Meta Additional meta information about service account

GetServiceAccountRequest Message

A request message of the GetServiceAccount method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1alpha2.ServiceAccount
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountsRequest Message

A request message of the BatchGetServiceAccounts method.

Name Type Description
names repeated string (name of ServiceAccount) Names of ServiceAccounts
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountsResponse Message

A response message of the BatchGetServiceAccounts method.

Name Type Description
service_accounts repeated ServiceAccount found ServiceAccounts
missing repeated string (name of ServiceAccount) list of not found ServiceAccounts

ListServiceAccountsRequest Message

A request message of the ListServiceAccounts method.

Name Type Description
parent string (parent name of ServiceAccount) Parent name of ntt.iam.v1alpha2.ServiceAccount
page_size int32 Requested page size. Server may return fewer ServiceAccounts than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ServiceAccount) A token identifying a page of results the server should return. Typically, this is the value of ListServiceAccountsResponse.next_page_token.
order_by string (orderBy of ServiceAccount) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ServiceAccount) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListServiceAccountsResponse Message

A response message of the ListServiceAccounts method.

Name Type Description
service_accounts repeated ServiceAccount The list of ServiceAccounts
prev_page_token string (cursor of ServiceAccount) A token to retrieve previous page of results. Pass this value in the ListServiceAccountsRequest.page_token.
next_page_token string (cursor of ServiceAccount) A token to retrieve next page of results. Pass this value in the ListServiceAccountsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ServiceAccounts across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchServiceAccountRequest Message

A request message of the WatchServiceAccount method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1alpha2.ServiceAccount
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchServiceAccountResponse Message

A response message of the WatchServiceAccount method.

Name Type Description
change ServiceAccountChange

WatchServiceAccountsRequest Message

A request message of the WatchServiceAccounts method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ServiceAccount) Parent name of ntt.iam.v1alpha2.ServiceAccount
page_size int32 Requested page size. Server may return fewer ServiceAccounts than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ServiceAccount) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ServiceAccount) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ServiceAccount) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ServiceAccount that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ServiceAccount that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchServiceAccountsResponse Message

A response message of the WatchServiceAccounts method.

Name Type Description
service_account_changes repeated ServiceAccountChange Changes of ServiceAccounts
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ServiceAccounts will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchServiceAccountsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ServiceAccounts will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchServiceAccountsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ServiceAccount) New token to retrieve previous page of results.
next_page_token string (cursor of ServiceAccount) New token to retrieve next page of results.

CreateServiceAccountRequest Message

A request message of the CreateServiceAccount method.

Name Type Description
parent string (parent name of ServiceAccount) Parent name of ntt.iam.v1alpha2.ServiceAccount
service_account ServiceAccount ServiceAccount resource body
response_mask CreateServiceAccountRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateServiceAccountRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateServiceAccountRequest Message

A request message of the UpdateServiceAccount method.

Name Type Description
service_account ServiceAccount ServiceAccount resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateServiceAccountRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateServiceAccountRequest.ResponseMask reduce message response size.

UpdateServiceAccountRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ServiceAccount Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateServiceAccountRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteServiceAccountRequest Message

A request message of the DeleteServiceAccount method.

Name Type Description
name string (name of ServiceAccount) Name of ntt.iam.v1alpha2.ServiceAccount
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ServiceAccountKey Resource

Represents a key pair for the service account

Name patterns:

  • projects/{project}/regions/{region}/serviceAccounts/{service_account}/serviceAccountKeys/{service_account_key}

Parent resources:

This section covers the methods and messages to interact with ServiceAccountKey resource.

ServiceAccountKey Methods

Here is the list of ServiceAccountKey resource methods:

GetServiceAccountKey Method

GetServiceAccountKey

rpc GetServiceAccountKey(GetServiceAccountKeyRequest) returns (ServiceAccountKey)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*}

BatchGetServiceAccountKeys Method

BatchGetServiceAccountKeys

rpc BatchGetServiceAccountKeys(BatchGetServiceAccountKeysRequest) returns (BatchGetServiceAccountKeysResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.batchGet

The equivalent REST API is:

GET /v1alpha2/serviceAccountKeys:batchGet

ListServiceAccountKeys Method

ListServiceAccountKeys

rpc ListServiceAccountKeys(ListServiceAccountKeysRequest) returns (ListServiceAccountKeysResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*/regions/*/serviceAccounts/*}/serviceAccountKeys

WatchServiceAccountKey Method

WatchServiceAccountKey

rpc WatchServiceAccountKey(WatchServiceAccountKeyRequest) returns (WatchServiceAccountKeyResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*}:watch

WatchServiceAccountKeys Method

WatchServiceAccountKeys

rpc WatchServiceAccountKeys(WatchServiceAccountKeysRequest) returns (WatchServiceAccountKeysResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*/regions/*/serviceAccounts/*}/serviceAccountKeys:watch

CreateServiceAccountKey Method

CreateServiceAccountKey

rpc CreateServiceAccountKey(CreateServiceAccountKeyRequest) returns (ServiceAccountKey)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.create

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*/regions/*/serviceAccounts/*}/serviceAccountKeys (BODY: service_account_key)

UpdateServiceAccountKey Method

UpdateServiceAccountKey

rpc UpdateServiceAccountKey(UpdateServiceAccountKeyRequest) returns (ServiceAccountKey)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.update

The equivalent REST API is:

PUT /v1alpha2/{service_account_key.name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*} (BODY: service_account_key)

DeleteServiceAccountKey Method

DeleteServiceAccountKey

rpc DeleteServiceAccountKey(DeleteServiceAccountKeyRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/serviceAccountKeys.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/regions/*/serviceAccounts/*/serviceAccountKeys/*}

ServiceAccountKey Messages

Here is the list of ServiceAccountKey resource messages:

ServiceAccountKey Message

Name Type Description
name string (name of ServiceAccountKey) Name of ServiceAccountKey When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
display_name string Display name
public_key_data string Public key contents
private_key_data string The private key of the pair. This field is only provided in CreateServiceAccountKey responses. Private keys are NOT stored on the server.
api_key string Api key is set if algorithm is equal to API_KEY and provided in CreateServiceAccountKey responses. They are not stored on the server, so caller is obliged to remember its value. If lost, its is necessary to create new key. Api key must be used in authorization header token when making request: - Authorization: “Bearer $API_KEY” Example for curl: $ curl -X GET -H “Authorization: Bearer $API_KEY” -s $URL
algorithm ServiceAccountKey.Algorithm The algorithm used to generate the key.
valid_not_before .google.protobuf.Timestamp The key is not valid before this timestamp.
valid_not_after .google.protobuf.Timestamp The key is not valid after this timestamp.
metadata Meta Metadata

GetServiceAccountKeyRequest Message

A request message of the GetServiceAccountKey method.

Name Type Description
name string (name of ServiceAccountKey) Name of ntt.iam.v1alpha2.ServiceAccountKey
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountKeysRequest Message

A request message of the BatchGetServiceAccountKeys method.

Name Type Description
names repeated string (name of ServiceAccountKey) Names of ServiceAccountKeys
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetServiceAccountKeysResponse Message

A response message of the BatchGetServiceAccountKeys method.

Name Type Description
service_account_keys repeated ServiceAccountKey found ServiceAccountKeys
missing repeated string (name of ServiceAccountKey) list of not found ServiceAccountKeys

ListServiceAccountKeysRequest Message

A request message of the ListServiceAccountKeys method.

Name Type Description
parent string (parent name of ServiceAccountKey) Parent name of ntt.iam.v1alpha2.ServiceAccountKey
page_size int32 Requested page size. Server may return fewer ServiceAccountKeys than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ServiceAccountKey) A token identifying a page of results the server should return. Typically, this is the value of ListServiceAccountKeysResponse.next_page_token.
order_by string (orderBy of ServiceAccountKey) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ServiceAccountKey) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListServiceAccountKeysResponse Message

A response message of the ListServiceAccountKeys method.

Name Type Description
service_account_keys repeated ServiceAccountKey The list of ServiceAccountKeys
prev_page_token string (cursor of ServiceAccountKey) A token to retrieve previous page of results. Pass this value in the ListServiceAccountKeysRequest.page_token.
next_page_token string (cursor of ServiceAccountKey) A token to retrieve next page of results. Pass this value in the ListServiceAccountKeysRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ServiceAccountKeys across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchServiceAccountKeyRequest Message

A request message of the WatchServiceAccountKey method.

Name Type Description
name string (name of ServiceAccountKey) Name of ntt.iam.v1alpha2.ServiceAccountKey
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchServiceAccountKeyResponse Message

A response message of the WatchServiceAccountKey method.

Name Type Description
change ServiceAccountKeyChange

WatchServiceAccountKeysRequest Message

A request message of the WatchServiceAccountKeys method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ServiceAccountKey) Parent name of ntt.iam.v1alpha2.ServiceAccountKey
page_size int32 Requested page size. Server may return fewer ServiceAccountKeys than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ServiceAccountKey) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ServiceAccountKey) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ServiceAccountKey) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ServiceAccountKey that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ServiceAccountKey that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchServiceAccountKeysResponse Message

A response message of the WatchServiceAccountKeys method.

Name Type Description
service_account_key_changes repeated ServiceAccountKeyChange Changes of ServiceAccountKeys
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ServiceAccountKeys will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchServiceAccountKeysResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ServiceAccountKeys will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchServiceAccountKeysResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ServiceAccountKey) New token to retrieve previous page of results.
next_page_token string (cursor of ServiceAccountKey) New token to retrieve next page of results.

CreateServiceAccountKeyRequest Message

A request message of the CreateServiceAccountKey method.

Name Type Description
parent string (parent name of ServiceAccountKey) Parent name of ntt.iam.v1alpha2.ServiceAccountKey
service_account_key ServiceAccountKey ServiceAccountKey resource body
response_mask CreateServiceAccountKeyRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateServiceAccountKeyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateServiceAccountKeyRequest Message

A request message of the UpdateServiceAccountKey method.

Name Type Description
service_account_key ServiceAccountKey ServiceAccountKey resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateServiceAccountKeyRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateServiceAccountKeyRequest.ResponseMask reduce message response size.

UpdateServiceAccountKeyRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ServiceAccountKey Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateServiceAccountKeyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteServiceAccountKeyRequest Message

A request message of the DeleteServiceAccountKey method.

Name Type Description
name string (name of ServiceAccountKey) Name of ntt.iam.v1alpha2.ServiceAccountKey
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ServiceAccountKey Enumerations

Here is the list of ServiceAccountKey resource enumerations:

ServiceAccountKey.Algorithm Enumeration

Name Description
KEY_ALGORITHM_UNSPECIFIED
RSA_1024
RSA_2048
RSA_4096
API_KEY

User Resource

User Resource

Name patterns:

  • users/{user}

This section covers the methods and messages to interact with User resource.

User Methods

Here is the list of User resource methods:

GetUser Method

GetUser

rpc GetUser(GetUserRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.get

The equivalent REST API is:

GET /v1alpha2/{name=users/*}

BatchGetUsers Method

BatchGetUsers

rpc BatchGetUsers(BatchGetUsersRequest) returns (BatchGetUsersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.batchGet

The equivalent REST API is:

GET /v1alpha2/users:batchGet

ListUsers Method

ListUsers

rpc ListUsers(ListUsersRequest) returns (ListUsersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.list

The equivalent REST API is:

GET /v1alpha2/users

WatchUser Method

WatchUser

rpc WatchUser(WatchUserRequest) returns (WatchUserResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.watch

The equivalent REST API is:

POST /v1alpha2/{name=users/*}:watch

WatchUsers Method

WatchUsers

rpc WatchUsers(WatchUsersRequest) returns (WatchUsersResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.watch

The equivalent REST API is:

POST /v1alpha2/users:watch

CreateUser Method

CreateUser

rpc CreateUser(CreateUserRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.create

The equivalent REST API is:

POST /v1alpha2/users (BODY: user)

UpdateUser Method

UpdateUser

rpc UpdateUser(UpdateUserRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.update

The equivalent REST API is:

PUT /v1alpha2/{user.name=users/*} (BODY: user)

DeleteUser Method

DeleteUser

rpc DeleteUser(DeleteUserRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=users/*}

GetUserByEmail Method

GetUserByEmail

rpc GetUserByEmail(GetUserByEmailRequest) returns (User)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.getByEmail

The equivalent REST API is:

POST /v1alpha2:getByEmail

BatchGetUsersByEmail Method

BatchGetUsersByEmail

rpc BatchGetUsersByEmail(BatchGetUsersByEmailRequest) returns (BatchGetUsersByEmailResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.batchGetByEmail

The equivalent REST API is:

POST /v1alpha2/users:batchGetByEmail

GetMySettings Method

GetMySettings

rpc GetMySettings(GetMySettingsRequest) returns (GetMySettingsResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.getMySettings

The equivalent REST API is:

POST /v1alpha2/users:getMySettings

SetMySettings Method

SetMySettings

rpc SetMySettings(SetMySettingsRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.setMySettings

The equivalent REST API is:

POST /v1alpha2/users:setMySettings

RefreshUserFromIdToken Method

RefreshUserFromIdToken

rpc RefreshUserFromIdToken(RefreshUserFromIdTokenRequest) returns (RefreshUserFromIdTokenResponse)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.refreshUserFromIdToken

The equivalent REST API is:

POST /v1alpha2/users:refreshUserFromIdToken

ResendVerificationEmail Method

ResendVerificationEmail

rpc ResendVerificationEmail(ResendVerificationEmailRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.resendVerificationEmail

The equivalent REST API is:

POST /v1alpha2/users:resendVerificationEmail

IsUserVerified Method

IsUserVerified

rpc IsUserVerified(IsUserVerifiedRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.isUserVerified

The equivalent REST API is:

POST /v1alpha2/users:isUserVerified

ResetMFAIfRecoveryKeyUsed Method

ResetMFAIfRecoveryKeyUsed

rpc ResetMFAIfRecoveryKeyUsed(ResetMFAIfRecoveryKeyUsedRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.resetMFAIfRecoveryKeyUsed

The equivalent REST API is:

POST /v1alpha2/users:resetMFAIfRecoveryKeyUsed

SetUsersNameInAuth0 Method

SetUsersNameInAuth0

rpc SetUsersNameInAuth0(SetUsersNameInAuth0Request) returns (Empty)

with the following messages:

Required Permissions:

  • services/iam.edgelq.com/permissions/users.setUsersNameInAuth0

The equivalent REST API is:

POST /v1alpha2/users:setUsersNameInAuth0

User Messages

Here is the list of User resource messages:

User Message

Name Type Description
name string (name of User) Name of User When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w.@
full_name string Full Name
metadata Meta Metadata
email string Email
email_verified bool Is email verified
auth_info User.AuthInfo
settings map<string, string> User settings and preferences
refreshed_time .google.protobuf.Timestamp

User.AuthInfo Message

Name Type Description
provider string auth provider
id string auth provider id

GetUserRequest Message

A request message of the GetUser method.

Name Type Description
name string (name of User) Name of ntt.iam.v1alpha2.User
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetUsersRequest Message

A request message of the BatchGetUsers method.

Name Type Description
names repeated string (name of User) Names of Users
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetUsersResponse Message

A response message of the BatchGetUsers method.

Name Type Description
users repeated User found Users
missing repeated string (name of User) list of not found Users

ListUsersRequest Message

A request message of the ListUsers method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Users than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of User) A token identifying a page of results the server should return. Typically, this is the value of ListUsersResponse.next_page_token.
order_by string (orderBy of User) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of User) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListUsersResponse Message

A response message of the ListUsers method.

Name Type Description
users repeated User The list of Users
prev_page_token string (cursor of User) A token to retrieve previous page of results. Pass this value in the ListUsersRequest.page_token.
next_page_token string (cursor of User) A token to retrieve next page of results. Pass this value in the ListUsersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Users across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchUserRequest Message

A request message of the WatchUser method.

Name Type Description
name string (name of User) Name of ntt.iam.v1alpha2.User
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchUserResponse Message

A response message of the WatchUser method.

Name Type Description
change UserChange

WatchUsersRequest Message

A request message of the WatchUsers method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Users than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of User) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of User) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of User) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to User that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to User that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchUsersResponse Message

A response message of the WatchUsers method.

Name Type Description
user_changes repeated UserChange Changes of Users
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Users will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchUsersResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Users will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchUsersResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of User) New token to retrieve previous page of results.
next_page_token string (cursor of User) New token to retrieve next page of results.

CreateUserRequest Message

A request message of the CreateUser method.

Name Type Description
user User User resource body
response_mask CreateUserRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateUserRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateUserRequest Message

A request message of the UpdateUser method.

Name Type Description
user User User resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateUserRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateUserRequest.ResponseMask reduce message response size.

UpdateUserRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state User Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateUserRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteUserRequest Message

A request message of the DeleteUser method.

Name Type Description
name string (name of User) Name of ntt.iam.v1alpha2.User
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetUserByEmailRequest Message

Request message for method [GetUserByEmail][ntt.iam.v1alpha2.GetUserByEmail]

Name Type Description
email string reference of ntt.iam.v1alpha2.User
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
skip_cache bool If true, server will skip checking if query result is present in it’s cache

BatchGetUsersByEmailRequest Message

Request message for method [BatchGetUsersByEmail][ntt.iam.v1alpha2.BatchGetUsersByEmail]

Name Type Description
emails repeated string Emails of users
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
skip_cache bool If true, server will skip checking if query result is present in it’s cache

BatchGetUsersByEmailResponse Message

Response message for method [BatchGetUsersByEmail][ntt.iam.v1alpha2.BatchGetUsersByEmail]

Name Type Description
users repeated User found Users
missing repeated string list of not found user emails

GetMySettingsRequest Message

Request message for method [GetMySettings][ntt.iam.v1alpha2.GetMySettings]

Name Type Description
keys repeated string list of keys to retrieve

GetMySettingsResponse Message

Response message for method [GetMySettings][ntt.iam.v1alpha2.GetMySettings]

Name Type Description
settings map<string, string> resulting settings

SetMySettingsRequest Message

Request message for method [SetMySettings][ntt.iam.v1alpha2.SetMySettings]

Name Type Description
settings map<string, string> Settings to update. Leave empty value to unset key

RefreshUserFromIdTokenRequest Message

Request message for method [RefreshUserFromIdToken][ntt.iam.v1alpha2.RefreshUserFromIdToken]

Name Type Description
id_token string JWT-encoded ID token

RefreshUserFromIdTokenResponse Message

Response message for method [RefreshUserFromIdToken][ntt.iam.v1alpha2.RefreshUserFromIdToken]

Name Type Description
none none none

ResendVerificationEmailRequest Message

Request message for method [ResendVerificationEmail][ntt.iam.v1alpha2.ResendVerificationEmail]

Name Type Description
none none none

IsUserVerifiedRequest Message

Request message for method [IsUserVerified][ntt.iam.v1alpha2.IsUserVerified]

Name Type Description
none none none

ResetMFAIfRecoveryKeyUsedRequest Message

Request message for method [ResetMFAIfRecoveryKeyUsed][ntt.iam.v1alpha2.ResetMFAIfRecoveryKeyUsed]

Name Type Description
none none none

SetUsersNameInAuth0Request Message

Request message for method [SetUsersNameInAuth0][ntt.iam.v1alpha2.SetUsersNameInAuth0]

Name Type Description
none none none

IAM Service Shared Methods and Messages

IAM Service Shared Messages

Here is the list of IAM service shared messages:

Actor Message

Actor is a party performing an action

Name Type Description
user string (reference to User)
service_account string (reference to ServiceAccount)

AttestationDomainChange Message

AttestationDomainChange is used by Watch notifications Responses to describe change of single AttestationDomain One of Added, Modified, Removed

Name Type Description
added AttestationDomainChange.Added Added is returned when watched document is added, either created or enters Query view
modified AttestationDomainChange.Modified Modified is returned when watched document is modified
current AttestationDomainChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AttestationDomainChange.Removed Removed is returned when AttestationDomain is deleted or leaves Query view

AttestationDomainChange.Added Message

AttestationDomain has been added to query view

Name Type Description
attestation_domain AttestationDomain
view_index int32 Integer describing index of added AttestationDomain in resulting query view.

AttestationDomainChange.Current Message

AttestationDomain has been added or modified in a query view. Version used for stateless watching

Name Type Description
attestation_domain AttestationDomain

AttestationDomainChange.Modified Message

AttestationDomain changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AttestationDomain) Name of modified AttestationDomain
attestation_domain AttestationDomain New version of AttestationDomain or masked difference, depending on mask_changes instrumentation of issued [WatchAttestationDomainRequest] or [WatchAttestationDomainsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AttestationDomain. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AttestationDomain new index in resulting query view.

AttestationDomainChange.Removed Message

Removed is returned when AttestationDomain is deleted or leaves Query view

Name Type Description
name string (name of AttestationDomain)
view_index int32 Integer specifying removed AttestationDomain index. Not populated in stateless watch type.

Check Message

Check contains

Name Type Description
object string Object resource name, e.g. projects/<project_id>/devices/<device_id>
permissions repeated string (name of Permission) Array of permissions to be verified

CheckResult Message

Name Type Description
object string Object resource name, e.g. projects/<project_id>/devices/<device_id>
granted_permissions repeated string (name of Permission) Granted Permissions
conditionally_granted_permissions repeated ConditionalGrant

ConditionBinding Message

ConditionBinding represents instantiantion of condi

Name Type Description
condition string (reference to Condition) Reference to Condition which may also be parameterized
parameters map<string, string> TODO: Deprecated, use params instead
params .google.protobuf.Struct Parameters in string form. Parameters must match [declarations][ntt.iam.v1alpha2.Condition.parameter_declarations]

ConditionChange Message

ConditionChange is used by Watch notifications Responses to describe change of single Condition One of Added, Modified, Removed

Name Type Description
added ConditionChange.Added Added is returned when watched document is added, either created or enters Query view
modified ConditionChange.Modified Modified is returned when watched document is modified
current ConditionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ConditionChange.Removed Removed is returned when Condition is deleted or leaves Query view

ConditionChange.Added Message

Condition has been added to query view

Name Type Description
condition Condition
view_index int32 Integer describing index of added Condition in resulting query view.

ConditionChange.Current Message

Condition has been added or modified in a query view. Version used for stateless watching

Name Type Description
condition Condition

ConditionChange.Modified Message

Condition changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Condition) Name of modified Condition
condition Condition New version of Condition or masked difference, depending on mask_changes instrumentation of issued [WatchConditionRequest] or [WatchConditionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Condition. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Condition new index in resulting query view.

ConditionChange.Removed Message

Removed is returned when Condition is deleted or leaves Query view

Name Type Description
name string (name of Condition)
view_index int32 Integer specifying removed Condition index. Not populated in stateless watch type.

ConditionalGrant Message

ConditionalGrant represents grant on repeated list of permissions if all of conditions is met.

Name Type Description
permissions repeated string (name of Permission)
condition_bindings repeated ConditionBinding

GroupChange Message

GroupChange is used by Watch notifications Responses to describe change of single Group One of Added, Modified, Removed

Name Type Description
added GroupChange.Added Added is returned when watched document is added, either created or enters Query view
modified GroupChange.Modified Modified is returned when watched document is modified
current GroupChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed GroupChange.Removed Removed is returned when Group is deleted or leaves Query view

GroupChange.Added Message

Group has been added to query view

Name Type Description
group Group
view_index int32 Integer describing index of added Group in resulting query view.

GroupChange.Current Message

Group has been added or modified in a query view. Version used for stateless watching

Name Type Description
group Group

GroupChange.Modified Message

Group changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Group) Name of modified Group
group Group New version of Group or masked difference, depending on mask_changes instrumentation of issued [WatchGroupRequest] or [WatchGroupsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Group. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Group new index in resulting query view.

GroupChange.Removed Message

Removed is returned when Group is deleted or leaves Query view

Name Type Description
name string (name of Group)
view_index int32 Integer specifying removed Group index. Not populated in stateless watch type.

GroupMemberChange Message

GroupMemberChange is used by Watch notifications Responses to describe change of single GroupMember One of Added, Modified, Removed

Name Type Description
added GroupMemberChange.Added Added is returned when watched document is added, either created or enters Query view
modified GroupMemberChange.Modified Modified is returned when watched document is modified
current GroupMemberChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed GroupMemberChange.Removed Removed is returned when GroupMember is deleted or leaves Query view

GroupMemberChange.Added Message

GroupMember has been added to query view

Name Type Description
group_member GroupMember
view_index int32 Integer describing index of added GroupMember in resulting query view.

GroupMemberChange.Current Message

GroupMember has been added or modified in a query view. Version used for stateless watching

Name Type Description
group_member GroupMember

GroupMemberChange.Modified Message

GroupMember changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of GroupMember) Name of modified GroupMember
group_member GroupMember New version of GroupMember or masked difference, depending on mask_changes instrumentation of issued [WatchGroupMemberRequest] or [WatchGroupMembersRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified GroupMember. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying GroupMember new index in resulting query view.

GroupMemberChange.Removed Message

Removed is returned when GroupMember is deleted or leaves Query view

Name Type Description
name string (name of GroupMember)
view_index int32 Integer specifying removed GroupMember index. Not populated in stateless watch type.

Invitation Message

Common invitation body. It’s used in Project/Organization Invitations

Name Type Description
invitee_email string Invitee Email address
inviter_actor Actor Inviter User
inviter_full_name string Denormalized data - TODO: remove it
inviter_email string Inviter Email
language_code string Invitation ISO language code. Defaults to “en-us” (American English).
roles repeated string (reference to Role) List of Roles to be granted on project when invitation is accepted
expiration_date .google.protobuf.Timestamp Expiration date
extras map<string, string> Extra custom fields to further customize invitation experience. Fields should be agreed between sender (usually UI) and documented in the template of email service provider.
state Invitation.State Status of Invitation

OrganizationChange Message

OrganizationChange is used by Watch notifications Responses to describe change of single Organization One of Added, Modified, Removed

Name Type Description
added OrganizationChange.Added Added is returned when watched document is added, either created or enters Query view
modified OrganizationChange.Modified Modified is returned when watched document is modified
current OrganizationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed OrganizationChange.Removed Removed is returned when Organization is deleted or leaves Query view

OrganizationChange.Added Message

Organization has been added to query view

Name Type Description
organization Organization
view_index int32 Integer describing index of added Organization in resulting query view.

OrganizationChange.Current Message

Organization has been added or modified in a query view. Version used for stateless watching

Name Type Description
organization Organization

OrganizationChange.Modified Message

Organization changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Organization) Name of modified Organization
organization Organization New version of Organization or masked difference, depending on mask_changes instrumentation of issued [WatchOrganizationRequest] or [WatchOrganizationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Organization. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Organization new index in resulting query view.

OrganizationChange.Removed Message

Removed is returned when Organization is deleted or leaves Query view

Name Type Description
name string (name of Organization)
view_index int32 Integer specifying removed Organization index. Not populated in stateless watch type.

OrganizationInvitationChange Message

OrganizationInvitationChange is used by Watch notifications Responses to describe change of single OrganizationInvitation One of Added, Modified, Removed

Name Type Description
added OrganizationInvitationChange.Added Added is returned when watched document is added, either created or enters Query view
modified OrganizationInvitationChange.Modified Modified is returned when watched document is modified
current OrganizationInvitationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed OrganizationInvitationChange.Removed Removed is returned when OrganizationInvitation is deleted or leaves Query view

OrganizationInvitationChange.Added Message

OrganizationInvitation has been added to query view

Name Type Description
organization_invitation OrganizationInvitation
view_index int32 Integer describing index of added OrganizationInvitation in resulting query view.

OrganizationInvitationChange.Current Message

OrganizationInvitation has been added or modified in a query view. Version used for stateless watching

Name Type Description
organization_invitation OrganizationInvitation

OrganizationInvitationChange.Modified Message

OrganizationInvitation changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of OrganizationInvitation) Name of modified OrganizationInvitation
organization_invitation OrganizationInvitation New version of OrganizationInvitation or masked difference, depending on mask_changes instrumentation of issued [WatchOrganizationInvitationRequest] or [WatchOrganizationInvitationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified OrganizationInvitation. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying OrganizationInvitation new index in resulting query view.

OrganizationInvitationChange.Removed Message

Removed is returned when OrganizationInvitation is deleted or leaves Query view

Name Type Description
name string (name of OrganizationInvitation)
view_index int32 Integer specifying removed OrganizationInvitation index. Not populated in stateless watch type.

PCR Message

Name Type Description
index uint32s
digest_hex string Hex-encoded digest string (without 0x prefix, e.g. “DEADBEEF”)
digest_alg DigestAlg
comment string User’s comments for this entry

PermissionChange Message

PermissionChange is used by Watch notifications Responses to describe change of single Permission One of Added, Modified, Removed

Name Type Description
added PermissionChange.Added Added is returned when watched document is added, either created or enters Query view
modified PermissionChange.Modified Modified is returned when watched document is modified
current PermissionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PermissionChange.Removed Removed is returned when Permission is deleted or leaves Query view

PermissionChange.Added Message

Permission has been added to query view

Name Type Description
permission Permission
view_index int32 Integer describing index of added Permission in resulting query view.

PermissionChange.Current Message

Permission has been added or modified in a query view. Version used for stateless watching

Name Type Description
permission Permission

PermissionChange.Modified Message

Permission changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Permission) Name of modified Permission
permission Permission New version of Permission or masked difference, depending on mask_changes instrumentation of issued [WatchPermissionRequest] or [WatchPermissionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Permission. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Permission new index in resulting query view.

PermissionChange.Removed Message

Removed is returned when Permission is deleted or leaves Query view

Name Type Description
name string (name of Permission)
view_index int32 Integer specifying removed Permission index. Not populated in stateless watch type.

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

ProjectInvitationChange Message

ProjectInvitationChange is used by Watch notifications Responses to describe change of single ProjectInvitation One of Added, Modified, Removed

Name Type Description
added ProjectInvitationChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectInvitationChange.Modified Modified is returned when watched document is modified
current ProjectInvitationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectInvitationChange.Removed Removed is returned when ProjectInvitation is deleted or leaves Query view

ProjectInvitationChange.Added Message

ProjectInvitation has been added to query view

Name Type Description
project_invitation ProjectInvitation
view_index int32 Integer describing index of added ProjectInvitation in resulting query view.

ProjectInvitationChange.Current Message

ProjectInvitation has been added or modified in a query view. Version used for stateless watching

Name Type Description
project_invitation ProjectInvitation

ProjectInvitationChange.Modified Message

ProjectInvitation changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of ProjectInvitation) Name of modified ProjectInvitation
project_invitation ProjectInvitation New version of ProjectInvitation or masked difference, depending on mask_changes instrumentation of issued [WatchProjectInvitationRequest] or [WatchProjectInvitationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified ProjectInvitation. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying ProjectInvitation new index in resulting query view.

ProjectInvitationChange.Removed Message

Removed is returned when ProjectInvitation is deleted or leaves Query view

Name Type Description
name string (name of ProjectInvitation)
view_index int32 Integer specifying removed ProjectInvitation index. Not populated in stateless watch type.

RoleBindingChange Message

RoleBindingChange is used by Watch notifications Responses to describe change of single RoleBinding One of Added, Modified, Removed

Name Type Description
added RoleBindingChange.Added Added is returned when watched document is added, either created or enters Query view
modified RoleBindingChange.Modified Modified is returned when watched document is modified
current RoleBindingChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RoleBindingChange.Removed Removed is returned when RoleBinding is deleted or leaves Query view

RoleBindingChange.Added Message

RoleBinding has been added to query view

Name Type Description
role_binding RoleBinding
view_index int32 Integer describing index of added RoleBinding in resulting query view.

RoleBindingChange.Current Message

RoleBinding has been added or modified in a query view. Version used for stateless watching

Name Type Description
role_binding RoleBinding

RoleBindingChange.Modified Message

RoleBinding changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of RoleBinding) Name of modified RoleBinding
role_binding RoleBinding New version of RoleBinding or masked difference, depending on mask_changes instrumentation of issued [WatchRoleBindingRequest] or [WatchRoleBindingsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified RoleBinding. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying RoleBinding new index in resulting query view.

RoleBindingChange.Removed Message

Removed is returned when RoleBinding is deleted or leaves Query view

Name Type Description
name string (name of RoleBinding)
view_index int32 Integer specifying removed RoleBinding index. Not populated in stateless watch type.

RoleChange Message

RoleChange is used by Watch notifications Responses to describe change of single Role One of Added, Modified, Removed

Name Type Description
added RoleChange.Added Added is returned when watched document is added, either created or enters Query view
modified RoleChange.Modified Modified is returned when watched document is modified
current RoleChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RoleChange.Removed Removed is returned when Role is deleted or leaves Query view

RoleChange.Added Message

Role has been added to query view

Name Type Description
role Role
view_index int32 Integer describing index of added Role in resulting query view.

RoleChange.Current Message

Role has been added or modified in a query view. Version used for stateless watching

Name Type Description
role Role

RoleChange.Modified Message

Role changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Role) Name of modified Role
role Role New version of Role or masked difference, depending on mask_changes instrumentation of issued [WatchRoleRequest] or [WatchRolesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Role. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Role new index in resulting query view.

RoleChange.Removed Message

Removed is returned when Role is deleted or leaves Query view

Name Type Description
name string (name of Role)
view_index int32 Integer specifying removed Role index. Not populated in stateless watch type.

ServiceAccountChange Message

ServiceAccountChange is used by Watch notifications Responses to describe change of single ServiceAccount One of Added, Modified, Removed

Name Type Description
added ServiceAccountChange.Added Added is returned when watched document is added, either created or enters Query view
modified ServiceAccountChange.Modified Modified is returned when watched document is modified
current ServiceAccountChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ServiceAccountChange.Removed Removed is returned when ServiceAccount is deleted or leaves Query view

ServiceAccountChange.Added Message

ServiceAccount has been added to query view

Name Type Description
service_account ServiceAccount
view_index int32 Integer describing index of added ServiceAccount in resulting query view.

ServiceAccountChange.Current Message

ServiceAccount has been added or modified in a query view. Version used for stateless watching

Name Type Description
service_account ServiceAccount

ServiceAccountChange.Modified Message

ServiceAccount changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of ServiceAccount) Name of modified ServiceAccount
service_account ServiceAccount New version of ServiceAccount or masked difference, depending on mask_changes instrumentation of issued [WatchServiceAccountRequest] or [WatchServiceAccountsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified ServiceAccount. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying ServiceAccount new index in resulting query view.

ServiceAccountChange.Removed Message

Removed is returned when ServiceAccount is deleted or leaves Query view

Name Type Description
name string (name of ServiceAccount)
view_index int32 Integer specifying removed ServiceAccount index. Not populated in stateless watch type.

ServiceAccountKeyChange Message

ServiceAccountKeyChange is used by Watch notifications Responses to describe change of single ServiceAccountKey One of Added, Modified, Removed

Name Type Description
added ServiceAccountKeyChange.Added Added is returned when watched document is added, either created or enters Query view
modified ServiceAccountKeyChange.Modified Modified is returned when watched document is modified
current ServiceAccountKeyChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ServiceAccountKeyChange.Removed Removed is returned when ServiceAccountKey is deleted or leaves Query view

ServiceAccountKeyChange.Added Message

ServiceAccountKey has been added to query view

Name Type Description
service_account_key ServiceAccountKey
view_index int32 Integer describing index of added ServiceAccountKey in resulting query view.

ServiceAccountKeyChange.Current Message

ServiceAccountKey has been added or modified in a query view. Version used for stateless watching

Name Type Description
service_account_key ServiceAccountKey

ServiceAccountKeyChange.Modified Message

ServiceAccountKey changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of ServiceAccountKey) Name of modified ServiceAccountKey
service_account_key ServiceAccountKey New version of ServiceAccountKey or masked difference, depending on mask_changes instrumentation of issued [WatchServiceAccountKeyRequest] or [WatchServiceAccountKeysRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified ServiceAccountKey. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying ServiceAccountKey new index in resulting query view.

ServiceAccountKeyChange.Removed Message

Removed is returned when ServiceAccountKey is deleted or leaves Query view

Name Type Description
name string (name of ServiceAccountKey)
view_index int32 Integer specifying removed ServiceAccountKey index. Not populated in stateless watch type.

ServiceBusinessTier Message

ServiceBusinessTier binds specific service with specific business tier. It may be useful if two services use different tier in one organizational entity (project or organization).

Name Type Description
service string (name of Service) Service
business_tier BusinessTier Entity tier value for given service.

ServiceErrors Message

ServiceErrors is generic container wrapping errors with services.

Name Type Description
errors repeated ServiceErrors.Error Errors

ServiceErrors.Error Message

Name Type Description
service string (name of Service) Service for which there are error reports. May be skipped if error is cross-service or is about core EdgeLQ components.
message string Error message

UserChange Message

UserChange is used by Watch notifications Responses to describe change of single User One of Added, Modified, Removed

Name Type Description
added UserChange.Added Added is returned when watched document is added, either created or enters Query view
modified UserChange.Modified Modified is returned when watched document is modified
current UserChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed UserChange.Removed Removed is returned when User is deleted or leaves Query view

UserChange.Added Message

User has been added to query view

Name Type Description
user User
view_index int32 Integer describing index of added User in resulting query view.

UserChange.Current Message

User has been added or modified in a query view. Version used for stateless watching

Name Type Description
user User

UserChange.Modified Message

User changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of User) Name of modified User
user User New version of User or masked difference, depending on mask_changes instrumentation of issued [WatchUserRequest] or [WatchUsersRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified User. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying User new index in resulting query view.

UserChange.Removed Message

Removed is returned when User is deleted or leaves Query view

Name Type Description
name string (name of User)
view_index int32 Integer specifying removed User index. Not populated in stateless watch type.

IAM Service Shared Enumerations

Here is the list of IAM service shared enumerations:

BusinessTier Enumeration

BusinessTier indicates size of organizational entity (project or organization)

Name Description
UNDEFINED
LARGE
MEDIUM
SMALL
XSMALL

DigestAlg Enumeration

Name Description
SHA1
SHA256

Invitation.State Enumeration

Invitation FSM States

Name Description
STATE_UNSPECIFIED
PENDING
ACCEPTED
DECLINED
EXPIRED

TpmVersion Enumeration

Name Description
TPMVAGNOSTIC
TPMV12
TPMV20

VerifyRequest.AskForChallenge.ChallengeFormat Enumeration

Name Description
TPM20_CREDENTIAL Credential Protection as defined in section 24 of the TPM specification revision 2 part 1 See: https://trustedcomputinggroup.org/resource/tpm-library-specification/ Returned primitives are of type TPM2B_ID_OBJECT and TPM2B_ENCRYPTED_SECRET. NOTE: ECC is not supported. Reference implementation: github.com/google/go-attestation@v0.3.2/attest/activation.go:generateChallengeTPM20, which uses github.com/google/go-tmp@v0.3.2/tmp2/credactivation/credential_activation.go:Generate
TPM12_EKBLOB Challenge as defined in section 15.1 of the TPM 1.2 commands spec See: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-3-Commands_v1.2_rev116_01032011.pdf Returned primitives are of type TPM12_EKBLOB (with TPM_EK_BLOB_ACTIVATE) and bytes. Reference implementation: github.com/google/go-attestation@v0.3.2/attest/activation.go:generateChallengeTPM12, which uses github.com/google/go-attestation@v0.3.2/attest/challenge.go:generateChallenge12
TSPI_EKBLOB TSPI_EKBLOB is a TPM1.2 challenge format accepted by TrouSerS daemon’s Tspi_TPM_ActivateIdentity function. As far as I can tell, it’s not documented except in the code. Returned primitives are of type TPM12_EKBLOB (with TPM_EK_BLOB_ACTIVATE) and bytes. Reference implementation: github.com/google/go-attestation@v0.3.2/attest/activation.go:generateChallengeTPM12, which uses github.com/google/go-tspi@v0.3.0/verification/verification.go:GenerateChallengeEx

3 - SPEKTRA Edge Audit Service API

Understanding the Audit service API.

SPEKTRA Edge audit service helps store audit logs to record all API activities for all users and service accounts. Audit logs provide the ability to check who made a specific operation and the actual changes made to the data (for operations such as create/update). The audit log also records the timestamp and the IP address of the user.

There are two types of audit logs:

  1. Activity Logs
  2. Resource Change Logs

The audit logging is automatically enabled for all SPEKTRA Edge services such as IAM, Devices, Applications, Proxies, Monitoring, Limits, Secrets, etc. It is highly recommended to enable it for all 3rd party services too.

Full API Specifications (with resources):

Resources

Activity Logs

Activity logs record all API operations that are performed by any user.

The contents of the activity log include:

  • scope (project, organization, or service name)
  • request ID (useful to correlate with resource change logs)
  • user data (User email or service account details)
  • metadata (Source IP address of the request and user agent name)
  • request method (MethodName and API version)
  • authorization (List of Permissions that are granted for this operation and list of permissions that were denied)
  • Service information (name and region to which the request is made)
  • resource details (resource name, field-mask for the operation, and resource data before and after the API operation )
  • API request category
    • Create
    • Read
    • Delete
    • SpecUpdate
    • StateUpdate
    • MetadataUpdate
    • Custom Operations
    • Internal
    • Rejected
    • ClientError
    • ServerError
  • events related to the request
    • client request
    • server response
    • regions routing
    • etc.

Resource Change Logs

Resource change logs record the details of the events related to changes made on a specific resource. A resource change log is always related to an activity log. A single API request may modify multiple resources and therefore there is a 1:N relation between the activity log and Resource change log. Activity logs and resource change logs can be correlated using the Request ID field.

The contents of resource change logs include:

  • scope
  • request ID
  • timestamp
  • user data (user name or service account details)
  • Service Information (name and the region to which the request is made)
  • resource change details
    • resource name
    • type
    • value of resource before and after the operation
  • Transaction Details
    • Transaction ID
    • retry counter
    • Transaction States:
      • PRE_COMMITTED
      • COMMITTED
      • ROLLED_BACK

Retrieving logs

In this short quickstart guide we will show you how to retrieve both activity logs and resource change logs using our CLI:

Retrieving Activity logs using CLI

Audit logs can be queried by providing three input parameters:

  • Parents

    Project, Organization, or Service name

  • Interval

    Time interval for the queried data. Start time is mandatory. If the end time is not provided, the current time is taken.

  • Filter

    Activity logs can be filtered based on any of the fields in the API schema.

We support =, !=, IN, and NOT IN filter conditions. Multiple conditions can be combined using AND.

Sample query to fetch activity logs for a given resource:

cuttle audit query activity-logs \
  --parents 'projects/<projectID' \
  --filter 'service.name="devices.edgelq.com" \
    and resource.name="projects/<projectID>/regions/us-west2/devices/<deviceID>"' \
  --interval '{"startTime":"2022-06-07T00:00:00Z"}' \
  --page-size 20 -o json

Sample query to fetch activity logs for a given user:

cuttle audit query activity-logs \
  --parents 'projects/<projectID' \
  --filter 'authentication.principal=”user:<emailID>”"' \
  --interval '{"startTime":"2022-06-07T00:00:00Z"}' \
  --page-size 20 -o json

Sample query to fetch all user triggered API operations in IAM service (skip service accounts):

cuttle audit query activity-logs \
  --parents 'projects/<projectID>' \
  --filter 'service.name="iam.edgelq.com" \
    and authentication.principalType="user"' \
  --interval '{"startTime":"2022-08-10T00:00:00Z"}' \
  --page-size 20 \
  -o json

Sample query to fetch activity logs involving important user triggered changes (using IN condition):

cuttle audit query activity-logs \
  --parents 'projects/<projectID>' \
  --filter 'service.name="devices.edgelq.com" and \
    category IN (“Creation”, “SpecUpdate", “Deletion”)' \
  --interval '{"startTime":"2022-06-07T00:00:00Z"}'

Retrieving Resource Change logs using CLI

Resource Change logs can be queried in a similar way to audit logs:

  • Parents

    Project, Organization, or Service name

  • Interval

    Time interval of the queried data. Start time is mandatory. If the end time is not provided, the current time is taken as the end time.

  • Filter

    Filter must mandatorily specify service.name+resource.type or request_id

Sample query to fetch all resource change logs for a specific request ID (from activity log):

cuttle audit query resource-change-logs \
  --parents 'projects/<projectID>' \
  --filter 'requestId=<requestID from activity log> \
  --interval '{"startTime":"2022-07-20T00:00:00Z"}' \
  -o json

Sample query to fetch all resource change logs for a specific resource type:

cuttle audit query resource-change-logs \
  --parents 'projects/<projectID>' \
  --filter 'service.name="devices.edgelq.com" and resource.type="Device"' \
  --interval '{"startTime":"2022-06-01T00:00:00Z"}' \
  --page-size 20 -o json

Sample query to fetch all resource change logs for a specific resource ID:

cuttle audit query resource-change-logs \
  --parents 'projects/<projectID>' \
  --filter 'service.name="devices.edgelq.com" and \
    resource.type="Device" and \
    resource.name="projects/<projectID>/regions/us-west2/devices/<deviceID>"' \
  --interval '{"startTime":"2022-06-01T00:00:00Z"}' \
  --page-size 20 -o json

3.1 -

Understanding the audit.edgelq.com service APIv1, in proto package ntt.audit.v1.

Service audit.edgelq.com in version v1, proto package ntt.audit.v1

Here is the list of resources supported in Audit service APIv1:

ActivityLog Resource

ActivityLog Resource - describes notification of activity triggered by a request sent to an API service. ActivityLog creation is triggered by an API service when it receives either unary or stream request.

ActivityLog contains messages exchanged between client and server within single API call and finally exit status. ActivityLog is method oriented - service name + method name (for example IAM/CreateRoleBinding) is a leading information.

ActivityLog can have N associated ResourceChangeLog objects, if API call it describes made some changes in a data store. You can combine ActivityLog and ResourceChangeLog by making queries with request_id specified in a filter.

Name patterns:

  • projects/{project}/activityLogs/{activity_log}
  • organizations/{organization}/activityLogs/{activity_log}
  • services/{service}/activityLogs/{activity_log}

Parent resources:

This section covers the methods and messages to interact with ActivityLog resource.

ActivityLog Methods

Here is the list of ActivityLog resource methods:

ListActivityLogs Method

ListActivityLogs

rpc ListActivityLogs(ListActivityLogsRequest) returns (ListActivityLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/activityLogs.list

The equivalent REST API is:

GET /v1/activityLogs

CreateActivityLogs Method

CreateActivityLogs

rpc CreateActivityLogs(CreateActivityLogsRequest) returns (CreateActivityLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/activityLogs.create

The equivalent REST API is:

POST /v1/activityLogs (BODY: activity_logs)

ActivityLog Messages

Here is the list of ActivityLog resource messages:

ActivityLog Message

Name Type Description
name string (name of ActivityLog) Name of ActivityLog. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope request_id authentication.principal request_metadata.ip_address request_metadata.user_agent request_routing.via_region request_routing.dest_regions authorization.granted_permissions authorization.denied_permissions service.name service.region_id service.hostname method.type method.version resource.name resource.difference.fields category labels Key is not to be decoded outside of service, but treated as opaque string
scope string Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Example formats are: - organization/umbrella - projects/mars_exploration - services/devices.edgelq.com
request_id uint64 Generated ID of the request. Same ID must be used in ResourceChangeLog objects associated with this request.
authentication Authentication Authentication data - informs who made a request
authorization Authorization Authorization data - informs what permissions were granted or denied for associated request
service ServiceData Information about the service
method ActivityLog.Method Information about the method
request_metadata ActivityLog.RequestMetadata Request metadata
request_routing ActivityLog.RequestRouting Request routing
resource ActivityLog.Resource Primary resource for this activity.
category ActivityLog.Category Category of the activity log.
labels map<string, string> List of query-able labels
events repeated ActivityLog.Event List of events attached to this log

ActivityLog.Event Message

Event associated with activity.

Name Type Description
client_message ActivityLog.Event.ClientMsgEvent Client message received event
server_message ActivityLog.Event.ServerMsgEvent Server message sent event
exit ActivityLog.Event.ExitEvent Request finished event
regional_server_message ActivityLog.Event.RegionalServerMsgEvent Server received response from another server (used for split & merge) which describes PARTIAL result to be sent to the client.
regional_exit ActivityLog.Event.RegionalServerMsgEvent Server received exit code from another server (used for split & merge). In case it contains error, its likely final exit will contain this too.

ActivityLog.Method Message

Description of the executed method

Name Type Description
type string Type name of a method, for example “UpdateRoleBinding”.
version string Version in which method was executed.

ActivityLog.RequestMetadata Message

Additional information about request caller

Name Type Description
ip_address string Source IP from where request came
user_agent string Agent used by the request caller

ActivityLog.RequestRouting Message

Additional information regarding request routing. Request can be:

  • Received and executed locally
  • Received and redirected to another region
  • Received, then split across multiple-regions. Responses are merged before sending back to client
Name Type Description
via_region string ID of a region which originally received request, if redirection or split & merge was required
dest_regions repeated string IDs of regions to which request was actually addressed.

ActivityLog.Resource Message

Description of the main resource activity refers to. For standard, goten-generated actions it’s same as resource assigned to the the method. For custom actions, in some cases, developer may pick however different resource (it is customizable in proto audit spec).

Name Type Description
name string full name of the resource
difference ActivityLog.Resource.Difference difference contains update information of the resource. Left empty if the request described by this activity log did not update the resource.

ActivityLog.Event.ClientMsgEvent Message

Describes client message event

Name Type Description
data .google.protobuf.Any Message contents
time .google.protobuf.Timestamp Time of a message

ActivityLog.Event.RegionalServerMsgEvent Message

Describes message received from server in specific region. This type is used only for requests, which receiving server decided to split across many regions. Each regional server sends own response and executing server is responsible for merging all partial results into one. This type does not show what was sent to the client. TODO: No use case for now, just placeholder, no server implementation

Name Type Description
data .google.protobuf.Any Message contents
time .google.protobuf.Timestamp Time of a message
region_id string Region ID where message comes from.

ActivityLog.Event.ServerMsgEvent Message

Describes server message event

Name Type Description
data .google.protobuf.Any Message contents
time .google.protobuf.Timestamp Time of a message

ActivityLog.Event.RegionalExitEvent Message

Describes exit code received from server in specific region. This type is used only for requests, which receiving server decided to split across many regions. Each regional server sends own response and executing server is responsible for merging all partial results into one. IT does not contain status actually sent to the client. TODO: No use case for now, just placeholder, no server implementation

Name Type Description
status Status Final status of a request for given region
time .google.protobuf.Timestamp Time when request finished
region_id string Region ID where status comes from

ActivityLog.Event.ExitEvent Message

Describes exit event (request finished)

Name Type Description
status Status Final status of a request
time .google.protobuf.Timestamp Time when request finished

ActivityLog.Resource.Difference Message

Describes changes (in database) executed on the resource.

Name Type Description
fields .google.protobuf.FieldMask List of updated field paths (which are either marked as a state or spec fields). Proper, actual values are stored in “before” and “after” fields. Populated only for updating requests.
before .google.protobuf.Any State of the resource before update. Note that “before” object contains only values of fields present in “fields”. It does not contain whole resource as it was before the update.
after .google.protobuf.Any State of the resource after update. Note that “after” object contains only values of fields present in “fields”. It does not contain whole resource as it is after the update.

ListActivityLogsRequest Message

A request message of the ListActivityLogs method.

It returns activities for specified time range and within specified filter. Activity logs are stored only in region which executed them and never duplicated. Because of that its important to pay attention to region IDs in a request object.

Basic supported filters are:

  • –filter ‘service.name=[SERVICE_NAME]’ (what is happening in this service)
  • –filter ‘service.name=[SERVICE_NAME] and method.type=[METHOD_NAME]’ (what is happening for this API call)
  • –filter ‘authentication.principal=[PRINCIPAL_NAME]’ (what that person is doing)
  • –filter ‘request_id=[REQUEST_ID]’ (I have request ID, what is actually this?)
  • –filter ‘service.name=[SERVICE_NAME] and resource.name=[FULL_RESOURCE_NAME]’ (can I see activities on this resource?)

Its also possible to filter logs by their region of activity, by using field service.region_id in a filter field. It’s important to note that logs may be present in multiple locations, if request was routed somewhere else or split and merged across many regions. Those activity logs may have different activity log names, but they will share same values in fields request_id and request_routing.

Be aware, that server will append scope filter condition (and scope=…) to the filter. Scope(s) will be extracted from fields parents in ListActivityLogsRequest object. Note you can query for multiple at once, both projects and organizations.

For all of the above filters you can replace filter condition compare (=) with IN operator. You can therefore query for multiple services, methods or users at once. Above filters are also preferred as we have optimization for them.

Activity logs can be filtered by custom labels (field labels in ActivityLog). Labels are defined per each API method, so you must specify service.name and method.type conditions to be able to query by labels.

For example, suppose you have a CreateVM method, which creates resource “VM”. Suppose there is a field “group” within resource body, which is reference to other resource. If you want to make a query like “who was creating VMs for that group”, then you need to create label “group” inside resource body. Then you will be able to make a query with following filter condition:

--filter 'service.name="vms.domain.com" and \
          method.type=CreateVM and \
          labels.group=mySpecialVMGroup'

Be aware, that Create/Update requests, which have resource object in their own bodies, will automatically inherit resource labels. So, basically you need to define “group” label in resource spec, not inside request. This is useful, as both Create/Update methods will have this label. This also allows code-gen to continue maintaining *derived.proto files.

Examples of usage (with cuttle - we are interested only in one region and scope):

  • Checks connections to all devices within ssh-demo project starting from 8th of September 12 UTC time

    cuttle audit query activity-log --parents 'projects/ssh-demo' \
  --filter 'service.name="devices.edgelq.com" and \
            method.type="ConnectToDevice" and \
            service.regionId="us-west"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks connections to device demo-device within ssh-demo project starting from 8th of September 12 UTC time

    cuttle audit query activity-log --parents 'projects/ssh-demo' \
  --filter 'service.name="devices.edgelq.com" and \
            method.type="ConnectToDevice" and \
            service.regionId="us-west" and \
            resource.name="projects/ssh-demo/devices/demo-device"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks what is happening within whole iam service for project demo starting from 8th of September 12 UTC time

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'service.name="iam.edgelq.com"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks activities within one hour for whole iam service for selected methods

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'service.name="iam.edgelq.com" and \
            method.type IN ["CreateRoleBinding", "UpdateRoleBinding", \
            "DeleteRoleBinding"] and \
            service.regionId="us-west"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z",
               "endTime":"2020-09-08T13:00:00Z"}' \
  -o json

  • Checks modification of RoleBinding

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'service.name="iam.edgelq.com" and \
            method.type="UpdateRoleBinding" and \
            labels.resource_name="projects/x/roleBindings/myRB"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks what was happening with some device

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'service.name="devices.edgelq.com" and \
            resource.name="projects/x/devices/myDevice" and \
            service.regionId="us-west"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks activities made by specific user (we need their email)

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'authentication.principal="user:we.know.who@domain.com" and \
            service.regionId="us-west"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks activities made by specific service account (we need it’s email)

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'authentication.principal="serviceAccount:sa@domain.com" and \
            service.regionId="us-west"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json
Name Type Description
parents repeated string (parent name of ActivityLog) Parent references of ntt.audit.v1.ActivityLog - provides list of all scopes we want to query about
filter string (filter of ActivityLog) A audit filter that specifies which activity logs should be returned
interval TimeInterval The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.
page_size int32 Cap on a number of activity logs to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit. Results will be adjusted to the “end time” taken from interval field (adjusted also by page_token if provided).
page_token string Token which identifies next page with further results. Token should be taken from [ListActivityLogsResponse.next_page_token][ntt.audit.v1.ListActivityLogsResponse.next_page_token].

ListActivityLogsResponse Message

A response message of the ListActivityLogs method.

Name Type Description
activity_logs repeated ActivityLog One or more activity method logs that match the filter included in the request. Contains results from all queried regions. Its possible however that some logs may be missing, for this see execution_errors.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the response data returned to be incomplete. Because logs are stored only locally (for each region), all activity log queries are split and merged by a receiving request server according to the queried regions. Its possible that some regions will fail when request is redirected to them, but others not. For each failed region, one execution error will be appended. In each ntt.rpc.Status message, fields code and message will contain error obtained from failed regional server, while field details will contain always one item and this item will be of type ErrorDetails.

ListActivityLogsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreateActivityLogsRequest Message

A request message of the CreateActivityLogs method.

Name Type Description
activity_logs repeated ActivityLog List of activity logs to be added to service. Can be coming from different scopes but must be submitted to the same region and service.

CreateActivityLogsResponse Message

A response message of the CreateActivityLogs nmethod.

Name Type Description
log_names repeated string (name of ActivityLog) Activity log names - one name per each activity log, in same order as in the request

ActivityLog Enumerations

Here is the list of ActivityLog resource enumerations:

ActivityLog.Category Enumeration

Activity log category. Each activity log basically describes read or write action, optionally describes other “operation” type.

Name Description
Undefined Undefined, should never be used
Operation Describes all requests that involved execution of some special operation, for example, SSH connection could be put in this category. It’s for requests that cannot be classified clearly as a read or write.
Creation Describes all requests that involved creation of a new resource.
Deletion Describes all requests which involved deletion of an existing resource.
SpecUpdate Describes all update requests that changed specification fields in an existing resource(s).
StateUpdate Describes all update requests that changed state fields in an existing resource(s) (but not specification).
MetaUpdate Describes all update requests that are neither of SpecUpdate or StateUpdate type. It is for non-significant updates like modification of metadata annotations.
Internal Describes an internal update of the system (like controller creating role binding for each group member for each role assigned to group). It includes all CUD requests as long as they are result of an internal system balancing.
Rejected Describes request that has been rejected and therefore no action has happened. This is result of lack of permission/authentication.
ClientError Describes request that has failed due to client error (like validation error)
ServerError Describes request that has failed due to server issue.
Read Describes any read request (like BatchGet, Get, List, Watch).

AuditedResourceDescriptor Resource

AuditedResourceDescriptor Resource

Name patterns:

  • services/{service}/auditedResourceDescriptors/{audited_resource_descriptor}

Parent resources:

This section covers the methods and messages to interact with AuditedResourceDescriptor resource.

AuditedResourceDescriptor Methods

Here is the list of AuditedResourceDescriptor resource methods:

GetAuditedResourceDescriptor Method

GetAuditedResourceDescriptor

rpc GetAuditedResourceDescriptor(GetAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.get

The equivalent REST API is:

GET /v1/{name=services/*/auditedResourceDescriptors/*}

BatchGetAuditedResourceDescriptors Method

BatchGetAuditedResourceDescriptors

rpc BatchGetAuditedResourceDescriptors(BatchGetAuditedResourceDescriptorsRequest) returns (BatchGetAuditedResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.batchGet

The equivalent REST API is:

GET /v1/auditedResourceDescriptors:batchGet

ListAuditedResourceDescriptors Method

ListAuditedResourceDescriptors

rpc ListAuditedResourceDescriptors(ListAuditedResourceDescriptorsRequest) returns (ListAuditedResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.list

The equivalent REST API is:

GET /v1/{parent=services/*}/auditedResourceDescriptors

WatchAuditedResourceDescriptor Method

WatchAuditedResourceDescriptor

rpc WatchAuditedResourceDescriptor(WatchAuditedResourceDescriptorRequest) returns (WatchAuditedResourceDescriptorResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.watch

The equivalent REST API is:

POST /v1/{name=services/*/auditedResourceDescriptors/*}:watch

WatchAuditedResourceDescriptors Method

WatchAuditedResourceDescriptors

rpc WatchAuditedResourceDescriptors(WatchAuditedResourceDescriptorsRequest) returns (WatchAuditedResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/auditedResourceDescriptors:watch

CreateAuditedResourceDescriptor Method

CreateAuditedResourceDescriptor

rpc CreateAuditedResourceDescriptor(CreateAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.create

The equivalent REST API is:

POST /v1/{parent=services/*}/auditedResourceDescriptors (BODY: audited_resource_descriptor)

UpdateAuditedResourceDescriptor Method

UpdateAuditedResourceDescriptor

rpc UpdateAuditedResourceDescriptor(UpdateAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.update

The equivalent REST API is:

PUT /v1/{audited_resource_descriptor.name=services/*/auditedResourceDescriptors/*} (BODY: audited_resource_descriptor)

DeleteAuditedResourceDescriptor Method

DeleteAuditedResourceDescriptor

rpc DeleteAuditedResourceDescriptor(DeleteAuditedResourceDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/auditedResourceDescriptors/*}

AuditedResourceDescriptor Messages

Here is the list of AuditedResourceDescriptor resource messages:

AuditedResourceDescriptor Message

Name Type Description
name string (name of AuditedResourceDescriptor) Name of AuditedResourceDescriptor
display_name string Optional. A concise name for the audited object type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.
description string Optional. A detailed description of the audited object type that might be used in documentation.
labels repeated LabelDescriptor Required. A set of labels used to describe instances of this audited resource type. For example, for “RoleBinding” we can define name+member. This can allow us to make query like “who allowed user X to do those things?”
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.
versions repeated string List of API versions which define this resource
spec_fields repeated string List of spec fields
state_fields repeated string List of state fields
meta_fields repeated string List of meta fields
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).

GetAuditedResourceDescriptorRequest Message

A request message of the GetAuditedResourceDescriptor method.

Name Type Description
name string (name of AuditedResourceDescriptor) Name of ntt.audit.v1.AuditedResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAuditedResourceDescriptorsRequest Message

A request message of the BatchGetAuditedResourceDescriptors method.

Name Type Description
names repeated string (name of AuditedResourceDescriptor) Names of AuditedResourceDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAuditedResourceDescriptorsResponse Message

A response message of the BatchGetAuditedResourceDescriptors method.

Name Type Description
audited_resource_descriptors repeated AuditedResourceDescriptor found AuditedResourceDescriptors
missing repeated string (name of AuditedResourceDescriptor) list of not found AuditedResourceDescriptors

ListAuditedResourceDescriptorsRequest Message

A request message of the ListAuditedResourceDescriptors method.

Name Type Description
parent string (parent name of AuditedResourceDescriptor) Parent name of ntt.audit.v1.AuditedResourceDescriptor
page_size int32 Requested page size. Server may return fewer AuditedResourceDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AuditedResourceDescriptor) A token identifying a page of results the server should return. Typically, this is the value of ListAuditedResourceDescriptorsResponse.next_page_token.
order_by string (orderBy of AuditedResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AuditedResourceDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAuditedResourceDescriptorsResponse Message

A response message of the ListAuditedResourceDescriptors method.

Name Type Description
audited_resource_descriptors repeated AuditedResourceDescriptor The list of AuditedResourceDescriptors
prev_page_token string (cursor of AuditedResourceDescriptor) A token to retrieve previous page of results. Pass this value in the ListAuditedResourceDescriptorsRequest.page_token.
next_page_token string (cursor of AuditedResourceDescriptor) A token to retrieve next page of results. Pass this value in the ListAuditedResourceDescriptorsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AuditedResourceDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAuditedResourceDescriptorRequest Message

A request message of the WatchAuditedResourceDescriptor method.

Name Type Description
name string (name of AuditedResourceDescriptor) Name of ntt.audit.v1.AuditedResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAuditedResourceDescriptorResponse Message

A response message of the WatchAuditedResourceDescriptor method.

Name Type Description
change AuditedResourceDescriptorChange

WatchAuditedResourceDescriptorsRequest Message

A request message of the WatchAuditedResourceDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AuditedResourceDescriptor) Parent name of ntt.audit.v1.AuditedResourceDescriptor
page_size int32 Requested page size. Server may return fewer AuditedResourceDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AuditedResourceDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AuditedResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AuditedResourceDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AuditedResourceDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AuditedResourceDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAuditedResourceDescriptorsResponse Message

A response message of the WatchAuditedResourceDescriptors method.

Name Type Description
audited_resource_descriptor_changes repeated AuditedResourceDescriptorChange Changes of AuditedResourceDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AuditedResourceDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAuditedResourceDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AuditedResourceDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAuditedResourceDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AuditedResourceDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of AuditedResourceDescriptor) New token to retrieve next page of results.

CreateAuditedResourceDescriptorRequest Message

A request message of the CreateAuditedResourceDescriptor method.

Name Type Description
parent string (parent name of AuditedResourceDescriptor) Parent name of ntt.audit.v1.AuditedResourceDescriptor
audited_resource_descriptor AuditedResourceDescriptor AuditedResourceDescriptor resource body
response_mask CreateAuditedResourceDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAuditedResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAuditedResourceDescriptorRequest Message

A request message of the UpdateAuditedResourceDescriptor method.

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor AuditedResourceDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAuditedResourceDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAuditedResourceDescriptorRequest.ResponseMask reduce message response size.

UpdateAuditedResourceDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AuditedResourceDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAuditedResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAuditedResourceDescriptorRequest Message

A request message of the DeleteAuditedResourceDescriptor method.

Name Type Description
name string (name of AuditedResourceDescriptor) Name of ntt.audit.v1.AuditedResourceDescriptor
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MethodDescriptor Resource

MethodDescriptor Resource

Name patterns:

  • services/{service}/methodDescriptors/{method_descriptor}

Parent resources:

This section covers the methods and messages to interact with MethodDescriptor resource.

MethodDescriptor Methods

Here is the list of MethodDescriptor resource methods:

GetMethodDescriptor Method

GetMethodDescriptor

rpc GetMethodDescriptor(GetMethodDescriptorRequest) returns (MethodDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.get

The equivalent REST API is:

GET /v1/{name=services/*/methodDescriptors/*}

BatchGetMethodDescriptors Method

BatchGetMethodDescriptors

rpc BatchGetMethodDescriptors(BatchGetMethodDescriptorsRequest) returns (BatchGetMethodDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.batchGet

The equivalent REST API is:

GET /v1/methodDescriptors:batchGet

ListMethodDescriptors Method

ListMethodDescriptors

rpc ListMethodDescriptors(ListMethodDescriptorsRequest) returns (ListMethodDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.list

The equivalent REST API is:

GET /v1/{parent=services/*}/methodDescriptors

WatchMethodDescriptor Method

WatchMethodDescriptor

rpc WatchMethodDescriptor(WatchMethodDescriptorRequest) returns (WatchMethodDescriptorResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.watch

The equivalent REST API is:

POST /v1/{name=services/*/methodDescriptors/*}:watch

WatchMethodDescriptors Method

WatchMethodDescriptors

rpc WatchMethodDescriptors(WatchMethodDescriptorsRequest) returns (WatchMethodDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/methodDescriptors:watch

CreateMethodDescriptor Method

CreateMethodDescriptor

rpc CreateMethodDescriptor(CreateMethodDescriptorRequest) returns (MethodDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.create

The equivalent REST API is:

POST /v1/{parent=services/*}/methodDescriptors (BODY: method_descriptor)

UpdateMethodDescriptor Method

UpdateMethodDescriptor

rpc UpdateMethodDescriptor(UpdateMethodDescriptorRequest) returns (MethodDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.update

The equivalent REST API is:

PUT /v1/{method_descriptor.name=services/*/methodDescriptors/*} (BODY: method_descriptor)

DeleteMethodDescriptor Method

DeleteMethodDescriptor

rpc DeleteMethodDescriptor(DeleteMethodDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/methodDescriptors/*}

MethodDescriptor Messages

Here is the list of MethodDescriptor resource messages:

MethodDescriptor Message

Name Type Description
name string (name of MethodDescriptor) Name of MethodDescriptor
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Optional. A concise name for the audited object type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.
description string Optional. A detailed description of the audited method type that might be used in documentation.
labels repeated LabelDescriptor A set of labels used to describe instances of this audited method type. For example, for “UpdateRoleBinding” we can define member label. This can allow us to make query like “who tried to give user X permissions to those things?”
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.
versions repeated string List of API versions which define this method

GetMethodDescriptorRequest Message

A request message of the GetMethodDescriptor method.

Name Type Description
name string (name of MethodDescriptor) Name of ntt.audit.v1.MethodDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMethodDescriptorsRequest Message

A request message of the BatchGetMethodDescriptors method.

Name Type Description
names repeated string (name of MethodDescriptor) Names of MethodDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMethodDescriptorsResponse Message

A response message of the BatchGetMethodDescriptors method.

Name Type Description
method_descriptors repeated MethodDescriptor found MethodDescriptors
missing repeated string (name of MethodDescriptor) list of not found MethodDescriptors

ListMethodDescriptorsRequest Message

A request message of the ListMethodDescriptors method.

Name Type Description
parent string (parent name of MethodDescriptor) Parent name of ntt.audit.v1.MethodDescriptor
page_size int32 Requested page size. Server may return fewer MethodDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of MethodDescriptor) A token identifying a page of results the server should return. Typically, this is the value of ListMethodDescriptorsResponse.next_page_token.
order_by string (orderBy of MethodDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of MethodDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMethodDescriptorsResponse Message

A response message of the ListMethodDescriptors method.

Name Type Description
method_descriptors repeated MethodDescriptor The list of MethodDescriptors
prev_page_token string (cursor of MethodDescriptor) A token to retrieve previous page of results. Pass this value in the ListMethodDescriptorsRequest.page_token.
next_page_token string (cursor of MethodDescriptor) A token to retrieve next page of results. Pass this value in the ListMethodDescriptorsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MethodDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchMethodDescriptorRequest Message

A request message of the WatchMethodDescriptor method.

Name Type Description
name string (name of MethodDescriptor) Name of ntt.audit.v1.MethodDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMethodDescriptorResponse Message

A response message of the WatchMethodDescriptor method.

Name Type Description
change MethodDescriptorChange

WatchMethodDescriptorsRequest Message

A request message of the WatchMethodDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of MethodDescriptor) Parent name of ntt.audit.v1.MethodDescriptor
page_size int32 Requested page size. Server may return fewer MethodDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MethodDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MethodDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MethodDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MethodDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MethodDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMethodDescriptorsResponse Message

A response message of the WatchMethodDescriptors method.

Name Type Description
method_descriptor_changes repeated MethodDescriptorChange Changes of MethodDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MethodDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMethodDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MethodDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMethodDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MethodDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of MethodDescriptor) New token to retrieve next page of results.

CreateMethodDescriptorRequest Message

A request message of the CreateMethodDescriptor method.

Name Type Description
parent string (parent name of MethodDescriptor) Parent name of ntt.audit.v1.MethodDescriptor
method_descriptor MethodDescriptor MethodDescriptor resource body
response_mask CreateMethodDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateMethodDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateMethodDescriptorRequest Message

A request message of the UpdateMethodDescriptor method.

Name Type Description
method_descriptor MethodDescriptor MethodDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMethodDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateMethodDescriptorRequest.ResponseMask reduce message response size.

UpdateMethodDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MethodDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMethodDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteMethodDescriptorRequest Message

A request message of the DeleteMethodDescriptor method.

Name Type Description
name string (name of MethodDescriptor) Name of ntt.audit.v1.MethodDescriptor
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ResourceChangeLog Resource

ResourceChangeLog Resource - describes notification of resource change. This log is resource oriented - it strictly is associated with single resource, where service name, resource type and resource name are the strongest attributes.

All resource changes are happening via API calls made to API services. Therefore, each ResourceChangeLog has associated ActivityLog. Relation is 1-N between activity and resource change logs, as one API call can modify multiple resources.

Name patterns:

  • projects/{project}/resourceChangeLogs/{resource_change_log}
  • organizations/{organization}/resourceChangeLogs/{resource_change_log}
  • services/{service}/resourceChangeLogs/{resource_change_log}

Parent resources:

This section covers the methods and messages to interact with ResourceChangeLog resource.

ResourceChangeLog Methods

Here is the list of ResourceChangeLog resource methods:

ListResourceChangeLogs Method

ListResourceChangeLogs

rpc ListResourceChangeLogs(ListResourceChangeLogsRequest) returns (ListResourceChangeLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/resourceChangeLogs.list

The equivalent REST API is:

GET /v1/resourceChangeLogs

CreatePreCommittedResourceChangeLogs Method

CreatePreCommittedResourceChangeLogs

rpc CreatePreCommittedResourceChangeLogs(CreatePreCommittedResourceChangeLogsRequest) returns (CreatePreCommittedResourceChangeLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/resourceChangeLogs.submit

The equivalent REST API is:

POST /v1/resourceChangeLogs

SetResourceChangeLogsCommitState Method

SetResourceChangeLogsCommitState

rpc SetResourceChangeLogsCommitState(SetResourceChangeLogsCommitStateRequest) returns (SetResourceChangeLogsCommitStateResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/resourceChangeLogs.finalize

The equivalent REST API is:

POST /v1/resourceChangeLogs

ResourceChangeLog Messages

Here is the list of ResourceChangeLog resource messages:

ResourceChangeLog Message

Name Type Description
name string (name of ResourceChangeLog) Name of ResourceChangeLog. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope request_id authentication.principal service.name service.region_id resource.name resource.type resource.pre.labels resource.post.labels ID part should not be decoded, but treated as opaque string
scope string Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Supported formats are: - organization/umbrella - projects/mars_exploration - services/devices.edgelq.com
request_id uint64 Unique identifier of request - it must match the one in the associated activity log.
timestamp .google.protobuf.Timestamp Time of the change - equal to request timestamp (activity log)
authentication Authentication Authentication data - informs who made a change
service ServiceData Information about the service
resource ResourceChangeLog.ResourceChange Describes change on the resource
transaction ResourceChangeLog.TransactionInfo Describes state of the transaction

ResourceChangeLog.ResourceChange Message

Description of change on the resource

Name Type Description
name string Fully qualified name of the resource (eg. “RoleBinding/Public”) that has changed from this request (if successful)
type string Name of the resource type for example “RoleBinding”.
action ResourceChangeLog.ResourceChange.Action Action on the resource
updated_fields .google.protobuf.FieldMask Field mask with different fields, populated only for update action types.
previous .google.protobuf.Any Previous values of updated fields. Its populated only if update_fields is provided and for those fields only. It is skipped for deletes.
current .google.protobuf.Any Current values of updated fields in case of update. Whole resource in case of creation, empty in case of deletion.
labels map<string, string> List of query-able labels. They are taken from both before and after resource, but after has higher priority
pre ObjectState State of the resource before change. It is empty if action is CREATE DEPRECATED and not populated for new resources
post ObjectState State of the resource after change. It is empty if action is DELETE DEPRECATED and not populated for new resources

ResourceChangeLog.TransactionInfo Message

Information about transaction where change has been executed

Name Type Description
identifier string unique identifier of the transaction.
try_counter int32 Indicator of try counter. If transaction has been concluded at first try, try_counter will be 1. If on the second try, then number will be 2 (etc).
state ResourceChangeLog.TransactionInfo.State State of the transaction.

ListResourceChangeLogsRequest Message

A request message of the ListResourceChangeLogs method.

It returns resource changes for specified time range, region, scope and filter. Note that resource change logs are Resource oriented, primary object is resource here. Audit monitors resources that have non-custom store.

Note that filter field is mandatory and minimal filters are:

  • –filter ‘service.name=[SERVICE_NAME] and resource.type=[RESOURCE_NAME]’ (what is happening for this resource type)
  • –filter ‘request_id=[REQUEST_ID]’ (which resources were changed by this request_id?)

Be aware that server will append scope filter condition (and scope IN …) to an any of the above filters. All scopes are extracted from parents field in ListResourceChangeLogsRequest body. This ensures that users can view only scopes he/she is allowed to.

For all of the above filters you can replace filter condition compare (=) with IN operator. You can therefore query for multiple services, methods or users at once. Above filters are also preferred as we have optimization for them.

Resource change logs can also be filtered by custom labels (field labels in ResourceChangeLog - pre and post versions). Labels are custom per each API resource - so you must specify service.name and resource.type conditions to enable them. For example, suppose you have a VM resource which contains “group” field, which is a reference to some other resource. If you create label “group” in VM resource spec (in proto model) you can make a following query:

--filter 'service.name=vms.domain.com and \
          resource.type=VM and \
          resource.post.labels.group=projects/P/vmgroups/myGroup'

Examples of usage (with cuttle, we are interested only in one region and scope):

  • Checks activities within one hour for role binding resources

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'service.name="iam.edgelq.com" and \
            resource.type="RoleBinding"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z",
  "endTime":"2020-09-08T13:00:00Z"}' \ -o json

  • Checks modification of specific RoleBinding

    cuttle audit query activity-log --parents 'projects/demo' \
  --filter 'service.name="iam.edgelq.com" and \
            resource.type="RoleBinding" and \
            resource.name="projects/x/roleBindings/myRB"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json

  • Checks changes on resource RoleBinding made by specific user (we need their email)

    cuttle audit query resource-change-log --parents 'projects/demo' \
  --filter 'service.name="iam.edgelq.com" and \
            resource.type="RoleBinding" and \
            authentication.principal="user:we.know.who@domain.com"' \
  --interval '{"startTime":"2020-09-08T12:00:00Z"}' \
  -o json
Name Type Description
parents repeated string (parent name of ResourceChangeLog) Parent names of ntt.audit.v1.ResourceChangeLog
filter string (filter of ResourceChangeLog) A audit filter that specifies which resource change logs should be returned
interval TimeInterval The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.
page_size int32 Cap on a number of resource change logs to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit. Results will be adjusted to the “end time” taken from interval field (adjusted also by page_token if provided).
page_token string Token which identifies next page with further results. Token should be taken from ListResourceChangeLogsResponse [ListResourceChangeLogsResponse.next_page_token][ntt.audit.v1.ListResourceChangeLogsResponse.next_page_token].

ListResourceChangeLogsResponse Message

A response message of the ListResourceChangeLogs method.

Creates resource change log.

This request should not be used by regular users - only API services should be able to submit resource change logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Name Type Description
resource_change_logs repeated ResourceChangeLog One or more resource change logs that match the filter included in the request. Contains results from all queried regions. Its possible however that some logs may be missing, for this see execution_errors.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the response data returned to be incomplete. Because logs are stored only locally (for each region), all resource change log queries are split and merged by a receiving request server according to the queried regions. Its possible that some regions will fail when request is redirected to them, but others not. For each failed region, one execution error will be appended. In each ntt.rpc.Status message, fields code and message will contain error obtained from failed regional server, while field details will contain always one item and this item will be of type ErrorDetails.

ListResourceChangeLogsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreatePreCommittedResourceChangeLogsRequest Message

A request message of the CreatePreCommittedResourceChangeLogs method.

Name Type Description
request_id uint64 ID of the request - must be same as the one used in activity logs
timestamp .google.protobuf.Timestamp Time of the request
authentication Authentication Authentication data - informs who made a change
service ServiceData Information about the service
transaction ResourceChangeLog.TransactionInfo Information about transaction
changes repeated ResourceChangeLog.ResourceChange List of changes

CreatePreCommittedResourceChangeLogsResponse Message

A response message of the CreatePreCommittedResourceChangeLogs method.

Name Type Description
log_keys repeated bytes Resource change log keys - one key per each resource change, in same order

SetResourceChangeLogsCommitStateRequest Message

A request message of the SetResourceChangeLogsCommitState method.

Name Type Description
log_keys repeated bytes list of resource change log keys.
service ServiceData Information about the service - must be same as before, used for authorization purpose
timestamp .google.protobuf.Timestamp Time of the request - must be same as in CreatePreCommittedResourceChangeLogsRequest
tx_result ResourceChangeLog.TransactionInfo.State final state of the transaction - must be COMMITTED or ROLLED_BACK

SetResourceChangeLogsCommitStateResponse Message

A response message of the SetResourceChangeLogsCommitState method.

Name Type Description
none none none

ResourceChangeLog Enumerations

Here is the list of ResourceChangeLog resource enumerations:

ResourceChangeLog.ResourceChange.Action Enumeration

Type of change

Name Description
UNDEFINED to avoid blank item when printing logs
CREATE Resource has been created
DELETE Resource has been deleted
SPEC_UPDATE Update contains spec fields
STATE_UPDATE Update contains state fields, but not spec
META_UPDATE Update contains neither spec or state fields.
UPDATE UPDATE is deprecated in favor of specific update types.

ResourceChangeLog.TransactionInfo.State Enumeration

State of the transaction.

Name Description
UNDEFINED
PRE_COMMITTED Indicates that this change did not happen - it is just proposal of the change. Such a log should be followed by another ResourceChangeLog with value COMMITTED or ROLLED_BACK. If one transaction has been retried multiple times, then there may be multiple records with PRE_COMMITTED, last record should indicate final transaction state.
COMMITTED Indicates change has been committed successfully.
ROLLED_BACK Indicates that change did not happen. Log of this type should be treated as attempt of change.

Audit Service Shared Methods and Messages

Audit Service Shared Messages

Here is the list of Audit service shared messages:

AuditedResourceDescriptorChange Message

AuditedResourceDescriptorChange is used by Watch notifications Responses to describe change of single AuditedResourceDescriptor One of Added, Modified, Removed

Name Type Description
added AuditedResourceDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified AuditedResourceDescriptorChange.Modified Modified is returned when watched document is modified
current AuditedResourceDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AuditedResourceDescriptorChange.Removed Removed is returned when AuditedResourceDescriptor is deleted or leaves Query view

AuditedResourceDescriptorChange.Added Message

AuditedResourceDescriptor has been added to query view

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor
view_index int32 Integer describing index of added AuditedResourceDescriptor in resulting query view.

AuditedResourceDescriptorChange.Current Message

AuditedResourceDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor

AuditedResourceDescriptorChange.Modified Message

AuditedResourceDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AuditedResourceDescriptor) Name of modified AuditedResourceDescriptor
audited_resource_descriptor AuditedResourceDescriptor New version of AuditedResourceDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchAuditedResourceDescriptorRequest] or [WatchAuditedResourceDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AuditedResourceDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AuditedResourceDescriptor new index in resulting query view.

AuditedResourceDescriptorChange.Removed Message

Removed is returned when AuditedResourceDescriptor is deleted or leaves Query view

Name Type Description
name string (name of AuditedResourceDescriptor)
view_index int32 Integer specifying removed AuditedResourceDescriptor index. Not populated in stateless watch type.

Authentication Message

Information about authorized principal who sent a request

Name Type Description
principal string Name of the principal, for example: “user:our_new_admin@example.com
principal_type string Principal type - user, serviceAccount, anonymous

Authorization Message

Information about authorization applicable for a request.

Name Type Description
granted_permissions repeated string List of permissions that were granted
denied_permissions repeated string List of permissions that were denied

LabelDescriptor Message

Name Type Description
key string The label key.
versions repeated string List of versions where label is supported

LabelKeySet Message

LabelKeySet is used for defining PromotedLabelKeySets on Object descriptors

Name Type Description
label_keys repeated string
versions repeated string List of versions where label set is supported

MethodDescriptorChange Message

MethodDescriptorChange is used by Watch notifications Responses to describe change of single MethodDescriptor One of Added, Modified, Removed

Name Type Description
added MethodDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified MethodDescriptorChange.Modified Modified is returned when watched document is modified
current MethodDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MethodDescriptorChange.Removed Removed is returned when MethodDescriptor is deleted or leaves Query view

MethodDescriptorChange.Added Message

MethodDescriptor has been added to query view

Name Type Description
method_descriptor MethodDescriptor
view_index int32 Integer describing index of added MethodDescriptor in resulting query view.

MethodDescriptorChange.Current Message

MethodDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
method_descriptor MethodDescriptor

MethodDescriptorChange.Modified Message

MethodDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MethodDescriptor) Name of modified MethodDescriptor
method_descriptor MethodDescriptor New version of MethodDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMethodDescriptorRequest] or [WatchMethodDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MethodDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MethodDescriptor new index in resulting query view.

MethodDescriptorChange.Removed Message

Removed is returned when MethodDescriptor is deleted or leaves Query view

Name Type Description
name string (name of MethodDescriptor)
view_index int32 Integer specifying removed MethodDescriptor index. Not populated in stateless watch type.

ObjectState Message

State of the object - can be resource, request or response. DEPRECATED

Name Type Description
data .google.protobuf.Any Object data
labels map<string, string> Values for all of the labels listed in the associated audited object descriptor - they are extracted from protobuf object and used for filtering

ServiceData Message

Information about service processing a request

Name Type Description
name string Fully qualified service name executing a request
region_id string Region of the service handling this request.
hostname string Server hostname handling this request.

TimeInterval Message

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Name Type Description
end_time .google.protobuf.Timestamp Optional - end of the time interval. If not provided, current time will be assumed.
start_time .google.protobuf.Timestamp Required. The beginning of the time interval. The start time must not be later than the end time.

3.2 -

Understanding the audit.edgelq.com service APIv1alpha2, in proto package ntt.audit.v1alpha2.

Service audit.edgelq.com in version v1alpha2, proto package ntt.audit.v1alpha2

Here is the list of resources supported in Audit service APIv1alpha2:

ActivityLog Resource

ActivityLog Resource - describes notification of activity triggered by a request sent to an API service. ActivityLog creation is triggered by an API service when it receives either unary or stream request.

ActivityLog contains messages exchanged between client and server within single API call and finally exit status. ActivityLog is method oriented - service name + method name (for example IAM/CreateRoleBinding) is a leading information.

ActivityLog can have N associated ResourceChangeLog objects, if API call it describes made some changes in a data store. You can combine ActivityLog and ResourceChangeLog by making queries with request_id specified in a filter.

Name patterns:

  • activityLogs/{activity_log}
  • projects/{project}/activityLogs/{activity_log}
  • organizations/{organization}/activityLogs/{activity_log}

Parent resources:

This section covers the methods and messages to interact with ActivityLog resource.

ActivityLog Methods

Here is the list of ActivityLog resource methods:

ListActivityLogs Method

ListActivityLogs

rpc ListActivityLogs(ListActivityLogsRequest) returns (ListActivityLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/activityLogs.list

The equivalent REST API is:

GET /v1alpha2/activityLogs

CreateActivityLogs Method

CreateActivityLogs

rpc CreateActivityLogs(CreateActivityLogsRequest) returns (CreateActivityLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/activityLogs.create

The equivalent REST API is:

POST /v1alpha2/activityLogs (BODY: activity_logs)

ActivityLog Messages

Here is the list of ActivityLog resource messages:

ActivityLog Message

Name Type Description
name string (name of ActivityLog) Name of ActivityLog. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope request_id authentication.principal request_metadata.ip_address request_metadata.user_agent request_routing.via_region request_routing.dest_regions authorization.granted_permissions authorization.denied_permissions service.name service.region_id method.type method.version resource.name resource.difference.fields category labels Key is not to be decoded outside of service, but treated as opaque string
scope string Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Example formats are: - organization/umbrella - projects/mars_exploration - <system>
request_id uint64 Generated ID of the request. Same ID must be used in ResourceChangeLog objects associated with this request.
authentication Authentication Authentication data - informs who made a request
authorization Authorization Authorization data - informs what permissions were granted or denied for associated request
service ServiceData Information about the service
method ActivityLog.Method Information about the method
request_metadata ActivityLog.RequestMetadata Request metadata
request_routing ActivityLog.RequestRouting Request routing
resource ActivityLog.Resource Primary resource for this activity.
category ActivityLog.Category Category of the activity log.
labels map<string, string> List of query-able labels
events repeated ActivityLog.Event List of events attached to this log

ActivityLog.Event Message

Event associated with activity.

Name Type Description
client_message ActivityLog.Event.ClientMsgEvent Client message received event
server_message ActivityLog.Event.ServerMsgEvent Server message sent event
exit ActivityLog.Event.ExitEvent Request finished event
regional_server_message ActivityLog.Event.RegionalServerMsgEvent Server received response from another server (used for split & merge) which describes PARTIAL result to be sent to the client.
regional_exit ActivityLog.Event.RegionalServerMsgEvent Server received exit code from another server (used for split & merge). In case it contains error, its likely final exit will contain this too.

ActivityLog.Method Message

Description of the executed method

Name Type Description
type string Type name of a method, for example “UpdateRoleBinding”.
version string Version in which method was executed.

ActivityLog.RequestMetadata Message

Additional information about request caller

Name Type Description
ip_address string Source IP from where request came
user_agent string Agent used by the request caller

ActivityLog.RequestRouting Message

Additional information regarding request routing. Request can be:

  • Received and executed locally
  • Received and redirected to another region
  • Received, then split across multiple-regions. Responses are merged before sending back to client
Name Type Description
via_region string ID of a region which originally received request, if redirection or split & merge was required
dest_regions repeated string IDs of regions to which request was actually addressed.

ActivityLog.Resource Message

Description of the main resource activity refers to. For standard, goten-generated actions it’s same as resource assigned to the the method. For custom actions, in some cases, developer may pick however different resource (it is customizable in proto audit spec).

Name Type Description
name string full name of the resource
difference ActivityLog.Resource.Difference difference contains update information of the resource. Left empty if the request described by this activity log did not update the resource.

ActivityLog.Event.ClientMsgEvent Message

Describes client message event

Name Type Description
data .google.protobuf.Any Message contents
time .google.protobuf.Timestamp Time of a message

ActivityLog.Event.RegionalServerMsgEvent Message

Describes message received from server in specific region. This type is used only for requests, which receiving server decided to split across many regions. Each regional server sends own response and executing server is responsible for merging all partial results into one. This type does not show what was sent to the client. TODO: No use case for now, just placeholder, no server implementation

Name Type Description
data .google.protobuf.Any Message contents
time .google.protobuf.Timestamp Time of a message
region_id string Region ID where message comes from.

ActivityLog.Event.ServerMsgEvent Message

Describes server message event

Name Type Description
data .google.protobuf.Any Message contents
time .google.protobuf.Timestamp Time of a message

ActivityLog.Event.RegionalExitEvent Message

Describes exit code received from server in specific region. This type is used only for requests, which receiving server decided to split across many regions. Each regional server sends own response and executing server is responsible for merging all partial results into one. IT does not contain status actually sent to the client. TODO: No use case for now, just placeholder, no server implementation

Name Type Description
status Status Final status of a request for given region
time .google.protobuf.Timestamp Time when request finished
region_id string Region ID where status comes from

ActivityLog.Event.ExitEvent Message

Describes exit event (request finished)

Name Type Description
status Status Final status of a request
time .google.protobuf.Timestamp Time when request finished

ActivityLog.Resource.Difference Message

Describes changes (in database) executed on the resource.

Name Type Description
fields .google.protobuf.FieldMask List of updated field paths (which are either marked as a state or spec fields). Proper, actual values are stored in “before” and “after” fields. Populated only for updating requests.
before .google.protobuf.Any State of the resource before update. Note that “before” object contains only values of fields present in “fields”. It does not contain whole resource as it was before the update.
after .google.protobuf.Any State of the resource after update. Note that “after” object contains only values of fields present in “fields”. It does not contain whole resource as it is after the update.

ListActivityLogsRequest Message

Request message for method [ListActivityLogs][ntt.audit.v1alpha2.ListActivityLogs]

Returns activities for specified time range and within specified filter. Activity logs are stored only in region which executed them and never duplicated. Because of that its important to pay attention to region IDs in a request object.

Basic supported filters are:

  • –filter ‘service.name=[SERVICE_NAME]’ (what is happening in this service)
  • –filter ‘service.name=[SERVICE_NAME] and method.type=[METHOD_NAME]’ (what is happening for this API call)
  • –filter ‘authentication.principal=[PRINCIPAL_NAME]’ (what that person is doing)
  • –filter ‘request_id=[REQUEST_ID]’ (I have request ID, what is actually this?)
  • –filter ‘service.name=[SERVICE_NAME] and resource.name=[FULL_RESOURCE_NAME]’ (can I see activities on this resource?)

Its also possible to filter logs by their region of activity - by using field service.region_id in a filter field. Its important to note that logs may be present in multiple locations, if request was routed somewhere else or split & merged across many regions. Those activity logs may have different activity log names, but they will share same values in fields request_id and request_routing.

Be aware, that server will append scope filter condition (and scope=…) to the filter. Scope(s) will be extracted from fields parents in ListActivityLogsRequest object. Note you can query for multiple at once, both projects and organizations.

For all of the above filters you can replace filter condition compare (=) with IN operator. You can therefore query for multiple services, methods or users at once. Above filters are also preferred as we have optimization for them.

Activity logs can be filtered by custom labels (field labels in ActivityLog). Labels are defined per each API method - so you must specify service.name and method.type conditions to be able to query by labels.

For example, suppose you have a CreateVM method, which creates resource “VM”. Suppose there is a field “group” within resource body, which is reference to other resource. If you want to make a query like “who was creating VMs for that group”, then you need to create label “group” inside resource body. Then you will be able to make a query with following filter condition: –filter ‘service.name=vms.domain.com and method.type=CreateVM and labels.group=mySpecialVMGroup’.

Be aware, that Create/Update requests, which have resource object in their own bodies, will automatically inherit resource labels. So, basically you need to define “group” label in resource spec, not inside request. This is useful, as both Create/Update methods will have this label. This also allows code-gen to continue maintaining *derived.proto files.

Examples of usage (with cuttle - we are interested only in one region and scope):

  • Checks connections to all devices within ssh-demo project starting from 8th of September 12 UTC time

$ cuttle audit query activity-log –parents ‘project/ssh-demo’ –filter ‘service.name=“devices.edgelq.com” and method.type=“ConnectToDevice” and service.regionId=“us-west”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

*Checks connections to device demo-device within ssh-demo project starting from 8th of September 12 UTC time

$ cuttle audit query activity-log –parents ‘project/ssh-demo’ –filter ‘service.name=“devices.edgelq.com” and method.type=“ConnectToDevice” and service.regionId=“us-west” and resource.name=“projects/ssh-demo/devices/demo-device”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

  • Checks what is happening within whole iam service for project demo starting from 8th of September 12 UTC time

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘service.name=“iam.edgelq.com” and service.regionId=“us-west”’ –filter ‘service.name=“iam.edgelq.com”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

  • Checks activities within one hour for whole iam service for selected methods

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘service.name=“iam.edgelq.com” and method.type IN [“CreateRoleBinding”, “UpdateRoleBinding”, “DeleteRoleBinding”] and service.regionId=“us-west”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”, “endTime”:“2020-09-08T13:00:00Z”}’ -o json

  • Checks modification of RoleBinding

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘service.name=“iam.edgelq.com” and method.type=“UpdateRoleBinding” and labels.resource_name=“projects/x/roleBindings/myRB”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

  • Checks what was happening with some device

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘service.name=“devices.edgelq.com” and resource.name=“projects/x/devices/myDevice” and service.regionId=“us-west”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

  • Checks activities made by specific user (we need their email)

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘authentication.principal=“user:we.know.who@domain.com” and service.regionId=“us-west”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

  • Checks activities made by specific service account (we need it’s email)

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘authentication.principal=“serviceAccount:myServiceAccount@domain.com” and service.regionId=“us-west”’

Name Type Description
parents repeated string (parent name of ActivityLog) Parent references of ntt.audit.v1alpha2.ActivityLog - provides list of all scopes we want to query about
filter string (filter of ActivityLog) A audit filter that specifies which activity logs should be returned
interval TimeInterval The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.
page_size int32 Cap on a number of activity logs to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit. Results will be adjusted to the “end time” taken from interval field (adjusted also by page_token if provided).
page_token string Token which identifies next page with further results. Token should be taken from [ListActivityLogsResponse.next_page_token][ntt.audit.v1alpha2.ListActivityLogsResponse.next_page_token].

ListActivityLogsResponse Message

Response message for method [ListActivityLogs][ntt.audit.v1alpha2.ListActivityLogs]

Name Type Description
activity_logs repeated ActivityLog One or more activity method logs that match the filter included in the request. Contains results from all queried regions. Its possible however that some logs may be missing, for this see execution_errors.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the response data returned to be incomplete. Because logs are stored only locally (for each region), all activity log queries are split and merged by a receiving request server according to the queried regions. Its possible that some regions will fail when request is redirected to them, but others not. For each failed region, one execution error will be appended. In each ntt.rpc.Status message, fields code and message will contain error obtained from failed regional server, while field details will contain always one item and this item will be of type ErrorDetails.

ListActivityLogsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreateActivityLogsRequest Message

Request message for method [CreateActivityLogs][ntt.audit.v1alpha2.CreateActivityLogs]

Creates many activity logs at once - or appends existing, if some of the activity logs already exist (their name is already known).

This request should not be used by regular users - only API services should be able to submit activity logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Name Type Description
activity_logs repeated ActivityLog List of activity logs to be added to service. Can be coming from different scopes but must be submitted to the same region.

CreateActivityLogsResponse Message

Response message for method [CreateActivityLogs][ntt.audit.v1alpha2.CreateActivityLogs]

Name Type Description
log_names repeated string (name of ActivityLog) Activity log names - one name per each activity log, in same order as in the request

ActivityLog Enumerations

Here is the list of ActivityLog resource enumerations:

ActivityLog.Category Enumeration

Activity log category. Each activity log basically describes read or write action, optionally describes other “operation” type.

Name Description
Undefined Undefined, should never be used
Operation Describes all requests that involved execution of some special operation, for example, SSH connection could be put in this category. It’s for requests that cannot be classified clearly as a read or write.
Creation Describes all requests that involved creation of a new resource.
Deletion Describes all requests which involved deletion of an existing resource.
SpecUpdate Describes all update requests that changed specification fields in an existing resource(s).
StateUpdate Describes all update requests that changed state fields in an existing resource(s) (but not specification).
MetaUpdate Describes all update requests that are neither of SpecUpdate or StateUpdate type. It is for non-significant updates like modification of metadata annotations.
Internal Describes an internal update of the system (like controller creating role binding for each group member for each role assigned to group). It includes all CUD requests as long as they are result of an internal system balancing.
Rejected Describes request that has been rejected and therefore no action has happened. This is result of lack of permission/authentication.
ClientError Describes request that has failed due to client error (like validation error)
ServerError Describes request that has failed due to server issue.
Read Describes any read request (like BatchGet, Get, List, Watch).

AuditedResourceDescriptor Resource

AuditedResourceDescriptor Resource

Name patterns:

  • auditedResourceDescriptors/{audited_resource_descriptor}

This section covers the methods and messages to interact with AuditedResourceDescriptor resource.

AuditedResourceDescriptor Methods

Here is the list of AuditedResourceDescriptor resource methods:

GetAuditedResourceDescriptor Method

GetAuditedResourceDescriptor

rpc GetAuditedResourceDescriptor(GetAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.get

The equivalent REST API is:

GET /v1alpha2/{name=auditedResourceDescriptors/*}

BatchGetAuditedResourceDescriptors Method

BatchGetAuditedResourceDescriptors

rpc BatchGetAuditedResourceDescriptors(BatchGetAuditedResourceDescriptorsRequest) returns (BatchGetAuditedResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.batchGet

The equivalent REST API is:

GET /v1alpha2/auditedResourceDescriptors:batchGet

ListAuditedResourceDescriptors Method

ListAuditedResourceDescriptors

rpc ListAuditedResourceDescriptors(ListAuditedResourceDescriptorsRequest) returns (ListAuditedResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.list

The equivalent REST API is:

GET /v1alpha2/auditedResourceDescriptors

WatchAuditedResourceDescriptor Method

WatchAuditedResourceDescriptor

rpc WatchAuditedResourceDescriptor(WatchAuditedResourceDescriptorRequest) returns (WatchAuditedResourceDescriptorResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.watch

The equivalent REST API is:

POST /v1alpha2/{name=auditedResourceDescriptors/*}:watch

WatchAuditedResourceDescriptors Method

WatchAuditedResourceDescriptors

rpc WatchAuditedResourceDescriptors(WatchAuditedResourceDescriptorsRequest) returns (WatchAuditedResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.watch

The equivalent REST API is:

POST /v1alpha2/auditedResourceDescriptors:watch

CreateAuditedResourceDescriptor Method

CreateAuditedResourceDescriptor

rpc CreateAuditedResourceDescriptor(CreateAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.create

The equivalent REST API is:

POST /v1alpha2/auditedResourceDescriptors (BODY: audited_resource_descriptor)

UpdateAuditedResourceDescriptor Method

UpdateAuditedResourceDescriptor

rpc UpdateAuditedResourceDescriptor(UpdateAuditedResourceDescriptorRequest) returns (AuditedResourceDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/auditedResourceDescriptors.update

The equivalent REST API is:

PUT /v1alpha2/{audited_resource_descriptor.name=auditedResourceDescriptors/*} (BODY: audited_resource_descriptor)

AuditedResourceDescriptor Messages

Here is the list of AuditedResourceDescriptor resource messages:

AuditedResourceDescriptor Message

Name Type Description
name string (name of AuditedResourceDescriptor) Name of AuditedResourceDescriptor - contains service name and resource type name, separated by ‘/’ sign. Example name: “iam.edgelq.com/RoleBinding”
display_name string Optional. A concise name for the audited object type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.
description string Optional. A detailed description of the audited object type that might be used in documentation.
labels repeated LabelDescriptor Required. A set of labels used to describe instances of this audited resource type. For example, for “RoleBinding” we can define name+member. This can allow us to make query like “who allowed user X to do those things?”
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.
versions repeated string List of API versions which define this resource
spec_fields repeated string List of spec fields
state_fields repeated string List of state fields
meta_fields repeated string List of meta fields
metadata Meta Metadata

GetAuditedResourceDescriptorRequest Message

A request message of the GetAuditedResourceDescriptor method.

Name Type Description
name string (name of AuditedResourceDescriptor) Name of ntt.audit.v1alpha2.AuditedResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAuditedResourceDescriptorsRequest Message

A request message of the BatchGetAuditedResourceDescriptors method.

Name Type Description
names repeated string (name of AuditedResourceDescriptor) Names of AuditedResourceDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAuditedResourceDescriptorsResponse Message

A response message of the BatchGetAuditedResourceDescriptors method.

Name Type Description
audited_resource_descriptors repeated AuditedResourceDescriptor found AuditedResourceDescriptors
missing repeated string (name of AuditedResourceDescriptor) list of not found AuditedResourceDescriptors

ListAuditedResourceDescriptorsRequest Message

A request message of the ListAuditedResourceDescriptors method.

Name Type Description
page_size int32 Requested page size. Server may return fewer AuditedResourceDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AuditedResourceDescriptor) A token identifying a page of results the server should return. Typically, this is the value of ListAuditedResourceDescriptorsResponse.next_page_token.
order_by string (orderBy of AuditedResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AuditedResourceDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAuditedResourceDescriptorsResponse Message

A response message of the ListAuditedResourceDescriptors method.

Name Type Description
audited_resource_descriptors repeated AuditedResourceDescriptor The list of AuditedResourceDescriptors
prev_page_token string (cursor of AuditedResourceDescriptor) A token to retrieve previous page of results. Pass this value in the ListAuditedResourceDescriptorsRequest.page_token.
next_page_token string (cursor of AuditedResourceDescriptor) A token to retrieve next page of results. Pass this value in the ListAuditedResourceDescriptorsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AuditedResourceDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAuditedResourceDescriptorRequest Message

A request message of the WatchAuditedResourceDescriptor method.

Name Type Description
name string (name of AuditedResourceDescriptor) Name of ntt.audit.v1alpha2.AuditedResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAuditedResourceDescriptorResponse Message

A response message of the WatchAuditedResourceDescriptor method.

Name Type Description
change AuditedResourceDescriptorChange

WatchAuditedResourceDescriptorsRequest Message

A request message of the WatchAuditedResourceDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer AuditedResourceDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AuditedResourceDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AuditedResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AuditedResourceDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AuditedResourceDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AuditedResourceDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAuditedResourceDescriptorsResponse Message

A response message of the WatchAuditedResourceDescriptors method.

Name Type Description
audited_resource_descriptor_changes repeated AuditedResourceDescriptorChange Changes of AuditedResourceDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AuditedResourceDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAuditedResourceDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AuditedResourceDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAuditedResourceDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AuditedResourceDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of AuditedResourceDescriptor) New token to retrieve next page of results.

CreateAuditedResourceDescriptorRequest Message

A request message of the CreateAuditedResourceDescriptor method.

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor AuditedResourceDescriptor resource body
response_mask CreateAuditedResourceDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAuditedResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAuditedResourceDescriptorRequest Message

A request message of the UpdateAuditedResourceDescriptor method.

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor AuditedResourceDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAuditedResourceDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAuditedResourceDescriptorRequest.ResponseMask reduce message response size.

UpdateAuditedResourceDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AuditedResourceDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAuditedResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

MethodDescriptor Resource

MethodDescriptor Resource

Name patterns:

  • methodDescriptors/{method_descriptor}

This section covers the methods and messages to interact with MethodDescriptor resource.

MethodDescriptor Methods

Here is the list of MethodDescriptor resource methods:

GetMethodDescriptor Method

GetMethodDescriptor

rpc GetMethodDescriptor(GetMethodDescriptorRequest) returns (MethodDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.get

The equivalent REST API is:

GET /v1alpha2/{name=methodDescriptors/*}

BatchGetMethodDescriptors Method

BatchGetMethodDescriptors

rpc BatchGetMethodDescriptors(BatchGetMethodDescriptorsRequest) returns (BatchGetMethodDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.batchGet

The equivalent REST API is:

GET /v1alpha2/methodDescriptors:batchGet

ListMethodDescriptors Method

ListMethodDescriptors

rpc ListMethodDescriptors(ListMethodDescriptorsRequest) returns (ListMethodDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.list

The equivalent REST API is:

GET /v1alpha2/methodDescriptors

WatchMethodDescriptor Method

WatchMethodDescriptor

rpc WatchMethodDescriptor(WatchMethodDescriptorRequest) returns (WatchMethodDescriptorResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.watch

The equivalent REST API is:

POST /v1alpha2/{name=methodDescriptors/*}:watch

WatchMethodDescriptors Method

WatchMethodDescriptors

rpc WatchMethodDescriptors(WatchMethodDescriptorsRequest) returns (WatchMethodDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.watch

The equivalent REST API is:

POST /v1alpha2/methodDescriptors:watch

CreateMethodDescriptor Method

CreateMethodDescriptor

rpc CreateMethodDescriptor(CreateMethodDescriptorRequest) returns (MethodDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.create

The equivalent REST API is:

POST /v1alpha2/methodDescriptors (BODY: method_descriptor)

UpdateMethodDescriptor Method

UpdateMethodDescriptor

rpc UpdateMethodDescriptor(UpdateMethodDescriptorRequest) returns (MethodDescriptor)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/methodDescriptors.update

The equivalent REST API is:

PUT /v1alpha2/{method_descriptor.name=methodDescriptors/*} (BODY: method_descriptor)

MethodDescriptor Messages

Here is the list of MethodDescriptor resource messages:

MethodDescriptor Message

Name Type Description
name string (name of MethodDescriptor) Name of MethodDescriptor - contains service name and method type name, separated by ‘/’ sign. Example name: “iam.edgelq.com/CreateRoleBinding”
display_name string Optional. A concise name for the audited object type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.
description string Optional. A detailed description of the audited method type that might be used in documentation.
labels repeated LabelDescriptor A set of labels used to describe instances of this audited method type. For example, for “UpdateRoleBinding” we can define member label. This can allow us to make query like “who tried to give user X permissions to those things?”
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.
versions repeated string List of API versions which define this method
metadata Meta Metadata

GetMethodDescriptorRequest Message

A request message of the GetMethodDescriptor method.

Name Type Description
name string (name of MethodDescriptor) Name of ntt.audit.v1alpha2.MethodDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMethodDescriptorsRequest Message

A request message of the BatchGetMethodDescriptors method.

Name Type Description
names repeated string (name of MethodDescriptor) Names of MethodDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMethodDescriptorsResponse Message

A response message of the BatchGetMethodDescriptors method.

Name Type Description
method_descriptors repeated MethodDescriptor found MethodDescriptors
missing repeated string (name of MethodDescriptor) list of not found MethodDescriptors

ListMethodDescriptorsRequest Message

A request message of the ListMethodDescriptors method.

Name Type Description
page_size int32 Requested page size. Server may return fewer MethodDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of MethodDescriptor) A token identifying a page of results the server should return. Typically, this is the value of ListMethodDescriptorsResponse.next_page_token.
order_by string (orderBy of MethodDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of MethodDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMethodDescriptorsResponse Message

A response message of the ListMethodDescriptors method.

Name Type Description
method_descriptors repeated MethodDescriptor The list of MethodDescriptors
prev_page_token string (cursor of MethodDescriptor) A token to retrieve previous page of results. Pass this value in the ListMethodDescriptorsRequest.page_token.
next_page_token string (cursor of MethodDescriptor) A token to retrieve next page of results. Pass this value in the ListMethodDescriptorsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MethodDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchMethodDescriptorRequest Message

A request message of the WatchMethodDescriptor method.

Name Type Description
name string (name of MethodDescriptor) Name of ntt.audit.v1alpha2.MethodDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMethodDescriptorResponse Message

A response message of the WatchMethodDescriptor method.

Name Type Description
change MethodDescriptorChange

WatchMethodDescriptorsRequest Message

A request message of the WatchMethodDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer MethodDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MethodDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MethodDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MethodDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MethodDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MethodDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMethodDescriptorsResponse Message

A response message of the WatchMethodDescriptors method.

Name Type Description
method_descriptor_changes repeated MethodDescriptorChange Changes of MethodDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MethodDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMethodDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MethodDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMethodDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MethodDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of MethodDescriptor) New token to retrieve next page of results.

CreateMethodDescriptorRequest Message

A request message of the CreateMethodDescriptor method.

Name Type Description
method_descriptor MethodDescriptor MethodDescriptor resource body
response_mask CreateMethodDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateMethodDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateMethodDescriptorRequest Message

A request message of the UpdateMethodDescriptor method.

Name Type Description
method_descriptor MethodDescriptor MethodDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMethodDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateMethodDescriptorRequest.ResponseMask reduce message response size.

UpdateMethodDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MethodDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMethodDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

ResourceChangeLog Resource

ResourceChangeLog Resource - describes notification of resource change. This log is resource oriented - it strictly is associated with single resource, where service name, resource type and resource name are the strongest attributes.

All resource changes are happening via API calls made to API services. Therefore, each ResourceChangeLog has associated ActivityLog. Relation is 1-N between activity and resource change logs, as one API call can modify multiple resources.

Name patterns:

  • resourceChangeLogs/{resource_change_log}
  • projects/{project}/resourceChangeLogs/{resource_change_log}
  • organizations/{organization}/resourceChangeLogs/{resource_change_log}

Parent resources:

This section covers the methods and messages to interact with ResourceChangeLog resource.

ResourceChangeLog Methods

Here is the list of ResourceChangeLog resource methods:

ListResourceChangeLogs Method

ListResourceChangeLogs

rpc ListResourceChangeLogs(ListResourceChangeLogsRequest) returns (ListResourceChangeLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/resourceChangeLogs.list

The equivalent REST API is:

GET /v1alpha2/resourceChangeLogs

CreatePreCommittedResourceChangeLogs Method

CreatePreCommittedResourceChangeLogs

rpc CreatePreCommittedResourceChangeLogs(CreatePreCommittedResourceChangeLogsRequest) returns (CreatePreCommittedResourceChangeLogsResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/resourceChangeLogs.submit

The equivalent REST API is:

POST /v1alpha2/resourceChangeLogs

SetResourceChangeLogsCommitState Method

SetResourceChangeLogsCommitState

rpc SetResourceChangeLogsCommitState(SetResourceChangeLogsCommitStateRequest) returns (SetResourceChangeLogsCommitStateResponse)

with the following messages:

Required Permissions:

  • services/audit.edgelq.com/permissions/resourceChangeLogs.finalize

The equivalent REST API is:

POST /v1alpha2/resourceChangeLogs

ResourceChangeLog Messages

Here is the list of ResourceChangeLog resource messages:

ResourceChangeLog Message

Name Type Description
name string (name of ResourceChangeLog) Name of ResourceChangeLog. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope request_id authentication.principal service.name service.region_id resource.name resource.type resource.pre.labels resource.post.labels ID part should not be decoded, but treated as opaque string
scope string Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Supported formats are: - organization/umbrella - projects/mars_exploration - <system>
request_id uint64 Unique identifier of request - it must match the one in the associated activity log.
timestamp .google.protobuf.Timestamp Time of the change - equal to request timestamp (activity log)
authentication Authentication Authentication data - informs who made a change
service ServiceData Information about the service
resource ResourceChangeLog.ResourceChange Describes change on the resource
transaction ResourceChangeLog.TransactionInfo Describes state of the transaction

ResourceChangeLog.ResourceChange Message

Description of change on the resource

Name Type Description
name string Fully qualified name of the resource (eg. “RoleBinding/Public”) that has changed from this request (if successful)
type string Name of the resource type for example “RoleBinding”.
action ResourceChangeLog.ResourceChange.Action Action on the resource
updated_fields .google.protobuf.FieldMask Field mask with different fields, populated only for update action types.
previous .google.protobuf.Any Previous values of updated fields. Its populated only if update_fields is provided and for those fields only. It is skipped for deletes.
current .google.protobuf.Any Current values of updated fields in case of update. Whole resource in case of creation, empty in case of deletion.
labels map<string, string> List of query-able labels. They are taken from both before and after resource, but after has higher priority
pre ObjectState State of the resource before change. It is empty if action is CREATE DEPRECATED and not populated for new resources
post ObjectState State of the resource after change. It is empty if action is DELETE DEPRECATED and not populated for new resources

ResourceChangeLog.TransactionInfo Message

Information about transaction where change has been executed

Name Type Description
identifier string unique identifier of the transaction.
try_counter int32 Indicator of try counter. If transaction has been concluded at first try, try_counter will be 1. If on the second try, then number will be 2 (etc).
state ResourceChangeLog.TransactionInfo.State State of the transaction.

ListResourceChangeLogsRequest Message

Request message for method [ListResourceChangeLogs][ntt.audit.v1alpha2.ListResourceChangeLogs]

Returns resource changes for specified time range, region, scope and filter. Note that resource change logs are Resource oriented - primary object is resource here. Audit monitors resources that have non-custom store.

Note that filter field is mandatory and minimal filters are:

  • –filter ‘service.name=[SERVICE_NAME] and resource.type=[RESOURCE_NAME]’ (what is happening for this resource type)
  • –filter ‘request_id=[REQUEST_ID]’ (which resources were changed by this request_id?)

Be aware that server will append scope filter condition (and scope IN …) to an any of the above filters. All scopes are extracted from parents field in ListResourceChangeLogsRequest body. This ensures that users can view only scopes he/she is allowed to.

For all of the above filters you can replace filter condition compare (=) with IN operator. You can therefore query for multiple services, methods or users at once. Above filters are also preferred as we have optimization for them.

Resource change logs can also be filtered by custom labels (field labels in ResourceChangeLog - pre and post versions). Labels are custom per each API resource - so you must specify service.name and resource.type conditions to enable them. For example, suppose you have a VM resource which contains “group” field, which is a reference to some other resource. If you create label “group” in VM resource spec (in proto model) you can make a following query: –filter ‘service.name=vms.domain.com and resource.type=VM and resource.post.labels.group=projects/P/vmgroups/myGroup’.

Examples of usage (with cuttle - we are interested only in one region and scope):

  • Checks activities within one hour for role binding resources

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘service.name=“IAM.edgelq.com” and resource.type=“RoleBinding”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”, “endTime”:“2020-09-08T13:00:00Z”}’ -o json

  • Checks modification of specific RoleBinding

$ cuttle audit query activity-log –parents ‘project/demo’ –filter ‘service.name=“IAM.edgelq.com” and resource.type=“RoleBinding” and resource.name=“projects/x/roleBindings/myRB”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

  • Checks changes on resource RoleBinding made by specific user (we need their email)

$ cuttle audit query resource-change-log –parents ‘project/demo’ –filter ‘service.name=“IAM.edgelq.com” and resource.type=“RoleBinding” and authentication.principal=“user:we.know.who@domain.com”’ –interval ‘{“startTime”:“2020-09-08T12:00:00Z”}’ -o json

Name Type Description
parents repeated string (parent name of ResourceChangeLog) Parent names of ntt.audit.v1alpha2.ResourceChangeLog
filter string (filter of ResourceChangeLog) A audit filter that specifies which resource change logs should be returned
interval TimeInterval The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.
page_size int32 Cap on a number of resource change logs to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit. Results will be adjusted to the “end time” taken from interval field (adjusted also by page_token if provided).
page_token string Token which identifies next page with further results. Token should be taken from ListResourceChangeLogsResponse [ListResourceChangeLogsResponse.next_page_token][ntt.audit.v1alpha2.ListResourceChangeLogsResponse.next_page_token].

ListResourceChangeLogsResponse Message

Response message for method [ListResourceChangeLogs][ntt.audit.v1alpha2.ListResourceChangeLogs]

Name Type Description
resource_change_logs repeated ResourceChangeLog One or more resource change logs that match the filter included in the request. Contains results from all queried regions. Its possible however that some logs may be missing, for this see execution_errors.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the response data returned to be incomplete. Because logs are stored only locally (for each region), all resource change log queries are split and merged by a receiving request server according to the queried regions. Its possible that some regions will fail when request is redirected to them, but others not. For each failed region, one execution error will be appended. In each ntt.rpc.Status message, fields code and message will contain error obtained from failed regional server, while field details will contain always one item and this item will be of type ErrorDetails.

ListResourceChangeLogsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreatePreCommittedResourceChangeLogsRequest Message

Request message for method [CreatePreCommittedResourceChangeLogs][ntt.audit.v1alpha2.CreatePreCommittedResourceChangeLogs]

Creates resource change log.

This request should not be used by regular users - only API services should be able to submit resource change logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Name Type Description
request_id uint64 ID of the request - must be same as the one used in activity logs
timestamp .google.protobuf.Timestamp Time of the request
authentication Authentication Authentication data - informs who made a change
service ServiceData Information about the service
transaction ResourceChangeLog.TransactionInfo Information about transaction
changes repeated ResourceChangeLog.ResourceChange List of changes

CreatePreCommittedResourceChangeLogsResponse Message

Response message for method [CreateResourceChangeLogs][ntt.audit.v1alpha2.CreateResourceChangeLogs]

Name Type Description
log_keys repeated bytes Resource change log keys - one key per each resource change, in same order

SetResourceChangeLogsCommitStateRequest Message

Request message for method [SetResourceChangeLogsCommitState][ntt.audit.v1alpha2.SetResourceChangeLogsCommitState]

Sets transaction status of selected resource change logs.

This request should not be used by regular users - only API services should be able to modify resource change logs. Developers of services should use logs exporter package offered along other Audit service packages instead of developing own components.

Name Type Description
log_keys repeated bytes list of resource change log keys.
timestamp .google.protobuf.Timestamp Time of the request - must be same as in CreatePreCommittedResourceChangeLogsRequest
tx_result ResourceChangeLog.TransactionInfo.State final state of the transaction - must be COMMITTED or ROLLED_BACK

SetResourceChangeLogsCommitStateResponse Message

Response message for method [SetResourceChangeLogsCommitState][ntt.audit.v1alpha2.SetResourceChangeLogsCommitState]

Name Type Description
none none none

ResourceChangeLog Enumerations

Here is the list of ResourceChangeLog resource enumerations:

ResourceChangeLog.ResourceChange.Action Enumeration

Type of change

Name Description
UNDEFINED to avoid blank item when printing logs
CREATE Resource has been created
DELETE Resource has been deleted
SPEC_UPDATE Update contains spec fields
STATE_UPDATE Update contains state fields, but not spec
META_UPDATE Update contains neither spec or state fields.
UPDATE UPDATE is deprecated in favor of specific update types.

ResourceChangeLog.TransactionInfo.State Enumeration

State of the transaction.

Name Description
UNDEFINED
PRE_COMMITTED Indicates that this change did not happen - it is just proposal of the change. Such a log should be followed by another ResourceChangeLog with value COMMITTED or ROLLED_BACK. If one transaction has been retried multiple times, then there may be multiple records with PRE_COMMITTED, last record should indicate final transaction state.
COMMITTED Indicates change has been committed successfully.
ROLLED_BACK Indicates that change did not happen. Log of this type should be treated as attempt of change.

Audit Service Shared Methods and Messages

Audit Service Shared Messages

Here is the list of Audit service shared messages:

AuditedResourceDescriptorChange Message

AuditedResourceDescriptorChange is used by Watch notifications Responses to describe change of single AuditedResourceDescriptor One of Added, Modified, Removed

Name Type Description
added AuditedResourceDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified AuditedResourceDescriptorChange.Modified Modified is returned when watched document is modified
current AuditedResourceDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AuditedResourceDescriptorChange.Removed Removed is returned when AuditedResourceDescriptor is deleted or leaves Query view

AuditedResourceDescriptorChange.Added Message

AuditedResourceDescriptor has been added to query view

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor
view_index int32 Integer describing index of added AuditedResourceDescriptor in resulting query view.

AuditedResourceDescriptorChange.Current Message

AuditedResourceDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
audited_resource_descriptor AuditedResourceDescriptor

AuditedResourceDescriptorChange.Modified Message

AuditedResourceDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AuditedResourceDescriptor) Name of modified AuditedResourceDescriptor
audited_resource_descriptor AuditedResourceDescriptor New version of AuditedResourceDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchAuditedResourceDescriptorRequest] or [WatchAuditedResourceDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AuditedResourceDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AuditedResourceDescriptor new index in resulting query view.

AuditedResourceDescriptorChange.Removed Message

Removed is returned when AuditedResourceDescriptor is deleted or leaves Query view

Name Type Description
name string (name of AuditedResourceDescriptor)
view_index int32 Integer specifying removed AuditedResourceDescriptor index. Not populated in stateless watch type.

Authentication Message

Information about authorized principal who sent a request

Name Type Description
principal string Name of the principal, for example: “user:our_new_admin@example.com
principal_type string Principal type - user, serviceAccount, anonymous

Authorization Message

Information about authorization applicable for a request.

Name Type Description
granted_permissions repeated string List of permissions that were granted
denied_permissions repeated string List of permissions that were denied

LabelDescriptor Message

Name Type Description
key string The label key.
versions repeated string List of versions where label is supported

LabelKeySet Message

LabelKeySet is used for defining PromotedLabelKeySets on Object descriptors

Name Type Description
label_keys repeated string
versions repeated string List of versions where label set is supported

MethodDescriptorChange Message

MethodDescriptorChange is used by Watch notifications Responses to describe change of single MethodDescriptor One of Added, Modified, Removed

Name Type Description
added MethodDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified MethodDescriptorChange.Modified Modified is returned when watched document is modified
current MethodDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MethodDescriptorChange.Removed Removed is returned when MethodDescriptor is deleted or leaves Query view

MethodDescriptorChange.Added Message

MethodDescriptor has been added to query view

Name Type Description
method_descriptor MethodDescriptor
view_index int32 Integer describing index of added MethodDescriptor in resulting query view.

MethodDescriptorChange.Current Message

MethodDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
method_descriptor MethodDescriptor

MethodDescriptorChange.Modified Message

MethodDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MethodDescriptor) Name of modified MethodDescriptor
method_descriptor MethodDescriptor New version of MethodDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMethodDescriptorRequest] or [WatchMethodDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MethodDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MethodDescriptor new index in resulting query view.

MethodDescriptorChange.Removed Message

Removed is returned when MethodDescriptor is deleted or leaves Query view

Name Type Description
name string (name of MethodDescriptor)
view_index int32 Integer specifying removed MethodDescriptor index. Not populated in stateless watch type.

ObjectState Message

State of the object - can be resource, request or response. DEPRECATED

Name Type Description
data .google.protobuf.Any Object data
labels map<string, string> Values for all of the labels listed in the associated audited object descriptor - they are extracted from protobuf object and used for filtering

ServiceData Message

Information about service processing a request

Name Type Description
name string Fully qualified service name executing a request
region_id string Region of the service handling this request.

TimeInterval Message

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Name Type Description
end_time .google.protobuf.Timestamp Optional - end of the time interval. If not provided, current time will be assumed.
start_time .google.protobuf.Timestamp Required. The beginning of the time interval. The start time must not be later than the end time.

4 - SPEKTRA Edge Limits Service API

Understanding the Limits service API.

The limits service is a core SPEKTRA Edge service that enables service developers or product owners to enforce rules/quotas on the maximum amount of resources that can exist within different scopes:

  • Service scope:

    Global service limits based on the controller capacity.

  • Organization scope:

    Limits assigned to the reseller.

  • Project scope:

    Limits assigned to the individual customer.

Limits are passed from top to bottom. First, the service administrator sets the limits for the whole service. Once service limits are initialized, they can be used to allocate resources to root organizations and projects. Organizations can then pass limits further down to their child organizations or projects.

Each Service is managing its quotas.

Limits/Usage could also be tied to the billing/licensing system.

Features/Capabilities of Limits service:

  • Ensures that limits in child projects/organizations do not exceed those for their parents (organizations or system limits).
  • Ensures correctness and database transaction guarantees.
  • Enables passing down limits in various cases (like region to region within a project, parent organization to child organization, etc).
  • Uses monitoring service to record historical changes in resource consumption.
  • Ensures that limits can be passed only between parent/child organization/project.
  • Enforces parent organization/service consent before modifying limits in child entities.
  • Is designed to work in a multi-regional environment. When a limit is assigned to a multi-regional project, then limits are split across all regions. The system tracks each regional limit individually.

Full API Specifications (with resources):

Resources

Accepted Limit Plans

An accepted limit plan is a resource and is very close to the plan assignments. However, while a plan assignment binds a plan with an assignee, an accepted limit plan binds a limit plan with an assigner for a given assignee. The accepted limit plan represents resource limits that an assigner granted to an assignee.

When an accepted limit plan is created or the limits are increased, limits assigned to the assigner are reserved for an assignee with an immediate effect. When the accepted plan is deleted, or the limits are decreased, the limits are returned to the assigner once they have been cleaned up.

The system constantly syncs configuration from accepted limit plans into plan assignments, in an asynchronous manner. It also means that the organization/service administrators can practically modify plan assignments.

If an organization/service administrator accepts any plan assignment request, they are making indirect modifications to their accepted limit plan instances, but both ways use the same workflow.

Limits

A limit combines a project, resource type, region, and two configurable values:

  1. allowance
  2. current usage

It makes sure that the number of resources in a given project/ region does not exceed the allowed value. It is important to note that Limits are only for projects, final assignees, which can create resources that count into usage.

Each service in each region maintains its own set of trackers for all present projects.

It is also important to note, that each limit is derived from a limit plan assignment that contains a given resource type. They are being created/modified/deleted according to the configuration stored in limit plan assignments. They cannot be modified by administrators.

Limit Assignees

A limit assignee is an SPEKTRA Edge entity capable of receiving limits from their parent. A limit assignee is typically an organization or a project. Service is a special type of assignee, it can assign resources to itself without taking from parent entity limits. Limits for the service should be decided by service owners or developers. Services and organizations are both the assignor and the assignee, only projects are the final assignees.

Limit Assigners

A limit assigner is an SPEKTRA Edge entity capable of passing down their limits to their child entities. Because only services and organizations may have child entities, sub-organizations and projects) the assigner could be either an organization (organization admin) or service (service admin).

Limit Plans

A limit plan is a set of limits per resource type. It must be associated with some SPEKTRA Edge services. Resources it contains must be from that service.

Assignees may have many limit plans assigned at once, but each must be from a different service.

Each service must define default limit plans, but organizations can define them too, for their child entries.

Limit Plan Assignments

A limit plan assignment is a resource that binds a limit plan with an assignee. It may also include extra limits that increase default values predicted by the plan.

limit plan assignments are not modifiable. Changes should be requested by the assignee or should be changed by assigners (it is assumed that assigners will respect any service agreement).

Limit plan Assignments for projects also contain regional distribution of limits.

Limit Plan Assignment Requests

A limit plan Assignment Request is a formal request made by an assignee that, once accepted by the assigner, creates a new plan assignments or modifies an existing one. This resource is a formal API allowing an assignee to request a change in their limits.

A limit plan assignment request can be used for:

  • Assigning/Upgrading/Downgrading plan
  • Extending/Decreasing individual limits for specific resources
  • Unassigning existing limit plan
  • Certain requests may be automatically accepted by the system.

Limit Pools

A limit pool is similar to limit as it also “limits” the number of resources in existence. However, while Limit keeps track of resources in a specific scope and ensures it does not exceed the allocated value, the limit pool serves as a source to limits (and other limit pools). Limit instances belonging to projects, final assignees. Limit Pools belong to services and organizations, which are passing limits down to projects and sub-organizations.

Like limits, the individual limit pool are computed from limit plan assignments belonging to the service/organization. Whenever assignments change, the limit pools are modified accordingly. They cannot be modified by administrators.

Multi-Region Note

Plans define resource limits per each region. For example, when the Service assigns itself a plan with 100K Devices from the devices.edgelq.com service, it means that it will have LimitPool for each region with a value of 100K for Devices.

When the Service expands to a new region, it will get new LimitPool resources for all its resource types. Those new LimitPools will be brand new, and existing LimitPools will not change.

When an Organization is assigned some plan, all resource limits from a plan will be applied for each region in which the organization is enabled. Therefore, LimitPool for a particular resource type will be created for each organization region.

When an Organization expands to a new region, it will get new LimitPool resources, and existing ones will not be touched.

LimitPools for Service and Organizations are always regional - regardless of whether the resource type is regional itself or not.

There is a difference on a Project level though. For example, let’s take two resource types:

  • services/applications.edgelq.com/resources/Distribution

    This is a non-regional resource.

  • services/applications.edgelq.com/resources/Pod

    This is a regional resource.

Suppose we create a Project with a plan that predicts:

  • 10 Distributions, 100 Pods (per Region)

If the Project is enabled for a single region, let’s say us-west2, it will have limits:

  • 10 Distributions, Region: us-west2
  • 100 Pods, Region: us-west2

Parent Organization will have the following reservations on its limit pools:

  • Distributions in us-west2: 10 reserved quota
  • Pods in us-west2: 100 reserved quota

If the project expands to a new region, let’s say eastus2, then the project will have the following limits:

  • 10 Distributions, Region: us-west2
  • 100 Pods, Region: us-west2
  • 100 Pods, Region: eastus2

Parent Organization will have the following reservations on its limit pools:

  • Distributions in us-west2: 10 reserved quota
  • Distributions in eastus2: 10 reserved quota
  • Pods in us-west2: 100 reserved quota
  • Pods in eastus2: 100 reserved quota

Pods should be clear, but Distributions require clarification as, to why a Limit of 10 requires sourcing two LimitPools from both enabled regions. The main thing is, that “global” resources are putting pressure on all regions where Project is enabled - typically, they are synced across all regions. Distribution resources are working in all project regions. One instance of Distribution, even if it is managed by us-west2 only, can create pods in both regions. This is why they source from all limit pools for all enabled regions.

Limits Management

Assignee and Assigner have a different API for them but note that Organization is generally both an Assignee and Assigner

  • Assigner, because it can have child projects and organizations. Assignee, because it has either parent organization, or if this is root organization, assigners are services themselves.

For an Assignee (Project or Organization admin)

The organization is assigned plans based on allowed_services values, plus it automatically gets plans for core SPEKTRA Edge services: devices.edgelq.com and applications.edgelq.com (implicitly). There is no need to do anything to have core SPEKTRA Edge plans assigned, it should be enough to just create an Organization. Plans for particular services are enabled when the Organization is adding a service to the allowed_services list.

Projects are similar, they get assigned core plans automatically, and extra service plans only when they enable services via the enabled_services field. PlanAssignments are created automatically unless the parent entity has no free limit pools.

To see PlanAssignments that were created for organization, see:

cuttle limits list plan-assignments --organization <orgId> -o json

For project:

cuttle limits list plan-assignments --project <projectId> -o json

If you want to see limit pools assigned (for organization):

cuttle limits list limit-pools --organization <orgId> -o json

For a project, we should check limits:

cuttle limits list limits --project <projectId> -o json

If there is a need to change limits for a specific plan, it is required that either:

  • Parent Organization admin (or Service for root organizations assignees) updates AcceptedPlan resource from which PlanAssignment sources information.
  • Assignee admin creates PlanAssignmentRequest, which then is accepted by parent organization admin (or Service admin for root organizations)

Let’s assume that there is Parent Organization, which defined the following custom plan for devices:

# --plan-level PROJECT for project assignees!
cuttle limits create plan  --organization <parentOrgId> devices-service-500-devices \
  --service 'services/devices.edgelq.com' \
  --plan-level ORGANIZATION \
  --business-tier LARGE \
  --resource-limits '{"resource": "services/devices.edgelq.com/resources/Device", "value": 500}'

For example, parent organization admin could then modify AcceptedPlan, apply plan with 500 devices for each region.

cuttle limits update accepted-plan <AcceptedPlanId> \
  --defaultRegionalPlan organizations/<parentOrgId>/plans/devices-service-500-devices

Project admins can request, with let’s say some extensions:

cuttle limits create plan-assignment-request --project <myProjectId> \
  --request '{"assign": {"plan": "organizations/<parentOrgId>/plans/devices-service-500-devices", "extensions": [{"resource": "services/devices.edgelq.com/resources/Device", "value": 50}]}}'

Organization admins are similar:

cuttle limits create plan-assignment-request --organization <myOrgId> \
  --request '{"assign": {"plan": "organizations/<parentOrgId>/plans/devices-service-500-devices", "extensions": [{"resource": "services/devices.edgelq.com/resources/Device", "value": 50}]}}'

Instead of plan assignment, we can also just ask for some extra extensions:

cuttle limits create plan-assignment-request --project <myProjectId> \
  --request '{"extend": {"assignment": "<MyPlanAssignmentName>", "extensions": [{"resource": "services/devices.edgelq.com/resources/Device", "value": 50}]}}'

For an assigner (Organization or Service admin)

Limits service creates automatically AcceptedPlans for all child projects and organizations, depending on the services they enable, and business tiers.

If you are a service admin, you can see all AcceptedPlan instances created for root organizations and projects using this service:

cuttle limits list accepted-plans --service '<myServiceId>'

Organization admin can see plans they accepted with:

cuttle limits list accepted-plans --organization '<myOrgId>'

To see overall state of limit pools, service admins should execute:

cuttle limits list limit-pools --service <myServiceId> -o json

Organization admins can see their limit pools with:

cuttle limits list limit-pools --organization <myOrgId> -o json

Assigners (Service or Organization admins) can define plan templates on their own. Service admins should use fixtures, as described in the Developer guide. Organization admins can potentially use just default plans defined by a Service for their child entities, however, limit values may not match exactly their needs. Instead, they are recommended to define their plans, for example:

cuttle limits create plan --organization <parentOrgId> \
  devices-service-500-devices \
  --service 'services/devices.edgelq.com' \
  --plan-level ORGANIZATION \
  --business-tier LARGE \
  --resource-limits '{"resource": "services/devices.edgelq.com/resources/Device", "value": 500}'

Of course, it is necessary to provide resource limits for all required resource types. Moreover, the plan should be created for all plan-level and business-tier combinations required.

This is how assigners can create plans on their own. When they create child entities, let’s say a Project:

cuttle iam create project <projectId> --parent-organization \
  'organizations/<parentOrgId>' --business-tier <Tier> \
  --multi-region-policy <MultiRegionPolicy> \
  --enabled-services <EnabledService1> ... \
  --enabled-services <EnabledServiceN>

In the above case (Assigner is an Organization), Limits service will create automatically AcceptedPlans for all core SPEKTRA Edge and enabled services, where --plan-level is PROJECT, and --business-tier matches the one specified in <Tier> argument.

Assigner admins can manipulate AcceptedPlans further in two ways:

  • By accepting PlanAssignmentRequests made by child entity admins (if they initiate an action)
  • By directly modifying AcceptedPlan instances

For example, AcceptedPlan can be directly modified from the plan assigned by default:

cuttle limits update accepted-plan <AcceptedPlanId> \
  --defaultRegionalPlan \
    organizations/<parentOrgId>/plans/devices-service-500-devices

PlanAssignmentRequests are created by assignee admins (child project or organizations). Service admins can see requests for them with:

cuttle limits list-approver plan-assignment-requests \
  --approver 'services/<myServiceId>'

Organization admins (as assigners) can see requests for them with:

cuttle limits list-approver plan-assignment-requests \
  --approver 'organizations/<myOrgId>'

Service admins can accept/decline requests with:

cuttle limits accept plan-assignment-request \
  --name '<PlanAssignmentRequestFullName>' \
  --approver 'services/<myServiceId>'
cuttle limits decline plan-assignment-request \
  --name '<PlanAssignmentRequestFullName>' \
  --approver 'services/<myServiceId>'

Organization admins can accept/decline requests with:

cuttle limits accept plan-assignment-request \
  --name '<PlanAssignmentRequestFullName>' \
  --approver 'organizations/<myOrgId>'
cuttle limits decline plan-assignment-request \
  --name '<PlanAssignmentRequestFullName>' \
  --approver 'organizations/<myOrgId>'

4.1 -

Understanding the limits.edgelq.com service APIv1, in proto package ntt.limits.v1.

Service limits.edgelq.com in version v1, proto package ntt.limits.v1

Here is the list of resources supported in Limits service APIv1:

AcceptedPlan Resource

AcceptedPlan shows a plan accepted by assigner (system or organization) for project, organization and system - with all additional information like extensions or regional distributions. It is in relation 1-1 with PlanAssignment, BUT:

  • PlanAssignment is read-only and represents information for Assignee. Name pattern indicates to WHOM plan is assigned.
  • AcceptedPlan contains accepted configuration and represents information for assigner. Name pattern indicates WHO ASSIGNED a plan. It is modifiable, BUT modifications of accepted plans may result in increased usage of allowed limit pools - Organization/Service cannot accept plans to sub-entities without limits (however, system is allowed to assign plan to itself without limits, which makes system admin fully responsible).

Name patterns:

  • services/{service}/acceptedPlans/{accepted_plan}
  • organizations/{organization}/acceptedPlans/{accepted_plan}

Parent resources:

This section covers the methods and messages to interact with AcceptedPlan resource.

AcceptedPlan Methods

Here is the list of AcceptedPlan resource methods:

GetAcceptedPlan Method

GetAcceptedPlan

rpc GetAcceptedPlan(GetAcceptedPlanRequest) returns (AcceptedPlan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.get

The equivalent REST API is:

GET /v1/{name=services/*/acceptedPlans/*} 

GET /v1/{name=organizations/*/acceptedPlans/*}

BatchGetAcceptedPlans Method

BatchGetAcceptedPlans

rpc BatchGetAcceptedPlans(BatchGetAcceptedPlansRequest) returns (BatchGetAcceptedPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.batchGet

The equivalent REST API is:

GET /v1/acceptedPlans:batchGet

ListAcceptedPlans Method

ListAcceptedPlans

rpc ListAcceptedPlans(ListAcceptedPlansRequest) returns (ListAcceptedPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.list

The equivalent REST API is:

GET /v1/{parent=services/*}/acceptedPlans 

GET /v1/{parent=organizations/*}/acceptedPlans

WatchAcceptedPlan Method

WatchAcceptedPlan

rpc WatchAcceptedPlan(WatchAcceptedPlanRequest) returns (WatchAcceptedPlanResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.watch

The equivalent REST API is:

POST /v1/{name=services/*/acceptedPlans/*}:watch 

POST /v1/{name=organizations/*/acceptedPlans/*}:watch

WatchAcceptedPlans Method

WatchAcceptedPlans

rpc WatchAcceptedPlans(WatchAcceptedPlansRequest) returns (WatchAcceptedPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/acceptedPlans:watch 

POST /v1/{parent=organizations/*}/acceptedPlans:watch

CreateAcceptedPlan Method

CreateAcceptedPlan

rpc CreateAcceptedPlan(CreateAcceptedPlanRequest) returns (AcceptedPlan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.create

The equivalent REST API is:

POST /v1/{parent=services/*}/acceptedPlans (BODY: accepted_plan)

POST /v1/{parent=organizations/*}/acceptedPlans

UpdateAcceptedPlan Method

UpdateAcceptedPlan

rpc UpdateAcceptedPlan(UpdateAcceptedPlanRequest) returns (AcceptedPlan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.update

The equivalent REST API is:

PUT /v1/{accepted_plan.name=services/*/acceptedPlans/*} (BODY: accepted_plan)

PUT /v1/{accepted_plan.name=organizations/*/acceptedPlans/*}

DeleteAcceptedPlan Method

DeleteAcceptedPlan

rpc DeleteAcceptedPlan(DeleteAcceptedPlanRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/acceptedPlans/*} 

DELETE /v1/{name=organizations/*/acceptedPlans/*}

AcceptedPlan Messages

Here is the list of AcceptedPlan resource messages:

AcceptedPlan Message

Name Type Description
name string (name of AcceptedPlan) Name of AcceptedPlan When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
default_regional_plan string (reference to Plan) Plan with resource limits - it will apply to EACH region of service/organization/project.
service string (reference to Service) Service indicated by a plan.
regional_plan_overrides repeated RegionalPlanAssignment Individual plan overrides per each region - however, overrides do not work on non-regional resources for project assignees.
extensions repeated Allowance Optional extensions over standard plans in individual regions or all regions, if region id is empty.
allowances repeated Allowance Final allowances per resource/region - computed from extensions and all regional plans.
applied_regions repeated string List of regions ID where plan was applied - it is being taken from service/organization/project list of regions. Limits service extends plans if it notices expansion to the new region.
applied_plan_spec_generation int64 Default region plan generation number, set during each update and creation. It is used to notice if plan got changed and we need to trigger accepted plan update.
assignee AcceptedPlan.Assignee Plan assignee

AcceptedPlan.Assignee Message

Assignee indicates for whom plan was accepted for. In case of child project/org deletion, accepted plan will be deleted too, which will result in return of all limits.

Name Type Description
project_assignee string (reference to Project) Project for whom plan is for.
organization_assignee string (reference to Organization) Organization for whom plan is for.
service_assignee string (reference to Service) Service for whom plan is for

GetAcceptedPlanRequest Message

A request message of the GetAcceptedPlan method.

Name Type Description
name string (name of AcceptedPlan) Name of ntt.limits.v1.AcceptedPlan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAcceptedPlansRequest Message

A request message of the BatchGetAcceptedPlans method.

Name Type Description
names repeated string (name of AcceptedPlan) Names of AcceptedPlans
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAcceptedPlansResponse Message

A response message of the BatchGetAcceptedPlans method.

Name Type Description
accepted_plans repeated AcceptedPlan found AcceptedPlans
missing repeated string (name of AcceptedPlan) list of not found AcceptedPlans

ListAcceptedPlansRequest Message

A request message of the ListAcceptedPlans method.

Name Type Description
parent string (parent name of AcceptedPlan) Parent name of ntt.limits.v1.AcceptedPlan
page_size int32 Requested page size. Server may return fewer AcceptedPlans than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AcceptedPlan) A token identifying a page of results the server should return. Typically, this is the value of ListAcceptedPlansResponse.next_page_token.
order_by string (orderBy of AcceptedPlan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AcceptedPlan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAcceptedPlansResponse Message

A response message of the ListAcceptedPlans method.

Name Type Description
accepted_plans repeated AcceptedPlan The list of AcceptedPlans
prev_page_token string (cursor of AcceptedPlan) A token to retrieve previous page of results. Pass this value in the ListAcceptedPlansRequest.page_token.
next_page_token string (cursor of AcceptedPlan) A token to retrieve next page of results. Pass this value in the ListAcceptedPlansRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AcceptedPlans across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAcceptedPlanRequest Message

A request message of the WatchAcceptedPlan method.

Name Type Description
name string (name of AcceptedPlan) Name of ntt.limits.v1.AcceptedPlan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAcceptedPlanResponse Message

A response message of the WatchAcceptedPlan method.

Name Type Description
change AcceptedPlanChange

WatchAcceptedPlansRequest Message

A request message of the WatchAcceptedPlans method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AcceptedPlan) Parent name of ntt.limits.v1.AcceptedPlan
page_size int32 Requested page size. Server may return fewer AcceptedPlans than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AcceptedPlan) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AcceptedPlan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AcceptedPlan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AcceptedPlan that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AcceptedPlan that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAcceptedPlansResponse Message

A response message of the WatchAcceptedPlans method.

Name Type Description
accepted_plan_changes repeated AcceptedPlanChange Changes of AcceptedPlans
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AcceptedPlans will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAcceptedPlansResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AcceptedPlans will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAcceptedPlansResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AcceptedPlan) New token to retrieve previous page of results.
next_page_token string (cursor of AcceptedPlan) New token to retrieve next page of results.

CreateAcceptedPlanRequest Message

A request message of the CreateAcceptedPlan method.

Name Type Description
parent string (parent name of AcceptedPlan) Parent name of ntt.limits.v1.AcceptedPlan
accepted_plan AcceptedPlan AcceptedPlan resource body
response_mask CreateAcceptedPlanRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAcceptedPlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAcceptedPlanRequest Message

A request message of the UpdateAcceptedPlan method.

Name Type Description
accepted_plan AcceptedPlan AcceptedPlan resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAcceptedPlanRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAcceptedPlanRequest.ResponseMask reduce message response size.

UpdateAcceptedPlanRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AcceptedPlan Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAcceptedPlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAcceptedPlanRequest Message

A request message of the DeleteAcceptedPlan method.

Name Type Description
name string (name of AcceptedPlan) Name of ntt.limits.v1.AcceptedPlan
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Limit Resource

Limit resource represents usage/limit of specific resource in specific project and region - however instances of those resources are managed by primary region of project. This ensures consistency and allows modification of project limits in one database transaction. Limit instances cannot be created or deleted. They cannot be also be modified (there are only some state fields controlled by system). Limits are created/modified along with PlanAssignment instances.

Name patterns:

  • projects/{project}/limits/{limit}

Parent resources:

This section covers the methods and messages to interact with Limit resource.

Limit Methods

Here is the list of Limit resource methods:

GetLimit Method

GetLimit

rpc GetLimit(GetLimitRequest) returns (Limit)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.get

The equivalent REST API is:

GET /v1/{name=projects/*/limits/*}

BatchGetLimits Method

BatchGetLimits

rpc BatchGetLimits(BatchGetLimitsRequest) returns (BatchGetLimitsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.batchGet

The equivalent REST API is:

GET /v1/limits:batchGet

ListLimits Method

ListLimits

rpc ListLimits(ListLimitsRequest) returns (ListLimitsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.list

The equivalent REST API is:

GET /v1/{parent=projects/*}/limits

WatchLimit Method

WatchLimit

rpc WatchLimit(WatchLimitRequest) returns (WatchLimitResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.watch

The equivalent REST API is:

POST /v1/{name=projects/*/limits/*}:watch

WatchLimits Method

WatchLimits

rpc WatchLimits(WatchLimitsRequest) returns (WatchLimitsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.watch

The equivalent REST API is:

POST /v1/{parent=projects/*}/limits:watch

UpdateLimit Method

UpdateLimit

rpc UpdateLimit(UpdateLimitRequest) returns (Limit)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.update

The equivalent REST API is:

PUT /v1/{limit.name=projects/*/limits/*} (BODY: limit)

DeleteLimit Method

DeleteLimit

rpc DeleteLimit(DeleteLimitRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/limits/*}

MigrateLimitSource Method

MigrateLimitSource

rpc MigrateLimitSource(MigrateLimitSourceRequest) returns (Limit)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.migrate

The equivalent REST API is:

POST /v1/{name=projects/*/limits/*}:migrate

Limit Messages

Here is the list of Limit resource messages:

Limit Message

Name Type Description
name string (name of Limit) Name of Limit When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9-]{1,128}\/[a-zA-Z0-9-.]{1,128}\/[a-zA-Z]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
service string (reference to Service) Referenced service
resource string (reference to Resource) Referenced resource type
region string Region ID to which this limit applies. This may be different compared to default project region, because projects themselves can be multi-regional.
configured_limit int64 Configured limit - it is always in sync with limits predicted by PlanAssignment instances.
active_limit int64 Active limit - it is always equal to configured limit with exceptions: * If configured limit has just changed, then active limit will for a moment contain old value before synchronization. * If it turns out that usage increased in the very same moment when configured limit decreased, then active limit will hold old value indicating problem. It is important to note that, because projects may be multi-regional, limits are tracked by their FINAL region (See region field). State fields (active limit and usage) are synced asynchronously. From user perspective this field can be hidden if in line with configured limit.
usage int64 Number of resources currently in existence.
sources repeated string (reference to LimitPool) LimitPool sources that supplied reservation to this limit. Any change in configured/active value in current Limit increases/decreases reserved field in source LimitPool. Number of sources depends whether resource is regional or not - if resource is regional, it will be only one source pointing to the specific region. Non-regional resources will point to all regions where project is present.

GetLimitRequest Message

A request message of the GetLimit method.

Name Type Description
name string (name of Limit) Name of ntt.limits.v1.Limit
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitsRequest Message

A request message of the BatchGetLimits method.

Name Type Description
names repeated string (name of Limit) Names of Limits
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitsResponse Message

A response message of the BatchGetLimits method.

Name Type Description
limits repeated Limit found Limits
missing repeated string (name of Limit) list of not found Limits

ListLimitsRequest Message

A request message of the ListLimits method.

Name Type Description
parent string (parent name of Limit) Parent name of ntt.limits.v1.Limit
page_size int32 Requested page size. Server may return fewer Limits than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Limit) A token identifying a page of results the server should return. Typically, this is the value of ListLimitsResponse.next_page_token.
order_by string (orderBy of Limit) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Limit) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListLimitsResponse Message

A response message of the ListLimits method.

Name Type Description
limits repeated Limit The list of Limits
prev_page_token string (cursor of Limit) A token to retrieve previous page of results. Pass this value in the ListLimitsRequest.page_token.
next_page_token string (cursor of Limit) A token to retrieve next page of results. Pass this value in the ListLimitsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Limits across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchLimitRequest Message

A request message of the WatchLimit method.

Name Type Description
name string (name of Limit) Name of ntt.limits.v1.Limit
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchLimitResponse Message

A response message of the WatchLimit method.

Name Type Description
change LimitChange

WatchLimitsRequest Message

A request message of the WatchLimits method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Limit) Parent name of ntt.limits.v1.Limit
page_size int32 Requested page size. Server may return fewer Limits than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Limit) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Limit) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Limit) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Limit that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Limit that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchLimitsResponse Message

A response message of the WatchLimits method.

Name Type Description
limit_changes repeated LimitChange Changes of Limits
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Limits will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchLimitsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Limits will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchLimitsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Limit) New token to retrieve previous page of results.
next_page_token string (cursor of Limit) New token to retrieve next page of results.

UpdateLimitRequest Message

A request message of the UpdateLimit method.

Name Type Description
limit Limit Limit resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateLimitRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
response_mask UpdateLimitRequest.ResponseMask Optional masking applied to response object to reduce message response size.

UpdateLimitRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Limit Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateLimitRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteLimitRequest Message

A request message of the DeleteLimit method.

Name Type Description
name string (name of Limit) Name of ntt.limits.v1.Limit
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MigrateLimitSourceRequest Message

Request message for method [MigrateLimitSource][ntt.limits.v1.MigrateLimitSource]

Name Type Description
name string (name of Limit) name of ntt.limits.v1.Limit

LimitPool Resource

LimitPool represents a pool from which next LimitPool or final Limit instances are allocated from. LimitPool can either belong to a service (first pool, without parent) or organization (which got pool from service or parent organization). Size of child limit or limit pools must not exceed parent limit pool. LimitPool is in a way similar to Limit - it has scope and associated resource but LimitPool is non-final object. It cannot be used to allocate resources directly. It need child Limit first. Therefore, field with values in LimitPool are configured size, active size and reserved. Fields in Limit are configured limit, active limit and usage - they need different interpretation. Because LimitPool instances within one scope (service, organization) are managed by primary region of that scope, changes in them are done with only single transaction. LimitPool instances cannot be directly created or deleted. They cannot be also be modified (there are only some state fields controlled by service). LimitPools are created/modified along with PlanAssignment instances.

Name patterns:

  • services/{service}/limitPools/{limit_pool}
  • organizations/{organization}/limitPools/{limit_pool}

Parent resources:

This section covers the methods and messages to interact with LimitPool resource.

LimitPool Methods

Here is the list of LimitPool resource methods:

GetLimitPool Method

GetLimitPool

rpc GetLimitPool(GetLimitPoolRequest) returns (LimitPool)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.get

The equivalent REST API is:

GET /v1/{name=services/*/limitPools/*} 

GET /v1/{name=organizations/*/limitPools/*}

BatchGetLimitPools Method

BatchGetLimitPools

rpc BatchGetLimitPools(BatchGetLimitPoolsRequest) returns (BatchGetLimitPoolsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.batchGet

The equivalent REST API is:

GET /v1/limitPools:batchGet

ListLimitPools Method

ListLimitPools

rpc ListLimitPools(ListLimitPoolsRequest) returns (ListLimitPoolsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.list

The equivalent REST API is:

GET /v1/{parent=services/*}/limitPools 

GET /v1/{parent=organizations/*}/limitPools

WatchLimitPool Method

WatchLimitPool

rpc WatchLimitPool(WatchLimitPoolRequest) returns (WatchLimitPoolResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.watch

The equivalent REST API is:

POST /v1/{name=services/*/limitPools/*}:watch 

POST /v1/{name=organizations/*/limitPools/*}:watch

WatchLimitPools Method

WatchLimitPools

rpc WatchLimitPools(WatchLimitPoolsRequest) returns (WatchLimitPoolsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/limitPools:watch 

POST /v1/{parent=organizations/*}/limitPools:watch

UpdateLimitPool Method

UpdateLimitPool

rpc UpdateLimitPool(UpdateLimitPoolRequest) returns (LimitPool)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.update

The equivalent REST API is:

PUT /v1/{limit_pool.name=services/*/limitPools/*} (BODY: limit_pool)

PUT /v1/{limit_pool.name=organizations/*/limitPools/*}

DeleteLimitPool Method

DeleteLimitPool

rpc DeleteLimitPool(DeleteLimitPoolRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/limitPools/*} 

DELETE /v1/{name=organizations/*/limitPools/*}

MigrateLimitPoolSource Method

MigrateLimitPoolSource

rpc MigrateLimitPoolSource(MigrateLimitPoolSourceRequest) returns (LimitPool)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.migrate

The equivalent REST API is:

POST /v1/{name=services/*/limitPools/*}:migrate 

POST /v1/{name=organizations/*/limitPools/*}:migrate

LimitPool Messages

Here is the list of LimitPool resource messages:

LimitPool Message

Name Type Description
name string (name of LimitPool) Name of LimitPool When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9-]{1,128}\/[a-zA-Z0-9-.]{1,128}\/[a-zA-Z]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
service string (reference to Service) Referenced service
resource string (reference to Resource) Referenced resource type
region string Region ID to which this pool applies. This may be different compared to default region for service/organization, because they may use multiple regions.
configured_size int64 Configured size of pool according to PlanAssignment instances belonging to same scope (system or organization).
active_size int64 Active pool size. It will be normally equal to configured size. However, if configured size goes down below reserved value, then active size will be equal to that “reserved”. It will also prevent parent LimitPool (if any) from getting limit value back.
reserved int64 Configured OR Active Size of all child Limit and LimitPool instances - whichever is bigger.
source string (reference to LimitPool) LimitPool source that supplied reservation to this LimitPool. Any change in configured/active value in current LimitPool increases/decreases reserved field in source LimitPool.

GetLimitPoolRequest Message

A request message of the GetLimitPool method.

Name Type Description
name string (name of LimitPool) Name of ntt.limits.v1.LimitPool
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitPoolsRequest Message

A request message of the BatchGetLimitPools method.

Name Type Description
names repeated string (name of LimitPool) Names of LimitPools
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitPoolsResponse Message

A response message of the BatchGetLimitPools method.

Name Type Description
limit_pools repeated LimitPool found LimitPools
missing repeated string (name of LimitPool) list of not found LimitPools

ListLimitPoolsRequest Message

A request message of the ListLimitPools method.

Name Type Description
parent string (parent name of LimitPool) Parent name of ntt.limits.v1.LimitPool
page_size int32 Requested page size. Server may return fewer LimitPools than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of LimitPool) A token identifying a page of results the server should return. Typically, this is the value of ListLimitPoolsResponse.next_page_token.
order_by string (orderBy of LimitPool) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of LimitPool) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListLimitPoolsResponse Message

A response message of the ListLimitPools method.

Name Type Description
limit_pools repeated LimitPool The list of LimitPools
prev_page_token string (cursor of LimitPool) A token to retrieve previous page of results. Pass this value in the ListLimitPoolsRequest.page_token.
next_page_token string (cursor of LimitPool) A token to retrieve next page of results. Pass this value in the ListLimitPoolsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total LimitPools across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchLimitPoolRequest Message

A request message of the WatchLimitPool method.

Name Type Description
name string (name of LimitPool) Name of ntt.limits.v1.LimitPool
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchLimitPoolResponse Message

A response message of the WatchLimitPool method.

Name Type Description
change LimitPoolChange

WatchLimitPoolsRequest Message

A request message of the WatchLimitPools method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of LimitPool) Parent name of ntt.limits.v1.LimitPool
page_size int32 Requested page size. Server may return fewer LimitPools than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of LimitPool) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of LimitPool) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of LimitPool) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to LimitPool that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to LimitPool that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchLimitPoolsResponse Message

A response message of the WatchLimitPools method.

Name Type Description
limit_pool_changes repeated LimitPoolChange Changes of LimitPools
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All LimitPools will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchLimitPoolsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (LimitPools will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchLimitPoolsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of LimitPool) New token to retrieve previous page of results.
next_page_token string (cursor of LimitPool) New token to retrieve next page of results.

UpdateLimitPoolRequest Message

A request message of the UpdateLimitPool method.

Name Type Description
limit_pool LimitPool LimitPool resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateLimitPoolRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
response_mask UpdateLimitPoolRequest.ResponseMask Optional masking applied to response object to reduce message response size.

UpdateLimitPoolRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state LimitPool Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateLimitPoolRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteLimitPoolRequest Message

A request message of the DeleteLimitPool method.

Name Type Description
name string (name of LimitPool) Name of ntt.limits.v1.LimitPool
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MigrateLimitPoolSourceRequest Message

Request message for method [MigrateLimitPoolSource][ntt.limits.v1.MigrateLimitPoolSource]

Name Type Description
name string (name of LimitPool) name of ntt.limits.v1.LimitPool

Plan Resource

Plan is a bundle with set of limits for various resources in given service. Note that Plan limits are regional. For example, if plan predicts for example 1000 pods and is assigned for resource enabled for 2 regions, then project will be allowed to create 1000 pods in each region.

Name patterns:

  • services/{service}/plans/{plan}
  • organizations/{organization}/plans/{plan}

Parent resources:

This section covers the methods and messages to interact with Plan resource.

Plan Methods

Here is the list of Plan resource methods:

GetPlan Method

GetPlan

rpc GetPlan(GetPlanRequest) returns (Plan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.get

The equivalent REST API is:

GET /v1/{name=services/*/plans/*} 

GET /v1/{name=organizations/*/plans/*}

BatchGetPlans Method

BatchGetPlans

rpc BatchGetPlans(BatchGetPlansRequest) returns (BatchGetPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.batchGet

The equivalent REST API is:

GET /v1/plans:batchGet

ListPlans Method

ListPlans

rpc ListPlans(ListPlansRequest) returns (ListPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.list

The equivalent REST API is:

GET /v1/{parent=services/*}/plans 

GET /v1/{parent=organizations/*}/plans

WatchPlan Method

WatchPlan

rpc WatchPlan(WatchPlanRequest) returns (WatchPlanResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.watch

The equivalent REST API is:

POST /v1/{name=services/*/plans/*}:watch 

POST /v1/{name=organizations/*/plans/*}:watch

WatchPlans Method

WatchPlans

rpc WatchPlans(WatchPlansRequest) returns (WatchPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/plans:watch 

POST /v1/{parent=organizations/*}/plans:watch

CreatePlan Method

CreatePlan

rpc CreatePlan(CreatePlanRequest) returns (Plan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.create

The equivalent REST API is:

POST /v1/{parent=services/*}/plans (BODY: plan)

POST /v1/{parent=organizations/*}/plans

UpdatePlan Method

UpdatePlan

rpc UpdatePlan(UpdatePlanRequest) returns (Plan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.update

The equivalent REST API is:

PUT /v1/{plan.name=services/*/plans/*} (BODY: plan)

PUT /v1/{plan.name=organizations/*/plans/*}

DeletePlan Method

DeletePlan

rpc DeletePlan(DeletePlanRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/plans/*} 

DELETE /v1/{name=organizations/*/plans/*}

Plan Messages

Here is the list of Plan resource messages:

Plan Message

Name Type Description
name string (name of Plan) Name of Plan When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Plan display name
service string (reference to Service) Service where plan applies. If this Plan is a child of Service itself, they must be equal.
resource_limits repeated Plan.LimitValue List of limits per each resource.
plan_level Plan.PlanLevel Plan level
business_tier BusinessTier Business tier - this only is used to determine default plan when project/organization is created. It is possible to set this value to UNDEFINED rendering this plan as non-default.
generation int64 Spec generation, incremented for every change in resource_limits field.

Plan.LimitValue Message

LimitValue informs how many instances of resource for given type are permitted.

Name Type Description
resource string (reference to Resource) Reference to resource
value int64 Limit for given resource.

GetPlanRequest Message

A request message of the GetPlan method.

Name Type Description
name string (name of Plan) Name of ntt.limits.v1.Plan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlansRequest Message

A request message of the BatchGetPlans method.

Name Type Description
names repeated string (name of Plan) Names of Plans
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlansResponse Message

A response message of the BatchGetPlans method.

Name Type Description
plans repeated Plan found Plans
missing repeated string (name of Plan) list of not found Plans

ListPlansRequest Message

A request message of the ListPlans method.

Name Type Description
parent string (parent name of Plan) Parent name of ntt.limits.v1.Plan
page_size int32 Requested page size. Server may return fewer Plans than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Plan) A token identifying a page of results the server should return. Typically, this is the value of ListPlansResponse.next_page_token.
order_by string (orderBy of Plan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Plan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPlansResponse Message

A response message of the ListPlans method.

Name Type Description
plans repeated Plan The list of Plans
prev_page_token string (cursor of Plan) A token to retrieve previous page of results. Pass this value in the ListPlansRequest.page_token.
next_page_token string (cursor of Plan) A token to retrieve next page of results. Pass this value in the ListPlansRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Plans across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPlanRequest Message

A request message of the WatchPlan method.

Name Type Description
name string (name of Plan) Name of ntt.limits.v1.Plan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPlanResponse Message

A response message of the WatchPlan method.

Name Type Description
change PlanChange

WatchPlansRequest Message

A request message of the WatchPlans method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Plan) Parent name of ntt.limits.v1.Plan
page_size int32 Requested page size. Server may return fewer Plans than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Plan) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Plan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Plan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Plan that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Plan that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPlansResponse Message

A response message of the WatchPlans method.

Name Type Description
plan_changes repeated PlanChange Changes of Plans
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Plans will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPlansResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Plans will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPlansResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Plan) New token to retrieve previous page of results.
next_page_token string (cursor of Plan) New token to retrieve next page of results.

CreatePlanRequest Message

A request message of the CreatePlan method.

Name Type Description
parent string (parent name of Plan) Parent name of ntt.limits.v1.Plan
plan Plan Plan resource body
response_mask CreatePlanRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePlanRequest Message

A request message of the UpdatePlan method.

Name Type Description
plan Plan Plan resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePlanRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePlanRequest.ResponseMask reduce message response size.

UpdatePlanRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Plan Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePlanRequest Message

A request message of the DeletePlan method.

Name Type Description
name string (name of Plan) Name of ntt.limits.v1.Plan
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Plan Enumerations

Here is the list of Plan resource enumerations:

Plan.PlanLevel Enumeration

PlanLevel defines entity level for whom plan can be assigned

Name Description
UNDEFINED
SERVICE
ORGANIZATION
PROJECT

PlanAssignment Resource

PlanAssignment binds plan (with optional customizations) with specific entity (assignee - either system, organization or project). Plan assignments (sum of them) are used to compute configured size of limit pools (system and organizations) AND limits (projects). They are not modifiable - limits are passed from system to projects, so each PlanAssignment must be agreed by higher instance (parent organization or system). System recognizes acceptance by existence of AcceptedPlan instances - it synchronizes PlanAssignment instances with them.

Name patterns:

  • services/{service}/planAssignments/{plan_assignment}
  • projects/{project}/planAssignments/{plan_assignment}
  • organizations/{organization}/planAssignments/{plan_assignment}

Parent resources:

This section covers the methods and messages to interact with PlanAssignment resource.

PlanAssignment Methods

Here is the list of PlanAssignment resource methods:

GetPlanAssignment Method

GetPlanAssignment

rpc GetPlanAssignment(GetPlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.get

The equivalent REST API is:

GET /v1/{name=services/*/planAssignments/*} 

GET /v1/{name=projects/*/planAssignments/*} 

GET /v1/{name=organizations/*/planAssignments/*}

BatchGetPlanAssignments Method

BatchGetPlanAssignments

rpc BatchGetPlanAssignments(BatchGetPlanAssignmentsRequest) returns (BatchGetPlanAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.batchGet

The equivalent REST API is:

GET /v1/planAssignments:batchGet

ListPlanAssignments Method

ListPlanAssignments

rpc ListPlanAssignments(ListPlanAssignmentsRequest) returns (ListPlanAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.list

The equivalent REST API is:

GET /v1/{parent=services/*}/planAssignments 

GET /v1/{parent=projects/*}/planAssignments 

GET /v1/{parent=organizations/*}/planAssignments

WatchPlanAssignment Method

WatchPlanAssignment

rpc WatchPlanAssignment(WatchPlanAssignmentRequest) returns (WatchPlanAssignmentResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.watch

The equivalent REST API is:

POST /v1/{name=services/*/planAssignments/*}:watch 

POST /v1/{name=projects/*/planAssignments/*}:watch 

POST /v1/{name=organizations/*/planAssignments/*}:watch

WatchPlanAssignments Method

WatchPlanAssignments

rpc WatchPlanAssignments(WatchPlanAssignmentsRequest) returns (WatchPlanAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.watch

The equivalent REST API is:

POST /v1/{parent=services/*}/planAssignments:watch 

POST /v1/{parent=projects/*}/planAssignments:watch 

POST /v1/{parent=organizations/*}/planAssignments:watch

CreatePlanAssignment Method

CreatePlanAssignment

rpc CreatePlanAssignment(CreatePlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.create

The equivalent REST API is:

POST /v1/{parent=services/*}/planAssignments (BODY: plan_assignment)

POST /v1/{parent=projects/*}/planAssignments 

POST /v1/{parent=organizations/*}/planAssignments

UpdatePlanAssignment Method

UpdatePlanAssignment

rpc UpdatePlanAssignment(UpdatePlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.update

The equivalent REST API is:

PUT /v1/{plan_assignment.name=services/*/planAssignments/*} (BODY: plan_assignment)

PUT /v1/{plan_assignment.name=projects/*/planAssignments/*} 

PUT /v1/{plan_assignment.name=organizations/*/planAssignments/*}

DeletePlanAssignment Method

DeletePlanAssignment

rpc DeletePlanAssignment(DeletePlanAssignmentRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.delete

The equivalent REST API is:

DELETE /v1/{name=services/*/planAssignments/*} 

DELETE /v1/{name=projects/*/planAssignments/*} 

DELETE /v1/{name=organizations/*/planAssignments/*}

MigratePlanAssignment Method

MigratePlanAssignment

rpc MigratePlanAssignment(MigratePlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.migrate

The equivalent REST API is:

PUT /v1/{plan_assignment.name=services/*/planAssignments/*}:migrate (BODY: plan_assignment)

PUT /v1/{plan_assignment.name=projects/*/planAssignments/*}:migrate 

PUT /v1/{plan_assignment.name=organizations/*/planAssignments/*}:migrate

PlanAssignment Messages

Here is the list of PlanAssignment resource messages:

PlanAssignment Message

Name Type Description
name string (name of PlanAssignment) Name of PlanAssignment When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
default_regional_plan string (reference to Plan) Plan with basic set of limits - it will apply to EACH region of service/organization/project
service string (reference to Service) Service associated with plan
regional_plan_overrides repeated RegionalPlanAssignment Individual plan overrides per each region.
extensions repeated Allowance Additional extensions (but may be negative) on top of regular plan.
allowances repeated Allowance Final allowances per resource/region - computed from extensions and all regional plans.
applied_regions repeated string List of regions ID where plan was applied - it is being taken from service/organization/project list of regions. Limits service extends plans if it notices expansion to the new region.
applied_plan_spec_generation int64 Default region plan generation number, set during each update and creation. It is used to notice if plan got changed and we need to trigger plan update.
source string (reference to AcceptedPlan) Source with which this PlanAssignment is synchronized.

GetPlanAssignmentRequest Message

A request message of the GetPlanAssignment method.

Name Type Description
name string (name of PlanAssignment) Name of ntt.limits.v1.PlanAssignment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentsRequest Message

A request message of the BatchGetPlanAssignments method.

Name Type Description
names repeated string (name of PlanAssignment) Names of PlanAssignments
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentsResponse Message

A response message of the BatchGetPlanAssignments method.

Name Type Description
plan_assignments repeated PlanAssignment found PlanAssignments
missing repeated string (name of PlanAssignment) list of not found PlanAssignments

ListPlanAssignmentsRequest Message

A request message of the ListPlanAssignments method.

Name Type Description
parent string (parent name of PlanAssignment) Parent name of ntt.limits.v1.PlanAssignment
page_size int32 Requested page size. Server may return fewer PlanAssignments than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PlanAssignment) A token identifying a page of results the server should return. Typically, this is the value of ListPlanAssignmentsResponse.next_page_token.
order_by string (orderBy of PlanAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PlanAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPlanAssignmentsResponse Message

A response message of the ListPlanAssignments method.

Name Type Description
plan_assignments repeated PlanAssignment The list of PlanAssignments
prev_page_token string (cursor of PlanAssignment) A token to retrieve previous page of results. Pass this value in the ListPlanAssignmentsRequest.page_token.
next_page_token string (cursor of PlanAssignment) A token to retrieve next page of results. Pass this value in the ListPlanAssignmentsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total PlanAssignments across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPlanAssignmentRequest Message

A request message of the WatchPlanAssignment method.

Name Type Description
name string (name of PlanAssignment) Name of ntt.limits.v1.PlanAssignment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPlanAssignmentResponse Message

A response message of the WatchPlanAssignment method.

Name Type Description
change PlanAssignmentChange

WatchPlanAssignmentsRequest Message

A request message of the WatchPlanAssignments method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of PlanAssignment) Parent name of ntt.limits.v1.PlanAssignment
page_size int32 Requested page size. Server may return fewer PlanAssignments than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of PlanAssignment) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of PlanAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of PlanAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to PlanAssignment that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to PlanAssignment that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPlanAssignmentsResponse Message

A response message of the WatchPlanAssignments method.

Name Type Description
plan_assignment_changes repeated PlanAssignmentChange Changes of PlanAssignments
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All PlanAssignments will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPlanAssignmentsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (PlanAssignments will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPlanAssignmentsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of PlanAssignment) New token to retrieve previous page of results.
next_page_token string (cursor of PlanAssignment) New token to retrieve next page of results.

CreatePlanAssignmentRequest Message

A request message of the CreatePlanAssignment method.

Name Type Description
parent string (parent name of PlanAssignment) Parent name of ntt.limits.v1.PlanAssignment
plan_assignment PlanAssignment PlanAssignment resource body
response_mask CreatePlanAssignmentRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePlanAssignmentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePlanAssignmentRequest Message

A request message of the UpdatePlanAssignment method.

Name Type Description
plan_assignment PlanAssignment PlanAssignment resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePlanAssignmentRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePlanAssignmentRequest.ResponseMask reduce message response size.

UpdatePlanAssignmentRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state PlanAssignment Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePlanAssignmentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePlanAssignmentRequest Message

A request message of the DeletePlanAssignment method.

Name Type Description
name string (name of PlanAssignment) Name of ntt.limits.v1.PlanAssignment
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MigratePlanAssignmentRequest Message

Request message for method [MigratePlanAssignment][ntt.limits.v1.MigratePlanAssignment]

Name Type Description
plan_assignment PlanAssignment PlanAssignment resource body

PlanAssignmentRequest Resource

PlanAssignmentRequest gives administrator a way to modify their PlanAssignment instances in a safe way, with respect to parent organization/system limits. PlanAssignmentRequest can be used to:

  • Assign/Reassign new plan for specific service
  • Extend specific resource limits for existing PlanAssignment
  • Redistribute limits across regions (available for project PlanAssignments)
  • Unassign existing PlanAssignment Certain requests may be automatically approved by system (for example, if they would result in lowering limits), other require higher administrator consent. User creating request should check status field after operation to check if request was automatically approved.

Name patterns:

  • projects/{project}/planAssignmentRequests/{plan_assignment_request}
  • organizations/{organization}/planAssignmentRequests/{plan_assignment_request}

Parent resources:

This section covers the methods and messages to interact with PlanAssignmentRequest resource.

PlanAssignmentRequest Methods

Here is the list of PlanAssignmentRequest resource methods:

GetPlanAssignmentRequest Method

GetPlanAssignmentRequest

rpc GetPlanAssignmentRequest(GetPlanAssignmentRequestRequest) returns (PlanAssignmentRequest)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.get

The equivalent REST API is:

GET /v1/{name=projects/*/planAssignmentRequests/*} 

GET /v1/{name=organizations/*/planAssignmentRequests/*}

BatchGetPlanAssignmentRequests Method

BatchGetPlanAssignmentRequests

rpc BatchGetPlanAssignmentRequests(BatchGetPlanAssignmentRequestsRequest) returns (BatchGetPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.batchGet

The equivalent REST API is:

GET /v1/planAssignmentRequests:batchGet

ListPlanAssignmentRequests Method

ListPlanAssignmentRequests

rpc ListPlanAssignmentRequests(ListPlanAssignmentRequestsRequest) returns (ListPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.list

The equivalent REST API is:

GET /v1/{parent=projects/*}/planAssignmentRequests 

GET /v1/{parent=organizations/*}/planAssignmentRequests

WatchPlanAssignmentRequest Method

WatchPlanAssignmentRequest

rpc WatchPlanAssignmentRequest(WatchPlanAssignmentRequestRequest) returns (WatchPlanAssignmentRequestResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.watch

The equivalent REST API is:

POST /v1/{name=projects/*/planAssignmentRequests/*}:watch 

POST /v1/{name=organizations/*/planAssignmentRequests/*}:watch

WatchPlanAssignmentRequests Method

WatchPlanAssignmentRequests

rpc WatchPlanAssignmentRequests(WatchPlanAssignmentRequestsRequest) returns (WatchPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.watch

The equivalent REST API is:

POST /v1/{parent=projects/*}/planAssignmentRequests:watch 

POST /v1/{parent=organizations/*}/planAssignmentRequests:watch

CreatePlanAssignmentRequest Method

CreatePlanAssignmentRequest

rpc CreatePlanAssignmentRequest(CreatePlanAssignmentRequestRequest) returns (PlanAssignmentRequest)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.create

The equivalent REST API is:

POST /v1/{parent=projects/*}/planAssignmentRequests (BODY: plan_assignment_request)

POST /v1/{parent=organizations/*}/planAssignmentRequests

UpdatePlanAssignmentRequest Method

UpdatePlanAssignmentRequest

rpc UpdatePlanAssignmentRequest(UpdatePlanAssignmentRequestRequest) returns (PlanAssignmentRequest)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.update

The equivalent REST API is:

PUT /v1/{plan_assignment_request.name=projects/*/planAssignmentRequests/*} (BODY: plan_assignment_request)

PUT /v1/{plan_assignment_request.name=organizations/*/planAssignmentRequests/*}

DeletePlanAssignmentRequest Method

DeletePlanAssignmentRequest

rpc DeletePlanAssignmentRequest(DeletePlanAssignmentRequestRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/planAssignmentRequests/*} 

DELETE /v1/{name=organizations/*/planAssignmentRequests/*}

AcceptPlanAssignment Method

AcceptPlanAssignment

rpc AcceptPlanAssignment(AcceptPlanAssignmentRequest) returns (AcceptPlanAssignmentResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.accept

The equivalent REST API is:

POST /v1/{name=projects/*/planAssignmentRequests/*}:accept 

POST /v1/{name=organizations/*/planAssignmentRequests/*}:accept

DeclinePlanAssignment Method

DeclinePlanAssignment

rpc DeclinePlanAssignment(DeclinePlanAssignmentRequest) returns (DeclinePlanAssignmentResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.decline

The equivalent REST API is:

POST /v1/{name=projects/*/planAssignmentRequests/*}:decline 

POST /v1/{name=organizations/*/planAssignmentRequests/*}:decline

ListApproverPlanAssignmentRequests Method

ListApproverPlanAssignmentRequests

rpc ListApproverPlanAssignmentRequests(ListApproverPlanAssignmentRequestsRequest) returns (ListPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/approverPlanAssignmentRequests.list

The equivalent REST API is:

GET /v1/planAssignmentRequests:listApprover

PlanAssignmentRequest Messages

Here is the list of PlanAssignmentRequest resource messages:

PlanAssignmentRequest Message

Name Type Description
name string (name of PlanAssignmentRequest) Name of PlanAssignmentRequest When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
request PlanAssignmentRequest.RequestType Purpose of this request
service string (reference to Service) Service associated with this request.
approver string (parent name of AcceptedPlan) Approver - it can be org or service in practice, note its always equal to the parent name of AcceptedPlan
status PlanAssignmentRequest.Status

PlanAssignmentRequest.Status Message

Status

Name Type Description
conclusion PlanAssignmentRequest.Status.Conclusion Conclusion
reason string Optional message with reason

PlanAssignmentRequest.RequestType Message

RequestType describes what should change in existing PlanAssignment, optionally if new one should be created.

Name Type Description
assign PlanAssignmentRequest.RequestType.Assign Assign request
extend PlanAssignmentRequest.RequestType.Extend Extend request
unassign PlanAssignmentRequest.RequestType.Unassign Unassign request

PlanAssignmentRequest.RequestType.Assign Message

Assign request requests for new PlanAssignment instance. If there already is a plan for associated service, then previous record is overwritten in the scope of the “region”. In other words, this request can also be used to upgrade/downgrade existing plan. If “region” is specified, all extensions from existing plan for given region will be discarded and overwritten from this one. If “region” is not specified, then

Name Type Description
plan string (reference to Plan) Plan to apply
extensions repeated Allowance List of all extensions over basic plan. Extensions without specified region will apply to all regions if value of field “region” in this request is also empty. However, if “region” is specified, then extensions defined here will be applicable for this region only.
region string Optional region ID for the plan - if not specified, assigned plan will apply to all regions (default plan for region), BUT it will not override plans for specific region in existing PlanAssignment.

PlanAssignmentRequest.RequestType.Extend Message

Extend request should be used in order to increase (optionally decrease) limits from existing plan assignment. Note each addition can be applied to one or all regions.

Name Type Description
assignment string (reference to PlanAssignment) Reference to existing plan assignment
additions repeated Allowance List of limits to merge within existing assignment

PlanAssignmentRequest.RequestType.Unassign Message

Unassign is used to remove existing PlanAssignment if “region” is empty. This will always be automatically approved unless limits are in use by existing resources. If “region” is specified, then this request will remove region specific overrides only. Note that this will not be self approved if this would result in increased value of limits.

Name Type Description
assignment string (reference to PlanAssignment)
region string

GetPlanAssignmentRequestRequest Message

A request message of the GetPlanAssignmentRequest method.

Name Type Description
name string (name of PlanAssignmentRequest) Name of ntt.limits.v1.PlanAssignmentRequest
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentRequestsRequest Message

A request message of the BatchGetPlanAssignmentRequests method.

Name Type Description
names repeated string (name of PlanAssignmentRequest) Names of PlanAssignmentRequests
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentRequestsResponse Message

A response message of the BatchGetPlanAssignmentRequests method.

Name Type Description
plan_assignment_requests repeated PlanAssignmentRequest found PlanAssignmentRequests
missing repeated string (name of PlanAssignmentRequest) list of not found PlanAssignmentRequests

ListPlanAssignmentRequestsRequest Message

A request message of the ListPlanAssignmentRequests method.

Name Type Description
parent string (parent name of PlanAssignmentRequest) Parent name of ntt.limits.v1.PlanAssignmentRequest
page_size int32 Requested page size. Server may return fewer PlanAssignmentRequests than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PlanAssignmentRequest) A token identifying a page of results the server should return. Typically, this is the value of ListPlanAssignmentRequestsResponse.next_page_token.
order_by string (orderBy of PlanAssignmentRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PlanAssignmentRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPlanAssignmentRequestsResponse Message

A response message of the ListPlanAssignmentRequests method.

Name Type Description
plan_assignment_requests repeated PlanAssignmentRequest The list of PlanAssignmentRequests
prev_page_token string (cursor of PlanAssignmentRequest) A token to retrieve previous page of results. Pass this value in the ListPlanAssignmentRequestsRequest.page_token.
next_page_token string (cursor of PlanAssignmentRequest) A token to retrieve next page of results. Pass this value in the ListPlanAssignmentRequestsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total PlanAssignmentRequests across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPlanAssignmentRequestRequest Message

A request message of the WatchPlanAssignmentRequest method.

Name Type Description
name string (name of PlanAssignmentRequest) Name of ntt.limits.v1.PlanAssignmentRequest
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPlanAssignmentRequestResponse Message

A response message of the WatchPlanAssignmentRequest method.

Name Type Description
change PlanAssignmentRequestChange

WatchPlanAssignmentRequestsRequest Message

A request message of the WatchPlanAssignmentRequests method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of PlanAssignmentRequest) Parent name of ntt.limits.v1.PlanAssignmentRequest
page_size int32 Requested page size. Server may return fewer PlanAssignmentRequests than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of PlanAssignmentRequest) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of PlanAssignmentRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of PlanAssignmentRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to PlanAssignmentRequest that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to PlanAssignmentRequest that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPlanAssignmentRequestsResponse Message

A response message of the WatchPlanAssignmentRequests method.

Name Type Description
plan_assignment_request_changes repeated PlanAssignmentRequestChange Changes of PlanAssignmentRequests
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All PlanAssignmentRequests will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPlanAssignmentRequestsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (PlanAssignmentRequests will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPlanAssignmentRequestsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of PlanAssignmentRequest) New token to retrieve previous page of results.
next_page_token string (cursor of PlanAssignmentRequest) New token to retrieve next page of results.

CreatePlanAssignmentRequestRequest Message

A request message of the CreatePlanAssignmentRequest method.

Name Type Description
parent string (parent name of PlanAssignmentRequest) Parent name of ntt.limits.v1.PlanAssignmentRequest
plan_assignment_request PlanAssignmentRequest PlanAssignmentRequest resource body
response_mask CreatePlanAssignmentRequestRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePlanAssignmentRequestRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePlanAssignmentRequestRequest Message

A request message of the UpdatePlanAssignmentRequest method.

Name Type Description
plan_assignment_request PlanAssignmentRequest PlanAssignmentRequest resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePlanAssignmentRequestRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePlanAssignmentRequestRequest.ResponseMask reduce message response size.

UpdatePlanAssignmentRequestRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state PlanAssignmentRequest Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePlanAssignmentRequestRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePlanAssignmentRequestRequest Message

A request message of the DeletePlanAssignmentRequest method.

Name Type Description
name string (name of PlanAssignmentRequest) Name of ntt.limits.v1.PlanAssignmentRequest
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AcceptPlanAssignmentRequest Message

Request message for method [AcceptPlanAssignment][ntt.limits.v1.AcceptPlanAssignment]

Name Type Description
name string (name of PlanAssignmentRequest) name of ntt.limits.v1.PlanAssignmentRequest
approver string (parent name of AcceptedPlan) Entity approving plan assignment. It can be left empty if the one approving uses service-level privileges.

AcceptPlanAssignmentResponse Message

Response message for method [AcceptPlanAssignment][ntt.limits.v1.AcceptPlanAssignment]

Name Type Description
accepted_plan AcceptedPlan

DeclinePlanAssignmentRequest Message

Request message for method [DeclinePlanAssignment][ntt.limits.v1.DeclinePlanAssignment]

Name Type Description
name string (name of PlanAssignmentRequest) name of ntt.limits.v1.PlanAssignmentRequest
approver string (parent name of AcceptedPlan) Entity approving plan assignment. It must match approver in PlanAssignmentRequest.
reason string

DeclinePlanAssignmentResponse Message

Response message for method [DeclinePlanAssignment][ntt.limits.v1.DeclinePlanAssignment]

Name Type Description
none none none

ListApproverPlanAssignmentRequestsRequest Message

Request message for method [ListApproverPlanAssignmentRequests][ntt.limits.v1.ListApproverPlanAssignmentRequests]

Name Type Description
approver string (parent name of AcceptedPlan) Approver of the plan assignment requests
page_size int32 Requested page size. Server may return fewer PlanAssignmentRequests than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PlanAssignmentRequest) A token identifying a page of results the server should return. Typically, this is the value of [ListPlanAssignmentRequestsResponse.next_page_token][ntt.limits.v1.ListPlanAssignmentRequestsResponse.next_page_token]
order_by string (orderBy of PlanAssignmentRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PlanAssignmentRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

PlanAssignmentRequest Enumerations

Here is the list of PlanAssignmentRequest resource enumerations:

PlanAssignmentRequest.Status.Conclusion Enumeration

Name Description
UNDEFINED
PENDING
APPROVED
REJECTED

Limits Service Shared Methods and Messages

Limits Service Shared Messages

Here is the list of Limits service shared messages:

AcceptedPlanChange Message

AcceptedPlanChange is used by Watch notifications Responses to describe change of single AcceptedPlan One of Added, Modified, Removed

Name Type Description
added AcceptedPlanChange.Added Added is returned when watched document is added, either created or enters Query view
modified AcceptedPlanChange.Modified Modified is returned when watched document is modified
current AcceptedPlanChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AcceptedPlanChange.Removed Removed is returned when AcceptedPlan is deleted or leaves Query view

AcceptedPlanChange.Added Message

AcceptedPlan has been added to query view

Name Type Description
accepted_plan AcceptedPlan
view_index int32 Integer describing index of added AcceptedPlan in resulting query view.

AcceptedPlanChange.Current Message

AcceptedPlan has been added or modified in a query view. Version used for stateless watching

Name Type Description
accepted_plan AcceptedPlan

AcceptedPlanChange.Modified Message

AcceptedPlan changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AcceptedPlan) Name of modified AcceptedPlan
accepted_plan AcceptedPlan New version of AcceptedPlan or masked difference, depending on mask_changes instrumentation of issued [WatchAcceptedPlanRequest] or [WatchAcceptedPlansRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AcceptedPlan. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AcceptedPlan new index in resulting query view.

AcceptedPlanChange.Removed Message

Removed is returned when AcceptedPlan is deleted or leaves Query view

Name Type Description
name string (name of AcceptedPlan)
view_index int32 Integer specifying removed AcceptedPlan index. Not populated in stateless watch type.

Allowance Message

Allowance informs how many instances of resource for given type are permitted.

Name Type Description
resource string (reference to Resource) Reference to resource
value int64 Limit or extension for given resource.
region string Region ID where allowance applies - empty if for all.

LimitChange Message

LimitChange is used by Watch notifications Responses to describe change of single Limit One of Added, Modified, Removed

Name Type Description
added LimitChange.Added Added is returned when watched document is added, either created or enters Query view
modified LimitChange.Modified Modified is returned when watched document is modified
current LimitChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed LimitChange.Removed Removed is returned when Limit is deleted or leaves Query view

LimitChange.Added Message

Limit has been added to query view

Name Type Description
limit Limit
view_index int32 Integer describing index of added Limit in resulting query view.

LimitChange.Current Message

Limit has been added or modified in a query view. Version used for stateless watching

Name Type Description
limit Limit

LimitChange.Modified Message

Limit changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Limit) Name of modified Limit
limit Limit New version of Limit or masked difference, depending on mask_changes instrumentation of issued [WatchLimitRequest] or [WatchLimitsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Limit. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Limit new index in resulting query view.

LimitChange.Removed Message

Removed is returned when Limit is deleted or leaves Query view

Name Type Description
name string (name of Limit)
view_index int32 Integer specifying removed Limit index. Not populated in stateless watch type.

LimitPoolChange Message

LimitPoolChange is used by Watch notifications Responses to describe change of single LimitPool One of Added, Modified, Removed

Name Type Description
added LimitPoolChange.Added Added is returned when watched document is added, either created or enters Query view
modified LimitPoolChange.Modified Modified is returned when watched document is modified
current LimitPoolChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed LimitPoolChange.Removed Removed is returned when LimitPool is deleted or leaves Query view

LimitPoolChange.Added Message

LimitPool has been added to query view

Name Type Description
limit_pool LimitPool
view_index int32 Integer describing index of added LimitPool in resulting query view.

LimitPoolChange.Current Message

LimitPool has been added or modified in a query view. Version used for stateless watching

Name Type Description
limit_pool LimitPool

LimitPoolChange.Modified Message

LimitPool changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of LimitPool) Name of modified LimitPool
limit_pool LimitPool New version of LimitPool or masked difference, depending on mask_changes instrumentation of issued [WatchLimitPoolRequest] or [WatchLimitPoolsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified LimitPool. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying LimitPool new index in resulting query view.

LimitPoolChange.Removed Message

Removed is returned when LimitPool is deleted or leaves Query view

Name Type Description
name string (name of LimitPool)
view_index int32 Integer specifying removed LimitPool index. Not populated in stateless watch type.

PlanAssignmentChange Message

PlanAssignmentChange is used by Watch notifications Responses to describe change of single PlanAssignment One of Added, Modified, Removed

Name Type Description
added PlanAssignmentChange.Added Added is returned when watched document is added, either created or enters Query view
modified PlanAssignmentChange.Modified Modified is returned when watched document is modified
current PlanAssignmentChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PlanAssignmentChange.Removed Removed is returned when PlanAssignment is deleted or leaves Query view

PlanAssignmentChange.Added Message

PlanAssignment has been added to query view

Name Type Description
plan_assignment PlanAssignment
view_index int32 Integer describing index of added PlanAssignment in resulting query view.

PlanAssignmentChange.Current Message

PlanAssignment has been added or modified in a query view. Version used for stateless watching

Name Type Description
plan_assignment PlanAssignment

PlanAssignmentChange.Modified Message

PlanAssignment changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of PlanAssignment) Name of modified PlanAssignment
plan_assignment PlanAssignment New version of PlanAssignment or masked difference, depending on mask_changes instrumentation of issued [WatchPlanAssignmentRequest] or [WatchPlanAssignmentsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified PlanAssignment. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying PlanAssignment new index in resulting query view.

PlanAssignmentChange.Removed Message

Removed is returned when PlanAssignment is deleted or leaves Query view

Name Type Description
name string (name of PlanAssignment)
view_index int32 Integer specifying removed PlanAssignment index. Not populated in stateless watch type.

PlanAssignmentRequestChange Message

PlanAssignmentRequestChange is used by Watch notifications Responses to describe change of single PlanAssignmentRequest One of Added, Modified, Removed

Name Type Description
added PlanAssignmentRequestChange.Added Added is returned when watched document is added, either created or enters Query view
modified PlanAssignmentRequestChange.Modified Modified is returned when watched document is modified
current PlanAssignmentRequestChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PlanAssignmentRequestChange.Removed Removed is returned when PlanAssignmentRequest is deleted or leaves Query view

PlanAssignmentRequestChange.Added Message

PlanAssignmentRequest has been added to query view

Name Type Description
plan_assignment_request PlanAssignmentRequest
view_index int32 Integer describing index of added PlanAssignmentRequest in resulting query view.

PlanAssignmentRequestChange.Current Message

PlanAssignmentRequest has been added or modified in a query view. Version used for stateless watching

Name Type Description
plan_assignment_request PlanAssignmentRequest

PlanAssignmentRequestChange.Modified Message

PlanAssignmentRequest changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of PlanAssignmentRequest) Name of modified PlanAssignmentRequest
plan_assignment_request PlanAssignmentRequest New version of PlanAssignmentRequest or masked difference, depending on mask_changes instrumentation of issued [WatchPlanAssignmentRequestRequest] or [WatchPlanAssignmentRequestsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified PlanAssignmentRequest. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying PlanAssignmentRequest new index in resulting query view.

PlanAssignmentRequestChange.Removed Message

Removed is returned when PlanAssignmentRequest is deleted or leaves Query view

Name Type Description
name string (name of PlanAssignmentRequest)
view_index int32 Integer specifying removed PlanAssignmentRequest index. Not populated in stateless watch type.

PlanChange Message

PlanChange is used by Watch notifications Responses to describe change of single Plan One of Added, Modified, Removed

Name Type Description
added PlanChange.Added Added is returned when watched document is added, either created or enters Query view
modified PlanChange.Modified Modified is returned when watched document is modified
current PlanChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PlanChange.Removed Removed is returned when Plan is deleted or leaves Query view

PlanChange.Added Message

Plan has been added to query view

Name Type Description
plan Plan
view_index int32 Integer describing index of added Plan in resulting query view.

PlanChange.Current Message

Plan has been added or modified in a query view. Version used for stateless watching

Name Type Description
plan Plan

PlanChange.Modified Message

Plan changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Plan) Name of modified Plan
plan Plan New version of Plan or masked difference, depending on mask_changes instrumentation of issued [WatchPlanRequest] or [WatchPlansRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Plan. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Plan new index in resulting query view.

PlanChange.Removed Message

Removed is returned when Plan is deleted or leaves Query view

Name Type Description
name string (name of Plan)
view_index int32 Integer specifying removed Plan index. Not populated in stateless watch type.

RegionalPlanAssignment Message

RegionalPlanAssignment binds region and plan.

Name Type Description
plan string (reference to Plan) Plan for given region
region string Region ID for this override
plan_generation int64 Applied generation spec of the plan.

4.2 -

Understanding the limits.edgelq.com service APIv1alpha2, in proto package ntt.limits.v1alpha2.

Service limits.edgelq.com in version v1alpha2, proto package ntt.limits.v1alpha2

Here is the list of resources supported in Limits service APIv1alpha2:

AcceptedPlan Resource

AcceptedPlan shows a plan accepted by assigner (system or organization) for project, organization and system - with all additional information like extensions or regional distributions. It is in relation 1-1 with PlanAssignment, BUT:

  • PlanAssignment is read-only and represents information for Assignee. Name pattern indicates to WHOM plan is assigned.
  • AcceptedPlan contains accepted configuration and represents information for assigner. Name pattern indicates WHO ASSIGNED a plan. It is modifiable, BUT modifications of accepted plans may result in increased usage of allowed limit pools - Organization/System cannot accept plans to sub-entities without limits (however, system is allowed to assign plan to itself without limits, which makes system admin fully responsible).

Name patterns:

  • acceptedPlans/{accepted_plan}
  • organizations/{organization}/acceptedPlans/{accepted_plan}

Parent resources:

This section covers the methods and messages to interact with AcceptedPlan resource.

AcceptedPlan Methods

Here is the list of AcceptedPlan resource methods:

GetAcceptedPlan Method

GetAcceptedPlan

rpc GetAcceptedPlan(GetAcceptedPlanRequest) returns (AcceptedPlan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.get

The equivalent REST API is:

GET /v1alpha2/{name=acceptedPlans/*} 

GET /v1alpha2/{name=organizations/*/acceptedPlans/*}

BatchGetAcceptedPlans Method

BatchGetAcceptedPlans

rpc BatchGetAcceptedPlans(BatchGetAcceptedPlansRequest) returns (BatchGetAcceptedPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.batchGet

The equivalent REST API is:

GET /v1alpha2/acceptedPlans:batchGet

ListAcceptedPlans Method

ListAcceptedPlans

rpc ListAcceptedPlans(ListAcceptedPlansRequest) returns (ListAcceptedPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.list

The equivalent REST API is:

GET /v1alpha2/acceptedPlans 

GET /v1alpha2/{parent=organizations/*}/acceptedPlans

WatchAcceptedPlan Method

WatchAcceptedPlan

rpc WatchAcceptedPlan(WatchAcceptedPlanRequest) returns (WatchAcceptedPlanResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.watch

The equivalent REST API is:

POST /v1alpha2/{name=acceptedPlans/*}:watch 

POST /v1alpha2/{name=organizations/*/acceptedPlans/*}:watch

WatchAcceptedPlans Method

WatchAcceptedPlans

rpc WatchAcceptedPlans(WatchAcceptedPlansRequest) returns (WatchAcceptedPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.watch

The equivalent REST API is:

POST /v1alpha2/acceptedPlans:watch 

POST /v1alpha2/{parent=organizations/*}/acceptedPlans:watch

CreateAcceptedPlan Method

CreateAcceptedPlan

rpc CreateAcceptedPlan(CreateAcceptedPlanRequest) returns (AcceptedPlan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.create

The equivalent REST API is:

POST /v1alpha2/acceptedPlans (BODY: accepted_plan)

POST /v1alpha2/{parent=organizations/*}/acceptedPlans

UpdateAcceptedPlan Method

UpdateAcceptedPlan

rpc UpdateAcceptedPlan(UpdateAcceptedPlanRequest) returns (AcceptedPlan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.update

The equivalent REST API is:

PUT /v1alpha2/{accepted_plan.name=acceptedPlans/*} (BODY: accepted_plan)

PUT /v1alpha2/{accepted_plan.name=organizations/*/acceptedPlans/*}

DeleteAcceptedPlan Method

DeleteAcceptedPlan

rpc DeleteAcceptedPlan(DeleteAcceptedPlanRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/acceptedPlans.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=acceptedPlans/*} 

DELETE /v1alpha2/{name=organizations/*/acceptedPlans/*}

AcceptedPlan Messages

Here is the list of AcceptedPlan resource messages:

AcceptedPlan Message

Name Type Description
name string (name of AcceptedPlan) Name of AcceptedPlan When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
plan string (reference to Plan) Plan with resource limits
service string (reference to Service) Service indicates by plan.
extensions repeated Allowance Optional extensions over standard plan
regional_distributions repeated RegionalDistribution Distribution of limits by regions. It does not need to be populated by user in Create/Update requests - system automatically distributes limits across regions equally. Returned AcceptedPlan instance from Create/Update will contain this field populated. If user wants to have some specific resource distributed in certain way, they can do it by partially populating this field too. System will distribute automatically only remaining numbers.
assignee AcceptedPlan.Assignee Plan assignee
metadata Meta Metadata

AcceptedPlan.Assignee Message

Assignee indicates for whom plan was accepted for. In case of child project/org deletion, accepted plan will be deleted too, which will result in return of all limits.

Name Type Description
project_assignee string (reference to Project) Project for whom plan is for.
organization_assignee string (reference to Organization) Organization for whom plan is for.
system_assignee bool If true, it means plan is for system itself.

GetAcceptedPlanRequest Message

A request message of the GetAcceptedPlan method.

Name Type Description
name string (name of AcceptedPlan) Name of ntt.limits.v1alpha2.AcceptedPlan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAcceptedPlansRequest Message

A request message of the BatchGetAcceptedPlans method.

Name Type Description
names repeated string (name of AcceptedPlan) Names of AcceptedPlans
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAcceptedPlansResponse Message

A response message of the BatchGetAcceptedPlans method.

Name Type Description
accepted_plans repeated AcceptedPlan found AcceptedPlans
missing repeated string (name of AcceptedPlan) list of not found AcceptedPlans

ListAcceptedPlansRequest Message

A request message of the ListAcceptedPlans method.

Name Type Description
parent string (parent name of AcceptedPlan) Parent name of ntt.limits.v1alpha2.AcceptedPlan
page_size int32 Requested page size. Server may return fewer AcceptedPlans than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AcceptedPlan) A token identifying a page of results the server should return. Typically, this is the value of ListAcceptedPlansResponse.next_page_token.
order_by string (orderBy of AcceptedPlan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AcceptedPlan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAcceptedPlansResponse Message

A response message of the ListAcceptedPlans method.

Name Type Description
accepted_plans repeated AcceptedPlan The list of AcceptedPlans
prev_page_token string (cursor of AcceptedPlan) A token to retrieve previous page of results. Pass this value in the ListAcceptedPlansRequest.page_token.
next_page_token string (cursor of AcceptedPlan) A token to retrieve next page of results. Pass this value in the ListAcceptedPlansRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AcceptedPlans across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAcceptedPlanRequest Message

A request message of the WatchAcceptedPlan method.

Name Type Description
name string (name of AcceptedPlan) Name of ntt.limits.v1alpha2.AcceptedPlan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAcceptedPlanResponse Message

A response message of the WatchAcceptedPlan method.

Name Type Description
change AcceptedPlanChange

WatchAcceptedPlansRequest Message

A request message of the WatchAcceptedPlans method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AcceptedPlan) Parent name of ntt.limits.v1alpha2.AcceptedPlan
page_size int32 Requested page size. Server may return fewer AcceptedPlans than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AcceptedPlan) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AcceptedPlan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AcceptedPlan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AcceptedPlan that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AcceptedPlan that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAcceptedPlansResponse Message

A response message of the WatchAcceptedPlans method.

Name Type Description
accepted_plan_changes repeated AcceptedPlanChange Changes of AcceptedPlans
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AcceptedPlans will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAcceptedPlansResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AcceptedPlans will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAcceptedPlansResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AcceptedPlan) New token to retrieve previous page of results.
next_page_token string (cursor of AcceptedPlan) New token to retrieve next page of results.

CreateAcceptedPlanRequest Message

A request message of the CreateAcceptedPlan method.

Name Type Description
parent string (parent name of AcceptedPlan) Parent name of ntt.limits.v1alpha2.AcceptedPlan
accepted_plan AcceptedPlan AcceptedPlan resource body
response_mask CreateAcceptedPlanRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAcceptedPlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAcceptedPlanRequest Message

A request message of the UpdateAcceptedPlan method.

Name Type Description
accepted_plan AcceptedPlan AcceptedPlan resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAcceptedPlanRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAcceptedPlanRequest.ResponseMask reduce message response size.

UpdateAcceptedPlanRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AcceptedPlan Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAcceptedPlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAcceptedPlanRequest Message

A request message of the DeleteAcceptedPlan method.

Name Type Description
name string (name of AcceptedPlan) Name of ntt.limits.v1alpha2.AcceptedPlan
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Limit Resource

Limit resource represents usage/limit of specific resource in specific project and region - however instances of those resources are managed by primary region of project. This ensures consistency and allows modification of project limits in one database transaction. Limit instances cannot be created or deleted. They cannot be also be modified (there are only some state fields controlled by system). Limits are created/modified along with PlanAssignment instances.

Name patterns:

  • projects/{project}/limits/{limit}

Parent resources:

This section covers the methods and messages to interact with Limit resource.

Limit Methods

Here is the list of Limit resource methods:

GetLimit Method

GetLimit

rpc GetLimit(GetLimitRequest) returns (Limit)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/limits/*}

BatchGetLimits Method

BatchGetLimits

rpc BatchGetLimits(BatchGetLimitsRequest) returns (BatchGetLimitsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.batchGet

The equivalent REST API is:

GET /v1alpha2/limits:batchGet

ListLimits Method

ListLimits

rpc ListLimits(ListLimitsRequest) returns (ListLimitsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*}/limits

WatchLimit Method

WatchLimit

rpc WatchLimit(WatchLimitRequest) returns (WatchLimitResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/limits/*}:watch

WatchLimits Method

WatchLimits

rpc WatchLimits(WatchLimitsRequest) returns (WatchLimitsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/limits:watch

UpdateLimit Method

UpdateLimit

rpc UpdateLimit(UpdateLimitRequest) returns (Limit)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.update

The equivalent REST API is:

PUT /v1alpha2/{limit.name=projects/*/limits/*} (BODY: limit)

DeleteLimit Method

DeleteLimit

rpc DeleteLimit(DeleteLimitRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/limits/*}

MigrateLimitSource Method

MigrateLimitSource

rpc MigrateLimitSource(MigrateLimitSourceRequest) returns (Limit)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limits.migrate

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/limits/*}:migrate

Limit Messages

Here is the list of Limit resource messages:

Limit Message

Name Type Description
name string (name of Limit) Name of Limit, it has following format: projects/{project}/limits/{regionId}/{resourceType}
service string (reference to Service) Referenced service
resource string (reference to Resource) Referenced resource type
region string Region ID to which this limit applies. This may be different compared to default project region, because projects themselves can be multi-regional.
configured_limit int64 Configured limit - it is always in sync with limits predicted by PlanAssignment instances.
active_limit int64 Active limit - it is always equal to configured limit with exceptions: * If configured limit has just changed, then active limit will for a moment contain old value before synchronization. * If it turns out that usage increased in the very same moment when configured limit decreased, then active limit will hold old value indicating problem. It is important to note that, because projects may be multi-regional, limits are tracked by their FINAL region (See region field). State fields (active limit and usage) are synced asynchronously. From user perspective this field can be hidden if in line with configured limit.
usage int64 Number of resources currently in existence.
source string (reference to LimitPool) LimitPool source that gave birth to this Limit. Any change in configured/active value in current Limit increases/decreases reserved field in source LimitPool.
metadata Meta Metadata

GetLimitRequest Message

A request message of the GetLimit method.

Name Type Description
name string (name of Limit) Name of ntt.limits.v1alpha2.Limit
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitsRequest Message

A request message of the BatchGetLimits method.

Name Type Description
names repeated string (name of Limit) Names of Limits
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitsResponse Message

A response message of the BatchGetLimits method.

Name Type Description
limits repeated Limit found Limits
missing repeated string (name of Limit) list of not found Limits

ListLimitsRequest Message

A request message of the ListLimits method.

Name Type Description
parent string (parent name of Limit) Parent name of ntt.limits.v1alpha2.Limit
page_size int32 Requested page size. Server may return fewer Limits than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Limit) A token identifying a page of results the server should return. Typically, this is the value of ListLimitsResponse.next_page_token.
order_by string (orderBy of Limit) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Limit) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListLimitsResponse Message

A response message of the ListLimits method.

Name Type Description
limits repeated Limit The list of Limits
prev_page_token string (cursor of Limit) A token to retrieve previous page of results. Pass this value in the ListLimitsRequest.page_token.
next_page_token string (cursor of Limit) A token to retrieve next page of results. Pass this value in the ListLimitsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Limits across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchLimitRequest Message

A request message of the WatchLimit method.

Name Type Description
name string (name of Limit) Name of ntt.limits.v1alpha2.Limit
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchLimitResponse Message

A response message of the WatchLimit method.

Name Type Description
change LimitChange

WatchLimitsRequest Message

A request message of the WatchLimits method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Limit) Parent name of ntt.limits.v1alpha2.Limit
page_size int32 Requested page size. Server may return fewer Limits than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Limit) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Limit) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Limit) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Limit that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Limit that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchLimitsResponse Message

A response message of the WatchLimits method.

Name Type Description
limit_changes repeated LimitChange Changes of Limits
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Limits will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchLimitsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Limits will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchLimitsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Limit) New token to retrieve previous page of results.
next_page_token string (cursor of Limit) New token to retrieve next page of results.

UpdateLimitRequest Message

A request message of the UpdateLimit method.

Name Type Description
limit Limit Limit resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateLimitRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
response_mask UpdateLimitRequest.ResponseMask Optional masking applied to response object to reduce message response size.

UpdateLimitRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Limit Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateLimitRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteLimitRequest Message

A request message of the DeleteLimit method.

Name Type Description
name string (name of Limit) Name of ntt.limits.v1alpha2.Limit
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MigrateLimitSourceRequest Message

Request message for method [MigrateLimitSource][ntt.limits.v1alpha2.MigrateLimitSource]

Name Type Description
name string (name of Limit) name of ntt.limits.v1alpha2.Limit

LimitPool Resource

LimitPool represents a pool from which next LimitPool or final Limit instances are allocated from. LimitPool can either belong to a system (first pool, without parent) or organization (which got pool from system or parent organization). Size of child limit or limit pools must not exceed parent limit pool. LimitPool is in a way similar to Limit - it has scope and associated resource but:

  • LimitPool is non-final object. It cannot be used to allocate resources directly. It need child Limit first. So field with values in LimitPool are configured size, active size and reserved. Fields in Limit are configured limit, active limit and usage - they need different interpretation.
  • LimitPool is not regional, because it may feed limits in other regions. Limit has extra tracker in their final region for state synchronization purpose. Because LimitPool instances within one scope (system, organization) are managed by primary region of that scope, changes in them are done with only single transaction. LimitPool instances cannot be created or deleted. They cannot be also be modified (there are only some state fields controlled by system). LimitPools are created/modified along with PlanAssignment instances.

Name patterns:

  • limitPools/{limit_pool}
  • organizations/{organization}/limitPools/{limit_pool}

Parent resources:

This section covers the methods and messages to interact with LimitPool resource.

LimitPool Methods

Here is the list of LimitPool resource methods:

GetLimitPool Method

GetLimitPool

rpc GetLimitPool(GetLimitPoolRequest) returns (LimitPool)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.get

The equivalent REST API is:

GET /v1alpha2/{name=limitPools/*} 

GET /v1alpha2/{name=organizations/*/limitPools/*}

BatchGetLimitPools Method

BatchGetLimitPools

rpc BatchGetLimitPools(BatchGetLimitPoolsRequest) returns (BatchGetLimitPoolsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.batchGet

The equivalent REST API is:

GET /v1alpha2/limitPools:batchGet

ListLimitPools Method

ListLimitPools

rpc ListLimitPools(ListLimitPoolsRequest) returns (ListLimitPoolsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.list

The equivalent REST API is:

GET /v1alpha2/limitPools 

GET /v1alpha2/{parent=organizations/*}/limitPools

WatchLimitPool Method

WatchLimitPool

rpc WatchLimitPool(WatchLimitPoolRequest) returns (WatchLimitPoolResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.watch

The equivalent REST API is:

POST /v1alpha2/{name=limitPools/*}:watch 

POST /v1alpha2/{name=organizations/*/limitPools/*}:watch

WatchLimitPools Method

WatchLimitPools

rpc WatchLimitPools(WatchLimitPoolsRequest) returns (WatchLimitPoolsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.watch

The equivalent REST API is:

POST /v1alpha2/limitPools:watch 

POST /v1alpha2/{parent=organizations/*}/limitPools:watch

UpdateLimitPool Method

UpdateLimitPool

rpc UpdateLimitPool(UpdateLimitPoolRequest) returns (LimitPool)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.update

The equivalent REST API is:

PUT /v1alpha2/{limit_pool.name=limitPools/*} (BODY: limit_pool)

PUT /v1alpha2/{limit_pool.name=organizations/*/limitPools/*}

DeleteLimitPool Method

DeleteLimitPool

rpc DeleteLimitPool(DeleteLimitPoolRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=limitPools/*} 

DELETE /v1alpha2/{name=organizations/*/limitPools/*}

MigrateLimitPoolSource Method

MigrateLimitPoolSource

rpc MigrateLimitPoolSource(MigrateLimitPoolSourceRequest) returns (LimitPool)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/limitPools.migrate

The equivalent REST API is:

POST /v1alpha2/{name=limitPools/*}:migrate 

POST /v1alpha2/{name=organizations/*/limitPools/*}:migrate

LimitPool Messages

Here is the list of LimitPool resource messages:

LimitPool Message

Name Type Description
name string (name of LimitPool) Name of LimitPool
service string (reference to Service) Referenced service
resource string (reference to Resource) Referenced resource type
configured_size int64 Configured size of pool according to PlanAssignment instances belonging to same scope (system or organization).
active_size int64 Active pool size. It will be normally equal to configured size. However, if configured size goes down below reserved value, then active size will be equal to that “reserved”. It will also prevent parent LimitPool (if any) from getting limit value back.
reserved int64 Configured OR Active Size of all child Limit and LimitPool instances - whichever is bigger.
source string (reference to LimitPool) LimitPool source that gave birth to this LimitPool. Any change in configured/active value in current LimitPool increases/decreases reserved field in source LimitPool.
metadata Meta Metadata

GetLimitPoolRequest Message

A request message of the GetLimitPool method.

Name Type Description
name string (name of LimitPool) Name of ntt.limits.v1alpha2.LimitPool
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitPoolsRequest Message

A request message of the BatchGetLimitPools method.

Name Type Description
names repeated string (name of LimitPool) Names of LimitPools
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLimitPoolsResponse Message

A response message of the BatchGetLimitPools method.

Name Type Description
limit_pools repeated LimitPool found LimitPools
missing repeated string (name of LimitPool) list of not found LimitPools

ListLimitPoolsRequest Message

A request message of the ListLimitPools method.

Name Type Description
parent string (parent name of LimitPool) Parent name of ntt.limits.v1alpha2.LimitPool
page_size int32 Requested page size. Server may return fewer LimitPools than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of LimitPool) A token identifying a page of results the server should return. Typically, this is the value of ListLimitPoolsResponse.next_page_token.
order_by string (orderBy of LimitPool) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of LimitPool) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListLimitPoolsResponse Message

A response message of the ListLimitPools method.

Name Type Description
limit_pools repeated LimitPool The list of LimitPools
prev_page_token string (cursor of LimitPool) A token to retrieve previous page of results. Pass this value in the ListLimitPoolsRequest.page_token.
next_page_token string (cursor of LimitPool) A token to retrieve next page of results. Pass this value in the ListLimitPoolsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total LimitPools across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchLimitPoolRequest Message

A request message of the WatchLimitPool method.

Name Type Description
name string (name of LimitPool) Name of ntt.limits.v1alpha2.LimitPool
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchLimitPoolResponse Message

A response message of the WatchLimitPool method.

Name Type Description
change LimitPoolChange

WatchLimitPoolsRequest Message

A request message of the WatchLimitPools method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of LimitPool) Parent name of ntt.limits.v1alpha2.LimitPool
page_size int32 Requested page size. Server may return fewer LimitPools than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of LimitPool) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of LimitPool) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of LimitPool) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to LimitPool that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to LimitPool that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchLimitPoolsResponse Message

A response message of the WatchLimitPools method.

Name Type Description
limit_pool_changes repeated LimitPoolChange Changes of LimitPools
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All LimitPools will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchLimitPoolsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (LimitPools will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchLimitPoolsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of LimitPool) New token to retrieve previous page of results.
next_page_token string (cursor of LimitPool) New token to retrieve next page of results.

UpdateLimitPoolRequest Message

A request message of the UpdateLimitPool method.

Name Type Description
limit_pool LimitPool LimitPool resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateLimitPoolRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
response_mask UpdateLimitPoolRequest.ResponseMask Optional masking applied to response object to reduce message response size.

UpdateLimitPoolRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state LimitPool Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateLimitPoolRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteLimitPoolRequest Message

A request message of the DeleteLimitPool method.

Name Type Description
name string (name of LimitPool) Name of ntt.limits.v1alpha2.LimitPool
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MigrateLimitPoolSourceRequest Message

Request message for method [MigrateLimitPoolSource][ntt.limits.v1alpha2.MigrateLimitPoolSource]

Name Type Description
name string (name of LimitPool) reference of ntt.limits.v1alpha2.LimitPool

Plan Resource

Plan is a bundle with set of limits for various resources. Those resources should be mostly from service plan references, but it can also include resources from imported services too.

Name patterns:

  • plans/{plan}

This section covers the methods and messages to interact with Plan resource.

Plan Methods

Here is the list of Plan resource methods:

GetPlan Method

GetPlan

rpc GetPlan(GetPlanRequest) returns (Plan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.get

The equivalent REST API is:

GET /v1alpha2/{name=plans/*}

BatchGetPlans Method

BatchGetPlans

rpc BatchGetPlans(BatchGetPlansRequest) returns (BatchGetPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.batchGet

The equivalent REST API is:

GET /v1alpha2/plans:batchGet

ListPlans Method

ListPlans

rpc ListPlans(ListPlansRequest) returns (ListPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.list

The equivalent REST API is:

GET /v1alpha2/plans

WatchPlan Method

WatchPlan

rpc WatchPlan(WatchPlanRequest) returns (WatchPlanResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.watch

The equivalent REST API is:

POST /v1alpha2/{name=plans/*}:watch

WatchPlans Method

WatchPlans

rpc WatchPlans(WatchPlansRequest) returns (WatchPlansResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.watch

The equivalent REST API is:

POST /v1alpha2/plans:watch

CreatePlan Method

CreatePlan

rpc CreatePlan(CreatePlanRequest) returns (Plan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.create

The equivalent REST API is:

POST /v1alpha2/plans (BODY: plan)

UpdatePlan Method

UpdatePlan

rpc UpdatePlan(UpdatePlanRequest) returns (Plan)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.update

The equivalent REST API is:

PUT /v1alpha2/{plan.name=plans/*} (BODY: plan)

DeletePlan Method

DeletePlan

rpc DeletePlan(DeletePlanRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/plans.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=plans/*}

Plan Messages

Here is the list of Plan resource messages:

Plan Message

Name Type Description
name string (name of Plan) Name of Plan When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
display_name string
service string (reference to Service) Primary service to which this plan applies
resource_limits repeated Allowance List of limits per each resource. Resources may belong to different services (dependant services)
plan_level Plan.PlanLevel Plan level
business_tier BusinessTier Business tier
metadata Meta Metadata

GetPlanRequest Message

A request message of the GetPlan method.

Name Type Description
name string (name of Plan) Name of ntt.limits.v1alpha2.Plan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlansRequest Message

A request message of the BatchGetPlans method.

Name Type Description
names repeated string (name of Plan) Names of Plans
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlansResponse Message

A response message of the BatchGetPlans method.

Name Type Description
plans repeated Plan found Plans
missing repeated string (name of Plan) list of not found Plans

ListPlansRequest Message

A request message of the ListPlans method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Plans than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Plan) A token identifying a page of results the server should return. Typically, this is the value of ListPlansResponse.next_page_token.
order_by string (orderBy of Plan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Plan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPlansResponse Message

A response message of the ListPlans method.

Name Type Description
plans repeated Plan The list of Plans
prev_page_token string (cursor of Plan) A token to retrieve previous page of results. Pass this value in the ListPlansRequest.page_token.
next_page_token string (cursor of Plan) A token to retrieve next page of results. Pass this value in the ListPlansRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Plans across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPlanRequest Message

A request message of the WatchPlan method.

Name Type Description
name string (name of Plan) Name of ntt.limits.v1alpha2.Plan
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPlanResponse Message

A response message of the WatchPlan method.

Name Type Description
change PlanChange

WatchPlansRequest Message

A request message of the WatchPlans method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Plans than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Plan) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Plan) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Plan) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Plan that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Plan that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPlansResponse Message

A response message of the WatchPlans method.

Name Type Description
plan_changes repeated PlanChange Changes of Plans
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Plans will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPlansResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Plans will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPlansResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Plan) New token to retrieve previous page of results.
next_page_token string (cursor of Plan) New token to retrieve next page of results.

CreatePlanRequest Message

A request message of the CreatePlan method.

Name Type Description
plan Plan Plan resource body
response_mask CreatePlanRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePlanRequest Message

A request message of the UpdatePlan method.

Name Type Description
plan Plan Plan resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePlanRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePlanRequest.ResponseMask reduce message response size.

UpdatePlanRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Plan Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePlanRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePlanRequest Message

A request message of the DeletePlan method.

Name Type Description
name string (name of Plan) Name of ntt.limits.v1alpha2.Plan
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Plan Enumerations

Here is the list of Plan resource enumerations:

Plan.PlanLevel Enumeration

PlanLevel defines entity level for whom plan can be assigned

Name Description
UNDEFINED
SYSTEM
ORGANIZATION
PROJECT

PlanAssignment Resource

PlanAssignment binds plan (with optional customizations) with specific entity (assignee - either system, organization or project). Plan assignments (sum of them) are used to compute configured size of limit pools (system and organizations) AND limits (projects). They are not modifiable - limits are passed from system to projects, so each PlanAssignment must be agreed by higher instance (parent organization or system). System recognizes acceptance by existence of AcceptedPlan instances - it synchronizes PlanAssignment instances with them.

Name patterns:

  • planAssignments/{plan_assignment}
  • projects/{project}/planAssignments/{plan_assignment}
  • organizations/{organization}/planAssignments/{plan_assignment}

Parent resources:

This section covers the methods and messages to interact with PlanAssignment resource.

PlanAssignment Methods

Here is the list of PlanAssignment resource methods:

GetPlanAssignment Method

GetPlanAssignment

rpc GetPlanAssignment(GetPlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.get

The equivalent REST API is:

GET /v1alpha2/{name=planAssignments/*} 

GET /v1alpha2/{name=projects/*/planAssignments/*} 

GET /v1alpha2/{name=organizations/*/planAssignments/*}

BatchGetPlanAssignments Method

BatchGetPlanAssignments

rpc BatchGetPlanAssignments(BatchGetPlanAssignmentsRequest) returns (BatchGetPlanAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.batchGet

The equivalent REST API is:

GET /v1alpha2/planAssignments:batchGet

ListPlanAssignments Method

ListPlanAssignments

rpc ListPlanAssignments(ListPlanAssignmentsRequest) returns (ListPlanAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.list

The equivalent REST API is:

GET /v1alpha2/planAssignments 

GET /v1alpha2/{parent=projects/*}/planAssignments 

GET /v1alpha2/{parent=organizations/*}/planAssignments

WatchPlanAssignment Method

WatchPlanAssignment

rpc WatchPlanAssignment(WatchPlanAssignmentRequest) returns (WatchPlanAssignmentResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.watch

The equivalent REST API is:

POST /v1alpha2/{name=planAssignments/*}:watch 

POST /v1alpha2/{name=projects/*/planAssignments/*}:watch 

POST /v1alpha2/{name=organizations/*/planAssignments/*}:watch

WatchPlanAssignments Method

WatchPlanAssignments

rpc WatchPlanAssignments(WatchPlanAssignmentsRequest) returns (WatchPlanAssignmentsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.watch

The equivalent REST API is:

POST /v1alpha2/planAssignments:watch 

POST /v1alpha2/{parent=projects/*}/planAssignments:watch 

POST /v1alpha2/{parent=organizations/*}/planAssignments:watch

CreatePlanAssignment Method

CreatePlanAssignment

rpc CreatePlanAssignment(CreatePlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.create

The equivalent REST API is:

POST /v1alpha2/planAssignments (BODY: plan_assignment)

POST /v1alpha2/{parent=projects/*}/planAssignments 

POST /v1alpha2/{parent=organizations/*}/planAssignments

UpdatePlanAssignment Method

UpdatePlanAssignment

rpc UpdatePlanAssignment(UpdatePlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.update

The equivalent REST API is:

PUT /v1alpha2/{plan_assignment.name=planAssignments/*} (BODY: plan_assignment)

PUT /v1alpha2/{plan_assignment.name=projects/*/planAssignments/*} 

PUT /v1alpha2/{plan_assignment.name=organizations/*/planAssignments/*}

DeletePlanAssignment Method

DeletePlanAssignment

rpc DeletePlanAssignment(DeletePlanAssignmentRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=planAssignments/*} 

DELETE /v1alpha2/{name=projects/*/planAssignments/*} 

DELETE /v1alpha2/{name=organizations/*/planAssignments/*}

MigratePlanAssignment Method

MigratePlanAssignment

rpc MigratePlanAssignment(MigratePlanAssignmentRequest) returns (PlanAssignment)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignments.migrate

The equivalent REST API is:

PUT /v1alpha2/{plan_assignment.name=planAssignments/*}:migrate (BODY: plan_assignment)

PUT /v1alpha2/{plan_assignment.name=projects/*/planAssignments/*}:migrate 

PUT /v1alpha2/{plan_assignment.name=organizations/*/planAssignments/*}:migrate

PlanAssignment Messages

Here is the list of PlanAssignment resource messages:

PlanAssignment Message

Name Type Description
name string (name of PlanAssignment) Name of PlanAssignment When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
plan string (reference to Plan) Plan with basic set of limits
service string (reference to Service) Service associated with plan
extensions repeated Allowance Additional extensions (but may be negative) on top of regular plan.
regional_distributions repeated RegionalDistribution Regional distributions across regions. This field makes sense only for projects, because limit pools are regionless.
source string (reference to AcceptedPlan) Source with which this PlanAssignment is synchronized.
metadata Meta Metadata

GetPlanAssignmentRequest Message

A request message of the GetPlanAssignment method.

Name Type Description
name string (name of PlanAssignment) Name of ntt.limits.v1alpha2.PlanAssignment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentsRequest Message

A request message of the BatchGetPlanAssignments method.

Name Type Description
names repeated string (name of PlanAssignment) Names of PlanAssignments
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentsResponse Message

A response message of the BatchGetPlanAssignments method.

Name Type Description
plan_assignments repeated PlanAssignment found PlanAssignments
missing repeated string (name of PlanAssignment) list of not found PlanAssignments

ListPlanAssignmentsRequest Message

A request message of the ListPlanAssignments method.

Name Type Description
parent string (parent name of PlanAssignment) Parent name of ntt.limits.v1alpha2.PlanAssignment
page_size int32 Requested page size. Server may return fewer PlanAssignments than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PlanAssignment) A token identifying a page of results the server should return. Typically, this is the value of ListPlanAssignmentsResponse.next_page_token.
order_by string (orderBy of PlanAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PlanAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPlanAssignmentsResponse Message

A response message of the ListPlanAssignments method.

Name Type Description
plan_assignments repeated PlanAssignment The list of PlanAssignments
prev_page_token string (cursor of PlanAssignment) A token to retrieve previous page of results. Pass this value in the ListPlanAssignmentsRequest.page_token.
next_page_token string (cursor of PlanAssignment) A token to retrieve next page of results. Pass this value in the ListPlanAssignmentsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total PlanAssignments across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPlanAssignmentRequest Message

A request message of the WatchPlanAssignment method.

Name Type Description
name string (name of PlanAssignment) Name of ntt.limits.v1alpha2.PlanAssignment
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPlanAssignmentResponse Message

A response message of the WatchPlanAssignment method.

Name Type Description
change PlanAssignmentChange

WatchPlanAssignmentsRequest Message

A request message of the WatchPlanAssignments method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of PlanAssignment) Parent name of ntt.limits.v1alpha2.PlanAssignment
page_size int32 Requested page size. Server may return fewer PlanAssignments than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of PlanAssignment) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of PlanAssignment) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of PlanAssignment) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to PlanAssignment that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to PlanAssignment that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPlanAssignmentsResponse Message

A response message of the WatchPlanAssignments method.

Name Type Description
plan_assignment_changes repeated PlanAssignmentChange Changes of PlanAssignments
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All PlanAssignments will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPlanAssignmentsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (PlanAssignments will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPlanAssignmentsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of PlanAssignment) New token to retrieve previous page of results.
next_page_token string (cursor of PlanAssignment) New token to retrieve next page of results.

CreatePlanAssignmentRequest Message

A request message of the CreatePlanAssignment method.

Name Type Description
parent string (parent name of PlanAssignment) Parent name of ntt.limits.v1alpha2.PlanAssignment
plan_assignment PlanAssignment PlanAssignment resource body
response_mask CreatePlanAssignmentRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePlanAssignmentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePlanAssignmentRequest Message

A request message of the UpdatePlanAssignment method.

Name Type Description
plan_assignment PlanAssignment PlanAssignment resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePlanAssignmentRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePlanAssignmentRequest.ResponseMask reduce message response size.

UpdatePlanAssignmentRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state PlanAssignment Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePlanAssignmentRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePlanAssignmentRequest Message

A request message of the DeletePlanAssignment method.

Name Type Description
name string (name of PlanAssignment) Name of ntt.limits.v1alpha2.PlanAssignment
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MigratePlanAssignmentRequest Message

Request message for method [MigratePlanAssignment][ntt.limits.v1alpha2.MigratePlanAssignment]

Name Type Description
plan_assignment PlanAssignment PlanAssignment resource body

PlanAssignmentRequest Resource

PlanAssignmentRequest gives administrator a way to modify their PlanAssignment instances in a safe way, with respect to parent organization/system limits. PlanAssignmentRequest can be used to:

  • Assign/Reassign new plan for specific service
  • Extend specific resource limits for existing PlanAssignment
  • Redistribute limits across regions (available for project PlanAssignments)
  • Unassign existing PlanAssignment Certain requests may be automatically approved by system (for example, if they would result in lowering limits), other require higher administrator consent. User creating request should check status field after operation to check if request was automatically approved.

Name patterns:

  • projects/{project}/planAssignmentRequests/{plan_assignment_request}
  • organizations/{organization}/planAssignmentRequests/{plan_assignment_request}

Parent resources:

This section covers the methods and messages to interact with PlanAssignmentRequest resource.

PlanAssignmentRequest Methods

Here is the list of PlanAssignmentRequest resource methods:

GetPlanAssignmentRequest Method

GetPlanAssignmentRequest

rpc GetPlanAssignmentRequest(GetPlanAssignmentRequestRequest) returns (PlanAssignmentRequest)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/planAssignmentRequests/*} 

GET /v1alpha2/{name=organizations/*/planAssignmentRequests/*}

BatchGetPlanAssignmentRequests Method

BatchGetPlanAssignmentRequests

rpc BatchGetPlanAssignmentRequests(BatchGetPlanAssignmentRequestsRequest) returns (BatchGetPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.batchGet

The equivalent REST API is:

GET /v1alpha2/planAssignmentRequests:batchGet

ListPlanAssignmentRequests Method

ListPlanAssignmentRequests

rpc ListPlanAssignmentRequests(ListPlanAssignmentRequestsRequest) returns (ListPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*}/planAssignmentRequests 

GET /v1alpha2/{parent=organizations/*}/planAssignmentRequests

WatchPlanAssignmentRequest Method

WatchPlanAssignmentRequest

rpc WatchPlanAssignmentRequest(WatchPlanAssignmentRequestRequest) returns (WatchPlanAssignmentRequestResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/planAssignmentRequests/*}:watch 

POST /v1alpha2/{name=organizations/*/planAssignmentRequests/*}:watch

WatchPlanAssignmentRequests Method

WatchPlanAssignmentRequests

rpc WatchPlanAssignmentRequests(WatchPlanAssignmentRequestsRequest) returns (WatchPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/planAssignmentRequests:watch 

POST /v1alpha2/{parent=organizations/*}/planAssignmentRequests:watch

CreatePlanAssignmentRequest Method

CreatePlanAssignmentRequest

rpc CreatePlanAssignmentRequest(CreatePlanAssignmentRequestRequest) returns (PlanAssignmentRequest)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.create

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/planAssignmentRequests (BODY: plan_assignment_request)

POST /v1alpha2/{parent=organizations/*}/planAssignmentRequests

UpdatePlanAssignmentRequest Method

UpdatePlanAssignmentRequest

rpc UpdatePlanAssignmentRequest(UpdatePlanAssignmentRequestRequest) returns (PlanAssignmentRequest)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.update

The equivalent REST API is:

PUT /v1alpha2/{plan_assignment_request.name=projects/*/planAssignmentRequests/*} (BODY: plan_assignment_request)

PUT /v1alpha2/{plan_assignment_request.name=organizations/*/planAssignmentRequests/*}

DeletePlanAssignmentRequest Method

DeletePlanAssignmentRequest

rpc DeletePlanAssignmentRequest(DeletePlanAssignmentRequestRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/planAssignmentRequests/*} 

DELETE /v1alpha2/{name=organizations/*/planAssignmentRequests/*}

AcceptPlanAssignment Method

AcceptPlanAssignment

rpc AcceptPlanAssignment(AcceptPlanAssignmentRequest) returns (AcceptPlanAssignmentResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.accept

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/planAssignmentRequests/*}:accept 

POST /v1alpha2/{name=organizations/*/planAssignmentRequests/*}:accept

DeclinePlanAssignment Method

DeclinePlanAssignment

rpc DeclinePlanAssignment(DeclinePlanAssignmentRequest) returns (DeclinePlanAssignmentResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/planAssignmentRequests.decline

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/planAssignmentRequests/*}:decline 

POST /v1alpha2/{name=organizations/*/planAssignmentRequests/*}:decline

ListApproverPlanAssignmentRequests Method

ListApproverPlanAssignmentRequests

rpc ListApproverPlanAssignmentRequests(ListApproverPlanAssignmentRequestsRequest) returns (ListPlanAssignmentRequestsResponse)

with the following messages:

Required Permissions:

  • services/limits.edgelq.com/permissions/approverPlanAssignmentRequests.list

The equivalent REST API is:

GET /v1alpha2/planAssignmentRequests:listApprover

PlanAssignmentRequest Messages

Here is the list of PlanAssignmentRequest resource messages:

PlanAssignmentRequest Message

Name Type Description
name string (name of PlanAssignmentRequest) Name of PlanAssignmentRequest When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
request PlanAssignmentRequest.RequestType Purpose of this request
service string (reference to Service) Service associated with this request.
approver string (reference to Organization) Approver
status PlanAssignmentRequest.Status
metadata Meta Metadata

PlanAssignmentRequest.Status Message

Status

Name Type Description
conclusion PlanAssignmentRequest.Status.Conclusion Conclusion
reason string Optional message with reason

PlanAssignmentRequest.RequestType Message

RequestType describes what should change in existing PlanAssignment, optionally if new one should be created.

Name Type Description
assign PlanAssignmentRequest.RequestType.Assign Assign request
extend PlanAssignmentRequest.RequestType.Extend Extend request
redistribute PlanAssignmentRequest.RequestType.Redistribute Redistribute request
unassign PlanAssignmentRequest.RequestType.Unassign Unassign request

PlanAssignmentRequest.RequestType.Assign Message

Assign request requests for new PlanAssignment instance. If there already is a plan for same service, then previous record is overwritten. In other words, this request can also be used to upgrade/downgrade existing plan.

Name Type Description
plan string (reference to Plan) Plan to apply
extensions repeated Allowance List of all extensions over basic plan
regional_distributions repeated RegionalDistribution Optional list of distributions across regions. This field can only be used for project plans only. It may be provided fully or partially by user - system will automatically distribute remaining limits equally across all regions.

PlanAssignmentRequest.RequestType.Extend Message

Extend request should be used in order to increase (optionally decrease) limits from existing plan assignment.

Name Type Description
assignment string (reference to PlanAssignment) Reference to existing plan assignment
additions repeated Allowance List of limits to merge within existing assignment
regional_distributions repeated RegionalDistribution Distributions of NEW (only!) limits across regions. It does not allow for redistribution of existing limits before. It is optional, but can be provided only for project plans. May be provided fully or partially, system will distribute remaining limits on its own.

PlanAssignmentRequest.RequestType.Redistribute Message

Redistribute request is used to move existing limits across regions. It cannot change total values.

Name Type Description
assignment string (reference to PlanAssignment) Reference to existing assignment
regional_distributions repeated RegionalDistribution List of regional distributions. It should contain only those regions where limits are moved from/to.

PlanAssignmentRequest.RequestType.Unassign Message

Unassign is used to remove existing PlanAssignment. This will always be automatically approved unless limits are in use by existing resources.

Name Type Description
assignment string (reference to PlanAssignment)

GetPlanAssignmentRequestRequest Message

A request message of the GetPlanAssignmentRequest method.

Name Type Description
name string (name of PlanAssignmentRequest) Name of ntt.limits.v1alpha2.PlanAssignmentRequest
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentRequestsRequest Message

A request message of the BatchGetPlanAssignmentRequests method.

Name Type Description
names repeated string (name of PlanAssignmentRequest) Names of PlanAssignmentRequests
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPlanAssignmentRequestsResponse Message

A response message of the BatchGetPlanAssignmentRequests method.

Name Type Description
plan_assignment_requests repeated PlanAssignmentRequest found PlanAssignmentRequests
missing repeated string (name of PlanAssignmentRequest) list of not found PlanAssignmentRequests

ListPlanAssignmentRequestsRequest Message

A request message of the ListPlanAssignmentRequests method.

Name Type Description
parent string (parent name of PlanAssignmentRequest) Parent name of ntt.limits.v1alpha2.PlanAssignmentRequest
page_size int32 Requested page size. Server may return fewer PlanAssignmentRequests than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PlanAssignmentRequest) A token identifying a page of results the server should return. Typically, this is the value of ListPlanAssignmentRequestsResponse.next_page_token.
order_by string (orderBy of PlanAssignmentRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PlanAssignmentRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPlanAssignmentRequestsResponse Message

A response message of the ListPlanAssignmentRequests method.

Name Type Description
plan_assignment_requests repeated PlanAssignmentRequest The list of PlanAssignmentRequests
prev_page_token string (cursor of PlanAssignmentRequest) A token to retrieve previous page of results. Pass this value in the ListPlanAssignmentRequestsRequest.page_token.
next_page_token string (cursor of PlanAssignmentRequest) A token to retrieve next page of results. Pass this value in the ListPlanAssignmentRequestsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total PlanAssignmentRequests across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPlanAssignmentRequestRequest Message

A request message of the WatchPlanAssignmentRequest method.

Name Type Description
name string (name of PlanAssignmentRequest) Name of ntt.limits.v1alpha2.PlanAssignmentRequest
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPlanAssignmentRequestResponse Message

A response message of the WatchPlanAssignmentRequest method.

Name Type Description
change PlanAssignmentRequestChange

WatchPlanAssignmentRequestsRequest Message

A request message of the WatchPlanAssignmentRequests method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of PlanAssignmentRequest) Parent name of ntt.limits.v1alpha2.PlanAssignmentRequest
page_size int32 Requested page size. Server may return fewer PlanAssignmentRequests than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of PlanAssignmentRequest) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of PlanAssignmentRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of PlanAssignmentRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to PlanAssignmentRequest that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to PlanAssignmentRequest that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPlanAssignmentRequestsResponse Message

A response message of the WatchPlanAssignmentRequests method.

Name Type Description
plan_assignment_request_changes repeated PlanAssignmentRequestChange Changes of PlanAssignmentRequests
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All PlanAssignmentRequests will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPlanAssignmentRequestsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (PlanAssignmentRequests will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPlanAssignmentRequestsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of PlanAssignmentRequest) New token to retrieve previous page of results.
next_page_token string (cursor of PlanAssignmentRequest) New token to retrieve next page of results.

CreatePlanAssignmentRequestRequest Message

A request message of the CreatePlanAssignmentRequest method.

Name Type Description
parent string (parent name of PlanAssignmentRequest) Parent name of ntt.limits.v1alpha2.PlanAssignmentRequest
plan_assignment_request PlanAssignmentRequest PlanAssignmentRequest resource body
response_mask CreatePlanAssignmentRequestRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePlanAssignmentRequestRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePlanAssignmentRequestRequest Message

A request message of the UpdatePlanAssignmentRequest method.

Name Type Description
plan_assignment_request PlanAssignmentRequest PlanAssignmentRequest resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePlanAssignmentRequestRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePlanAssignmentRequestRequest.ResponseMask reduce message response size.

UpdatePlanAssignmentRequestRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state PlanAssignmentRequest Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePlanAssignmentRequestRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePlanAssignmentRequestRequest Message

A request message of the DeletePlanAssignmentRequest method.

Name Type Description
name string (name of PlanAssignmentRequest) Name of ntt.limits.v1alpha2.PlanAssignmentRequest
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AcceptPlanAssignmentRequest Message

Request message for method [AcceptPlanAssignment][ntt.limits.v1alpha2.AcceptPlanAssignment]

Name Type Description
name string (name of PlanAssignmentRequest) name of ntt.limits.v1alpha2.PlanAssignmentRequest
approver string (name of Organization) Entity approving plan assignment. It can be left empty if the one approving uses system-level privileges.

AcceptPlanAssignmentResponse Message

Response message for method [AcceptAssignment][ntt.limits.v1alpha2.AcceptAssignment]

Name Type Description
accepted_plan AcceptedPlan

DeclinePlanAssignmentRequest Message

Request message for method [DeclineAssignment][ntt.limits.v1alpha2.DeclineAssignment]

Name Type Description
name string (name of PlanAssignmentRequest) name of ntt.limits.v1alpha2.AssignmentRequest
approver string (name of Organization) Entity approving plan assignment. It must match approver in PlanAssignmentRequest.
reason string

DeclinePlanAssignmentResponse Message

Response message for method [DeclinePlanAssignment][ntt.limits.v1alpha2.DeclinePlanAssignment]

Name Type Description
none none none

ListApproverPlanAssignmentRequestsRequest Message

Request message for method [ListApproverPlanAssignmentRequests][ntt.limits.v1alpha2.ListApproverPlanAssignmentRequests]

Name Type Description
approver string (name of Organization) Approver of the plan assignment requests
page_size int32 Requested page size. Server may return fewer PlanAssignmentRequests than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PlanAssignmentRequest) A token identifying a page of results the server should return. Typically, this is the value of [ListPlanAssignmentRequestsResponse.next_page_token][ntt.limits.v1alpha2.ListPlanAssignmentRequestsResponse.next_page_token]
order_by string (orderBy of PlanAssignmentRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PlanAssignmentRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

PlanAssignmentRequest Enumerations

Here is the list of PlanAssignmentRequest resource enumerations:

PlanAssignmentRequest.Status.Conclusion Enumeration

Name Description
UNDEFINED
PENDING
APPROVED
REJECTED

Limits Service Shared Methods and Messages

Limits Service Shared Messages

Here is the list of Limits service shared messages:

AcceptedPlanChange Message

AcceptedPlanChange is used by Watch notifications Responses to describe change of single AcceptedPlan One of Added, Modified, Removed

Name Type Description
added AcceptedPlanChange.Added Added is returned when watched document is added, either created or enters Query view
modified AcceptedPlanChange.Modified Modified is returned when watched document is modified
current AcceptedPlanChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AcceptedPlanChange.Removed Removed is returned when AcceptedPlan is deleted or leaves Query view

AcceptedPlanChange.Added Message

AcceptedPlan has been added to query view

Name Type Description
accepted_plan AcceptedPlan
view_index int32 Integer describing index of added AcceptedPlan in resulting query view.

AcceptedPlanChange.Current Message

AcceptedPlan has been added or modified in a query view. Version used for stateless watching

Name Type Description
accepted_plan AcceptedPlan

AcceptedPlanChange.Modified Message

AcceptedPlan changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AcceptedPlan) Name of modified AcceptedPlan
accepted_plan AcceptedPlan New version of AcceptedPlan or masked difference, depending on mask_changes instrumentation of issued [WatchAcceptedPlanRequest] or [WatchAcceptedPlansRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AcceptedPlan. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AcceptedPlan new index in resulting query view.

AcceptedPlanChange.Removed Message

Removed is returned when AcceptedPlan is deleted or leaves Query view

Name Type Description
name string (name of AcceptedPlan)
view_index int32 Integer specifying removed AcceptedPlan index. Not populated in stateless watch type.

Allowance Message

Allowance informs how many instances of resource for given type are permitted.

Name Type Description
resource string (reference to Resource) Reference to resource
value int64 Limit or extension for given resource.

LimitChange Message

LimitChange is used by Watch notifications Responses to describe change of single Limit One of Added, Modified, Removed

Name Type Description
added LimitChange.Added Added is returned when watched document is added, either created or enters Query view
modified LimitChange.Modified Modified is returned when watched document is modified
current LimitChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed LimitChange.Removed Removed is returned when Limit is deleted or leaves Query view

LimitChange.Added Message

Limit has been added to query view

Name Type Description
limit Limit
view_index int32 Integer describing index of added Limit in resulting query view.

LimitChange.Current Message

Limit has been added or modified in a query view. Version used for stateless watching

Name Type Description
limit Limit

LimitChange.Modified Message

Limit changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Limit) Name of modified Limit
limit Limit New version of Limit or masked difference, depending on mask_changes instrumentation of issued [WatchLimitRequest] or [WatchLimitsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Limit. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Limit new index in resulting query view.

LimitChange.Removed Message

Removed is returned when Limit is deleted or leaves Query view

Name Type Description
name string (name of Limit)
view_index int32 Integer specifying removed Limit index. Not populated in stateless watch type.

LimitPoolChange Message

LimitPoolChange is used by Watch notifications Responses to describe change of single LimitPool One of Added, Modified, Removed

Name Type Description
added LimitPoolChange.Added Added is returned when watched document is added, either created or enters Query view
modified LimitPoolChange.Modified Modified is returned when watched document is modified
current LimitPoolChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed LimitPoolChange.Removed Removed is returned when LimitPool is deleted or leaves Query view

LimitPoolChange.Added Message

LimitPool has been added to query view

Name Type Description
limit_pool LimitPool
view_index int32 Integer describing index of added LimitPool in resulting query view.

LimitPoolChange.Current Message

LimitPool has been added or modified in a query view. Version used for stateless watching

Name Type Description
limit_pool LimitPool

LimitPoolChange.Modified Message

LimitPool changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of LimitPool) Name of modified LimitPool
limit_pool LimitPool New version of LimitPool or masked difference, depending on mask_changes instrumentation of issued [WatchLimitPoolRequest] or [WatchLimitPoolsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified LimitPool. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying LimitPool new index in resulting query view.

LimitPoolChange.Removed Message

Removed is returned when LimitPool is deleted or leaves Query view

Name Type Description
name string (name of LimitPool)
view_index int32 Integer specifying removed LimitPool index. Not populated in stateless watch type.

PlanAssignmentChange Message

PlanAssignmentChange is used by Watch notifications Responses to describe change of single PlanAssignment One of Added, Modified, Removed

Name Type Description
added PlanAssignmentChange.Added Added is returned when watched document is added, either created or enters Query view
modified PlanAssignmentChange.Modified Modified is returned when watched document is modified
current PlanAssignmentChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PlanAssignmentChange.Removed Removed is returned when PlanAssignment is deleted or leaves Query view

PlanAssignmentChange.Added Message

PlanAssignment has been added to query view

Name Type Description
plan_assignment PlanAssignment
view_index int32 Integer describing index of added PlanAssignment in resulting query view.

PlanAssignmentChange.Current Message

PlanAssignment has been added or modified in a query view. Version used for stateless watching

Name Type Description
plan_assignment PlanAssignment

PlanAssignmentChange.Modified Message

PlanAssignment changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of PlanAssignment) Name of modified PlanAssignment
plan_assignment PlanAssignment New version of PlanAssignment or masked difference, depending on mask_changes instrumentation of issued [WatchPlanAssignmentRequest] or [WatchPlanAssignmentsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified PlanAssignment. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying PlanAssignment new index in resulting query view.

PlanAssignmentChange.Removed Message

Removed is returned when PlanAssignment is deleted or leaves Query view

Name Type Description
name string (name of PlanAssignment)
view_index int32 Integer specifying removed PlanAssignment index. Not populated in stateless watch type.

PlanAssignmentRequestChange Message

PlanAssignmentRequestChange is used by Watch notifications Responses to describe change of single PlanAssignmentRequest One of Added, Modified, Removed

Name Type Description
added PlanAssignmentRequestChange.Added Added is returned when watched document is added, either created or enters Query view
modified PlanAssignmentRequestChange.Modified Modified is returned when watched document is modified
current PlanAssignmentRequestChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PlanAssignmentRequestChange.Removed Removed is returned when PlanAssignmentRequest is deleted or leaves Query view

PlanAssignmentRequestChange.Added Message

PlanAssignmentRequest has been added to query view

Name Type Description
plan_assignment_request PlanAssignmentRequest
view_index int32 Integer describing index of added PlanAssignmentRequest in resulting query view.

PlanAssignmentRequestChange.Current Message

PlanAssignmentRequest has been added or modified in a query view. Version used for stateless watching

Name Type Description
plan_assignment_request PlanAssignmentRequest

PlanAssignmentRequestChange.Modified Message

PlanAssignmentRequest changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of PlanAssignmentRequest) Name of modified PlanAssignmentRequest
plan_assignment_request PlanAssignmentRequest New version of PlanAssignmentRequest or masked difference, depending on mask_changes instrumentation of issued [WatchPlanAssignmentRequestRequest] or [WatchPlanAssignmentRequestsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified PlanAssignmentRequest. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying PlanAssignmentRequest new index in resulting query view.

PlanAssignmentRequestChange.Removed Message

Removed is returned when PlanAssignmentRequest is deleted or leaves Query view

Name Type Description
name string (name of PlanAssignmentRequest)
view_index int32 Integer specifying removed PlanAssignmentRequest index. Not populated in stateless watch type.

PlanChange Message

PlanChange is used by Watch notifications Responses to describe change of single Plan One of Added, Modified, Removed

Name Type Description
added PlanChange.Added Added is returned when watched document is added, either created or enters Query view
modified PlanChange.Modified Modified is returned when watched document is modified
current PlanChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PlanChange.Removed Removed is returned when Plan is deleted or leaves Query view

PlanChange.Added Message

Plan has been added to query view

Name Type Description
plan Plan
view_index int32 Integer describing index of added Plan in resulting query view.

PlanChange.Current Message

Plan has been added or modified in a query view. Version used for stateless watching

Name Type Description
plan Plan

PlanChange.Modified Message

Plan changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Plan) Name of modified Plan
plan Plan New version of Plan or masked difference, depending on mask_changes instrumentation of issued [WatchPlanRequest] or [WatchPlansRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Plan. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Plan new index in resulting query view.

PlanChange.Removed Message

Removed is returned when Plan is deleted or leaves Query view

Name Type Description
name string (name of Plan)
view_index int32 Integer specifying removed Plan index. Not populated in stateless watch type.

RegionalDistribution Message

RegionalDistribution shows distribution of certain resource allowances across regions.

Name Type Description
resource string (reference to Resource) Reference to resource
limits_by_region map<string, int64> Limit per region.

5 - SPEKTRA Edge Monitoring Service API

Understanding the Monitoring service API.

The monitoring service provides a massive scale time-series multi-tenant data store with multi-key indexing and automatic rollups.

It has wire-compatible capabilities with google monitoring API for time-series - version v3.

Version v4 is however recommended one we are expanding.

Full API Specifications (with resources):

  • Version v3
  • Version v4

Highlights:

  • Dynamic metric configuration: all resource/metric descriptors (schemas) are managed through an API.
  • Monitoring includes a background pipeline that helps reduce query times for wide time intervals, such as a week, month, or year
  • Ability to configure pre-aggregated or paginated (sorted) db indexes via API.
  • Time series data compaction
  • Time series watch (subscribe)
  • Time series forwarding
  • Automatic alerting based on incoming time series
  • Multi-indexing: Provides faster response times than traditional time series databases and supports multiple query patterns.

Metrics Definition

The Monitoring Service predefines a schema for time-series data and uses that schema to populate data and execute queries.

The schema is defined in two stages, with the upper level definition being the resource definition and the lower level definition being the metrics definition.

The higher-level resource definitions are units of entities that generate metrics and are defined as Monitored Resource Descriptors. For example, an entity that generates metrics, such as an SPEKTRA Edge device or SEI agent, exists as a resource. A resource definition contains the name of the resource as well as additional information such as labels.

Resource definitions are defined at the service level and are usually available only for reference by the user. Predefined resources can be viewed with the following commands, example for devices service:

cuttle monitoring list monitored-resource-descriptors \
  --service devices.edgelq.com

Lower-level metric definitions define individual values and are defined as Metric Descriptor resources. For example, a metric definition could be the CPU utilization of an SPEKTRA Edge device or the latency measured by the SEI agent. In addition to the name of the metric, the metric definition defines a label as additional information and a data type.

On top of that, metric descriptor defines indices (per resource type). In Monitoring service, metric descriptors are designed to “know” resource descriptors, therefore time series storage indices are defined on metric descriptors level.

The following commands can be used to reference a Metric Descriptor in a project:

cuttle monitoring list metric-descriptors --project $PROJECT

Each metric has a defined data type and metric type.

Metric types include, for example, general GAUGE (e.g., CPU utilization), cumulative CUMULATIVE (e.g., total network interface transfer volume), and differential DELTA.

Data types include INT64 for general integer values, DOUBLE for real numbers, and DISTRIBUTION for histograms.

Note that a list of labels defined for each resource and metric can be obtained by adding the --view FULL option when executing the list command. The labels can be used as filter conditions when executing the query described below.

Please take a look at the following fixtures for the metric as well as the monitored resource descriptors for your reference:

Some metric descriptor resources are automatically created in the Project scope each time a Project resource is created. As the scope is Project, the resource can be managed both by the system and ordinary users - to some extent.

By default, each project gets Applications/Devices metric descriptors defined for pods and devices. Project may enable more optional services, which can create additional metric descriptors.

Service-provided Metric Descriptors provide:

  • Defining labels (sometimes called keys)
  • Built-in indices
  • Determining value type, metric type and distribution options

Users of the projects can:

  • Define their own indices, as an addition to those built-in.
  • Customize storage options

TimeSerie

Time Series is identifiable by a unique set of:

  • project + region
  • metric type and labels
  • resource type and labels

Example of individual TimeSerie is number of packets in on a specific interface on a specific virtual machine.

Time series data points are expected to arrive in order and from a single client at once.

Example TimeSerie object:

{
  "key": "BQHPAQoCGrEEHf8geAECGXc=",
  "project": "your-project",
  "region": "us-west2",
  "metric": {
    "type": "watchdog.edgelq.com/probe/session/delivery"
  },
  "resource": {
    "type": "watchdog.edgelq.com/probe",
    "labels": {
      "probe_id": "p1"
    }
  },
  "metricKind": "GAUGE",
  "valueType": "DOUBLE",
  "unit": "0-1%",
  "points": [
    {
      "interval": {
        "endTime": "2023-07-12T19:01:00Z"
      },
      "value": {
        "doubleValue": 1
      }
    },
    {
      "interval": {
        "endTime": "2023-07-12T19:00:00Z"
      },
      "value": {
        "doubleValue": 1
      }
    }
  ]
}

Highlights:

  • TimeSerie can be identified not only by project+region+metric+resource fields, but also by key. There is 1-1 relation between a binary key (encoded as base64 in this example above) and a string label set.
  • Project, region, metric.type and resource.type must always exist and be specified.
  • Individual TimeSerie has list of points. Information about individual point types can be obtained from fields metricKind, valueType and unit. Note that those values may actually differ between queries: If user asks for COUNT aggregation, valueType will be always INT64. If user is interested in MEAN, it will be DOUBLE. Unit is fetched from MetricDescriptor.

Metric Kinds

Gauge

The most common metric type - represents “in-moment” measurement, like Used Memory or statistics over a small period, like: CPU Usage.

Cumulative

Monotonically increasing value, like interface packet count. May be reset from time to time, but that should not affect the aggregated total sum. Useful for billing purposes.

Delta

Delta Kind may correspond to changes in resource usage like added new Device (+1) or removed Device (-1). Useful for quota control, request counting, or any case where maintaining Cumulative value isn’t an option.

Values Types

INT64

Useful for Metrics that represent counters, like packet or request counts, or Gauges like used memory.

DOUBLE

Floating point value - useful for Gauge values, like CPU Utilization, etc.

DISTRIBUTION

A histogram is useful for retaining more information about data-point value distribution when performing multiple aggregation steps (Align + Reduce), like request latency where we’re interested in the 99th percentile, not just mean.

Also, see https://github.com/cloudwan/edgelq-sdk/blob/main/monitoring/proto/v4/common.proto and find the Distribution message.

Phantom Time Series

A phantom time series allows to ensure that time series with specific value when responsible agent is down (or disconnected) and doesn’t emit anything. Usually orchestrated by controllers to provide device or agent down-detection.

You can also think of phantom time series as generators, as they emit specified points each minute.

Running a query

Unlike other resources, TimeSerie obtains information through an operation called Query.

Standard list queries

The following example queries the SEI agent (watchdog.edgelq.com/probe) as a resource and the metrics as packet loss (watchdog.edgelq.com/probe/session/delivery).

It asks for specific probe in specific region.

cuttle monitoring query time-serie --parent projects/your-project \
  --filter 'resource.type="watchdog.edgelq.com/probe" AND \
            metric.type="watchdog.edgelq.com/probe/session/delivery" AND \
            resource.labels.probe_id="p1" AND region="us-west2"' \
  --aggregation '{"alignmentPeriod": "60s", \
                  "perSeriesAligner": "ALIGN_SUMMARY", \
                  "crossSeriesReducer": "REDUCE_MEAN",
                  "groupByFields":["resource.labels.probe_id"]}' \
  --interval '{"startTime": "2023-07-12T19:00:00Z", \
               "endTime": "2023-07-12T19:01:00Z"}' -o json

Example output:

{
  "timeSeries": [
    {
      "key": "BQHPAQoCGrEEHf8geAECGXc=",
      "project": "your-project",
      "region": "us-west2",
      "metric": {
        "type": "watchdog.edgelq.com/probe/session/delivery"
      },
      "resource": {
        "type": "watchdog.edgelq.com/probe",
        "labels": {
          "probe_id": "p1"
        }
      },
      "metricKind": "GAUGE",
      "valueType": "DOUBLE",
      "points": [
        {
          "interval": {
            "endTime": "2023-07-12T19:01:00Z"
          },
          "value": {
            "doubleValue": 1
          }
        },
        {
          "interval": {
            "endTime": "2023-07-12T19:00:00Z"
          },
          "value": {
            "doubleValue": 1
          }
        }
      ]
    }
  ]
}

Standard list time series queries are those that contain:

  • Project
  • Filter (specifying metric.type)
  • Aggregation
  • Interval
--parent

All time series belong to some project, and it is necessary to specify project from which we query time series. Each project has own dedicated database indices, and is protected by authorization.

--filter

Describes filter conditions for the query combined with AND operator. Filter is a string that should satisfy: metric.type <EqualityOp> <MetricTypes> [AND <FilterPath> <Operator> <Values>].

Expressions within [] may be repeated many times (or not at all).

  • <EqualityOp> must be equal to = or IN
  • <MetricTypes> may be an array for IN operator, or just a quoted string for single value.
  • <FilterPath> must be a valid path in TimeSerie object. It must be one of:
    • resource.type: Points to MonitoredResourceDescriptor. If user does not provide it, system deduces possible values based on metric.type.
    • metric.labels.<Key>, where <Key> must be a valid label key present in MetricDescriptor resource (Field labels). If user specified more than one metric type, then labels must be present in all of them!
    • resource.labels.<Key>, where <Key> must be valid label key present in MonitoredResourceDescriptor resource (Field labels). If user specified multiple resource types, then label must be present for all of them! If user did not specify resource type, label will must match whatever system determines is actual resource type.
    • region: All time series belong not only to the project, but also to specific regions. Project must be enabled in at least one region, but may belong to the multiple regions. If region filter condition is not specified, then query is redirected to all regions where project is enabled. It is advisable to provide region in the filter if we know it. This way query will be not broadcast to multiple regions, which saves on latency.
  • <Operator> must be equal to =, !=, IN or NOT IN.
  • <Values> may be single string value (quoted) or an array of quoted strings between [] characters.
--aggregation

You can specify an alignment interval (alignmentPeriod), an aligner for each time series (perSeriesAligner), and a reducer across time series (crossSeriesReducer).

The alignment interval specifies the granularity of data required. The minimum granularity is 1 minute (60s or 1m), and the other available granularities are:

  • 3 minutes (3m)
  • 5 minutes (5m)
  • 15 minutes (15m)
  • 30 minutes (30m)
  • 1 hour (1h)
  • 3 hours (3h)
  • 6 hours (6h)
  • 12 hours (12h)
  • 1 day (1d)

Note that unaligned data cannot be acquired.

The alignment interval must be set appropriately for the value of the period (--interval) value described below. Specifying a small alignment interval with a large period value may cause the query to fail due to the large amount of data to be processed.

The Aligner per Time Series defines the process used to merge data within an alignment period. For example, if the alignment interval is 5 minutes and the original data is stored every minute, there will be 5 data points in one alignment period. In this case, the data representative of that alignment period must be calculated, and the calculation method must be specified according to the application.

Below is a list of typical aligners that are commonly used:

  • ALIGN_MIN, ALIGN_MAX, ALIGN_MEAN, ALIGN_STDDEV

    use the minimum, maximum, average or standard deviation value within the period.

  • ALIGN_COUNT

    use the number of data points in the period.

  • ALIGN_SUM

    computes sum of values within specified alignment period.

  • ALIGN_SUMMARY

    use the composite value of the histogram within the period. (Distribution type only).

  • ALIGN_DELTA

    extract difference between current value specified at current end timestamp and previous value at previous end timestamp. This aligner works only for CUMULATIVE and DELTA metric types (Field metric_type in MetricDescriptor must be either of those values).

  • ALIGN_RATE

    Works like ALIGN_DELTA, but also divides result by number of seconds within period (alignment period).

  • ALIGN_PERCENTILE_99, ALIGN_PERCENTILE_95, ALIGN_PERCENTILE_50, ALIGN_PERCENTILE_05

    use the value of each percentile in the period.

Reducer is used to group multiple time series and combine them to produce a single time series. This option is used in conjunction with the groupByFields option, which specifies the criteria for grouping. For example, to obtain a time series of the average CPU usage of all devices in a specific project, specify resource.labels.project_id in the groupByField option, then specify REDUCE_MEAN as the reducer.

## If the above example is used as a parameter.
{... "crossSeriesReducer": "REDUCE_MEAN", "groupByFields": ["resource.labels.project_id"]}

Below is a list of typical reducers that are commonly used.

  • REDUCE_NONE

    no grouping, no composite time series. Field groupByFields is not relevant.

  • REDUCE_COUNT

    Computes number of merged time series. Note it is not a sum of number of points within merged time series!. To have sum of data points, use ALIGN_COUNT combined with REDUCE_SUM.

  • REDUCE_SUM

    use the sum of values within a group.

  • REDUCE_MIN, REDUCE_MAX, REDUCE_MEAN, REDUCE_STDDEV

    use the minimum, maximum, average and standard deviation values within a group.

  • REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05

    use the value of each percentile in the group.

It is important to note, that specific reducers (MEAN, STDDEV, any PERCENTILE), are typically best used with perSeriesAligner ALIGN_SUMMARY. This allows to eliminate imbalances between individual time series, and displays proper mean/percentile. Rate/Delta values (ALIGN_DELTA and ALIGN_RATE) are often used with REDUCE_SUM, similarly counters (ALIGN_COUNT) are best used with REDUCE_SUM as well.

See API Specifications for details on available aligners and reducers and the conditions under which they can be used.

--interval

Specify the time period for which time series data is to be retrieved. Specify the start time and end time in RFC3339 format for startTime and endTime. Please refer to “Data Storage Period” to set the available time periods.

Pagination queries

Standard list time series queries are those that contain:

  • Project
  • Filter (specifying metric.type)
  • Pagination
  • Interval

One of the differences between regular queries and paginated, is that latter have aggregation function built-in. Paginated views must be defined within MetricDescriptors (more on it later), functions define aligner, reducer, and sorting order.

Pagination queries are helping to traverse/iterate over large number of individual time series.

Pagination view describes:

  • labels that separate individual time series into different pagination rankings (filterable/promoted labels).
  • labels identifying individual time series to be sorted (paginated labels).
  • Labels that are neither of the above are reduced (time series are merged).

Function describes:

  • Aligner+reducer extracting double/integer value from each timestamp in each individual time series (after merging those with reduced labels). Final value will be used for sorting purposes.
  • Sorting direction

Time series across projects/regions will never be sorted together. Function (aligner+reducer) must extract either double or integer value.

Mechanism is following: For specified pagination view, each TimeSerie is sorted into specific ranking (project, region, metric and resource types are minimal shared properties of individual ranking, plus filterable/promoted labels). Within single ranking, function (aligner+reducer) extracts double/integer value from each TimeSerie for each timestamp. Finally, for each timestamp individually, sorted ranking of TimeSeries is created in specified order.

For example, imagine we have metric.type equal to devices.edgelq.com/device/disk/used. This metric describes number of bytes used on a disk. Matching resource.type is devices.edgelq.com/device.

Imagine we have a project and region where we have 10000 devices, and each has 3 partitions (name and mount). We can use paginated query to find out top 20 devices for each partition, but within single project and region. Query can look like the following example:

cuttle monitoring query time-serie --parent projects/your-project \
  --filter 'metric.type="devices.edgelq.com/device/disk/used" AND \
            resource.type="devices.edgelq.com/device" AND \
            region="us-west2"' \
  --pagination '{"alignmentPeriod": "3600s", \
                 "view": "ByDevice", \
                 "function": "Mean",
                 "limit": 20,
                 "offset": 0}' \
  --interval '{"startTime": "2023-07-12T19:00:00Z", \
               "endTime": "2023-07-12T22:00:00Z"}' -o json

This query, in order to work, must have in MetricDescriptor defined pagination view ByDevice and function Mean. We will describe this later on in Indices Management.

For now, assume that:

  • View ByDevice is the one where partition (name + mount) labels are separating TimeSeries into different rankings. Resource label device_id is the one label we keep in each individual ranking.
  • Function Mean is using ALIGN_SUMMARY+REDUCE_MEAN in DESCENDING order.

Because we know there are 3 common partitions across all devices, we will receive, for each timestamp (19:00:00, 20:00:00, 21:00:00, 22:00:00), 60 time series data points (3 partitions by 20 devices) belonging to different TimeSerie objects.

Notes for caution:

  • Each partition has its own ranking of top devices. Therefore, for partition “A” you may get 20 totally different devices compared to other partitions “B” and “C”.
  • Each timestamp has its own ranking too. 20 devices for time T1 may be different from timestamp T1+1, if one device within same partition took over “one of the top 20 places”. As of now monitoring does not average values across whole specified interval to make sure time series between timestamps do not change. In the final response message, it is possible to receive TimeSeries object with data points with timestamps like (19:00:00, 20:00:00, 22:00:00) - note missing 21:00:00. It does not mean data point does not exist, it only means that this TimeSeries for this timestamp does not fit into top 20.

Parameters other than --pagination are same as for standard queries.

Watch command

It is also possible to receive time series as they appear in the service.

$ cuttle monitoring watch time-serie \
  --parent projects/your-project \
  --filter 'metric.type="devices.edgelq.com/device/connected" AND \
            resource.type="devices.edgelq.com/device"' \
  --aggregation '{"alignmentPeriod": "300s", \
                  "crossSeriesReducer": "REDUCE_MEAN", \
                  "perSeriesAligner": "ALIGN_MEAN", \
                  "groupByFields":["resource.labels.device_id"]}' \
  --starting-time "2025-01-01T12:00:00Z" \
  -o json | jq .

Arguments are same as in standard queries, except --interval is not supported. It is replaced by --starting-time. Starting time should not be too far into te past (as of now, it can be one week old).

This is streaming long-running command. When some TimeSerie object is seen for the first time, monitoring will retrieve all data points from starting time (and including). It will also fetch full headers (metric & resource type and labels, project, region, unit).

Here is an example initial time series retrieved by the command above, assuming that current time is past 2025-01-01T12:05:00Z.

{
  "timeSeries": [
    {
      "key": "BQHPAQoCGrEEHf8geAEA",
      "project": "your-project",
      "region": "us-west2",
      "metric": {
        "type": "devices.edgelq.com/device/connected"
      },
      "resource": {
        "type": "devices.edgelq.com/device",
        "labels": {
          "device_id": "raspberry-pi-5"
        }
      },
      "unit": "1",
      "metricKind": "GAUGE",
      "valueType": "DOUBLE",
      "points": [
        {
          "interval": {
            "endTime": "2025-01-01T12:05:00Z"
          },
          "value": {
            "doubleValue": 1
          }
        },
        {
          "interval": {
            "endTime": "2025-01-01T12:00:00Z"
          },
          "value": {
            "doubleValue": 1
          }
        }
      ]
    }
  ]
}

After 2025-01-01T12:10:00Z, caller may receive next data point for this timestamp:

{
  "timeSeries": [
    {
      "key": "BQHPAQoCGrEEHf8geAEA",
      "metricKind": "GAUGE",
      "valueType": "DOUBLE",
      "points": [
        {
          "interval": {
            "endTime": "2025-01-01T12:10:00Z"
          },
          "value": {
            "doubleValue": 1
          }
        }
      ]
    }
  ]
}

This time, fields project, region, unit, metric and resource are not returned. Instead, caller should find matching TimeSerie object using key value seen in the past. This mechanism ensures system does not need to fetch again all TimeSerie metadata, saving on latency, bandwidth, resource consumption.

Data point is unique for given key and interval.endTime fields.

Watch time-series call works using at-least-once principle. It is possible to:

  • Re-receive again full data headers for some TimeSerie object despite being already seen.
  • Re-receive data points for given TimeSerie object (by key). In other words, for some key field, in one moment you may receive data points for timestamps (2025-01-01T12:00:15Z, 2025-01-01T12:00:20Z, 2025-01-01T12:00:25Z), then (2025-01-01T12:00:20Z, 2025-01-01T12:00:25Z, 2025-01-01T12:00:30Z). User should prefer last value received for given key and timestamp.

Those received-again data points/headers are possible due to:

  • Maintenance restarts of internal services.
  • Autoscaling events (which may cause also restarts).
  • Recoveries from abnormal situations.
  • It is also possible that edge devices will submit late data points causing corrections of some received before values.

Finally, a TimeSerie object with unique key may be not exactly synchronized with other TimeSerie regarding timestamps: It is possible to receive data point with timestamp 2025-01-01T12:00:15Z for TimeSerie A, then 2025-01-01T12:00:05Z for TimeSerie B (earlier). Typically, timestamps for all TimeSerie should grow equally, but if some edge agent goes offline, it is possible for them to submit LATE data when it comes online. Watch time-series may return multiple late data points for this given edge object.

If edge agent comes online way too late, system may refuse data points over certain age though. As of now, maximum allowed age is one hour. Therefore, if device comes online after more than 1 hour break, older data points will not be accepted. TimeSeries received over watch (and actually also over List) will have gap in timestamps.

Data retention period

Data can only be acquired for a limited time depending on the alignment interval. For example, data with a resolution of 1 m (1 minute) can only be acquired up to 14 days in the past. If you want data up to 90 days old, you must use an alignment interval of 30 minutes.

This table represents retention periods:

Alignment Interval Storage Period
1m 14 days
3m 28 days
5m 42 days
15m 62 days
30m 92 days
1h 184 days
3h 366 days
6h 732 days
12h 1098 days
1d 1464 days

By default, all time series have those alignment periods enabled. It is however possible to opt-out from them using storage options in MetricDescriptor instances. For example, if we only need up to 1h alignment period of devices.edgelq.com/device/connected metric type in project your-project, we can do that making an update:

$ cuttle monitoring update metric-descriptor \
  'projects/your-project/metricDescriptors/devices.edgelq.com/device/connected' \
  --storage-config '{"maxAp":"3600s"}' --update-mask 'storageConfig.maxAp' -o json

This allows to significantly reduce number of data points to be created and stored, lowering total costs (especially long term storage).

It is not possible to disable individual alignment periods “in the middle”. Higher alignments require lower alignments.

Buckets

It is possible to restrict time series creation/queries to a specific subset within the project scope.

For example, suppose we have a device agent, and we want to ensure it can read/write only from/to specific owned time series. We can create the following bucket:

cuttle monitoring create bucket <bucketId> --project <projectId> \
  --region <regionId> \
  --resources '{
      "types":["devices.edgelq.com/device", "applications.edgelq.com/pod"],
      "labels": {"project_id":{"strings": ["<projectId>"]}, "region_id":{"strings": ["<regionId>"]}, "device_id":{"strings": ["<deviceId>"]}}
    }'

We can now create a Role for Device (Yaml):

- name: services/devices.edgelq.com/roles/restricted-device-agent
  scopeParams:
  - name: region
    type: STRING
  - name: bucket
    type: STRING
  grants:
  - subScope: regions/{region}/buckets/{bucket}
    permissions:
    - services/monitoring.edgelq.com/permissions/timeSeries.create
    - services/monitoring.edgelq.com/permissions/timeSeries.query

The project can be specified in RoleBinding. When we assign the Role to the Device, the device agent will be only able to create/query time series for a specific bucket - and this bucket will guarantee that:

  • Device can read/submit TimeSeries only for devices.edgelq.com/device or applications.edgelq.com/pod resource types.
  • Metric types are not restricted
  • All time series for resource descriptors will have to specify a “project_id” label equal to the specified project, “region_id” equal to the specified region, and “device_id” equal to the specified device. When querying, the filter will have to specify all those fields.

Buckets ensure also correctness even if the client is submitting binary time series keys (A key in TimeSerie is provided, which allows to skip metric and resource types and labels).

Provided example above is for information - Service devices.edgelq.com already provides Buckets for all Devices!

Alert management

Monitoring service can observe specified time series to spot issues and trigger alerts.

Policies and conditions

Top monitoring resource is AlertingPolicy. It is characterized by:

  • Project and region scope.
  • Can hold multiple alerting conditions.
  • Can be enabled/disabled - in disabled state none of the conditions are evaluated.
  • We can attach notification channels.

Creation of example policy in specific project/region, without notification:

$ cuttle monitoring create alerting-policy policyName --project your-project --region us-west2 \
  --display-name "display name" --spec '{"enabled":true}' -o json

We can enable/disable it ($ENABLED must be either true or false):

$ cuttle monitoring update alerting-policy projects/your-project/regions/us-west2/alertingPolicies/policyName \
  --spec '{"enabled":$ENABLED}' --update-mask spec.enabled -o json

You can check policies in a project:

$ cuttle monitoring list alerting-policies --project your-project -o json

Once you have alerting policy, you can create a condition. Condition has 3 spec components:

  • Time series query (filter and aggregation, without interval): Informs what time-series are observed. Note that presence of aggregation means that one condition can observe multiple time series objects.
  • Threshold: Informs when to trigger an Alert (based on time-series data).
  • Duration: Informs for how long data needs to exceed threshold before alert is raised (or silenced).

Be aware, that alerting condition must belong to some policy, which is region scoped. Therefore, a condition will have implicitly added region filter condition. If you want to have same condition across multiple regions, you will need to copy it as many times as you have regions in a project.

Suppose that we want to trigger an alert if avg CPU utilization on ANY device exceeds 90% for at least 15 consecutive minutes, using granularity of 5 minutes. Assume that time series are reported within range from 0.0 to 1.0. We can do that with cuttle:

$ cuttle monitoring create alerting-condition cndName \
  --parent 'projects/your-project/regions/us-west2/alertingPolicies/policyName' \
  --display-name 'Display name' \
  --spec '{"timeSeries":{\
    "query":{\
      "filter": "metric.type=\"devices.edgelq.com/device/cpu/utilization\" AND resource.type=\"devices.edgelq.com/device\"",\
      "aggregation": {"alignmentPeriod":"300s", "perSeriesAligner":"ALIGN_SUMMARY","crossSeriesReducer":"REDUCE_MEAN","groupByFields":["resource.labels.device_id"]}\
    },\
    "threshold":{"compare":"GT", "value":0.9},\
    "duration":"900s"\
  }}'

Note that in query we specify filter and aggregation fields. In other words, pagination queries are not possible for alerting.

When alerting condition is created, monitoring checks non-aggregated and pre-aggregated indices. It is worth mentioning here that alerting conditions utilize watch time-series queries internally. Therefore, labels in aggregation.groupByFields are taken into account when looking at partitionLabelSets.

Number of TimeSeries objects monitored by a service for a single condition depends on cardinality of labels in aggregation.groupByFields. Also, at any given time, there can be as many firing alerts as many are unique TimeSeries objects within fields defined by aggregation.groupByFields. Each Alert instance is associated with:

  • Specific TimeSeries object according to aggregation.groupByFields.
  • Time range (starting and ending time).

Alerts for same TimeSeries will not overlap time-wise.

Duration field in condition specification has two meanings:

  • It indicates how long TimeSerie value should exceed threshold before alert is raised.
  • It also tells how long TimeSerie value should be equal or below threshold before firing alert is silenced.

Duration should be multiplication of aggregation.alignmentPeriod.

Non-firing alerts are deleted after 3 months as of now (garbage collected). As of now this is not configurable.

Notifications

In order to enable notifications about alerts, it is necessary to create NotificationChannel resource. It can be done using cuttle. As of now, there are 3 type of notifications:

$ cuttle monitoring create notification-channel --project your-project email-example \
  --spec '{"enabled":true, "type":"EMAIL", "addresses":["admin@example.com"]}'

$ cuttle monitoring create notification-channel --project your-project slack-example \
  --spec '{"enabled":true, "type":"SLACK", "incomingWebhook": "https://some.url"}'
  
$ cuttle monitoring create notification-channel --project your-project slack-example \
  --spec '{"enabled":true, "type":"WEBHOOK", "webhook": {"url": "https://some.url", "maxMessageSizeMb": 0.25}}'

Created channels may be attached to policies from any region in a project:

$ cuttle monitoring update alerting-policy 'projects/your-project/regions/us-west2/alertingPolicies/policyName' \
  --spec '{"notification":{"enabled":true, "channels": ["projects/your-project/notificationChannels/email-example"]}}'

Naturally policy can be created straight with attached notification channel.

Apart from using notifications, users can also access API to watch alert changes directly in their projects.

Webhooks

Webhooks are more customizable notification types, and more guaranteed structure. Webhook full notification has following format:

{
  "project": {/** monitoring.edgelq.com/Project object here **/},
  "organization": {/** iam.edgelq.com/Organization object here **/},
  "alertingPolicy": {/** monitoring.edgelq.com/AlertingPolicy object here **/},
  "notification": {/** monitoring.edgelq.com/Notification object here **/},
  "events": [{
    "alertingCondition": {/** monitoring.edgelq.com/AlertingCondition object here **/},
    "metricDescriptor": {/** monitoring.edgelq.com/MetricDescriptor object here **/},
    "monitoredResourceDescriptor": {/** monitoring.edgelq.com/MonitoredResourceDescriptor object here **/},
    "alerts": [{
      /** monitoring.edgelq.com/Alert object here **/
    }/** More alerts **/]
  }/** More events **/]
}

Refer to specifications of specified resources for more details what fields are available.

Note that this is described as full message. Many fields are hidden to reduce notification size. It is possible to define what field paths should be included in each message using notificationMask field:

$ cuttle monitoring create notification-channel --project your-project slack-example \
  --spec '{..., "webhook": {..., "notificationMask": ["path1", "path2"...]}}'

Refer to NotificationChannel specification to see what is the default notificationMask if user does not specify it (it is not empty).

Smaller message should easier fit into webhook.

It is also possible to limit maximum message using maxMessageSizeMb param:

$ cuttle monitoring create notification-channel --project your-project slack-example \
  --spec '{..., "webhook": {..., "maxMessageSizeMb": 0.25}}'

It should be used if there is a maximum size webhook can accept. By default there is no limit.

Time series forwarding

TimeSeries objects can be queried or received in real-time manner using watch. However, it is also possible to forward them to the external systems. We can do that using two resources:

  • TimeSeriesForwarderSink: Provides target where time series can be stored in protobuf format (with optional compression).
  • TimeSeriesCollectionRule: Provides persistent query that executes in the service background. It can (should) be attached to sink resource.

Collection rules do not have to be in the same project as sink. Admins may create one sink in major project and connect collection rules from minor ones.

Creating sink requires providing some external endpoint. As of now, only azure event hub is supported. Endpoint to azure event hub must contain auth key, therefore it is necessary to create secret resource first:

$ cuttle secrets create secret secretName --region us-west2 --project your-project \
  --data '{"EndpointString": "Endpoint=sb://<name>.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=<SECRET>;EntityPath=<topicName>"}'

Replace all variables within <> with proper values. Note that you should provide also topic name (after creating azure even hub, create also a topic).

Then you can create sink, reference azure endpoint with secret:

$ cuttle monitoring create time-series-forwarder-sink sink-name --project your-project \
  --display-name "some name" \
  --spec '{"compression": "SNAPPY", "azureEventHub": {"endpoint": "projects/your-project/regions/us-west2/secrets/secretName"}}' -o json

Monitoring service detects automatically on start number of partitions.

With sink, you can create collection rules. They are very similar to watch queries. You need to provide filter and aggregation. Thenew argument is only sink.

Remember that fields filter, aggregation and sink cannot be changed. You will need to recreate rule.

Under the hood, watch queries are executed by the system to forward time series to the sink.

$ cuttle monitoring create time-series-collection-rule r1 --project your-project \
  --display-name 'Some name' \
  --filter 'metric.type="devices.edgelq.com/device/connected" AND \
            resource.type="devices.edgelq.com/device"' \
  --aggregation '{"alignmentPeriod": "300s", \
                  "crossSeriesReducer": "REDUCE_MEAN", \
                  "perSeriesAligner": "ALIGN_MEAN", \
                  "groupByFields":["resource.labels.device_id"]}' \
  --sink 'projects/your-project/timeSeriesForwarderSinks/sink-name' -o json

With described example setup, azure event hub should be receiving protobuf objects of type ntt.monitoring.v4.BulkTimeSeries. If compression is used, remember to decompress azure event bytes first, before attempting to unmarshal BulkTimeSeries. Example simple Go code to parse events:

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/golang/snappy"

    eventhub "github.com/Azure/azure-event-hubs-go/v3"
	"google.golang.org/protobuf/proto"

	rts "github.com/cloudwan/edgelq-sdk/monitoring/resources/v4/time_serie"
)

func main() {
    ctx := context.Background()
    
    connStr := "Endpoint=sb://demo.servicebus.windows.net/;SharedAccessKeyName=shared;SharedAccessKey=SecretKey;EntityPath=test"
    hub, err := eventhub.NewHubFromConnectionString(connStr)
    if err != nil {
        panic(fmt.Errorf("Failed to create hub client: %s", err))
    }
    
	// Subscribe to partition "0"
    handle, err := hub.Receive(ctx, "0", func(ctx context.Context, event *eventhub.Event) error {
        decompressedData, err := snappy.Decode(nil, event.Data)
        if err != nil {
            panic(err)
        }

        metrics := &rts.BulkTimeSeries{}
        if err := proto.Unmarshal(decompressedData, metrics); err != nil {
			panic(err)
        }
        
        os.Stderr.WriteString(fmt.Sprintf("GOT METRICS: %s\n", metrics))
        return nil
    })
    if err != nil {
    panic(fmt.Errorf("Failed receive: %s", err))
    }
    
    <-handle.Done()
}

If data is not being delivered, it is worth to check:

  • Status of the sink: cuttle monitoring get time-series-forwarder-sink projects/your-project/timeSeriesForwarderSinks/name --field-mask status -o json
  • Verify if collection rules by using watch query (use filter and aggregation from collection rule): cuttle monitoring watch time-serie --parent 'projects/your-project' --filter '...' --aggregation '...' -o json
  • Verify collection rule is connected to the sink (Check field sink in TimeSeriesCollectionRule).

If sink status does not indicate error, and watch query is delivering data, and collection rule is attached to the sink, it indicates system issue.

Advanced: Index definitions

Indices are important for two reasons:

  • For efficient queries (ListTimeSeries)
  • For reasonable storage usage (writes)

It is required to balance between them - more indices will require more writes and larger storage.

It is necessary to understand process of writing:

  • First, Monitoring service receives raw unaligned points via CreateTimeSeries
  • Next, Monitoring service merges raw data points within individual series (1 minute, 3 minute, 5 minute etc.).
  • Time-aligned data points are saved in time series storage, PER each non-aggregated index defined in MetricDescriptor.
  • Monitoring detects separately paginated and pre-aggregated indices. Based on their specification, it processes further time-aligned data points, merging and sorting. Computed data points are stored separately for those indices.

Essentially, there are 3 category of indices:

The common characteristic for all indices are partitions. Single partition stores data points of TimeSerie objects with different keys in timestamp increasing order. TimeSerie object identified by key may be stored in one or more partitions, depending on index specification.

Efficient queries require that partition we read from does not store too much data points (from different TimeSerie) in a single timestamp. This rule is common for all index types.

Each partition at least specifies following fields of TimeSerie: project, region, metric.type and resource.type. It means TimeSerie across regions, projects and metric types will not be mixed with others. Index specification may contain more metric/resource label keys optionally.

For simplicity, when examining time series indices, we will assume that there is only one region ID used by an example project.

Non-aggregated indices

Non-aggregated indices use partitions to group TimeSerie objects, but nothing more. Data points are aligned according to the AP period (one minute, 3 minutes…, etc.). To ensure efficiency, high cardinality labels should be part of partition key.

For example, lets take the following MonitoredResourceDescriptor:

- name: services/devices.edgelq.com/monitoredResourceDescriptors/device
  type: devices.edgelq.com/device
  displayName: Device
  labels:
  - key: device_id
    description: Device ID
    valueType: STRING
  - key: device_display_name
    description: Device Display Name
    valueType: STRING
    defaultValue: <undefined>
  - key: device_serial_number
    description: Device Serial Number
    valueType: STRING
    defaultValue: <undefined>

Then, lets take the following MetricDescriptor:

- name: projects/your-project/metricDescriptors/devices.edgelq.com/device/disk/used
  type: devices.edgelq.com/device/disk/used
  displayName: Disk usage in bytes
  metricKind: GAUGE
  valueType: INT64
  unit: By
  labels:
  - key: mount_point
    description: Mount Point
    valueType: STRING
  - key: partition_name
    description: Parition Name
    valueType: STRING

We may have a fleet of devices, each characterized by a unique device_id and small set of partitions. If we have large fleet of similar devices we can assume that:

  • Resource label keys device_id, device_display_name and device_serial_number are high cardinality. If we have 20K devices, then we will have 20K label values for each of these. However, it can be safely assumed that for specific device_id we will have one value of device_display_name and device_serial_number.
  • Metric label keys mount_point and partition_name will typically have low cardinality, as devices within specific project/region should be similar. But within single device_id, we should be even more confident that number of partitions will not go into large values.

Based on the knowledge above, we may define the following non-aggregated indices:

- name: projects/your-project/metricDescriptors/devices.edgelq.com/device/disk/used
  type: devices.edgelq.com/device/disk/used
  displayName: # ... SKIP
  labels: # ... SKIP
  metricKind: GAUGE
  valueType: INT64
  unit: By
  indices:
    builtIn:
      nonAggregatedIndices:
      - name: "device-nonaggregated"
        resourceTypes: [ devices.edgelq.com/device ]
        partitionLabelSets:
        - name: "DeviceScope"
          resourceKeys: [ device_id ]
          metricKeys: [ ]
        - name: "SerialNumberScope"
          resourceKeys: [ device_serial_number ]
          metricKeys: [ ]

In the result we will have, for this metric descriptor (which has project, region, metric and resource type scope), as many partitions as number of devices multiplied by 2. We will have two indices:

  • device-nonaggregated:DeviceScope: With partitions separated by resource label key device_id.
  • device-nonaggregated:SerialNumberScope: With partitions separated by resource label key device_serial_number.

Note that each TimeSerie data point will be saved twice.

In terms of query efficiency, we satisfy the requirement that single partition should not have too many data points for single timestamp. It is because single partition will be guaranteed to contain data from only one device. If number of disk partitions (labels mount_point and partition_name) on single device is low (like 3 at most), single partition for single timestamp will contain 3 data points.

Let’s examine some queries:

cuttle monitoring query time-serie --parent 'projects/your-project' \
  --filter 'metric.type="devices.edgelq.com/device/disk/used" AND \
    resource.type="devices.edgelq.com/device" \
    AND resource.labels.device_id="some_id"' \
  --aggregation '{"perSeriesAligner":"ALIGN_SUMMARY",
    "alignmentPeriod":"300s",
    "crossSeriesReducers":"REDUCE_MEAN",
    "groupByFields":["metric.labels.mount_point"]}' \
  --interval '{"startTime":"$START_TIME","endTime":"$END_TIME"}' -o json | jq .

Above query specifies resource.labels.device_id in the filter condition, but not resource.labels.device_serial_number. In that case, monitoring will use device-nonaggregated:DeviceScope index to retrieve data. If unique number of metric.labels.mount_point label is 3, we will receive 3 separate TimeSerie objects for specified interval. We will read little number of points from the partition belonging to device.

Note that param aggregation may specify crossSeriesReducers and groupByFields fields for non-aggregated indices. Non-aggregated only means that data stored is in non-aggregated (across time series) format. Aggregation can be executed on-fly, during query execution.

Lets take a look into another example query:

cuttle monitoring query time-serie --parent 'projects/your-project' \
  --filter 'metric.type="devices.edgelq.com/device/disk/used" AND \
    resource.type="devices.edgelq.com/device" \
    AND resource.labels.device_serial_number="some_number"' \
  --aggregation '{"perSeriesAligner":"ALIGN_SUMMARY",
    "alignmentPeriod":"300s",
    "crossSeriesReducers":"REDUCE_MEAN",
    "groupByFields":["metric.labels.mount_point"]}' \
  --interval '{"startTime":"$START_TIME","endTime":"$END_TIME"}' -o json | jq .

Query above will use other index, device-nonaggregated:SerialNumberScope, but otherwise we will get similar response as before.

Now examine the following query:

cuttle monitoring query time-serie --parent 'projects/your-project' \
  --filter 'metric.type="devices.edgelq.com/device/disk/used" AND \
    resource.type="devices.edgelq.com/device" \
    AND resource.labels.device_display_name="Some name"' \
  --aggregation '{"perSeriesAligner":"ALIGN_SUMMARY",
    "alignmentPeriod":"300s",
    "crossSeriesReducers":"REDUCE_MEAN",
    "groupByFields":["metric.labels.mount_point"]}' \
  --interval '{"startTime":"$START_TIME","endTime":"$END_TIME"}' -o json | jq .

Monitoring service will return InvalidArgument error, indicating that filter does not match any of the defined indices.

If query contained BOTH resource.labels.device_serial_number and resource.labels.device_id, monitoring will pick one of those indices, but not both. Index is picked on case-by-case basis, after computing what is more optimal.

Finally, let’s take a look at this query:

cuttle monitoring query time-serie --parent 'projects/your-project' \
  --filter 'metric.type="devices.edgelq.com/device/disk/used" AND \
    resource.type="devices.edgelq.com/device"' \
  --aggregation '{"perSeriesAligner":"ALIGN_SUMMARY",
    "alignmentPeriod":"300s",
    "crossSeriesReducers":"REDUCE_MEAN",
    "groupByFields":["resource.labels.device_id", "metric.labels.mount_point"]}' \
  --interval '{"startTime":"$START_TIME","endTime":"$END_TIME"}' -o json | jq .

This query will also fail due to lack of index that could match it. When monitoring receives a list query, it takes into account only filter field when matching against partitionLabelSets. Presence of resource.labels.device_id in aggregation.groupByFields does not change this calculation. Monitoring service is not scanning all partitions within project in search of unique device IDs. Single queries are required to read from limited number of partitions.

Scanning potentially tens of thousands of partitions may also be non-practical. If we had 3 disk partitions and 10K devices, we would receive 30K TimeSerie objects - and if interval is one day (while alignment period is 5 minutes), query would return 288 data points per each TimeSerie, totalling 8640000. Response (uncompressed) may take hundreds of Megabytes. It is heavy for the system and receiving client. If number of devices grow even more, it will scale worse and worse.

Potentially, we can enable this query by adding non-aggregated index like this:

nonAggregatedIndices:
- name: "device-nonaggregated"
  resourceTypes: [ devices.edgelq.com/device ]
  partitionLabelSets:
  - name: "ProjectScope" # Not recommended
    resourceKeys: [ ]
    metricKeys: [ ]
  - name: "DeviceScope"
    resourceKeys: [ device_id ]
    metricKeys: [ ]
  - name: "SerialNumberScope"
    resourceKeys: [ device_serial_number ]
    metricKeys: [ ]

Index device-nonaggregated:ProjectScope would create one big partition though, which goes against the rule that single partition must contain limited number of data points for each timestamp. While monitoring does not prevent from creating bad indices (it cannot know in advance cardinality of labels), subsequent queries may start being rejected with timeout/out of resources errors.

Non-aggregated indices also are used for watch queries. However, we have more relaxed requirements regarding indices, as labels provided via aggregation.groupByFields are also used against partitionLabelSets. In other words, following query would be supported:

cuttle monitoring watch time-serie --parent 'projects/your-project' \
  --filter 'metric.type="devices.edgelq.com/device/disk/used" AND \
    resource.type="devices.edgelq.com/device"' \
  --aggregation '{"perSeriesAligner":"ALIGN_SUMMARY",
    "alignmentPeriod":"300s",
    "crossSeriesReducers":"REDUCE_MEAN",
    "groupByFields":["resource.labels.device_id", "metric.labels.mount_point"]}' \
  --starting-time '$START_TIME' -o json | jq .

While resource.labels.device_id is not provided via filter, it is provided via group by. It is not supported for regular queries, but works well for watch. The reason lies within internal implementation details. Plus, watch time series is capable of chunking large responses into more - it is designed to run longer, in streaming fashion.

Finally, it is worth to reduce number of indices when they are not needed. Non-aggregated indices are not re-using underlying storage, they are full replicas. In case of devices.edgelq.com/device/disk/used, we were able to notice that caller always provides device_id, rendering other index using serial number redundant.

Recommendations

  • Ensure that partitionLabelSets contain all high cardinality labels.
  • Reduce not needed partitionLabelSets.
  • If you dont want to use high cardinality labels in filter field, look at pre-aggregated or paginated indices to see if they provide solution for a problem.

Pre-aggregated indices

Pre aggregated indices are next evolution from non-aggregated ones. Like the latter, pre-aggregated indices are used by regular and watch queries: User must specify parent project, filter and aggregation. However, while non-aggregated indices store original TimeSerie objects as reported by time series writers, pre-aggregated merge those aligned-only time-series with each other to create new ones - so they are one step after non-aggregated.

Pre-aggregated means that aggregation happens at the storage level. Because storage already contains this data, it makes retrieval relatively cheap. Even if query requires merging tens of thousands of TimeSerie with each other, monitoring has a little work at the query time.

Let’s come back to known devices.edgelq.com/device monitored resource descriptor, as we will use it in these examples. Now, let’s define following metric descriptor:

- name: projects/your-project/metricDescriptors/devices.edgelq.com/device/connected
  type: devices.edgelq.com/device/connected
  displayName: Device connected
  metricKind: GAUGE
  valueType: INT64
  unit: "1"
  labels: [] # empty labels

Each device sends “1” when it is online. When it is offline, data points are populated with “0” value. Because connected metric is direct single property of device, it does not need any additional labels.

Hard cardinality labels are same as those discussed for non-aggregated indices.

To be able to check connectivity history of each individual device, we need some non-aggregated index:

- name: projects/<project>/metricDescriptors/devices.edgelq.com/device/connected
  type: devices.edgelq.com/device/connected
  displayName: Device connected
  metricKind: GAUGE
  valueType: INT64
  unit: "1"
  labels: []
  indices:
    builtIn:
      nonAggregatedIndices:
      - name: "device-nonaggregated"
        resourceTypes: [ devices.edgelq.com/device ]
        partitionLabelSets:
        - name: "DeviceScope"
          resourceKeys: [ device_id ]
          metricKeys: [ ]

However, we may also want to know connectivity history of devices across project and region in general. In other words, we would like to execute query like this:

cuttle monitoring query time-serie --parent 'projects/your-project' \
  --filter 'metric.type="devices.edgelq.com/device/connected" AND resource.type="devices.edgelq.com/device"' \
  --aggregation '{ \
    "perSeriesAligner":"ALIGN_MEAN", \
    "alignmentPeriod":"300s", \
    "crossSeriesReducers":"REDUCE_SUM"}' \
  --interval '{"startTime":"$START_TIME","endTime":"$END_TIME"}' -o json | jq .

Note we do not group by device ID.

Execution of this query is done in two steps. First, for each individual TimeSerie (which matches single device), we get fraction of 5 minutes interval when device was online (see alignment period and per series aligner). For example, if a device was online for 4 minutes during a 5 minute interval (within larger specified interval in a query), ALIGN_MEAN will produce value 0.8: (1 + 1 + 1 + 1 + 0) / 5 = 0.8. It assumes we have one data point per minute. Each 5-minutes interval is computed individually, until we fetch whole period specified by interval argument.

After extracting aligned value for each individual time-series and timestamp, we look at the cross series reducer. REDUCE_SUM means we will add up all values sharing same timestamp with each other. If a result for some timestamp is 5635.7 it means that, within 5-minute interval ending at that timestamp, on average 5635.7 of devices were online. If there were 10K devices in total, maximum result we can ever have for single timestamp is 10000.

Knowing average number of online devices across time may be useful. In that case, we can define the following pre-aggregated index:

- name: projects/<project>/metricDescriptors/devices.edgelq.com/device/connected
  type: devices.edgelq.com/device/connected
  displayName: Device connected
  metricKind: GAUGE
  valueType: INT64
  unit: "1"
  labels: []
  indices:
    builtIn:
      preAggregatedIndices:
      - name: "device-aggregated"
        resourceTypes: [ devices.edgelq.com/device ]
        partitionLabelSets:
        - name: "ProjectScope"
          metricKeys: []
          resourceKeys: []
        filterAndGroupLabelSets:
        - name: "AllReduced"
          metricKeys: []
          resourceKeys: []
        supportedAggregations:
        - name: "OnlineDevAvgCounts"
          # These arrays may contain multiple entries if needed.
          perSeriesAligners: [ ALIGN_MEAN ]
          crossSeriesReducers: [ REDUCE_SUM ]

In comparison with non-aggregated indices, pre-aggregated have additional properties:

  • filterAndGroupLabelSets - they contain preserved list of metric and resource label keys. They may, but dont have to, be used in filter or aggregation.groupByFields parameters. But, label keys that are not specified in these sets, must not be used in in filter or aggregation.groupByFields parameters (except those mentioned in partitionLabelSets).
  • supportedAggregations - this is an array of aligners/reducers combinations we want to support in our queries.

Property partitionLabelSets works in similar way as in non-aggregated indices: In filter field, time-series queries must specify all labels required by at least one set in partitionLabelSets. And in case of watch queries, it is also sufficient to provide partition labels via aggregation.groupByFields.

Number of actual pre-aggregated indices is a cartesian product of 3 arrays: partitionLabelSets, filterAndGroupLabelSets and supportedAggregations. In the presented example, all the arrays have length of just one, therefore we will have only one pre-aggregated index.

If you go back to the example query above, where groupByFields set is empty and filter provides only metric/resource type, you can see that it matches pre-aggregated index. Partition label set ProjectScope does not require ANY extra labels in the filter. Then, AllReduced set forbids all other labels to be used, but we don’t. Finally, aligner and reducer are specified in supported list, so we can use it.

Created indices

Based on each preAggregatedIndices group, monitoring generates number of indices based on:

  • number of sets in partitionLabelSets
  • number of sets in filterAndGroupLabelSets
  • number of stored aligner functions (computed based on supportedAggregations)

In the example, we will have one index: device-aggregated:ProjectScope/AllReduced/ALIGN_MEAN

Monitoring always multiples number of label sets when generating indices, but supported aggregations are attempted to be simplified. Monitoring may:

  • pick different aligners than indicated by perSeriesAligners.
  • merge multiple supportedAggregations into same aligner, as long as they belong to same partitionLabelSets and filterAndGroupLabelSets.

It is important to note that each final aligner represents separate index data. To find out what final aligners (storage aligners) were determined by monitoring, users can make the following query:

$ cuttle monitoring list metric-descriptors --project $PROJECT --view NAME \
  --field-mask indices.builtIn.preAggregatedIndices.supportedAggregations.storageAligners \
  --field-mask indices.userDefined.preAggregatedIndices.supportedAggregations.storageAligners \
  -o json

If there are two different supportedAggregations functions sharing some storageAligners, monitoring will reuse same data to save on index data.

Recommendations and storage estimations

When we define pre-aggregated indices, it is important to make sure resulting partitions will not be very large: We still should guarantee that number of data points for given timestamp and partition will be limited. This is driven by cardinality of labels in each set from filterAndGroupLabelSets. It is strongly advised against putting high cardinality labels there (like device ID). Most device metric labels are fine: like disk partition name. Within single project and region we can safely assume number of unique disk partitions is limited. The maximum cardinality is decided ultimately by the widest set in partitionLabelSets (least amount of labels) and the largest set in filterAndGroupLabelSets (more labels decrease performance).

The particular case described above is very easy: Our AllReduced has empty list of keys, therefore total cardinality is exactly 1. Pre-aggregated index using this group is guaranteed to produce at most 1 data point per each timestamp, making it very efficient. Furthermore, looking at partitionLabelSets, we can say that for single project/region we will have just one TimeSerie object describing this pre-aggregated connectivity metric history.

In summary:

  • partitionLabelSets may be empty, or contain any low/high cardinality labels.
  • filterAndGroupLabelSets should not contain high cardinality labels
  • Removing unnecessary partition/filterable sets is recommended

Paginated indices

Pre-aggregated queries allow us to retrieve new TimeSerie objects that are based on thousands other ones (by aggregation). However, it does not allow to traverse those thousands of TimeSerie objects in a cheap way.

As a general rule, requests asking for thousands of TimeSerie objects are not good. If we have that many of them, there are two ways to manage:

  • Make aggregated query that computes small number of TimeSerie based on them.
  • Ensure that TimeSerie objects are sorted, then retrieve TOP N / OFFSET K results.

Paginated indices address the second case.

Let’s define an example: We want to monitor CPU usage across very large fleet of devices. Specifically, we want to keep an eye on devices with the highest CPU. This is an example of MetricDescriptor:

- name: projects/your-project/metricDescriptors/devices.edgelq.com/device/cpu/utilization
  type: devices.edgelq.com/device/cpu/utilization
  displayName: CPU utilization in percentage
  metricKind: GAUGE
  valueType: DOUBLE
  unit: "%"
  labels:
  - key: cpu_number
    description: CPU Number
    valueType: STRING
  - key: state
    description: CPU state one of user, system, idle, nice, iowait, irq, softirq and steal
    valueType: STRING
  indices:
    builtIn:
      paginationIndices:
      - name: "usage-ranking"
        resourceTypes: [ devices.edgelq.com/device ]
        partitionLabelSets:
        - name: "ProjectScope"
          resourceKeys: [ ]
          metricKeys: [ ]
        views:
        - name: "ByDevice"
          filterableMetricKeys: [ state ]
          filterableResourceKeys: [ ]
          paginatedMetricKeys: [ ]
          paginatedResourceKeys: [ device_id ]
        functions:
        - name: "Mean"
          aligner: ALIGN_SUMMARY
          reducer: REDUCE_MEAN
          sorting: DESCENDING

This metric introduces 2 labels:

  • cpu number, which allows us to monitor CPU usage per core in each device. It is likely some fixed string like “1”, “2”, “3”, etc.
  • state, which is a fixed enum set.

Of these 2 labels, we can safely assume that both of them are low cardinality. The only high cardinality label that remains is device ID.

As non and pre aggregated indices, paginated indices also have partitionLabelSets. They work in the same manner:

  • Time-series queries must specify all labels required by at least one set in partitionLabelSets

If we can be certain that some labels will be always used in a filter, it is highly recommended to put them in partition label sets.

In this example case, we would like to retrieve top devices with the highest CPU, so we cant tell device ID in the filter. Since we may want to make queries with filterspecifying only metric type and region, it is best to have single empty set in partitionLabelSets. This way no labels are required to be specified.

The new important properties of paginated indices are:

  • views: View is very important for deciding which labels may be used in a filter field, and which labels are “paginated”. Filterable labels are defining separate sorted rankings. Paginated labels are linked to double/integer values that are sorted according to a defined functions. Note that each view is combined with each set in partitionLabelSets. Therefore, one index may contain multiple rankings in linear memory layout. It is important to ensure that filterable label keys are not high cardinality labels. Paginated labels are the ones that can be of high cardinality.
  • functions: They combine aligner and reducer to extract double/integer values for sorting purposes. Aligner specifies what to extract from individual time series before they are (optionally) merged with each other. In the case we presented, ALIGN_SUMMARY tells we will merge distribution values. Reducer then extracts final value from merged TimeSerie object. In our case, it means we will extract AVERAGE value from final distributions.

Monitoring merges time series according to the label keys that are not present in either partitionLabelSets and views. Let’s examine current example in this light.

Paginated indices are generated based on cartesian product of partitionLabelSets, views and functions. Since we have one item in each, we will have one index that combines partition set ProjectScope and view ByDevice. Now, imagine we have 10K devices, each with 4 CPU cores and 8 CPU states. Therefore, we have 320K TimeSerie objects for each individual timestamp. We will be processing each timestamp separately.

Since labels in ProjectScope are empty, we will put all 320K TimeSerie objects in one partition. Next, we take a look into view ByDevice. We have one filterable metric label: state. Since we have established there are 8 states, 320K TimeSerie objects are grouped into 8 different rankings: Each ranking now has 40K TimeSerie objects. We will iterate each separately. Inside a ranking, we iterate all TimeSerie and apply aligner on each of them. Aligner tells us to extract Distribution of CPU measurements per each core. Therefore, we have now 40K Distributions, each has a pair of labels: resource device ID and metric CPU number. Monitoring looks at paginatedResourceKeys and notices we should have only one resource label: device ID. It takes 40K distributions, then merges those that share same device ID. Metric label CPU number is effectively reduced (eliminated). Since we have 4 CPU numbers, we will be left with final 10K Distributions - each assigned to specific device. Since the value of reducer is REDUCE_MEAN, we will extract average value from each of distribution. Finally, we will have 10K pairs: device ID + average CPU value across cores. This array is sorted in descending order.

Process above is executed by each sorting ranking. Therefore, for each timestamp and each of 8 CPU states, we will extract 10K device + AVG CPU pairs. Rankings within same partitionLabelSets are stored in the same index, but in sorted manner. Sorting neutralizes cardinality issues of all paginated labels.

While CPU number may be useful label, it was decided that in this ranking we will drop it to reduce number of rankings in general. If labels are indeed not needed, it is recommended to reduce them.

View/function names used in queries must be pre-defined in metric descriptor:

cuttle monitoring query time-serie --parent projects/your-project \
  --filter 'metric.type="devices.edgelq.com/device/cpu/utilization" AND \
            resource.type="devices.edgelq.com/device" AND \
            region="us-west2" and metric.labels.state IN ["user","system"]' \
  --pagination '{"alignmentPeriod": "3600s", \
                 "view": "ByDevice", \
                 "function": "Mean",
                 "limit": 20,
                 "offset": 0}' \
  --interval '{"startTime": "2023-07-12T19:00:00Z", \
               "endTime": "2023-07-12T22:00:00Z"}' -o json

You may have noticed that this CPU ranking may hide devices which have very high CPU usage on a single core - and low on remaining. For example, if we have 3 CPUs with 5% load, and 1 CPU with 95% load, average will be 27.5%.

To address this issue, we may add another function:

functions:
- name: "Mean"
  # ... other fields
- name: "MaxCoreOfAvg"
  aligner: ALIGN_MEAN
  reducer: REDUCE_MAX
  sorting: DESCENDING

Aligner ALIGN_MEAN will extract average CPU usage per each core within each alignment period. Reducer REDUCE_MAX then picks CPU core that was the highest. If CPU 0/1/2 had average CPU usage 5%, and CPU 3 had 95%, final value will be not 27.5%, but 95%.

It is worth checking what functions are needed by users though - each function requires additional computation/storage resources when writing.

Produced indices

Paginated indices group produces as many indices, as large is cartesian product of partitionLabelSets, views and functions. In this example, we will have one index: usage-ranking:ProjectScope/ByDevice/Mean.

Summary recommendations

  • partitionLabelSets may be empty, or contain any low/high cardinality labels.
  • views.filterableMetricKeys and views.filterableResourceKeys should not contain high cardinality labels.
  • views.paginatedMetricKeys and views.paginatedResourceKeys are designed to handle high cardinality labels.
  • Removing unnecessary partition/views/functions sets is recommended to reduce compute/storage.

Advanced: Index lifecycle management

Each index has 3 lifecycle states:

  • ACTIVE: Writes are active, reads are possible
  • SUSPENDED: Writes are active, but reads are possible only up to the timestamp when index entered this state.
  • CLOSED: Writes are not active, reads are possible only up to the timestamp when index entered this state.

By default, index is in ACTIVE state. From this state, it can be moved into SUSPENDED or CLOSED state. From SUSPENDED state, index can come back to ACTIVE state or CLOSED state. CLOSED state is terminal - index only exists to provide historical data up to the time when index was closed.

Potentially index can be completely removed from MetricDescriptor resource. In that case, it is forgotten and associated data will eventually expire.

Be aware, that time series are computed/written continuously with time. Adding new index does not cause old data to be recomputed. Nor deleting/closing index will delete old data. When monitoring gets a query, it analyzes requested interval to find the best index for each sub-period within.

It is highly recommended to move index into SUSPENDED state before CLOSED. This way we can test if anyone was actually using this index. While it is possible to use Audit service (sample reads) to analyze usage, or check monitoring index usage, it is advisable to err on safety side.

Non aggregated indices can be closed by changing partition label set status individually:

nonAggregatedIndices:
- name: "..."
  resourceTypes: [ ... ]
  partitionLabelSets:
  - name: "..."
    closingStatus: SUSPENDED # or CLOSED

For pre-aggregated/paginated indices, each cartesian component has its own closing status field:

paginationIndices:
- name: "..."
  resourceTypes: [ ... ]
  partitionLabelSets:
  - name: "..."
    closingStatus: ...
  views:
  - name: "..."
    closingStatus: ...
  functions:
  - name: "..."
    closingStatus: ...

preAggregatedIndices:
- name: "..."
  resourceTypes: [ ... ]
  partitionLabelSets:
  - name: "..."
    closingStatus: ...
  filterAndGroupLabelSets:
  - name: "..."
    closingStatus: ...
  supportedAggregations:
  - name: "..."
    closingStatus: ...

Index is considered CLOSED, if at least one of the inputs is in CLOSED state. If not, then index is SUSPENDED if at least one of the inputs is in SUSPENDED state.

Apart from lifecycle, it is important to categorize each index into 2 groups:

  • built-in: Indices are defined by service developers and cannot be modified by project admins.
  • user-defined: Indices are defined by project administrators. They should include indices that are useful for individual project perspective.

Both groups are reflected in MetricDescriptor schema:

- name: projects/.../metricDescriptors/...
  type: ...
  displayName: ...
  metricKind: ...
  valueType: ...
  unit: ...
  labels: ...
  indices:
    builtIn:
      nonAggregatedIndices: ...
      preAggregatedIndices: ...
      paginationIndices: ...
    userDefined:
      nonAggregatedIndices: ...
      preAggregatedIndices: ...
      paginationIndices: ...

5.1 -

Understanding the monitoring.edgelq.com service APIv3, in proto package ntt.monitoring.v3.

Service monitoring.edgelq.com in version v3, proto package ntt.monitoring.v3

Here is the list of resources supported in Monitoring service APIv3:

Alert Resource

Alert Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}/alertingConditions/{alerting_condition}/alerts/{alert}

Parent resources:

This section covers the methods and messages to interact with Alert resource.

Alert Methods

Here is the list of Alert resource methods:

GetAlert Method

GetAlert

rpc GetAlert(GetAlertRequest) returns (Alert)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.get

The equivalent REST API is:

GET /v3/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*}

BatchGetAlerts Method

BatchGetAlerts

rpc BatchGetAlerts(BatchGetAlertsRequest) returns (BatchGetAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.batchGet

The equivalent REST API is:

GET /v3/alerts:batchGet

ListAlerts Method

ListAlerts

rpc ListAlerts(ListAlertsRequest) returns (ListAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.list

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts

WatchAlert Method

WatchAlert

rpc WatchAlert(WatchAlertRequest) returns (WatchAlertResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.watch

The equivalent REST API is:

POST /v3/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*}:watch

WatchAlerts Method

WatchAlerts

rpc WatchAlerts(WatchAlertsRequest) returns (WatchAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.watch

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts:watch

CreateAlert Method

CreateAlert

rpc CreateAlert(CreateAlertRequest) returns (Alert)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.create

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts (BODY: alert)

UpdateAlert Method

UpdateAlert

rpc UpdateAlert(UpdateAlertRequest) returns (Alert)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.update

The equivalent REST API is:

PUT /v3/{alert.name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*} (BODY: alert)

DeleteAlert Method

DeleteAlert

rpc DeleteAlert(DeleteAlertRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*}

Alert Messages

Here is the list of Alert resource messages:

Alert Message

Name Type Description
name string (name of Alert) Name of Alert When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.:-]{1,128}
metadata Meta
display_name string
info Alert.Info
state Alert.State State of alert

Alert.Info Message

Name Type Description
time_serie Alert.Info.TimeSerie TimeSerie labels that violated condition
observed_values Alert.Info.ObservedValues observed time series values during alert creation

Alert.State Message

Name Type Description
is_firing bool
is_acknowledged bool
is_silenced bool
lifetime TimeRange describes in terms of time series when alert began and ended (resolved). uses Time Series derived timestamps, rather than real-time. use meta.create_time to get creation date.
needs_notification bool This alert needs to be notified
notification_created bool Notification resource is generated for this alert
lifecycle_completed bool Alert has ended and any needed notifications are processed

Alert.Info.TimeSerie Message

Name Type Description
key bytes
metric Metric
monitored_resource MonitoredResource

Alert.Info.ObservedValues Message

Name Type Description
example_value double oneof
per_metric map<string, double>

Alert.State.Threshold Message

oneof:

Name Type Description
observed_value double

Alert.State.CombineThreshold Message

Name Type Description
none none none

Alert.State.CombineThreshold.PerMetric Message

Name Type Description
observed_values map<string, double>

GetAlertRequest Message

A request message of the GetAlert method.

Name Type Description
name string (name of Alert) Name of ntt.monitoring.v3.Alert
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertsRequest Message

A request message of the BatchGetAlerts method.

Name Type Description
names repeated string (name of Alert) Names of Alerts
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertsResponse Message

A response message of the BatchGetAlerts method.

Name Type Description
alerts repeated Alert found Alerts
missing repeated string (name of Alert) list of not found Alerts

ListAlertsRequest Message

A request message of the ListAlerts method.

Name Type Description
parent string (parent name of Alert) Parent name of ntt.monitoring.v3.Alert
page_size int32 Requested page size. Server may return fewer Alerts than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Alert) A token identifying a page of results the server should return. Typically, this is the value of ListAlertsResponse.next_page_token.
order_by string (orderBy of Alert) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Alert) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAlertsResponse Message

A response message of the ListAlerts method.

Name Type Description
alerts repeated Alert The list of Alerts
prev_page_token string (cursor of Alert) A token to retrieve previous page of results. Pass this value in the ListAlertsRequest.page_token.
next_page_token string (cursor of Alert) A token to retrieve next page of results. Pass this value in the ListAlertsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Alerts across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAlertRequest Message

A request message of the WatchAlert method.

Name Type Description
name string (name of Alert) Name of ntt.monitoring.v3.Alert
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAlertResponse Message

A response message of the WatchAlert method.

Name Type Description
change AlertChange

WatchAlertsRequest Message

A request message of the WatchAlerts method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Alert) Parent name of ntt.monitoring.v3.Alert
page_size int32 Requested page size. Server may return fewer Alerts than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Alert) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Alert) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Alert) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Alert that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Alert that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAlertsResponse Message

A response message of the WatchAlerts method.

Name Type Description
alert_changes repeated AlertChange Changes of Alerts
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Alerts will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAlertsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Alerts will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAlertsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Alert) New token to retrieve previous page of results.
next_page_token string (cursor of Alert) New token to retrieve next page of results.

CreateAlertRequest Message

A request message of the CreateAlert method.

Name Type Description
parent string (parent name of Alert) Parent name of ntt.monitoring.v3.Alert
alert Alert Alert resource body
response_mask CreateAlertRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAlertRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAlertRequest Message

A request message of the UpdateAlert method.

Name Type Description
alert Alert Alert resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAlertRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAlertRequest.ResponseMask reduce message response size.

UpdateAlertRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Alert Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAlertRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAlertRequest Message

A request message of the DeleteAlert method.

Name Type Description
name string (name of Alert) Name of ntt.monitoring.v3.Alert
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

AlertingCondition Resource

AlertingCondition Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}/alertingConditions/{alerting_condition}

Parent resources:

This section covers the methods and messages to interact with AlertingCondition resource.

AlertingCondition Methods

Here is the list of AlertingCondition resource methods:

GetAlertingCondition Method

GetAlertingCondition

rpc GetAlertingCondition(GetAlertingConditionRequest) returns (AlertingCondition)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.get

The equivalent REST API is:

GET /v3/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}

BatchGetAlertingConditions Method

BatchGetAlertingConditions

rpc BatchGetAlertingConditions(BatchGetAlertingConditionsRequest) returns (BatchGetAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.batchGet

The equivalent REST API is:

GET /v3/alertingConditions:batchGet

ListAlertingConditions Method

ListAlertingConditions

rpc ListAlertingConditions(ListAlertingConditionsRequest) returns (ListAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.list

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions

WatchAlertingCondition Method

WatchAlertingCondition

rpc WatchAlertingCondition(WatchAlertingConditionRequest) returns (WatchAlertingConditionResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.watch

The equivalent REST API is:

POST /v3/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}:watch

WatchAlertingConditions Method

WatchAlertingConditions

rpc WatchAlertingConditions(WatchAlertingConditionsRequest) returns (WatchAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.watch

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions:watch

CreateAlertingCondition Method

CreateAlertingCondition

rpc CreateAlertingCondition(CreateAlertingConditionRequest) returns (AlertingCondition)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.create

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions (BODY: alerting_condition)

UpdateAlertingCondition Method

UpdateAlertingCondition

rpc UpdateAlertingCondition(UpdateAlertingConditionRequest) returns (AlertingCondition)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.update

The equivalent REST API is:

PUT /v3/{alerting_condition.name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*} (BODY: alerting_condition)

DeleteAlertingCondition Method

DeleteAlertingCondition

rpc DeleteAlertingCondition(DeleteAlertingConditionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}

SearchAlertingConditions Method

SearchAlertingConditions

rpc SearchAlertingConditions(SearchAlertingConditionsRequest) returns (SearchAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.search

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions:search

AlertingCondition Messages

Here is the list of AlertingCondition resource messages:

AlertingCondition Message

Name Type Description
name string (name of AlertingCondition) Name of AlertingCondition When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
metadata Meta Metadata
display_name string Display Name
description string Long description
spec AlertingCondition.Spec
state AlertingCondition.State

AlertingCondition.Spec Message

Name Type Description
time_series AlertingCondition.Spec.TimeSeries
trigger AlertingCondition.Spec.Trigger

AlertingCondition.State Message

Name Type Description
firing_alerts_count int64

AlertingCondition.Spec.TimeSeries Message

Name Type Description
query AlertingCondition.Spec.TimeSeries.Query Time Series Query
threshold AlertingCondition.Spec.TimeSeries.Threshold Either specify single threshold or combine threshold, which allows to pair each metric value to their specific thresholds, e.g. distinguish mean (loss, latency, jitter) in single query
combine_threshold AlertingCondition.Spec.TimeSeries.CombineThreshold
duration .google.protobuf.Duration Duration describes length of time needed for the condition to trigger a new alert of resolve an existing one

AlertingCondition.Spec.Trigger Message

Name Type Description
type AlertingCondition.Spec.Trigger.Type

AlertingCondition.Spec.TimeSeries.Query Message

Name Type Description
selector TimeSeriesSelector Selector is used to generate Time Series filter
aggregation Aggregation Time Series aggregation

AlertingCondition.Spec.TimeSeries.Threshold Message

Name Type Description
compare AlertingCondition.Spec.TimeSeries.Threshold.Compare Compare function specifies if observed value must be GreaterThan (GT) or LesserThan (LT) threshold value in order to trigger an alert. Example: for metric latency {compare: GT, value: 150} will trigger if actual latency is above 150ms.
value double threshold value

AlertingCondition.Spec.TimeSeries.CombineThreshold Message

Name Type Description
per_metric map<string, AlertingCondition.Spec.TimeSeries.Threshold> Per Metric threshold. If multiple metrics are selected each metric may specify a different threshold
combine AlertingCondition.Spec.TimeSeries.CombineThreshold.CombineOperator Combine describes how sub-conditions for each metric concerning single resource label set (determined by aggregation.groupByFields) must compose in order to trigger an alert. TODO: add support for AND

GetAlertingConditionRequest Message

A request message of the GetAlertingCondition method.

Name Type Description
name string (name of AlertingCondition) Name of ntt.monitoring.v3.AlertingCondition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingConditionsRequest Message

A request message of the BatchGetAlertingConditions method.

Name Type Description
names repeated string (name of AlertingCondition) Names of AlertingConditions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingConditionsResponse Message

A response message of the BatchGetAlertingConditions method.

Name Type Description
alerting_conditions repeated AlertingCondition found AlertingConditions
missing repeated string (name of AlertingCondition) list of not found AlertingConditions

ListAlertingConditionsRequest Message

A request message of the ListAlertingConditions method.

Name Type Description
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v3.AlertingCondition
page_size int32 Requested page size. Server may return fewer AlertingConditions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingCondition) A token identifying a page of results the server should return. Typically, this is the value of ListAlertingConditionsResponse.next_page_token.
order_by string (orderBy of AlertingCondition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingCondition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAlertingConditionsResponse Message

A response message of the ListAlertingConditions method.

Name Type Description
alerting_conditions repeated AlertingCondition The list of AlertingConditions
prev_page_token string (cursor of AlertingCondition) A token to retrieve previous page of results. Pass this value in the ListAlertingConditionsRequest.page_token.
next_page_token string (cursor of AlertingCondition) A token to retrieve next page of results. Pass this value in the ListAlertingConditionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AlertingConditions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAlertingConditionRequest Message

A request message of the WatchAlertingCondition method.

Name Type Description
name string (name of AlertingCondition) Name of ntt.monitoring.v3.AlertingCondition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAlertingConditionResponse Message

A response message of the WatchAlertingCondition method.

Name Type Description
change AlertingConditionChange

WatchAlertingConditionsRequest Message

A request message of the WatchAlertingConditions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v3.AlertingCondition
page_size int32 Requested page size. Server may return fewer AlertingConditions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AlertingCondition) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AlertingCondition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AlertingCondition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AlertingCondition that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AlertingCondition that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAlertingConditionsResponse Message

A response message of the WatchAlertingConditions method.

Name Type Description
alerting_condition_changes repeated AlertingConditionChange Changes of AlertingConditions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AlertingConditions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAlertingConditionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AlertingConditions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAlertingConditionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AlertingCondition) New token to retrieve previous page of results.
next_page_token string (cursor of AlertingCondition) New token to retrieve next page of results.

CreateAlertingConditionRequest Message

A request message of the CreateAlertingCondition method.

Name Type Description
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v3.AlertingCondition
alerting_condition AlertingCondition AlertingCondition resource body
response_mask CreateAlertingConditionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAlertingConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAlertingConditionRequest Message

A request message of the UpdateAlertingCondition method.

Name Type Description
alerting_condition AlertingCondition AlertingCondition resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAlertingConditionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAlertingConditionRequest.ResponseMask reduce message response size.

UpdateAlertingConditionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AlertingCondition Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAlertingConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAlertingConditionRequest Message

A request message of the DeleteAlertingCondition method.

Name Type Description
name string (name of AlertingCondition) Name of ntt.monitoring.v3.AlertingCondition
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchAlertingConditionsRequest Message

A request message of the SearchAlertingConditions method.

Name Type Description
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v3.AlertingCondition
page_size int32 Requested page size. Server may return fewer AlertingConditions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingCondition) A token identifying a page of results the server should return. Typically, this is the value of SearchAlertingConditionsResponse.next_page_token.
order_by string (orderBy of AlertingCondition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingCondition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchAlertingConditionsResponse Message

A response message of the SearchAlertingConditions method.

Name Type Description
alerting_conditions repeated AlertingCondition The list of AlertingConditions
prev_page_token string (cursor of AlertingCondition) A token to retrieve previous page of results. Pass this value in the SearchAlertingConditionsRequest.page_token.
next_page_token string (cursor of AlertingCondition) A token to retrieve next page of results. Pass this value in the SearchAlertingConditionsRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total AlertingConditions across all pages.

AlertingCondition Enumerations

Here is the list of AlertingCondition resource enumerations:

AlertingCondition.Spec.TimeSeries.Threshold.Compare Enumeration

Name Description
COMPARE_UNSPECIFIED
GT
LT

AlertingCondition.Spec.TimeSeries.CombineThreshold.CombineOperator Enumeration

Name Description
OR
AND

AlertingCondition.Spec.Trigger.Type Enumeration

Name Description
EACH Triggers on each unique TimeSeries label set violation

AlertingPolicy Resource

AlertingPolicy Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}

Parent resources:

This section covers the methods and messages to interact with AlertingPolicy resource.

AlertingPolicy Methods

Here is the list of AlertingPolicy resource methods:

GetAlertingPolicy Method

GetAlertingPolicy

rpc GetAlertingPolicy(GetAlertingPolicyRequest) returns (AlertingPolicy)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.get

The equivalent REST API is:

GET /v3/{name=projects/*/regions/*/alertingPolicies/*}

BatchGetAlertingPolicies Method

BatchGetAlertingPolicies

rpc BatchGetAlertingPolicies(BatchGetAlertingPoliciesRequest) returns (BatchGetAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.batchGet

The equivalent REST API is:

GET /v3/alertingPolicies:batchGet

ListAlertingPolicies Method

ListAlertingPolicies

rpc ListAlertingPolicies(ListAlertingPoliciesRequest) returns (ListAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.list

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*}/alertingPolicies

WatchAlertingPolicy Method

WatchAlertingPolicy

rpc WatchAlertingPolicy(WatchAlertingPolicyRequest) returns (WatchAlertingPolicyResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.watch

The equivalent REST API is:

POST /v3/{name=projects/*/regions/*/alertingPolicies/*}:watch

WatchAlertingPolicies Method

WatchAlertingPolicies

rpc WatchAlertingPolicies(WatchAlertingPoliciesRequest) returns (WatchAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.watch

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*}/alertingPolicies:watch

CreateAlertingPolicy Method

CreateAlertingPolicy

rpc CreateAlertingPolicy(CreateAlertingPolicyRequest) returns (AlertingPolicy)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.create

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*}/alertingPolicies (BODY: alerting_policy)

UpdateAlertingPolicy Method

UpdateAlertingPolicy

rpc UpdateAlertingPolicy(UpdateAlertingPolicyRequest) returns (AlertingPolicy)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.update

The equivalent REST API is:

PUT /v3/{alerting_policy.name=projects/*/regions/*/alertingPolicies/*} (BODY: alerting_policy)

DeleteAlertingPolicy Method

DeleteAlertingPolicy

rpc DeleteAlertingPolicy(DeleteAlertingPolicyRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/regions/*/alertingPolicies/*}

SearchAlertingPolicies Method

SearchAlertingPolicies

rpc SearchAlertingPolicies(SearchAlertingPoliciesRequest) returns (SearchAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.search

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*}/alertingPolicies:search

AlertingPolicy Messages

Here is the list of AlertingPolicy resource messages:

AlertingPolicy Message

Name Type Description
name string (name of AlertingPolicy) Name of AlertingPolicy When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
metadata Meta
display_name string display name
description string Long description
documentation AlertingPolicy.Documentation
spec AlertingPolicy.Spec Spec
state AlertingPolicy.State

AlertingPolicy.Documentation Message

Documentation

Name Type Description
content string Documentation content
mime_type string documentation mime type. Only "text/markdown" is supported.

AlertingPolicy.Spec Message

Name Type Description
enabled bool Whether policy is enabled and will evaluate any conditions Note: If any existing fired alerts are present, they will not be resolved automatically TODO: consider if they should?
condition_combiner AlertingPolicy.Spec.ConditionsCombiner Condition Combiner when deciding if ANY (OR) or ALL (AND) conditions for given subset of resource labels must fire in order to trigger an alert TODO: Add support to AND
notification AlertingPolicy.Spec.Notification Notification specification

AlertingPolicy.State Message

Name Type Description
active_alerts_count int64 Number of ongoing alerts (incident has not ended)

AlertingPolicy.Spec.Notification Message

Notification specification for a given Policy

Name Type Description
enabled bool Enabled flag determines whether any notifications will be sent
channels repeated string (reference to NotificationChannel)

GetAlertingPolicyRequest Message

A request message of the GetAlertingPolicy method.

Name Type Description
name string (name of AlertingPolicy) Name of ntt.monitoring.v3.AlertingPolicy
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingPoliciesRequest Message

A request message of the BatchGetAlertingPolicies method.

Name Type Description
names repeated string (name of AlertingPolicy) Names of AlertingPolicies
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingPoliciesResponse Message

A response message of the BatchGetAlertingPolicies method.

Name Type Description
alerting_policies repeated AlertingPolicy found AlertingPolicies
missing repeated string (name of AlertingPolicy) list of not found AlertingPolicies

ListAlertingPoliciesRequest Message

A request message of the ListAlertingPolicies method.

Name Type Description
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v3.AlertingPolicy
page_size int32 Requested page size. Server may return fewer AlertingPolicies than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingPolicy) A token identifying a page of results the server should return. Typically, this is the value of ListAlertingPoliciesResponse.next_page_token.
order_by string (orderBy of AlertingPolicy) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingPolicy) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAlertingPoliciesResponse Message

A response message of the ListAlertingPolicies method.

Name Type Description
alerting_policies repeated AlertingPolicy The list of AlertingPolicies
prev_page_token string (cursor of AlertingPolicy) A token to retrieve previous page of results. Pass this value in the ListAlertingPoliciesRequest.page_token.
next_page_token string (cursor of AlertingPolicy) A token to retrieve next page of results. Pass this value in the ListAlertingPoliciesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AlertingPolicies across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAlertingPolicyRequest Message

A request message of the WatchAlertingPolicy method.

Name Type Description
name string (name of AlertingPolicy) Name of ntt.monitoring.v3.AlertingPolicy
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAlertingPolicyResponse Message

A response message of the WatchAlertingPolicy method.

Name Type Description
change AlertingPolicyChange

WatchAlertingPoliciesRequest Message

A request message of the WatchAlertingPolicies method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v3.AlertingPolicy
page_size int32 Requested page size. Server may return fewer AlertingPolicies than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AlertingPolicy) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AlertingPolicy) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AlertingPolicy) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AlertingPolicy that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AlertingPolicy that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAlertingPoliciesResponse Message

A response message of the WatchAlertingPolicies method.

Name Type Description
alerting_policy_changes repeated AlertingPolicyChange Changes of AlertingPolicies
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AlertingPolicies will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAlertingPoliciesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AlertingPolicies will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAlertingPoliciesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AlertingPolicy) New token to retrieve previous page of results.
next_page_token string (cursor of AlertingPolicy) New token to retrieve next page of results.

CreateAlertingPolicyRequest Message

A request message of the CreateAlertingPolicy method.

Name Type Description
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v3.AlertingPolicy
alerting_policy AlertingPolicy AlertingPolicy resource body
response_mask CreateAlertingPolicyRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAlertingPolicyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAlertingPolicyRequest Message

A request message of the UpdateAlertingPolicy method.

Name Type Description
alerting_policy AlertingPolicy AlertingPolicy resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAlertingPolicyRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAlertingPolicyRequest.ResponseMask reduce message response size.

UpdateAlertingPolicyRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AlertingPolicy Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAlertingPolicyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAlertingPolicyRequest Message

A request message of the DeleteAlertingPolicy method.

Name Type Description
name string (name of AlertingPolicy) Name of ntt.monitoring.v3.AlertingPolicy
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchAlertingPoliciesRequest Message

A request message of the SearchAlertingPolicies method.

Name Type Description
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v3.AlertingPolicy
page_size int32 Requested page size. Server may return fewer AlertingPolicies than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingPolicy) A token identifying a page of results the server should return. Typically, this is the value of SearchAlertingPoliciesResponse.next_page_token.
order_by string (orderBy of AlertingPolicy) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingPolicy) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchAlertingPoliciesResponse Message

A response message of the SearchAlertingPolicies method.

Name Type Description
alerting_policies repeated AlertingPolicy The list of AlertingPolicies
prev_page_token string (cursor of AlertingPolicy) A token to retrieve previous page of results. Pass this value in the SearchAlertingPoliciesRequest.page_token.
next_page_token string (cursor of AlertingPolicy) A token to retrieve next page of results. Pass this value in the SearchAlertingPoliciesRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total AlertingPolicies across all pages.

AlertingPolicy Enumerations

Here is the list of AlertingPolicy resource enumerations:

AlertingPolicy.Spec.ConditionsCombiner Enumeration

Name Description
OR
AND

MetricDescriptor Resource

Defines a metric type and its schema. Once a metric descriptor is created, deleting or altering it stops data collection and makes the metric type’s existing data unusable.

Name patterns:

  • projects/{project}/metricDescriptors/{metric_descriptor}

Parent resources:

This section covers the methods and messages to interact with MetricDescriptor resource.

MetricDescriptor Methods

Here is the list of MetricDescriptor resource methods:

BatchGetMetricDescriptors Method

BatchGetMetricDescriptors

rpc BatchGetMetricDescriptors(BatchGetMetricDescriptorsRequest) returns (BatchGetMetricDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.batchGet

The equivalent REST API is:

GET /v3/metricDescriptors:batchGet

WatchMetricDescriptor Method

WatchMetricDescriptor

rpc WatchMetricDescriptor(WatchMetricDescriptorRequest) returns (WatchMetricDescriptorResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.watch

The equivalent REST API is:

POST /v3/{name=projects/*/metricDescriptors/*}:watch

WatchMetricDescriptors Method

WatchMetricDescriptors

rpc WatchMetricDescriptors(WatchMetricDescriptorsRequest) returns (WatchMetricDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.watch

The equivalent REST API is:

POST /v3/{parent=projects/*}/metricDescriptors:watch

GetMetricDescriptor Method

GetMetricDescriptor

rpc GetMetricDescriptor(GetMetricDescriptorRequest) returns (MetricDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.get

The equivalent REST API is:

GET /v3/{name=projects/*/metricDescriptors/*}

CreateMetricDescriptor Method

CreateMetricDescriptor

rpc CreateMetricDescriptor(CreateMetricDescriptorRequest) returns (MetricDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.create

The equivalent REST API is:

POST /v3/{parent=projects/*}/metricDescriptors (BODY: metric_descriptor)

UpdateMetricDescriptor Method

UpdateMetricDescriptor

rpc UpdateMetricDescriptor(UpdateMetricDescriptorRequest) returns (MetricDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.update

The equivalent REST API is:

PUT /v3/{metric_descriptor.name=projects/*/metricDescriptors/*} (BODY: metric_descriptor)

DeleteMetricDescriptor Method

DeleteMetricDescriptor

rpc DeleteMetricDescriptor(DeleteMetricDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/metricDescriptors/*}

ListMetricDescriptors Method

ListMetricDescriptors

rpc ListMetricDescriptors(ListMetricDescriptorsRequest) returns (ListMetricDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.list

The equivalent REST API is:

GET /v3/{parent=projects/*}/metricDescriptors

MetricDescriptor Messages

Here is the list of MetricDescriptor resource messages:

MetricDescriptor Message

Name Type Description
metadata Meta Metadata
name string (name of MetricDescriptor) The resource name of the metric descriptor. When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-]{4,128}
type string The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name custom.googleapis.com or external.googleapis.com. Metric types should use a natural hierarchical grouping. For example: “custom.googleapis.com/invoice/paid/amount” “external.googleapis.com/prometheus/up” “appengine.googleapis.com/http/server/response_latencies”
resource_types repeated string associated resource_types (also used to infer defaults) examples, devices.edgelq.com/Device, watchdog.edgelq.com/Agent if not set, defaults to “global” resource type.
labels repeated LabelDescriptor The set of labels that can be used to describe a specific instance of this metric type. For example, the appengine.googleapis.com/http/server/response_latencies metric type has a label for the HTTP response code, response_code, so you can look at latencies for successful responses or just for responses that failed.
metric_kind MetricDescriptor.MetricKind Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metric_kind and value_type might not be supported.
value_type MetricDescriptor.ValueType Whether the measurement is an integer, a floating-point number, etc. Some combinations of metric_kind and value_type might not be supported.
unit string The unit in which the metric value is reported. It is only applicable if the value_type is INT64, DOUBLE, or DISTRIBUTION. The supported units are a subset of The Unified Code for Units of Measure standard: Basic units (UNIT) * bit bit * By byte * s second * min minute * h hour * d day Prefixes (PREFIX) * k kilo (103) * M mega (106) * G giga (109) * T tera (1012) * P peta (1015) * E exa (1018) * Z zetta (1021) * Y yotta (1024) * m milli (10**-3) * u micro (10**-6) * n nano (10**-9) * p pico (10**-12) * f femto (10**-15) * a atto (10**-18) * z zepto (10**-21) * y yocto (10**-24) * Ki kibi (210) * Mi mebi (220) * Gi gibi (230) * Ti tebi (240) Grammar The grammar also includes these connectors: * / division (as an infix operator, e.g. 1/s). * . multiplication (as an infix operator, e.g. GBy.d) The grammar for a unit is as follows: Expression = Component { “.” Component } { “/” Component } ; Component = ( [ PREFIX ] UNIT
description string A detailed description of the metric, which can be used in documentation.
display_name string A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example “Request count”. This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota.
metric_descriptor_metadata MetricDescriptor.MetricDescriptorMetadata Optional. Metadata which can be used to guide usage of the metric.
distribution_bucket_options Distribution.BucketOptions Distribution bucketing options - define only when ValueType is Distribution. Used for validating input.
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations. Metric promoted label sets are combined with MonitoredResource promoted label sets and result in PromotedKeySet.
index_spec MetricDescriptor.IndexSpec Indexing allows tweaking storage usage by tweaking amount of “duplicate” data with different promotion criteria. It’s important consideration for balancing time series query performance and storage cost.
storage_config MetricDescriptor.StorageConfig Storage settings

MetricDescriptor.MetricDescriptorMetadata Message

Additional annotations that can be used to guide the usage of a metric.

Name Type Description
launch_stage LaunchStage The launch stage of the metric definition.

MetricDescriptor.IndexSpec Message

Name Type Description
per_resource repeated MetricDescriptor.IndexSpec.PerMonitoredResource PerResource index

MetricDescriptor.StorageConfig Message

Backend storage config

Name Type Description
store_raw_points bool whether to store raw points

MetricDescriptor.IndexSpec.Index Message

Name Type Description
promoted_labels repeated string each label is of format: {metric,resource}.labels.\<label-key\>. since resource and metric labels are mixed. Full path is required.
write_only bool whether this index is write-only and not usable for querying

MetricDescriptor.IndexSpec.PerMonitoredResource Message

Name Type Description
resource string (reference to MonitoredResourceDescriptor)
indices repeated MetricDescriptor.IndexSpec.Index List of indices for given metric and resource pair

BatchGetMetricDescriptorsRequest Message

A request message of the BatchGetMetricDescriptors method.

Name Type Description
names repeated string (name of MetricDescriptor) Names of MetricDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMetricDescriptorsResponse Message

A response message of the BatchGetMetricDescriptors method.

Name Type Description
metric_descriptors repeated MetricDescriptor found MetricDescriptors
missing repeated string (name of MetricDescriptor) list of not found MetricDescriptors

WatchMetricDescriptorRequest Message

A request message of the WatchMetricDescriptor method.

Name Type Description
name string (name of MetricDescriptor) Name of ntt.monitoring.v3.MetricDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMetricDescriptorResponse Message

A response message of the WatchMetricDescriptor method.

Name Type Description
change MetricDescriptorChange

WatchMetricDescriptorsRequest Message

A request message of the WatchMetricDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of MetricDescriptor) Parent name of ntt.monitoring.v3.MetricDescriptor
page_size int32 Requested page size. Server may return fewer MetricDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MetricDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MetricDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MetricDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MetricDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MetricDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMetricDescriptorsResponse Message

A response message of the WatchMetricDescriptors method.

Name Type Description
metric_descriptor_changes repeated MetricDescriptorChange Changes of MetricDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MetricDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMetricDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MetricDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMetricDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MetricDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of MetricDescriptor) New token to retrieve next page of results.

GetMetricDescriptorRequest Message

Request message for method [GetMetricDescriptor][ntt.monitoring.v3.GetMetricDescriptor]

Name Type Description
name string (name of MetricDescriptor) The metric descriptor on which to execute the request. The format is "projects/{project_id_or_number}/metricDescriptors/{metric_id}". An example value of {metric_id} is "compute.googleapis.com/instance/disk/read_bytes_count".
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

CreateMetricDescriptorRequest Message

Request message for method [CreateMetricDescriptor][ntt.monitoring.v3.CreateMetricDescriptor]

Name Type Description
parent string (parent name of MetricDescriptor) The project on which to execute the request. The format is "projects/{project_id_or_number}".
metric_descriptor MetricDescriptor The new custom metric descriptor.
response_mask CreateMetricDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateMetricDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateMetricDescriptorRequest Message

Request message for method [UpdateMetricDescriptor][ntt.monitoring.v3.UpdateMetricDescriptor]

Name Type Description
metric_descriptor MetricDescriptor MetricDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMetricDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateMetricDescriptorRequest.ResponseMask

UpdateMetricDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MetricDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMetricDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteMetricDescriptorRequest Message

Request message for method [DeleteMetricDescriptor][ntt.monitoring.v3.DeleteMetricDescriptor]

Name Type Description
name string (name of MetricDescriptor) The metric descriptor on which to execute the request. The format is "projects/{project_id_or_number}/metricDescriptors/{metric_id}". An example of {metric_id} is: "custom.googleapis.com/my_test_metric".
allow_missing bool If true, call will not return NotFound error if deleted resource does not exist.

ListMetricDescriptorsRequest Message

Request message for method [ListMetricDescriptors][ntt.monitoring.v3.ListMetricDescriptors]

Name Type Description
parent string (parent name of MetricDescriptor) The project on which to execute the request. The format is "projects/{project_id_or_number}".
filter string (filter of MetricDescriptor) If this field is empty, all custom and system-defined metric descriptors are returned. Otherwise, the filter specifies which metric descriptors are to be returned. For example, the following filter matches all custom metrics: metric.type = starts_with(“custom.googleapis.com/”)
page_size int32 A positive number that is the maximum number of results to return.
page_token string (cursor of MetricDescriptor) If this field is not empty then it must contain the nextPageToken value returned by a previous call to this method. Using this field causes the method to return additional results from the previous method call.
order_by string (orderBy of MetricDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMetricDescriptorsResponse Message

Response message for method [ListMetricDescriptors][ntt.monitoring.v3.ListMetricDescriptors]

Name Type Description
metric_descriptors repeated MetricDescriptor The metric descriptors that are available to the project and that match the value of filter, if present.
next_page_token string (cursor of MetricDescriptor) If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
prev_page_token string (cursor of MetricDescriptor)
current_offset int32 Current offset from the first page (0 if no page tokens were given or paging info was not requested). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MetricDescriptors across all pages or 0, if there are no items or paging info was not requested.

MetricDescriptor Enumerations

Here is the list of MetricDescriptor resource enumerations:

MetricDescriptor.MetricKind Enumeration

The kind of measurement. It describes how the data is reported.

Name Description
METRIC_KIND_UNSPECIFIED Do not use this default value.
GAUGE An instantaneous measurement of a value.
DELTA The change in a value during a time interval.
CUMULATIVE A value accumulated over a time interval. Cumulative measurements in a time series should have the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.

MetricDescriptor.ValueType Enumeration

The value type of a metric.

Name Description
VALUE_TYPE_UNSPECIFIED Do not use this default value.
BOOL The value is a boolean. This value type can be used only if the metric kind is GAUGE.
INT64 The value is a signed 64-bit integer.
DOUBLE The value is a double precision floating point number.
STRING The value is a text string. This value type can be used only if the metric kind is GAUGE.
DISTRIBUTION The value is a [Distribution][google.api.Distribution].
MONEY The value is money.

MonitoredResourceDescriptor Resource

An object that describes the schema of a [MonitoredResource][google.api.MonitoredResource] object using a type name and a set of labels. For example, the monitored resource descriptor for Google Compute Engine VM instances has a type of "gce_instance" and specifies the use of the labels "instance_id" and "zone" to identify particular VM instances.

Different APIs can support different monitored resource types. APIs generally provide a list method that returns the monitored resource descriptors used by the API.

Name patterns:

  • monitoredResourceDescriptors/{monitored_resource_descriptor}

This section covers the methods and messages to interact with MonitoredResourceDescriptor resource.

MonitoredResourceDescriptor Methods

Here is the list of MonitoredResourceDescriptor resource methods:

BatchGetMonitoredResourceDescriptors Method

BatchGetMonitoredResourceDescriptors

rpc BatchGetMonitoredResourceDescriptors(BatchGetMonitoredResourceDescriptorsRequest) returns (BatchGetMonitoredResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.batchGet

The equivalent REST API is:

GET /v3/monitoredResourceDescriptors:batchGet

WatchMonitoredResourceDescriptor Method

WatchMonitoredResourceDescriptor

rpc WatchMonitoredResourceDescriptor(WatchMonitoredResourceDescriptorRequest) returns (WatchMonitoredResourceDescriptorResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.watch

The equivalent REST API is:

POST /v3/{name=monitoredResourceDescriptors/*}:watch

WatchMonitoredResourceDescriptors Method

WatchMonitoredResourceDescriptors

rpc WatchMonitoredResourceDescriptors(WatchMonitoredResourceDescriptorsRequest) returns (WatchMonitoredResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.watch

The equivalent REST API is:

POST /v3/monitoredResourceDescriptors:watch

CreateMonitoredResourceDescriptor Method

CreateMonitoredResourceDescriptor

rpc CreateMonitoredResourceDescriptor(CreateMonitoredResourceDescriptorRequest) returns (MonitoredResourceDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.create

The equivalent REST API is:

POST /v3/monitoredResourceDescriptors (BODY: monitored_resource_descriptor)

UpdateMonitoredResourceDescriptor Method

UpdateMonitoredResourceDescriptor

rpc UpdateMonitoredResourceDescriptor(UpdateMonitoredResourceDescriptorRequest) returns (MonitoredResourceDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.update

The equivalent REST API is:

PUT /v3/{monitored_resource_descriptor.name=monitoredResourceDescriptors/*} (BODY: monitored_resource_descriptor)

DeleteMonitoredResourceDescriptor Method

DeleteMonitoredResourceDescriptor

rpc DeleteMonitoredResourceDescriptor(DeleteMonitoredResourceDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.delete

The equivalent REST API is:

DELETE /v3/{name=monitoredResourceDescriptors/*}

GetMonitoredResourceDescriptor Method

GetMonitoredResourceDescriptor

rpc GetMonitoredResourceDescriptor(GetMonitoredResourceDescriptorRequest) returns (MonitoredResourceDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.get

The equivalent REST API is:

GET /v3/{name=monitoredResourceDescriptors/*}

ListMonitoredResourceDescriptors Method

ListMonitoredResourceDescriptors

rpc ListMonitoredResourceDescriptors(ListMonitoredResourceDescriptorsRequest) returns (ListMonitoredResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.list

The equivalent REST API is:

GET /v3/monitoredResourceDescriptors

MonitoredResourceDescriptor Messages

Here is the list of MonitoredResourceDescriptor resource messages:

MonitoredResourceDescriptor Message

Name Type Description
name string (name of MonitoredResourceDescriptor) Optional. The resource name of the monitored resource descriptor: "projects/{project_id}/monitoredResourceDescriptors/{type}" where {type} is the value of the type field in this object and {project_id} is a project ID that provides API-specific context for accessing the type. APIs that do not use project information can use the resource name format "monitoredResourceDescriptors/{type}". NOTE: currently only "monitoredResourceDescriptors/{type}" form is supported.
type string Required. The monitored resource type. For example, the type "cloudsql_database" represents databases in Google Cloud SQL. The maximum length of this value is 256 characters.
display_name string Optional. A concise name for the monitored resource type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners. For example, "Google Cloud SQL Database".
description string Optional. A detailed description of the monitored resource type that might be used in documentation.
labels repeated LabelDescriptor Required. A set of labels used to describe instances of this monitored resource type. For example, an individual Google Cloud SQL database is identified by values for the labels "database_id" and "zone".
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations. Metric promoted label sets are combined with MonitoredResource promoted label sets and result in PromotedKeySet.
metadata Meta Metadata

BatchGetMonitoredResourceDescriptorsRequest Message

A request message of the BatchGetMonitoredResourceDescriptors method.

Name Type Description
names repeated string (name of MonitoredResourceDescriptor) Names of MonitoredResourceDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMonitoredResourceDescriptorsResponse Message

A response message of the BatchGetMonitoredResourceDescriptors method.

Name Type Description
monitored_resource_descriptors repeated MonitoredResourceDescriptor found MonitoredResourceDescriptors
missing repeated string (name of MonitoredResourceDescriptor) list of not found MonitoredResourceDescriptors

WatchMonitoredResourceDescriptorRequest Message

A request message of the WatchMonitoredResourceDescriptor method.

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of ntt.monitoring.v3.MonitoredResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMonitoredResourceDescriptorResponse Message

A response message of the WatchMonitoredResourceDescriptor method.

Name Type Description
change MonitoredResourceDescriptorChange

WatchMonitoredResourceDescriptorsRequest Message

A request message of the WatchMonitoredResourceDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer MonitoredResourceDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MonitoredResourceDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MonitoredResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MonitoredResourceDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MonitoredResourceDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MonitoredResourceDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMonitoredResourceDescriptorsResponse Message

A response message of the WatchMonitoredResourceDescriptors method.

Name Type Description
monitored_resource_descriptor_changes repeated MonitoredResourceDescriptorChange Changes of MonitoredResourceDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MonitoredResourceDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMonitoredResourceDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MonitoredResourceDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMonitoredResourceDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MonitoredResourceDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of MonitoredResourceDescriptor) New token to retrieve next page of results.

CreateMonitoredResourceDescriptorRequest Message

A request message of the CreateMonitoredResourceDescriptor method.

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor MonitoredResourceDescriptor resource body
response_mask CreateMonitoredResourceDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateMonitoredResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateMonitoredResourceDescriptorRequest Message

A request message of the UpdateMonitoredResourceDescriptor method.

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor MonitoredResourceDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMonitoredResourceDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateMonitoredResourceDescriptorRequest.ResponseMask reduce message response size.

UpdateMonitoredResourceDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MonitoredResourceDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMonitoredResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteMonitoredResourceDescriptorRequest Message

A request message of the DeleteMonitoredResourceDescriptor method.

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of ntt.monitoring.v3.MonitoredResourceDescriptor
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetMonitoredResourceDescriptorRequest Message

Request message for method [GetMonitoredResourceDescriptor][ntt.monitoring.v3.GetMonitoredResourceDescriptor]

Name Type Description
name string (name of MonitoredResourceDescriptor) The monitored resource descriptor to get. The format is "monitoredResourceDescriptors/{resource_type}". The {resource_type} is a predefined type, such as cloudsql_database.
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

ListMonitoredResourceDescriptorsRequest Message

Request message for method [ListMonitoredResourceDescriptors][ntt.monitoring.v3.ListMonitoredResourceDescriptors]

Name Type Description
filter string (filter of MonitoredResourceDescriptor) An optional filter describing the descriptors to be returned. The filter can reference the descriptor’s type and labels. For example, the following filter returns only Google Compute Engine descriptors that have an id label: resource.type = starts_with(“gce_”) AND resource.label:id
page_size int32 A positive number that is the maximum number of results to return.
order_by string (orderBy of MonitoredResourceDescriptor)
page_token string (cursor of MonitoredResourceDescriptor) If this field is not empty then it must contain the nextPageToken value returned by a previous call to this method. Using this field causes the method to return additional results from the previous method call.
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMonitoredResourceDescriptorsResponse Message

Response message for method [ListMonitoredResourceDescriptors][ntt.monitoring.v3.ListMonitoredResourceDescriptors]

Name Type Description
monitored_resource_descriptors repeated MonitoredResourceDescriptor The monitored resource descriptors that are available to this project and that match filter, if present.
next_page_token string (cursor of MonitoredResourceDescriptor) If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
prev_page_token string (cursor of MonitoredResourceDescriptor)
current_offset int32 Current offset from the first page (0 if no page tokens were given or paging info was not requested). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MonitoresResourceDescriptors across all pages or 0, if there are no items or paging info was not requested.

Notification Resource

Notification Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}/notifications/{notification}

Parent resources:

This section covers the methods and messages to interact with Notification resource.

Notification Methods

Here is the list of Notification resource methods:

GetNotification Method

GetNotification

rpc GetNotification(GetNotificationRequest) returns (Notification)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.get

The equivalent REST API is:

GET /v3/{name=projects/*/regions/*/alertingPolicies/*/notifications/*}

BatchGetNotifications Method

BatchGetNotifications

rpc BatchGetNotifications(BatchGetNotificationsRequest) returns (BatchGetNotificationsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.batchGet

The equivalent REST API is:

GET /v3/notifications:batchGet

ListNotifications Method

ListNotifications

rpc ListNotifications(ListNotificationsRequest) returns (ListNotificationsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.list

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*/alertingPolicies/*}/notifications

WatchNotification Method

WatchNotification

rpc WatchNotification(WatchNotificationRequest) returns (WatchNotificationResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.watch

The equivalent REST API is:

POST /v3/{name=projects/*/regions/*/alertingPolicies/*/notifications/*}:watch

WatchNotifications Method

WatchNotifications

rpc WatchNotifications(WatchNotificationsRequest) returns (WatchNotificationsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.watch

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*/alertingPolicies/*}/notifications:watch

CreateNotification Method

CreateNotification

rpc CreateNotification(CreateNotificationRequest) returns (Notification)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.create

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*/alertingPolicies/*}/notifications (BODY: notification)

UpdateNotification Method

UpdateNotification

rpc UpdateNotification(UpdateNotificationRequest) returns (Notification)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.update

The equivalent REST API is:

PUT /v3/{notification.name=projects/*/regions/*/alertingPolicies/*/notifications/*} (BODY: notification)

DeleteNotification Method

DeleteNotification

rpc DeleteNotification(DeleteNotificationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/regions/*/alertingPolicies/*/notifications/*}

Notification Messages

Here is the list of Notification resource messages:

Notification Message

Name Type Description
name string (name of Notification) Name of Notification When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.:-]{1,128}
metadata Meta
alerting_policy string (name of AlertingPolicy) Reference to alerting policy that this notification is for
alerts repeated string (name of Alert) References to alerts that are part of this notification
state Notification.State

Notification.State Message

Name Type Description
is_resolved bool
notification_state repeated Notification.State.NotificationState Notification state
incident_notify_attempts_done bool Internal state to keep track of whether any notification sends needs to be retried for new incident
resolution_notify_attempts_done bool Internal state to keep track of whether any notification sends needs to be retried for resolution
alerts_lifetime TimeRange Time range for which alerts for the policy are clubbed together
resolution_notification_state repeated Notification.State.NotificationState
lifecycle_completed bool Alert has ended and any needed notifications are processed

Notification.State.NotificationState Message

Name Type Description
notification_channel string (name of NotificationChannel) Notification channel name
status Notification.State.NotificationState.Status
error string Error message if status is FAILED
provider_data Notification.State.NotificationState.ProviderData Provider specific data. Allows tracking ids of notifications sent to specific channels.
notify_attempts int64

Notification.State.NotificationState.ProviderData Message

Provider specific data

Name Type Description
slack Notification.State.NotificationState.ProviderData.Slack
pager_duty Notification.State.NotificationState.ProviderData.PagerDuty

Notification.State.NotificationState.ProviderData.Slack Message

Slack

Name Type Description
ts string

Notification.State.NotificationState.ProviderData.PagerDuty Message

Pager Duty

Name Type Description
incident_key string

GetNotificationRequest Message

A request message of the GetNotification method.

Name Type Description
name string (name of Notification) Name of ntt.monitoring.v3.Notification
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationsRequest Message

A request message of the BatchGetNotifications method.

Name Type Description
names repeated string (name of Notification) Names of Notifications
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationsResponse Message

A response message of the BatchGetNotifications method.

Name Type Description
notifications repeated Notification found Notifications
missing repeated string (name of Notification) list of not found Notifications

ListNotificationsRequest Message

A request message of the ListNotifications method.

Name Type Description
parent string (parent name of Notification) Parent name of ntt.monitoring.v3.Notification
page_size int32 Requested page size. Server may return fewer Notifications than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Notification) A token identifying a page of results the server should return. Typically, this is the value of ListNotificationsResponse.next_page_token.
order_by string (orderBy of Notification) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Notification) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListNotificationsResponse Message

A response message of the ListNotifications method.

Name Type Description
notifications repeated Notification The list of Notifications
prev_page_token string (cursor of Notification) A token to retrieve previous page of results. Pass this value in the ListNotificationsRequest.page_token.
next_page_token string (cursor of Notification) A token to retrieve next page of results. Pass this value in the ListNotificationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Notifications across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchNotificationRequest Message

A request message of the WatchNotification method.

Name Type Description
name string (name of Notification) Name of ntt.monitoring.v3.Notification
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchNotificationResponse Message

A response message of the WatchNotification method.

Name Type Description
change NotificationChange

WatchNotificationsRequest Message

A request message of the WatchNotifications method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Notification) Parent name of ntt.monitoring.v3.Notification
page_size int32 Requested page size. Server may return fewer Notifications than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Notification) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Notification) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Notification) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Notification that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Notification that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchNotificationsResponse Message

A response message of the WatchNotifications method.

Name Type Description
notification_changes repeated NotificationChange Changes of Notifications
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Notifications will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchNotificationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Notifications will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchNotificationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Notification) New token to retrieve previous page of results.
next_page_token string (cursor of Notification) New token to retrieve next page of results.

CreateNotificationRequest Message

A request message of the CreateNotification method.

Name Type Description
parent string (parent name of Notification) Parent name of ntt.monitoring.v3.Notification
notification Notification Notification resource body
response_mask CreateNotificationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateNotificationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateNotificationRequest Message

A request message of the UpdateNotification method.

Name Type Description
notification Notification Notification resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateNotificationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateNotificationRequest.ResponseMask reduce message response size.

UpdateNotificationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Notification Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateNotificationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteNotificationRequest Message

A request message of the DeleteNotification method.

Name Type Description
name string (name of Notification) Name of ntt.monitoring.v3.Notification
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Notification Enumerations

Here is the list of Notification resource enumerations:

Notification.State.NotificationState.Status Enumeration

Name Description
UNKNOWN
PENDING
FAILED
SUPPRESSED
SENT
DELIVERED Status types that can be used by webhook integrated providers, like PagerDuty.
ACKNOWLEDGED
UNACKNOWLEDGED

NotificationChannel Resource

NotificationChannel Resource

Name patterns:

  • projects/{project}/notificationChannels/{notification_channel}

Parent resources:

This section covers the methods and messages to interact with NotificationChannel resource.

NotificationChannel Methods

Here is the list of NotificationChannel resource methods:

GetNotificationChannel Method

GetNotificationChannel

rpc GetNotificationChannel(GetNotificationChannelRequest) returns (NotificationChannel)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.get

The equivalent REST API is:

GET /v3/{name=projects/*/notificationChannels/*}

BatchGetNotificationChannels Method

BatchGetNotificationChannels

rpc BatchGetNotificationChannels(BatchGetNotificationChannelsRequest) returns (BatchGetNotificationChannelsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.batchGet

The equivalent REST API is:

GET /v3/notificationChannels:batchGet

ListNotificationChannels Method

ListNotificationChannels

rpc ListNotificationChannels(ListNotificationChannelsRequest) returns (ListNotificationChannelsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.list

The equivalent REST API is:

GET /v3/{parent=projects/*}/notificationChannels

WatchNotificationChannel Method

WatchNotificationChannel

rpc WatchNotificationChannel(WatchNotificationChannelRequest) returns (WatchNotificationChannelResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.watch

The equivalent REST API is:

POST /v3/{name=projects/*/notificationChannels/*}:watch

WatchNotificationChannels Method

WatchNotificationChannels

rpc WatchNotificationChannels(WatchNotificationChannelsRequest) returns (WatchNotificationChannelsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.watch

The equivalent REST API is:

POST /v3/{parent=projects/*}/notificationChannels:watch

CreateNotificationChannel Method

CreateNotificationChannel

rpc CreateNotificationChannel(CreateNotificationChannelRequest) returns (NotificationChannel)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.create

The equivalent REST API is:

POST /v3/{parent=projects/*}/notificationChannels (BODY: notification_channel)

UpdateNotificationChannel Method

UpdateNotificationChannel

rpc UpdateNotificationChannel(UpdateNotificationChannelRequest) returns (NotificationChannel)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.update

The equivalent REST API is:

PUT /v3/{notification_channel.name=projects/*/notificationChannels/*} (BODY: notification_channel)

DeleteNotificationChannel Method

DeleteNotificationChannel

rpc DeleteNotificationChannel(DeleteNotificationChannelRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/notificationChannels/*}

TestNotificationChannel Method

TestNotificationChannel

rpc TestNotificationChannel(TestNotificationChannelRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.test

The equivalent REST API is:

POST /v3/{name=projects/*/notificationChannels/*}:test

NotificationChannel Messages

Here is the list of NotificationChannel resource messages:

NotificationChannel Message

Name Type Description
name string (name of NotificationChannel) Name of NotificationChannel When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
metadata Meta Metadata of NotificationChannel
display_name string Display Name
spec NotificationChannel.Spec Specification
state NotificationChannel.State State
description string description

NotificationChannel.Spec Message

Spec of NotificationChannel

Name Type Description
enabled bool Enabled flag. Whether the NotificationChannel is enabled or not. Disabled channels will not be used for alerting.
type NotificationChannel.Spec.Type Type. Corresponding spec should a oneof field.
email NotificationChannel.Spec.Email Email
slack NotificationChannel.Spec.Slack Slack
webhook NotificationChannel.Spec.Webhook
notification_language_code string Default language for invitation is english (eng) Configuring unsupported language will fallback to english Currently only sendgrid uses this.

NotificationChannel.State Message

State of NotificationChannel

Name Type Description
status NotificationChannel.State.Status Status
error NotificationChannel.State.Error Error

NotificationChannel.Spec.Email Message

Email Spec

Name Type Description
addresses repeated string Email Addresses

NotificationChannel.Spec.Slack Message

Slack Spec

Name Type Description
incoming_webhook string Slack Incoming Webhook URL

NotificationChannel.Spec.PagerDuty Message

PagerDuty Spec

Name Type Description
service_key string PagerDuty Service Key

NotificationChannel.Spec.Webhook Message

Webhook Spec

Name Type Description
url string Webhook URL
headers repeated NotificationChannel.Spec.Webhook.Header Headers

NotificationChannel.Spec.Webhook.Header Message

Header

Name Type Description
key string
value string

NotificationChannel.State.Error Message

Error of NotificationChannel

Name Type Description
time .google.protobuf.Timestamp
message string

GetNotificationChannelRequest Message

A request message of the GetNotificationChannel method.

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v3.NotificationChannel
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationChannelsRequest Message

A request message of the BatchGetNotificationChannels method.

Name Type Description
names repeated string (name of NotificationChannel) Names of NotificationChannels
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationChannelsResponse Message

A response message of the BatchGetNotificationChannels method.

Name Type Description
notification_channels repeated NotificationChannel found NotificationChannels
missing repeated string (name of NotificationChannel) list of not found NotificationChannels

ListNotificationChannelsRequest Message

A request message of the ListNotificationChannels method.

Name Type Description
parent string (parent name of NotificationChannel) Parent name of ntt.monitoring.v3.NotificationChannel
page_size int32 Requested page size. Server may return fewer NotificationChannels than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of NotificationChannel) A token identifying a page of results the server should return. Typically, this is the value of ListNotificationChannelsResponse.next_page_token.
order_by string (orderBy of NotificationChannel) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of NotificationChannel) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListNotificationChannelsResponse Message

A response message of the ListNotificationChannels method.

Name Type Description
notification_channels repeated NotificationChannel The list of NotificationChannels
prev_page_token string (cursor of NotificationChannel) A token to retrieve previous page of results. Pass this value in the ListNotificationChannelsRequest.page_token.
next_page_token string (cursor of NotificationChannel) A token to retrieve next page of results. Pass this value in the ListNotificationChannelsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total NotificationChannels across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchNotificationChannelRequest Message

A request message of the WatchNotificationChannel method.

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v3.NotificationChannel
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchNotificationChannelResponse Message

A response message of the WatchNotificationChannel method.

Name Type Description
change NotificationChannelChange

WatchNotificationChannelsRequest Message

A request message of the WatchNotificationChannels method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of NotificationChannel) Parent name of ntt.monitoring.v3.NotificationChannel
page_size int32 Requested page size. Server may return fewer NotificationChannels than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of NotificationChannel) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of NotificationChannel) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of NotificationChannel) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to NotificationChannel that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to NotificationChannel that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchNotificationChannelsResponse Message

A response message of the WatchNotificationChannels method.

Name Type Description
notification_channel_changes repeated NotificationChannelChange Changes of NotificationChannels
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All NotificationChannels will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchNotificationChannelsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (NotificationChannels will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchNotificationChannelsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of NotificationChannel) New token to retrieve previous page of results.
next_page_token string (cursor of NotificationChannel) New token to retrieve next page of results.

CreateNotificationChannelRequest Message

A request message of the CreateNotificationChannel method.

Name Type Description
parent string (parent name of NotificationChannel) Parent name of ntt.monitoring.v3.NotificationChannel
notification_channel NotificationChannel NotificationChannel resource body
response_mask CreateNotificationChannelRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateNotificationChannelRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateNotificationChannelRequest Message

A request message of the UpdateNotificationChannel method.

Name Type Description
notification_channel NotificationChannel NotificationChannel resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateNotificationChannelRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateNotificationChannelRequest.ResponseMask reduce message response size.

UpdateNotificationChannelRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state NotificationChannel Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateNotificationChannelRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteNotificationChannelRequest Message

A request message of the DeleteNotificationChannel method.

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v3.NotificationChannel
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

TestNotificationChannelRequest Message

Request message for method [TestNotificationChannel][ntt.monitoring.v3.TestNotificationChannel]

Name Type Description
name string (name of NotificationChannel) name of ntt.monitoring.v3.NotificationChannel

NotificationChannel Enumerations

Here is the list of NotificationChannel resource enumerations:

NotificationChannel.Spec.Type Enumeration

Type of NotificationChannel

Name Description
TYPE_UNSPECIFIED Type is unknown
EMAIL Email NotificationChannel
SLACK Slack NotificationChannel
WEBHOOK Webhook NotificationChannel

NotificationChannel.State.Status Enumeration

State of NotificationChannel

Name Description
STATE_UNSPECIFIED State is unknown
ACTIVE NotificationChannel is active
DISABLED NotificationChannel is disabled
ERROR Error of NotificationChannel

PhantomTimeSerie Resource

PhantomTimeSerie generates data in absence of real data

Name patterns:

  • projects/{project}/regions/{region}/phantomTimeSeries/{phantom_time_serie}

Parent resources:

This section covers the methods and messages to interact with PhantomTimeSerie resource.

PhantomTimeSerie Methods

Here is the list of PhantomTimeSerie resource methods:

GetPhantomTimeSerie Method

GetPhantomTimeSerie

rpc GetPhantomTimeSerie(GetPhantomTimeSerieRequest) returns (PhantomTimeSerie)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.get

The equivalent REST API is:

GET /v3/{name=projects/*/regions/*/phantomTimeSeries/*}

BatchGetPhantomTimeSeries Method

BatchGetPhantomTimeSeries

rpc BatchGetPhantomTimeSeries(BatchGetPhantomTimeSeriesRequest) returns (BatchGetPhantomTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.batchGet

The equivalent REST API is:

GET /v3/phantomTimeSeries:batchGet

ListPhantomTimeSeries Method

ListPhantomTimeSeries

rpc ListPhantomTimeSeries(ListPhantomTimeSeriesRequest) returns (ListPhantomTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.list

The equivalent REST API is:

GET /v3/{parent=projects/*/regions/*}/phantomTimeSeries

WatchPhantomTimeSerie Method

WatchPhantomTimeSerie

rpc WatchPhantomTimeSerie(WatchPhantomTimeSerieRequest) returns (WatchPhantomTimeSerieResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.watch

The equivalent REST API is:

POST /v3/{name=projects/*/regions/*/phantomTimeSeries/*}:watch

WatchPhantomTimeSeries Method

WatchPhantomTimeSeries

rpc WatchPhantomTimeSeries(WatchPhantomTimeSeriesRequest) returns (WatchPhantomTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.watch

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*}/phantomTimeSeries:watch

CreatePhantomTimeSerie Method

CreatePhantomTimeSerie

rpc CreatePhantomTimeSerie(CreatePhantomTimeSerieRequest) returns (PhantomTimeSerie)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.create

The equivalent REST API is:

POST /v3/{parent=projects/*/regions/*}/phantomTimeSeries (BODY: phantom_time_serie)

UpdatePhantomTimeSerie Method

UpdatePhantomTimeSerie

rpc UpdatePhantomTimeSerie(UpdatePhantomTimeSerieRequest) returns (PhantomTimeSerie)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.update

The equivalent REST API is:

PUT /v3/{phantom_time_serie.name=projects/*/regions/*/phantomTimeSeries/*} (BODY: phantom_time_serie)

DeletePhantomTimeSerie Method

DeletePhantomTimeSerie

rpc DeletePhantomTimeSerie(DeletePhantomTimeSerieRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*/regions/*/phantomTimeSeries/*}

PhantomTimeSerie Messages

Here is the list of PhantomTimeSerie resource messages:

PhantomTimeSerie Message

Name Type Description
metadata Meta Common resource Metadata
name string (name of PhantomTimeSerie) Name of PhantomTimeSeries Name must contain base64 encoded string of TimeSeries key
key bytes TimeSerie key identifies unique TimeSeries tuple: <project, metric.type, metric.labels, resource.type, resource.labels> Kind/ValueType are not present in key Key is not to be decoded outside of service, but treated as opaque string
project string Internal use - for bulk reporting of TimeSeries
metric Metric The associated metric. A fully-specified metric used to identify the time series. This field cannot be updated, can be only set during creation.
resource MonitoredResource The associated monitored resource. Custom metrics can use only certain monitored resource types in their time series data. This field cannot be updated, can be only set during creation.
metric_kind MetricDescriptor.MetricKind The metric kind of the time series. When listing time series, this metric kind might be different from the metric kind of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the metric kind of the associated metric. If the associated metric’s descriptor must be auto-created, then this field specifies the metric kind of the new descriptor and must be either GAUGE (the default) or CUMULATIVE.
value_type MetricDescriptor.ValueType The value type of the time series. When listing time series, this value type might be different from the value type of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the type of the data in the points field.
value TypedValue Phantom value

GetPhantomTimeSerieRequest Message

A request message of the GetPhantomTimeSerie method.

Name Type Description
name string (name of PhantomTimeSerie) Name of ntt.monitoring.v3.PhantomTimeSerie
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPhantomTimeSeriesRequest Message

A request message of the BatchGetPhantomTimeSeries method.

Name Type Description
names repeated string (name of PhantomTimeSerie) Names of PhantomTimeSeries
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPhantomTimeSeriesResponse Message

A response message of the BatchGetPhantomTimeSeries method.

Name Type Description
phantom_time_series repeated PhantomTimeSerie found PhantomTimeSeries
missing repeated string (name of PhantomTimeSerie) list of not found PhantomTimeSeries

ListPhantomTimeSeriesRequest Message

A request message of the ListPhantomTimeSeries method.

Name Type Description
parent string (parent name of PhantomTimeSerie) Parent name of ntt.monitoring.v3.PhantomTimeSerie
page_size int32 Requested page size. Server may return fewer PhantomTimeSeries than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PhantomTimeSerie) A token identifying a page of results the server should return. Typically, this is the value of ListPhantomTimeSeriesResponse.next_page_token.
order_by string (orderBy of PhantomTimeSerie) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PhantomTimeSerie) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPhantomTimeSeriesResponse Message

A response message of the ListPhantomTimeSeries method.

Name Type Description
phantom_time_series repeated PhantomTimeSerie The list of PhantomTimeSeries
prev_page_token string (cursor of PhantomTimeSerie) A token to retrieve previous page of results. Pass this value in the ListPhantomTimeSeriesRequest.page_token.
next_page_token string (cursor of PhantomTimeSerie) A token to retrieve next page of results. Pass this value in the ListPhantomTimeSeriesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total PhantomTimeSeries across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPhantomTimeSerieRequest Message

A request message of the WatchPhantomTimeSerie method.

Name Type Description
name string (name of PhantomTimeSerie) Name of ntt.monitoring.v3.PhantomTimeSerie
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPhantomTimeSerieResponse Message

A response message of the WatchPhantomTimeSerie method.

Name Type Description
change PhantomTimeSerieChange

WatchPhantomTimeSeriesRequest Message

A request message of the WatchPhantomTimeSeries method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of PhantomTimeSerie) Parent name of ntt.monitoring.v3.PhantomTimeSerie
page_size int32 Requested page size. Server may return fewer PhantomTimeSeries than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of PhantomTimeSerie) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of PhantomTimeSerie) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of PhantomTimeSerie) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to PhantomTimeSerie that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to PhantomTimeSerie that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPhantomTimeSeriesResponse Message

A response message of the WatchPhantomTimeSeries method.

Name Type Description
phantom_time_serie_changes repeated PhantomTimeSerieChange Changes of PhantomTimeSeries
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All PhantomTimeSeries will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPhantomTimeSeriesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (PhantomTimeSeries will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPhantomTimeSeriesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of PhantomTimeSerie) New token to retrieve previous page of results.
next_page_token string (cursor of PhantomTimeSerie) New token to retrieve next page of results.

CreatePhantomTimeSerieRequest Message

A request message of the CreatePhantomTimeSerie method.

Name Type Description
parent string (parent name of PhantomTimeSerie) Parent name of ntt.monitoring.v3.PhantomTimeSerie
phantom_time_serie PhantomTimeSerie PhantomTimeSerie resource body
response_mask CreatePhantomTimeSerieRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePhantomTimeSerieRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePhantomTimeSerieRequest Message

A request message of the UpdatePhantomTimeSerie method.

Name Type Description
phantom_time_serie PhantomTimeSerie PhantomTimeSerie resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePhantomTimeSerieRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePhantomTimeSerieRequest.ResponseMask reduce message response size.

UpdatePhantomTimeSerieRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state PhantomTimeSerie Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePhantomTimeSerieRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePhantomTimeSerieRequest Message

A request message of the DeletePhantomTimeSerie method.

Name Type Description
name string (name of PhantomTimeSerie) Name of ntt.monitoring.v3.PhantomTimeSerie
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v3/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v3/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v3/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v3/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v3/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v3/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v3/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v3/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
title string
metadata Meta metadata
multi_region_policy MultiRegionPolicy Multi region policy

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.monitoring.v3.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.monitoring.v3.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.monitoring.v3.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

RecoveryStoreShardingInfo Resource

RecoveryStoreShardingInfo Resource

Name patterns:

  • regions/{region}/recoveryStoreShardingInfos/{recovery_store_sharding_info}

This section covers the methods and messages to interact with RecoveryStoreShardingInfo resource.

RecoveryStoreShardingInfo Methods

Here is the list of RecoveryStoreShardingInfo resource methods:

GetRecoveryStoreShardingInfo Method

GetRecoveryStoreShardingInfo

rpc GetRecoveryStoreShardingInfo(GetRecoveryStoreShardingInfoRequest) returns (RecoveryStoreShardingInfo)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.get

The equivalent REST API is:

GET /v3/{name=regions/*/recoveryStoreShardingInfos/*}

BatchGetRecoveryStoreShardingInfos Method

BatchGetRecoveryStoreShardingInfos

rpc BatchGetRecoveryStoreShardingInfos(BatchGetRecoveryStoreShardingInfosRequest) returns (BatchGetRecoveryStoreShardingInfosResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.batchGet

The equivalent REST API is:

GET /v3/recoveryStoreShardingInfos:batchGet

ListRecoveryStoreShardingInfos Method

ListRecoveryStoreShardingInfos

rpc ListRecoveryStoreShardingInfos(ListRecoveryStoreShardingInfosRequest) returns (ListRecoveryStoreShardingInfosResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.list

The equivalent REST API is:

GET /v3/{parent=regions/*}/recoveryStoreShardingInfos

WatchRecoveryStoreShardingInfo Method

WatchRecoveryStoreShardingInfo

rpc WatchRecoveryStoreShardingInfo(WatchRecoveryStoreShardingInfoRequest) returns (WatchRecoveryStoreShardingInfoResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.watch

The equivalent REST API is:

POST /v3/{name=regions/*/recoveryStoreShardingInfos/*}:watch

WatchRecoveryStoreShardingInfos Method

WatchRecoveryStoreShardingInfos

rpc WatchRecoveryStoreShardingInfos(WatchRecoveryStoreShardingInfosRequest) returns (WatchRecoveryStoreShardingInfosResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.watch

The equivalent REST API is:

POST /v3/{parent=regions/*}/recoveryStoreShardingInfos:watch

CreateRecoveryStoreShardingInfo Method

CreateRecoveryStoreShardingInfo

rpc CreateRecoveryStoreShardingInfo(CreateRecoveryStoreShardingInfoRequest) returns (RecoveryStoreShardingInfo)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.create

The equivalent REST API is:

POST /v3/{parent=regions/*}/recoveryStoreShardingInfos (BODY: recovery_store_sharding_info)

UpdateRecoveryStoreShardingInfo Method

UpdateRecoveryStoreShardingInfo

rpc UpdateRecoveryStoreShardingInfo(UpdateRecoveryStoreShardingInfoRequest) returns (RecoveryStoreShardingInfo)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.update

The equivalent REST API is:

PUT /v3/{recovery_store_sharding_info.name=regions/*/recoveryStoreShardingInfos/*} (BODY: recovery_store_sharding_info)

DeleteRecoveryStoreShardingInfo Method

DeleteRecoveryStoreShardingInfo

rpc DeleteRecoveryStoreShardingInfo(DeleteRecoveryStoreShardingInfoRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.delete

The equivalent REST API is:

DELETE /v3/{name=regions/*/recoveryStoreShardingInfos/*}

RecoveryStoreShardingInfo Messages

Here is the list of RecoveryStoreShardingInfo resource messages:

RecoveryStoreShardingInfo Message

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of RecoveryStoreShardingInfo When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
validity_period RecoveryStoreShardingInfo.ValidityPeriod Period during which this sharding spec is valid.
spec RecoveryStoreShardingInfo.ShardingSpec Sharding spec for given validity period.
metadata Meta metadata

RecoveryStoreShardingInfo.ValidityPeriod Message

Validity period specifies for which period of time this sharding spec is valid.

Name Type Description
start_time .google.protobuf.Timestamp Start time of validity period.
end_time .google.protobuf.Timestamp End time of validity period.

RecoveryStoreShardingInfo.ShardingSpec Message

Sharding spec defines how time series points is divided across two dimensions: key (shards_count) and time (ts_blob_period).

Name Type Description
ts_blob_period .google.protobuf.Duration Defines period of time series points in a single blob.
shards_count uint32s Number of shards (by key) in given shard period

GetRecoveryStoreShardingInfoRequest Message

A request message of the GetRecoveryStoreShardingInfo method.

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of ntt.monitoring.v3.RecoveryStoreShardingInfo
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRecoveryStoreShardingInfosRequest Message

A request message of the BatchGetRecoveryStoreShardingInfos method.

Name Type Description
names repeated string (name of RecoveryStoreShardingInfo) Names of RecoveryStoreShardingInfos
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRecoveryStoreShardingInfosResponse Message

A response message of the BatchGetRecoveryStoreShardingInfos method.

Name Type Description
recovery_store_sharding_infos repeated RecoveryStoreShardingInfo found RecoveryStoreShardingInfos
missing repeated string (name of RecoveryStoreShardingInfo) list of not found RecoveryStoreShardingInfos

ListRecoveryStoreShardingInfosRequest Message

A request message of the ListRecoveryStoreShardingInfos method.

Name Type Description
parent string (parent name of RecoveryStoreShardingInfo) Parent name of ntt.monitoring.v3.RecoveryStoreShardingInfo
page_size int32 Requested page size. Server may return fewer RecoveryStoreShardingInfos than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of RecoveryStoreShardingInfo) A token identifying a page of results the server should return. Typically, this is the value of ListRecoveryStoreShardingInfosResponse.next_page_token.
order_by string (orderBy of RecoveryStoreShardingInfo) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of RecoveryStoreShardingInfo) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRecoveryStoreShardingInfosResponse Message

A response message of the ListRecoveryStoreShardingInfos method.

Name Type Description
recovery_store_sharding_infos repeated RecoveryStoreShardingInfo The list of RecoveryStoreShardingInfos
prev_page_token string (cursor of RecoveryStoreShardingInfo) A token to retrieve previous page of results. Pass this value in the ListRecoveryStoreShardingInfosRequest.page_token.
next_page_token string (cursor of RecoveryStoreShardingInfo) A token to retrieve next page of results. Pass this value in the ListRecoveryStoreShardingInfosRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total RecoveryStoreShardingInfos across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRecoveryStoreShardingInfoRequest Message

A request message of the WatchRecoveryStoreShardingInfo method.

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of ntt.monitoring.v3.RecoveryStoreShardingInfo
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRecoveryStoreShardingInfoResponse Message

A response message of the WatchRecoveryStoreShardingInfo method.

Name Type Description
change RecoveryStoreShardingInfoChange

WatchRecoveryStoreShardingInfosRequest Message

A request message of the WatchRecoveryStoreShardingInfos method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of RecoveryStoreShardingInfo) Parent name of ntt.monitoring.v3.RecoveryStoreShardingInfo
page_size int32 Requested page size. Server may return fewer RecoveryStoreShardingInfos than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of RecoveryStoreShardingInfo) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of RecoveryStoreShardingInfo) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of RecoveryStoreShardingInfo) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to RecoveryStoreShardingInfo that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to RecoveryStoreShardingInfo that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRecoveryStoreShardingInfosResponse Message

A response message of the WatchRecoveryStoreShardingInfos method.

Name Type Description
recovery_store_sharding_info_changes repeated RecoveryStoreShardingInfoChange Changes of RecoveryStoreShardingInfos
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All RecoveryStoreShardingInfos will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRecoveryStoreShardingInfosResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (RecoveryStoreShardingInfos will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRecoveryStoreShardingInfosResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of RecoveryStoreShardingInfo) New token to retrieve previous page of results.
next_page_token string (cursor of RecoveryStoreShardingInfo) New token to retrieve next page of results.

CreateRecoveryStoreShardingInfoRequest Message

A request message of the CreateRecoveryStoreShardingInfo method.

Name Type Description
parent string (parent name of RecoveryStoreShardingInfo) Parent name of ntt.monitoring.v3.RecoveryStoreShardingInfo
recovery_store_sharding_info RecoveryStoreShardingInfo RecoveryStoreShardingInfo resource body
response_mask CreateRecoveryStoreShardingInfoRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRecoveryStoreShardingInfoRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRecoveryStoreShardingInfoRequest Message

A request message of the UpdateRecoveryStoreShardingInfo method.

Name Type Description
recovery_store_sharding_info RecoveryStoreShardingInfo RecoveryStoreShardingInfo resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRecoveryStoreShardingInfoRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRecoveryStoreShardingInfoRequest.ResponseMask reduce message response size.

UpdateRecoveryStoreShardingInfoRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state RecoveryStoreShardingInfo Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRecoveryStoreShardingInfoRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRecoveryStoreShardingInfoRequest Message

A request message of the DeleteRecoveryStoreShardingInfo method.

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of ntt.monitoring.v3.RecoveryStoreShardingInfo
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

TimeSerie Resource

A collection of data points that describes the time-varying values of a metric. A time series is identified by a combination of a fully-specified monitored resource and a fully-specified metric. This type is used for both listing and creating time series.

Name patterns:

  • projects/{project}/timeSeries/{time_serie}

Parent resources:

This section covers the methods and messages to interact with TimeSerie resource.

TimeSerie Methods

Here is the list of TimeSerie resource methods:

ListTimeSeries Method

ListTimeSeries

rpc ListTimeSeries(ListTimeSeriesRequest) returns (ListTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.list

The equivalent REST API is:

GET /v3/{parent=projects/*}/timeSeries

CreateTimeSeries Method

CreateTimeSeries

rpc CreateTimeSeries(CreateTimeSeriesRequest) returns (CreateTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.create

The equivalent REST API is:

POST /v3/{parent=projects/*}/timeSeries (BODY: time_series)

TimeSerie Messages

Here is the list of TimeSerie resource messages:

TimeSerie Message

Name Type Description
key bytes TimeSerie key identifies unique TimeSeries tuple: <project, region, metric.type, metric.labels, resource.type, resource.labels> Kind/ValueType are not present in key Key is not to be decoded outside of service, but treated as opaque string Specific key is valid and understood only in single region only. If time serie is created by merging from multiple regions, key must be ignore.
project string Internal use - for bulk reporting of TimeSeries
region string Region ID associated with time serie.
metric Metric The associated metric. A fully-specified metric used to identify the time series.
resource MonitoredResource The associated monitored resource. Custom metrics can use only certain monitored resource types in their time series data.
metric_kind MetricDescriptor.MetricKind The metric kind of the time series. When listing time series, this metric kind might be different from the metric kind of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the metric kind of the associated metric. If the associated metric’s descriptor must be auto-created, then this field specifies the metric kind of the new descriptor and must be either GAUGE (the default) or CUMULATIVE.
value_type MetricDescriptor.ValueType The value type of the time series. When listing time series, this value type might be different from the value type of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the type of the data in the points field.
points repeated Point The data points of this time series. When listing time series, points are returned in reverse time order. When creating a time series, this field must contain exactly one point and the point’s type must be the same as the value type of the associated metric. If the associated metric’s descriptor must be auto-created, then the value type of the descriptor is determined by the point’s type, which must be BOOL, INT64, DOUBLE, or DISTRIBUTION.

ListTimeSeriesRequest Message

Request message for method [ListTimeSeries][ntt.monitoring.v3.ListTimeSeries]

Name Type Description
parent string (name of Project) The project on which to execute the request. The format is “projects/{project_id_or_number}”.
filter string (filter of TimeSerie) A monitoring filter that specifies which time series should be returned. The filter must specify a single metric type, and can additionally specify metric labels and other information. For example: metric.type = “compute.googleapis.com/instance/cpu/usage_time” AND metric.label.instance_name = “my-instance-name”
interval TimeInterval The time interval for which results should be returned. Only time series that contain data points in the specified interval are included in the response.
aggregation Aggregation By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.
pagination Pagination Picks paginated time series according to pre-defined (in metric descriptor) view and function. Cannot be used with aggregation, because pagination view and function determines time series transformation and sorting.
view TimeSeriesView Specifies which information is returned about the time series.
field_mask .google.protobuf.FieldMask view list mask. Optimize network usage and limit returned header fields to a required subset. example fields in field mask: - “key”: for later caching, - “resource.labels.project_id”, “resource.labels.instance_name”, etc - specific labels only - “resource”, “metric”: all resource labels, reduced_labels and type NOTE: points are added implicitly
points_cap int32 A positive number that is the maximum number of Points to return. If points_cap is empty or more than 100,000 results, the effective points_cap is 100,000 results. If view is set to HEADERS, this is the maximum number of TimeSeries returned.
continuation_token string If this field is not empty then it must contain the continuation_token value returned by a previous call to this method. Using this field causes the method to return additional results from the previous method call.

ListTimeSeriesResponse Message

Response message for method [ListTimeSeries][ntt.monitoring.v3.ListTimeSeries]

Name Type Description
time_series repeated TimeSerie One or more time series that match the filter included in the request.
continuation_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as continuation_token in the next call to this method.
total_point_counters repeated TimeSerie Special time series with total amount of records available for pagination by given time series key. Metric/Resource labels will contain “common” values shared by all ranked time series. ValueType will be always INT64 and metricKind GAUGE. In a sense, this time series is execution of ListTimeSeries with Aggregation = {groupByFields: [<viewPaginatedLabels>], REDUCER: REDUCE_COUNT} This field is only populated for paginated queries (pagination in ListTimeSeries is specified).

ListTimeSeriesResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreateTimeSeriesRequest Message

Request message for method [CreateTimeSeries][ntt.monitoring.v3.CreateTimeSeries]

Name Type Description
parent string (name of Project) The project on which to execute the request. The format is "projects/{project_id_or_number}".
time_series repeated TimeSerie The new data to be added to a list of time series. Adds at most one data point to each of several time series. The new data point must be more recent than any other point in its time series. Each TimeSeries value must fully specify a unique time series by supplying all label values for the metric and the monitored resource.

CreateTimeSeriesResponse Message

Response message for method [CreateTimeSeries][ntt.monitoring.v3.CreateTimeSeries]

Name Type Description
time_serie_keys map<uint32s, bytes> Time Serie keys indexed by Create position - present only when given TimeSerie didn’t use Key field
failed_time_series repeated CreateTimeSeriesError Time series that failed to be created

Monitoring Service Shared Methods and Messages

Monitoring Service Shared Messages

Here is the list of Monitoring service shared messages:

Aggregation Message

Describes how to combine multiple time series to provide different views of the data. Aggregation consists of an alignment step on individual time series (alignment_period and per_series_aligner) followed by an optional reduction step of the data across the aligned time series (cross_series_reducer and group_by_fields). For more details, see Aggregation.

Name Type Description
alignment_period .google.protobuf.Duration The alignment period for per-[time series][ntt.monitoring.v3.TimeSeries] alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned.
per_series_aligner Aggregation.Aligner The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series. Time series data must be aligned in order to perform cross-time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
cross_series_reducer Aggregation.Reducer The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series. Time series data must be aligned in order to perform cross-time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
group_by_fields repeated string The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored.

AlertChange Message

AlertChange is used by Watch notifications Responses to describe change of single Alert One of Added, Modified, Removed

Name Type Description
added AlertChange.Added Added is returned when watched document is added, either created or enters Query view
modified AlertChange.Modified Modified is returned when watched document is modified
current AlertChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AlertChange.Removed Removed is returned when Alert is deleted or leaves Query view

AlertChange.Added Message

Alert has been added to query view

Name Type Description
alert Alert
view_index int32 Integer describing index of added Alert in resulting query view.

AlertChange.Current Message

Alert has been added or modified in a query view. Version used for stateless watching

Name Type Description
alert Alert

AlertChange.Modified Message

Alert changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Alert) Name of modified Alert
alert Alert New version of Alert or masked difference, depending on mask_changes instrumentation of issued [WatchAlertRequest] or [WatchAlertsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Alert. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Alert new index in resulting query view.

AlertChange.Removed Message

Removed is returned when Alert is deleted or leaves Query view

Name Type Description
name string (name of Alert)
view_index int32 Integer specifying removed Alert index. Not populated in stateless watch type.

AlertingConditionChange Message

AlertingConditionChange is used by Watch notifications Responses to describe change of single AlertingCondition One of Added, Modified, Removed

Name Type Description
added AlertingConditionChange.Added Added is returned when watched document is added, either created or enters Query view
modified AlertingConditionChange.Modified Modified is returned when watched document is modified
current AlertingConditionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AlertingConditionChange.Removed Removed is returned when AlertingCondition is deleted or leaves Query view

AlertingConditionChange.Added Message

AlertingCondition has been added to query view

Name Type Description
alerting_condition AlertingCondition
view_index int32 Integer describing index of added AlertingCondition in resulting query view.

AlertingConditionChange.Current Message

AlertingCondition has been added or modified in a query view. Version used for stateless watching

Name Type Description
alerting_condition AlertingCondition

AlertingConditionChange.Modified Message

AlertingCondition changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AlertingCondition) Name of modified AlertingCondition
alerting_condition AlertingCondition New version of AlertingCondition or masked difference, depending on mask_changes instrumentation of issued [WatchAlertingConditionRequest] or [WatchAlertingConditionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AlertingCondition. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AlertingCondition new index in resulting query view.

AlertingConditionChange.Removed Message

Removed is returned when AlertingCondition is deleted or leaves Query view

Name Type Description
name string (name of AlertingCondition)
view_index int32 Integer specifying removed AlertingCondition index. Not populated in stateless watch type.

AlertingPolicyChange Message

AlertingPolicyChange is used by Watch notifications Responses to describe change of single AlertingPolicy One of Added, Modified, Removed

Name Type Description
added AlertingPolicyChange.Added Added is returned when watched document is added, either created or enters Query view
modified AlertingPolicyChange.Modified Modified is returned when watched document is modified
current AlertingPolicyChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AlertingPolicyChange.Removed Removed is returned when AlertingPolicy is deleted or leaves Query view

AlertingPolicyChange.Added Message

AlertingPolicy has been added to query view

Name Type Description
alerting_policy AlertingPolicy
view_index int32 Integer describing index of added AlertingPolicy in resulting query view.

AlertingPolicyChange.Current Message

AlertingPolicy has been added or modified in a query view. Version used for stateless watching

Name Type Description
alerting_policy AlertingPolicy

AlertingPolicyChange.Modified Message

AlertingPolicy changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AlertingPolicy) Name of modified AlertingPolicy
alerting_policy AlertingPolicy New version of AlertingPolicy or masked difference, depending on mask_changes instrumentation of issued [WatchAlertingPolicyRequest] or [WatchAlertingPoliciesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AlertingPolicy. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AlertingPolicy new index in resulting query view.

AlertingPolicyChange.Removed Message

Removed is returned when AlertingPolicy is deleted or leaves Query view

Name Type Description
name string (name of AlertingPolicy)
view_index int32 Integer specifying removed AlertingPolicy index. Not populated in stateless watch type.

BulkTimeSeries Message

Used for reporting rollups

Name Type Description
time_series repeated TimeSerie
phantom_flag bool

CreateTimeSeriesError Message

Describes the result of a failed request to write data to a time series.

Name Type Description
time_series TimeSerie The time series, including the Metric, MonitoredResource, and Points (including timestamp and value) that resulted in the error. This field provides all of the context that would be needed to retry the operation.
status Status The status of the requested write operation.

Distribution Message

Distribution contains summary statistics for a population of values and, optionally, a histogram representing the distribution of those values across a specified set of histogram buckets.

The summary statistics are the count, mean, sum of the squared deviation from the mean, the minimum, and the maximum of the set of population of values.

The histogram is based on a sequence of buckets and gives a count of values that fall into each bucket. The boundaries of the buckets are given either explicitly or by specifying parameters for a method of computing them (buckets of fixed width or buckets of exponentially increasing width).

Although it is not forbidden, it is generally a bad idea to include non-finite values (infinities or NaNs) in the population of values, as this will render the mean and sum_of_squared_deviation fields meaningless.

Name Type Description
count int64 The number of values in the population. Must be non-negative.
mean double The arithmetic mean of the values in the population. If count is zero then this field must be zero.
sum_of_squared_deviation double The sum of squared deviations from the mean of the values in the population. For values x_i this is: Sum[i=1..n]((x_i - mean)^2) Knuth, “The Art of Computer Programming”, Vol. 2, page 323, 3rd edition describes Welford’s method for accumulating this sum in one pass. If count is zero then this field must be zero.
range Distribution.Range If specified, contains the range of the population values. The field must not be present if the count is zero.
bucket_options Distribution.BucketOptions Defines the histogram bucket boundaries.
bucket_counts repeated int64 If bucket_options is given, then the sum of the values in bucket_counts must equal the value in count. If bucket_options is not given, no bucket_counts fields may be given. Bucket counts are given in order under the numbering scheme described above (the underflow bucket has number 0; the finite buckets, if any, have numbers 1 through N-2; the overflow bucket has number N-1). The size of bucket_counts must be no greater than N as defined in bucket_options. Any suffix of trailing zero bucket_count fields may be omitted.

Distribution.BucketOptions Message

A Distribution may optionally contain a histogram of the values in the population. The histogram is given in bucket_counts as counts of values that fall into one of a sequence of non-overlapping buckets. The sequence of buckets is described by bucket_options.

A bucket specifies an inclusive lower bound and exclusive upper bound for the values that are counted for that bucket. The upper bound of a bucket is strictly greater than the lower bound.

The sequence of N buckets for a Distribution consists of an underflow bucket (number 0), zero or more finite buckets (number 1 through N - 2) and an overflow bucket (number N - 1). The buckets are contiguous: the lower bound of bucket i (i > 0) is the same as the upper bound of bucket i - 1. The buckets span the whole range of finite values: lower bound of the underflow bucket is -infinity and the upper bound of the overflow bucket is +infinity. The finite buckets are so-called because both bounds are finite.

BucketOptions describes bucket boundaries in one of three ways. Two describe the boundaries by giving parameters for a formula to generate boundaries and one gives the bucket boundaries explicitly.

If bucket_boundaries is not given, then no bucket_counts may be given.

Name Type Description
linear_buckets Distribution.BucketOptions.Linear The linear bucket.
exponential_buckets Distribution.BucketOptions.Exponential The exponential buckets.
explicit_buckets Distribution.BucketOptions.Explicit The explicit buckets.
dynamic_buckets Distribution.BucketOptions.Dynamic TDigest dynamic bucketing

Distribution.BucketOptions.Dynamic Message

Dynamic buckets centroid based. TDigest implementation.

Name Type Description
compression double TDigest compression rate
means repeated double Centroid means. Must be the same length as bucket counts. Each mean, count represents a weighed centroid.

Distribution.BucketOptions.Explicit Message

A set of buckets with arbitrary widths.

Defines size(bounds) + 1 (= N) buckets with these boundaries for bucket i:

Upper bound (0 <= i < N-1):     bounds[i]
Lower bound (1 <= i < N);       bounds[i - 1]

There must be at least one element in bounds. If bounds has only one element, there are no finite buckets, and that single element is the common boundary of the overflow and underflow buckets.

Name Type Description
bounds repeated double The values must be monotonically increasing.

Distribution.BucketOptions.Exponential Message

Specify a sequence of buckets that have a width that is proportional to the value of the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.

Defines num_finite_buckets + 2 (= N) buckets with these boundaries for bucket i:

Upper bound (0 <= i < N-1):     scale * (growth_factor ^ i).
Lower bound (1 <= i < N):       scale * (growth_factor ^ (i - 1)).
Name Type Description
num_finite_buckets int32 Must be greater than 0.
growth_factor double Must be greater than 1.
scale double Must be greater than 0.

Distribution.BucketOptions.Linear Message

Specify a sequence of buckets that all have the same width (except overflow and underflow). Each bucket represents a constant absolute uncertainty on the specific value in the bucket.

Defines num_finite_buckets + 2 (= N) buckets with these boundaries for bucket i:

Upper bound (0 <= i < N-1):     offset + (width * i).
Lower bound (1 <= i < N):       offset + (width * (i - 1)).
Name Type Description
num_finite_buckets int32 Must be greater than 0.
width double Must be greater than 0.
offset double Lower bound of the first bucket.

Distribution.Range Message

The range of the population values.

Name Type Description
min double The minimum of the population values.
max double The maximum of the population values.

LabelDescriptor Message

A description of a label.

Name Type Description
key string The label key.
value_type LabelDescriptor.ValueType The type of data that can be assigned to the label.
description string A human-readable description for the label.
default_value string Default value for string label - this value is used in two cases: 1. to populate missing labels while creating TimeSeries 2. to populate missing remaining kvs while querying TimeSeries - usually applies to old data
disabled bool disabled flag communicates that this label is ignored by the backend. It’s used for backward compatibility.

LabelKeySet Message

LabelKeySet is used for defining PromotedLabelKeySets on Metric descriptors

Name Type Description
label_keys repeated string
write_only bool if set, index will not be considered for queries, but will be written to. useful for transition periods.

Metric Message

A specific metric, identified by specifying values for all of the labels of a [MetricDescriptor][google.api.MetricDescriptor].

Name Type Description
type string An existing metric type, see [google.api.MetricDescriptor][google.api.MetricDescriptor]. For example, custom.googleapis.com/invoice/paid/amount.
labels map<string, string> The set of label values that uniquely identify this metric. All labels listed in the MetricDescriptor must be assigned values.
reduced_labels repeated string reduced labels in aggregations

MetricDescriptorChange Message

MetricDescriptorChange is used by Watch notifications Responses to describe change of single MetricDescriptor One of Added, Modified, Removed

Name Type Description
added MetricDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified MetricDescriptorChange.Modified Modified is returned when watched document is modified
current MetricDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MetricDescriptorChange.Removed Removed is returned when MetricDescriptor is deleted or leaves Query view

MetricDescriptorChange.Added Message

MetricDescriptor has been added to query view

Name Type Description
metric_descriptor MetricDescriptor
view_index int32 Integer describing index of added MetricDescriptor in resulting query view.

MetricDescriptorChange.Current Message

MetricDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
metric_descriptor MetricDescriptor

MetricDescriptorChange.Modified Message

MetricDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MetricDescriptor) Name of modified MetricDescriptor
metric_descriptor MetricDescriptor New version of MetricDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMetricDescriptorRequest] or [WatchMetricDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MetricDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MetricDescriptor new index in resulting query view.

MetricDescriptorChange.Removed Message

Removed is returned when MetricDescriptor is deleted or leaves Query view

Name Type Description
name string (name of MetricDescriptor)
view_index int32 Integer specifying removed MetricDescriptor index. Not populated in stateless watch type.

MetricSelector Message

Metric selects metric.type and list of labels used to build query, like:

metric.type IN ("type0", "type1", ...) AND
metric.labels.<key0> IN (label0_0, label0_1, ...) AND
metric.labels.<key1> IN (label1_0, label1_1, ...) AND ...
Name Type Description
types repeated string
labels map<string, Strings> label key, e.g. “project_id”, “target_id”, etc Note the missing “metric.labels.” prefix.

MonitoredResource Message

An object representing a resource that can be used for monitoring, logging, billing, or other purposes. Examples include virtual machine instances, databases, and storage devices such as disks. The type field identifies a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object that describes the resource’s schema. Information in the labels field identifies the actual resource and its attributes according to the schema. For example, a particular Compute Engine VM instance could be represented by the following object, because the [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] for "gce_instance" has labels "instance_id" and "zone":

 { "type": "gce_instance",
   "labels": { "instance_id": "12345678901234",
               "zone": "us-central1-a" }}
Name Type Description
type string Required. The monitored resource type. This field must match the type field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object. For example, the type of a Compute Engine VM instance is gce_instance.
labels map<string, string> Required. Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels "project_id", "instance_id", and "zone".
reduced_labels repeated string reduced labels in aggregations

MonitoredResourceDescriptorChange Message

MonitoredResourceDescriptorChange is used by Watch notifications Responses to describe change of single MonitoredResourceDescriptor One of Added, Modified, Removed

Name Type Description
added MonitoredResourceDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified MonitoredResourceDescriptorChange.Modified Modified is returned when watched document is modified
current MonitoredResourceDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MonitoredResourceDescriptorChange.Removed Removed is returned when MonitoredResourceDescriptor is deleted or leaves Query view

MonitoredResourceDescriptorChange.Added Message

MonitoredResourceDescriptor has been added to query view

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor
view_index int32 Integer describing index of added MonitoredResourceDescriptor in resulting query view.

MonitoredResourceDescriptorChange.Current Message

MonitoredResourceDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor

MonitoredResourceDescriptorChange.Modified Message

MonitoredResourceDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of modified MonitoredResourceDescriptor
monitored_resource_descriptor MonitoredResourceDescriptor New version of MonitoredResourceDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMonitoredResourceDescriptorRequest] or [WatchMonitoredResourceDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MonitoredResourceDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MonitoredResourceDescriptor new index in resulting query view.

MonitoredResourceDescriptorChange.Removed Message

Removed is returned when MonitoredResourceDescriptor is deleted or leaves Query view

Name Type Description
name string (name of MonitoredResourceDescriptor)
view_index int32 Integer specifying removed MonitoredResourceDescriptor index. Not populated in stateless watch type.

MonitoredResourceSelector Message

MonitoredResourceSelector selects resource.type and list of labels used to build query, like:

resource.type IN ("type0", "type1", ...) AND
resource.labels.<key0> IN (label0_0, label0_1, ...) AND
resource.labels.<key1> IN (label1_0, label1_1, ...) AND ...

Note: Only one resource.type per query is currently allowed

Name Type Description
types repeated string
labels map<string, Strings> label key, e.g. “project_id”, “target_id”, etc Note the missing “resource.labels.” prefix.

NotificationChange Message

NotificationChange is used by Watch notifications Responses to describe change of single Notification One of Added, Modified, Removed

Name Type Description
added NotificationChange.Added Added is returned when watched document is added, either created or enters Query view
modified NotificationChange.Modified Modified is returned when watched document is modified
current NotificationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed NotificationChange.Removed Removed is returned when Notification is deleted or leaves Query view

NotificationChange.Added Message

Notification has been added to query view

Name Type Description
notification Notification
view_index int32 Integer describing index of added Notification in resulting query view.

NotificationChange.Current Message

Notification has been added or modified in a query view. Version used for stateless watching

Name Type Description
notification Notification

NotificationChange.Modified Message

Notification changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Notification) Name of modified Notification
notification Notification New version of Notification or masked difference, depending on mask_changes instrumentation of issued [WatchNotificationRequest] or [WatchNotificationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Notification. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Notification new index in resulting query view.

NotificationChange.Removed Message

Removed is returned when Notification is deleted or leaves Query view

Name Type Description
name string (name of Notification)
view_index int32 Integer specifying removed Notification index. Not populated in stateless watch type.

NotificationChannelChange Message

NotificationChannelChange is used by Watch notifications Responses to describe change of single NotificationChannel One of Added, Modified, Removed

Name Type Description
added NotificationChannelChange.Added Added is returned when watched document is added, either created or enters Query view
modified NotificationChannelChange.Modified Modified is returned when watched document is modified
current NotificationChannelChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed NotificationChannelChange.Removed Removed is returned when NotificationChannel is deleted or leaves Query view

NotificationChannelChange.Added Message

NotificationChannel has been added to query view

Name Type Description
notification_channel NotificationChannel
view_index int32 Integer describing index of added NotificationChannel in resulting query view.

NotificationChannelChange.Current Message

NotificationChannel has been added or modified in a query view. Version used for stateless watching

Name Type Description
notification_channel NotificationChannel

NotificationChannelChange.Modified Message

NotificationChannel changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of NotificationChannel) Name of modified NotificationChannel
notification_channel NotificationChannel New version of NotificationChannel or masked difference, depending on mask_changes instrumentation of issued [WatchNotificationChannelRequest] or [WatchNotificationChannelsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified NotificationChannel. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying NotificationChannel new index in resulting query view.

NotificationChannelChange.Removed Message

Removed is returned when NotificationChannel is deleted or leaves Query view

Name Type Description
name string (name of NotificationChannel)
view_index int32 Integer specifying removed NotificationChannel index. Not populated in stateless watch type.

Pagination Message

Name Type Description
view string
function string
alignment_period .google.protobuf.Duration
limit int32
offset int32

PhantomTimeSerieChange Message

PhantomTimeSerieChange is used by Watch notifications Responses to describe change of single PhantomTimeSerie One of Added, Modified, Removed

Name Type Description
added PhantomTimeSerieChange.Added Added is returned when watched document is added, either created or enters Query view
modified PhantomTimeSerieChange.Modified Modified is returned when watched document is modified
current PhantomTimeSerieChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PhantomTimeSerieChange.Removed Removed is returned when PhantomTimeSerie is deleted or leaves Query view

PhantomTimeSerieChange.Added Message

PhantomTimeSerie has been added to query view

Name Type Description
phantom_time_serie PhantomTimeSerie
view_index int32 Integer describing index of added PhantomTimeSerie in resulting query view.

PhantomTimeSerieChange.Current Message

PhantomTimeSerie has been added or modified in a query view. Version used for stateless watching

Name Type Description
phantom_time_serie PhantomTimeSerie

PhantomTimeSerieChange.Modified Message

PhantomTimeSerie changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of PhantomTimeSerie) Name of modified PhantomTimeSerie
phantom_time_serie PhantomTimeSerie New version of PhantomTimeSerie or masked difference, depending on mask_changes instrumentation of issued [WatchPhantomTimeSerieRequest] or [WatchPhantomTimeSeriesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified PhantomTimeSerie. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying PhantomTimeSerie new index in resulting query view.

PhantomTimeSerieChange.Removed Message

Removed is returned when PhantomTimeSerie is deleted or leaves Query view

Name Type Description
name string (name of PhantomTimeSerie)
view_index int32 Integer specifying removed PhantomTimeSerie index. Not populated in stateless watch type.

Point Message

A single data point in a time series.

Name Type Description
interval TimeInterval The time interval to which the data point applies. For GAUGE metrics, only the end time of the interval is used. For DELTA metrics, the start and end time should specify a non-zero interval, with subsequent points specifying contiguous and non-overlapping intervals. For CUMULATIVE metrics, the start and end time should specify a non-zero interval, with subsequent points specifying the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.
value TypedValue The value of the data point.
aggregation Aggregation Additional aggregation info Used internally for batching rollup points

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

RecoveryStoreShardingInfoChange Message

RecoveryStoreShardingInfoChange is used by Watch notifications Responses to describe change of single RecoveryStoreShardingInfo One of Added, Modified, Removed

Name Type Description
added RecoveryStoreShardingInfoChange.Added Added is returned when watched document is added, either created or enters Query view
modified RecoveryStoreShardingInfoChange.Modified Modified is returned when watched document is modified
current RecoveryStoreShardingInfoChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RecoveryStoreShardingInfoChange.Removed Removed is returned when RecoveryStoreShardingInfo is deleted or leaves Query view

RecoveryStoreShardingInfoChange.Added Message

RecoveryStoreShardingInfo has been added to query view

Name Type Description
recovery_store_sharding_info RecoveryStoreShardingInfo
view_index int32 Integer describing index of added RecoveryStoreShardingInfo in resulting query view.

RecoveryStoreShardingInfoChange.Current Message

RecoveryStoreShardingInfo has been added or modified in a query view. Version used for stateless watching

Name Type Description
recovery_store_sharding_info RecoveryStoreShardingInfo

RecoveryStoreShardingInfoChange.Modified Message

RecoveryStoreShardingInfo changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of modified RecoveryStoreShardingInfo
recovery_store_sharding_info RecoveryStoreShardingInfo New version of RecoveryStoreShardingInfo or masked difference, depending on mask_changes instrumentation of issued [WatchRecoveryStoreShardingInfoRequest] or [WatchRecoveryStoreShardingInfosRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified RecoveryStoreShardingInfo. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying RecoveryStoreShardingInfo new index in resulting query view.

RecoveryStoreShardingInfoChange.Removed Message

Removed is returned when RecoveryStoreShardingInfo is deleted or leaves Query view

Name Type Description
name string (name of RecoveryStoreShardingInfo)
view_index int32 Integer specifying removed RecoveryStoreShardingInfo index. Not populated in stateless watch type.

Strings Message

Represents wrapped list of strings.

Name Type Description
values repeated string

TimeInterval Message

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Name Type Description
end_time .google.protobuf.Timestamp Required. The end of the time interval.
start_time .google.protobuf.Timestamp Optional. The beginning of the time interval. The default value for the start time is the end time. The start time must not be later than the end time.

TimeRange Message

Time Range represents time between two points in time. Any of those can be missing, which means it’s open-ended.

Name Type Description
start_time .google.protobuf.Timestamp Optional. Start of time range
end_time .google.protobuf.Timestamp Optional. End of time range

TimeSeriesSelector Message

Name Type Description
metric MetricSelector Metric Selector used to specify filtered Metric types and labels
resource MonitoredResourceSelector Resource Selector used to specify filtered Monitored Resource types and labels

TypedValue Message

A single strongly-typed value.

Name Type Description
bool_value bool A Boolean value: true or false.
int64_value int64 A 64-bit integer. Its range is approximately ±9.2x10<sup>18</sup>.
double_value double A 64-bit double-precision floating-point number. Its magnitude is approximately ±10<sup>±300</sup> and it has 16 significant digits of precision.
string_value string A variable-length string value.
distribution_value Distribution A distribution value.

Monitoring Service Shared Enumerations

Here is the list of Monitoring service shared enumerations:

Aggregation.Aligner Enumeration

The Aligner describes how to bring the data points in a single time series into temporal alignment.

Name Description
ALIGN_NONE No alignment. Raw data is returned. Not valid if cross-time series reduction is requested. The value type of the result is the same as the value type of the input.
ALIGN_DELTA Align and convert to delta metric type. This alignment is valid for cumulative metrics and delta metrics. Aligning an existing delta metric to a delta metric requires that the alignment period be increased. The value type of the result is the same as the value type of the input. One can think of this aligner as a rate but without time units; that is, the output is conceptually (second_point - first_point).
ALIGN_RATE Align and convert to a rate. This alignment is valid for cumulative metrics and delta metrics with numeric values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]. One can think of this aligner as conceptually providing the slope of the line that passes through the value at the start and end of the window. In other words, this is conceptually ((y1 - y0)/(t1 - t0)), and the output unit is one that has a “/time” dimension. If, by rate, you are looking for percentage change, see the ALIGN_PERCENT_CHANGE aligner option.
ALIGN_INTERPOLATE Align by interpolating between adjacent points around the period boundary. This alignment is valid for gauge metrics with numeric values. The value type of the result is the same as the value type of the input.
ALIGN_NEXT_OLDER Align by shifting the oldest data point before the period boundary to the boundary. This alignment is valid for gauge metrics. The value type of the result is the same as the value type of the input.
ALIGN_MIN Align time series via aggregation. The resulting data point in the alignment period is the minimum of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the result is the same as the value type of the input.
ALIGN_MAX Align time series via aggregation. The resulting data point in the alignment period is the maximum of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the result is the same as the value type of the input.
ALIGN_MEAN Align time series via aggregation. The resulting data point in the alignment period is the average or arithmetic mean of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_COUNT Align time series via aggregation. The resulting data point in the alignment period is the count of all data points in the period. This alignment is valid for gauge and delta metrics with numeric or Boolean values. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
ALIGN_SUM Align time series via aggregation. The resulting data point in the alignment period is the sum of all data points in the period. This alignment is valid for gauge and delta metrics with numeric and distribution values. The value type of the output is the same as the value type of the input.
ALIGN_STDDEV Align time series via aggregation. The resulting data point in the alignment period is the standard deviation of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_COUNT_TRUE Align time series via aggregation. The resulting data point in the alignment period is the count of True-valued data points in the period. This alignment is valid for gauge metrics with Boolean values. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
ALIGN_COUNT_FALSE Align time series via aggregation. The resulting data point in the alignment period is the count of False-valued data points in the period. This alignment is valid for gauge metrics with Boolean values. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
ALIGN_FRACTION_TRUE Align time series via aggregation. The resulting data point in the alignment period is the fraction of True-valued data points in the period. This alignment is valid for gauge metrics with Boolean values. The output value is in the range [0, 1] and has value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_99 Align time series via aggregation. The resulting data point in the alignment period is the 99th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_95 Align time series via aggregation. The resulting data point in the alignment period is the 95th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_50 Align time series via aggregation. The resulting data point in the alignment period is the 50th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_05 Align time series via aggregation. The resulting data point in the alignment period is the 5th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENT_CHANGE Align and convert to a percentage change. This alignment is valid for gauge and delta metrics with numeric values. This alignment conceptually computes the equivalent of “((current - previous)/previous)*100” where previous value is determined based on the alignmentPeriod. In the event that previous is 0 the calculated value is infinity with the exception that if both (current - previous) and previous are 0 the calculated value is 0. A 10 minute moving mean is computed at each point of the time window prior to the above calculation to smooth the metric and prevent false positives from very short lived spikes. Only applicable for data that is >= 0. Any values < 0 are treated as no data. While delta metrics are accepted by this alignment special care should be taken that the values for the metric will always be positive. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_SUMMARY Outputs Distribution without bucketing with stats like: Min, Max, Count, Mean, SumOfSquaredDeviations valid only for LONG, DOUBLE and DISTRIBUTION value types
ALIGN_TDIGEST_SUMMARY TDigest Summary allows for calculation (and further aggregation) of percentiles

Aggregation.Reducer Enumeration

A Reducer describes how to aggregate data points from multiple time series into a single time series.

Name Description
REDUCE_NONE No cross-time series reduction. The output of the aligner is returned.
REDUCE_MEAN Reduce by computing the mean across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric or distribution values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
REDUCE_MIN Reduce by computing the minimum across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric values. The value type of the output is the same as the value type of the input.
REDUCE_MAX Reduce by computing the maximum across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric values. The value type of the output is the same as the value type of the input.
REDUCE_SUM Reduce by computing the sum across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric and distribution values. The value type of the output is the same as the value type of the input.
REDUCE_STDDEV Reduce by computing the standard deviation across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric or distribution values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
REDUCE_COUNT Reduce by computing the count of data points across time series for each alignment period. This reducer is valid for delta and gauge metrics of numeric, Boolean, distribution, and string value type. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
REDUCE_COUNT_TRUE Reduce by computing the count of True-valued data points across time series for each alignment period. This reducer is valid for delta and gauge metrics of Boolean value type. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
REDUCE_COUNT_FALSE Reduce by computing the count of False-valued data points across time series for each alignment period. This reducer is valid for delta and gauge metrics of Boolean value type. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
REDUCE_FRACTION_TRUE Reduce by computing the fraction of True-valued data points across time series for each alignment period. This reducer is valid for delta and gauge metrics of Boolean value type. The output value is in the range [0, 1] and has value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
REDUCE_PERCENTILE_99 Reduce by computing 99th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_PERCENTILE_95 Reduce by computing 95th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_PERCENTILE_50 Reduce by computing 50th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_PERCENTILE_05 Reduce by computing 5th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_SUMMARY Reduce with Distribution with stats like: Min, Max, Count, Mean, SumOfSquaredDeviations, histogram. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DISTRIBUTION][google.api.MetricDescriptor.ValueType.DISTRIBUTION]

LabelDescriptor.ValueType Enumeration

Value types that can be used as label values.

Name Description
STRING A variable-length string. This is the default.
BOOL Boolean; true or false.
INT64 A 64-bit signed integer.

TimeSeriesView Enumeration

Controls which fields are returned by ListTimeSeries.

Name Description
FULL Returns the identity of the metric(s), the time series, and the time series data.
HEADERS Returns the identity of the metric and the time series resource, but not the time series data.

5.2 -

Understanding the monitoring.edgelq.com service APIv4, in proto package ntt.monitoring.v4.

Service monitoring.edgelq.com in version v4, proto package ntt.monitoring.v4

Here is the list of resources supported in Monitoring service APIv4:

Alert Resource

Alert Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}/alertingConditions/{alerting_condition}/alerts/{alert}

Parent resources:

This section covers the methods and messages to interact with Alert resource.

Alert Methods

Here is the list of Alert resource methods:

GetAlert Method

GetAlert

rpc GetAlert(GetAlertRequest) returns (Alert)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.get

The equivalent REST API is:

GET /v4/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*}

BatchGetAlerts Method

BatchGetAlerts

rpc BatchGetAlerts(BatchGetAlertsRequest) returns (BatchGetAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.batchGet

The equivalent REST API is:

GET /v4/alerts:batchGet

ListAlerts Method

ListAlerts

rpc ListAlerts(ListAlertsRequest) returns (ListAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.list

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts

WatchAlert Method

WatchAlert

rpc WatchAlert(WatchAlertRequest) returns (WatchAlertResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.watch

The equivalent REST API is:

POST /v4/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*}:watch

WatchAlerts Method

WatchAlerts

rpc WatchAlerts(WatchAlertsRequest) returns (WatchAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.watch

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts:watch

UpdateAlert Method

UpdateAlert

rpc UpdateAlert(UpdateAlertRequest) returns (Alert)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.update

The equivalent REST API is:

PUT /v4/{alert.name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*} (BODY: alert)

DeleteAlert Method

DeleteAlert

rpc DeleteAlert(DeleteAlertRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*/alerts/*}

BulkCreateAlerts Method

BulkCreateAlerts

rpc BulkCreateAlerts(BulkCreateAlertsRequest) returns (BulkCreateAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.bulkCreateAlerts

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts:bulkCreateAlerts

BulkUpdateAlerts Method

BulkUpdateAlerts

rpc BulkUpdateAlerts(BulkUpdateAlertsRequest) returns (BulkUpdateAlertsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alerts.bulkUpdateAlerts

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}/alerts:bulkUpdateAlerts

Alert Messages

Here is the list of Alert resource messages:

Alert Message

Name Type Description
name string (name of Alert) Name of Alert When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.:-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string
info Alert.Info
state Alert.State State of alert

Alert.Info Message

Name Type Description
time_serie Alert.Info.TimeSerie TimeSerie labels that violated condition. If Alert is for AlertingCondition using combine threshold, metric.type will be equal to primary metric indicated.
observed_values Alert.Info.ObservedValues observed time series values during alert creation

Alert.State Message

Name Type Description
is_firing bool
is_acknowledged bool
is_silenced bool
lifetime TimeRange describes in terms of time series when alert began and ended (resolved). uses Time Series derived timestamps, rather than real-time. use meta.create_time to get creation date.
needs_notification bool This alert needs to be notified
notification_created bool Notification resource is generated for this alert
lifecycle_completed bool Alert has ended and any needed notifications are processed

Alert.Info.TimeSerie Message

Name Type Description
key bytes
metric Metric
monitored_resource MonitoredResource
data repeated string Internal data for filtering…
bin_data repeated bytes

Alert.Info.ObservedValues Message

Name Type Description
example_value double oneof
per_metric map<string, double>

GetAlertRequest Message

A request message of the GetAlert method.

Name Type Description
name string (name of Alert) Name of ntt.monitoring.v4.Alert
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertsRequest Message

A request message of the BatchGetAlerts method.

Name Type Description
names repeated string (name of Alert) Names of Alerts
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertsResponse Message

A response message of the BatchGetAlerts method.

Name Type Description
alerts repeated Alert found Alerts
missing repeated string (name of Alert) list of not found Alerts

ListAlertsRequest Message

A request message of the ListAlerts method.

Name Type Description
parent string (parent name of Alert) Parent name of ntt.monitoring.v4.Alert
page_size int32 Requested page size. Server may return fewer Alerts than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Alert) A token identifying a page of results the server should return. Typically, this is the value of ListAlertsResponse.next_page_token.
order_by string (orderBy of Alert) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Alert) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAlertsResponse Message

A response message of the ListAlerts method.

Name Type Description
alerts repeated Alert The list of Alerts
prev_page_token string (cursor of Alert) A token to retrieve previous page of results. Pass this value in the ListAlertsRequest.page_token.
next_page_token string (cursor of Alert) A token to retrieve next page of results. Pass this value in the ListAlertsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Alerts across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAlertRequest Message

A request message of the WatchAlert method.

Name Type Description
name string (name of Alert) Name of ntt.monitoring.v4.Alert
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAlertResponse Message

A response message of the WatchAlert method.

Name Type Description
change AlertChange

WatchAlertsRequest Message

A request message of the WatchAlerts method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Alert) Parent name of ntt.monitoring.v4.Alert
page_size int32 Requested page size. Server may return fewer Alerts than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Alert) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Alert) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Alert) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Alert that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Alert that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAlertsResponse Message

A response message of the WatchAlerts method.

Name Type Description
alert_changes repeated AlertChange Changes of Alerts
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Alerts will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAlertsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Alerts will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAlertsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Alert) New token to retrieve previous page of results.
next_page_token string (cursor of Alert) New token to retrieve next page of results.

UpdateAlertRequest Message

A request message of the UpdateAlert method.

Name Type Description
alert Alert Alert resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAlertRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
response_mask UpdateAlertRequest.ResponseMask Optional masking applied to response object to reduce message response size.

UpdateAlertRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Alert Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAlertRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAlertRequest Message

A request message of the DeleteAlert method.

Name Type Description
name string (name of Alert) Name of ntt.monitoring.v4.Alert
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

BulkCreateAlertsRequest Message

A request message of the BulkCreateAlerts method.

Name Type Description
parent string (parent name of Alert) Parent name of ntt.monitoring.v4.Alert
alerts repeated Alert

BulkCreateAlertsResponse Message

A response message of the BulkCreateAlerts method.

Name Type Description
none none none

BulkUpdateAlertsRequest Message

A request message of the BulkUpdateAlerts method.

Name Type Description
parent string (parent name of Alert) Parent name of ntt.monitoring.v4.Alert
update_mask .google.protobuf.FieldMask
alerts repeated Alert

BulkUpdateAlertsResponse Message

A response message of the BulkUpdateAlerts method.

Name Type Description
none none none

AlertingCondition Resource

AlertingCondition Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}/alertingConditions/{alerting_condition}

Parent resources:

This section covers the methods and messages to interact with AlertingCondition resource.

AlertingCondition Methods

Here is the list of AlertingCondition resource methods:

GetAlertingCondition Method

GetAlertingCondition

rpc GetAlertingCondition(GetAlertingConditionRequest) returns (AlertingCondition)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.get

The equivalent REST API is:

GET /v4/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}

BatchGetAlertingConditions Method

BatchGetAlertingConditions

rpc BatchGetAlertingConditions(BatchGetAlertingConditionsRequest) returns (BatchGetAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.batchGet

The equivalent REST API is:

GET /v4/alertingConditions:batchGet

ListAlertingConditions Method

ListAlertingConditions

rpc ListAlertingConditions(ListAlertingConditionsRequest) returns (ListAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.list

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions

WatchAlertingCondition Method

WatchAlertingCondition

rpc WatchAlertingCondition(WatchAlertingConditionRequest) returns (WatchAlertingConditionResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.watch

The equivalent REST API is:

POST /v4/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}:watch

WatchAlertingConditions Method

WatchAlertingConditions

rpc WatchAlertingConditions(WatchAlertingConditionsRequest) returns (WatchAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.watch

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions:watch

CreateAlertingCondition Method

CreateAlertingCondition

rpc CreateAlertingCondition(CreateAlertingConditionRequest) returns (AlertingCondition)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.create

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions (BODY: alerting_condition)

UpdateAlertingCondition Method

UpdateAlertingCondition

rpc UpdateAlertingCondition(UpdateAlertingConditionRequest) returns (AlertingCondition)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.update

The equivalent REST API is:

PUT /v4/{alerting_condition.name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*} (BODY: alerting_condition)

DeleteAlertingCondition Method

DeleteAlertingCondition

rpc DeleteAlertingCondition(DeleteAlertingConditionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/regions/*/alertingPolicies/*/alertingConditions/*}

SearchAlertingConditions Method

SearchAlertingConditions

rpc SearchAlertingConditions(SearchAlertingConditionsRequest) returns (SearchAlertingConditionsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingConditions.search

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*/alertingPolicies/*}/alertingConditions:search

AlertingCondition Messages

Here is the list of AlertingCondition resource messages:

AlertingCondition Message

Name Type Description
name string (name of AlertingCondition) Name of AlertingCondition When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
description string Long description
spec AlertingCondition.Spec
state AlertingCondition.State

AlertingCondition.Spec Message

Name Type Description
time_series AlertingCondition.Spec.TimeSeries

AlertingCondition.State Message

Name Type Description
firing_alerts_count int64

AlertingCondition.Spec.TimeSeries Message

Name Type Description
query AlertingCondition.Spec.TimeSeries.Query Time Series Query
threshold AlertingCondition.Spec.TimeSeries.Threshold Either specify single threshold or combine threshold, which allows to pair each metric value to their specific thresholds, e.g. distinguish mean (loss, latency, jitter) in single query. If combine threshold is used, alert will be triggered only when all thresholds are violated. Example use case: * Trigger alert when CPU utilization > … and uptime > … (so we dont alert during startup unnecessarily). Time series sharing same fields except metric.type are merged (originally determined by aggregation.groupByFields).
combine_threshold AlertingCondition.Spec.TimeSeries.CombineThreshold
duration .google.protobuf.Duration Duration describes length of time needed for the condition to trigger a new alert of resolve an existing one

AlertingCondition.Spec.TimeSeries.Query Message

Name Type Description
filter string (filter of TimeSerie) Filter used for time-series.
selector TimeSeriesSelector Generated, filter-able selector, extracted from filter value. It will contain all extracted conditions for ‘==’ and ‘IN’ operators. It will exclude conditions for operators ‘!=’ and ‘NOT IN’. This allows filtering AlertingConditions by filter conditions.
aggregation Aggregation Time Series aggregation. In case of combine threshold, it is used by “main” metric.type, and additional metric types if overrides are not specified.
per_metric_aggregations map<string, Aggregation> If metric.type uses CombineThreshold and multiple metrics, it can provide extra per metric aggregation override. This cannot be specified for “main” metric.type. But be aware, AP and GroupByFields must be exactly same as in “aggregation” field.

AlertingCondition.Spec.TimeSeries.Threshold Message

Name Type Description
compare AlertingCondition.Spec.TimeSeries.Threshold.Compare Compare function specifies if observed value must be GreaterThan (GT) or LesserThan (LT) threshold value in order to trigger an alert. Example: for metric latency {compare: GT, value: 150} will trigger if actual latency is above 150ms.
value double threshold value

AlertingCondition.Spec.TimeSeries.CombineThreshold Message

Name Type Description
per_metric map<string, AlertingCondition.Spec.TimeSeries.Threshold> Per Metric threshold. If multiple metrics are selected each metric may specify a different threshold
main_metric_type string Primary metric.type for this condition. Although Alerts generated across multiple metric.type are possible, Alert instance has single “info.time_serie.metric.type” field path value.
per_metric_type_kv map<string, bytes> Internal per metric identifiers in binary key

GetAlertingConditionRequest Message

A request message of the GetAlertingCondition method.

Name Type Description
name string (name of AlertingCondition) Name of ntt.monitoring.v4.AlertingCondition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingConditionsRequest Message

A request message of the BatchGetAlertingConditions method.

Name Type Description
names repeated string (name of AlertingCondition) Names of AlertingConditions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingConditionsResponse Message

A response message of the BatchGetAlertingConditions method.

Name Type Description
alerting_conditions repeated AlertingCondition found AlertingConditions
missing repeated string (name of AlertingCondition) list of not found AlertingConditions

ListAlertingConditionsRequest Message

A request message of the ListAlertingConditions method.

Name Type Description
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v4.AlertingCondition
page_size int32 Requested page size. Server may return fewer AlertingConditions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingCondition) A token identifying a page of results the server should return. Typically, this is the value of ListAlertingConditionsResponse.next_page_token.
order_by string (orderBy of AlertingCondition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingCondition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAlertingConditionsResponse Message

A response message of the ListAlertingConditions method.

Name Type Description
alerting_conditions repeated AlertingCondition The list of AlertingConditions
prev_page_token string (cursor of AlertingCondition) A token to retrieve previous page of results. Pass this value in the ListAlertingConditionsRequest.page_token.
next_page_token string (cursor of AlertingCondition) A token to retrieve next page of results. Pass this value in the ListAlertingConditionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AlertingConditions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAlertingConditionRequest Message

A request message of the WatchAlertingCondition method.

Name Type Description
name string (name of AlertingCondition) Name of ntt.monitoring.v4.AlertingCondition
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAlertingConditionResponse Message

A response message of the WatchAlertingCondition method.

Name Type Description
change AlertingConditionChange

WatchAlertingConditionsRequest Message

A request message of the WatchAlertingConditions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v4.AlertingCondition
page_size int32 Requested page size. Server may return fewer AlertingConditions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AlertingCondition) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AlertingCondition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AlertingCondition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AlertingCondition that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AlertingCondition that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAlertingConditionsResponse Message

A response message of the WatchAlertingConditions method.

Name Type Description
alerting_condition_changes repeated AlertingConditionChange Changes of AlertingConditions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AlertingConditions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAlertingConditionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AlertingConditions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAlertingConditionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AlertingCondition) New token to retrieve previous page of results.
next_page_token string (cursor of AlertingCondition) New token to retrieve next page of results.

CreateAlertingConditionRequest Message

A request message of the CreateAlertingCondition method.

Name Type Description
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v4.AlertingCondition
alerting_condition AlertingCondition AlertingCondition resource body
response_mask CreateAlertingConditionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAlertingConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAlertingConditionRequest Message

A request message of the UpdateAlertingCondition method.

Name Type Description
alerting_condition AlertingCondition AlertingCondition resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAlertingConditionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAlertingConditionRequest.ResponseMask reduce message response size.

UpdateAlertingConditionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AlertingCondition Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAlertingConditionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAlertingConditionRequest Message

A request message of the DeleteAlertingCondition method.

Name Type Description
name string (name of AlertingCondition) Name of ntt.monitoring.v4.AlertingCondition
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchAlertingConditionsRequest Message

A request message of the SearchAlertingConditions method.

Name Type Description
parent string (parent name of AlertingCondition) Parent name of ntt.monitoring.v4.AlertingCondition
page_size int32 Requested page size. Server may return fewer AlertingConditions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingCondition) A token identifying a page of results the server should return. Typically, this is the value of SearchAlertingConditionsResponse.next_page_token.
order_by string (orderBy of AlertingCondition) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingCondition) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchAlertingConditionsResponse Message

A response message of the SearchAlertingConditions method.

Name Type Description
alerting_conditions repeated AlertingCondition The list of AlertingConditions
prev_page_token string (cursor of AlertingCondition) A token to retrieve previous page of results. Pass this value in the SearchAlertingConditionsRequest.page_token.
next_page_token string (cursor of AlertingCondition) A token to retrieve next page of results. Pass this value in the SearchAlertingConditionsRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total AlertingConditions across all pages.

AlertingCondition Enumerations

Here is the list of AlertingCondition resource enumerations:

AlertingCondition.Spec.TimeSeries.Threshold.Compare Enumeration

Name Description
COMPARE_UNSPECIFIED
GT
LT

AlertingPolicy Resource

AlertingPolicy Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}

Parent resources:

This section covers the methods and messages to interact with AlertingPolicy resource.

AlertingPolicy Methods

Here is the list of AlertingPolicy resource methods:

GetAlertingPolicy Method

GetAlertingPolicy

rpc GetAlertingPolicy(GetAlertingPolicyRequest) returns (AlertingPolicy)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.get

The equivalent REST API is:

GET /v4/{name=projects/*/regions/*/alertingPolicies/*}

BatchGetAlertingPolicies Method

BatchGetAlertingPolicies

rpc BatchGetAlertingPolicies(BatchGetAlertingPoliciesRequest) returns (BatchGetAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.batchGet

The equivalent REST API is:

GET /v4/alertingPolicies:batchGet

ListAlertingPolicies Method

ListAlertingPolicies

rpc ListAlertingPolicies(ListAlertingPoliciesRequest) returns (ListAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.list

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*}/alertingPolicies

WatchAlertingPolicy Method

WatchAlertingPolicy

rpc WatchAlertingPolicy(WatchAlertingPolicyRequest) returns (WatchAlertingPolicyResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.watch

The equivalent REST API is:

POST /v4/{name=projects/*/regions/*/alertingPolicies/*}:watch

WatchAlertingPolicies Method

WatchAlertingPolicies

rpc WatchAlertingPolicies(WatchAlertingPoliciesRequest) returns (WatchAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.watch

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*}/alertingPolicies:watch

CreateAlertingPolicy Method

CreateAlertingPolicy

rpc CreateAlertingPolicy(CreateAlertingPolicyRequest) returns (AlertingPolicy)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.create

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*}/alertingPolicies (BODY: alerting_policy)

UpdateAlertingPolicy Method

UpdateAlertingPolicy

rpc UpdateAlertingPolicy(UpdateAlertingPolicyRequest) returns (AlertingPolicy)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.update

The equivalent REST API is:

PUT /v4/{alerting_policy.name=projects/*/regions/*/alertingPolicies/*} (BODY: alerting_policy)

DeleteAlertingPolicy Method

DeleteAlertingPolicy

rpc DeleteAlertingPolicy(DeleteAlertingPolicyRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/regions/*/alertingPolicies/*}

SearchAlertingPolicies Method

SearchAlertingPolicies

rpc SearchAlertingPolicies(SearchAlertingPoliciesRequest) returns (SearchAlertingPoliciesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/alertingPolicies.search

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*}/alertingPolicies:search

AlertingPolicy Messages

Here is the list of AlertingPolicy resource messages:

AlertingPolicy Message

Name Type Description
name string (name of AlertingPolicy) Name of AlertingPolicy When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string display name
description string Long description
documentation AlertingPolicy.Documentation
spec AlertingPolicy.Spec Spec
state AlertingPolicy.State

AlertingPolicy.Documentation Message

Documentation

Name Type Description
content string Documentation content
mime_type string documentation mime type. Only "text/markdown" is supported.

AlertingPolicy.Spec Message

Name Type Description
enabled bool Whether policy is enabled and will evaluate any conditions Note: If any existing fired alerts are present, they will not be resolved automatically TODO: consider if they should?
condition_combiner AlertingPolicy.Spec.ConditionsCombiner Condition Combiner when deciding if ANY (OR) or ALL (AND) conditions for given subset of resource labels must fire in order to trigger an alert TODO: Add support to AND
notification AlertingPolicy.Spec.Notification Notification specification

AlertingPolicy.State Message

Name Type Description
active_alerts_count int64 Number of ongoing alerts (incident has not ended)

AlertingPolicy.Spec.Notification Message

Notification specification for a given Policy

Name Type Description
enabled bool Enabled flag determines whether any notifications will be sent
channels repeated string (reference to NotificationChannel)

GetAlertingPolicyRequest Message

A request message of the GetAlertingPolicy method.

Name Type Description
name string (name of AlertingPolicy) Name of ntt.monitoring.v4.AlertingPolicy
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingPoliciesRequest Message

A request message of the BatchGetAlertingPolicies method.

Name Type Description
names repeated string (name of AlertingPolicy) Names of AlertingPolicies
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetAlertingPoliciesResponse Message

A response message of the BatchGetAlertingPolicies method.

Name Type Description
alerting_policies repeated AlertingPolicy found AlertingPolicies
missing repeated string (name of AlertingPolicy) list of not found AlertingPolicies

ListAlertingPoliciesRequest Message

A request message of the ListAlertingPolicies method.

Name Type Description
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v4.AlertingPolicy
page_size int32 Requested page size. Server may return fewer AlertingPolicies than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingPolicy) A token identifying a page of results the server should return. Typically, this is the value of ListAlertingPoliciesResponse.next_page_token.
order_by string (orderBy of AlertingPolicy) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingPolicy) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListAlertingPoliciesResponse Message

A response message of the ListAlertingPolicies method.

Name Type Description
alerting_policies repeated AlertingPolicy The list of AlertingPolicies
prev_page_token string (cursor of AlertingPolicy) A token to retrieve previous page of results. Pass this value in the ListAlertingPoliciesRequest.page_token.
next_page_token string (cursor of AlertingPolicy) A token to retrieve next page of results. Pass this value in the ListAlertingPoliciesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total AlertingPolicies across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchAlertingPolicyRequest Message

A request message of the WatchAlertingPolicy method.

Name Type Description
name string (name of AlertingPolicy) Name of ntt.monitoring.v4.AlertingPolicy
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchAlertingPolicyResponse Message

A response message of the WatchAlertingPolicy method.

Name Type Description
change AlertingPolicyChange

WatchAlertingPoliciesRequest Message

A request message of the WatchAlertingPolicies method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v4.AlertingPolicy
page_size int32 Requested page size. Server may return fewer AlertingPolicies than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of AlertingPolicy) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of AlertingPolicy) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of AlertingPolicy) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to AlertingPolicy that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to AlertingPolicy that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchAlertingPoliciesResponse Message

A response message of the WatchAlertingPolicies method.

Name Type Description
alerting_policy_changes repeated AlertingPolicyChange Changes of AlertingPolicies
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All AlertingPolicies will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchAlertingPoliciesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (AlertingPolicies will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchAlertingPoliciesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of AlertingPolicy) New token to retrieve previous page of results.
next_page_token string (cursor of AlertingPolicy) New token to retrieve next page of results.

CreateAlertingPolicyRequest Message

A request message of the CreateAlertingPolicy method.

Name Type Description
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v4.AlertingPolicy
alerting_policy AlertingPolicy AlertingPolicy resource body
response_mask CreateAlertingPolicyRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateAlertingPolicyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateAlertingPolicyRequest Message

A request message of the UpdateAlertingPolicy method.

Name Type Description
alerting_policy AlertingPolicy AlertingPolicy resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateAlertingPolicyRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateAlertingPolicyRequest.ResponseMask reduce message response size.

UpdateAlertingPolicyRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state AlertingPolicy Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateAlertingPolicyRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteAlertingPolicyRequest Message

A request message of the DeleteAlertingPolicy method.

Name Type Description
name string (name of AlertingPolicy) Name of ntt.monitoring.v4.AlertingPolicy
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

SearchAlertingPoliciesRequest Message

A request message of the SearchAlertingPolicies method.

Name Type Description
parent string (parent name of AlertingPolicy) Parent name of ntt.monitoring.v4.AlertingPolicy
page_size int32 Requested page size. Server may return fewer AlertingPolicies than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of AlertingPolicy) A token identifying a page of results the server should return. Typically, this is the value of SearchAlertingPoliciesResponse.next_page_token.
order_by string (orderBy of AlertingPolicy) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of AlertingPolicy) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
phrase string Optional search phrase used to further filter results.

SearchAlertingPoliciesResponse Message

A response message of the SearchAlertingPolicies method.

Name Type Description
alerting_policies repeated AlertingPolicy The list of AlertingPolicies
prev_page_token string (cursor of AlertingPolicy) A token to retrieve previous page of results. Pass this value in the SearchAlertingPoliciesRequest.page_token.
next_page_token string (cursor of AlertingPolicy) A token to retrieve next page of results. Pass this value in the SearchAlertingPoliciesRequest.page_token.
current_offset int32 Current offset from the first page (0 if no page tokens were given). Page index can be computed from offset and limit provided in a request
total_results_count int32 Number of total AlertingPolicies across all pages.

AlertingPolicy Enumerations

Here is the list of AlertingPolicy resource enumerations:

AlertingPolicy.Spec.ConditionsCombiner Enumeration

Name Description
OR
AND

Bucket Resource

Bucket Resource restricts create/list time series requests to the specified metric/resource types.

Name patterns:

  • projects/{project}/regions/{region}/buckets/{bucket}

Parent resources:

This section covers the methods and messages to interact with Bucket resource.

Bucket Methods

Here is the list of Bucket resource methods:

GetBucket Method

GetBucket

rpc GetBucket(GetBucketRequest) returns (Bucket)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.get

The equivalent REST API is:

GET /v4/{name=projects/*/regions/*/buckets/*}

BatchGetBuckets Method

BatchGetBuckets

rpc BatchGetBuckets(BatchGetBucketsRequest) returns (BatchGetBucketsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.batchGet

The equivalent REST API is:

GET /v4/buckets:batchGet

ListBuckets Method

ListBuckets

rpc ListBuckets(ListBucketsRequest) returns (ListBucketsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.list

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*}/buckets

WatchBucket Method

WatchBucket

rpc WatchBucket(WatchBucketRequest) returns (WatchBucketResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.watch

The equivalent REST API is:

POST /v4/{name=projects/*/regions/*/buckets/*}:watch

WatchBuckets Method

WatchBuckets

rpc WatchBuckets(WatchBucketsRequest) returns (WatchBucketsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.watch

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*}/buckets:watch

CreateBucket Method

CreateBucket

rpc CreateBucket(CreateBucketRequest) returns (Bucket)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.create

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*}/buckets (BODY: bucket)

UpdateBucket Method

UpdateBucket

rpc UpdateBucket(UpdateBucketRequest) returns (Bucket)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.update

The equivalent REST API is:

PUT /v4/{bucket.name=projects/*/regions/*/buckets/*} (BODY: bucket)

DeleteBucket Method

DeleteBucket

rpc DeleteBucket(DeleteBucketRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/buckets.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/regions/*/buckets/*}

Bucket Messages

Here is the list of Bucket resource messages:

Bucket Message

Name Type Description
name string (name of Bucket) Name of Bucket When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-]{2,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
metrics repeated Bucket.RequiredTypedLabels Allowed metric combinations (OR). If empty, all metric types are allowed.
resources repeated Bucket.RequiredTypedLabels Allowed resource combinations (OR).If empty, all resource types are allowed.
required_alt_kvs repeated Bucket.ResolvedKeysWithValues All combinations of key-values (in integer forms) - one of them must be passed by every TimeSerie object for given bucket. Its computed by server side and for internal use.

Bucket.ResolvedValues Message

ResolvedValues contains binary representation of types and labels and possible values. Due to limitations in some db backends (looking at firestore), we use int64 instead of uint64.

Name Type Description
key int64
values repeated int64

Bucket.ResolvedKeysWithValues Message

ResolvedKeysWithValues binds multiple keys with possible values.

Name Type Description
resolved_kvs repeated Bucket.ResolvedValues

Bucket.RequiredTypedLabels Message

RequiredTypedLabels describes required label values for specified metric and resource types. All time series in Create operation must contain at least one allowed type and then labels must match all the labels. For list queries, filter must contain at least one type and all labels must be present in condition containing all or subset of allowed label values.

Name Type Description
types repeated string
labels map<string, Bucket.RequiredTypedLabels.Strings>

Bucket.RequiredTypedLabels.Strings Message

Name Type Description
strings repeated string

GetBucketRequest Message

A request message of the GetBucket method.

Name Type Description
name string (name of Bucket) Name of ntt.monitoring.v4.Bucket
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetBucketsRequest Message

A request message of the BatchGetBuckets method.

Name Type Description
names repeated string (name of Bucket) Names of Buckets
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetBucketsResponse Message

A response message of the BatchGetBuckets method.

Name Type Description
buckets repeated Bucket found Buckets
missing repeated string (name of Bucket) list of not found Buckets

ListBucketsRequest Message

A request message of the ListBuckets method.

Name Type Description
parent string (parent name of Bucket) Parent name of ntt.monitoring.v4.Bucket
page_size int32 Requested page size. Server may return fewer Buckets than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Bucket) A token identifying a page of results the server should return. Typically, this is the value of ListBucketsResponse.next_page_token.
order_by string (orderBy of Bucket) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Bucket) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListBucketsResponse Message

A response message of the ListBuckets method.

Name Type Description
buckets repeated Bucket The list of Buckets
prev_page_token string (cursor of Bucket) A token to retrieve previous page of results. Pass this value in the ListBucketsRequest.page_token.
next_page_token string (cursor of Bucket) A token to retrieve next page of results. Pass this value in the ListBucketsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Buckets across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchBucketRequest Message

A request message of the WatchBucket method.

Name Type Description
name string (name of Bucket) Name of ntt.monitoring.v4.Bucket
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchBucketResponse Message

A response message of the WatchBucket method.

Name Type Description
change BucketChange

WatchBucketsRequest Message

A request message of the WatchBuckets method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Bucket) Parent name of ntt.monitoring.v4.Bucket
page_size int32 Requested page size. Server may return fewer Buckets than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Bucket) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Bucket) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Bucket) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Bucket that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Bucket that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchBucketsResponse Message

A response message of the WatchBuckets method.

Name Type Description
bucket_changes repeated BucketChange Changes of Buckets
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Buckets will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchBucketsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Buckets will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchBucketsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Bucket) New token to retrieve previous page of results.
next_page_token string (cursor of Bucket) New token to retrieve next page of results.

CreateBucketRequest Message

A request message of the CreateBucket method.

Name Type Description
parent string (parent name of Bucket) Parent name of ntt.monitoring.v4.Bucket
bucket Bucket Bucket resource body
response_mask CreateBucketRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateBucketRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateBucketRequest Message

A request message of the UpdateBucket method.

Name Type Description
bucket Bucket Bucket resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateBucketRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateBucketRequest.ResponseMask reduce message response size.

UpdateBucketRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Bucket Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateBucketRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteBucketRequest Message

A request message of the DeleteBucket method.

Name Type Description
name string (name of Bucket) Name of ntt.monitoring.v4.Bucket
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

MetricDescriptor Resource

Defines a metric type and its schema. Once a metric descriptor is created, deleting or altering it stops data collection and makes the metric type’s existing data unusable.

Name patterns:

  • projects/{project}/metricDescriptors/{metric_descriptor}

Parent resources:

This section covers the methods and messages to interact with MetricDescriptor resource.

MetricDescriptor Methods

Here is the list of MetricDescriptor resource methods:

BatchGetMetricDescriptors Method

BatchGetMetricDescriptors

rpc BatchGetMetricDescriptors(BatchGetMetricDescriptorsRequest) returns (BatchGetMetricDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.batchGet

The equivalent REST API is:

GET /v4/metricDescriptors:batchGet

WatchMetricDescriptor Method

WatchMetricDescriptor

rpc WatchMetricDescriptor(WatchMetricDescriptorRequest) returns (WatchMetricDescriptorResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.watch

The equivalent REST API is:

POST /v4/{name=projects/*/metricDescriptors/*}:watch

WatchMetricDescriptors Method

WatchMetricDescriptors

rpc WatchMetricDescriptors(WatchMetricDescriptorsRequest) returns (WatchMetricDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.watch

The equivalent REST API is:

POST /v4/{parent=projects/*}/metricDescriptors:watch

GetMetricDescriptor Method

GetMetricDescriptor

rpc GetMetricDescriptor(GetMetricDescriptorRequest) returns (MetricDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.get

The equivalent REST API is:

GET /v4/{name=projects/*/metricDescriptors/*}

CreateMetricDescriptor Method

CreateMetricDescriptor

rpc CreateMetricDescriptor(CreateMetricDescriptorRequest) returns (MetricDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.create

The equivalent REST API is:

POST /v4/{parent=projects/*}/metricDescriptors (BODY: metric_descriptor)

UpdateMetricDescriptor Method

UpdateMetricDescriptor

rpc UpdateMetricDescriptor(UpdateMetricDescriptorRequest) returns (MetricDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.update

The equivalent REST API is:

PUT /v4/{metric_descriptor.name=projects/*/metricDescriptors/*} (BODY: metric_descriptor)

DeleteMetricDescriptor Method

DeleteMetricDescriptor

rpc DeleteMetricDescriptor(DeleteMetricDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/metricDescriptors/*}

ListMetricDescriptors Method

ListMetricDescriptors

rpc ListMetricDescriptors(ListMetricDescriptorsRequest) returns (ListMetricDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/metricDescriptors.list

The equivalent REST API is:

GET /v4/{parent=projects/*}/metricDescriptors

MetricDescriptor Messages

Here is the list of MetricDescriptor resource messages:

MetricDescriptor Message

Name Type Description
name string (name of MetricDescriptor) Name of MetricDescriptor When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-]{4,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
type string The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name custom.googleapis.com or external.googleapis.com. Metric types should use a natural hierarchical grouping. For example: “custom.googleapis.com/invoice/paid/amount” “external.googleapis.com/prometheus/up” “appengine.googleapis.com/http/server/response_latencies”
resource_types repeated string associated resource_types (also used to infer defaults) examples, devices.edgelq.com/Device, watchdog.edgelq.com/Agent. DEPRECATED, use “indices”.
labels repeated LabelDescriptor The set of labels that can be used to describe a specific instance of this metric type. For example, the appengine.googleapis.com/http/server/response_latencies metric type has a label for the HTTP response code, response_code, so you can look at latencies for successful responses or just for responses that failed.
metric_kind MetricDescriptor.MetricKind Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metric_kind and value_type might not be supported.
value_type MetricDescriptor.ValueType Whether the measurement is an integer, a floating-point number, etc. Some combinations of metric_kind and value_type might not be supported.
unit string The unit in which the metric value is reported. It is only applicable if the value_type is INT64, DOUBLE, or DISTRIBUTION. The supported units are a subset of The Unified Code for Units of Measure standard: Basic units (UNIT) * bit bit * By byte * s second * min minute * h hour * d day Prefixes (PREFIX) * k kilo (103) * M mega (106) * G giga (109) * T tera (1012) * P peta (1015) * E exa (1018) * Z zetta (1021) * Y yotta (1024) * m milli (10**-3) * u micro (10**-6) * n nano (10**-9) * p pico (10**-12) * f femto (10**-15) * a atto (10**-18) * z zepto (10**-21) * y yocto (10**-24) * Ki kibi (210) * Mi mebi (220) * Gi gibi (230) * Ti tebi (240) Grammar The grammar also includes these connectors: * / division (as an infix operator, e.g. 1/s). * . multiplication (as an infix operator, e.g. GBy.d) The grammar for a unit is as follows: Expression = Component { “.” Component } { “/” Component } ; Component = ( [ PREFIX ] UNIT
description string A detailed description of the metric, which can be used in documentation.
display_name string A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example “Request count”. This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota.
metric_descriptor_metadata MetricDescriptor.MetricDescriptorMetadata Optional. Metadata which can be used to guide usage of the metric.
distribution_bucket_options Distribution.BucketOptions Distribution bucketing options - define only when ValueType is Distribution. Used for validating input.
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations. Metric promoted label sets are combined with MonitoredResource promoted label sets and result in PromotedKeySet. DEPRECATED, use “indices” instead.
index_spec MetricDescriptor.IndexSpec DEPRECATED: use “indices”. This field must not be used if client migrated to ResourceBindings. Whenever index_spec is set, it will override resource_descriptor_bindings. This is for migration purpose, future indices must be managed by ResourceBindings.
indices MetricDescriptor.Indices Defines indexing rules for underlying backend enabling query optimizations. It’s important consideration for balancing time series query performance and storage cost. Number of non-disabled indices per resource type is 64. Indices are generated from index families. Final index is a combination of metric & resource promoted label set, and pre-aggregation spec (if any). For example, index family with 2 promoted sets for resource, 3 promoted sets for metric, 2 pre-aggregations would create 12 indices. If no pre-aggregations were defined, it would be 6 indices. Metric and resource label sets must never be empty: At least one empty label set must be present.
storage_config MetricDescriptor.StorageConfig Storage settings
binary_indices MetricDescriptor.BinaryIndices Generated indices data in binary format, for internal use only. They are compiled when MetricDescriptor is saved and used by monitoring server, db-controller or controller when necessary. One MetricDescriptor instance will have different value of this field in each region!

MetricDescriptor.MetricDescriptorMetadata Message

Additional annotations that can be used to guide the usage of a metric.

Name Type Description
launch_stage LaunchStage The launch stage of the metric definition.

MetricDescriptor.IndexSpec Message

DEPRECATED, use Indices

Name Type Description
per_resource repeated MetricDescriptor.IndexSpec.PerMonitoredResource PerResource index

MetricDescriptor.Indices Message

ResourceBindings binds MetricDescriptor with selected MonitoredResourceDescriptors and provides indices for TimeSeries storage.

Name Type Description
built_in MetricDescriptor.Indices.IndexGroups Indices coming by default from application, typically populated by fixtures controller
user_defined MetricDescriptor.Indices.IndexGroups User defined additional indices.
legacy_migrated repeated MetricDescriptor.Indices.NonAggregatedIndices Automatically migrated from older specs. It should not be modified by users, it can only be archived once new indices are populated (update closingStatus fields to CLOSED).

MetricDescriptor.StorageConfig Message

Backend storage config

Name Type Description
store_raw_points bool whether to store raw points
max_ap .google.protobuf.Duration Maximum AlignmentPeriod produced. If max_ap is 0, then it is treated as no maximum. Monitoring will be producing time series for all alignment periods. If max_ap is 1 minute, it means only the smallest alignment period is produced.

MetricDescriptor.BinaryIndices Message

Name Type Description
by_resources repeated MetricDescriptor.BinaryIndices.ByResourceType
region string Region to which above binary data is relevant.

MetricDescriptor.IndexSpec.Index Message

Name Type Description
promoted_labels repeated string each label is of format: {metric,resource}.labels.\<label-key\>. since resource and metric labels are mixed. Full path is required.

MetricDescriptor.IndexSpec.PerMonitoredResource Message

Name Type Description
resource string (reference to MonitoredResourceDescriptor)
indices repeated MetricDescriptor.IndexSpec.Index List of indices for given metric and resource pair

MetricDescriptor.Indices.LabelsGroup Message

LabelsGroup represents set of labels in resource and metric. It forms part of the index generators (non and pre aggregated).

Name Type Description
name string Identifier of the group, used as part of index name and during update validations.
metric_keys repeated string List of metric keys in the group.
resource_keys repeated string List of resource keys in the group.
closing_status MetricDescriptor.Indices.CloseStatus Closing status should be set when indices used by this group is no longer desirable.

MetricDescriptor.Indices.PaginationView Message

PaginationView is used by PaginationIndices. It indicates which labels in metric/resource descriptor are kept for filter purpose, and which are “ranked” by.

Name Type Description
name string Identifier of the group, used as part of index name and during update validations.
filterable_metric_keys repeated string List of metric keys that can optionally be used in filter.
filterable_resource_keys repeated string List of resource keys that can optionally be used in filter.
paginated_metric_keys repeated string List of metric keys that will be part of “paginated” key (for ranking purpose). Provided labels cannot be used for filtering.
paginated_resource_keys repeated string List of resource keys that will be part of “paginated” key (for ranking purpose). Provided labels cannot be used for filtering.
closing_status MetricDescriptor.Indices.CloseStatus Closing status should be set when indices used by this group is no longer desirable.

MetricDescriptor.Indices.AggregationsGroup Message

AggregationsGroup groups aggregations required for pre-aggregated indices.

Name Type Description
name string Name of the group (identifier). Used for validating updates.
per_series_aligners repeated Aggregation.Aligner List of potential values for perSeriesAligner parameter. It must be specified.
cross_series_reducers repeated Aggregation.Reducer List of potential values for crossSeriesReducer parameter. It can be left empty if we want to support large amount of values.
closing_status MetricDescriptor.Indices.CloseStatus Closing status, if this group is no longer desired.
storage_aligners repeated Aggregation.Aligner This field is automatically computed and cannot be set by users. It displays list of aligners used by underlying storage. May not exactly match to requested aligners. TODO: Support output_only annotation for sub-array items

MetricDescriptor.Indices.SortingFunction Message

SortingFunction is a function used for paginable indices.

Name Type Description
name string name of the aligner-reducer function
aligner Aggregation.Aligner Aligner function
reducer Aggregation.Reducer Reducer function, merging values within paginable label set. Resulting value type must be either INT or DOUBLE, DISTRIBUTION is not supported.
closing_status MetricDescriptor.Indices.CloseStatus Closing status of this aligner reducer function.
sorting MetricDescriptor.Indices.SortingFunction.Direction

MetricDescriptor.Indices.PreAggregatedIndices Message

PreAggregatedIndices is a generator of pre-aggregated indices. One pre-aggregated index is generated per combination of resource type, partition label set, filter/group label set, and unique storage aligner (computed from supported aggregations).

Name Type Description
name string Name of the group
resource_types repeated string All resource types in the group
partition_label_sets repeated MetricDescriptor.Indices.LabelsGroup All partition label sets. Each is generating index per mentioned resource type, filter/group label set and aligner. Index, to be used, requires specifying all labels mentioned in partition.
filter_and_group_label_sets repeated MetricDescriptor.Indices.LabelsGroup All label sets containing labels that can be used in filter/groupBy fields (other than partition). Index, to be used, must not contain any label in filter/groupBy not present in the filter/group labels set.
supported_aggregations repeated MetricDescriptor.Indices.AggregationsGroup List of all aggregations required by users.

MetricDescriptor.Indices.NonAggregatedIndices Message

NonAggregatedIndices is a generator of non-aggregated indices. One non-aggregated index is generated per combination of resource type by partition label set.

Name Type Description
name string Name of the whole group.
resource_types repeated string Resource types in this group.
partition_label_sets repeated MetricDescriptor.Indices.LabelsGroup All partition label sets. Each is generating index per mentioned resource type. Index, to be used, requires specifying all labels mentioned in partition.

MetricDescriptor.Indices.PaginationIndices Message

PaginationIndices are special pre-aggregated indices. To access this index, it is necessary to include in the filter some partition label set. Paginable labels MUST not be used in filter, and have no effect in groupBy (always included).

Name Type Description
name string Name of the whole group.
resource_types repeated string Resource types in this group.
partition_label_sets repeated MetricDescriptor.Indices.LabelsGroup All partition label sets. Each is generating index per mentioned resource type. Index, to be used, requires specifying all labels mentioned in partition. Each partition set is matched with each view when generating final views.
views repeated MetricDescriptor.Indices.PaginationView All views describing label sets.
functions repeated MetricDescriptor.Indices.SortingFunction List of functions applied to every partition/views in the group.

MetricDescriptor.Indices.IndexGroups Message

Grouped indices

Name Type Description
pre_aggregated_indices repeated MetricDescriptor.Indices.PreAggregatedIndices Pre-aggregated index sets.
non_aggregated_indices repeated MetricDescriptor.Indices.NonAggregatedIndices Non-aggregated index sets.
pagination_indices repeated MetricDescriptor.Indices.PaginationIndices Pagination indices.

MetricDescriptor.BinaryIndices.PreAggregatedIndex Message

Name Type Description
key_data bytes
writing_aligners repeated bytes
closed_aligners repeated bytes

MetricDescriptor.BinaryIndices.PaginatingIndex Message

Name Type Description
key_data bytes
writing_functions repeated bytes
closed_functions repeated bytes

MetricDescriptor.BinaryIndices.ByResourceType Message

Name Type Description
resource_type string resource.type in string version, but integer is also encoded in every other item for convenience.
aggs_encoder repeated bytes List of aggregation encoders, used by streaming job when computing pre-aggregated values. Last item contains most recent version of aggregation. Previous entries will be closed after some time and removed.
pre_aggregated_indices repeated MetricDescriptor.BinaryIndices.PreAggregatedIndex List of pre-aggregated indices with per-storage-aligner information. These type of indices are more complex due to presence of aligners with their own liveness status.
paginating_indices repeated MetricDescriptor.BinaryIndices.PaginatingIndex
non_aggregated_indices repeated bytes Non aggregated indices. Bytes contain identifier with all promoted keys and name part positions.
name_parts repeated string index name parts

BatchGetMetricDescriptorsRequest Message

A request message of the BatchGetMetricDescriptors method.

Name Type Description
names repeated string (name of MetricDescriptor) Names of MetricDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMetricDescriptorsResponse Message

A response message of the BatchGetMetricDescriptors method.

Name Type Description
metric_descriptors repeated MetricDescriptor found MetricDescriptors
missing repeated string (name of MetricDescriptor) list of not found MetricDescriptors

WatchMetricDescriptorRequest Message

A request message of the WatchMetricDescriptor method.

Name Type Description
name string (name of MetricDescriptor) Name of ntt.monitoring.v4.MetricDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMetricDescriptorResponse Message

A response message of the WatchMetricDescriptor method.

Name Type Description
change MetricDescriptorChange

WatchMetricDescriptorsRequest Message

A request message of the WatchMetricDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of MetricDescriptor) Parent name of ntt.monitoring.v4.MetricDescriptor
page_size int32 Requested page size. Server may return fewer MetricDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MetricDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MetricDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MetricDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MetricDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MetricDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMetricDescriptorsResponse Message

A response message of the WatchMetricDescriptors method.

Name Type Description
metric_descriptor_changes repeated MetricDescriptorChange Changes of MetricDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MetricDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMetricDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MetricDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMetricDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MetricDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of MetricDescriptor) New token to retrieve next page of results.

GetMetricDescriptorRequest Message

Request message for method [GetMetricDescriptor][ntt.monitoring.v4.GetMetricDescriptor]

Name Type Description
name string (name of MetricDescriptor) Name of ntt.monitoring.v4.MetricDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

CreateMetricDescriptorRequest Message

Request message for method [CreateMetricDescriptor][ntt.monitoring.v4.CreateMetricDescriptor]

Name Type Description
parent string (parent name of MetricDescriptor) Parent name of ntt.monitoring.v4.MetricDescriptor
metric_descriptor MetricDescriptor MetricDescriptor resource body
response_mask CreateMetricDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateMetricDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateMetricDescriptorRequest Message

Request message for method [UpdateMetricDescriptor][ntt.monitoring.v4.UpdateMetricDescriptor]

Name Type Description
metric_descriptor MetricDescriptor MetricDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMetricDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateMetricDescriptorRequest.ResponseMask

UpdateMetricDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MetricDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMetricDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteMetricDescriptorRequest Message

Request message for method [DeleteMetricDescriptor][ntt.monitoring.v4.DeleteMetricDescriptor]

Name Type Description
name string (name of MetricDescriptor) Name of ntt.monitoring.v4.MetricDescriptor
allow_missing bool If true, call will not return NotFound error if deleted resource does not exist.

ListMetricDescriptorsRequest Message

Request message for method [ListMetricDescriptors][ntt.monitoring.v4.ListMetricDescriptors]

Name Type Description
parent string (parent name of MetricDescriptor) Parent name of ntt.monitoring.v4.MetricDescriptor
page_size int32 Requested page size. Server may return fewer MetricDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of MetricDescriptor) A token identifying a page of results the server should return. Typically, this is the value of [ListMetricDescriptorsResponse.next_page_token][ntt.monitoring.v4.ListMetricDescriptorsResponse.next_page_token]
order_by string (orderBy of MetricDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of MetricDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMetricDescriptorsResponse Message

Request message for method [ListMetricDescriptors][ntt.monitoring.v4.ListMetricDescriptors]

Name Type Description
metric_descriptors repeated MetricDescriptor The list of MetricDescriptors
prev_page_token string (cursor of MetricDescriptor) A token to retrieve previous page of results. Pass this value in the [ListMetricDescriptorsRequest.page_token][ntt.monitoring.v4.ListMetricDescriptorsRequest.page_token]
next_page_token string (cursor of MetricDescriptor) A token to retrieve next page of results. Pass this value in the [ListMetricDescriptorsRequest.page_token][ntt.monitoring.v4.ListMetricDescriptorsRequest.page_token]
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MetricDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

MetricDescriptor Enumerations

Here is the list of MetricDescriptor resource enumerations:

MetricDescriptor.MetricKind Enumeration

The kind of measurement. It describes how the data is reported.

Name Description
METRIC_KIND_UNSPECIFIED Do not use this default value.
GAUGE An instantaneous measurement of a value.
DELTA The change in a value during a time interval.
CUMULATIVE A value accumulated over a time interval. Cumulative measurements in a time series should have the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.

MetricDescriptor.ValueType Enumeration

The value type of a metric.

Name Description
VALUE_TYPE_UNSPECIFIED Do not use this default value.
BOOL The value is a boolean. This value type can be used only if the metric kind is GAUGE.
INT64 The value is a signed 64-bit integer.
DOUBLE The value is a double precision floating point number.
DISTRIBUTION The value is a [Distribution][google.api.Distribution].

MetricDescriptor.Indices.CloseStatus Enumeration

CloseStatus indicates if index group part is closed. When part of the index closes, all indices it is part of are closed. Older data is still available for reading until group is completely removed.

Name Description
UNDEFINED Index is active for read and write
SUSPENDED index is closed for reading from time when it was suspended. Data prior to suspension is available for reads. Writes are executed normally. SUSPENDED status can be lifted and index will behave like nothing ever happened. Reading will be possible for any time range from creation time.
CLOSED Index is no longer writing, but data prior to the closed status is available for reads. This helps to maintain older indices still available for reading, even if newer better indices were created.

MetricDescriptor.Indices.SortingFunction.Direction Enumeration

Name Description
UNDEFINED
ASCENDING
DESCENDING

MonitoredResourceDescriptor Resource

An object that describes the schema of a [MonitoredResource][google.api.MonitoredResource] object using a type name and a set of labels. For example, the monitored resource descriptor for Google Compute Engine VM instances has a type of "gce_instance" and specifies the use of the labels "instance_id" and "zone" to identify particular VM instances.

Different APIs can support different monitored resource types. APIs generally provide a list method that returns the monitored resource descriptors used by the API.

Name patterns:

  • services/{service}/monitoredResourceDescriptors/{monitored_resource_descriptor}

Parent resources:

This section covers the methods and messages to interact with MonitoredResourceDescriptor resource.

MonitoredResourceDescriptor Methods

Here is the list of MonitoredResourceDescriptor resource methods:

BatchGetMonitoredResourceDescriptors Method

BatchGetMonitoredResourceDescriptors

rpc BatchGetMonitoredResourceDescriptors(BatchGetMonitoredResourceDescriptorsRequest) returns (BatchGetMonitoredResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.batchGet

The equivalent REST API is:

GET /v4/monitoredResourceDescriptors:batchGet

WatchMonitoredResourceDescriptor Method

WatchMonitoredResourceDescriptor

rpc WatchMonitoredResourceDescriptor(WatchMonitoredResourceDescriptorRequest) returns (WatchMonitoredResourceDescriptorResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.watch

The equivalent REST API is:

POST /v4/{name=services/*/monitoredResourceDescriptors/*}:watch

WatchMonitoredResourceDescriptors Method

WatchMonitoredResourceDescriptors

rpc WatchMonitoredResourceDescriptors(WatchMonitoredResourceDescriptorsRequest) returns (WatchMonitoredResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.watch

The equivalent REST API is:

POST /v4/{parent=services/*}/monitoredResourceDescriptors:watch

CreateMonitoredResourceDescriptor Method

CreateMonitoredResourceDescriptor

rpc CreateMonitoredResourceDescriptor(CreateMonitoredResourceDescriptorRequest) returns (MonitoredResourceDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.create

The equivalent REST API is:

POST /v4/{parent=services/*}/monitoredResourceDescriptors (BODY: monitored_resource_descriptor)

UpdateMonitoredResourceDescriptor Method

UpdateMonitoredResourceDescriptor

rpc UpdateMonitoredResourceDescriptor(UpdateMonitoredResourceDescriptorRequest) returns (MonitoredResourceDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.update

The equivalent REST API is:

PUT /v4/{monitored_resource_descriptor.name=services/*/monitoredResourceDescriptors/*} (BODY: monitored_resource_descriptor)

DeleteMonitoredResourceDescriptor Method

DeleteMonitoredResourceDescriptor

rpc DeleteMonitoredResourceDescriptor(DeleteMonitoredResourceDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.delete

The equivalent REST API is:

DELETE /v4/{name=services/*/monitoredResourceDescriptors/*}

GetMonitoredResourceDescriptor Method

GetMonitoredResourceDescriptor

rpc GetMonitoredResourceDescriptor(GetMonitoredResourceDescriptorRequest) returns (MonitoredResourceDescriptor)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.get

The equivalent REST API is:

GET /v4/{name=services/*/monitoredResourceDescriptors/*}

ListMonitoredResourceDescriptors Method

ListMonitoredResourceDescriptors

rpc ListMonitoredResourceDescriptors(ListMonitoredResourceDescriptorsRequest) returns (ListMonitoredResourceDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/monitoredResourceDescriptors.list

The equivalent REST API is:

GET /v4/{parent=services/*}/monitoredResourceDescriptors

MonitoredResourceDescriptor Messages

Here is the list of MonitoredResourceDescriptor resource messages:

MonitoredResourceDescriptor Message

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of MonitoredResourceDescriptor When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-]{2,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
type string Required. The monitored resource type. For example, the type "cloudsql_database" represents databases in Google Cloud SQL. The maximum length of this value is 256 characters.
display_name string Optional. A concise name for the monitored resource type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners. For example, "Google Cloud SQL Database".
description string Optional. A detailed description of the monitored resource type that might be used in documentation.
labels repeated LabelDescriptor Required. A set of labels used to describe instances of this monitored resource type. For example, an individual Google Cloud SQL database is identified by values for the labels "database_id" and "zone".
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations. Metric promoted label sets are combined with MonitoredResource promoted label sets and result in PromotedKeySet. If they are not specified, it will be necessary to specify indices in MetricDescriptor. Otherwise they serve as default value if MetricDescriptor does not describe them.

BatchGetMonitoredResourceDescriptorsRequest Message

A request message of the BatchGetMonitoredResourceDescriptors method.

Name Type Description
names repeated string (name of MonitoredResourceDescriptor) Names of MonitoredResourceDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetMonitoredResourceDescriptorsResponse Message

A response message of the BatchGetMonitoredResourceDescriptors method.

Name Type Description
monitored_resource_descriptors repeated MonitoredResourceDescriptor found MonitoredResourceDescriptors
missing repeated string (name of MonitoredResourceDescriptor) list of not found MonitoredResourceDescriptors

WatchMonitoredResourceDescriptorRequest Message

A request message of the WatchMonitoredResourceDescriptor method.

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of ntt.monitoring.v4.MonitoredResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchMonitoredResourceDescriptorResponse Message

A response message of the WatchMonitoredResourceDescriptor method.

Name Type Description
change MonitoredResourceDescriptorChange

WatchMonitoredResourceDescriptorsRequest Message

A request message of the WatchMonitoredResourceDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of MonitoredResourceDescriptor) Parent name of ntt.monitoring.v4.MonitoredResourceDescriptor
page_size int32 Requested page size. Server may return fewer MonitoredResourceDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of MonitoredResourceDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of MonitoredResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of MonitoredResourceDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to MonitoredResourceDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to MonitoredResourceDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchMonitoredResourceDescriptorsResponse Message

A response message of the WatchMonitoredResourceDescriptors method.

Name Type Description
monitored_resource_descriptor_changes repeated MonitoredResourceDescriptorChange Changes of MonitoredResourceDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All MonitoredResourceDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchMonitoredResourceDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (MonitoredResourceDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchMonitoredResourceDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of MonitoredResourceDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of MonitoredResourceDescriptor) New token to retrieve next page of results.

CreateMonitoredResourceDescriptorRequest Message

A request message of the CreateMonitoredResourceDescriptor method.

Name Type Description
parent string (parent name of MonitoredResourceDescriptor) Parent name of ntt.monitoring.v4.MonitoredResourceDescriptor
monitored_resource_descriptor MonitoredResourceDescriptor MonitoredResourceDescriptor resource body
response_mask CreateMonitoredResourceDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateMonitoredResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateMonitoredResourceDescriptorRequest Message

A request message of the UpdateMonitoredResourceDescriptor method.

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor MonitoredResourceDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateMonitoredResourceDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateMonitoredResourceDescriptorRequest.ResponseMask reduce message response size.

UpdateMonitoredResourceDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state MonitoredResourceDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateMonitoredResourceDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteMonitoredResourceDescriptorRequest Message

A request message of the DeleteMonitoredResourceDescriptor method.

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of ntt.monitoring.v4.MonitoredResourceDescriptor
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetMonitoredResourceDescriptorRequest Message

Request message for method [GetMonitoredResourceDescriptor][ntt.monitoring.v4.GetMonitoredResourceDescriptor]

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of ntt.monitoring.v4.MonitoredResourceDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

ListMonitoredResourceDescriptorsRequest Message

Request message for method [ListMonitoredResourceDescriptors][ntt.monitoring.v4.ListMonitoredResourceDescriptors]

Name Type Description
parent string (parent name of MonitoredResourceDescriptor) Parent name of ntt.monitoring.v4.MonitoredResourceDescriptor
page_size int32 Requested page size. Server may return fewer MonitoredResourceDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of MonitoredResourceDescriptor) A token identifying a page of results the server should return. Typically, this is the value of [ListMonitoredResourceDescriptorsResponse.next_page_token][ntt.monitoring.v4.ListMonitoredResourceDescriptorsResponse.next_page_token]
order_by string (orderBy of MonitoredResourceDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of MonitoredResourceDescriptor) An optional filter describing the descriptors to be returned. The filter can reference the descriptor’s type and labels. For example, the following filter returns only Google Compute Engine descriptors that have an id label: resource.type = starts_with(“gce_”) AND resource.label:id
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListMonitoredResourceDescriptorsResponse Message

Request message for method [ListMonitoredResourceDescriptors][ntt.monitoring.v4.ListMonitoredResourceDescriptors]

Name Type Description
monitored_resource_descriptors repeated MonitoredResourceDescriptor The list of MonitoredResourceDescriptors
prev_page_token string (cursor of MonitoredResourceDescriptor) A token to retrieve previous page of results. Pass this value in the [ListMonitoredResourceDescriptorsRequest.page_token][ntt.monitoring.v4.ListMonitoredResourceDescriptorsRequest.page_token]
next_page_token string (cursor of MonitoredResourceDescriptor) A token to retrieve next page of results. Pass this value in the [ListMonitoredResourceDescriptorsRequest.page_token][ntt.monitoring.v4.ListMonitoredResourceDescriptorsRequest.page_token]
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total MonitoredResourceDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

Notification Resource

Notification Resource

Name patterns:

  • projects/{project}/regions/{region}/alertingPolicies/{alerting_policy}/notifications/{notification}

Parent resources:

This section covers the methods and messages to interact with Notification resource.

Notification Methods

Here is the list of Notification resource methods:

GetNotification Method

GetNotification

rpc GetNotification(GetNotificationRequest) returns (Notification)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.get

The equivalent REST API is:

GET /v4/{name=projects/*/regions/*/alertingPolicies/*/notifications/*}

BatchGetNotifications Method

BatchGetNotifications

rpc BatchGetNotifications(BatchGetNotificationsRequest) returns (BatchGetNotificationsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.batchGet

The equivalent REST API is:

GET /v4/notifications:batchGet

ListNotifications Method

ListNotifications

rpc ListNotifications(ListNotificationsRequest) returns (ListNotificationsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.list

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*/alertingPolicies/*}/notifications

WatchNotification Method

WatchNotification

rpc WatchNotification(WatchNotificationRequest) returns (WatchNotificationResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.watch

The equivalent REST API is:

POST /v4/{name=projects/*/regions/*/alertingPolicies/*/notifications/*}:watch

WatchNotifications Method

WatchNotifications

rpc WatchNotifications(WatchNotificationsRequest) returns (WatchNotificationsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.watch

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*}/notifications:watch

CreateNotification Method

CreateNotification

rpc CreateNotification(CreateNotificationRequest) returns (Notification)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.create

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*/alertingPolicies/*}/notifications (BODY: notification)

UpdateNotification Method

UpdateNotification

rpc UpdateNotification(UpdateNotificationRequest) returns (Notification)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.update

The equivalent REST API is:

PUT /v4/{notification.name=projects/*/regions/*/alertingPolicies/*/notifications/*} (BODY: notification)

DeleteNotification Method

DeleteNotification

rpc DeleteNotification(DeleteNotificationRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notifications.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/regions/*/alertingPolicies/*/notifications/*}

Notification Messages

Here is the list of Notification resource messages:

Notification Message

Name Type Description
name string (name of Notification) Name of Notification When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.:-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
alerts repeated string (name of Alert) References to alerts that are part of this notification TODO: Obsolete and to be retired, in favor of alert_sets
alert_sets repeated Notification.AlertsSet Alerts by notification
state Notification.State

Notification.AlertsSet Message

Name Type Description
condition string (name of AlertingCondition) Condition holding alerts
ids repeated string List of alert IDs.

Notification.State Message

Name Type Description
is_resolved bool
notification_state repeated Notification.State.NotificationState Notification state
incident_notify_attempts_done bool Internal state to keep track of whether any notification sends needs to be retried for new incident
resolution_notify_attempts_done bool Internal state to keep track of whether any notification sends needs to be retried for resolution
alerts_lifetime TimeRange Time range for which alerts for the policy are clubbed together
resolution_notification_state repeated Notification.State.NotificationState
lifecycle_completed bool Alert has ended and any needed notifications are processed

Notification.State.NotificationState Message

Name Type Description
notification_channel string (name of NotificationChannel) Notification channel name
status Notification.State.NotificationState.Status
error string Error message if status is FAILED
provider_data Notification.State.NotificationState.ProviderData Provider specific data. Allows tracking ids of notifications sent to specific channels.
notify_attempts int64

Notification.State.NotificationState.ProviderData Message

Provider specific data

Name Type Description
slack Notification.State.NotificationState.ProviderData.Slack
pager_duty Notification.State.NotificationState.ProviderData.PagerDuty
webhook Notification.State.NotificationState.ProviderData.WebHook

Notification.State.NotificationState.ProviderData.Slack Message

Slack

Name Type Description
ts string

Notification.State.NotificationState.ProviderData.PagerDuty Message

Pager Duty

Name Type Description
incident_key string

Notification.State.NotificationState.ProviderData.WebHook Message

Name Type Description
total_chunks int64
failed_chunks repeated Notification.State.NotificationState.ProviderData.WebHook.FailedChunks

Notification.State.NotificationState.ProviderData.WebHook.FailedChunks Message

Name Type Description
alert_offset int64
error string

GetNotificationRequest Message

A request message of the GetNotification method.

Name Type Description
name string (name of Notification) Name of ntt.monitoring.v4.Notification
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationsRequest Message

A request message of the BatchGetNotifications method.

Name Type Description
names repeated string (name of Notification) Names of Notifications
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationsResponse Message

A response message of the BatchGetNotifications method.

Name Type Description
notifications repeated Notification found Notifications
missing repeated string (name of Notification) list of not found Notifications

ListNotificationsRequest Message

A request message of the ListNotifications method.

Name Type Description
parent string (parent name of Notification) Parent name of ntt.monitoring.v4.Notification
page_size int32 Requested page size. Server may return fewer Notifications than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Notification) A token identifying a page of results the server should return. Typically, this is the value of ListNotificationsResponse.next_page_token.
order_by string (orderBy of Notification) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Notification) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListNotificationsResponse Message

A response message of the ListNotifications method.

Name Type Description
notifications repeated Notification The list of Notifications
prev_page_token string (cursor of Notification) A token to retrieve previous page of results. Pass this value in the ListNotificationsRequest.page_token.
next_page_token string (cursor of Notification) A token to retrieve next page of results. Pass this value in the ListNotificationsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Notifications across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchNotificationRequest Message

A request message of the WatchNotification method.

Name Type Description
name string (name of Notification) Name of ntt.monitoring.v4.Notification
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchNotificationResponse Message

A response message of the WatchNotification method.

Name Type Description
change NotificationChange

WatchNotificationsRequest Message

A request message of the WatchNotifications method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Notification) Parent name of ntt.monitoring.v4.Notification
page_size int32 Requested page size. Server may return fewer Notifications than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Notification) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Notification) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Notification) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Notification that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Notification that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchNotificationsResponse Message

A response message of the WatchNotifications method.

Name Type Description
notification_changes repeated NotificationChange Changes of Notifications
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Notifications will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchNotificationsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Notifications will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchNotificationsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Notification) New token to retrieve previous page of results.
next_page_token string (cursor of Notification) New token to retrieve next page of results.

CreateNotificationRequest Message

A request message of the CreateNotification method.

Name Type Description
parent string (parent name of Notification) Parent name of ntt.monitoring.v4.Notification
notification Notification Notification resource body
response_mask CreateNotificationRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateNotificationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateNotificationRequest Message

A request message of the UpdateNotification method.

Name Type Description
notification Notification Notification resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateNotificationRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateNotificationRequest.ResponseMask reduce message response size.

UpdateNotificationRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Notification Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateNotificationRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteNotificationRequest Message

A request message of the DeleteNotification method.

Name Type Description
name string (name of Notification) Name of ntt.monitoring.v4.Notification
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Notification Enumerations

Here is the list of Notification resource enumerations:

Notification.State.NotificationState.Status Enumeration

Name Description
UNKNOWN
PENDING
FAILED
SUPPRESSED
SENT
DELIVERED Status types that can be used by webhook integrated providers, like PagerDuty.
ACKNOWLEDGED
UNACKNOWLEDGED

NotificationChannel Resource

NotificationChannel Resource

Name patterns:

  • projects/{project}/notificationChannels/{notification_channel}

Parent resources:

This section covers the methods and messages to interact with NotificationChannel resource.

NotificationChannel Methods

Here is the list of NotificationChannel resource methods:

GetNotificationChannel Method

GetNotificationChannel

rpc GetNotificationChannel(GetNotificationChannelRequest) returns (NotificationChannel)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.get

The equivalent REST API is:

GET /v4/{name=projects/*/notificationChannels/*}

BatchGetNotificationChannels Method

BatchGetNotificationChannels

rpc BatchGetNotificationChannels(BatchGetNotificationChannelsRequest) returns (BatchGetNotificationChannelsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.batchGet

The equivalent REST API is:

GET /v4/notificationChannels:batchGet

ListNotificationChannels Method

ListNotificationChannels

rpc ListNotificationChannels(ListNotificationChannelsRequest) returns (ListNotificationChannelsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.list

The equivalent REST API is:

GET /v4/{parent=projects/*}/notificationChannels

WatchNotificationChannel Method

WatchNotificationChannel

rpc WatchNotificationChannel(WatchNotificationChannelRequest) returns (WatchNotificationChannelResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.watch

The equivalent REST API is:

POST /v4/{name=projects/*/notificationChannels/*}:watch

WatchNotificationChannels Method

WatchNotificationChannels

rpc WatchNotificationChannels(WatchNotificationChannelsRequest) returns (WatchNotificationChannelsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.watch

The equivalent REST API is:

POST /v4/{parent=projects/*}/notificationChannels:watch

CreateNotificationChannel Method

CreateNotificationChannel

rpc CreateNotificationChannel(CreateNotificationChannelRequest) returns (NotificationChannel)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.create

The equivalent REST API is:

POST /v4/{parent=projects/*}/notificationChannels (BODY: notification_channel)

UpdateNotificationChannel Method

UpdateNotificationChannel

rpc UpdateNotificationChannel(UpdateNotificationChannelRequest) returns (NotificationChannel)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.update

The equivalent REST API is:

PUT /v4/{notification_channel.name=projects/*/notificationChannels/*} (BODY: notification_channel)

DeleteNotificationChannel Method

DeleteNotificationChannel

rpc DeleteNotificationChannel(DeleteNotificationChannelRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/notificationChannels/*}

TestNotificationChannel Method

TestNotificationChannel

rpc TestNotificationChannel(TestNotificationChannelRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/notificationChannels.test

The equivalent REST API is:

POST /v4/{name=projects/*/notificationChannels/*}:test

NotificationChannel Messages

Here is the list of NotificationChannel resource messages:

NotificationChannel Message

Name Type Description
name string (name of NotificationChannel) Name of NotificationChannel When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
spec NotificationChannel.Spec Specification
state NotificationChannel.State State
description string description

NotificationChannel.Spec Message

Spec of NotificationChannel

Name Type Description
enabled bool Enabled flag. Whether the NotificationChannel is enabled or not. Disabled channels will not be used for alerting.
type NotificationChannel.Spec.Type Type. Corresponding spec should a oneof field.
email NotificationChannel.Spec.Email Email
slack NotificationChannel.Spec.Slack Slack
webhook NotificationChannel.Spec.Webhook
notification_language_code string Default language for invitation is english (eng) Configuring unsupported language will fallback to english Currently only sendgrid uses this.

NotificationChannel.State Message

State of NotificationChannel

Name Type Description
status NotificationChannel.State.Status Status
error NotificationChannel.State.Error Error

NotificationChannel.Spec.Email Message

Email Spec

Name Type Description
addresses repeated string Email Addresses

NotificationChannel.Spec.Slack Message

Slack Spec

Name Type Description
incoming_webhook string Slack Incoming Webhook URL

NotificationChannel.Spec.PagerDuty Message

PagerDuty Spec

Name Type Description
service_key string PagerDuty Service Key

NotificationChannel.Spec.Webhook Message

Webhook Spec

Name Type Description
url string Webhook URL
headers repeated NotificationChannel.Spec.Webhook.Header Headers
notification_mask .google.protobuf.FieldMask Notification mask contains list of fields to include in the message. Notification consists of following fields: * “project” -> See monitoring.edgelq.com/Project protobuf spec for subfields * “organization” -> See iam.edgelq.com/Project protobuf spec for subfields * “alertingPolicy” -> See monitoring.edgelq.com/AlertingPolicy protobuf spec for subfields * “notification” -> See monitoring.edgelq.com/Notification protobuf spec for subfields * “events” -> Array of events, each item has subfields: * “alertingCondition” -> See monitoring.edgelq.com/AlertingCondition protobuf spec for subfields * “metricDescriptor” -> See monitoring.edgelq.com/MetricDescriptor protobuf spec for subfields * “monitoredResourceDescriptor” -> See monitoring.edgelq.com/MonitoredResourceDescriptor protobuf spec for subfields * “alerts” -> Array of monitoring.edgelq.com/Alert instances, see protobuf spec for subfields. If notification_mask is not specified, following default is applied: * “project.name” * “project.title” * “organization.name” * “organization.title” * “events.alertingCondition.name” * “events.alertingCondition.displayName” * “events.alertingCondition.spec” * “events.metricDescriptor.name” * “events.metricDescriptor.displayName” * “events.metricDescriptor.type” * “events.metricDescriptor.labels” * “events.metricDescriptor.metricKind” * “events.metricDescriptor.valueType” * “events.metricDescriptor.unit” * “events.alerts.name” * “events.alerts.displayName” * “events.alerts.info.timeSerie.key” * “events.alerts.info.timeSerie.metric” * “events.alerts.info.timeSerie.monitoredResource” * “events.alerts.info.observedValues” * “events.alerts.state”
max_message_size_mb double default is 0 means all the alerts in a notification are sent in single request. Breaking into multiple messages may be significantly slower than sending a single message. For example, to use 250KB chunks, set 0.25 MB

NotificationChannel.Spec.Webhook.Header Message

Header

Name Type Description
key string
value string

NotificationChannel.State.Error Message

Error of NotificationChannel

Name Type Description
time .google.protobuf.Timestamp
message string

GetNotificationChannelRequest Message

A request message of the GetNotificationChannel method.

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v4.NotificationChannel
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationChannelsRequest Message

A request message of the BatchGetNotificationChannels method.

Name Type Description
names repeated string (name of NotificationChannel) Names of NotificationChannels
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetNotificationChannelsResponse Message

A response message of the BatchGetNotificationChannels method.

Name Type Description
notification_channels repeated NotificationChannel found NotificationChannels
missing repeated string (name of NotificationChannel) list of not found NotificationChannels

ListNotificationChannelsRequest Message

A request message of the ListNotificationChannels method.

Name Type Description
parent string (parent name of NotificationChannel) Parent name of ntt.monitoring.v4.NotificationChannel
page_size int32 Requested page size. Server may return fewer NotificationChannels than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of NotificationChannel) A token identifying a page of results the server should return. Typically, this is the value of ListNotificationChannelsResponse.next_page_token.
order_by string (orderBy of NotificationChannel) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of NotificationChannel) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListNotificationChannelsResponse Message

A response message of the ListNotificationChannels method.

Name Type Description
notification_channels repeated NotificationChannel The list of NotificationChannels
prev_page_token string (cursor of NotificationChannel) A token to retrieve previous page of results. Pass this value in the ListNotificationChannelsRequest.page_token.
next_page_token string (cursor of NotificationChannel) A token to retrieve next page of results. Pass this value in the ListNotificationChannelsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total NotificationChannels across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchNotificationChannelRequest Message

A request message of the WatchNotificationChannel method.

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v4.NotificationChannel
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchNotificationChannelResponse Message

A response message of the WatchNotificationChannel method.

Name Type Description
change NotificationChannelChange

WatchNotificationChannelsRequest Message

A request message of the WatchNotificationChannels method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of NotificationChannel) Parent name of ntt.monitoring.v4.NotificationChannel
page_size int32 Requested page size. Server may return fewer NotificationChannels than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of NotificationChannel) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of NotificationChannel) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of NotificationChannel) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to NotificationChannel that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to NotificationChannel that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchNotificationChannelsResponse Message

A response message of the WatchNotificationChannels method.

Name Type Description
notification_channel_changes repeated NotificationChannelChange Changes of NotificationChannels
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All NotificationChannels will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchNotificationChannelsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (NotificationChannels will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchNotificationChannelsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of NotificationChannel) New token to retrieve previous page of results.
next_page_token string (cursor of NotificationChannel) New token to retrieve next page of results.

CreateNotificationChannelRequest Message

A request message of the CreateNotificationChannel method.

Name Type Description
parent string (parent name of NotificationChannel) Parent name of ntt.monitoring.v4.NotificationChannel
notification_channel NotificationChannel NotificationChannel resource body
response_mask CreateNotificationChannelRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateNotificationChannelRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateNotificationChannelRequest Message

A request message of the UpdateNotificationChannel method.

Name Type Description
notification_channel NotificationChannel NotificationChannel resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateNotificationChannelRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateNotificationChannelRequest.ResponseMask reduce message response size.

UpdateNotificationChannelRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state NotificationChannel Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateNotificationChannelRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteNotificationChannelRequest Message

A request message of the DeleteNotificationChannel method.

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v4.NotificationChannel
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

TestNotificationChannelRequest Message

Request message for method [TestNotificationChannel][ntt.monitoring.v4.TestNotificationChannel]

Name Type Description
name string (name of NotificationChannel) Name of ntt.monitoring.v4.NotificationChannel

NotificationChannel Enumerations

Here is the list of NotificationChannel resource enumerations:

NotificationChannel.Spec.Type Enumeration

Type of NotificationChannel

Name Description
TYPE_UNSPECIFIED Type is unknown
EMAIL Email NotificationChannel
SLACK Slack NotificationChannel
WEBHOOK Webhook NotificationChannel

NotificationChannel.State.Status Enumeration

State of NotificationChannel

Name Description
STATE_UNSPECIFIED State is unknown
ACTIVE NotificationChannel is active
DISABLED NotificationChannel is disabled
ERROR Error of NotificationChannel

PhantomTimeSerie Resource

PhantomTimeSerie Resource

Name patterns:

  • projects/{project}/regions/{region}/phantomTimeSeries/{phantom_time_serie}

Parent resources:

This section covers the methods and messages to interact with PhantomTimeSerie resource.

PhantomTimeSerie Methods

Here is the list of PhantomTimeSerie resource methods:

GetPhantomTimeSerie Method

GetPhantomTimeSerie

rpc GetPhantomTimeSerie(GetPhantomTimeSerieRequest) returns (PhantomTimeSerie)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.get

The equivalent REST API is:

GET /v4/{name=projects/*/regions/*/phantomTimeSeries/*}

BatchGetPhantomTimeSeries Method

BatchGetPhantomTimeSeries

rpc BatchGetPhantomTimeSeries(BatchGetPhantomTimeSeriesRequest) returns (BatchGetPhantomTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.batchGet

The equivalent REST API is:

GET /v4/phantomTimeSeries:batchGet

ListPhantomTimeSeries Method

ListPhantomTimeSeries

rpc ListPhantomTimeSeries(ListPhantomTimeSeriesRequest) returns (ListPhantomTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.list

The equivalent REST API is:

GET /v4/{parent=projects/*/regions/*}/phantomTimeSeries

WatchPhantomTimeSerie Method

WatchPhantomTimeSerie

rpc WatchPhantomTimeSerie(WatchPhantomTimeSerieRequest) returns (WatchPhantomTimeSerieResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.watch

The equivalent REST API is:

POST /v4/{name=projects/*/regions/*/phantomTimeSeries/*}:watch

WatchPhantomTimeSeries Method

WatchPhantomTimeSeries

rpc WatchPhantomTimeSeries(WatchPhantomTimeSeriesRequest) returns (WatchPhantomTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.watch

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*}/phantomTimeSeries:watch

CreatePhantomTimeSerie Method

CreatePhantomTimeSerie

rpc CreatePhantomTimeSerie(CreatePhantomTimeSerieRequest) returns (PhantomTimeSerie)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.create

The equivalent REST API is:

POST /v4/{parent=projects/*/regions/*}/phantomTimeSeries (BODY: phantom_time_serie)

UpdatePhantomTimeSerie Method

UpdatePhantomTimeSerie

rpc UpdatePhantomTimeSerie(UpdatePhantomTimeSerieRequest) returns (PhantomTimeSerie)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.update

The equivalent REST API is:

PUT /v4/{phantom_time_serie.name=projects/*/regions/*/phantomTimeSeries/*} (BODY: phantom_time_serie)

DeletePhantomTimeSerie Method

DeletePhantomTimeSerie

rpc DeletePhantomTimeSerie(DeletePhantomTimeSerieRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/phantomTimeSeries.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/regions/*/phantomTimeSeries/*}

PhantomTimeSerie Messages

Here is the list of PhantomTimeSerie resource messages:

PhantomTimeSerie Message

Name Type Description
name string (name of PhantomTimeSerie) Name of PhantomTimeSerie When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w+/=]{1,256}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
key bytes TimeSerie key identifies unique TimeSeries tuple: <project, metric.type, metric.labels, resource.type, resource.labels> Kind/ValueType are not present in key Key is not to be decoded outside of service, but treated as opaque string
project string Internal use - for bulk reporting of TimeSeries
metric Metric The associated metric. A fully-specified metric used to identify the time series. This field cannot be updated, can be only set during creation.
resource MonitoredResource The associated monitored resource. Custom metrics can use only certain monitored resource types in their time series data. This field cannot be updated, can be only set during creation.
metric_kind MetricDescriptor.MetricKind The metric kind of the time series. When listing time series, this metric kind might be different from the metric kind of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the metric kind of the associated metric. If the associated metric’s descriptor must be auto-created, then this field specifies the metric kind of the new descriptor and must be either GAUGE (the default) or CUMULATIVE.
value_type MetricDescriptor.ValueType The value type of the time series. When listing time series, this value type might be different from the value type of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the type of the data in the points field.
value TypedValue Phantom value

GetPhantomTimeSerieRequest Message

A request message of the GetPhantomTimeSerie method.

Name Type Description
name string (name of PhantomTimeSerie) Name of ntt.monitoring.v4.PhantomTimeSerie
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPhantomTimeSeriesRequest Message

A request message of the BatchGetPhantomTimeSeries method.

Name Type Description
names repeated string (name of PhantomTimeSerie) Names of PhantomTimeSeries
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetPhantomTimeSeriesResponse Message

A response message of the BatchGetPhantomTimeSeries method.

Name Type Description
phantom_time_series repeated PhantomTimeSerie found PhantomTimeSeries
missing repeated string (name of PhantomTimeSerie) list of not found PhantomTimeSeries

ListPhantomTimeSeriesRequest Message

A request message of the ListPhantomTimeSeries method.

Name Type Description
parent string (parent name of PhantomTimeSerie) Parent name of ntt.monitoring.v4.PhantomTimeSerie
page_size int32 Requested page size. Server may return fewer PhantomTimeSeries than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of PhantomTimeSerie) A token identifying a page of results the server should return. Typically, this is the value of ListPhantomTimeSeriesResponse.next_page_token.
order_by string (orderBy of PhantomTimeSerie) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of PhantomTimeSerie) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListPhantomTimeSeriesResponse Message

A response message of the ListPhantomTimeSeries method.

Name Type Description
phantom_time_series repeated PhantomTimeSerie The list of PhantomTimeSeries
prev_page_token string (cursor of PhantomTimeSerie) A token to retrieve previous page of results. Pass this value in the ListPhantomTimeSeriesRequest.page_token.
next_page_token string (cursor of PhantomTimeSerie) A token to retrieve next page of results. Pass this value in the ListPhantomTimeSeriesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total PhantomTimeSeries across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchPhantomTimeSerieRequest Message

A request message of the WatchPhantomTimeSerie method.

Name Type Description
name string (name of PhantomTimeSerie) Name of ntt.monitoring.v4.PhantomTimeSerie
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchPhantomTimeSerieResponse Message

A response message of the WatchPhantomTimeSerie method.

Name Type Description
change PhantomTimeSerieChange

WatchPhantomTimeSeriesRequest Message

A request message of the WatchPhantomTimeSeries method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of PhantomTimeSerie) Parent name of ntt.monitoring.v4.PhantomTimeSerie
page_size int32 Requested page size. Server may return fewer PhantomTimeSeries than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of PhantomTimeSerie) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of PhantomTimeSerie) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of PhantomTimeSerie) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to PhantomTimeSerie that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to PhantomTimeSerie that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchPhantomTimeSeriesResponse Message

A response message of the WatchPhantomTimeSeries method.

Name Type Description
phantom_time_serie_changes repeated PhantomTimeSerieChange Changes of PhantomTimeSeries
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All PhantomTimeSeries will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchPhantomTimeSeriesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (PhantomTimeSeries will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchPhantomTimeSeriesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of PhantomTimeSerie) New token to retrieve previous page of results.
next_page_token string (cursor of PhantomTimeSerie) New token to retrieve next page of results.

CreatePhantomTimeSerieRequest Message

A request message of the CreatePhantomTimeSerie method.

Name Type Description
parent string (parent name of PhantomTimeSerie) Parent name of ntt.monitoring.v4.PhantomTimeSerie
phantom_time_serie PhantomTimeSerie PhantomTimeSerie resource body
response_mask CreatePhantomTimeSerieRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreatePhantomTimeSerieRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdatePhantomTimeSerieRequest Message

A request message of the UpdatePhantomTimeSerie method.

Name Type Description
phantom_time_serie PhantomTimeSerie PhantomTimeSerie resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdatePhantomTimeSerieRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdatePhantomTimeSerieRequest.ResponseMask reduce message response size.

UpdatePhantomTimeSerieRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state PhantomTimeSerie Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdatePhantomTimeSerieRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeletePhantomTimeSerieRequest Message

A request message of the DeletePhantomTimeSerie method.

Name Type Description
name string (name of PhantomTimeSerie) Name of ntt.monitoring.v4.PhantomTimeSerie
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v4/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v4/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v4/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v4/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v4/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v4/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v4/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
title string
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
multi_region_policy MultiRegionPolicy Multi region policy

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.monitoring.v4.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.monitoring.v4.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.monitoring.v4.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

RecoveryStoreShardingInfo Resource

RecoveryStoreShardingInfo Resource

Name patterns:

  • regions/{region}/recoveryStoreShardingInfos/{recovery_store_sharding_info}

This section covers the methods and messages to interact with RecoveryStoreShardingInfo resource.

RecoveryStoreShardingInfo Methods

Here is the list of RecoveryStoreShardingInfo resource methods:

GetRecoveryStoreShardingInfo Method

GetRecoveryStoreShardingInfo

rpc GetRecoveryStoreShardingInfo(GetRecoveryStoreShardingInfoRequest) returns (RecoveryStoreShardingInfo)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.get

The equivalent REST API is:

GET /v4/{name=regions/*/recoveryStoreShardingInfos/*}

BatchGetRecoveryStoreShardingInfos Method

BatchGetRecoveryStoreShardingInfos

rpc BatchGetRecoveryStoreShardingInfos(BatchGetRecoveryStoreShardingInfosRequest) returns (BatchGetRecoveryStoreShardingInfosResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.batchGet

The equivalent REST API is:

GET /v4/recoveryStoreShardingInfos:batchGet

ListRecoveryStoreShardingInfos Method

ListRecoveryStoreShardingInfos

rpc ListRecoveryStoreShardingInfos(ListRecoveryStoreShardingInfosRequest) returns (ListRecoveryStoreShardingInfosResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.list

The equivalent REST API is:

GET /v4/{parent=regions/*}/recoveryStoreShardingInfos

WatchRecoveryStoreShardingInfo Method

WatchRecoveryStoreShardingInfo

rpc WatchRecoveryStoreShardingInfo(WatchRecoveryStoreShardingInfoRequest) returns (WatchRecoveryStoreShardingInfoResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.watch

The equivalent REST API is:

POST /v4/{name=regions/*/recoveryStoreShardingInfos/*}:watch

WatchRecoveryStoreShardingInfos Method

WatchRecoveryStoreShardingInfos

rpc WatchRecoveryStoreShardingInfos(WatchRecoveryStoreShardingInfosRequest) returns (WatchRecoveryStoreShardingInfosResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.watch

The equivalent REST API is:

POST /v4/{parent=regions/*}/recoveryStoreShardingInfos:watch

CreateRecoveryStoreShardingInfo Method

CreateRecoveryStoreShardingInfo

rpc CreateRecoveryStoreShardingInfo(CreateRecoveryStoreShardingInfoRequest) returns (RecoveryStoreShardingInfo)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.create

The equivalent REST API is:

POST /v4/{parent=regions/*}/recoveryStoreShardingInfos (BODY: recovery_store_sharding_info)

UpdateRecoveryStoreShardingInfo Method

UpdateRecoveryStoreShardingInfo

rpc UpdateRecoveryStoreShardingInfo(UpdateRecoveryStoreShardingInfoRequest) returns (RecoveryStoreShardingInfo)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.update

The equivalent REST API is:

PUT /v4/{recovery_store_sharding_info.name=regions/*/recoveryStoreShardingInfos/*} (BODY: recovery_store_sharding_info)

DeleteRecoveryStoreShardingInfo Method

DeleteRecoveryStoreShardingInfo

rpc DeleteRecoveryStoreShardingInfo(DeleteRecoveryStoreShardingInfoRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/recoveryStoreShardingInfos.delete

The equivalent REST API is:

DELETE /v4/{name=regions/*/recoveryStoreShardingInfos/*}

RecoveryStoreShardingInfo Messages

Here is the list of RecoveryStoreShardingInfo resource messages:

RecoveryStoreShardingInfo Message

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of RecoveryStoreShardingInfo When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-zA-Z0-9_.-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
validity_period RecoveryStoreShardingInfo.ValidityPeriod Period during which this sharding spec is valid.
spec RecoveryStoreShardingInfo.ShardingSpec Sharding spec for given validity period.

RecoveryStoreShardingInfo.ValidityPeriod Message

Validity period specifies for which period of time this sharding spec is valid.

Name Type Description
start_time .google.protobuf.Timestamp Start time of validity period.
end_time .google.protobuf.Timestamp End time of validity period.

RecoveryStoreShardingInfo.ShardingSpec Message

Sharding spec defines how time series points is divided across two dimensions: key (shards_count) and time (ts_blob_period).

Name Type Description
ts_blob_period .google.protobuf.Duration Defines period of time series points in a single blob.
shards_count uint32s Number of shards (by key) in given shard period

GetRecoveryStoreShardingInfoRequest Message

A request message of the GetRecoveryStoreShardingInfo method.

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of ntt.monitoring.v4.RecoveryStoreShardingInfo
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRecoveryStoreShardingInfosRequest Message

A request message of the BatchGetRecoveryStoreShardingInfos method.

Name Type Description
names repeated string (name of RecoveryStoreShardingInfo) Names of RecoveryStoreShardingInfos
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetRecoveryStoreShardingInfosResponse Message

A response message of the BatchGetRecoveryStoreShardingInfos method.

Name Type Description
recovery_store_sharding_infos repeated RecoveryStoreShardingInfo found RecoveryStoreShardingInfos
missing repeated string (name of RecoveryStoreShardingInfo) list of not found RecoveryStoreShardingInfos

ListRecoveryStoreShardingInfosRequest Message

A request message of the ListRecoveryStoreShardingInfos method.

Name Type Description
parent string (parent name of RecoveryStoreShardingInfo) Parent name of ntt.monitoring.v4.RecoveryStoreShardingInfo
page_size int32 Requested page size. Server may return fewer RecoveryStoreShardingInfos than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of RecoveryStoreShardingInfo) A token identifying a page of results the server should return. Typically, this is the value of ListRecoveryStoreShardingInfosResponse.next_page_token.
order_by string (orderBy of RecoveryStoreShardingInfo) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of RecoveryStoreShardingInfo) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListRecoveryStoreShardingInfosResponse Message

A response message of the ListRecoveryStoreShardingInfos method.

Name Type Description
recovery_store_sharding_infos repeated RecoveryStoreShardingInfo The list of RecoveryStoreShardingInfos
prev_page_token string (cursor of RecoveryStoreShardingInfo) A token to retrieve previous page of results. Pass this value in the ListRecoveryStoreShardingInfosRequest.page_token.
next_page_token string (cursor of RecoveryStoreShardingInfo) A token to retrieve next page of results. Pass this value in the ListRecoveryStoreShardingInfosRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total RecoveryStoreShardingInfos across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchRecoveryStoreShardingInfoRequest Message

A request message of the WatchRecoveryStoreShardingInfo method.

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of ntt.monitoring.v4.RecoveryStoreShardingInfo
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchRecoveryStoreShardingInfoResponse Message

A response message of the WatchRecoveryStoreShardingInfo method.

Name Type Description
change RecoveryStoreShardingInfoChange

WatchRecoveryStoreShardingInfosRequest Message

A request message of the WatchRecoveryStoreShardingInfos method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of RecoveryStoreShardingInfo) Parent name of ntt.monitoring.v4.RecoveryStoreShardingInfo
page_size int32 Requested page size. Server may return fewer RecoveryStoreShardingInfos than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of RecoveryStoreShardingInfo) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of RecoveryStoreShardingInfo) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of RecoveryStoreShardingInfo) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to RecoveryStoreShardingInfo that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to RecoveryStoreShardingInfo that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchRecoveryStoreShardingInfosResponse Message

A response message of the WatchRecoveryStoreShardingInfos method.

Name Type Description
recovery_store_sharding_info_changes repeated RecoveryStoreShardingInfoChange Changes of RecoveryStoreShardingInfos
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All RecoveryStoreShardingInfos will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchRecoveryStoreShardingInfosResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (RecoveryStoreShardingInfos will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchRecoveryStoreShardingInfosResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of RecoveryStoreShardingInfo) New token to retrieve previous page of results.
next_page_token string (cursor of RecoveryStoreShardingInfo) New token to retrieve next page of results.

CreateRecoveryStoreShardingInfoRequest Message

A request message of the CreateRecoveryStoreShardingInfo method.

Name Type Description
parent string (parent name of RecoveryStoreShardingInfo) Parent name of ntt.monitoring.v4.RecoveryStoreShardingInfo
recovery_store_sharding_info RecoveryStoreShardingInfo RecoveryStoreShardingInfo resource body
response_mask CreateRecoveryStoreShardingInfoRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateRecoveryStoreShardingInfoRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateRecoveryStoreShardingInfoRequest Message

A request message of the UpdateRecoveryStoreShardingInfo method.

Name Type Description
recovery_store_sharding_info RecoveryStoreShardingInfo RecoveryStoreShardingInfo resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateRecoveryStoreShardingInfoRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateRecoveryStoreShardingInfoRequest.ResponseMask reduce message response size.

UpdateRecoveryStoreShardingInfoRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state RecoveryStoreShardingInfo Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateRecoveryStoreShardingInfoRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteRecoveryStoreShardingInfoRequest Message

A request message of the DeleteRecoveryStoreShardingInfo method.

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of ntt.monitoring.v4.RecoveryStoreShardingInfo
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

TimeSerie Resource

TimeSerie Resource

Name patterns:

  • projects/{project}/timeSeries/{time_serie}
  • projects/{project}/regions/{region}/buckets/{bucket}/timeSeries/{time_serie}

Parent resources:

This section covers the methods and messages to interact with TimeSerie resource.

TimeSerie Methods

Here is the list of TimeSerie resource methods:

ListTimeSeries Method

ListTimeSeries

rpc ListTimeSeries(ListTimeSeriesRequest) returns (ListTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.list

The equivalent REST API is:

GET /v4/{parent=projects/*}/timeSeries 

GET /v4/{parent=projects/*/regions/*/buckets/*}/timeSeries

QueryProjectTimeSeriesStats Method

QueryProjectTimeSeriesStats

rpc QueryProjectTimeSeriesStats(QueryProjectTimeSeriesStatsRequest) returns (QueryProjectTimeSeriesStatsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.queryProjectStats

The equivalent REST API is:

GET /v4/{project=projects/*}/timeSeries

QueryServiceTimeSeriesStats Method

QueryServiceTimeSeriesStats

rpc QueryServiceTimeSeriesStats(QueryServiceTimeSeriesStatsRequest) returns (QueryServiceTimeSeriesStatsResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.queryServiceStats

The equivalent REST API is:

GET /v4/{service=services/*}/timeSeries

CreateTimeSeries Method

CreateTimeSeries

rpc CreateTimeSeries(CreateTimeSeriesRequest) returns (CreateTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.create

The equivalent REST API is:

POST /v4/{parent=projects/*}/timeSeries (BODY: time_series)

POST /v4/{parent=projects/*/regions/*/buckets/*}/timeSeries

WatchTimeSeries Method

WatchTimeSeries

rpc WatchTimeSeries(WatchTimeSeriesRequest) returns (WatchTimeSeriesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeries.watch

The equivalent REST API is:

POST /v4:watch

TimeSerie Messages

Here is the list of TimeSerie resource messages:

TimeSerie Message

Name Type Description
key bytes TimeSerie key identifies unique TimeSeries tuple: <project, region, metric.type, metric.labels, resource.type, resource.labels, unit> Kind/ValueType are not present in key Key is not to be decoded outside of service, but treated as opaque string Specific key is valid and understood only in single region only. If time serie is created by merging from multiple regions, key must be ignore.
project string Internal use - for bulk reporting of TimeSeries
region string Region ID associated with time serie.
unit string Unit taken from MetricDescriptor (metric.type field). It does not need to be populated during creation (it is derived). It may be modified by certain queries (COUNT will switch unit to “1”, ALIGN_RATE will append “/s”.
metric Metric The associated metric. A fully-specified metric used to identify the time series.
resource MonitoredResource The associated monitored resource. Custom metrics can use only certain monitored resource types in their time series data.
metric_kind MetricDescriptor.MetricKind The metric kind of the time series. When listing time series, this metric kind might be different from the metric kind of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the metric kind of the associated metric. If the associated metric’s descriptor must be auto-created, then this field specifies the metric kind of the new descriptor and must be either GAUGE (the default) or CUMULATIVE.
value_type MetricDescriptor.ValueType The value type of the time series. When listing time series, this value type might be different from the value type of the associated metric if this time series is an alignment or reduction of other time series. When creating a time series, this field is optional. If present, it must be the same as the type of the data in the points field.
points repeated Point The data points of this time series. When listing time series, points are returned in reverse time order. When creating a time series, this field must contain exactly one point and the point’s type must be the same as the value type of the associated metric. If the associated metric’s descriptor must be auto-created, then the value type of the descriptor is determined by the point’s type, which must be BOOL, INT64, DOUBLE, or DISTRIBUTION.

ListTimeSeriesRequest Message

Request message for method [ListTimeSeries][ntt.monitoring.v4.ListTimeSeries]

Name Type Description
parent string The project on which to execute the request. The format is “projects/{project_id}”, or “projects/{project_id}/regions/{region_id}/buckets/{bucket_id}”
filter string (filter of TimeSerie) A monitoring filter that specifies which time series should be returned. The filter must specify a single metric type, and can additionally specify metric labels and other information. For example: metric.type = “compute.googleapis.com/instance/cpu/usage_time” AND metric.label.instance_name = “my-instance-name”
interval TimeInterval The time interval for which results should be returned. Only time series that contain data points in the specified interval are included in the response.
aggregation Aggregation Instructs how to transform individual time series (aligner) and combine them together (reducer, group by fields). Cannot be used with pagination, as pagination exactly defines aggregation. Query will be rejected if it touches too many time series.
pagination Pagination Picks paginated time series according to pre-defined (in metric descriptor) view and function. Cannot be used with aggregation, because pagination view and function determines time series transformation and sorting.
view TimeSeriesView Specifies which information is returned about the time series.
field_mask .google.protobuf.FieldMask view list mask. Optimize network usage and limit returned header fields to a required subset. example fields in field mask: - “key”: for later caching, - “resource.labels.project_id”, “resource.labels.instance_name”, etc - specific labels only - “resource”, “metric”: all resource labels, reduced_labels and type NOTE: points are added implicitly
points_cap int32 A positive number that is the maximum number of Points to return. If points_cap is empty or more than 100,000 results, the effective points_cap is 100,000 results. If view is set to HEADERS, this is the maximum number of TimeSeries returned.
continuation_token string If this field is not empty then it must contain the continuation_token value returned by a previous call to this method. Using this field causes the method to return additional results from the previous method call.

ListTimeSeriesResponse Message

Response message for method [ListTimeSeries][ntt.monitoring.v4.ListTimeSeries]

Name Type Description
time_series repeated TimeSerie One or more time series that match the filter included in the request.
execution_errors repeated Status Query execution errors that may have caused the time series data returned to be incomplete.
continuation_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as continuation_token in the next call to this method.
total_point_counters repeated TimeSerie Special time series with total amount of records available for pagination by given time series key. Metric/Resource labels will contain “common” values shared by all ranked time series. ValueType will be always INT64 and metricKind GAUGE. In a sense, this time series is execution of ListTimeSeries with Aggregation = {groupByFields: [<viewPaginatedLabels>], REDUCER: REDUCE_COUNT} This field is only populated for paginated queries (pagination in ListTimeSeries is specified).

ListTimeSeriesResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

QueryProjectTimeSeriesStatsRequest Message

Response message for method [QueryProjectTimeSeriesStats][ntt.monitoring.v4.QueryProjectTimeSeriesStats]

Name Type Description
project string (name of Project)
service string Service domain for which we request stats, for example “devices.edgelq.com”
region_id string Region ID from which to get metrics
ap .google.protobuf.Duration Aggregation alignment period
interval TimeInterval The time interval for which results should be returned.
page_size int32 A positive number that is the maximum number of results to return. If page_size is empty or more than 100,000 results, the effective page_size is 100,000 results.
page_token string If this field is not empty then it must contain the nextPageToken value returned by a previous call to this method. Using this field causes the method to return additional results from the previous method call.
query StatsQuery

QueryProjectTimeSeriesStatsResponse Message

Response message for method [QueryProjectTimeSeriesStats][ntt.monitoring.v4.QueryProjectTimeSeriesStats]

Name Type Description
time_series repeated TimeSerie One or more time series that match the request.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the time series data returned to be incomplete.

QueryProjectTimeSeriesStatsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

QueryServiceTimeSeriesStatsRequest Message

Response message for method [QueryServiceTimeSeriesStats][ntt.monitoring.v4.QueryServiceTimeSeriesStats]

Name Type Description
service string (name of Service)
region_id string Region ID from which stats should e obtained
ap .google.protobuf.Duration
interval TimeInterval The time interval for which results should be returned.
page_size int32 A positive number that is the maximum number of results to return. If page_size is empty or more than 100,000 results, the effective page_size is 100,000 results.
page_token string If this field is not empty then it must contain the nextPageToken value returned by a previous call to this method. Using this field causes the method to return additional results from the previous method call.
user_project_ids repeated string Optional list of user projects for which we want to get stats. If provided, statistics will be grouped by them.
query StatsQuery

QueryServiceTimeSeriesStatsResponse Message

Response message for method [QueryServiceTimeSeriesStats][ntt.monitoring.v4.QueryServiceTimeSeriesStats]

Name Type Description
time_series repeated TimeSerie One or more time series that match the request.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the time series data returned to be incomplete.

QueryServiceTimeSeriesStatsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreateTimeSeriesRequest Message

Request message for method [CreateTimeSeries][ntt.monitoring.v4.CreateTimeSeries]

Name Type Description
parent string The project on which to execute the request. The format is “projects/{project_id}”, or “projects/{project_id}/regions/{region_id}/buckets/{bucket_id}”
time_series repeated TimeSerie The new data to be added to a list of time series. Adds at most one data point to each of several time series. The new data point must be more recent than any other point in its time series. Each TimeSeries value must fully specify a unique time series by supplying all label values for the metric and the monitored resource.

CreateTimeSeriesResponse Message

Response message for method [CreateTimeSeries][ntt.monitoring.v4.CreateTimeSeries]

Name Type Description
time_serie_keys map<uint32s, bytes> Time Serie keys indexed by Create position - present only when given TimeSerie didn’t use Key field
failed_time_series repeated CreateTimeSeriesError Time series that failed to be created

WatchTimeSeriesRequest Message

Name Type Description
parent string The project on which to execute the request. The format is “projects/{project_id}”, or “projects/{project_id}/regions/{region_id}/buckets/{bucket_id}”
filter string (filter of TimeSerie) A monitoring filter that specifies which time series should be returned. The filter must specify a single metric type, and can additionally specify metric labels and other information. For example: metric.type = “compute.googleapis.com/instance/cpu/usage_time” AND metric.label.instance_name = “my-instance-name”
aggregation Aggregation Instructs how to transform individual time series (aligner) and combine them together (reducer, group by fields).
snapshot_interval_to_fetch .google.protobuf.Duration Amount of past data to fetch when new time series key appears (not present in current session). For example: If client lost previous watch session for 15 minutes, they can set this field value to 15 minutes duration + 1 extra AlignmentPeriod value just in case. Initial time series in response will contain extra past data. Once specific TimeSeries key was already observed, further values will be coming only from realtime watch. This field has lower priority than starting_time!
starting_time .google.protobuf.Timestamp For every new unique time series key monitoring will try to fetch past data from given starting time. This is useful for recovery purposes, if client has lost previous watch session. Once snapshot is retrieved for given key, further data will contain live updates. This field takes priority over snapshot_interval_to_fetch.

WatchTimeSeriesResponse Message

Name Type Description
time_series repeated TimeSerie

TimeSeriesCollectionRule Resource

TimeSeriesCollectionRule Resource is a persistent WatchTimeSeries session registered on the server side. It collects time series according to the specified filter/aggregation, and within a project where rule is. Sink resource can be from different project.

Name patterns:

  • projects/{project}/timeSeriesCollectionRules/{time_series_collection_rule}

Parent resources:

This section covers the methods and messages to interact with TimeSeriesCollectionRule resource.

TimeSeriesCollectionRule Methods

Here is the list of TimeSeriesCollectionRule resource methods:

GetTimeSeriesCollectionRule Method

GetTimeSeriesCollectionRule

rpc GetTimeSeriesCollectionRule(GetTimeSeriesCollectionRuleRequest) returns (TimeSeriesCollectionRule)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.get

The equivalent REST API is:

GET /v4/{name=projects/*/timeSeriesCollectionRules/*}

BatchGetTimeSeriesCollectionRules Method

BatchGetTimeSeriesCollectionRules

rpc BatchGetTimeSeriesCollectionRules(BatchGetTimeSeriesCollectionRulesRequest) returns (BatchGetTimeSeriesCollectionRulesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.batchGet

The equivalent REST API is:

GET /v4/timeSeriesCollectionRules:batchGet

ListTimeSeriesCollectionRules Method

ListTimeSeriesCollectionRules

rpc ListTimeSeriesCollectionRules(ListTimeSeriesCollectionRulesRequest) returns (ListTimeSeriesCollectionRulesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.list

The equivalent REST API is:

GET /v4/{parent=projects/*}/timeSeriesCollectionRules

WatchTimeSeriesCollectionRule Method

WatchTimeSeriesCollectionRule

rpc WatchTimeSeriesCollectionRule(WatchTimeSeriesCollectionRuleRequest) returns (WatchTimeSeriesCollectionRuleResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.watch

The equivalent REST API is:

POST /v4/{name=projects/*/timeSeriesCollectionRules/*}:watch

WatchTimeSeriesCollectionRules Method

WatchTimeSeriesCollectionRules

rpc WatchTimeSeriesCollectionRules(WatchTimeSeriesCollectionRulesRequest) returns (WatchTimeSeriesCollectionRulesResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.watch

The equivalent REST API is:

POST /v4/{parent=projects/*}/timeSeriesCollectionRules:watch

CreateTimeSeriesCollectionRule Method

CreateTimeSeriesCollectionRule

rpc CreateTimeSeriesCollectionRule(CreateTimeSeriesCollectionRuleRequest) returns (TimeSeriesCollectionRule)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.create

The equivalent REST API is:

POST /v4/{parent=projects/*}/timeSeriesCollectionRules (BODY: time_series_collection_rule)

UpdateTimeSeriesCollectionRule Method

UpdateTimeSeriesCollectionRule

rpc UpdateTimeSeriesCollectionRule(UpdateTimeSeriesCollectionRuleRequest) returns (TimeSeriesCollectionRule)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.update

The equivalent REST API is:

PUT /v4/{time_series_collection_rule.name=projects/*/timeSeriesCollectionRules/*} (BODY: time_series_collection_rule)

DeleteTimeSeriesCollectionRule Method

DeleteTimeSeriesCollectionRule

rpc DeleteTimeSeriesCollectionRule(DeleteTimeSeriesCollectionRuleRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesCollectionRules.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/timeSeriesCollectionRules/*}

TimeSeriesCollectionRule Messages

Here is the list of TimeSeriesCollectionRule resource messages:

TimeSeriesCollectionRule Message

Name Type Description
name string (name of TimeSeriesCollectionRule) Name of TimeSeriesCollectionRule When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Optional display name
filter string (filter of TimeSerie) Time series filter to apply.
aggregation Aggregation Instructs how to transform individual time series (aligner) and combine them together (reducer, group by fields).
rule_ids repeated string Allocated persistent rule IDs for underlying watch.
sink string (reference to TimeSeriesForwarderSink) Optional sink where data is automatically forwarder. It can be nil, if intention for this collection rule is to aid in pulling via time series watch feature (TODO: Not implemented, rule without sink has no effect).

GetTimeSeriesCollectionRuleRequest Message

A request message of the GetTimeSeriesCollectionRule method.

Name Type Description
name string (name of TimeSeriesCollectionRule) Name of ntt.monitoring.v4.TimeSeriesCollectionRule
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetTimeSeriesCollectionRulesRequest Message

A request message of the BatchGetTimeSeriesCollectionRules method.

Name Type Description
names repeated string (name of TimeSeriesCollectionRule) Names of TimeSeriesCollectionRules
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetTimeSeriesCollectionRulesResponse Message

A response message of the BatchGetTimeSeriesCollectionRules method.

Name Type Description
time_series_collection_rules repeated TimeSeriesCollectionRule found TimeSeriesCollectionRules
missing repeated string (name of TimeSeriesCollectionRule) list of not found TimeSeriesCollectionRules

ListTimeSeriesCollectionRulesRequest Message

A request message of the ListTimeSeriesCollectionRules method.

Name Type Description
parent string (parent name of TimeSeriesCollectionRule) Parent name of ntt.monitoring.v4.TimeSeriesCollectionRule
page_size int32 Requested page size. Server may return fewer TimeSeriesCollectionRules than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of TimeSeriesCollectionRule) A token identifying a page of results the server should return. Typically, this is the value of ListTimeSeriesCollectionRulesResponse.next_page_token.
order_by string (orderBy of TimeSeriesCollectionRule) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of TimeSeriesCollectionRule) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListTimeSeriesCollectionRulesResponse Message

A response message of the ListTimeSeriesCollectionRules method.

Name Type Description
time_series_collection_rules repeated TimeSeriesCollectionRule The list of TimeSeriesCollectionRules
prev_page_token string (cursor of TimeSeriesCollectionRule) A token to retrieve previous page of results. Pass this value in the ListTimeSeriesCollectionRulesRequest.page_token.
next_page_token string (cursor of TimeSeriesCollectionRule) A token to retrieve next page of results. Pass this value in the ListTimeSeriesCollectionRulesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total TimeSeriesCollectionRules across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchTimeSeriesCollectionRuleRequest Message

A request message of the WatchTimeSeriesCollectionRule method.

Name Type Description
name string (name of TimeSeriesCollectionRule) Name of ntt.monitoring.v4.TimeSeriesCollectionRule
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchTimeSeriesCollectionRuleResponse Message

A response message of the WatchTimeSeriesCollectionRule method.

Name Type Description
change TimeSeriesCollectionRuleChange

WatchTimeSeriesCollectionRulesRequest Message

A request message of the WatchTimeSeriesCollectionRules method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of TimeSeriesCollectionRule) Parent name of ntt.monitoring.v4.TimeSeriesCollectionRule
page_size int32 Requested page size. Server may return fewer TimeSeriesCollectionRules than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of TimeSeriesCollectionRule) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of TimeSeriesCollectionRule) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of TimeSeriesCollectionRule) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to TimeSeriesCollectionRule that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to TimeSeriesCollectionRule that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchTimeSeriesCollectionRulesResponse Message

A response message of the WatchTimeSeriesCollectionRules method.

Name Type Description
time_series_collection_rule_changes repeated TimeSeriesCollectionRuleChange Changes of TimeSeriesCollectionRules
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All TimeSeriesCollectionRules will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchTimeSeriesCollectionRulesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (TimeSeriesCollectionRules will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchTimeSeriesCollectionRulesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of TimeSeriesCollectionRule) New token to retrieve previous page of results.
next_page_token string (cursor of TimeSeriesCollectionRule) New token to retrieve next page of results.

CreateTimeSeriesCollectionRuleRequest Message

A request message of the CreateTimeSeriesCollectionRule method.

Name Type Description
parent string (parent name of TimeSeriesCollectionRule) Parent name of ntt.monitoring.v4.TimeSeriesCollectionRule
time_series_collection_rule TimeSeriesCollectionRule TimeSeriesCollectionRule resource body
response_mask CreateTimeSeriesCollectionRuleRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateTimeSeriesCollectionRuleRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateTimeSeriesCollectionRuleRequest Message

A request message of the UpdateTimeSeriesCollectionRule method.

Name Type Description
time_series_collection_rule TimeSeriesCollectionRule TimeSeriesCollectionRule resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateTimeSeriesCollectionRuleRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateTimeSeriesCollectionRuleRequest.ResponseMask reduce message response size.

UpdateTimeSeriesCollectionRuleRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state TimeSeriesCollectionRule Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateTimeSeriesCollectionRuleRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteTimeSeriesCollectionRuleRequest Message

A request message of the DeleteTimeSeriesCollectionRule method.

Name Type Description
name string (name of TimeSeriesCollectionRule) Name of ntt.monitoring.v4.TimeSeriesCollectionRule
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

TimeSeriesForwarderSink Resource

TimeSeriesForwarderSink Resource describes destination of TimeSeries data. Sink can be connected to TimeSeriesCollectionRule. TimeSeriesForwarderSink does not need to be in the same project as collection rule. Each item published on the sink will be a protobuf message of ntt.monitoring.v4.BulkTimeSeries.

Name patterns:

  • projects/{project}/timeSeriesForwarderSinks/{time_series_forwarder_sink}

Parent resources:

This section covers the methods and messages to interact with TimeSeriesForwarderSink resource.

TimeSeriesForwarderSink Methods

Here is the list of TimeSeriesForwarderSink resource methods:

GetTimeSeriesForwarderSink Method

GetTimeSeriesForwarderSink

rpc GetTimeSeriesForwarderSink(GetTimeSeriesForwarderSinkRequest) returns (TimeSeriesForwarderSink)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.get

The equivalent REST API is:

GET /v4/{name=projects/*/timeSeriesForwarderSinks/*}

BatchGetTimeSeriesForwarderSinks Method

BatchGetTimeSeriesForwarderSinks

rpc BatchGetTimeSeriesForwarderSinks(BatchGetTimeSeriesForwarderSinksRequest) returns (BatchGetTimeSeriesForwarderSinksResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.batchGet

The equivalent REST API is:

GET /v4/timeSeriesForwarderSinks:batchGet

ListTimeSeriesForwarderSinks Method

ListTimeSeriesForwarderSinks

rpc ListTimeSeriesForwarderSinks(ListTimeSeriesForwarderSinksRequest) returns (ListTimeSeriesForwarderSinksResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.list

The equivalent REST API is:

GET /v4/{parent=projects/*}/timeSeriesForwarderSinks

WatchTimeSeriesForwarderSink Method

WatchTimeSeriesForwarderSink

rpc WatchTimeSeriesForwarderSink(WatchTimeSeriesForwarderSinkRequest) returns (WatchTimeSeriesForwarderSinkResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.watch

The equivalent REST API is:

POST /v4/{name=projects/*/timeSeriesForwarderSinks/*}:watch

WatchTimeSeriesForwarderSinks Method

WatchTimeSeriesForwarderSinks

rpc WatchTimeSeriesForwarderSinks(WatchTimeSeriesForwarderSinksRequest) returns (WatchTimeSeriesForwarderSinksResponse)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.watch

The equivalent REST API is:

POST /v4/{parent=projects/*}/timeSeriesForwarderSinks:watch

CreateTimeSeriesForwarderSink Method

CreateTimeSeriesForwarderSink

rpc CreateTimeSeriesForwarderSink(CreateTimeSeriesForwarderSinkRequest) returns (TimeSeriesForwarderSink)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.create

The equivalent REST API is:

POST /v4/{parent=projects/*}/timeSeriesForwarderSinks (BODY: time_series_forwarder_sink)

UpdateTimeSeriesForwarderSink Method

UpdateTimeSeriesForwarderSink

rpc UpdateTimeSeriesForwarderSink(UpdateTimeSeriesForwarderSinkRequest) returns (TimeSeriesForwarderSink)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.update

The equivalent REST API is:

PUT /v4/{time_series_forwarder_sink.name=projects/*/timeSeriesForwarderSinks/*} (BODY: time_series_forwarder_sink)

DeleteTimeSeriesForwarderSink Method

DeleteTimeSeriesForwarderSink

rpc DeleteTimeSeriesForwarderSink(DeleteTimeSeriesForwarderSinkRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/monitoring.edgelq.com/permissions/timeSeriesForwarderSinks.delete

The equivalent REST API is:

DELETE /v4/{name=projects/*/timeSeriesForwarderSinks/*}

TimeSeriesForwarderSink Messages

Here is the list of TimeSeriesForwarderSink resource messages:

TimeSeriesForwarderSink Message

Name Type Description
name string (name of TimeSeriesForwarderSink) Name of TimeSeriesForwarderSink When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Optional display name
spec TimeSeriesForwarderSink.Spec Current spec
status TimeSeriesForwarderSink.Status Current status

TimeSeriesForwarderSink.Spec Message

Sink specification, instructing where data must go. It must specify one valid sink spec inside.

Name Type Description
compression TimeSeriesForwarderSink.Spec.Compression Optional data compression.
azure_event_hub TimeSeriesForwarderSink.Spec.AzureEventHubSink

TimeSeriesForwarderSink.Status Message

Status describes status of TimeSeriesForwarderSink.

Name Type Description
error string If there is some persisting error on the sink, it will be reported here.

TimeSeriesForwarderSink.Spec.AzureEventHubSink Message

AzureEventHubSink describes sink for Azure Event Hub.

Name Type Description
endpoint string (reference to Secret) Endpoint must contain secret value for authentication purposes, therefore it is packed as a Secret resource. Secret resource itself must contain following data field: { “data”: { “EndpointString”: “Endpoint=sb://<name>.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=<SECRET>;EntityPath=<topicName>” } } Replace <> elements with appropiate values.

GetTimeSeriesForwarderSinkRequest Message

A request message of the GetTimeSeriesForwarderSink method.

Name Type Description
name string (name of TimeSeriesForwarderSink) Name of ntt.monitoring.v4.TimeSeriesForwarderSink
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetTimeSeriesForwarderSinksRequest Message

A request message of the BatchGetTimeSeriesForwarderSinks method.

Name Type Description
names repeated string (name of TimeSeriesForwarderSink) Names of TimeSeriesForwarderSinks
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetTimeSeriesForwarderSinksResponse Message

A response message of the BatchGetTimeSeriesForwarderSinks method.

Name Type Description
time_series_forwarder_sinks repeated TimeSeriesForwarderSink found TimeSeriesForwarderSinks
missing repeated string (name of TimeSeriesForwarderSink) list of not found TimeSeriesForwarderSinks

ListTimeSeriesForwarderSinksRequest Message

A request message of the ListTimeSeriesForwarderSinks method.

Name Type Description
parent string (parent name of TimeSeriesForwarderSink) Parent name of ntt.monitoring.v4.TimeSeriesForwarderSink
page_size int32 Requested page size. Server may return fewer TimeSeriesForwarderSinks than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of TimeSeriesForwarderSink) A token identifying a page of results the server should return. Typically, this is the value of ListTimeSeriesForwarderSinksResponse.next_page_token.
order_by string (orderBy of TimeSeriesForwarderSink) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of TimeSeriesForwarderSink) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListTimeSeriesForwarderSinksResponse Message

A response message of the ListTimeSeriesForwarderSinks method.

Name Type Description
time_series_forwarder_sinks repeated TimeSeriesForwarderSink The list of TimeSeriesForwarderSinks
prev_page_token string (cursor of TimeSeriesForwarderSink) A token to retrieve previous page of results. Pass this value in the ListTimeSeriesForwarderSinksRequest.page_token.
next_page_token string (cursor of TimeSeriesForwarderSink) A token to retrieve next page of results. Pass this value in the ListTimeSeriesForwarderSinksRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total TimeSeriesForwarderSinks across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchTimeSeriesForwarderSinkRequest Message

A request message of the WatchTimeSeriesForwarderSink method.

Name Type Description
name string (name of TimeSeriesForwarderSink) Name of ntt.monitoring.v4.TimeSeriesForwarderSink
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchTimeSeriesForwarderSinkResponse Message

A response message of the WatchTimeSeriesForwarderSink method.

Name Type Description
change TimeSeriesForwarderSinkChange

WatchTimeSeriesForwarderSinksRequest Message

A request message of the WatchTimeSeriesForwarderSinks method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of TimeSeriesForwarderSink) Parent name of ntt.monitoring.v4.TimeSeriesForwarderSink
page_size int32 Requested page size. Server may return fewer TimeSeriesForwarderSinks than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of TimeSeriesForwarderSink) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of TimeSeriesForwarderSink) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of TimeSeriesForwarderSink) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to TimeSeriesForwarderSink that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to TimeSeriesForwarderSink that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchTimeSeriesForwarderSinksResponse Message

A response message of the WatchTimeSeriesForwarderSinks method.

Name Type Description
time_series_forwarder_sink_changes repeated TimeSeriesForwarderSinkChange Changes of TimeSeriesForwarderSinks
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All TimeSeriesForwarderSinks will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchTimeSeriesForwarderSinksResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (TimeSeriesForwarderSinks will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchTimeSeriesForwarderSinksResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of TimeSeriesForwarderSink) New token to retrieve previous page of results.
next_page_token string (cursor of TimeSeriesForwarderSink) New token to retrieve next page of results.

CreateTimeSeriesForwarderSinkRequest Message

A request message of the CreateTimeSeriesForwarderSink method.

Name Type Description
parent string (parent name of TimeSeriesForwarderSink) Parent name of ntt.monitoring.v4.TimeSeriesForwarderSink
time_series_forwarder_sink TimeSeriesForwarderSink TimeSeriesForwarderSink resource body
response_mask CreateTimeSeriesForwarderSinkRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateTimeSeriesForwarderSinkRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateTimeSeriesForwarderSinkRequest Message

A request message of the UpdateTimeSeriesForwarderSink method.

Name Type Description
time_series_forwarder_sink TimeSeriesForwarderSink TimeSeriesForwarderSink resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateTimeSeriesForwarderSinkRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateTimeSeriesForwarderSinkRequest.ResponseMask reduce message response size.

UpdateTimeSeriesForwarderSinkRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state TimeSeriesForwarderSink Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateTimeSeriesForwarderSinkRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteTimeSeriesForwarderSinkRequest Message

A request message of the DeleteTimeSeriesForwarderSink method.

Name Type Description
name string (name of TimeSeriesForwarderSink) Name of ntt.monitoring.v4.TimeSeriesForwarderSink
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

TimeSeriesForwarderSink Enumerations

Here is the list of TimeSeriesForwarderSink resource enumerations:

TimeSeriesForwarderSink.Spec.Compression Enumeration

Name Description
NO_COMPRESSION
SNAPPY

Monitoring Service Shared Methods and Messages

Monitoring Service Shared Messages

Here is the list of Monitoring service shared messages:

Aggregation Message

Describes how to combine multiple time series to provide different views of the data. Aggregation consists of an alignment step on individual time series (alignment_period and per_series_aligner) followed by an optional reduction step of the data across the aligned time series (cross_series_reducer and group_by_fields). For more details, see Aggregation.

Name Type Description
alignment_period .google.protobuf.Duration The alignment period for per-[time series][ntt.monitoring.v3.TimeSeries] alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned.
per_series_aligner Aggregation.Aligner The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series. Time series data must be aligned in order to perform cross-time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
cross_series_reducer Aggregation.Reducer The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series. Time series data must be aligned in order to perform cross-time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
group_by_fields repeated string The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored.

AlertChange Message

AlertChange is used by Watch notifications Responses to describe change of single Alert One of Added, Modified, Removed

Name Type Description
added AlertChange.Added Added is returned when watched document is added, either created or enters Query view
modified AlertChange.Modified Modified is returned when watched document is modified
current AlertChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AlertChange.Removed Removed is returned when Alert is deleted or leaves Query view

AlertChange.Added Message

Alert has been added to query view

Name Type Description
alert Alert
view_index int32 Integer describing index of added Alert in resulting query view.

AlertChange.Current Message

Alert has been added or modified in a query view. Version used for stateless watching

Name Type Description
alert Alert

AlertChange.Modified Message

Alert changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Alert) Name of modified Alert
alert Alert New version of Alert or masked difference, depending on mask_changes instrumentation of issued [WatchAlertRequest] or [WatchAlertsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Alert. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Alert new index in resulting query view.

AlertChange.Removed Message

Removed is returned when Alert is deleted or leaves Query view

Name Type Description
name string (name of Alert)
view_index int32 Integer specifying removed Alert index. Not populated in stateless watch type.

AlertingConditionChange Message

AlertingConditionChange is used by Watch notifications Responses to describe change of single AlertingCondition One of Added, Modified, Removed

Name Type Description
added AlertingConditionChange.Added Added is returned when watched document is added, either created or enters Query view
modified AlertingConditionChange.Modified Modified is returned when watched document is modified
current AlertingConditionChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AlertingConditionChange.Removed Removed is returned when AlertingCondition is deleted or leaves Query view

AlertingConditionChange.Added Message

AlertingCondition has been added to query view

Name Type Description
alerting_condition AlertingCondition
view_index int32 Integer describing index of added AlertingCondition in resulting query view.

AlertingConditionChange.Current Message

AlertingCondition has been added or modified in a query view. Version used for stateless watching

Name Type Description
alerting_condition AlertingCondition

AlertingConditionChange.Modified Message

AlertingCondition changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AlertingCondition) Name of modified AlertingCondition
alerting_condition AlertingCondition New version of AlertingCondition or masked difference, depending on mask_changes instrumentation of issued [WatchAlertingConditionRequest] or [WatchAlertingConditionsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AlertingCondition. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AlertingCondition new index in resulting query view.

AlertingConditionChange.Removed Message

Removed is returned when AlertingCondition is deleted or leaves Query view

Name Type Description
name string (name of AlertingCondition)
view_index int32 Integer specifying removed AlertingCondition index. Not populated in stateless watch type.

AlertingPolicyChange Message

AlertingPolicyChange is used by Watch notifications Responses to describe change of single AlertingPolicy One of Added, Modified, Removed

Name Type Description
added AlertingPolicyChange.Added Added is returned when watched document is added, either created or enters Query view
modified AlertingPolicyChange.Modified Modified is returned when watched document is modified
current AlertingPolicyChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed AlertingPolicyChange.Removed Removed is returned when AlertingPolicy is deleted or leaves Query view

AlertingPolicyChange.Added Message

AlertingPolicy has been added to query view

Name Type Description
alerting_policy AlertingPolicy
view_index int32 Integer describing index of added AlertingPolicy in resulting query view.

AlertingPolicyChange.Current Message

AlertingPolicy has been added or modified in a query view. Version used for stateless watching

Name Type Description
alerting_policy AlertingPolicy

AlertingPolicyChange.Modified Message

AlertingPolicy changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of AlertingPolicy) Name of modified AlertingPolicy
alerting_policy AlertingPolicy New version of AlertingPolicy or masked difference, depending on mask_changes instrumentation of issued [WatchAlertingPolicyRequest] or [WatchAlertingPoliciesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified AlertingPolicy. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying AlertingPolicy new index in resulting query view.

AlertingPolicyChange.Removed Message

Removed is returned when AlertingPolicy is deleted or leaves Query view

Name Type Description
name string (name of AlertingPolicy)
view_index int32 Integer specifying removed AlertingPolicy index. Not populated in stateless watch type.

BucketChange Message

BucketChange is used by Watch notifications Responses to describe change of single Bucket One of Added, Modified, Removed

Name Type Description
added BucketChange.Added Added is returned when watched document is added, either created or enters Query view
modified BucketChange.Modified Modified is returned when watched document is modified
current BucketChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed BucketChange.Removed Removed is returned when Bucket is deleted or leaves Query view

BucketChange.Added Message

Bucket has been added to query view

Name Type Description
bucket Bucket
view_index int32 Integer describing index of added Bucket in resulting query view.

BucketChange.Current Message

Bucket has been added or modified in a query view. Version used for stateless watching

Name Type Description
bucket Bucket

BucketChange.Modified Message

Bucket changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Bucket) Name of modified Bucket
bucket Bucket New version of Bucket or masked difference, depending on mask_changes instrumentation of issued [WatchBucketRequest] or [WatchBucketsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Bucket. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Bucket new index in resulting query view.

BucketChange.Removed Message

Removed is returned when Bucket is deleted or leaves Query view

Name Type Description
name string (name of Bucket)
view_index int32 Integer specifying removed Bucket index. Not populated in stateless watch type.

BulkTimeSeries Message

Used for reporting rollups

Name Type Description
time_series repeated TimeSerie
phantom_flag bool

CreateTimeSeriesError Message

Describes the result of a failed request to write data to a time series.

Name Type Description
time_series TimeSerie The time series, including the Metric, MonitoredResource, and Points (including timestamp and value) that resulted in the error. This field provides all of the context that would be needed to retry the operation.
status Status The status of the requested write operation.

Distribution Message

Distribution contains summary statistics for a population of values and, optionally, a histogram representing the distribution of those values across a specified set of histogram buckets.

The summary statistics are the count, mean, sum of the squared deviation from the mean, the minimum, and the maximum of the set of population of values.

The histogram is based on a sequence of buckets and gives a count of values that fall into each bucket. The boundaries of the buckets are given either explicitly or by specifying parameters for a method of computing them (buckets of fixed width or buckets of exponentially increasing width).

Although it is not forbidden, it is generally a bad idea to include non-finite values (infinities or NaNs) in the population of values, as this will render the mean and sum_of_squared_deviation fields meaningless.

Name Type Description
count int64 The number of values in the population. Must be non-negative.
mean double The arithmetic mean of the values in the population. If count is zero then this field must be zero.
sum_of_squared_deviation double The sum of squared deviations from the mean of the values in the population. For values x_i this is: Sum[i=1..n]((x_i - mean)^2) Knuth, “The Art of Computer Programming”, Vol. 2, page 323, 3rd edition describes Welford’s method for accumulating this sum in one pass. If count is zero then this field must be zero.
range Distribution.Range If specified, contains the range of the population values. The field must not be present if the count is zero.
bucket_options Distribution.BucketOptions Defines the histogram bucket boundaries.
bucket_counts repeated int64 If bucket_options is given, then the sum of the values in bucket_counts must equal the value in count. If bucket_options is not given, no bucket_counts fields may be given. Bucket counts are given in order under the numbering scheme described above (the underflow bucket has number 0; the finite buckets, if any, have numbers 1 through N-2; the overflow bucket has number N-1). The size of bucket_counts must be no greater than N as defined in bucket_options. Any suffix of trailing zero bucket_count fields may be omitted.

Distribution.BucketOptions Message

A Distribution may optionally contain a histogram of the values in the population. The histogram is given in bucket_counts as counts of values that fall into one of a sequence of non-overlapping buckets. The sequence of buckets is described by bucket_options.

A bucket specifies an inclusive lower bound and exclusive upper bound for the values that are counted for that bucket. The upper bound of a bucket is strictly greater than the lower bound.

The sequence of N buckets for a Distribution consists of an underflow bucket (number 0), zero or more finite buckets (number 1 through N - 2) and an overflow bucket (number N - 1). The buckets are contiguous: the lower bound of bucket i (i > 0) is the same as the upper bound of bucket i - 1. The buckets span the whole range of finite values: lower bound of the underflow bucket is -infinity and the upper bound of the overflow bucket is +infinity. The finite buckets are so-called because both bounds are finite.

BucketOptions describes bucket boundaries in one of three ways. Two describe the boundaries by giving parameters for a formula to generate boundaries and one gives the bucket boundaries explicitly.

If bucket_boundaries is not given, then no bucket_counts may be given.

Name Type Description
linear_buckets Distribution.BucketOptions.Linear The linear bucket.
exponential_buckets Distribution.BucketOptions.Exponential The exponential buckets.
explicit_buckets Distribution.BucketOptions.Explicit The explicit buckets.
dynamic_buckets Distribution.BucketOptions.Dynamic TDigest dynamic bucketing

Distribution.BucketOptions.Dynamic Message

Dynamic buckets centroid based. TDigest implementation.

Name Type Description
compression double TDigest compression rate
means repeated double Centroid means. Must be the same length as bucket counts. Each mean, count represents a weighed centroid.

Distribution.BucketOptions.Explicit Message

A set of buckets with arbitrary widths.

Defines size(bounds) + 1 (= N) buckets with these boundaries for bucket i:

Upper bound (0 <= i < N-1):     bounds[i]
Lower bound (1 <= i < N);       bounds[i - 1]

There must be at least one element in bounds. If bounds has only one element, there are no finite buckets, and that single element is the common boundary of the overflow and underflow buckets.

Name Type Description
bounds repeated double The values must be monotonically increasing.

Distribution.BucketOptions.Exponential Message

Specify a sequence of buckets that have a width that is proportional to the value of the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.

Defines num_finite_buckets + 2 (= N) buckets with these boundaries for bucket i:

Upper bound (0 <= i < N-1):     scale * (growth_factor ^ i).
Lower bound (1 <= i < N):       scale * (growth_factor ^ (i - 1)).
Name Type Description
num_finite_buckets int32 Must be greater than 0.
growth_factor double Must be greater than 1.
scale double Must be greater than 0.

Distribution.BucketOptions.Linear Message

Specify a sequence of buckets that all have the same width (except overflow and underflow). Each bucket represents a constant absolute uncertainty on the specific value in the bucket.

Defines num_finite_buckets + 2 (= N) buckets with these boundaries for bucket i:

Upper bound (0 <= i < N-1):     offset + (width * i).
Lower bound (1 <= i < N):       offset + (width * (i - 1)).
Name Type Description
num_finite_buckets int32 Must be greater than 0.
width double Must be greater than 0.
offset double Lower bound of the first bucket.

Distribution.Range Message

The range of the population values.

Name Type Description
min double The minimum of the population values.
max double The maximum of the population values.

LabelDescriptor Message

A description of a label.

Name Type Description
key string The label key.
value_type LabelDescriptor.ValueType The type of data that can be assigned to the label.
description string A human-readable description for the label.
default_value string Default value for string label - this value is used in two cases: 1. to populate missing labels while creating TimeSeries 2. to populate missing remaining kvs while querying TimeSeries - usually applies to old data
disabled bool disabled flag communicates that this label is ignored by the backend. It’s used for backward compatibility.

LabelKeySet Message

LabelKeySet is used for defining PromotedLabelKeySets on Metric and Resource descriptors

Name Type Description
label_keys repeated string List of label keys. Cannot be modified once set.

Metric Message

A specific metric, identified by specifying values for all of the labels of a [MetricDescriptor][google.api.MetricDescriptor].

Name Type Description
type string An existing metric type, see [google.api.MetricDescriptor][google.api.MetricDescriptor]. For example, custom.googleapis.com/invoice/paid/amount.
labels map<string, string> The set of label values that uniquely identify this metric. All labels listed in the MetricDescriptor must be assigned values.
reduced_labels repeated string reduced labels in aggregations

MetricDescriptorChange Message

MetricDescriptorChange is used by Watch notifications Responses to describe change of single MetricDescriptor One of Added, Modified, Removed

Name Type Description
added MetricDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified MetricDescriptorChange.Modified Modified is returned when watched document is modified
current MetricDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MetricDescriptorChange.Removed Removed is returned when MetricDescriptor is deleted or leaves Query view

MetricDescriptorChange.Added Message

MetricDescriptor has been added to query view

Name Type Description
metric_descriptor MetricDescriptor
view_index int32 Integer describing index of added MetricDescriptor in resulting query view.

MetricDescriptorChange.Current Message

MetricDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
metric_descriptor MetricDescriptor

MetricDescriptorChange.Modified Message

MetricDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MetricDescriptor) Name of modified MetricDescriptor
metric_descriptor MetricDescriptor New version of MetricDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMetricDescriptorRequest] or [WatchMetricDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MetricDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MetricDescriptor new index in resulting query view.

MetricDescriptorChange.Removed Message

Removed is returned when MetricDescriptor is deleted or leaves Query view

Name Type Description
name string (name of MetricDescriptor)
view_index int32 Integer specifying removed MetricDescriptor index. Not populated in stateless watch type.

MetricSelector Message

Metric selects metric.type and list of labels used to build query, like:

metric.type IN ("type0", "type1", ...) AND
metric.labels.<key0> IN (label0_0, label0_1, ...) AND
metric.labels.<key1> IN (label1_0, label1_1, ...) AND ...
Name Type Description
types repeated string
labels map<string, Strings> label key, e.g. “project_id”, “target_id”, etc Note the missing “metric.labels.” prefix.

MonitoredResource Message

An object representing a resource that can be used for monitoring, logging, billing, or other purposes. Examples include virtual machine instances, databases, and storage devices such as disks. The type field identifies a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object that describes the resource’s schema. Information in the labels field identifies the actual resource and its attributes according to the schema. For example, a particular Compute Engine VM instance could be represented by the following object, because the [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] for "gce_instance" has labels "instance_id" and "zone":

 { "type": "gce_instance",
   "labels": { "instance_id": "12345678901234",
               "zone": "us-central1-a" }}
Name Type Description
type string Required. The monitored resource type. This field must match the type field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object. For example, the type of a Compute Engine VM instance is gce_instance.
labels map<string, string> Required. Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels "project_id", "instance_id", and "zone".
reduced_labels repeated string reduced labels in aggregations

MonitoredResourceDescriptorChange Message

MonitoredResourceDescriptorChange is used by Watch notifications Responses to describe change of single MonitoredResourceDescriptor One of Added, Modified, Removed

Name Type Description
added MonitoredResourceDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified MonitoredResourceDescriptorChange.Modified Modified is returned when watched document is modified
current MonitoredResourceDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed MonitoredResourceDescriptorChange.Removed Removed is returned when MonitoredResourceDescriptor is deleted or leaves Query view

MonitoredResourceDescriptorChange.Added Message

MonitoredResourceDescriptor has been added to query view

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor
view_index int32 Integer describing index of added MonitoredResourceDescriptor in resulting query view.

MonitoredResourceDescriptorChange.Current Message

MonitoredResourceDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
monitored_resource_descriptor MonitoredResourceDescriptor

MonitoredResourceDescriptorChange.Modified Message

MonitoredResourceDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of MonitoredResourceDescriptor) Name of modified MonitoredResourceDescriptor
monitored_resource_descriptor MonitoredResourceDescriptor New version of MonitoredResourceDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchMonitoredResourceDescriptorRequest] or [WatchMonitoredResourceDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified MonitoredResourceDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying MonitoredResourceDescriptor new index in resulting query view.

MonitoredResourceDescriptorChange.Removed Message

Removed is returned when MonitoredResourceDescriptor is deleted or leaves Query view

Name Type Description
name string (name of MonitoredResourceDescriptor)
view_index int32 Integer specifying removed MonitoredResourceDescriptor index. Not populated in stateless watch type.

MonitoredResourceSelector Message

MonitoredResourceSelector selects resource.type and list of labels used to build query, like:

resource.type IN ("type0", "type1", ...) AND
resource.labels.<key0> IN (label0_0, label0_1, ...) AND
resource.labels.<key1> IN (label1_0, label1_1, ...) AND ...

Note: Only one resource.type per query is currently allowed

Name Type Description
types repeated string
labels map<string, Strings> label key, e.g. “project_id”, “target_id”, etc Note the missing “resource.labels.” prefix.

NotificationChange Message

NotificationChange is used by Watch notifications Responses to describe change of single Notification One of Added, Modified, Removed

Name Type Description
added NotificationChange.Added Added is returned when watched document is added, either created or enters Query view
modified NotificationChange.Modified Modified is returned when watched document is modified
current NotificationChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed NotificationChange.Removed Removed is returned when Notification is deleted or leaves Query view

NotificationChange.Added Message

Notification has been added to query view

Name Type Description
notification Notification
view_index int32 Integer describing index of added Notification in resulting query view.

NotificationChange.Current Message

Notification has been added or modified in a query view. Version used for stateless watching

Name Type Description
notification Notification

NotificationChange.Modified Message

Notification changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Notification) Name of modified Notification
notification Notification New version of Notification or masked difference, depending on mask_changes instrumentation of issued [WatchNotificationRequest] or [WatchNotificationsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Notification. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Notification new index in resulting query view.

NotificationChange.Removed Message

Removed is returned when Notification is deleted or leaves Query view

Name Type Description
name string (name of Notification)
view_index int32 Integer specifying removed Notification index. Not populated in stateless watch type.

NotificationChannelChange Message

NotificationChannelChange is used by Watch notifications Responses to describe change of single NotificationChannel One of Added, Modified, Removed

Name Type Description
added NotificationChannelChange.Added Added is returned when watched document is added, either created or enters Query view
modified NotificationChannelChange.Modified Modified is returned when watched document is modified
current NotificationChannelChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed NotificationChannelChange.Removed Removed is returned when NotificationChannel is deleted or leaves Query view

NotificationChannelChange.Added Message

NotificationChannel has been added to query view

Name Type Description
notification_channel NotificationChannel
view_index int32 Integer describing index of added NotificationChannel in resulting query view.

NotificationChannelChange.Current Message

NotificationChannel has been added or modified in a query view. Version used for stateless watching

Name Type Description
notification_channel NotificationChannel

NotificationChannelChange.Modified Message

NotificationChannel changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of NotificationChannel) Name of modified NotificationChannel
notification_channel NotificationChannel New version of NotificationChannel or masked difference, depending on mask_changes instrumentation of issued [WatchNotificationChannelRequest] or [WatchNotificationChannelsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified NotificationChannel. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying NotificationChannel new index in resulting query view.

NotificationChannelChange.Removed Message

Removed is returned when NotificationChannel is deleted or leaves Query view

Name Type Description
name string (name of NotificationChannel)
view_index int32 Integer specifying removed NotificationChannel index. Not populated in stateless watch type.

Pagination Message

Name Type Description
view string
function string
alignment_period .google.protobuf.Duration
limit int32
offset int32

PhantomTimeSerieChange Message

PhantomTimeSerieChange is used by Watch notifications Responses to describe change of single PhantomTimeSerie One of Added, Modified, Removed

Name Type Description
added PhantomTimeSerieChange.Added Added is returned when watched document is added, either created or enters Query view
modified PhantomTimeSerieChange.Modified Modified is returned when watched document is modified
current PhantomTimeSerieChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed PhantomTimeSerieChange.Removed Removed is returned when PhantomTimeSerie is deleted or leaves Query view

PhantomTimeSerieChange.Added Message

PhantomTimeSerie has been added to query view

Name Type Description
phantom_time_serie PhantomTimeSerie
view_index int32 Integer describing index of added PhantomTimeSerie in resulting query view.

PhantomTimeSerieChange.Current Message

PhantomTimeSerie has been added or modified in a query view. Version used for stateless watching

Name Type Description
phantom_time_serie PhantomTimeSerie

PhantomTimeSerieChange.Modified Message

PhantomTimeSerie changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of PhantomTimeSerie) Name of modified PhantomTimeSerie
phantom_time_serie PhantomTimeSerie New version of PhantomTimeSerie or masked difference, depending on mask_changes instrumentation of issued [WatchPhantomTimeSerieRequest] or [WatchPhantomTimeSeriesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified PhantomTimeSerie. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying PhantomTimeSerie new index in resulting query view.

PhantomTimeSerieChange.Removed Message

Removed is returned when PhantomTimeSerie is deleted or leaves Query view

Name Type Description
name string (name of PhantomTimeSerie)
view_index int32 Integer specifying removed PhantomTimeSerie index. Not populated in stateless watch type.

Point Message

A single data point in a time series.

Name Type Description
interval TimeInterval The time interval to which the data point applies. For GAUGE metrics, only the end time of the interval is used. For DELTA metrics, the start and end time should specify a non-zero interval, with subsequent points specifying contiguous and non-overlapping intervals. For CUMULATIVE metrics, the start and end time should specify a non-zero interval, with subsequent points specifying the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.
value TypedValue The value of the data point.
aggregation Aggregation Additional aggregation info Used internally for batching rollup points

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

RecoveryStoreShardingInfoChange Message

RecoveryStoreShardingInfoChange is used by Watch notifications Responses to describe change of single RecoveryStoreShardingInfo One of Added, Modified, Removed

Name Type Description
added RecoveryStoreShardingInfoChange.Added Added is returned when watched document is added, either created or enters Query view
modified RecoveryStoreShardingInfoChange.Modified Modified is returned when watched document is modified
current RecoveryStoreShardingInfoChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed RecoveryStoreShardingInfoChange.Removed Removed is returned when RecoveryStoreShardingInfo is deleted or leaves Query view

RecoveryStoreShardingInfoChange.Added Message

RecoveryStoreShardingInfo has been added to query view

Name Type Description
recovery_store_sharding_info RecoveryStoreShardingInfo
view_index int32 Integer describing index of added RecoveryStoreShardingInfo in resulting query view.

RecoveryStoreShardingInfoChange.Current Message

RecoveryStoreShardingInfo has been added or modified in a query view. Version used for stateless watching

Name Type Description
recovery_store_sharding_info RecoveryStoreShardingInfo

RecoveryStoreShardingInfoChange.Modified Message

RecoveryStoreShardingInfo changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of RecoveryStoreShardingInfo) Name of modified RecoveryStoreShardingInfo
recovery_store_sharding_info RecoveryStoreShardingInfo New version of RecoveryStoreShardingInfo or masked difference, depending on mask_changes instrumentation of issued [WatchRecoveryStoreShardingInfoRequest] or [WatchRecoveryStoreShardingInfosRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified RecoveryStoreShardingInfo. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying RecoveryStoreShardingInfo new index in resulting query view.

RecoveryStoreShardingInfoChange.Removed Message

Removed is returned when RecoveryStoreShardingInfo is deleted or leaves Query view

Name Type Description
name string (name of RecoveryStoreShardingInfo)
view_index int32 Integer specifying removed RecoveryStoreShardingInfo index. Not populated in stateless watch type.

StatsQuery Message

Name Type Description
call_latencies StatsQuery.CallLatencies
executed_calls StatsQuery.ExecutedCalls
open_calls StatsQuery.OpenCalls
error_counts StatsQuery.ErrorCounts
ingress_throughput StatsQuery.IngressThroughput
egress_throughput StatsQuery.EgressThroughput
store_usage StatsQuery.StoreOperations
resource_count StatsQuery.ResourceCount
logs_usage StatsQuery.Logs
activity_logs_usage StatsQuery.ActivityLogs
resource_change_logs_usage StatsQuery.ResourceChangeLogs
time_series_usage StatsQuery.TimeSeries
time_series_latencies StatsQuery.TimeSeriesLatencies

StatsQuery.ActivityLogs Message

Name Type Description
type StatsQuery.ActivityLogs.Type
methods repeated string
versions repeated string
categories repeated string
group_by repeated StatsQuery.ActivityLogs.Groups

StatsQuery.CallLatencies Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
reducer StatsQuery.CallLatencies.Reducer
group_by repeated StatsQuery.CallLatencies.Groups

StatsQuery.EgressThroughput Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
group_by repeated StatsQuery.EgressThroughput.Groups

StatsQuery.ErrorCounts Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
error_codes repeated string
group_by repeated StatsQuery.ErrorCounts.Groups

StatsQuery.ExecutedCalls Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
group_by repeated StatsQuery.ExecutedCalls.Groups

StatsQuery.IngressThroughput Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
group_by repeated StatsQuery.IngressThroughput.Groups

StatsQuery.Logs Message

Name Type Description
type StatsQuery.Logs.Type
log_types repeated string
group_by repeated StatsQuery.Logs.Groups

StatsQuery.OpenCalls Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
group_by repeated StatsQuery.OpenCalls.Groups

StatsQuery.ResourceChangeLogs Message

Name Type Description
type StatsQuery.ResourceChangeLogs.Type
resource_types repeated string
group_by repeated StatsQuery.ResourceChangeLogs.Groups

StatsQuery.ResourceCount Message

Name Type Description
resources repeated string

StatsQuery.StoreOperations Message

Name Type Description
methods repeated string
versions repeated string
resources repeated string
operations repeated StatsQuery.StoreOperations.Operation
group_by repeated StatsQuery.StoreOperations.Groups

StatsQuery.TimeSeries Message

Name Type Description
type StatsQuery.TimeSeries.Type
resource_types repeated string
metric_types repeated string
group_by repeated StatsQuery.TimeSeries.Groups

StatsQuery.TimeSeriesLatencies Message

Name Type Description
of_ap .google.protobuf.Duration
reducer StatsQuery.TimeSeriesLatencies.Reducer

Strings Message

Represents wrapped list of strings.

Name Type Description
values repeated string

TimeInterval Message

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Name Type Description
end_time .google.protobuf.Timestamp Required. The end of the time interval.
start_time .google.protobuf.Timestamp Optional. The beginning of the time interval. The default value for the start time is the end time. The start time must not be later than the end time.

TimeRange Message

Time Range represents time between two points in time. Any of those can be missing, which means it’s open-ended.

Name Type Description
start_time .google.protobuf.Timestamp Optional. Start of time range
end_time .google.protobuf.Timestamp Optional. End of time range

TimeSeriesCollectionRuleChange Message

TimeSeriesCollectionRuleChange is used by Watch notifications Responses to describe change of single TimeSeriesCollectionRule One of Added, Modified, Removed

Name Type Description
added TimeSeriesCollectionRuleChange.Added Added is returned when watched document is added, either created or enters Query view
modified TimeSeriesCollectionRuleChange.Modified Modified is returned when watched document is modified
current TimeSeriesCollectionRuleChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed TimeSeriesCollectionRuleChange.Removed Removed is returned when TimeSeriesCollectionRule is deleted or leaves Query view

TimeSeriesCollectionRuleChange.Added Message

TimeSeriesCollectionRule has been added to query view

Name Type Description
time_series_collection_rule TimeSeriesCollectionRule
view_index int32 Integer describing index of added TimeSeriesCollectionRule in resulting query view.

TimeSeriesCollectionRuleChange.Current Message

TimeSeriesCollectionRule has been added or modified in a query view. Version used for stateless watching

Name Type Description
time_series_collection_rule TimeSeriesCollectionRule

TimeSeriesCollectionRuleChange.Modified Message

TimeSeriesCollectionRule changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of TimeSeriesCollectionRule) Name of modified TimeSeriesCollectionRule
time_series_collection_rule TimeSeriesCollectionRule New version of TimeSeriesCollectionRule or masked difference, depending on mask_changes instrumentation of issued [WatchTimeSeriesCollectionRuleRequest] or [WatchTimeSeriesCollectionRulesRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified TimeSeriesCollectionRule. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying TimeSeriesCollectionRule new index in resulting query view.

TimeSeriesCollectionRuleChange.Removed Message

Removed is returned when TimeSeriesCollectionRule is deleted or leaves Query view

Name Type Description
name string (name of TimeSeriesCollectionRule)
view_index int32 Integer specifying removed TimeSeriesCollectionRule index. Not populated in stateless watch type.

TimeSeriesForwarderSinkChange Message

TimeSeriesForwarderSinkChange is used by Watch notifications Responses to describe change of single TimeSeriesForwarderSink One of Added, Modified, Removed

Name Type Description
added TimeSeriesForwarderSinkChange.Added Added is returned when watched document is added, either created or enters Query view
modified TimeSeriesForwarderSinkChange.Modified Modified is returned when watched document is modified
current TimeSeriesForwarderSinkChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed TimeSeriesForwarderSinkChange.Removed Removed is returned when TimeSeriesForwarderSink is deleted or leaves Query view

TimeSeriesForwarderSinkChange.Added Message

TimeSeriesForwarderSink has been added to query view

Name Type Description
time_series_forwarder_sink TimeSeriesForwarderSink
view_index int32 Integer describing index of added TimeSeriesForwarderSink in resulting query view.

TimeSeriesForwarderSinkChange.Current Message

TimeSeriesForwarderSink has been added or modified in a query view. Version used for stateless watching

Name Type Description
time_series_forwarder_sink TimeSeriesForwarderSink

TimeSeriesForwarderSinkChange.Modified Message

TimeSeriesForwarderSink changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of TimeSeriesForwarderSink) Name of modified TimeSeriesForwarderSink
time_series_forwarder_sink TimeSeriesForwarderSink New version of TimeSeriesForwarderSink or masked difference, depending on mask_changes instrumentation of issued [WatchTimeSeriesForwarderSinkRequest] or [WatchTimeSeriesForwarderSinksRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified TimeSeriesForwarderSink. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying TimeSeriesForwarderSink new index in resulting query view.

TimeSeriesForwarderSinkChange.Removed Message

Removed is returned when TimeSeriesForwarderSink is deleted or leaves Query view

Name Type Description
name string (name of TimeSeriesForwarderSink)
view_index int32 Integer specifying removed TimeSeriesForwarderSink index. Not populated in stateless watch type.

TimeSeriesSelector Message

Name Type Description
metric MetricSelector Metric Selector used to specify filtered Metric types and labels
resource MonitoredResourceSelector Resource Selector used to specify filtered Monitored Resource types and labels

TypedValue Message

A single strongly-typed value.

Name Type Description
bool_value bool A Boolean value: true or false.
int64_value int64 A 64-bit integer. Its range is approximately ±9.2x10<sup>18</sup>.
double_value double A 64-bit double-precision floating-point number. Its magnitude is approximately ±10<sup>±300</sup> and it has 16 significant digits of precision.
string_value string A variable-length string value.
distribution_value Distribution A distribution value.

Monitoring Service Shared Enumerations

Here is the list of Monitoring service shared enumerations:

Aggregation.Aligner Enumeration

The Aligner describes how to bring the data points in a single time series into temporal alignment.

Name Description
ALIGN_NONE No alignment. Raw data is returned. Not valid if cross-time series reduction is requested. The value type of the result is the same as the value type of the input.
ALIGN_DELTA Align and convert to delta metric type. This alignment is valid for cumulative metrics and delta metrics. Aligning an existing delta metric to a delta metric requires that the alignment period be increased. The value type of the result is the same as the value type of the input. One can think of this aligner as a rate but without time units; that is, the output is conceptually (second_point - first_point).
ALIGN_RATE Align and convert to a rate. This alignment is valid for cumulative metrics and delta metrics with numeric values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]. One can think of this aligner as conceptually providing the slope of the line that passes through the value at the start and end of the window. In other words, this is conceptually ((y1 - y0)/(t1 - t0)), and the output unit is one that has a “/time” dimension. If, by rate, you are looking for percentage change, see the ALIGN_PERCENT_CHANGE aligner option.
ALIGN_MIN Align time series via aggregation. The resulting data point in the alignment period is the minimum of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the result is either [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE], or [INT64][google.api.MetricDescriptor.ValueType.INT64], depending whether original type is int64, or double/distribution.
ALIGN_MAX Align time series via aggregation. The resulting data point in the alignment period is the maximum of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the result is either [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE], or [INT64][google.api.MetricDescriptor.ValueType.INT64], depending whether original type is int64, or double/distribution.
ALIGN_MEAN Align time series via aggregation. The resulting data point in the alignment period is the average or arithmetic mean of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_COUNT Align time series via aggregation. The resulting data point in the alignment period is the count of all data points in the period. This alignment is valid for gauge and delta metrics with numeric or Boolean values. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
ALIGN_SUM Align time series via aggregation. The resulting data point in the alignment period is the sum of all data points in the period. This alignment is valid for gauge and delta metrics with numeric and distribution values. The value type of the output is the same as the value type of the input.
ALIGN_STDDEV Align time series via aggregation. The resulting data point in the alignment period is the standard deviation of all data points in the period. This alignment is valid for gauge and delta metrics with numeric values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_99 Align time series via aggregation. The resulting data point in the alignment period is the 99th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_95 Align time series via aggregation. The resulting data point in the alignment period is the 95th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_50 Align time series via aggregation. The resulting data point in the alignment period is the 50th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_PERCENTILE_05 Align time series via aggregation. The resulting data point in the alignment period is the 5th percentile of all data points in the period. This alignment is valid for gauge and delta metrics with distribution values. The output is a gauge metric with value type [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
ALIGN_SUMMARY Outputs Distribution without bucketing with stats like: Min, Max, Count, Mean, SumOfSquaredDeviations valid only for LONG, DOUBLE and DISTRIBUTION value types

Aggregation.Reducer Enumeration

A Reducer describes how to aggregate data points from multiple time series into a single time series.

Name Description
REDUCE_NONE No cross-time series reduction. The output of the aligner is returned.
REDUCE_MEAN Reduce by computing the mean across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric or distribution values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
REDUCE_MIN Reduce by computing the minimum across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric values. The value type of the output is the same as the value type of the input.
REDUCE_MAX Reduce by computing the maximum across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric values. The value type of the output is the same as the value type of the input.
REDUCE_SUM Reduce by computing the sum across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric and distribution values. The value type of the output is the same as the value type of the input.
REDUCE_STDDEV Reduce by computing the standard deviation across time series for each alignment period. This reducer is valid for delta and gauge metrics with numeric or distribution values. The value type of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE].
REDUCE_COUNT Reduce by computing the count of data points across time series for each alignment period. This reducer is valid for delta and gauge metrics of numeric, Boolean, distribution, and string value type. The value type of the output is [INT64][google.api.MetricDescriptor.ValueType.INT64].
REDUCE_PERCENTILE_99 Reduce by computing 99th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_PERCENTILE_95 Reduce by computing 95th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_PERCENTILE_50 Reduce by computing 50th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_PERCENTILE_05 Reduce by computing 5th percentile of data points across time series for each alignment period. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DOUBLE][google.api.MetricDescriptor.ValueType.DOUBLE]
REDUCE_SUMMARY Reduce with Distribution with stats like: Min, Max, Count, Mean, SumOfSquaredDeviations, histogram. This reducer is valid for gauge and delta metrics of numeric and distribution type. The value of the output is [DISTRIBUTION][google.api.MetricDescriptor.ValueType.DISTRIBUTION]

LabelDescriptor.ValueType Enumeration

Value types that can be used as label values.

Name Description
STRING A variable-length string. This is the default.
BOOL Boolean; true or false.
INT64 A 64-bit signed integer.

StatsQuery.ActivityLogs.Groups Enumeration

Name Description
METHOD
VERSION
CATEGORY

StatsQuery.ActivityLogs.Type Enumeration

Name Description
UNDEFINED
READS
WRITES

StatsQuery.CallLatencies.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE

StatsQuery.CallLatencies.Reducer Enumeration

Name Description
SUMMARY
MIN
MAX
P50
P95
P99
MEAN
STD_DEV

StatsQuery.EgressThroughput.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE

StatsQuery.ErrorCounts.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE
RESPONSE_CODE

StatsQuery.ExecutedCalls.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE

StatsQuery.IngressThroughput.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE

StatsQuery.Logs.Groups Enumeration

Name Description
LOG_TYPE

StatsQuery.Logs.Type Enumeration

Name Description
UNDEFINED
READS
WRITES

StatsQuery.OpenCalls.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE

StatsQuery.ResourceChangeLogs.Groups Enumeration

Name Description
RESOURCE_TYPE

StatsQuery.ResourceChangeLogs.Type Enumeration

Name Description
UNDEFINED
READS
WRITES

StatsQuery.StoreOperations.Groups Enumeration

Name Description
METHOD
VERSION
RESOURCE_TYPE
OPERATION

StatsQuery.StoreOperations.Operation Enumeration

Name Description
UNDEFINED
GET
LIST
SEARCH
WATCH
CREATE
UPDATE
DELETE

StatsQuery.TimeSeries.Groups Enumeration

Name Description
RESOURCE_TYPE
METRIC_TYPE

StatsQuery.TimeSeries.Type Enumeration

Name Description
UNDEFINED
READS
RAW_WRITES
ROLLUP_WRITES

StatsQuery.TimeSeriesLatencies.Reducer Enumeration

Name Description
SUMMARY
MIN
MAX
P50
P95
P99
MEAN
STD_DEV

TimeSeriesView Enumeration

Controls which fields are returned by ListTimeSeries.

Name Description
FULL Returns the identity of the metric(s), the time series, and the time series data.
HEADERS Returns the identity of the metric and the time series resource, but not the time series data.

6 - SPEKTRA Edge Logging Service API

Understanding the Logging service API.

SPEKTRA Edge Logging service is a structured data store that provides the ability to store arbitrary data in the form of logs series with timestamps and user-defined metadata. To achieve that, we are using google.protobuf.Struct OR google.protobuf.Any, a well-known type used to store any JSON-like (or protobuf) data. It allows users not to worry about defining any proto message. We can store any data type such as string, int, float, bytes, map, etc.

Use cases for the logging service include:

  • system or application logs
  • event logs
  • tracing
  • core / debug dump
  • blob data

The stored logs can be queried based on timestamps and also filtered based on user-defined metadata fields.

Full API Specifications (with resources):

Resources

Log Descriptors

A log descriptor is the context of all logs created. It describes log, its metadata, service, API version, region, and the service-defined labels, for example process name can be an example.

A log descriptor also privdes indexing patterns for its labels. Each promoted index set is defined with a log descriptor is combined with the following fields:

When querying, it is required that users specify parent, service, and log descriptor fields, plus any promoted fields as defined by the log descriptor (field promotedLabelKeySets). If there is an empty set among available lists, it means that logs can be queried by scope, service and log descriptor fields only.

Log Entries

A log entry is a combination of timestamps with underlying data items. Log entries sharing the same scope, service, version, log descriptor and labels are considered to form a single Log instance.

Storing and querying logs

As an example, we will define and create a log descriptor for storing IoT device logs:

logDescriptor:
  name: projects/<projectID>/logDescriptors/iot.app.org/syslog
  displayName: IoT Device syslog
  description: IoT Device syslog
  labels:
  - key: module
    description: process/module/component name
  - key: device_id
    description: device ID
  - key: log_level
    description: Log level (debug, info, warn, error etc)
  promotedLabelKeySets:
  - labelKeys: ["log_level"]
  - labelKeys: ["device_id"]
  - labelKeys: ["module", "device_id"]

Create the log descriptor using cli:

cuttle logging create log-descriptor -f logdescriptor.yaml

Sample code for storing logs:

import (
   "context"
   "fmt"
   "time"


   "google.golang.org/protobuf/types/known/structpb"
   "google.golang.org/protobuf/types/known/timestamppb"


   clog "github.com/cloudwan/edgelq-sdk/logging/client/v1/log"
   log_common "github.com/cloudwan/edgelq-sdk/logging/common/v1"
   rlog "github.com/cloudwan/edgelq-sdk/logging/resources/v1/log"
   rlog_descriptor "github.com/cloudwan/edgelq-sdk/logging/resources/v1/log_descriptor"


   "github.com/cloudwan/edgelq-sdk/examples/utils"
)

const (
   logDescriptorName  = "iot.app.org/syslog"
   projectID          = "development"
   demoDeviceID       = "temperature-sensor-101"
   sampleModule       = "sensor-phy"
   sampleLogLevel     = "info"
   controllerEndpoint = "logging.stg01b.edgelq.com:443"
   credsFile          = "/etc/conf/edgelq-credentials.json"
)

func create_log_client(
   ctx context.Context,
) clog.LogServiceClient {
   grpcConn := utils.Dial(ctx, controllerEndpoint, "", credsFile) // Panics
   return clog.NewLogServiceClient(grpcConn)
}

func storeLogs(
  ctx context.Context,
  logCli clog.LogServiceClient,
  payloadString string,
  logTime time.Time,
) error {
   logData := map[string]interface{}{
       "sensor-dev": "/dev/zz",
       "process":    "sensor-agent",
       "message":    "Initialised sensor device",
   }

   payload, err := structpb.NewStruct(logData) // Check to rules below to avoid errors
   if err != nil {
       return err
   }

   logEntry := &rlog.Log{
       Service:       "iot.app.org",
       Version:       "v2",
       LogDescriptor: rlog_descriptor.NewNameBuilder().SetProjectId(projectID).SetId(logDescriptorName).Reference(),
       Labels: map[string]string{
           "device_id": demoDeviceID,
           "module":    sampleModule,
           "log_level": sampleLogLevel,
       },
       Time:    timestamppb.New(logTime),
       Payload: payload,
   }

   _, err = logCli.CreateLogs(ctx, &clog.CreateLogsRequest{
       Parent: rlog.NewNameBuilder().SetProjectId(projectID).ParentReference(),
       Logs:   []*rlog.Log{logEntry},
   })
   if err != nil {
       return fmt.Errorf("Failed to upload logs to the server: %w", err)
   }
   return nil
}

Note however, that it is also possible to provide the “Name” field in the rlog.Log value, but the ID must be equal to the value provided by the earlier CreateLogs request. Labels, LogDescriptor, Service, and Version can be skipped however then, reducing request size. It is still required to send at least one CreateLogs request with full meta information and labels, to have Name allocated.

With some logs submitted, we can try to query.

Log query takes three inputs:

  • Parents

    Project ID or Organization ID

  • Interval

    Start time and end time for the logs request

  • Filter

    Filter can combine multiple conditions based on the labels defined in the log descriptor. Log Descriptor and service name are mandatory filters. User-defined labels are optional filters.

In this example from Quickstart though, at least one user label is mandatory with a filter, because we have promoted labels:

promotedLabelKeySets:
- labelKeys: ["log_level"]
- labelKeys: ["device_id"]
- labelKeys: ["module", "device_id"]

According to these sets, we must specify log_level or device_id at least. But if we specify module and log_level at the same time, then logging service will use the last index as the most optimal.

Query logs without filtering on label values:

cuttle logging query logs --parents projects/<projectID> \
  --interval '{"startTime": "2022-08-15T00:00:00Z", \
               "endTime": "2022-08-16T00:00:00Z"}' \
  --filter 'logDescriptor="projects/<projectID>/logDescriptors/iot.app.org/syslog" \
            labels.device_id="temperature-sensor" AND \
            service="iot.app.org"' \
  -o json

Query logs based on device ID as a filter:

cuttle logging query logs --parents projects/<projectID> \
  --interval '{"startTime": "2022-08-15T00:00:00Z", \
               "endTime": "2022-08-16T00:00:00Z"}' \
  --filter 'logDescriptor="projects/<projectID>/logDescriptors/iot.app.org/syslog" \
            labels.device_id="temperature-sensor" AND \
            service="iot.app.org"' \
  -o json

Query logs with device ID and module as a filter:

cuttle logging query logs --parents projects/<projectID> \
  --interval '{"startTime": "2022-08-15T00:00:00Z", \
               "endTime": "2022-08-16T00:00:00Z"}' \
  --filter 'logDescriptor="projects/<projectID>/logDescriptors/iot.app.org/syslog" \
            labels.device_id="temperature-sensor" AND \
            labels.module=”sensor-phy” AND service="iot.app.org"' \
  -o json

Querying Logs programmatically using SDK:

func fetchLogs(
  ctx context.Context,
  logCli clog.LogServiceClient,
  deviceID, module, logLevel, logDescriptorName string,
  startTime, endTime time.Time,
) ([]*rlog.Log, error) {
	filterBuilder := rlog.NewFilterBuilder().Where().
                          Service().Eq("iot.app.org").
		                  Where().LogDescriptor().
                          Eq(rlog_descriptor.NewNameBuilder().
                             SetProjectId(projectId).
                             SetId(logDescriptorName).Reference())
    if deviceID != "" {
        filterBuilder = filterBuilder.Where().Labels().
                                      WithKey("device_id").Eq(deviceID)
    }
    if module != "" {
        filterBuilder = filterBuilder.Where().Labels().
                                      WithKey("module").Eq(module)
    }

    resp, err := logCli.ListLogs(ctx, &clog.ListLogsRequest{
        Parents: []*rlog.ParentName{
            rlog.NewNameBuilder().SetProjectId(projectID).Parent(),
        },
        Filter:  filterBuilder.Filter(),
        Interval: &log_common.TimeInterval{
            StartTime: timestamppb.New(startTime),
            EndTime:   timestamppb.New(endTime),
        },
    })
    if err != nil {
        return nil, err
    }
    return resp.GetLogs(), nil
}

Buckets

It is possible to restrict log creation/queries to a specific subset of logs within scope (service, organization, or project).

For example, suppose we have a device agent, and we want to ensure it can read/write only from/to specific owned logs. We can create the following bucket:

cuttle logging create bucket <bucketId> --project <projectId> \
  --region <regionId> \
  --logs '{
    "descriptors":["projects/<projectId>/logDescriptors/devices.edgelq.com/syslog"],
    "labels": {"project_id":{"strings": ["<projectId>"]}, \
               "region_id":{"strings": ["<regionId>"]}, \
               "device_id":{"strings": ["<deviceId>"]}}
  }'

We can now create a Role for Device (Yaml):

- name: services/devices.edgelq.com/roles/restricted-device-agent
  scopeParams:
  - name: region
    type: STRING
  - name: bucket
    type: STRING
  grants:
  - subScope: regions/{region}/buckets/{bucket}
    permissions:
    - services/logging.edgelq.com/permissions/logs.create
    - services/logging.edgelq.com/permissions/logs.query

The project can be specified in RoleBinding. When we assign the Role to the Device, then the device agent will be only able to create/query logs for a specific bucket - and this bucket will guarantee that:

  • Device can read/submit logs only for the projects/<projectId>/logDescriptors/devices.edgelq.com/syslog descriptor.
  • All logs for the syslog descriptor will have to specify the “project_id” label equal to the specified project, “region_id” equal to the specified region, and “device_id” equal to the specified device. When querying, the filter will have to specify all those fields.

Buckets ensure also correctness even if the client is submitting binary log keys (Log name with binary data key is provided, but labels are empty).

Provided example above is for information - Service devices.edgelq.com already provides Buckets for all Devices!

6.1 -

Understanding the logging.edgelq.com service APIv1, in proto package ntt.logging.v1.

Service logging.edgelq.com in version v1, proto package ntt.logging.v1

Here is the list of resources supported in Logging service APIv1:

Bucket Resource

Bucket Resource

Name patterns:

  • projects/{project}/regions/{region}/buckets/{bucket}
  • organizations/{organization}/regions/{region}/buckets/{bucket}
  • services/{service}/regions/{region}/buckets/{bucket}

Parent resources:

This section covers the methods and messages to interact with Bucket resource.

Bucket Methods

Here is the list of Bucket resource methods:

GetBucket Method

GetBucket

rpc GetBucket(GetBucketRequest) returns (Bucket)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/buckets/*} 

GET /v1/{name=organizations/*/regions/*/buckets/*} 

GET /v1/{name=services/*/regions/*/buckets/*}

BatchGetBuckets Method

BatchGetBuckets

rpc BatchGetBuckets(BatchGetBucketsRequest) returns (BatchGetBucketsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.batchGet

The equivalent REST API is:

GET /v1/buckets:batchGet

ListBuckets Method

ListBuckets

rpc ListBuckets(ListBucketsRequest) returns (ListBucketsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/buckets 

GET /v1/{parent=organizations/*/regions/*}/buckets 

GET /v1/{parent=services/*/regions/*}/buckets

WatchBucket Method

WatchBucket

rpc WatchBucket(WatchBucketRequest) returns (WatchBucketResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/buckets/*}:watch 

POST /v1/{name=organizations/*/regions/*/buckets/*}:watch 

POST /v1/{name=services/*/regions/*/buckets/*}:watch

WatchBuckets Method

WatchBuckets

rpc WatchBuckets(WatchBucketsRequest) returns (WatchBucketsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/buckets:watch 

POST /v1/{parent=organizations/*/regions/*}/buckets:watch 

POST /v1/{parent=services/*/regions/*}/buckets:watch

CreateBucket Method

CreateBucket

rpc CreateBucket(CreateBucketRequest) returns (Bucket)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/buckets (BODY: bucket)

POST /v1/{parent=organizations/*/regions/*}/buckets 

POST /v1/{parent=services/*/regions/*}/buckets

UpdateBucket Method

UpdateBucket

rpc UpdateBucket(UpdateBucketRequest) returns (Bucket)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.update

The equivalent REST API is:

PUT /v1/{bucket.name=projects/*/regions/*/buckets/*} (BODY: bucket)

PUT /v1/{bucket.name=organizations/*/regions/*/buckets/*} 

PUT /v1/{bucket.name=services/*/regions/*/buckets/*}

DeleteBucket Method

DeleteBucket

rpc DeleteBucket(DeleteBucketRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/buckets.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/buckets/*} 

DELETE /v1/{name=organizations/*/regions/*/buckets/*} 

DELETE /v1/{name=services/*/regions/*/buckets/*}

Bucket Messages

Here is the list of Bucket resource messages:

Bucket Message

Name Type Description
name string (name of Bucket) Name of Bucket When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-]{2,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
services repeated string Optional service names (if required), for example “devices.edgelq.com”
versions repeated string Oprional service versions (if required), for example “v1”
logs repeated Bucket.RequiredTypedLabels Allowed log combinations (OR). If empty, all log types are allowed.
required_alt_kvs repeated Bucket.ResolvedKeysWithValues All combinations of key-values (in integer forms) - one of them must be passed by every Log object for given bucket. Its computed by server side and for internal use.

Bucket.ResolvedValues Message

ResolvedValues contains binary representation of types and labels and possible values. Due to limitations in some db backends (looking at firestore), we use int64 instead of uint64.

Name Type Description
key int64
values repeated int64

Bucket.ResolvedKeysWithValues Message

ResolvedKeysWithValues binds multiple keys with possible values.

Name Type Description
resolved_kvs repeated Bucket.ResolvedValues

Bucket.RequiredTypedLabels Message

RequiredTypedLabels describes required label values for specified log descriptors. All logs in Create operation must contain at least one allowed type and then labels must match all the labels. For list queries, filter must contain at least one type and all labels must be present in condition containing all or subset of allowed label values.

Name Type Description
descriptors repeated string (reference to LogDescriptor)
labels map<string, Bucket.RequiredTypedLabels.Strings>

Bucket.RequiredTypedLabels.Strings Message

Name Type Description
strings repeated string

GetBucketRequest Message

A request message of the GetBucket method.

Name Type Description
name string (name of Bucket) Name of ntt.logging.v1.Bucket
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetBucketsRequest Message

A request message of the BatchGetBuckets method.

Name Type Description
names repeated string (name of Bucket) Names of Buckets
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetBucketsResponse Message

A response message of the BatchGetBuckets method.

Name Type Description
buckets repeated Bucket found Buckets
missing repeated string (name of Bucket) list of not found Buckets

ListBucketsRequest Message

A request message of the ListBuckets method.

Name Type Description
parent string (parent name of Bucket) Parent name of ntt.logging.v1.Bucket
page_size int32 Requested page size. Server may return fewer Buckets than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Bucket) A token identifying a page of results the server should return. Typically, this is the value of ListBucketsResponse.next_page_token.
order_by string (orderBy of Bucket) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Bucket) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListBucketsResponse Message

A response message of the ListBuckets method.

Name Type Description
buckets repeated Bucket The list of Buckets
prev_page_token string (cursor of Bucket) A token to retrieve previous page of results. Pass this value in the ListBucketsRequest.page_token.
next_page_token string (cursor of Bucket) A token to retrieve next page of results. Pass this value in the ListBucketsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Buckets across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchBucketRequest Message

A request message of the WatchBucket method.

Name Type Description
name string (name of Bucket) Name of ntt.logging.v1.Bucket
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchBucketResponse Message

A response message of the WatchBucket method.

Name Type Description
change BucketChange

WatchBucketsRequest Message

A request message of the WatchBuckets method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Bucket) Parent name of ntt.logging.v1.Bucket
page_size int32 Requested page size. Server may return fewer Buckets than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Bucket) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Bucket) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Bucket) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Bucket that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Bucket that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchBucketsResponse Message

A response message of the WatchBuckets method.

Name Type Description
bucket_changes repeated BucketChange Changes of Buckets
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Buckets will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchBucketsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Buckets will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchBucketsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Bucket) New token to retrieve previous page of results.
next_page_token string (cursor of Bucket) New token to retrieve next page of results.

CreateBucketRequest Message

A request message of the CreateBucket method.

Name Type Description
parent string (parent name of Bucket) Parent name of ntt.logging.v1.Bucket
bucket Bucket Bucket resource body
response_mask CreateBucketRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateBucketRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateBucketRequest Message

A request message of the UpdateBucket method.

Name Type Description
bucket Bucket Bucket resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateBucketRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateBucketRequest.ResponseMask reduce message response size.

UpdateBucketRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Bucket Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateBucketRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteBucketRequest Message

A request message of the DeleteBucket method.

Name Type Description
name string (name of Bucket) Name of ntt.logging.v1.Bucket
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Log Resource

Log Resource

Name patterns:

  • projects/{project}/logs/{log}
  • organizations/{organization}/logs/{log}
  • services/{service}/logs/{log}
  • projects/{project}/regions/{region}/buckets/{bucket}/logs/{log}
  • organizations/{organization}/regions/{region}/buckets/{bucket}/logs/{log}
  • services/{service}/regions/{region}/buckets/{bucket}/logs/{log}

Parent resources:

This section covers the methods and messages to interact with Log resource.

Log Methods

Here is the list of Log resource methods:

ListLogs Method

ListLogs

rpc ListLogs(ListLogsRequest) returns (ListLogsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logs.list

The equivalent REST API is:

GET /v1/logs

CreateLogs Method

CreateLogs

rpc CreateLogs(CreateLogsRequest) returns (CreateLogsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logs.create

The equivalent REST API is:

POST /v1/logs (BODY: logs)

StreamingCreateLogs Method

StreamingCreateLogs

rpc StreamingCreateLogs(StreamingCreateLogsRequest) returns (StreamingCreateLogsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logs.streamingCreate

The equivalent REST API is:

POST /v1/logs:streamingCreate

Log Messages

Here is the list of Log resource messages:

Log Message

Name Type Description
name string (name of Log) Name of Log When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-=+]{1,128}
scope string Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Example formats are: - organization/umbrella - projects/mars_exploration - services/devices.edgelq.com
service string Service name, for example “devices.edgelq.com”
region string Region of the service to which log is assigned, for example “us-west2”
version string Associated service version, for example “v1”
log_descriptor string (reference to LogDescriptor) Associated log descriptor
labels map<string, string> List of query-able labels
time .google.protobuf.Timestamp Log timestamp
json_payload .google.protobuf.Struct Log JSON payload
pb_payload .google.protobuf.Any Log Protobuf payload
string_payload string Log string type payload
bytes_payload bytes Log bytes type payload
bin_key string Log bin_key identifies unique Log tuple: <scope, service, region, version, labels, log_descriptor Key is not to be decoded outside of service, but treated as opaque string. This field is equivalent to ID part of the log name and therefore any one of them can be used. This is intented for streaming log create to conserve some bandwidth

ListLogsRequest Message

Request message for method [ListLogs][ntt.logging.v1.ListLogs]

Name Type Description
parents repeated string (parent name of Log) Parent references of ntt.logging.v1.Log
filter string (filter of Log) Filter that specifies which logs should be returned
interval TimeInterval The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.
page_size int32 Cap on a number of log entries to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit. Results will be adjusted to the “end time” taken from interval field (adjusted also by page_token if provided).
page_token string Token which identifies next page with further results. Token should be taken from [ListLogsResponse.next_page_token][ntt.logging.v1.ListLogsResponse.next_page_token].

ListLogsResponse Message

Response message for method [ListLogs][ntt.logging.v1.ListLogs]

Name Type Description
logs repeated Log Logs that match the filter included in the request.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the logs data returned to be incomplete.

ListLogsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreateLogsRequest Message

Request message for method [CreateLogs][ntt.logging.v1.CreateLogs]

Name Type Description
parent string (parent name of Log) Parent reference of ntt.logging.v1.Log
logs repeated Log List of logs to create/append. If they have specified name field, it must match provided parent field.

CreateLogsResponse Message

Response message for method [CreateLogs][ntt.logging.v1.CreateLogs]

Name Type Description
log_names map<uint32s, string (name of Log)> Log names indexed by Create position. All logs, except failed ones will be present. If all logs were written successfully, then map will have keys all from 0 to N-1.
failed_logs repeated CreateLogsResponse.CreateError Logs that failed to be created

CreateLogsResponse.CreateError Message

Describes the result of a failed request to write logs.

Name Type Description
logs repeated Log All logs that failed to be written. This field provides all of the context that would be needed to retry the operation.
status Status The status of the requested write operation.

StreamingCreateLogsRequest Message

A request message of the StreamingCreateLogs method. This method only supports creating logs for the same project and region for the entire duration of the stream. Any client that intends to create logs in multiple projects or regions should not use this API. If the client uses the same scope, service, version and log descriptor, these fields need not be sent after the first message even if binary key is not used in the log entry. The server will set the values observed in the first message in case these are empty and binary key is also not present in the log

Name Type Description
parent string (parent name of Log) Parent reference of ntt.logging.v1.Log only required in the first request message
region_id string only required in the first request in order to route the request to the correct region
logs repeated Log List of logs to create/append. If they have specified name field, it must match provided parent field

StreamingCreateLogsResponse Message

A response message of the StreamingCreateLogs method.

Name Type Description
bin_keys map<uint32s, string> Binary key will be set in the map key corresponding to the array index in the request, but only if the particular request entry did not use binary key. Indices for log entries in request having binary key set will be ignored in the response
failed_logs repeated CreateLogsResponse.CreateError Logs that failed to be created

LogDescriptor Resource

LogDescriptor Resource

Name patterns:

  • projects/{project}/logDescriptors/{log_descriptor}
  • organizations/{organization}/logDescriptors/{log_descriptor}
  • services/{service}/logDescriptors/{log_descriptor}

Parent resources:

This section covers the methods and messages to interact with LogDescriptor resource.

LogDescriptor Methods

Here is the list of LogDescriptor resource methods:

GetLogDescriptor Method

GetLogDescriptor

rpc GetLogDescriptor(GetLogDescriptorRequest) returns (LogDescriptor)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.get

The equivalent REST API is:

GET /v1/{name=projects/*/logDescriptors/*} 

GET /v1/{name=organizations/*/logDescriptors/*} 

GET /v1/{name=services/*/logDescriptors/*}

BatchGetLogDescriptors Method

BatchGetLogDescriptors

rpc BatchGetLogDescriptors(BatchGetLogDescriptorsRequest) returns (BatchGetLogDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.batchGet

The equivalent REST API is:

GET /v1/logDescriptors:batchGet

ListLogDescriptors Method

ListLogDescriptors

rpc ListLogDescriptors(ListLogDescriptorsRequest) returns (ListLogDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.list

The equivalent REST API is:

GET /v1/{parent=projects/*}/logDescriptors 

GET /v1/{parent=organizations/*}/logDescriptors 

GET /v1/{parent=services/*}/logDescriptors

WatchLogDescriptor Method

WatchLogDescriptor

rpc WatchLogDescriptor(WatchLogDescriptorRequest) returns (WatchLogDescriptorResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.watch

The equivalent REST API is:

POST /v1/{name=projects/*/logDescriptors/*}:watch 

POST /v1/{name=organizations/*/logDescriptors/*}:watch 

POST /v1/{name=services/*/logDescriptors/*}:watch

WatchLogDescriptors Method

WatchLogDescriptors

rpc WatchLogDescriptors(WatchLogDescriptorsRequest) returns (WatchLogDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.watch

The equivalent REST API is:

POST /v1/{parent=projects/*}/logDescriptors:watch 

POST /v1/{parent=organizations/*}/logDescriptors:watch 

POST /v1/{parent=services/*}/logDescriptors:watch

CreateLogDescriptor Method

CreateLogDescriptor

rpc CreateLogDescriptor(CreateLogDescriptorRequest) returns (LogDescriptor)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.create

The equivalent REST API is:

POST /v1/{parent=projects/*}/logDescriptors (BODY: log_descriptor)

POST /v1/{parent=organizations/*}/logDescriptors 

POST /v1/{parent=services/*}/logDescriptors

UpdateLogDescriptor Method

UpdateLogDescriptor

rpc UpdateLogDescriptor(UpdateLogDescriptorRequest) returns (LogDescriptor)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.update

The equivalent REST API is:

PUT /v1/{log_descriptor.name=projects/*/logDescriptors/*} (BODY: log_descriptor)

PUT /v1/{log_descriptor.name=organizations/*/logDescriptors/*} 

PUT /v1/{log_descriptor.name=services/*/logDescriptors/*}

DeleteLogDescriptor Method

DeleteLogDescriptor

rpc DeleteLogDescriptor(DeleteLogDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/logDescriptors/*} 

DELETE /v1/{name=organizations/*/logDescriptors/*} 

DELETE /v1/{name=services/*/logDescriptors/*}

LogDescriptor Messages

Here is the list of LogDescriptor resource messages:

LogDescriptor Message

Name Type Description
name string (name of LogDescriptor) Name of LogDescriptor When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [\w./-]{1,128}/[\w./-]{1,128}
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Optional. A concise name for the log type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.
description string Optional. A detailed description of the log type that might be used in documentation.
labels repeated LabelDescriptor A set of labels used to describe instances of this log type.
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.

GetLogDescriptorRequest Message

A request message of the GetLogDescriptor method.

Name Type Description
name string (name of LogDescriptor) Name of ntt.logging.v1.LogDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLogDescriptorsRequest Message

A request message of the BatchGetLogDescriptors method.

Name Type Description
names repeated string (name of LogDescriptor) Names of LogDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLogDescriptorsResponse Message

A response message of the BatchGetLogDescriptors method.

Name Type Description
log_descriptors repeated LogDescriptor found LogDescriptors
missing repeated string (name of LogDescriptor) list of not found LogDescriptors

ListLogDescriptorsRequest Message

A request message of the ListLogDescriptors method.

Name Type Description
parent string (parent name of LogDescriptor) Parent name of ntt.logging.v1.LogDescriptor
page_size int32 Requested page size. Server may return fewer LogDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of LogDescriptor) A token identifying a page of results the server should return. Typically, this is the value of ListLogDescriptorsResponse.next_page_token.
order_by string (orderBy of LogDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of LogDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListLogDescriptorsResponse Message

A response message of the ListLogDescriptors method.

Name Type Description
log_descriptors repeated LogDescriptor The list of LogDescriptors
prev_page_token string (cursor of LogDescriptor) A token to retrieve previous page of results. Pass this value in the ListLogDescriptorsRequest.page_token.
next_page_token string (cursor of LogDescriptor) A token to retrieve next page of results. Pass this value in the ListLogDescriptorsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total LogDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchLogDescriptorRequest Message

A request message of the WatchLogDescriptor method.

Name Type Description
name string (name of LogDescriptor) Name of ntt.logging.v1.LogDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchLogDescriptorResponse Message

A response message of the WatchLogDescriptor method.

Name Type Description
change LogDescriptorChange

WatchLogDescriptorsRequest Message

A request message of the WatchLogDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of LogDescriptor) Parent name of ntt.logging.v1.LogDescriptor
page_size int32 Requested page size. Server may return fewer LogDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of LogDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of LogDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of LogDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to LogDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to LogDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchLogDescriptorsResponse Message

A response message of the WatchLogDescriptors method.

Name Type Description
log_descriptor_changes repeated LogDescriptorChange Changes of LogDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All LogDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchLogDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (LogDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchLogDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of LogDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of LogDescriptor) New token to retrieve next page of results.

CreateLogDescriptorRequest Message

A request message of the CreateLogDescriptor method.

Name Type Description
parent string (parent name of LogDescriptor) Parent name of ntt.logging.v1.LogDescriptor
log_descriptor LogDescriptor LogDescriptor resource body
response_mask CreateLogDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateLogDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateLogDescriptorRequest Message

A request message of the UpdateLogDescriptor method.

Name Type Description
log_descriptor LogDescriptor LogDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateLogDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateLogDescriptorRequest.ResponseMask reduce message response size.

UpdateLogDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state LogDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateLogDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteLogDescriptorRequest Message

A request message of the DeleteLogDescriptor method.

Name Type Description
name string (name of LogDescriptor) Name of ntt.logging.v1.LogDescriptor
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Logging Service Shared Methods and Messages

Logging Service Shared Messages

Here is the list of Logging service shared messages:

BucketChange Message

BucketChange is used by Watch notifications Responses to describe change of single Bucket One of Added, Modified, Removed

Name Type Description
added BucketChange.Added Added is returned when watched document is added, either created or enters Query view
modified BucketChange.Modified Modified is returned when watched document is modified
current BucketChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed BucketChange.Removed Removed is returned when Bucket is deleted or leaves Query view

BucketChange.Added Message

Bucket has been added to query view

Name Type Description
bucket Bucket
view_index int32 Integer describing index of added Bucket in resulting query view.

BucketChange.Current Message

Bucket has been added or modified in a query view. Version used for stateless watching

Name Type Description
bucket Bucket

BucketChange.Modified Message

Bucket changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Bucket) Name of modified Bucket
bucket Bucket New version of Bucket or masked difference, depending on mask_changes instrumentation of issued [WatchBucketRequest] or [WatchBucketsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Bucket. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Bucket new index in resulting query view.

BucketChange.Removed Message

Removed is returned when Bucket is deleted or leaves Query view

Name Type Description
name string (name of Bucket)
view_index int32 Integer specifying removed Bucket index. Not populated in stateless watch type.

LabelDescriptor Message

Name Type Description
key string The label key.
description string Label description

LabelKeySet Message

LabelKeySet is used for defining PromotedLabelKeySets

Name Type Description
label_keys repeated string

LogDescriptorChange Message

LogDescriptorChange is used by Watch notifications Responses to describe change of single LogDescriptor One of Added, Modified, Removed

Name Type Description
added LogDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified LogDescriptorChange.Modified Modified is returned when watched document is modified
current LogDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed LogDescriptorChange.Removed Removed is returned when LogDescriptor is deleted or leaves Query view

LogDescriptorChange.Added Message

LogDescriptor has been added to query view

Name Type Description
log_descriptor LogDescriptor
view_index int32 Integer describing index of added LogDescriptor in resulting query view.

LogDescriptorChange.Current Message

LogDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
log_descriptor LogDescriptor

LogDescriptorChange.Modified Message

LogDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of LogDescriptor) Name of modified LogDescriptor
log_descriptor LogDescriptor New version of LogDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchLogDescriptorRequest] or [WatchLogDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified LogDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying LogDescriptor new index in resulting query view.

LogDescriptorChange.Removed Message

Removed is returned when LogDescriptor is deleted or leaves Query view

Name Type Description
name string (name of LogDescriptor)
view_index int32 Integer specifying removed LogDescriptor index. Not populated in stateless watch type.

TimeInterval Message

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Name Type Description
end_time .google.protobuf.Timestamp Optional - end of the time interval. If not provided, current time will be assumed.
start_time .google.protobuf.Timestamp Required. The beginning of the time interval. The start time must not be later than the end time.

6.2 -

Understanding the logging.edgelq.com service APIv1alpha2, in proto package ntt.logging.v1alpha2.

Service logging.edgelq.com in version v1alpha2, proto package ntt.logging.v1alpha2

Here is the list of resources supported in Logging service APIv1alpha2:

Log Resource

Log Resource

Name patterns:

  • logs/{log}
  • projects/{project}/logs/{log}
  • organizations/{organization}/logs/{log}

Parent resources:

This section covers the methods and messages to interact with Log resource.

Log Methods

Here is the list of Log resource methods:

ListLogs Method

ListLogs

rpc ListLogs(ListLogsRequest) returns (ListLogsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logs.list

The equivalent REST API is:

GET /v1alpha2/logs

CreateLogs Method

CreateLogs

rpc CreateLogs(CreateLogsRequest) returns (CreateLogsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logs.create

The equivalent REST API is:

POST /v1alpha2/logs (BODY: logs)

Log Messages

Here is the list of Log resource messages:

Log Message

Name Type Description
name string (name of Log) Name of Log. It contains scope + ID of the log. ID is a base64 encoded unique key that identifies tuple: scope service region_id version log_descriptor labels Key is not to be decoded outside of service, but treated as opaque string
scope string Contains scope from name field without resource ID. Used for internal purpose for filtering (logs are using custom store). Example formats are: - organization/umbrella - projects/mars_exploration - <system>
service string Service name, for example “devices.edgelq.com”
region string Region of the service to which log is assigned, for example “us-west2”
version string Associated service version, for example “v1alpha2”
log_descriptor string (reference to LogDescriptor) Associated log descriptor
labels map<string, string> List of query-able labels
time .google.protobuf.Timestamp Log timestamp
payload .google.protobuf.Struct Log payload

ListLogsRequest Message

Request message for method [ListLogs][ntt.logging.v1alpha2.ListLogs]

Name Type Description
parents repeated string (parent name of Log) Parent references of ntt.logging.v1alpha2.Log
filter string (filter of Log) Filter that specifies which logs should be returned
interval TimeInterval The time interval for which results should be returned. Only logs that contain data points in the specified interval are included in the response.
page_size int32 Cap on a number of log entries to be included in a response. Number of logs in an actual response can be higher, since logs are read in bulk with second precision - exceed logs above the limit will share same timestamp as the logs below the limit. Results will be adjusted to the “end time” taken from interval field (adjusted also by page_token if provided).
page_token string Token which identifies next page with further results. Token should be taken from [ListLogsResponse.next_page_token][ntt.logging.v1alpha2.ListLogsResponse.next_page_token].

ListLogsResponse Message

Response message for method [ListLogs][ntt.logging.v1alpha2.ListLogs]

Name Type Description
logs repeated Log Logs that match the filter included in the request.
next_page_token string If there are more results than have been returned, then this field is set to a non-empty value. To see the additional results, use that value as pageToken in the next call to this method.
execution_errors repeated Status Query execution errors that may have caused the logs data returned to be incomplete.

ListLogsResponse.ErrorDetails Message

ErrorDetails is used when one of the queried regions fails to produce results. It is used in execution_errors field (see subfield ntt.rpc.Status.details).

Name Type Description
region_id string region id which failed to give results.

CreateLogsRequest Message

Request message for method [CreateLogs][ntt.logging.v1alpha2.CreateLogs]

Name Type Description
parent string (parent name of Log) Parent reference of ntt.logging.v1alpha2.Log
logs repeated Log List of logs to create/append. If they have specified name field, it must match provided parent field.

CreateLogsResponse Message

Response message for method [CreateLogs][ntt.logging.v1alpha2.CreateLogs]

Name Type Description
log_names map<uint32s, string (name of Log)> Log names indexed by Create position. All logs, except failed ones will be present. If all logs were written successfully, then map will have keys all from 0 to N-1.
failed_logs repeated CreateLogsResponse.CreateError Logs that failed to be created

CreateLogsResponse.CreateError Message

Describes the result of a failed request to write logs.

Name Type Description
logs repeated Log All logs that failed to be written. This field provides all of the context that would be needed to retry the operation.
status Status The status of the requested write operation.

LogDescriptor Resource

LogDescriptor Resource

Name patterns:

  • logDescriptors/{log_descriptor}
  • projects/{project}/logDescriptors/{log_descriptor}
  • organizations/{organization}/logDescriptors/{log_descriptor}

Parent resources:

This section covers the methods and messages to interact with LogDescriptor resource.

LogDescriptor Methods

Here is the list of LogDescriptor resource methods:

GetLogDescriptor Method

GetLogDescriptor

rpc GetLogDescriptor(GetLogDescriptorRequest) returns (LogDescriptor)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.get

The equivalent REST API is:

GET /v1alpha2/{name=logDescriptors/*} 

GET /v1alpha2/{name=projects/*/logDescriptors/*} 

GET /v1alpha2/{name=organizations/*/logDescriptors/*}

BatchGetLogDescriptors Method

BatchGetLogDescriptors

rpc BatchGetLogDescriptors(BatchGetLogDescriptorsRequest) returns (BatchGetLogDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.batchGet

The equivalent REST API is:

GET /v1alpha2/logDescriptors:batchGet

ListLogDescriptors Method

ListLogDescriptors

rpc ListLogDescriptors(ListLogDescriptorsRequest) returns (ListLogDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.list

The equivalent REST API is:

GET /v1alpha2/logDescriptors 

GET /v1alpha2/{parent=projects/*}/logDescriptors 

GET /v1alpha2/{parent=organizations/*}/logDescriptors

WatchLogDescriptor Method

WatchLogDescriptor

rpc WatchLogDescriptor(WatchLogDescriptorRequest) returns (WatchLogDescriptorResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.watch

The equivalent REST API is:

POST /v1alpha2/{name=logDescriptors/*}:watch 

POST /v1alpha2/{name=projects/*/logDescriptors/*}:watch 

POST /v1alpha2/{name=organizations/*/logDescriptors/*}:watch

WatchLogDescriptors Method

WatchLogDescriptors

rpc WatchLogDescriptors(WatchLogDescriptorsRequest) returns (WatchLogDescriptorsResponse)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.watch

The equivalent REST API is:

POST /v1alpha2/logDescriptors:watch 

POST /v1alpha2/{parent=projects/*}/logDescriptors:watch 

POST /v1alpha2/{parent=organizations/*}/logDescriptors:watch

CreateLogDescriptor Method

CreateLogDescriptor

rpc CreateLogDescriptor(CreateLogDescriptorRequest) returns (LogDescriptor)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.create

The equivalent REST API is:

POST /v1alpha2/logDescriptors (BODY: log_descriptor)

POST /v1alpha2/{parent=projects/*}/logDescriptors 

POST /v1alpha2/{parent=organizations/*}/logDescriptors

UpdateLogDescriptor Method

UpdateLogDescriptor

rpc UpdateLogDescriptor(UpdateLogDescriptorRequest) returns (LogDescriptor)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.update

The equivalent REST API is:

PUT /v1alpha2/{log_descriptor.name=logDescriptors/*} (BODY: log_descriptor)

PUT /v1alpha2/{log_descriptor.name=projects/*/logDescriptors/*} 

PUT /v1alpha2/{log_descriptor.name=organizations/*/logDescriptors/*}

DeleteLogDescriptor Method

DeleteLogDescriptor

rpc DeleteLogDescriptor(DeleteLogDescriptorRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/logging.edgelq.com/permissions/logDescriptors.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=logDescriptors/*} 

DELETE /v1alpha2/{name=projects/*/logDescriptors/*} 

DELETE /v1alpha2/{name=organizations/*/logDescriptors/*}

LogDescriptor Messages

Here is the list of LogDescriptor resource messages:

LogDescriptor Message

Name Type Description
name string (name of LogDescriptor) Name of LogDescriptor - contains service name followed by name defined by developer, separated by ‘/’ sign. Example name: “devices.edgelq.com/DeviceFailure”
display_name string Optional. A concise name for the log type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners.
description string Optional. A detailed description of the log type that might be used in documentation.
labels repeated LabelDescriptor A set of labels used to describe instances of this log type.
promoted_label_key_sets repeated LabelKeySet Promoted Label Key Sets allow defining multiple indexing rules for underlying backend enabling query optimizations.
metadata Meta Metadata

GetLogDescriptorRequest Message

A request message of the GetLogDescriptor method.

Name Type Description
name string (name of LogDescriptor) Name of ntt.logging.v1alpha2.LogDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLogDescriptorsRequest Message

A request message of the BatchGetLogDescriptors method.

Name Type Description
names repeated string (name of LogDescriptor) Names of LogDescriptors
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetLogDescriptorsResponse Message

A response message of the BatchGetLogDescriptors method.

Name Type Description
log_descriptors repeated LogDescriptor found LogDescriptors
missing repeated string (name of LogDescriptor) list of not found LogDescriptors

ListLogDescriptorsRequest Message

A request message of the ListLogDescriptors method.

Name Type Description
parent string (parent name of LogDescriptor) Parent name of ntt.logging.v1alpha2.LogDescriptor
page_size int32 Requested page size. Server may return fewer LogDescriptors than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of LogDescriptor) A token identifying a page of results the server should return. Typically, this is the value of ListLogDescriptorsResponse.next_page_token.
order_by string (orderBy of LogDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of LogDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListLogDescriptorsResponse Message

A response message of the ListLogDescriptors method.

Name Type Description
log_descriptors repeated LogDescriptor The list of LogDescriptors
prev_page_token string (cursor of LogDescriptor) A token to retrieve previous page of results. Pass this value in the ListLogDescriptorsRequest.page_token.
next_page_token string (cursor of LogDescriptor) A token to retrieve next page of results. Pass this value in the ListLogDescriptorsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total LogDescriptors across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchLogDescriptorRequest Message

A request message of the WatchLogDescriptor method.

Name Type Description
name string (name of LogDescriptor) Name of ntt.logging.v1alpha2.LogDescriptor
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchLogDescriptorResponse Message

A response message of the WatchLogDescriptor method.

Name Type Description
change LogDescriptorChange

WatchLogDescriptorsRequest Message

A request message of the WatchLogDescriptors method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of LogDescriptor) Parent name of ntt.logging.v1alpha2.LogDescriptor
page_size int32 Requested page size. Server may return fewer LogDescriptors than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of LogDescriptor) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of LogDescriptor) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of LogDescriptor) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to LogDescriptor that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to LogDescriptor that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchLogDescriptorsResponse Message

A response message of the WatchLogDescriptors method.

Name Type Description
log_descriptor_changes repeated LogDescriptorChange Changes of LogDescriptors
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All LogDescriptors will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchLogDescriptorsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (LogDescriptors will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchLogDescriptorsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of LogDescriptor) New token to retrieve previous page of results.
next_page_token string (cursor of LogDescriptor) New token to retrieve next page of results.

CreateLogDescriptorRequest Message

A request message of the CreateLogDescriptor method.

Name Type Description
parent string (parent name of LogDescriptor) Parent name of ntt.logging.v1alpha2.LogDescriptor
log_descriptor LogDescriptor LogDescriptor resource body
response_mask CreateLogDescriptorRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateLogDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateLogDescriptorRequest Message

A request message of the UpdateLogDescriptor method.

Name Type Description
log_descriptor LogDescriptor LogDescriptor resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateLogDescriptorRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateLogDescriptorRequest.ResponseMask reduce message response size.

UpdateLogDescriptorRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state LogDescriptor Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateLogDescriptorRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteLogDescriptorRequest Message

A request message of the DeleteLogDescriptor method.

Name Type Description
name string (name of LogDescriptor) Name of ntt.logging.v1alpha2.LogDescriptor
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Logging Service Shared Methods and Messages

Logging Service Shared Messages

Here is the list of Logging service shared messages:

LabelDescriptor Message

Name Type Description
key string The label key.
description string Label description

LabelKeySet Message

LabelKeySet is used for defining PromotedLabelKeySets

Name Type Description
label_keys repeated string

LogDescriptorChange Message

LogDescriptorChange is used by Watch notifications Responses to describe change of single LogDescriptor One of Added, Modified, Removed

Name Type Description
added LogDescriptorChange.Added Added is returned when watched document is added, either created or enters Query view
modified LogDescriptorChange.Modified Modified is returned when watched document is modified
current LogDescriptorChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed LogDescriptorChange.Removed Removed is returned when LogDescriptor is deleted or leaves Query view

LogDescriptorChange.Added Message

LogDescriptor has been added to query view

Name Type Description
log_descriptor LogDescriptor
view_index int32 Integer describing index of added LogDescriptor in resulting query view.

LogDescriptorChange.Current Message

LogDescriptor has been added or modified in a query view. Version used for stateless watching

Name Type Description
log_descriptor LogDescriptor

LogDescriptorChange.Modified Message

LogDescriptor changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of LogDescriptor) Name of modified LogDescriptor
log_descriptor LogDescriptor New version of LogDescriptor or masked difference, depending on mask_changes instrumentation of issued [WatchLogDescriptorRequest] or [WatchLogDescriptorsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified LogDescriptor. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying LogDescriptor new index in resulting query view.

LogDescriptorChange.Removed Message

Removed is returned when LogDescriptor is deleted or leaves Query view

Name Type Description
name string (name of LogDescriptor)
view_index int32 Integer specifying removed LogDescriptor index. Not populated in stateless watch type.

TimeInterval Message

A time interval extending just after a start time through an end time. If the start time is the same as the end time, then the interval represents a single point in time.

Name Type Description
end_time .google.protobuf.Timestamp Optional - end of the time interval. If not provided, current time will be assumed.
start_time .google.protobuf.Timestamp Required. The beginning of the time interval. The start time must not be later than the end time.

7 - SPEKTRA Edge Proxies Service API

Understanding the Proxies service API.

The Proxies service provides an easy way to establish secure tunnels between your clients, which helps your applications running in different locations to communicate with each other.

The Proxy service component relationship.

The Proxy service component relationship.

The main problem with establishing connections between two clients in different locations on the internet is that it’s not always easy to reach out to the other client through firewalls and NATs in between. Most home networks are protected by NATs and you usually have to implement a VPN network to set up a peer-to-peer connection.

The Proxies service provides clients with a meet-up endpoint for clients to establish client-initiated connections and stitches two connections to make an end-to-end connection between two clients. Because all connections are client-initiated, NAT and firewalls won’t cause any connection problems.

While the Proxies service provides only a framework to establish connections between clients, you can implement your own use cases on top of that such as tunnels for remote commands, which is how the Devices service utilizes the Proxies service, and TCP port forwarding just like the ZTNA service work with the Proxies service.

Full API Specifications (with resources):

Resources

Tunnels

A Tunnel is an end-to-end connection between two clients. It is built with two client-initiated gRPC sessions to our meet-up endpoint on the cloud to avoid problems caused by firewalls and NATs. As a tunnel works as a bare data stream just like a normal TCP connection, you can implement any protocol on top of it.

Tunnel Brokers

A tunnel broker is a part of the service backend, it provides a mechanism for establishing tunnels between consumers and providers.

Tunnel Consumers

A tunnel consumer is one of the end clients that connects with the broker to establish a tunnel with the selected provider.

Tunnel Providers

A tunnel provider is connecting to a broker (registration), and then passively waits for consumers to connect to it.

Code Samples

Ping/Pong over Tunnel

Let’s create a simple ping/pong service where consumers send Ping messages, and then Providers return Pong messages.

First, define a struct that implements provider.ServiceFactory.

import provider "github.com/cloudwan/edgelq/proxies/provider/v1"

type PingService struct {
	closed chan struct{} // will be closed when Close() is called
	called chan struct{}
}

// Start is called when a new tunnel is established.
// You can initialize your service here, but
func (s *PingService) Start(ctx context.Context) error {
	s.closed = make(chan struct{}, 0)
	s.called = make(chan struct{}, 1)
}

// Send is called when the Consumer sends data to the Consumer.
func (s *PingService) Send(data []byte) error {
	if string(data) != "PING" {
		return fmt.Errorf("unexpected message received")
	}

	select {
		case s.called <- stcut{}{}:
			// asked to Recv() to send Pong
		case <- s.closed:
			it's being closed, give up
	}
	return nil
}

// Recv is called to receive message from the service.
func (s *PingService) Recv() ([]byte, error) {
	select {
		case <- s.called:
			return []byte("PONG"), nil
		case <- s.closed:
			return nil, fmt.Error("service is closing")
	}
}

// Close is called when the connection is going to be closed.
func (s *PingService) Close() error {
	close(s.closed)
}

Then, create a Provider with the service.

import (
	broker "github.com/cloudwan/edgelq/proxies/client/v1/broker"
	provider "github.com/cloudwan/edgelq/proxies/provider/v1"
	project "github.com/cloudwan/edgelq/proxies/resources/v1/project"
)

var client proxcbroker.BrokerServiceClient // setup a client

// List of services (we have only one at this moment).
services := map[string]provider.ServiceFactory{
	"ping": func(ctx context.Context, arg []byte) (provider.Service, error) {
		return NewPingService(), nil
	},
}

// Create a Provider
provier := provider.NewProvider(
	project.NewNameBuilder().SetId("YourProjectID").Name(),
	"my-first-provider-id",
	"us-west2",
	"ping.edgelq.com",
	services,
)

// Run it.
provider.Run(ctx, client)

Now your Ping service is “Provided”.

Next, let’s consume the service as a Consumer.

import (
	broker "github.com/cloudwan/edgelq/proxies/client/v1/broker"
)

var client proxcbroker.BrokerServiceClient // setup a client

// define an “Outlet” that implements Recv() and Send()

type PingOutlet struct {
	sent bool
}

// Send writes data from the other end to the Outlet.
func (o *PingOutlet) Send(data []byte) error {
	fmt.Printf(Received: %s\n, string(data))
}

// Recv outputs data from the Outlet
func (o *PingOutlet) Recv() ([]byte, error) {
	if o.sent {
		Return nil, io.EOF
    }
	o.sent = true
	return []byte(PING), nil
}

err := consumer.Connect(
	context.Background(),
	client,
	proxrproject.NewNameBuilder().SetId("YourProjectID").Name(),
	"my-first-consumer-id",
	"us-west2",
	"ping.edgelq.com",
	"my-first-provider-id", // provider ID to connect to
	"ping", // service name
	nil, // no initial arg
	PingOutlet{},
)

7.1 -

Understanding the proxies.edgelq.com service APIv1, in proto package ntt.proxies.v1.

Service proxies.edgelq.com in version v1, proto package ntt.proxies.v1

Here is the list of resources supported in Proxies service APIv1:

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

Connect Method

Connect

rpc Connect(ConnectRequest) returns (ConnectResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.connect

The equivalent REST API is:

POST /v1:connect

Listen Method

Listen

rpc Listen(ListenRequest) returns (ListenResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.listen

The equivalent REST API is:

POST /v1:listen

Accept Method

Accept

rpc Accept(AcceptRequest) returns (AcceptResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.accept

The equivalent REST API is:

POST /v1:accept

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
multi_region_policy MultiRegionPolicy Multi region policy defines in which region all kid resources (and their kids) will by default belong and cross-region syncing policies.

ConnectRequest Message

Request message for method [Connect][ntt.proxies.v1.Connect]

Name Type Description
open_request ConnectRequest.OpenRequest The initiation message to open a channel to a device.
resume_request ConnectRequest.ResumeRequest Attempt to resume stream of data
ack Ack ACK message
data Data Any data sent to the device through the endpoint.
close Close
error Error
ping Ping

ConnectRequest.OpenRequest Message

Name Type Description
project string (name of Project)
region_id string Region ID to connect to
service_domain string Service domain (for example devices.edgelq.com) for this provider.
provider_name string name to connect to - must match to name value passed in ListenRequest
name string Name of the connecting client
service string Service to connect
arg bytes Initial argument (optional)
return_not_available bool If true, ConnectResponse will contain NotAvailableLocally in response instead of NotFound/OutOfRange. This is used so far internally between servers. TODO: This is temporary flag, till we migrate all clients to shard-aware ones: Client can probe what core endpoint owns given shard number for provider_name. Then it can, and should connect directly there, without setting this flag.

ConnectRequest.ResumeRequest Message

Name Type Description
project string (name of Project)
region_id string Region ID to connect to
service_domain string Service domain (for example devices.edgelq.com) for this provider.
provider_name string name to connect to - must match to name value passed in ListenRequest
name string Name of the connecting client
session_id uint64
channel_id uint64
last_message_id uint64
return_not_available bool If true, ConnectResponse will contain NotAvailableLocally in response instead of NotFound/OutOfRange. This is used so far internally between servers. TODO: This is temporary flag, till we migrate all clients to shard-aware ones: Client can probe what core endpoint owns given shard number for provider_name. Then it can, and should connect directly there, without setting this flag.

ConnectResponse Message

Response message for method [Connect][ntt.proxies.v1.Connect]

Name Type Description
open_response ConnectResponse.OpenResponse Notification from the agent (endpoint) to the channel has been opened.
resume_response ConnectResponse.ResumeResponse
channel_open_error ConnectResponse.ChannelOpenError
ack Ack ACK message
data Data Any data from the device (endpoint) to the client.
close Close
error Error
pong Pong
not_available_locally ConnectResponse.NotAvailableLocally Informs that provider is not available locally. This is sent instead of open_response/resume_response if

ConnectResponse.NotAvailableLocally Message

Name Type Description
none none none

ConnectResponse.OpenResponse Message

Name Type Description
session_id uint64
channel_id uint64

ConnectResponse.ResumeResponse Message

Name Type Description
session_id uint64
channel_id uint64
last_message_id uint64

ConnectResponse.ChannelOpenError Message

Name Type Description
channel_id uint64 ID of the channel failed to open.
message string Error message.

ListenRequest Message

Request message for method [Listen][ntt.proxies.v1.Listen]

Name Type Description
open_request ListenRequest.OpenRequest This is a hello message from the agent with its name.
resume_request ListenRequest.ResumeRequest
channel_open_error ListenRequest.ChannelOpenError When the agent failed to open a requested channel, this message will be sent from the agent to the endpoint.
ping Ping

ListenRequest.OpenRequest Message

Name Type Description
project string (name of Project)
region_id string
service_domain string Service domain (for example devices.edgelq.com) for this provider.
name string The self-declared device name, used for authentication/authorization.

ListenRequest.ResumeRequest Message

Name Type Description
project string (name of Project)
region_id string
service_domain string Service domain (for example devices.edgelq.com) for this provider.
name string The self-declared device name, used for authentication/authorization.
session_id uint64

ListenRequest.ChannelOpenError Message

Name Type Description
channel_id uint64 ID of the channel failed to open.
message string Error message.

ListenResponse Message

Response message for method [Listen][ntt.proxies.v1.Listen]

Name Type Description
listening ListenResponse.Listening
open_channel_response ListenResponse.OpenChannelResponse Notifies a new channel has been requested by a client.
resume_channel_response ListenResponse.ResumeChannelResponse Notifies a channel was asked to be resumed by a client
pong Pong

ListenResponse.Listening Message

Name Type Description
session_id uint64

ListenResponse.OpenChannelResponse Message

Name Type Description
channel_id uint64 Channel ID
service string Device service;
arg bytes Initial argument (optional)

ListenResponse.ResumeChannelResponse Message

Name Type Description
channel_id uint64 Channel ID
service string Device service;
arg bytes Initial argument (optional)
last_message_id uint64

AcceptRequest Message

Request message for method [Accept][ntt.proxies.v1.Accept]

Name Type Description
open_request AcceptRequest.OpenRequest Registers a new socket on the endpoint.
resume_request AcceptRequest.ResumeRequest
data Data Data from the agent to the endpoint (client).
ack Ack ACK message
close Close
error Error
ping Ping

AcceptRequest.OpenRequest Message

Name Type Description
project string (name of Project)
region_id string
service_domain string Service domain (for example devices.edgelq.com) for this provider.
name string Name, to be authenticated/authorized.
session_id uint64
channel_id uint64 Channel ID, requested by the endpoint in the ChannelRequested message.

AcceptRequest.ResumeRequest Message

Name Type Description
project string (name of Project)
region_id string
service_domain string Service domain (for example devices.edgelq.com) for this provider.
name string Name, to be authenticated/authorized.
session_id uint64
channel_id uint64 Channel ID, requested by the endpoint in the ChannelRequested message.
last_message_id uint64

AcceptResponse Message

Response message for method [Accept][ntt.proxies.v1.Accept]

Name Type Description
data Data Data from the endpoint (client) to the agent.
ack Ack ACK message
close Close
error Error
pong Pong

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.proxies.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.proxies.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.proxies.v1.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Proxies Service Shared Methods and Messages

Proxies Service Shared Messages

Here is the list of Proxies service shared messages:

Ack Message

Name Type Description
id uint64

Close Message

Name Type Description
id uint64

Data Message

Name Type Description
id uint64
bytes bytes
ack_required bool

Error Message

Name Type Description
id uint64
message string

Ping Message

Name Type Description
none none none

Pong Message

Name Type Description
none none none

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

7.2 -

Understanding the proxies.edgelq.com service APIv1alpha2, in proto package ntt.proxies.v1alpha2.

Service proxies.edgelq.com in version v1alpha2, proto package ntt.proxies.v1alpha2

Here is the list of resources supported in Proxies service APIv1alpha2:

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

Connect Method

Connect

rpc Connect(ConnectRequest) returns (ConnectResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.connect

The equivalent REST API is:

POST /v1alpha2:connect

Listen Method

Listen

rpc Listen(ListenRequest) returns (ListenResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.listen

The equivalent REST API is:

POST /v1alpha2:listen

Accept Method

Accept

rpc Accept(AcceptRequest) returns (AcceptResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.accept

The equivalent REST API is:

POST /v1alpha2:accept

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1alpha2/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1alpha2/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1alpha2/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1alpha2/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1alpha2/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/proxies.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
metadata Meta Metadata
multi_region_policy MultiRegionPolicy Multi region policy

ConnectRequest Message

Request message for method [Connect][ntt.proxies.v1alpha2.Connect]

Name Type Description
open_request ConnectRequest.OpenRequest The initiation message to open a channel to a device.
resume_request ConnectRequest.ResumeRequest Attempt to resume stream of data
ack Ack ACK message
data Data Any data sent to the device through the endpoint.
close Close
error Error
ping Ping

ConnectRequest.OpenRequest Message

Name Type Description
project string (name of Project)
region_id string
name string
provider_name string name to connect.
service string Device service
arg bytes Initial argument (optional)

ConnectRequest.ResumeRequest Message

Name Type Description
project string (name of Project)
region_id string
name string
provider_name string name to connect.
session_id uint64
channel_id uint64
last_message_id uint64

ConnectResponse Message

Response message for method [Connect][ntt.proxies.v1alpha2.Connect]

Name Type Description
open_response ConnectResponse.OpenResponse Notification from the agent (endpoint) to the channel has been opened.
resume_response ConnectResponse.ResumeResponse
channel_open_error ConnectResponse.ChannelOpenError
ack Ack ACK message
data Data Any data from the device (endpoint) to the client.
close Close
error Error
pong Pong

ConnectResponse.OpenResponse Message

Name Type Description
session_id uint64
channel_id uint64

ConnectResponse.ResumeResponse Message

Name Type Description
session_id uint64
channel_id uint64
last_message_id uint64

ConnectResponse.ChannelOpenError Message

Name Type Description
channel_id uint64 ID of the channel failed to open.
message string Error message.

ListenRequest Message

Request message for method [Listen][ntt.proxies.v1alpha2.Listen]

Name Type Description
open_request ListenRequest.OpenRequest This is a hello message from the agent with its name.
resume_request ListenRequest.ResumeRequest
channel_open_error ListenRequest.ChannelOpenError When the agent failed to open a requested channel, this message will be sent from the agent to the endpoint.
ping Ping

ListenRequest.OpenRequest Message

Name Type Description
project string (name of Project)
region_id string
name string The self-declared device name, used for authentication/authorization.

ListenRequest.ResumeRequest Message

Name Type Description
project string (name of Project)
region_id string
name string The self-declared device name, used for authentication/authorization.
session_id uint64

ListenRequest.ChannelOpenError Message

Name Type Description
channel_id uint64 ID of the channel failed to open.
message string Error message.

ListenResponse Message

Response message for method [Listen][ntt.proxies.v1alpha2.Listen]

Name Type Description
listening ListenResponse.Listening
open_channel_response ListenResponse.OpenChannelResponse Notifies a new channel has been requested by a client.
resume_channel_response ListenResponse.ResumeChannelResponse Notifies a channel was asked to be resumed by a client
pong Pong

ListenResponse.Listening Message

Name Type Description
session_id uint64

ListenResponse.OpenChannelResponse Message

Name Type Description
channel_id uint64 Channel ID
service string Device service;
arg bytes Initial argument (optional)

ListenResponse.ResumeChannelResponse Message

Name Type Description
channel_id uint64 Channel ID
service string Device service;
arg bytes Initial argument (optional)
last_message_id uint64

AcceptRequest Message

Request message for method [Accept][ntt.proxies.v1alpha2.Accept]

Name Type Description
open_request AcceptRequest.OpenRequest Registers a new socket on the endpoint.
resume_request AcceptRequest.ResumeRequest
data Data Data from the agent to the endpoint (client).
ack Ack ACK message
close Close
error Error
ping Ping

AcceptRequest.OpenRequest Message

Name Type Description
project string (name of Project)
region_id string
name string Name, to be authenticated/authorized.
session_id uint64
channel_id uint64 Channel ID, requested by the endpoint in the ChannelRequested message.

AcceptRequest.ResumeRequest Message

Name Type Description
project string (name of Project)
region_id string
name string Name, to be authenticated/authorized.
session_id uint64
channel_id uint64 Channel ID, requested by the endpoint in the ChannelRequested message.
last_message_id uint64

AcceptResponse Message

Response message for method [Accept][ntt.proxies.v1alpha2.Accept]

Name Type Description
data Data Data from the endpoint (client) to the agent.
ack Ack ACK message
close Close
error Error
pong Pong

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.proxies.v1alpha2.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.proxies.v1alpha2.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.proxies.v1alpha2.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Proxies Service Shared Methods and Messages

Proxies Service Shared Messages

Here is the list of Proxies service shared messages:

Ack Message

Name Type Description
id uint64

Close Message

Name Type Description
id uint64

Data Message

Name Type Description
id uint64
bytes bytes
ack_required bool

Error Message

Name Type Description
id uint64
message string

Ping Message

Name Type Description
none none none

Pong Message

Name Type Description
none none none

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

8 - SPEKTRA Edge Secrets Service API

Understanding the Secrets service API.

Secrets service’s task is to securely store customer’s application secrets.

Encryption and decryption are done on the server side, which means that all secrets are only stored as encrypted entries in the database.

Full API Specifications (with resources):

Resources

Secrets

A secret is responsible for handling a single secret, which contains:

  • Name
  • EncData, encrypted data, protected by role-bindings (read-checks), stored only in the database
  • Data, data to be store as a secret.

During the secret creation, data is taken from the Data field, encrypted using the given encryption function, and then the output encrypted bytes are being saved under the EncData field while the Data field is erased.

Decryption is done similarly but the other way around.

Secrets are regional concept, meaning that only a single region holds its decryption keys.

Secrets storage and retrieval

Secrets service introduces additional commands to decrypt and encrypt data using Secret.

Sample query to list encoded secrets:

cuttle secrets list secrets -o json

Sample query to create a secret:

cuttle secrets create secret {SECRET_ID} \
  --region {REGION_ID} --project {PROJECT_ID} \
  –-data {JSON_DATA}

Sample query to decrypt a secret:

cuttle secrets get secret {SECRET_NAME} -o json

Secrets can also be decrypted with BatchGet method. Secrets will not be encrypted with collection-type methods, like ListSecrets.

8.1 -

Understanding the secrets.edgelq.com service APIv1, in proto package ntt.secrets.v1.

Service secrets.edgelq.com in version v1, proto package ntt.secrets.v1

Here is the list of resources supported in Secrets service APIv1:

CryptoKey Resource

CryptoKey Resource

Name patterns:

  • projects/{project}/regions/{region}/cryptoKeys/{crypto_key}

Parent resources:

This section covers the methods and messages to interact with CryptoKey resource.

CryptoKey Methods

Here is the list of CryptoKey resource methods:

GetCryptoKey Method

GetCryptoKey

rpc GetCryptoKey(GetCryptoKeyRequest) returns (CryptoKey)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/cryptoKeys.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/cryptoKeys/*}

BatchGetCryptoKeys Method

BatchGetCryptoKeys

rpc BatchGetCryptoKeys(BatchGetCryptoKeysRequest) returns (BatchGetCryptoKeysResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/cryptoKeys.batchGet

The equivalent REST API is:

GET /v1/cryptoKeys:batchGet

ListCryptoKeys Method

ListCryptoKeys

rpc ListCryptoKeys(ListCryptoKeysRequest) returns (ListCryptoKeysResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/cryptoKeys.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/cryptoKeys

WatchCryptoKey Method

WatchCryptoKey

rpc WatchCryptoKey(WatchCryptoKeyRequest) returns (WatchCryptoKeyResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/cryptoKeys.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/cryptoKeys/*}:watch

WatchCryptoKeys Method

WatchCryptoKeys

rpc WatchCryptoKeys(WatchCryptoKeysRequest) returns (WatchCryptoKeysResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/cryptoKeys.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/cryptoKeys:watch

DeleteCryptoKey Method

DeleteCryptoKey

rpc DeleteCryptoKey(DeleteCryptoKeyRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/cryptoKeys.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/cryptoKeys/*}

CryptoKey Messages

Here is the list of CryptoKey resource messages:

CryptoKey Message

Name Type Description
name string (name of CryptoKey) Name of CryptoKey When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
key string

GetCryptoKeyRequest Message

A request message of the GetCryptoKey method.

Name Type Description
name string (name of CryptoKey) Name of ntt.secrets.v1.CryptoKey
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetCryptoKeysRequest Message

A request message of the BatchGetCryptoKeys method.

Name Type Description
names repeated string (name of CryptoKey) Names of CryptoKeys
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetCryptoKeysResponse Message

A response message of the BatchGetCryptoKeys method.

Name Type Description
crypto_keys repeated CryptoKey found CryptoKeys
missing repeated string (name of CryptoKey) list of not found CryptoKeys

ListCryptoKeysRequest Message

A request message of the ListCryptoKeys method.

Name Type Description
parent string (parent name of CryptoKey) Parent name of ntt.secrets.v1.CryptoKey
page_size int32 Requested page size. Server may return fewer CryptoKeys than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of CryptoKey) A token identifying a page of results the server should return. Typically, this is the value of ListCryptoKeysResponse.next_page_token.
order_by string (orderBy of CryptoKey) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of CryptoKey) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListCryptoKeysResponse Message

A response message of the ListCryptoKeys method.

Name Type Description
crypto_keys repeated CryptoKey The list of CryptoKeys
prev_page_token string (cursor of CryptoKey) A token to retrieve previous page of results. Pass this value in the ListCryptoKeysRequest.page_token.
next_page_token string (cursor of CryptoKey) A token to retrieve next page of results. Pass this value in the ListCryptoKeysRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total CryptoKeys across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchCryptoKeyRequest Message

A request message of the WatchCryptoKey method.

Name Type Description
name string (name of CryptoKey) Name of ntt.secrets.v1.CryptoKey
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchCryptoKeyResponse Message

A response message of the WatchCryptoKey method.

Name Type Description
change CryptoKeyChange

WatchCryptoKeysRequest Message

A request message of the WatchCryptoKeys method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of CryptoKey) Parent name of ntt.secrets.v1.CryptoKey
page_size int32 Requested page size. Server may return fewer CryptoKeys than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of CryptoKey) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of CryptoKey) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of CryptoKey) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to CryptoKey that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to CryptoKey that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchCryptoKeysResponse Message

A response message of the WatchCryptoKeys method.

Name Type Description
crypto_key_changes repeated CryptoKeyChange Changes of CryptoKeys
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All CryptoKeys will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchCryptoKeysResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (CryptoKeys will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchCryptoKeysResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of CryptoKey) New token to retrieve previous page of results.
next_page_token string (cursor of CryptoKey) New token to retrieve next page of results.

DeleteCryptoKeyRequest Message

A request message of the DeleteCryptoKey method.

Name Type Description
name string (name of CryptoKey) Name of ntt.secrets.v1.CryptoKey
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
multi_region_policy MultiRegionPolicy Multi region policy defines in which region all kid resources (and their kids) will by default belong and cross-region syncing policies.

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.secrets.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.secrets.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.secrets.v1.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Secret Resource

Secret Resource

Name patterns:

  • projects/{project}/regions/{region}/secrets/{secret}

Parent resources:

This section covers the methods and messages to interact with Secret resource.

Secret Methods

Here is the list of Secret resource methods:

GetSecret Method

GetSecret

rpc GetSecret(GetSecretRequest) returns (Secret)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/secrets/*}

BatchGetSecrets Method

BatchGetSecrets

rpc BatchGetSecrets(BatchGetSecretsRequest) returns (BatchGetSecretsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.batchGet

The equivalent REST API is:

GET /v1/secrets:batchGet

ListSecrets Method

ListSecrets

rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/secrets

WatchSecret Method

WatchSecret

rpc WatchSecret(WatchSecretRequest) returns (WatchSecretResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/secrets/*}:watch

WatchSecrets Method

WatchSecrets

rpc WatchSecrets(WatchSecretsRequest) returns (WatchSecretsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/secrets:watch

CreateSecret Method

CreateSecret

rpc CreateSecret(CreateSecretRequest) returns (Secret)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/secrets (BODY: secret)

UpdateSecret Method

UpdateSecret

rpc UpdateSecret(UpdateSecretRequest) returns (Secret)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.update

The equivalent REST API is:

PUT /v1/{secret.name=projects/*/regions/*/secrets/*} (BODY: secret)

DeleteSecret Method

DeleteSecret

rpc DeleteSecret(DeleteSecretRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/secrets/*}

Secret Messages

Here is the list of Secret resource messages:

Secret Message

Name Type Description
name string (name of Secret) Name of Secret When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display name of Secret
description string Optional. A detailed description of the Secret.
enc_data bytes masked by read_checks. Database only.
data map<string, string> Data to store as secret. Must be base64 encoded.

GetSecretRequest Message

A request message of the GetSecret method.

Name Type Description
name string (name of Secret) Name of ntt.secrets.v1.Secret
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetSecretsRequest Message

A request message of the BatchGetSecrets method.

Name Type Description
names repeated string (name of Secret) Names of Secrets
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetSecretsResponse Message

A response message of the BatchGetSecrets method.

Name Type Description
secrets repeated Secret found Secrets
missing repeated string (name of Secret) list of not found Secrets

ListSecretsRequest Message

A request message of the ListSecrets method.

Name Type Description
parent string (parent name of Secret) Parent name of ntt.secrets.v1.Secret
page_size int32 Requested page size. Server may return fewer Secrets than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Secret) A token identifying a page of results the server should return. Typically, this is the value of ListSecretsResponse.next_page_token.
order_by string (orderBy of Secret) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Secret) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListSecretsResponse Message

A response message of the ListSecrets method.

Name Type Description
secrets repeated Secret The list of Secrets
prev_page_token string (cursor of Secret) A token to retrieve previous page of results. Pass this value in the ListSecretsRequest.page_token.
next_page_token string (cursor of Secret) A token to retrieve next page of results. Pass this value in the ListSecretsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Secrets across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchSecretRequest Message

A request message of the WatchSecret method.

Name Type Description
name string (name of Secret) Name of ntt.secrets.v1.Secret
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchSecretResponse Message

A response message of the WatchSecret method.

Name Type Description
change SecretChange

WatchSecretsRequest Message

A request message of the WatchSecrets method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Secret) Parent name of ntt.secrets.v1.Secret
page_size int32 Requested page size. Server may return fewer Secrets than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Secret) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Secret) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Secret) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Secret that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Secret that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchSecretsResponse Message

A response message of the WatchSecrets method.

Name Type Description
secret_changes repeated SecretChange Changes of Secrets
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Secrets will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchSecretsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Secrets will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchSecretsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Secret) New token to retrieve previous page of results.
next_page_token string (cursor of Secret) New token to retrieve next page of results.

CreateSecretRequest Message

A request message of the CreateSecret method.

Name Type Description
parent string (parent name of Secret) Parent name of ntt.secrets.v1.Secret
secret Secret Secret resource body
response_mask CreateSecretRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateSecretRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateSecretRequest Message

A request message of the UpdateSecret method.

Name Type Description
secret Secret Secret resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateSecretRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateSecretRequest.ResponseMask reduce message response size.

UpdateSecretRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Secret Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateSecretRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteSecretRequest Message

A request message of the DeleteSecret method.

Name Type Description
name string (name of Secret) Name of ntt.secrets.v1.Secret
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Secrets Service Shared Methods and Messages

Secrets Service Shared Messages

Here is the list of Secrets service shared messages:

CryptoKeyChange Message

CryptoKeyChange is used by Watch notifications Responses to describe change of single CryptoKey One of Added, Modified, Removed

Name Type Description
added CryptoKeyChange.Added Added is returned when watched document is added, either created or enters Query view
modified CryptoKeyChange.Modified Modified is returned when watched document is modified
current CryptoKeyChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed CryptoKeyChange.Removed Removed is returned when CryptoKey is deleted or leaves Query view

CryptoKeyChange.Added Message

CryptoKey has been added to query view

Name Type Description
crypto_key CryptoKey
view_index int32 Integer describing index of added CryptoKey in resulting query view.

CryptoKeyChange.Current Message

CryptoKey has been added or modified in a query view. Version used for stateless watching

Name Type Description
crypto_key CryptoKey

CryptoKeyChange.Modified Message

CryptoKey changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of CryptoKey) Name of modified CryptoKey
crypto_key CryptoKey New version of CryptoKey or masked difference, depending on mask_changes instrumentation of issued [WatchCryptoKeyRequest] or [WatchCryptoKeysRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified CryptoKey. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying CryptoKey new index in resulting query view.

CryptoKeyChange.Removed Message

Removed is returned when CryptoKey is deleted or leaves Query view

Name Type Description
name string (name of CryptoKey)
view_index int32 Integer specifying removed CryptoKey index. Not populated in stateless watch type.

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

SecretChange Message

SecretChange is used by Watch notifications Responses to describe change of single Secret One of Added, Modified, Removed

Name Type Description
added SecretChange.Added Added is returned when watched document is added, either created or enters Query view
modified SecretChange.Modified Modified is returned when watched document is modified
current SecretChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed SecretChange.Removed Removed is returned when Secret is deleted or leaves Query view

SecretChange.Added Message

Secret has been added to query view

Name Type Description
secret Secret
view_index int32 Integer describing index of added Secret in resulting query view.

SecretChange.Current Message

Secret has been added or modified in a query view. Version used for stateless watching

Name Type Description
secret Secret

SecretChange.Modified Message

Secret changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Secret) Name of modified Secret
secret Secret New version of Secret or masked difference, depending on mask_changes instrumentation of issued [WatchSecretRequest] or [WatchSecretsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Secret. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Secret new index in resulting query view.

SecretChange.Removed Message

Removed is returned when Secret is deleted or leaves Query view

Name Type Description
name string (name of Secret)
view_index int32 Integer specifying removed Secret index. Not populated in stateless watch type.

8.2 -

Understanding the secrets.edgelq.com service APIv1alpha2, in proto package ntt.secrets.v1alpha2.

Service secrets.edgelq.com in version v1alpha2, proto package ntt.secrets.v1alpha2

Here is the list of resources supported in Secrets service APIv1alpha2:

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1alpha2/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1alpha2/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1alpha2/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1alpha2/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1alpha2/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
metadata Meta Metadata
multi_region_policy MultiRegionPolicy Multi region policy

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.secrets.v1alpha2.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.secrets.v1alpha2.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.secrets.v1alpha2.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Secret Resource

Secret Resource

Name patterns:

  • projects/{project}/secrets/{secret}

Parent resources:

This section covers the methods and messages to interact with Secret resource.

Secret Methods

Here is the list of Secret resource methods:

GetSecret Method

GetSecret

rpc GetSecret(GetSecretRequest) returns (Secret)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.get

The equivalent REST API is:

GET /v1alpha2/{name=projects/*/secrets/*}

BatchGetSecrets Method

BatchGetSecrets

rpc BatchGetSecrets(BatchGetSecretsRequest) returns (BatchGetSecretsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.batchGet

The equivalent REST API is:

GET /v1alpha2/secrets:batchGet

ListSecrets Method

ListSecrets

rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.list

The equivalent REST API is:

GET /v1alpha2/{parent=projects/*}/secrets

WatchSecret Method

WatchSecret

rpc WatchSecret(WatchSecretRequest) returns (WatchSecretResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.watch

The equivalent REST API is:

POST /v1alpha2/{name=projects/*/secrets/*}:watch

WatchSecrets Method

WatchSecrets

rpc WatchSecrets(WatchSecretsRequest) returns (WatchSecretsResponse)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.watch

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/secrets:watch

CreateSecret Method

CreateSecret

rpc CreateSecret(CreateSecretRequest) returns (Secret)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.create

The equivalent REST API is:

POST /v1alpha2/{parent=projects/*}/secrets (BODY: secret)

UpdateSecret Method

UpdateSecret

rpc UpdateSecret(UpdateSecretRequest) returns (Secret)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.update

The equivalent REST API is:

PUT /v1alpha2/{secret.name=projects/*/secrets/*} (BODY: secret)

DeleteSecret Method

DeleteSecret

rpc DeleteSecret(DeleteSecretRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/secrets.edgelq.com/permissions/secrets.delete

The equivalent REST API is:

DELETE /v1alpha2/{name=projects/*/secrets/*}

Secret Messages

Here is the list of Secret resource messages:

Secret Message

Name Type Description
name string (name of Secret) Name of Secret When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9-]{0,28}[a-z0-9]
enc_data bytes masked by read_checks. Database only.
data map<string, string> Data to store as secret. Must be base64 encoded.
metadata Meta Metadata

GetSecretRequest Message

A request message of the GetSecret method.

Name Type Description
name string (name of Secret) Name of ntt.secrets.v1alpha2.Secret
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetSecretsRequest Message

A request message of the BatchGetSecrets method.

Name Type Description
names repeated string (name of Secret) Names of Secrets
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetSecretsResponse Message

A response message of the BatchGetSecrets method.

Name Type Description
secrets repeated Secret found Secrets
missing repeated string (name of Secret) list of not found Secrets

ListSecretsRequest Message

A request message of the ListSecrets method.

Name Type Description
parent string (parent name of Secret) Parent name of ntt.secrets.v1alpha2.Secret
page_size int32 Requested page size. Server may return fewer Secrets than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Secret) A token identifying a page of results the server should return. Typically, this is the value of ListSecretsResponse.next_page_token.
order_by string (orderBy of Secret) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Secret) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListSecretsResponse Message

A response message of the ListSecrets method.

Name Type Description
secrets repeated Secret The list of Secrets
prev_page_token string (cursor of Secret) A token to retrieve previous page of results. Pass this value in the ListSecretsRequest.page_token.
next_page_token string (cursor of Secret) A token to retrieve next page of results. Pass this value in the ListSecretsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Secrets across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchSecretRequest Message

A request message of the WatchSecret method.

Name Type Description
name string (name of Secret) Name of ntt.secrets.v1alpha2.Secret
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchSecretResponse Message

A response message of the WatchSecret method.

Name Type Description
change SecretChange

WatchSecretsRequest Message

A request message of the WatchSecrets method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Secret) Parent name of ntt.secrets.v1alpha2.Secret
page_size int32 Requested page size. Server may return fewer Secrets than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Secret) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Secret) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Secret) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Secret that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Secret that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchSecretsResponse Message

A response message of the WatchSecrets method.

Name Type Description
secret_changes repeated SecretChange Changes of Secrets
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Secrets will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchSecretsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Secrets will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchSecretsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Secret) New token to retrieve previous page of results.
next_page_token string (cursor of Secret) New token to retrieve next page of results.

CreateSecretRequest Message

A request message of the CreateSecret method.

Name Type Description
parent string (parent name of Secret) Parent name of ntt.secrets.v1alpha2.Secret
secret Secret Secret resource body
response_mask CreateSecretRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateSecretRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateSecretRequest Message

A request message of the UpdateSecret method.

Name Type Description
secret Secret Secret resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateSecretRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateSecretRequest.ResponseMask reduce message response size.

UpdateSecretRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Secret Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateSecretRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteSecretRequest Message

A request message of the DeleteSecret method.

Name Type Description
name string (name of Secret) Name of ntt.secrets.v1alpha2.Secret
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

Secrets Service Shared Methods and Messages

Secrets Service Shared Messages

Here is the list of Secrets service shared messages:

ProjectChange Message

ProjectChange is used by Watch notifications Responses to describe change of single Project One of Added, Modified, Removed

Name Type Description
added ProjectChange.Added Added is returned when watched document is added, either created or enters Query view
modified ProjectChange.Modified Modified is returned when watched document is modified
current ProjectChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed ProjectChange.Removed Removed is returned when Project is deleted or leaves Query view

ProjectChange.Added Message

Project has been added to query view

Name Type Description
project Project
view_index int32 Integer describing index of added Project in resulting query view.

ProjectChange.Current Message

Project has been added or modified in a query view. Version used for stateless watching

Name Type Description
project Project

ProjectChange.Modified Message

Project changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Project) Name of modified Project
project Project New version of Project or masked difference, depending on mask_changes instrumentation of issued [WatchProjectRequest] or [WatchProjectsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Project. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Project new index in resulting query view.

ProjectChange.Removed Message

Removed is returned when Project is deleted or leaves Query view

Name Type Description
name string (name of Project)
view_index int32 Integer specifying removed Project index. Not populated in stateless watch type.

SecretChange Message

SecretChange is used by Watch notifications Responses to describe change of single Secret One of Added, Modified, Removed

Name Type Description
added SecretChange.Added Added is returned when watched document is added, either created or enters Query view
modified SecretChange.Modified Modified is returned when watched document is modified
current SecretChange.Current Current is returned in stateless watch when document enters query view or is modified within.
removed SecretChange.Removed Removed is returned when Secret is deleted or leaves Query view

SecretChange.Added Message

Secret has been added to query view

Name Type Description
secret Secret
view_index int32 Integer describing index of added Secret in resulting query view.

SecretChange.Current Message

Secret has been added or modified in a query view. Version used for stateless watching

Name Type Description
secret Secret

SecretChange.Modified Message

Secret changed some of it’s fields - contains either full document or masked change

Name Type Description
name string (name of Secret) Name of modified Secret
secret Secret New version of Secret or masked difference, depending on mask_changes instrumentation of issued [WatchSecretRequest] or [WatchSecretsRequest]
field_mask .google.protobuf.FieldMask Used when mask_changes is set, contains field paths of modified properties.
previous_view_index int32 Previous view index specifies previous position of modified Secret. When modification doesn’t affect sorted order, value will remain identical to [view_index].
view_index int32 Integer specifying Secret new index in resulting query view.

SecretChange.Removed Message

Removed is returned when Secret is deleted or leaves Query view

Name Type Description
name string (name of Secret)
view_index int32 Integer specifying removed Secret index. Not populated in stateless watch type.

9 - SPEKTRA Edge Devices Service API

Understanding the Devices service API.

Devices service manages the edge devices connecting to the SPEKTRA Edge system. The service is typically operated by a user with the device-operator role or a higher.

Full API Specifications (with resources):

Device Management (Device Resources)

Devices on SPEKTRA Edge have their information managed by Device resources. Configuration values and status information for each device are stored in the Device resource. This resource is used by the agent running on the device where the SPEKTRA Edge OS is installed.

Devices are usually managed by being tied to a service account. When the actual SPEKTRA Edge device boots, the agent in the device connects to the Devices service using the stored service account. By using the service account associated with the device resource, it determines which device resource to download configuration values from and stores status information for that device resource.

The simplest Device resource can be created with the following command; since the Device resource is a Project scope resource, the Project must be specified for creation.

## Create a device with ID DEVICE
## display name is "Test Device
cuttle devices create device --project $PROJECT \
  --display-name "Test Device" \
  $DEVICE

Device Metrics

The SPEKTRA Edge device periodically reports hardware metrics information (e.g., CPU utilization), which is stored as time-series data on the Monitoring service; see the Monitoring chapter for instructions on how to use the Monitoring service.

Device Logs

Logging from an SPEKTRA Edge device can be done in two ways: logs from the point of command execution can be streamed in real time via the SPEKTRA Edge controller, or logs sent by the device can be stored in the SPEKTRA Edge backend and retrieved from there as needed. The other is to store the logs sent by the device in the SPEKTRA Edge backend and retrieve the logs from there as needed.

To use the former real-time device logs, use the command:

cuttle devices logs --follow`

In this case, the system logs from the time the command was executed (as described in /var/log/syslog) can be obtained without any additional configuration.

cuttle devices logs --follow $DEVICE

The latter, which stores logs in the SPEKTRA Edge backend and retrieves data from it, requires prior configuration to enable the feature. This feature is currently available without additional subscription, but may be paid for in the future. Log data is stored for up to 90 days.

To perform logging, set the spec.loggingConfig field in the Device resource.

cuttle devices update device $DEVICE_ID \
  --update-mask spec.loggingConfig \
  --spec '{"loggingConfig": {"enableJournalExport": true, "priority":7}}'
Field Description
enableJournalExpor Set to ture to save logs.
priority Set the Priority (level) of logs to be retrieved. Possible values are 1 to 7, according to the Priority of Journald (0 - emergency, 1 - alert, 2 - critical, 3 - error, 4 - warning, 5 - notice,6 - informational, 7 - debug). If a higher Priority is specified, all logs of the lower Priority will also be collected (setting 7 means all logs will be collected).
units Specifies the Systemd unit names of logs to be retrieved. If not specified, logs of all units are acquired. It is omitted in the above example. If you want to use it, add the value to spec.loggingConfig using the following example.

To get docker.service and droplet.service only:

{"units": ["docker.service", "droplet.service"]}

Use the cuttle devices logs --archival command to retrieve the stored logs.

    cuttle devices logs --archival --since 60 $DEVICE_ID
Options Description
--since Specifies when to start logging in seconds. If 60 is used as in the example, logs will be taken from one minute ago to the present.

Remote terminal access to SPEKTRA Edge devices

SPEKTRA Edge devices provide remote terminal access as standard.

For macOS and Linux environments

In macOS and Linux environments, the cuttle command can be used to remotely login to a device. The cuttle devices ssh command is used for terminal access. The argument of the command is the value of NAME as displayed in cuttle devices list devices.

The following is an example of access when NAME is projects/$PROJECT/regions/eu1/devices/test-device.

cuttle devices ssh projects/$PROJECT/regions/eu1/devices/test-device

For Windows environment

The cuttle devices ssh command cannot be used as-is in a Windows environment due to technical limitations. Please refer to the official Microsoft documentation on how to install WSL2.

Port forwarding with SPEKTRA Edge devices

To use a device with SPEKTRA Edge OS installed as a “jump box”, use the cuttle devices forward-port command.

The following example forwards local port 8080 to port 80 on 192.168.10.1 using the device projects/$PROJECT/regions/eu1/devices/test-device as a jump box. With this command running, open localhost:8080 in your web browser to access 192.168.10.1:80 (you will normally see the home gateway operation screen).

cuttle devices forward-port \
  projects/$PROJECT/regions/eu1/devices/test-device \
  8080 tcp://192.168.10.1:80/

Device Auto-registration Settings (Provisioning Policy)

Device resources can be created individually by users, but this can be complicated if there are many devices. To solve this problem, a mechanism to automatically register devices can be used.

The Provisioning Policy resource is a resource that stores settings for auto-registering devices. When an SPEKTRA Edge device with a Provisioning Policy set is booted, a corresponding Device resource is automatically created based on the settings.

Like the Device resource, the SPEKTRA Edge device identifies a Provisioning Policy tied to it using a service account. See the “Provisioning SPEKTRA Edge Devices” section for specific instructions for tying service accounts.

The following example is a cuttle command that creates a new Provisioning Policy.

cuttle devices create provisioning-policy \
  --project $PROJECT \
  --spec '{"mode": "UNATTENDED", \
           "identityFieldPaths": ["status.deviceInfo.hardwareInformation.system.serialNumber"]}' \
  test-provisioning-policy
Field Description
.spec.mode Specifies the registration mode. You can select either UNATTENDED (fully automatic) or MANUAL (with approval). When the registration mode is MANUAL, a Provisioning Approval Request resource is created for approval instead of a Device resource when a new SPEKTRA Edge device is started.
.spec.identityFieldPaths Sets the field used to recognize identical devices. If this field is not set, a Device resource will be created each time the same hardware makes multiple registration requests (for example, when an SD card is remade). By setting this field to include a serial number, an existing Device resource can be reused if a request is made by hardware with the same serial number.

Device resource template values

The Provisioning Policy generates a Device resource for each new hardware. At this time, by setting a value in the Provisioning Policy’s spec.template, it is possible to automatically set the value of the Device resource to be generated.

The following example shows the configuration of a Provisioning Policy when labels and log settings are automatically configured for the generated Device resource.

cuttle devices create provisioning-policy \
  --project $PROJECT \
  --spec '{"mode": "UNATTENDED", \
           "identityFieldPaths": ["status.deviceInfo.hardwareInformation.system.serialNumber"], \
           "template": {"metadata": {"labels": {"device": "raspberry-pi"}}, \
                        "spec": {"loggingConfig": {"priority":7, \
                                                   "enableJournalExport":true}}}}' \
  test-provisioning-policy

SPEKTRA Edge Device Provisioning

Download SPEKTRA Edge OS image

SPEKTRA Edge OS can be downloaded from the following URL. Note that the files used depend on the architecture of the hardware used. Currently, amd64 (x86) or Raspberry Pi 4 are supported.

The image of version 2.1.0 can be downloaded from the following URL

SPEKTRA Edge OS Image Customization

The SPEKTRA Edge OS provided to the public does not contain information tied to a specific Project. Therefore, to automate provisioning, the OS image must be customized and a configuration file must be inserted.

Create a configuration (Provisioning Policy) for automatic registration

Create a Provisioning Policy on the Devices endpoint to configure how new devices will be registered with the system. When a new device is registered with the system, a Device resource is created for each device based on the settings in this resource.

cuttle devices create provisioning-policy \
  --project $PROJECT \
  --spec '{"mode": "UNATTENDED", \
           "identityFieldPaths": ["status.deviceInfo.hardwareInformation.system.serialNumber"]}' \
  test-provisioning-policy

Generate service account and key for Provisioning Policy

In order for a new device to register using the above Provisioning Policy, it must use the service account (and its key) associated with the applicable Provisioning Policy.

The following command generates a service account and stores the downloaded key in /tmp. The jq command is used to format some values.

cuttle devices provision-service-account-to-provisioning-policy \
  -o json \
  provisioning-policy \
  --name projects/$PROJECT/regions/us-west2/provisioningPolicies/test-provisioning-policy | \
jq .serviceAccount > /tmp/service_accont_key.json

Customize image files

Customize the downloaded SPEKTRA Edge OS image using the following command. This command must be used with sudo on Linux.

sudo -E cuttle os edit \
  --image-file lqd_1.0.2.raw
  --password $PASSWORD \
  --endpoint-domain stg01b.edgelq.com \
  --project-service-account-key /tmp/service_accont_key.json

The main options available with the cuttle os edit command are

Options Description
--password Password to use for terminal login.
--endpoint-domain The endpoint domain to connect to. You do not need to specify this if you are using a commercial environment. In the above example, the staging environment is set as the connection destination.
--project-service-account-key The service account key generated by the above method.
--disk-mapping Specify a configuration file to mount internal HDD or SSD.
--ntp Specify the configuration file for NTP server.
--network-agent Specifies the network configuration file.

--disk-mapping: disk mapping file

The disk mapping file is written in YAML format and is configured when using HDDs or SSDs other than the boot media. If you use only boot media, you do not need to specify this option.

The file contents are largely divided into diskmappings and bindmounts, the former being partition mount settings and the latter being bind mount settings.

The diskmappings specifies which disk (disk) and where (mountpoint) it should be mounted. If the partition is unformatted, it will be automatically formatted using the specified size (size) and file system (filesystem). Note that if you specify -1 for the size option, all available space will be used, but only for the tailmost partition.

The bindmounts lists which directories (mountsource) are to be bind-mounted where (mountpoint).

Below is the default disk mapping file for x86 devices. By default, the tailmost EDGELQ_DATA partition is expanded to its maximum size at SPEKTRA Edge OS startup. Also, /var/lib/docker, /var/lib/droplet, and /var/log are bind-mounted in /isodevice/data where EDGELQ_DATA is mounted, so that files stored in these directories will be boot persistent in the media.

Note that the default disk mapping file has different settings for each platform. For example, the Raspberry Pi requires a separate partition to store firmware, etc., so a dedicated setting is used.

diskmappings:
  - disk: /dev/disk/by-partlabel/EDGELQ_DATA
    mountpoint: /isodevice/data
    size: -1
    filesystem: ext4
  - disk: /dev/disk/by-partlabel/EDGELQ_ISOS
    mountpoint: /isodevice/isos
    filesystem: ext4
  - disk: /dev/disk/by-partlabel/EDGELQ_BOOT
    mountpoint: /isodevice/boot
    filesystem: ext4
bindmounts:
  - mountsource: /isodevice/data/docker
    mountpoint: /var/lib/docker
  - mountsource: /isodevice/data/droplet
    mountpoint: /var/lib/droplet
  - mountsource: /isodevice/data/log
    mountpoint: /var/log

--network-agent: network configuration file

The network configuration file is the Netplan configuration file. The default configuration file has DHCP enabled, so there is no need to specify this option if static IP or WiFi settings are not required.

The following is the default configuration file.

network:
  version: 2
  renderer: networkd
  ethernets:
    default-en:
      match:
        name: en*
      dhcp4: yes
    default-eth:
      match:
        name: eth*
      dhcp4: yes

Static IP Configuration Example

The following configuration example sets 192.168.1.30/24 for the eth0 interface.

network:
  version: 2
  renderer: networkd
  ethernets:
    enp2s0:
      dhcp4: no
      addresses: [192.168.1.30/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses: [192.168.1.1]

Example of WiFi setup

The following setup connects the wlan0 interface to the NTT-WIFI network (SSID) using WIFI-PASSWORD as the password.

network:
  version: 2
  renderer: networkd
  wifis:
    wlan0:
      dhcp4: yes
      access-points:
        "NTT-WIFI":
          password: "WIFI-PASSWORD"

Please refer to the Netplan manual for other possible settings (some settings are not supported).

--ntp: NTP configuration file

The NTP configuration file is the systemd-timesyncd configuration file. Specify this option if you want to use an NTP server other than the default.

For information on how to write the configuration file, see man timesyncd.conf or Arch Linux website.

If the NTP server is not properly configured, the SPEKTRA Edge OS and applications running on it may stop working. If a TLS (HTTPS) certificate verification error occurs, make sure that the NTP server is properly configured and that the system clock is not out of sync.

Write SPEKTRA Edge OS to media

Image files can be written to media with any application.

On Linux, for example, you can use the dd command (replacing sdX with the appropriate device name).

sudo dd if=lqd_1.0.2.raw of=/dev/sdX

In a Windows environment, Raspberry Pi Imager or Balena Etcher can also be used.

SPEKTRA Edge Device Startup

The media on which the customized OS image is written can be used as boot media without modification. When the device is booted while connected to the network, it is automatically registered to the SPEKTRA Edge controller.

The list of registered devices can be viewed with the following command

cuttle devices list devices --project $PROJECT

Hardware update procedure

This section describes how the operation is performed in the event of a hardware failure, assuming that the device has been provisioned using a Provisioning Policy, and that the relevant Provisioning Policy has a Deduplication Field with a serial number set.

How to respond to hardware failure

Hardware failure can be divided into two categories: failure of the boot media (SD card or USB memory) on which the SPEKTRA Edge OS is installed, and failure of the hardware itself (such as the Raspberry Pi). Depending on which of these two elements is being replaced, the method of response will vary.

If only the hardware is replaced and the OS media is identical

Insert the existing boot media into the new hardware and boot. In this case, the service account information remaining on the boot media takes precedence over the serial number, so the existing Device resource is used as is (the resource serial number is overwritten).

If the hardware is identical and only the OS media is replaced

Point the new boot media to the existing hardware to boot. In this case, the new boot media does not have a service account to identify the Device resource, so the serial number is used to identify the existing Device resource. Since there is no change in the serial number on the same hardware, the existing Device resource will be used.

When replacing both hardware and OS media

If both are replaced at the same time, a new Device resource will be created since there is no way to identify the existing Device resource. To avoid this behavior, perform the following operations on the OS image (after copying the files) before writing to the SD card.

## remove an existing service account
cuttle devices remove-service-account-from-device device --name $DEVICE
## edit the image file (create service account for the device in question and
## write it)
cuttle os edit cuttle os edit \
  --image-file $IMAGE_FILE_NAME \
  --device-name $DEVICE

9.1 -

Understanding the devices.edgelq.com service APIv1, in proto package ntt.devices.v1.

Service devices.edgelq.com in version v1, proto package ntt.devices.v1

Here is the list of resources supported in Devices service APIv1:

CustomizedImage Resource

CustomizedImage Resource

Name patterns:

  • projects/{project}/regions/{region}/customizedImages/{customized_image}

Parent resources:

This section covers the methods and messages to interact with CustomizedImage resource.

CustomizedImage Methods

Here is the list of CustomizedImage resource methods:

GetCustomizedImage Method

GetCustomizedImage

rpc GetCustomizedImage(GetCustomizedImageRequest) returns (CustomizedImage)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/customizedImages/*}

BatchGetCustomizedImages Method

BatchGetCustomizedImages

rpc BatchGetCustomizedImages(BatchGetCustomizedImagesRequest) returns (BatchGetCustomizedImagesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.batchGet

The equivalent REST API is:

GET /v1/customizedImages:batchGet

ListCustomizedImages Method

ListCustomizedImages

rpc ListCustomizedImages(ListCustomizedImagesRequest) returns (ListCustomizedImagesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/customizedImages

WatchCustomizedImage Method

WatchCustomizedImage

rpc WatchCustomizedImage(WatchCustomizedImageRequest) returns (WatchCustomizedImageResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/customizedImages/*}:watch

WatchCustomizedImages Method

WatchCustomizedImages

rpc WatchCustomizedImages(WatchCustomizedImagesRequest) returns (WatchCustomizedImagesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/customizedImages:watch

CreateCustomizedImage Method

CreateCustomizedImage

rpc CreateCustomizedImage(CreateCustomizedImageRequest) returns (CustomizedImage)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/customizedImages (BODY: customized_image)

UpdateCustomizedImage Method

UpdateCustomizedImage

rpc UpdateCustomizedImage(UpdateCustomizedImageRequest) returns (CustomizedImage)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.update

The equivalent REST API is:

PUT /v1/{customized_image.name=projects/*/regions/*/customizedImages/*} (BODY: customized_image)

DeleteCustomizedImage Method

DeleteCustomizedImage

rpc DeleteCustomizedImage(DeleteCustomizedImageRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/customizedImages/*}

RequestUrl Method

RequestUrl

rpc RequestUrl(RequestUrlRequest) returns (RequestUrlResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/customizedImages.requestUrl

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/customizedImages/*}:requestUrl

CustomizedImage Messages

Here is the list of CustomizedImage resource messages:

CustomizedImage Message

Name Type Description
name string (name of CustomizedImage) Name of CustomizedImage When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
spec CustomizedImage.Spec
status CustomizedImage.Status

CustomizedImage.Spec Message

Name Type Description
version string Deprecated. Use os_version instead. After a while, version and device_type are removed and os_version becomes required
device_type string
os_version string (reference to OsVersion)
provisioning_policy string Either provisioning_policy or service_account must be specified
service_account string (reference to ServiceAccount)
service_account_key string (reference to ServiceAccountKey)
password string Password for ‘admin’ user in the image. Please generate it using bcrypt (e.g. mkpasswd --method=bcrypt) and provide the hashed value ref: https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf
encryption bool
encryption_password string Unlike password field, encryption_password must be plain text This field will be set to "" after the image is ready
disk_mapping string
network_agent string
ntp string
http_proxy string
https_proxy string
no_proxy string

CustomizedImage.Status Message

Name Type Description
state CustomizedImage.Status.State State of the image.
log string Error log when state is ERROR.
file string TODO hide this from client
md5sum string base64 encoded

GetCustomizedImageRequest Message

A request message of the GetCustomizedImage method.

Name Type Description
name string (name of CustomizedImage) Name of ntt.devices.v1.CustomizedImage
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetCustomizedImagesRequest Message

A request message of the BatchGetCustomizedImages method.

Name Type Description
names repeated string (name of CustomizedImage) Names of CustomizedImages
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetCustomizedImagesResponse Message

A response message of the BatchGetCustomizedImages method.

Name Type Description
customized_images repeated CustomizedImage found CustomizedImages
missing repeated string (name of CustomizedImage) list of not found CustomizedImages

ListCustomizedImagesRequest Message

A request message of the ListCustomizedImages method.

Name Type Description
parent string (parent name of CustomizedImage) Parent name of ntt.devices.v1.CustomizedImage
page_size int32 Requested page size. Server may return fewer CustomizedImages than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of CustomizedImage) A token identifying a page of results the server should return. Typically, this is the value of ListCustomizedImagesResponse.next_page_token.
order_by string (orderBy of CustomizedImage) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of CustomizedImage) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListCustomizedImagesResponse Message

A response message of the ListCustomizedImages method.

Name Type Description
customized_images repeated CustomizedImage The list of CustomizedImages
prev_page_token string (cursor of CustomizedImage) A token to retrieve previous page of results. Pass this value in the ListCustomizedImagesRequest.page_token.
next_page_token string (cursor of CustomizedImage) A token to retrieve next page of results. Pass this value in the ListCustomizedImagesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total CustomizedImages across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchCustomizedImageRequest Message

A request message of the WatchCustomizedImage method.

Name Type Description
name string (name of CustomizedImage) Name of ntt.devices.v1.CustomizedImage
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchCustomizedImageResponse Message

A response message of the WatchCustomizedImage method.

Name Type Description
change CustomizedImageChange

WatchCustomizedImagesRequest Message

A request message of the WatchCustomizedImages method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of CustomizedImage) Parent name of ntt.devices.v1.CustomizedImage
page_size int32 Requested page size. Server may return fewer CustomizedImages than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of CustomizedImage) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of CustomizedImage) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of CustomizedImage) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to CustomizedImage that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to CustomizedImage that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchCustomizedImagesResponse Message

A response message of the WatchCustomizedImages method.

Name Type Description
customized_image_changes repeated CustomizedImageChange Changes of CustomizedImages
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All CustomizedImages will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchCustomizedImagesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (CustomizedImages will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchCustomizedImagesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of CustomizedImage) New token to retrieve previous page of results.
next_page_token string (cursor of CustomizedImage) New token to retrieve next page of results.

CreateCustomizedImageRequest Message

A request message of the CreateCustomizedImage method.

Name Type Description
parent string (parent name of CustomizedImage) Parent name of ntt.devices.v1.CustomizedImage
customized_image CustomizedImage CustomizedImage resource body
response_mask CreateCustomizedImageRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateCustomizedImageRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateCustomizedImageRequest Message

A request message of the UpdateCustomizedImage method.

Name Type Description
customized_image CustomizedImage CustomizedImage resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateCustomizedImageRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateCustomizedImageRequest.ResponseMask reduce message response size.

UpdateCustomizedImageRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state CustomizedImage Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateCustomizedImageRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteCustomizedImageRequest Message

A request message of the DeleteCustomizedImage method.

Name Type Description
name string (name of CustomizedImage) Name of ntt.devices.v1.CustomizedImage
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

RequestUrlRequest Message

Request message for method [RequestUrl][ntt.devices.v1.RequestUrl]

Name Type Description
name string (name of CustomizedImage) name of ntt.devices.v1.CustomizedImage

RequestUrlResponse Message

Response message for method [RequestUrl][ntt.devices.v1.RequestUrl]

Name Type Description
url string
headers repeated string

CustomizedImage Enumerations

Here is the list of CustomizedImage resource enumerations:

CustomizedImage.Status.State Enumeration

Name Description
STATE_UNSPECIFIED Initial state
IN_PROGRESS Backend is processing the customization request.
ERROR There was an error processing the customization request. Check the parameters and try again.
READY The customized image is ready to download.

Device Resource

Device Resource

Name patterns:

  • projects/{project}/regions/{region}/devices/{device}

Parent resources:

This section covers the methods and messages to interact with Device resource.

Device Methods

Here is the list of Device resource methods:

GetDevice Method

GetDevice

rpc GetDevice(GetDeviceRequest) returns (Device)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/devices/*}

BatchGetDevices Method

BatchGetDevices

rpc BatchGetDevices(BatchGetDevicesRequest) returns (BatchGetDevicesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.batchGet

The equivalent REST API is:

GET /v1/devices:batchGet

ListDevices Method

ListDevices

rpc ListDevices(ListDevicesRequest) returns (ListDevicesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/devices

WatchDevice Method

WatchDevice

rpc WatchDevice(WatchDeviceRequest) returns (WatchDeviceResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/devices/*}:watch

WatchDevices Method

WatchDevices

rpc WatchDevices(WatchDevicesRequest) returns (WatchDevicesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/devices:watch

CreateDevice Method

CreateDevice

rpc CreateDevice(CreateDeviceRequest) returns (Device)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/devices (BODY: device)

UpdateDevice Method

UpdateDevice

rpc UpdateDevice(UpdateDeviceRequest) returns (Device)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.update

The equivalent REST API is:

PUT /v1/{device.name=projects/*/regions/*/devices/*} (BODY: device)

DeleteDevice Method

DeleteDevice

rpc DeleteDevice(DeleteDeviceRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/devices/*}

GetDedicatedEndpoints Method

GetDedicatedEndpoints

rpc GetDedicatedEndpoints(GetDedicatedEndpointsRequest) returns (GetDedicatedEndpointsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.getDedicatedEndpoints

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/devices/*}:getDedicatedEndpoints

ProvisionServiceAccountToDevice Method

ProvisionServiceAccountToDevice

rpc ProvisionServiceAccountToDevice(ProvisionServiceAccountToDeviceRequest) returns (ProvisionServiceAccountToDeviceResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.provisionServiceAccountToDevice

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/devices/*}:provisionServiceAccountToDevice

RemoveServiceAccountFromDevice Method

RemoveServiceAccountFromDevice

rpc RemoveServiceAccountFromDevice(RemoveServiceAccountFromDeviceRequest) returns (RemoveServiceAccountFromDeviceResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.removeServiceAccountFromDevice

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/devices/*}:removeServiceAccountFromDevice

Heartbeat Method

Heartbeat

rpc Heartbeat(HeartbeatMsg) returns (HeartbeatResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.heartbeat

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/devices/*}:heartbeat

ReportDeviceMetrics Method

ReportDeviceMetrics

rpc ReportDeviceMetrics(ReportDeviceMetricsRequest) returns (ReportDeviceMetricsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.reportDeviceMetrics

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/devices/*}:reportDeviceMetrics

ListPublicDevices Method

ListPublicDevices

rpc ListPublicDevices(ListPublicDevicesRequest) returns (ListPublicDevicesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/devices.listPublicDevices

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/devices:listPublicDevices

Device Messages

Here is the list of Device resource messages:

Device Message

Name Type Description
name string (name of Device) Name of Device When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display name for the device
description string Optional. Description of the Device.
spec Device.Spec Spec holds the expected state of the Device, meaning configurations.
status Device.Status Status of the Device reported from the actual device.
public_listing_spec Device.PublicListingSpec

Device.Spec Message

Name Type Description
service_account string (reference to ServiceAccount) The associated service account to the Device. The agents in the device uses a key from this service account when they issue any requests to our endpoints for authoroization and authentication. ProvisionServiceAccountToDevice creates a new service account and a key for the Device and asign the account to this fileld. If you change the value of this field, the existing device would lose the access to the resources in our services, that means you can revoke the permissions from the device. You can manually set an empty value to do so, or call RemoveServiceAccountFromDevice.
log_bucket string (reference to Bucket) Logging bucket associated with device
metrics_bucket string (reference to Bucket) Monitoring metrics bucket associated with device
os_version string The expected OS version in string (e.g. 1.0.2). The device will automatically download the OS image and upgrade itself with it. You can stack the OS upgrade progress in the Condition named OSReady in Status.Conditions.
netplan_yaml_config string
netplan_api_config_mode Device.Spec.NetworkConfigMode
os_image_url string The URL is dynamically constructed once the device is created or updated. The URL will be based on the device hardware information URL format: base_url/dedicated_path/iso_version/architecture/os_type
ssh_config Device.Spec.SSHConfig
attestation_config Device.Spec.AttestationConfig
disable_device_discovery bool Disables the daemon on the device for device auto discovery on the network. When it’s enabled, avahi-daemon is launched on the device which listens at UDP 5353. This daemon is useful to locate the device that acquires an IP address with DHCP.
logging_config Device.Spec.LoggingConfig
proxy_config Device.Spec.ProxyConfig
location Device.Spec.Location
usb_guard Device.Spec.USBGuard
health_checks repeated HealthCheckSpec Custom Health checks for device
disable_network_config_fallback bool If enabled, the default network configuration that was part of the initial disk image will never be used. This needs to be used with caution because clearing this flag would require access to device over console port or by connecting a Monitor to it.

Device.Status Message

Name Type Description
addresses repeated Device.Status.Address List of network addresses.
conditions repeated Device.Status.Condition List of conditions of the Device.
network_config_state Device.Status.NetworkConfigState
proxy_config_status Device.Status.ProxyConfigStatus
device_info Device.Status.DeviceInfo Device detailed information
attestation_status repeated PCR
normalized_address Device.Status.NormalizedAddress Normalized Address.
connection_status Device.Status.ConnectionStatus
connection_status_change_time .google.protobuf.Timestamp Last change of connection_status

Device.PublicListingSpec Message

Name Type Description
enabled bool
field_mask .google.protobuf.FieldMask

Device.Spec.SSHConfig Message

SSHConfig defines the ssh configuration for the Device.

Name Type Description
disable_ssh_server bool
disable_ssh_password bool
ssh_authorized repeated Device.Spec.SSHConfig.AuthKey
ip_allow_list repeated string
ip_deny_list repeated string
reject_period .google.protobuf.Duration
disable_ssh_authkey bool

Device.Spec.AttestationConfig Message

Name Type Description
attestation_expected bool If true, the droplet will try to attest itself.
attestation_domain string (reference to AttestationDomain) Attestation domain for device attestation.

Device.Spec.LoggingConfig Message

Name Type Description
priority int32 Log priority as understood by systemd (0 - emergency, 1 - alert, 2 - critical, 3 - error, 4 - warning, 5 - notice, 6 - informational, 7 - debug). Journal logs with this priority and higher will be uploaded to the server.
units repeated string List of systemd unit names to monitor for logs, e.g. NetworkManager.service, docker.service. Leave empty to export all journald logs.
enable_journal_export bool Whether the journald log exporter is enabled.
container_logging_config Device.Spec.LoggingConfig.ContainerLoggingConfig

Device.Spec.ProxyConfig Message

Name Type Description
http_proxy string
https_proxy string
no_proxy string
proxy_interfaces repeated string By default proxy is applicable for all interfaces configuring proxy_interfaces allows to restrict proxy setting to be used only with specific interfaces At present this is only used for Control Plane (for eg LTE fallback)

Device.Spec.Location Message

Device location of the device.

Name Type Description
address string
placement string

Device.Spec.USBGuard Message

USB Guard. When enable is not set, USB guard service will not be started. When it is enabled, we can specify allowed device white list with WhiteList. Each device can be specified one of Device Name, Device ID or connected port number. We can specify multiple parameter for a device.

Name Type Description
enable bool Enable USB Guard service on the device.
white_list repeated Device.Spec.USBGuard.WhiteList This is array of white list of the USB devices.

Device.Spec.SSHConfig.AuthKey Message

Name Type Description
ssha_key string
cert_authority bool
command string
environment string
from string
no_agent_forwarding bool
no_port_forwarding bool
no_pty bool
no_user_rc bool
no_x11_forwarding bool
permitopen string
principals string
tunnel string
restrict bool

Device.Spec.LoggingConfig.ContainerLoggingConfig Message

Configuration to control how container log export is handled Only enable option is available now

Name Type Description
enable_container_log_export bool Enable container log export. Default is disabled

Device.Spec.USBGuard.Port Message

USB match operator for “via-port”.

Name Type Description
equals repeated string
one_of repeated string

Device.Spec.USBGuard.Interface Message

USB match operator for “with-interface”.

Name Type Description
equals repeated string
one_of repeated string

Device.Spec.USBGuard.WhiteList Message

This is array of white list of the USB devices.

Name Type Description
device_name string USB device name to be allowed to connect.
device_id string USB device id to be allowed to connect.
via_port Device.Spec.USBGuard.Port USB port to be allowed to connect.
with_interface Device.Spec.USBGuard.Interface USB interface to be allowed to connect.
with_connect_type string USB connect type to be allowed to connect.

Device.Status.Address Message

Interface addresses of the Device.

Name Type Description
address string IPv4 or IPv6 address such as 203.0.113.5 (no suffix for subnet)
type string Always InternalIP

Device.Status.Condition Message

Condition holds status of each sub component or module of the device.

Name Type Description
message string The message describes the status.
reason string The reason for the status.
status string The status name.
type string Type name of the status.
last_heart_beat_time .google.protobuf.Timestamp When the status has been updated last time. Deprecated
last_transition_time .google.protobuf.Timestamp When the status has tuned into the current value.

Device.Status.NetworkConfigState Message

Name Type Description
active_network_config_source Device.Status.NetworkConfigState.NetworkConfigSource
desired_network_config_source Device.Status.NetworkConfigState.NetworkConfigSource
desired_network_config_error string
default_netplan_config string
active_netplan_config string
desired_netplan_config string

Device.Status.ProxyConfigStatus Message

Name Type Description
active_config_source Device.Status.ProxyConfigStatus.ProxyConfigSource
desired_config_source Device.Status.ProxyConfigStatus.ProxyConfigSource
proxy_config_error string
default_config Device.Spec.ProxyConfig
active_config Device.Spec.ProxyConfig
api_config Device.Spec.ProxyConfig

Device.Status.DeviceInfo Message

Device Information

Name Type Description
architecture string The architecture of the CPU (and the software compilied for) (e.g. arm64)
hardware string The platform hardware (e.g. raspberry, generic)
operating_system string Base OS name (e.g. Linux)
kernel_version string OS kernel version
os_image string OS base Image name
container_runtime_version string Not used
os_version string Liquid OS version currently used.
driver string Container driver name (e.g. /var/lib/droplet/compose)
hardware_information Device.Status.DeviceInfo.HardwareInformation
network_interfaces map<string, Device.Status.DeviceInfo.NetworkInterface>
control_plane_interface_info Device.Status.DeviceInfo.ControlPlaneInterfaceInfo

Device.Status.NormalizedAddress Message

Name Type Description
postal_code string Postal code
country_code string Country code example US, JP
continent string Continent, e.g. North America, Asia
continent_id string
country string Country name example United States, Japan
country_id string
admin_area1 string Probe Location Administrative Area level 1 name, e.g. California (state), Chiba (prefecture)
admin_area1_id string
admin_area2 string Probe Location Administrative Area level 2 name, e.g. Santa Clara (county), Tateyama (town)
admin_area2_id string
admin_area3 string Probe Location Administrative Area level 3 name, e.g. Sunnyvale (city)
admin_area3_id string
admin_area4 string Probe Location Administrative Area level 4 name, e.g. Sunnyvale (city)
admin_area4_id string
address string Original address.
coordinates .google.type.LatLng coordinates
accuracy double location accuracy in meters

Device.Status.DeviceInfo.HardwareInformation Message

Name Type Description
os Device.Status.DeviceInfo.HardwareInformation.OS
bios Device.Status.DeviceInfo.HardwareInformation.BIOS
system Device.Status.DeviceInfo.HardwareInformation.System
cpu Device.Status.DeviceInfo.HardwareInformation.CPU
block Device.Status.DeviceInfo.HardwareInformation.Block
network Device.Status.DeviceInfo.HardwareInformation.Network
gpu Device.Status.DeviceInfo.HardwareInformation.GPU
memory_info Device.Status.DeviceInfo.HardwareInformation.MemoryInfo
hailo_info Device.Status.DeviceInfo.HardwareInformation.HailoInfo
nvidia_info Device.Status.DeviceInfo.HardwareInformation.NvidiaInfo
modem_status repeated Device.Status.DeviceInfo.HardwareInformation.ModemStatus

Device.Status.DeviceInfo.NetworkInterface Message

Network Interface

Name Type Description
interface_name string
ip_address_v4 repeated string
external_ip_address_v4 repeated string
ip_address_v6 repeated string
external_ip_address_v6 repeated string
as_info Device.Status.DeviceInfo.NetworkInterface.ASInfo Asinfo describes the ISP (ASN) details for the interface This is resolved automatically from the external_ip_address.
carrier Device.Status.DeviceInfo.NetworkInterface.Carrier Carrier.

Device.Status.DeviceInfo.ControlPlaneInterfaceInfo Message

Name Type Description
active_control_plane_interface string
usesProxy bool
is_fallback bool is_fallback would be true if droplet could not connect using the best default route and explicitly uses this interface to connect to api endpoint

Device.Status.DeviceInfo.HardwareInformation.Capability Message

Name Type Description
name string
description string

Device.Status.DeviceInfo.HardwareInformation.OS Message

Name Type Description
operating_system string
kernel_version string
os_image string
container_runtime_version string

Device.Status.DeviceInfo.HardwareInformation.BIOS Message

TODO: Add capabilities and size

Name Type Description
vendor string
bios_version string
release_date string

Device.Status.DeviceInfo.HardwareInformation.System Message

Name Type Description
manufacturer string
product_name string
version string
serial_number string
configuration Device.Status.DeviceInfo.HardwareInformation.System.Configuration

Device.Status.DeviceInfo.HardwareInformation.CPU Message

Name Type Description
processors repeated Device.Status.DeviceInfo.HardwareInformation.CPU.Processor

Device.Status.DeviceInfo.HardwareInformation.Block Message

Name Type Description
disks repeated Device.Status.DeviceInfo.HardwareInformation.Block.Disk

Device.Status.DeviceInfo.HardwareInformation.Network Message

Name Type Description
nics repeated Device.Status.DeviceInfo.HardwareInformation.Network.NIC

Device.Status.DeviceInfo.HardwareInformation.GPU Message

Name Type Description
graphic_cards repeated Device.Status.DeviceInfo.HardwareInformation.GPU.GraphicCard

Device.Status.DeviceInfo.HardwareInformation.PCIDevice Message

Revisit: May be just device ??

Name Type Description
address string
vendor string
product string
name string
subvendor string

Device.Status.DeviceInfo.HardwareInformation.MemoryInfo Message

Name Type Description
description string
size_bytes int64
memory_banks repeated Device.Status.DeviceInfo.HardwareInformation.MemoryInfo.MemoryBank

Device.Status.DeviceInfo.HardwareInformation.HailoInfo Message

Name Type Description
status string
cli_version string
modules repeated Device.Status.DeviceInfo.HardwareInformation.HailoInfo.HailoModuleInfo

Device.Status.DeviceInfo.HardwareInformation.NvidiaInfo Message

Name Type Description
status string
driver_version string
cuda_version string
gpus repeated Device.Status.DeviceInfo.HardwareInformation.NvidiaInfo.GpuInfo

Device.Status.DeviceInfo.HardwareInformation.ModemStatus Message

Name Type Description
modem Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Modem

Device.Status.DeviceInfo.HardwareInformation.System.Configuration Message

Name Type Description
chassis string
uuid string
sku_number string
family string

Device.Status.DeviceInfo.HardwareInformation.CPU.Processor Message

Name Type Description
vendor string
model string
capabilities repeated Device.Status.DeviceInfo.HardwareInformation.Capability
num_threads uint32s
num_cores uint32s
num_enabled_cores uint32s
name string
serial string
frequency_mhz int64
max_frequency_mhz int64
cache_info repeated Device.Status.DeviceInfo.HardwareInformation.CPU.Processor.Cache
driver string
latency int64
clock int64

Device.Status.DeviceInfo.HardwareInformation.CPU.Processor.Cache Message

Name Type Description
type string
size_bytes int64

Device.Status.DeviceInfo.HardwareInformation.Block.Disk Message

Name Type Description
name string
size_bytes int64
drive_type string
vendor string
model string
serial_number string
wwn string
partitions repeated Device.Status.DeviceInfo.HardwareInformation.Block.Disk.Partition

Device.Status.DeviceInfo.HardwareInformation.Block.Disk.Partition Message

Name Type Description
name string
size_bytes int64
mount_point string
type string

Device.Status.DeviceInfo.HardwareInformation.Network.NIC Message

Name Type Description
name string
mac_address string
virtual bool
description string
product_name string
vendor string
subvendor string
setting map<string, string>

Device.Status.DeviceInfo.HardwareInformation.GPU.GraphicCard Message

Name Type Description
index int64
device Device.Status.DeviceInfo.HardwareInformation.PCIDevice

Device.Status.DeviceInfo.HardwareInformation.MemoryInfo.MemoryBank Message

Name Type Description
description string
product string
vendor string
serial string
slot string
size_bytes int64
frequency_hz int64
width_bits int32

Device.Status.DeviceInfo.HardwareInformation.HailoInfo.HailoModuleInfo Message

Name Type Description
dev_id string
control_proto_version string
firmware_version string
logger_version string
board_name string
serial_number string
part_number string
product_name string
neural_network_core_clock_rate string

Device.Status.DeviceInfo.HardwareInformation.NvidiaInfo.GpuInfo Message

Name Type Description
id string
product_name string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.RegistrationSettings Message

Name Type Description
drx_cycle string
mico_mode string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.FiveGNr Message

Name Type Description
registration_settings Device.Status.DeviceInfo.HardwareInformation.ModemStatus.RegistrationSettings

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Settings Message

Name Type Description
apn string
ip_type string
password string
user string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.InitialBearer Message

Name Type Description
dbus_path string
settings Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Settings

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Eps Message

Name Type Description
initial_bearer Device.Status.DeviceInfo.HardwareInformation.ModemStatus.InitialBearer
ue_mode_operation string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.ThreeGpp Message

Name Type Description
fiveg_nr Device.Status.DeviceInfo.HardwareInformation.ModemStatus.FiveGNr
enabled_locks repeated string
eps Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Eps
imei string
operator_code string
operator_name string
packet_service_state string
pco string
registration_state string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Cdma Message

Name Type Description
activation_state string
cdma1x_registration_state string
esn string
evdo_registration_state string
meid string
nid string
sid string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.SignalQuality Message

Name Type Description
recent string
value string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Generic Message

Name Type Description
access_technologies repeated string
bearers repeated string
carrier_configuration string
carrier_configuration_revision string
current_bands repeated string
current_capabilities repeated string
current_modes string
device string
device_identifier string
drivers repeated string
equipment_identifier string
hardware_revision string
manufacturer string
model string
own_numbers repeated string
plugin string
ports repeated string
power_state string
primary_port string
primary_sim_slot string
revision string
signal_quality Device.Status.DeviceInfo.HardwareInformation.ModemStatus.SignalQuality
sim string
sim_slots repeated string
state string
state_failed_reason string
supported_bands repeated string
supported_capabilities repeated string
supported_ip_families repeated string
supported_modes repeated string
unlock_required string
unlock_retries repeated string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.SimStatus Message

Name Type Description
dbus_path string
active string
eid string
emergency_numbers repeated string
esim_status string
gid1 string
gid2 string
iccid string
imsi string
operator_code string
operator_name string
removability string
sim_type string

Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Modem Message

Name Type Description
three_g_pp Device.Status.DeviceInfo.HardwareInformation.ModemStatus.ThreeGpp
cdma Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Cdma
dbus_path string
generic Device.Status.DeviceInfo.HardwareInformation.ModemStatus.Generic
sim_status map<string, Device.Status.DeviceInfo.HardwareInformation.ModemStatus.SimStatus>

Device.Status.DeviceInfo.NetworkInterface.ASInfo Message

Name Type Description
asn string AS Number string example AS7018
name string AS Owner name example AT&T Services, Inc.
domain string Domain name example att.com
routes repeated string Routes exported from this ASN example 12.128.0.0/9
asn_type string ASN Owner type example isp(AT&T) / hosting(google)/ business (Amazon)

Device.Status.DeviceInfo.NetworkInterface.Carrier Message

Name Type Description
name string Mobile network carrier name example AT&T
mobile_country_code string Mobile country code example 214
mobile_network_code string Mobile network code example 7
location_area_code string Mobile location area code example 2862

GetDeviceRequest Message

A request message of the GetDevice method.

Name Type Description
name string (name of Device) Name of ntt.devices.v1.Device
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDevicesRequest Message

A request message of the BatchGetDevices method.

Name Type Description
names repeated string (name of Device) Names of Devices
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDevicesResponse Message

A response message of the BatchGetDevices method.

Name Type Description
devices repeated Device found Devices
missing repeated string (name of Device) list of not found Devices

ListDevicesRequest Message

A request message of the ListDevices method.

Name Type Description
parent string (parent name of Device) Parent name of ntt.devices.v1.Device
page_size int32 Requested page size. Server may return fewer Devices than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Device) A token identifying a page of results the server should return. Typically, this is the value of ListDevicesResponse.next_page_token.
order_by string (orderBy of Device) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Device) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDevicesResponse Message

A response message of the ListDevices method.

Name Type Description
devices repeated Device The list of Devices
prev_page_token string (cursor of Device) A token to retrieve previous page of results. Pass this value in the ListDevicesRequest.page_token.
next_page_token string (cursor of Device) A token to retrieve next page of results. Pass this value in the ListDevicesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Devices across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeviceRequest Message

A request message of the WatchDevice method.

Name Type Description
name string (name of Device) Name of ntt.devices.v1.Device
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeviceResponse Message

A response message of the WatchDevice method.

Name Type Description
change DeviceChange

WatchDevicesRequest Message

A request message of the WatchDevices method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of Device) Parent name of ntt.devices.v1.Device
page_size int32 Requested page size. Server may return fewer Devices than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Device) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Device) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Device) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Device that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Device that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDevicesResponse Message

A response message of the WatchDevices method.

Name Type Description
device_changes repeated DeviceChange Changes of Devices
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Devices will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDevicesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Devices will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDevicesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Device) New token to retrieve previous page of results.
next_page_token string (cursor of Device) New token to retrieve next page of results.

CreateDeviceRequest Message

A request message of the CreateDevice method.

Name Type Description
parent string (parent name of Device) Parent name of ntt.devices.v1.Device
device Device Device resource body
response_mask CreateDeviceRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateDeviceRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateDeviceRequest Message

A request message of the UpdateDevice method.

Name Type Description
device Device Device resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateDeviceRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateDeviceRequest.ResponseMask reduce message response size.

UpdateDeviceRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Device Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateDeviceRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteDeviceRequest Message

A request message of the DeleteDevice method.

Name Type Description
name string (name of Device) Name of ntt.devices.v1.Device
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetDedicatedEndpointsRequest Message

A request message of the [GetDedicatedEndpoints][ntt.devices.v1.GetDedicatedEndpoints]

Name Type Description
name string (name of Device)

GetDedicatedEndpointsResponse Message

Response message for method [GetDedicatedEndpoints][ntt.devices.v1.GetDedicatedEndpoints]

Name Type Description
endpoints repeated string

ProvisionServiceAccountToDeviceRequest Message

Request message for method [ProvisionServiceAccountToDevice][ntt.devices.v1.ProvisionServiceAccountToDevice]

Name Type Description
name string (name of Device) Name of Device to provision service account. This method automatically generates a service account and a key for the device and assign the key to .Spec.ServiceAccount
external_pubkey string external public key to use for service account for this device. If not present, a keypair will be generated by the server.

ProvisionServiceAccountToDeviceResponse Message

Response message for method [ProvisionServiceAccountToDevice][ntt.devices.v1.ProvisionServiceAccountToDevice]

Name Type Description
service_account ServiceAccount The service account generated by the endpoint. Save the private key included.

RemoveServiceAccountFromDeviceRequest Message

Request message for method [RemoveServiceAccountFromDevice][ntt.devices.v1.RemoveServiceAccountFromDevice]

Name Type Description
name string (name of Device) Name of the Device to remove its service account The service account and the key will be automatically deleted as well when they have been generated automatically by ProvisionServiceAccountToDevice action. Otherwise, the service account will be kept intact. The device will lost the access to the resources in the project.

RemoveServiceAccountFromDeviceResponse Message

Response message for method [RemoveServiceAccountFromDevice][ntt.devices.v1.RemoveServiceAccountFromDevice]

Name Type Description
none none none

HeartbeatMsg Message

Name Type Description
name string (name of Device)
register HeartbeatMsg.Register
heartbeat HeartbeatMsg.Heartbeat

HeartbeatMsg.Register Message

Name Type Description
none none none

HeartbeatMsg.Heartbeat Message

Name Type Description
none none none

HeartbeatResponse Message

Name Type Description
desired_heartbeat_interval .google.protobuf.Duration

ReportDeviceMetricsRequest Message

A request message of the ReportDeviceMetrics method.

Name Type Description
name string (name of Device) device_name abd region_id are required in first message for streaming
display_name string
serial_number string
device_metrics DeviceMetrics

ReportDeviceMetricsResponse Message

Name Type Description
new_time_series_headers repeated TimeSerie List of newly seen time series headers with unique binary key observed in corresponding ReportDeviceMetricsRequest.

ListPublicDevicesRequest Message

Request message for method [ListPublicDevices][ntt.devices.v1.ListPublicDevices]

Name Type Description
parent string (parent name of Device) Parent name of ntt.devices.v1.Device
page_size int32 Requested page size. Server may return fewer Devices than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Device) A token identifying a page of results the server should return. Typically, this is the value of [ListDevicesResponse.next_page_token][ntt.devices.v1.ListDevicesResponse.next_page_token]
order_by string (orderBy of Device) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Device) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be requested on top of those defined by request field View.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

ListPublicDevicesResponse Message

Response message for method [ListPublicDevices][ntt.devices.v1.ListPublicDevices]

Name Type Description
devices repeated Device The list of Devices
prev_page_token string (cursor of Device) A token to retrieve previous page of results. Pass this value in the [ListDevicesRequest.page_token][ntt.devices.v1.ListDevicesRequest.page_token]
next_page_token string (cursor of Device) A token to retrieve next page of results. Pass this value in the [ListDevicesRequest.page_token][ntt.devices.v1.ListDevicesRequest.page_token]

Device Enumerations

Here is the list of Device resource enumerations:

Device.Spec.NetworkConfigMode Enumeration

MERGE or REPLACE the api netplan_config with the baked in config in the device. REPLACE - The desired configuration must be input in full. The default config in disk will not be used. MERGE - Replaces level keys such as ethernet, modems, wifis etc that are defined in API config. Merge makes it easier to add new types of configuration - for example if the default configuration does not have wifis, it is easier to just add wifi config alone in API and use config mode merge. However, if the goal is to add to or replace a specific configuration in a section that already exists in the default configuration, then the API config should have the entire section and not just the changes for example if the default config on disk has eno1, eno2 under ethernet section and the goal is to replace the eno2 on disk, then the API configuration should specify both eno1 and eno2. This is because the merge mode still replaces whole sections that are defined in the API config

Name Description
MERGE
REPLACE

Device.Status.ConnectionStatus Enumeration

Name Description
CONNECTION_STATUS_UNSPECIFIED
CONNECTED
DISCONNECTED

Device.Status.NetworkConfigState.NetworkConfigSource Enumeration

Name Description
UNKNOWN
DEFAULT_CONFIG
API_CONFIG
MERGED_DEFAULT_AND_API_CONFIG
PREVIOUS_MERGED_DEFAULT_AND_API_CONFIG
PREVIOUS_API_CONFIG

Device.Status.ProxyConfigStatus.ProxyConfigSource Enumeration

Name Description
NO_CONFIG
DEFAULT_CONFIG
API_CONFIG

DeviceDistributionCounter Resource

DeviceDistributionCounter Resource

Name patterns:

  • projects/{project}/regions/{region}/deviceDistributionCounters/{device_distribution_counter}

Parent resources:

This section covers the methods and messages to interact with DeviceDistributionCounter resource.

DeviceDistributionCounter Methods

Here is the list of DeviceDistributionCounter resource methods:

GetDeviceDistributionCounter Method

GetDeviceDistributionCounter

rpc GetDeviceDistributionCounter(GetDeviceDistributionCounterRequest) returns (DeviceDistributionCounter)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceDistributionCounters.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/deviceDistributionCounters/*}

BatchGetDeviceDistributionCounters Method

BatchGetDeviceDistributionCounters

rpc BatchGetDeviceDistributionCounters(BatchGetDeviceDistributionCountersRequest) returns (BatchGetDeviceDistributionCountersResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceDistributionCounters.batchGet

The equivalent REST API is:

GET /v1/deviceDistributionCounters:batchGet

ListDeviceDistributionCounters Method

ListDeviceDistributionCounters

rpc ListDeviceDistributionCounters(ListDeviceDistributionCountersRequest) returns (ListDeviceDistributionCountersResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceDistributionCounters.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/deviceDistributionCounters

WatchDeviceDistributionCounter Method

WatchDeviceDistributionCounter

rpc WatchDeviceDistributionCounter(WatchDeviceDistributionCounterRequest) returns (WatchDeviceDistributionCounterResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceDistributionCounters.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/deviceDistributionCounters/*}:watch

WatchDeviceDistributionCounters Method

WatchDeviceDistributionCounters

rpc WatchDeviceDistributionCounters(WatchDeviceDistributionCountersRequest) returns (WatchDeviceDistributionCountersResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceDistributionCounters.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/deviceDistributionCounters:watch

DeviceDistributionCounter Messages

Here is the list of DeviceDistributionCounter resource messages:

DeviceDistributionCounter Message

Name Type Description
name string (name of DeviceDistributionCounter) Name of DeviceDistributionCounter When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
total_count int64
online_count int64

GetDeviceDistributionCounterRequest Message

A request message of the GetDeviceDistributionCounter method.

Name Type Description
name string (name of DeviceDistributionCounter) Name of ntt.devices.v1.DeviceDistributionCounter
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceDistributionCountersRequest Message

A request message of the BatchGetDeviceDistributionCounters method.

Name Type Description
names repeated string (name of DeviceDistributionCounter) Names of DeviceDistributionCounters
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceDistributionCountersResponse Message

A response message of the BatchGetDeviceDistributionCounters method.

Name Type Description
device_distribution_counters repeated DeviceDistributionCounter found DeviceDistributionCounters
missing repeated string (name of DeviceDistributionCounter) list of not found DeviceDistributionCounters

ListDeviceDistributionCountersRequest Message

A request message of the ListDeviceDistributionCounters method.

Name Type Description
parent string (parent name of DeviceDistributionCounter) Parent name of ntt.devices.v1.DeviceDistributionCounter
page_size int32 Requested page size. Server may return fewer DeviceDistributionCounters than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of DeviceDistributionCounter) A token identifying a page of results the server should return. Typically, this is the value of ListDeviceDistributionCountersResponse.next_page_token.
order_by string (orderBy of DeviceDistributionCounter) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of DeviceDistributionCounter) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDeviceDistributionCountersResponse Message

A response message of the ListDeviceDistributionCounters method.

Name Type Description
device_distribution_counters repeated DeviceDistributionCounter The list of DeviceDistributionCounters
prev_page_token string (cursor of DeviceDistributionCounter) A token to retrieve previous page of results. Pass this value in the ListDeviceDistributionCountersRequest.page_token.
next_page_token string (cursor of DeviceDistributionCounter) A token to retrieve next page of results. Pass this value in the ListDeviceDistributionCountersRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total DeviceDistributionCounters across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeviceDistributionCounterRequest Message

A request message of the WatchDeviceDistributionCounter method.

Name Type Description
name string (name of DeviceDistributionCounter) Name of ntt.devices.v1.DeviceDistributionCounter
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeviceDistributionCounterResponse Message

A response message of the WatchDeviceDistributionCounter method.

Name Type Description
change DeviceDistributionCounterChange

WatchDeviceDistributionCountersRequest Message

A request message of the WatchDeviceDistributionCounters method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of DeviceDistributionCounter) Parent name of ntt.devices.v1.DeviceDistributionCounter
page_size int32 Requested page size. Server may return fewer DeviceDistributionCounters than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of DeviceDistributionCounter) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of DeviceDistributionCounter) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of DeviceDistributionCounter) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to DeviceDistributionCounter that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to DeviceDistributionCounter that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDeviceDistributionCountersResponse Message

A response message of the WatchDeviceDistributionCounters method.

Name Type Description
device_distribution_counter_changes repeated DeviceDistributionCounterChange Changes of DeviceDistributionCounters
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All DeviceDistributionCounters will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDeviceDistributionCountersResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (DeviceDistributionCounters will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDeviceDistributionCountersResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of DeviceDistributionCounter) New token to retrieve previous page of results.
next_page_token string (cursor of DeviceDistributionCounter) New token to retrieve next page of results.

DeviceHardware Resource

DeviceHardware Resource

Name patterns:

  • projects/{project}/regions/{region}/deviceHardwares/{device_hardware}

Parent resources:

This section covers the methods and messages to interact with DeviceHardware resource.

DeviceHardware Methods

Here is the list of DeviceHardware resource methods:

GetDeviceHardware Method

GetDeviceHardware

rpc GetDeviceHardware(GetDeviceHardwareRequest) returns (DeviceHardware)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/deviceHardwares/*}

BatchGetDeviceHardwares Method

BatchGetDeviceHardwares

rpc BatchGetDeviceHardwares(BatchGetDeviceHardwaresRequest) returns (BatchGetDeviceHardwaresResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.batchGet

The equivalent REST API is:

GET /v1/deviceHardwares:batchGet

ListDeviceHardwares Method

ListDeviceHardwares

rpc ListDeviceHardwares(ListDeviceHardwaresRequest) returns (ListDeviceHardwaresResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/deviceHardwares

WatchDeviceHardware Method

WatchDeviceHardware

rpc WatchDeviceHardware(WatchDeviceHardwareRequest) returns (WatchDeviceHardwareResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/deviceHardwares/*}:watch

WatchDeviceHardwares Method

WatchDeviceHardwares

rpc WatchDeviceHardwares(WatchDeviceHardwaresRequest) returns (WatchDeviceHardwaresResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/deviceHardwares:watch

CreateDeviceHardware Method

CreateDeviceHardware

rpc CreateDeviceHardware(CreateDeviceHardwareRequest) returns (DeviceHardware)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/deviceHardwares (BODY: device_hardware)

UpdateDeviceHardware Method

UpdateDeviceHardware

rpc UpdateDeviceHardware(UpdateDeviceHardwareRequest) returns (DeviceHardware)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.update

The equivalent REST API is:

PUT /v1/{device_hardware.name=projects/*/regions/*/deviceHardwares/*} (BODY: device_hardware)

DeleteDeviceHardware Method

DeleteDeviceHardware

rpc DeleteDeviceHardware(DeleteDeviceHardwareRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/deviceHardwares/*}

Deregister Method

Deregister

rpc Deregister(DeregisterRequest) returns (DeregisterResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwares.deregister

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/deviceHardwares/*}:deregister

DeviceHardware Messages

Here is the list of DeviceHardware resource messages:

DeviceHardware Message

Name Type Description
name string (name of DeviceHardware) Name of DeviceHardware When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string
serial_number string
manufacturer string
product_name string Should be in the format “productname (sku)”
mac_address repeated string
sim_iccid string Result of activating sim card, which is specified by associated_sim_card field
imei string
associated_provisioning_policy_name string (reference to ProvisioningPolicy)
associated_device string (reference to Device)
associated_sim_card string (reference to SimCard)
status DeviceHardware.Status

DeviceHardware.Status Message

Name Type Description
provisioning_state DeviceHardware.Status.PROVISIONING_STATE

GetDeviceHardwareRequest Message

A request message of the GetDeviceHardware method.

Name Type Description
name string (name of DeviceHardware) Name of ntt.devices.v1.DeviceHardware
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceHardwaresRequest Message

A request message of the BatchGetDeviceHardwares method.

Name Type Description
names repeated string (name of DeviceHardware) Names of DeviceHardwares
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceHardwaresResponse Message

A response message of the BatchGetDeviceHardwares method.

Name Type Description
device_hardwares repeated DeviceHardware found DeviceHardwares
missing repeated string (name of DeviceHardware) list of not found DeviceHardwares

ListDeviceHardwaresRequest Message

A request message of the ListDeviceHardwares method.

Name Type Description
parent string (parent name of DeviceHardware) Parent name of ntt.devices.v1.DeviceHardware
page_size int32 Requested page size. Server may return fewer DeviceHardwares than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of DeviceHardware) A token identifying a page of results the server should return. Typically, this is the value of ListDeviceHardwaresResponse.next_page_token.
order_by string (orderBy of DeviceHardware) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of DeviceHardware) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDeviceHardwaresResponse Message

A response message of the ListDeviceHardwares method.

Name Type Description
device_hardwares repeated DeviceHardware The list of DeviceHardwares
prev_page_token string (cursor of DeviceHardware) A token to retrieve previous page of results. Pass this value in the ListDeviceHardwaresRequest.page_token.
next_page_token string (cursor of DeviceHardware) A token to retrieve next page of results. Pass this value in the ListDeviceHardwaresRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total DeviceHardwares across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeviceHardwareRequest Message

A request message of the WatchDeviceHardware method.

Name Type Description
name string (name of DeviceHardware) Name of ntt.devices.v1.DeviceHardware
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeviceHardwareResponse Message

A response message of the WatchDeviceHardware method.

Name Type Description
change DeviceHardwareChange

WatchDeviceHardwaresRequest Message

A request message of the WatchDeviceHardwares method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of DeviceHardware) Parent name of ntt.devices.v1.DeviceHardware
page_size int32 Requested page size. Server may return fewer DeviceHardwares than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of DeviceHardware) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of DeviceHardware) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of DeviceHardware) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to DeviceHardware that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to DeviceHardware that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDeviceHardwaresResponse Message

A response message of the WatchDeviceHardwares method.

Name Type Description
device_hardware_changes repeated DeviceHardwareChange Changes of DeviceHardwares
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All DeviceHardwares will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDeviceHardwaresResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (DeviceHardwares will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDeviceHardwaresResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of DeviceHardware) New token to retrieve previous page of results.
next_page_token string (cursor of DeviceHardware) New token to retrieve next page of results.

CreateDeviceHardwareRequest Message

A request message of the CreateDeviceHardware method.

Name Type Description
parent string (parent name of DeviceHardware) Parent name of ntt.devices.v1.DeviceHardware
device_hardware DeviceHardware DeviceHardware resource body
response_mask CreateDeviceHardwareRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateDeviceHardwareRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateDeviceHardwareRequest Message

A request message of the UpdateDeviceHardware method.

Name Type Description
device_hardware DeviceHardware DeviceHardware resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateDeviceHardwareRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateDeviceHardwareRequest.ResponseMask reduce message response size.

UpdateDeviceHardwareRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state DeviceHardware Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateDeviceHardwareRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteDeviceHardwareRequest Message

A request message of the DeleteDeviceHardware method.

Name Type Description
name string (name of DeviceHardware) Name of ntt.devices.v1.DeviceHardware
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

DeregisterRequest Message

Request message for method [Deregister][ntt.devices.v1.Deregister]

Name Type Description
name string (name of DeviceHardware) Name of ntt.devices.v1.DeviceHardware

DeregisterResponse Message

Response message for method [Deregister][ntt.devices.v1.Deregister]

Name Type Description
none none none

DeviceHardware Enumerations

Here is the list of DeviceHardware resource enumerations:

DeviceHardware.Status.PROVISIONING_STATE Enumeration

Name Description
UNKNOWN Hardware was deregistered, so device state cannot be tracked
SIM_ACTIVATING The SIM card is being activated.
CONNECTING The device would be connecting to ZTP as the attached SIM card was activated. If SIM card is not attached, this is the first status. If stuck at this value, provisioning could have failed.
NOT_PROVISIONED Deprecated: This has been replaced by splitting into SIM_ACTIVATING and ZTP_CONNECTING
PROVISIONED Device passed attestation and service account is created Could be either provisioning policy scope for device scope account
REVOKED For device scope onboarding, the device was removed For provisioning policy based onboarding, the provisioning policy was removed

DeviceHardwareRegisterSession Resource

DeviceHardwareRegisterSession Resource

Name patterns:

  • projects/{project}/regions/{region}/deviceHardwareRegisterSessions/{device_hardware_register_session}

Parent resources:

This section covers the methods and messages to interact with DeviceHardwareRegisterSession resource.

DeviceHardwareRegisterSession Methods

Here is the list of DeviceHardwareRegisterSession resource methods:

GetDeviceHardwareRegisterSession Method

GetDeviceHardwareRegisterSession

rpc GetDeviceHardwareRegisterSession(GetDeviceHardwareRegisterSessionRequest) returns (DeviceHardwareRegisterSession)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/deviceHardwareRegisterSessions/*}

BatchGetDeviceHardwareRegisterSessions Method

BatchGetDeviceHardwareRegisterSessions

rpc BatchGetDeviceHardwareRegisterSessions(BatchGetDeviceHardwareRegisterSessionsRequest) returns (BatchGetDeviceHardwareRegisterSessionsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.batchGet

The equivalent REST API is:

GET /v1/deviceHardwareRegisterSessions:batchGet

ListDeviceHardwareRegisterSessions Method

ListDeviceHardwareRegisterSessions

rpc ListDeviceHardwareRegisterSessions(ListDeviceHardwareRegisterSessionsRequest) returns (ListDeviceHardwareRegisterSessionsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/deviceHardwareRegisterSessions

WatchDeviceHardwareRegisterSession Method

WatchDeviceHardwareRegisterSession

rpc WatchDeviceHardwareRegisterSession(WatchDeviceHardwareRegisterSessionRequest) returns (WatchDeviceHardwareRegisterSessionResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/deviceHardwareRegisterSessions/*}:watch

WatchDeviceHardwareRegisterSessions Method

WatchDeviceHardwareRegisterSessions

rpc WatchDeviceHardwareRegisterSessions(WatchDeviceHardwareRegisterSessionsRequest) returns (WatchDeviceHardwareRegisterSessionsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/deviceHardwareRegisterSessions:watch

CreateDeviceHardwareRegisterSession Method

CreateDeviceHardwareRegisterSession

rpc CreateDeviceHardwareRegisterSession(CreateDeviceHardwareRegisterSessionRequest) returns (DeviceHardwareRegisterSession)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/deviceHardwareRegisterSessions (BODY: device_hardware_register_session)

UpdateDeviceHardwareRegisterSession Method

UpdateDeviceHardwareRegisterSession

rpc UpdateDeviceHardwareRegisterSession(UpdateDeviceHardwareRegisterSessionRequest) returns (DeviceHardwareRegisterSession)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.update

The equivalent REST API is:

PUT /v1/{device_hardware_register_session.name=projects/*/regions/*/deviceHardwareRegisterSessions/*} (BODY: device_hardware_register_session)

DeleteDeviceHardwareRegisterSession Method

DeleteDeviceHardwareRegisterSession

rpc DeleteDeviceHardwareRegisterSession(DeleteDeviceHardwareRegisterSessionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/deviceHardwareRegisterSessions/*}

GetDeviceHardwareRegisterSessionFromToken Method

GetDeviceHardwareRegisterSessionFromToken

rpc GetDeviceHardwareRegisterSessionFromToken(GetDeviceHardwareRegisterSessionFromTokenRequest) returns (GetDeviceHardwareRegisterSessionFromTokenResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.getDeviceHardwareRegisterSessionFromToken

The equivalent REST API is:

GET /v1/deviceHardwareRegisterSessions:getDeviceHardwareRegisterSessionFromToken

RegisterHardware Method

RegisterHardware

rpc RegisterHardware(RegisterHardwareRequest) returns (RegisterHardwareResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.registerHardware

The equivalent REST API is:

POST /v1/deviceHardwareRegisterSessions:registerHardware

HardwareStatus Method

HardwareStatus

rpc HardwareStatus(HardwareStatusRequest) returns (HardwareStatusResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceHardwareRegisterSessions.hardwareStatus

The equivalent REST API is:

GET /v1/deviceHardwareRegisterSessions:hardwareStatus

DeviceHardwareRegisterSession Messages

Here is the list of DeviceHardwareRegisterSession resource messages:

DeviceHardwareRegisterSession Message

Name Type Description
name string (name of DeviceHardwareRegisterSession) Name of DeviceHardwareRegisterSession When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
display_name string
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
start_time .google.protobuf.Timestamp Start time, if not set, current time will be used
expiration_time .google.protobuf.Timestamp Expiration time, if not set, will be set to 1 week from now
user_email string Email address of the user who will register the hardware Only used to send an email. Not used for identity/authorization
inviter_email string Inviter Email, automatically set from token, not accepted as input
language_code string Email ISO language code. Defaults to “en-us” (American English).
extras map<string, string> Extra custom fields to further customize email. Fields should be agreed between sender (usually UI) and documented in the template of email service provider.
provisioning_policy_name string (reference to ProvisioningPolicy) Provisioning Policy name to register hardware one of provisioning_policy_name or device_name is required
device_name string (reference to Device) Device name to register hardware
single_use bool If true, only one hardware can be registered using this session If false, multiple hardwares can be registered using this session
token string auto-generated
status DeviceHardwareRegisterSession.Status

DeviceHardwareRegisterSession.Status Message

Name Type Description
device_hardwares repeated string (name of DeviceHardware) Device hardwares that were registered with this session Deleted names are retailed for history

GetDeviceHardwareRegisterSessionRequest Message

A request message of the GetDeviceHardwareRegisterSession method.

Name Type Description
name string (name of DeviceHardwareRegisterSession) Name of ntt.devices.v1.DeviceHardwareRegisterSession
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceHardwareRegisterSessionsRequest Message

A request message of the BatchGetDeviceHardwareRegisterSessions method.

Name Type Description
names repeated string (name of DeviceHardwareRegisterSession) Names of DeviceHardwareRegisterSessions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceHardwareRegisterSessionsResponse Message

A response message of the BatchGetDeviceHardwareRegisterSessions method.

Name Type Description
device_hardware_register_sessions repeated DeviceHardwareRegisterSession found DeviceHardwareRegisterSessions
missing repeated string (name of DeviceHardwareRegisterSession) list of not found DeviceHardwareRegisterSessions

ListDeviceHardwareRegisterSessionsRequest Message

A request message of the ListDeviceHardwareRegisterSessions method.

Name Type Description
parent string (parent name of DeviceHardwareRegisterSession) Parent name of ntt.devices.v1.DeviceHardwareRegisterSession
page_size int32 Requested page size. Server may return fewer DeviceHardwareRegisterSessions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of DeviceHardwareRegisterSession) A token identifying a page of results the server should return. Typically, this is the value of ListDeviceHardwareRegisterSessionsResponse.next_page_token.
order_by string (orderBy of DeviceHardwareRegisterSession) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of DeviceHardwareRegisterSession) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDeviceHardwareRegisterSessionsResponse Message

A response message of the ListDeviceHardwareRegisterSessions method.

Name Type Description
device_hardware_register_sessions repeated DeviceHardwareRegisterSession The list of DeviceHardwareRegisterSessions
prev_page_token string (cursor of DeviceHardwareRegisterSession) A token to retrieve previous page of results. Pass this value in the ListDeviceHardwareRegisterSessionsRequest.page_token.
next_page_token string (cursor of DeviceHardwareRegisterSession) A token to retrieve next page of results. Pass this value in the ListDeviceHardwareRegisterSessionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total DeviceHardwareRegisterSessions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeviceHardwareRegisterSessionRequest Message

A request message of the WatchDeviceHardwareRegisterSession method.

Name Type Description
name string (name of DeviceHardwareRegisterSession) Name of ntt.devices.v1.DeviceHardwareRegisterSession
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeviceHardwareRegisterSessionResponse Message

A response message of the WatchDeviceHardwareRegisterSession method.

Name Type Description
change DeviceHardwareRegisterSessionChange

WatchDeviceHardwareRegisterSessionsRequest Message

A request message of the WatchDeviceHardwareRegisterSessions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of DeviceHardwareRegisterSession) Parent name of ntt.devices.v1.DeviceHardwareRegisterSession
page_size int32 Requested page size. Server may return fewer DeviceHardwareRegisterSessions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of DeviceHardwareRegisterSession) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of DeviceHardwareRegisterSession) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of DeviceHardwareRegisterSession) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to DeviceHardwareRegisterSession that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to DeviceHardwareRegisterSession that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDeviceHardwareRegisterSessionsResponse Message

A response message of the WatchDeviceHardwareRegisterSessions method.

Name Type Description
device_hardware_register_session_changes repeated DeviceHardwareRegisterSessionChange Changes of DeviceHardwareRegisterSessions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All DeviceHardwareRegisterSessions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDeviceHardwareRegisterSessionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (DeviceHardwareRegisterSessions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDeviceHardwareRegisterSessionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of DeviceHardwareRegisterSession) New token to retrieve previous page of results.
next_page_token string (cursor of DeviceHardwareRegisterSession) New token to retrieve next page of results.

CreateDeviceHardwareRegisterSessionRequest Message

A request message of the CreateDeviceHardwareRegisterSession method.

Name Type Description
parent string (parent name of DeviceHardwareRegisterSession) Parent name of ntt.devices.v1.DeviceHardwareRegisterSession
device_hardware_register_session DeviceHardwareRegisterSession DeviceHardwareRegisterSession resource body
response_mask CreateDeviceHardwareRegisterSessionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateDeviceHardwareRegisterSessionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateDeviceHardwareRegisterSessionRequest Message

A request message of the UpdateDeviceHardwareRegisterSession method.

Name Type Description
device_hardware_register_session DeviceHardwareRegisterSession DeviceHardwareRegisterSession resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateDeviceHardwareRegisterSessionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateDeviceHardwareRegisterSessionRequest.ResponseMask reduce message response size.

UpdateDeviceHardwareRegisterSessionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state DeviceHardwareRegisterSession Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateDeviceHardwareRegisterSessionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteDeviceHardwareRegisterSessionRequest Message

A request message of the DeleteDeviceHardwareRegisterSession method.

Name Type Description
name string (name of DeviceHardwareRegisterSession) Name of ntt.devices.v1.DeviceHardwareRegisterSession
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

GetDeviceHardwareRegisterSessionFromTokenRequest Message

Request message for method [GetDeviceHardwareRegisterSessionFromToken][ntt.devices.v1.GetDeviceHardwareRegisterSessionFromToken]

Name Type Description
token string token from hardware_register_session

GetDeviceHardwareRegisterSessionFromTokenResponse Message

Response message for method [GetDeviceHardwareRegisterSessionFromToken][ntt.devices.v1.GetDeviceHardwareRegisterSessionFromToken]

Name Type Description
device_hardware_register_session DeviceHardwareRegisterSession
project_display_name string Used for showing project name in hardware registration dashboard

RegisterHardwareRequest Message

Request message for method [RegisterHardware][ntt.devices.v1.RegisterHardware]

Name Type Description
token string token from hardware_register_session
serial_number string
manufacturer string
product_name string Should be in the format “productname (sku)”, required field
mac_address repeated string
sim_iccid string
imei string
md5_hmac_digest string MD5 HMAC of ‘{“ICCID”:"<>",“MODEL”:"<>",“SN”:"<>"}’

RegisterHardwareResponse Message

Response message for method [RegisterHardware][ntt.devices.v1.RegisterHardware]

Name Type Description
hardware DeviceHardware

HardwareStatusRequest Message

Request message for method [HardwareStatus][ntt.devices.v1.HardwareStatus]

Name Type Description
token string token for hardware_register_session
serial_number string
manufacturer string manufacturer is typically not required, only required in case of serial number conflict with different vendors
product_name string product_name is typically not required, only required in case of serial number conflict with different productname/skus Should be in the format “productname (sku)”

HardwareStatusResponse Message

Response message for method [HardwareStatus][ntt.devices.v1.HardwareStatus]

Name Type Description
device_hardwares repeated DeviceHardware

DeviceType Resource

DeviceType Resource

Name patterns:

  • deviceTypes/{device_type}

This section covers the methods and messages to interact with DeviceType resource.

DeviceType Methods

Here is the list of DeviceType resource methods:

GetDeviceType Method

GetDeviceType

rpc GetDeviceType(GetDeviceTypeRequest) returns (DeviceType)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.get

The equivalent REST API is:

GET /v1/{name=deviceTypes/*}

BatchGetDeviceTypes Method

BatchGetDeviceTypes

rpc BatchGetDeviceTypes(BatchGetDeviceTypesRequest) returns (BatchGetDeviceTypesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.batchGet

The equivalent REST API is:

GET /v1/deviceTypes:batchGet

ListDeviceTypes Method

ListDeviceTypes

rpc ListDeviceTypes(ListDeviceTypesRequest) returns (ListDeviceTypesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.list

The equivalent REST API is:

GET /v1/deviceTypes

WatchDeviceType Method

WatchDeviceType

rpc WatchDeviceType(WatchDeviceTypeRequest) returns (WatchDeviceTypeResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.watch

The equivalent REST API is:

POST /v1/{name=deviceTypes/*}:watch

WatchDeviceTypes Method

WatchDeviceTypes

rpc WatchDeviceTypes(WatchDeviceTypesRequest) returns (WatchDeviceTypesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.watch

The equivalent REST API is:

POST /v1/deviceTypes:watch

CreateDeviceType Method

CreateDeviceType

rpc CreateDeviceType(CreateDeviceTypeRequest) returns (DeviceType)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.create

The equivalent REST API is:

POST /v1/deviceTypes (BODY: device_type)

UpdateDeviceType Method

UpdateDeviceType

rpc UpdateDeviceType(UpdateDeviceTypeRequest) returns (DeviceType)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.update

The equivalent REST API is:

PUT /v1/{device_type.name=deviceTypes/*} (BODY: device_type)

DeleteDeviceType Method

DeleteDeviceType

rpc DeleteDeviceType(DeleteDeviceTypeRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/deviceTypes.delete

The equivalent REST API is:

DELETE /v1/{name=deviceTypes/*}

DeviceType Messages

Here is the list of DeviceType resource messages:

DeviceType Message

Name Type Description
name string (name of DeviceType) Name of DeviceType When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display name of Device Type
hardware DeviceType.Hardware
architecture DeviceType.Architecture
description string Description of the Device Type

GetDeviceTypeRequest Message

A request message of the GetDeviceType method.

Name Type Description
name string (name of DeviceType) Name of ntt.devices.v1.DeviceType
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceTypesRequest Message

A request message of the BatchGetDeviceTypes method.

Name Type Description
names repeated string (name of DeviceType) Names of DeviceTypes
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetDeviceTypesResponse Message

A response message of the BatchGetDeviceTypes method.

Name Type Description
device_types repeated DeviceType found DeviceTypes
missing repeated string (name of DeviceType) list of not found DeviceTypes

ListDeviceTypesRequest Message

A request message of the ListDeviceTypes method.

Name Type Description
page_size int32 Requested page size. Server may return fewer DeviceTypes than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of DeviceType) A token identifying a page of results the server should return. Typically, this is the value of ListDeviceTypesResponse.next_page_token.
order_by string (orderBy of DeviceType) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of DeviceType) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListDeviceTypesResponse Message

A response message of the ListDeviceTypes method.

Name Type Description
device_types repeated DeviceType The list of DeviceTypes
prev_page_token string (cursor of DeviceType) A token to retrieve previous page of results. Pass this value in the ListDeviceTypesRequest.page_token.
next_page_token string (cursor of DeviceType) A token to retrieve next page of results. Pass this value in the ListDeviceTypesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total DeviceTypes across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchDeviceTypeRequest Message

A request message of the WatchDeviceType method.

Name Type Description
name string (name of DeviceType) Name of ntt.devices.v1.DeviceType
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchDeviceTypeResponse Message

A response message of the WatchDeviceType method.

Name Type Description
change DeviceTypeChange

WatchDeviceTypesRequest Message

A request message of the WatchDeviceTypes method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer DeviceTypes than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of DeviceType) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of DeviceType) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of DeviceType) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to DeviceType that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to DeviceType that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchDeviceTypesResponse Message

A response message of the WatchDeviceTypes method.

Name Type Description
device_type_changes repeated DeviceTypeChange Changes of DeviceTypes
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All DeviceTypes will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchDeviceTypesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (DeviceTypes will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchDeviceTypesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of DeviceType) New token to retrieve previous page of results.
next_page_token string (cursor of DeviceType) New token to retrieve next page of results.

CreateDeviceTypeRequest Message

A request message of the CreateDeviceType method.

Name Type Description
device_type DeviceType DeviceType resource body
response_mask CreateDeviceTypeRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateDeviceTypeRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateDeviceTypeRequest Message

A request message of the UpdateDeviceType method.

Name Type Description
device_type DeviceType DeviceType resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateDeviceTypeRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateDeviceTypeRequest.ResponseMask reduce message response size.

UpdateDeviceTypeRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state DeviceType Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateDeviceTypeRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteDeviceTypeRequest Message

A request message of the DeleteDeviceType method.

Name Type Description
name string (name of DeviceType) Name of ntt.devices.v1.DeviceType
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

DeviceType Enumerations

Here is the list of DeviceType resource enumerations:

DeviceType.Hardware Enumeration

Hardware (e.g. Generic, Raspberry Pi)

Name Description
HARDWARE_UNSPECIFIED
GENERIC
RASPBERRYPI

DeviceType.Architecture Enumeration

Architecture name (e.g. amd64)

Name Description
ARCHITECTURE_UNSPECIFIED
AMD64
ARM64

OsImageProfile Resource

OsImageProfile Resource

Name patterns:

  • projects/{project}/regions/{region}/osImageProfiles/{os_image_profile}

Parent resources:

This section covers the methods and messages to interact with OsImageProfile resource.

OsImageProfile Methods

Here is the list of OsImageProfile resource methods:

GetOsImageProfile Method

GetOsImageProfile

rpc GetOsImageProfile(GetOsImageProfileRequest) returns (OsImageProfile)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/osImageProfiles/*}

BatchGetOsImageProfiles Method

BatchGetOsImageProfiles

rpc BatchGetOsImageProfiles(BatchGetOsImageProfilesRequest) returns (BatchGetOsImageProfilesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.batchGet

The equivalent REST API is:

GET /v1/osImageProfiles:batchGet

ListOsImageProfiles Method

ListOsImageProfiles

rpc ListOsImageProfiles(ListOsImageProfilesRequest) returns (ListOsImageProfilesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/osImageProfiles

WatchOsImageProfile Method

WatchOsImageProfile

rpc WatchOsImageProfile(WatchOsImageProfileRequest) returns (WatchOsImageProfileResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/osImageProfiles/*}:watch

WatchOsImageProfiles Method

WatchOsImageProfiles

rpc WatchOsImageProfiles(WatchOsImageProfilesRequest) returns (WatchOsImageProfilesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/osImageProfiles:watch

CreateOsImageProfile Method

CreateOsImageProfile

rpc CreateOsImageProfile(CreateOsImageProfileRequest) returns (OsImageProfile)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/osImageProfiles (BODY: os_image_profile)

UpdateOsImageProfile Method

UpdateOsImageProfile

rpc UpdateOsImageProfile(UpdateOsImageProfileRequest) returns (OsImageProfile)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.update

The equivalent REST API is:

PUT /v1/{os_image_profile.name=projects/*/regions/*/osImageProfiles/*} (BODY: os_image_profile)

DeleteOsImageProfile Method

DeleteOsImageProfile

rpc DeleteOsImageProfile(DeleteOsImageProfileRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osImageProfiles.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/osImageProfiles/*}

OsImageProfile Messages

Here is the list of OsImageProfile resource messages:

OsImageProfile Message

Name Type Description
name string (name of OsImageProfile) Name of OsImageProfile When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display name of the profile
description string Optional. Description of the profile.
device_type string (reference to DeviceType) Device type for the profile
install_ai_accelerator bool Install runtimes and drivers for Hailo-8 and NVIDIA CUDA.
encryption bool Enable disk encryption
disk_mapping string Disk Mapping YAML configuration.
network_agent string Network Agent YAML configuration.
ntp string NTP Server settings.
http_proxy string HTTP PROXY address
https_proxy string HTTPS PROXY address
no_proxy string NO Proxy addresses (comma separated).

GetOsImageProfileRequest Message

A request message of the GetOsImageProfile method.

Name Type Description
name string (name of OsImageProfile) Name of ntt.devices.v1.OsImageProfile
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOsImageProfilesRequest Message

A request message of the BatchGetOsImageProfiles method.

Name Type Description
names repeated string (name of OsImageProfile) Names of OsImageProfiles
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOsImageProfilesResponse Message

A response message of the BatchGetOsImageProfiles method.

Name Type Description
os_image_profiles repeated OsImageProfile found OsImageProfiles
missing repeated string (name of OsImageProfile) list of not found OsImageProfiles

ListOsImageProfilesRequest Message

A request message of the ListOsImageProfiles method.

Name Type Description
parent string (parent name of OsImageProfile) Parent name of ntt.devices.v1.OsImageProfile
page_size int32 Requested page size. Server may return fewer OsImageProfiles than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of OsImageProfile) A token identifying a page of results the server should return. Typically, this is the value of ListOsImageProfilesResponse.next_page_token.
order_by string (orderBy of OsImageProfile) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of OsImageProfile) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListOsImageProfilesResponse Message

A response message of the ListOsImageProfiles method.

Name Type Description
os_image_profiles repeated OsImageProfile The list of OsImageProfiles
prev_page_token string (cursor of OsImageProfile) A token to retrieve previous page of results. Pass this value in the ListOsImageProfilesRequest.page_token.
next_page_token string (cursor of OsImageProfile) A token to retrieve next page of results. Pass this value in the ListOsImageProfilesRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total OsImageProfiles across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchOsImageProfileRequest Message

A request message of the WatchOsImageProfile method.

Name Type Description
name string (name of OsImageProfile) Name of ntt.devices.v1.OsImageProfile
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOsImageProfileResponse Message

A response message of the WatchOsImageProfile method.

Name Type Description
change OsImageProfileChange

WatchOsImageProfilesRequest Message

A request message of the WatchOsImageProfiles method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of OsImageProfile) Parent name of ntt.devices.v1.OsImageProfile
page_size int32 Requested page size. Server may return fewer OsImageProfiles than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of OsImageProfile) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of OsImageProfile) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of OsImageProfile) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to OsImageProfile that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to OsImageProfile that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchOsImageProfilesResponse Message

A response message of the WatchOsImageProfiles method.

Name Type Description
os_image_profile_changes repeated OsImageProfileChange Changes of OsImageProfiles
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All OsImageProfiles will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchOsImageProfilesResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (OsImageProfiles will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchOsImageProfilesResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of OsImageProfile) New token to retrieve previous page of results.
next_page_token string (cursor of OsImageProfile) New token to retrieve next page of results.

CreateOsImageProfileRequest Message

A request message of the CreateOsImageProfile method.

Name Type Description
parent string (parent name of OsImageProfile) Parent name of ntt.devices.v1.OsImageProfile
os_image_profile OsImageProfile OsImageProfile resource body
response_mask CreateOsImageProfileRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateOsImageProfileRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateOsImageProfileRequest Message

A request message of the UpdateOsImageProfile method.

Name Type Description
os_image_profile OsImageProfile OsImageProfile resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateOsImageProfileRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateOsImageProfileRequest.ResponseMask reduce message response size.

UpdateOsImageProfileRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state OsImageProfile Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateOsImageProfileRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteOsImageProfileRequest Message

A request message of the DeleteOsImageProfile method.

Name Type Description
name string (name of OsImageProfile) Name of ntt.devices.v1.OsImageProfile
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

OsVersion Resource

OsVersion Resource

Name patterns:

  • osVersions/{os_version}

This section covers the methods and messages to interact with OsVersion resource.

OsVersion Methods

Here is the list of OsVersion resource methods:

GetOsVersion Method

GetOsVersion

rpc GetOsVersion(GetOsVersionRequest) returns (OsVersion)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.get

The equivalent REST API is:

GET /v1/{name=osVersions/*}

BatchGetOsVersions Method

BatchGetOsVersions

rpc BatchGetOsVersions(BatchGetOsVersionsRequest) returns (BatchGetOsVersionsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.batchGet

The equivalent REST API is:

GET /v1/osVersions:batchGet

ListOsVersions Method

ListOsVersions

rpc ListOsVersions(ListOsVersionsRequest) returns (ListOsVersionsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.list

The equivalent REST API is:

GET /v1/osVersions

WatchOsVersion Method

WatchOsVersion

rpc WatchOsVersion(WatchOsVersionRequest) returns (WatchOsVersionResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.watch

The equivalent REST API is:

POST /v1/{name=osVersions/*}:watch

WatchOsVersions Method

WatchOsVersions

rpc WatchOsVersions(WatchOsVersionsRequest) returns (WatchOsVersionsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.watch

The equivalent REST API is:

POST /v1/osVersions:watch

CreateOsVersion Method

CreateOsVersion

rpc CreateOsVersion(CreateOsVersionRequest) returns (OsVersion)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.create

The equivalent REST API is:

POST /v1/osVersions (BODY: os_version)

UpdateOsVersion Method

UpdateOsVersion

rpc UpdateOsVersion(UpdateOsVersionRequest) returns (OsVersion)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.update

The equivalent REST API is:

PUT /v1/{os_version.name=osVersions/*} (BODY: os_version)

DeleteOsVersion Method

DeleteOsVersion

rpc DeleteOsVersion(DeleteOsVersionRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/osVersions.delete

The equivalent REST API is:

DELETE /v1/{name=osVersions/*}

OsVersion Messages

Here is the list of OsVersion resource messages:

OsVersion Message

Name Type Description
name string (name of OsVersion) Name of OsVersion When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
version string The version name.
device_type string (reference to DeviceType) Supported device type.
minimum_previous_version string The minum previous OS version that is required to upgrade devices to the OS version.
channel OsVersion.Channel

GetOsVersionRequest Message

A request message of the GetOsVersion method.

Name Type Description
name string (name of OsVersion) Name of ntt.devices.v1.OsVersion
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOsVersionsRequest Message

A request message of the BatchGetOsVersions method.

Name Type Description
names repeated string (name of OsVersion) Names of OsVersions
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetOsVersionsResponse Message

A response message of the BatchGetOsVersions method.

Name Type Description
os_versions repeated OsVersion found OsVersions
missing repeated string (name of OsVersion) list of not found OsVersions

ListOsVersionsRequest Message

A request message of the ListOsVersions method.

Name Type Description
page_size int32 Requested page size. Server may return fewer OsVersions than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of OsVersion) A token identifying a page of results the server should return. Typically, this is the value of ListOsVersionsResponse.next_page_token.
order_by string (orderBy of OsVersion) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of OsVersion) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListOsVersionsResponse Message

A response message of the ListOsVersions method.

Name Type Description
os_versions repeated OsVersion The list of OsVersions
prev_page_token string (cursor of OsVersion) A token to retrieve previous page of results. Pass this value in the ListOsVersionsRequest.page_token.
next_page_token string (cursor of OsVersion) A token to retrieve next page of results. Pass this value in the ListOsVersionsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total OsVersions across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchOsVersionRequest Message

A request message of the WatchOsVersion method.

Name Type Description
name string (name of OsVersion) Name of ntt.devices.v1.OsVersion
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchOsVersionResponse Message

A response message of the WatchOsVersion method.

Name Type Description
change OsVersionChange

WatchOsVersionsRequest Message

A request message of the WatchOsVersions method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer OsVersions than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of OsVersion) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of OsVersion) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of OsVersion) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to OsVersion that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to OsVersion that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchOsVersionsResponse Message

A response message of the WatchOsVersions method.

Name Type Description
os_version_changes repeated OsVersionChange Changes of OsVersions
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All OsVersions will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchOsVersionsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (OsVersions will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchOsVersionsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of OsVersion) New token to retrieve previous page of results.
next_page_token string (cursor of OsVersion) New token to retrieve next page of results.

CreateOsVersionRequest Message

A request message of the CreateOsVersion method.

Name Type Description
os_version OsVersion OsVersion resource body
response_mask CreateOsVersionRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateOsVersionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateOsVersionRequest Message

A request message of the UpdateOsVersion method.

Name Type Description
os_version OsVersion OsVersion resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateOsVersionRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateOsVersionRequest.ResponseMask reduce message response size.

UpdateOsVersionRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state OsVersion Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateOsVersionRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteOsVersionRequest Message

A request message of the DeleteOsVersion method.

Name Type Description
name string (name of OsVersion) Name of ntt.devices.v1.OsVersion
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

OsVersion Enumerations

Here is the list of OsVersion resource enumerations:

OsVersion.Channel Enumeration

Name Description
CHANNEL_UNSPECIFIED
NORMAL
BETA

Project Resource

Project Resource

Name patterns:

  • projects/{project}

This section covers the methods and messages to interact with Project resource.

Project Methods

Here is the list of Project resource methods:

GetProject Method

GetProject

rpc GetProject(GetProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.get

The equivalent REST API is:

GET /v1/{name=projects/*}

BatchGetProjects Method

BatchGetProjects

rpc BatchGetProjects(BatchGetProjectsRequest) returns (BatchGetProjectsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.batchGet

The equivalent REST API is:

GET /v1/projects:batchGet

ListProjects Method

ListProjects

rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.list

The equivalent REST API is:

GET /v1/projects

WatchProject Method

WatchProject

rpc WatchProject(WatchProjectRequest) returns (WatchProjectResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/{name=projects/*}:watch

WatchProjects Method

WatchProjects

rpc WatchProjects(WatchProjectsRequest) returns (WatchProjectsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.watch

The equivalent REST API is:

POST /v1/projects:watch

CreateProject Method

CreateProject

rpc CreateProject(CreateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.create

The equivalent REST API is:

POST /v1/projects (BODY: project)

UpdateProject Method

UpdateProject

rpc UpdateProject(UpdateProjectRequest) returns (Project)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.update

The equivalent REST API is:

PUT /v1/{project.name=projects/*} (BODY: project)

DeleteProject Method

DeleteProject

rpc DeleteProject(DeleteProjectRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/projects.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*}

Project Messages

Here is the list of Project resource messages:

Project Message

Name Type Description
name string (name of Project) Name of Project When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
multi_region_policy MultiRegionPolicy Multi region policy defines in which region all kid resources (and their kids) will by default belong and cross-region syncing policies.

GetProjectRequest Message

A request message of the GetProject method.

Name Type Description
name string (name of Project) Name of ntt.devices.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsRequest Message

A request message of the BatchGetProjects method.

Name Type Description
names repeated string (name of Project) Names of Projects
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProjectsResponse Message

A response message of the BatchGetProjects method.

Name Type Description
projects repeated Project found Projects
missing repeated string (name of Project) list of not found Projects

ListProjectsRequest Message

A request message of the ListProjects method.

Name Type Description
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of Project) A token identifying a page of results the server should return. Typically, this is the value of ListProjectsResponse.next_page_token.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProjectsResponse Message

A response message of the ListProjects method.

Name Type Description
projects repeated Project The list of Projects
prev_page_token string (cursor of Project) A token to retrieve previous page of results. Pass this value in the ListProjectsRequest.page_token.
next_page_token string (cursor of Project) A token to retrieve next page of results. Pass this value in the ListProjectsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total Projects across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProjectRequest Message

A request message of the WatchProject method.

Name Type Description
name string (name of Project) Name of ntt.devices.v1.Project
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProjectResponse Message

A response message of the WatchProject method.

Name Type Description
change ProjectChange

WatchProjectsRequest Message

A request message of the WatchProjects method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
page_size int32 Requested page size. Server may return fewer Projects than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of Project) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of Project) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of Project) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to Project that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to Project that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProjectsResponse Message

A response message of the WatchProjects method.

Name Type Description
project_changes repeated ProjectChange Changes of Projects
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All Projects will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProjectsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (Projects will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProjectsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of Project) New token to retrieve previous page of results.
next_page_token string (cursor of Project) New token to retrieve next page of results.

CreateProjectRequest Message

A request message of the CreateProject method.

Name Type Description
project Project Project resource body
response_mask CreateProjectRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProjectRequest Message

A request message of the UpdateProject method.

Name Type Description
project Project Project resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProjectRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProjectRequest.ResponseMask reduce message response size.

UpdateProjectRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state Project Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProjectRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProjectRequest Message

A request message of the DeleteProject method.

Name Type Description
name string (name of Project) Name of ntt.devices.v1.Project
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ProvisioningApprovalRequest Resource

ProvisioningApprovalRequest Resource

Name patterns:

  • projects/{project}/regions/{region}/provisioningPolicies/{provisioning_policy}/provisioningApprovalRequests/{provisioning_approval_request}

Parent resources:

This section covers the methods and messages to interact with ProvisioningApprovalRequest resource.

ProvisioningApprovalRequest Methods

Here is the list of ProvisioningApprovalRequest resource methods:

GetProvisioningApprovalRequest Method

GetProvisioningApprovalRequest

rpc GetProvisioningApprovalRequest(GetProvisioningApprovalRequestRequest) returns (ProvisioningApprovalRequest)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/provisioningPolicies/*/provisioningApprovalRequests/*}

BatchGetProvisioningApprovalRequests Method

BatchGetProvisioningApprovalRequests

rpc BatchGetProvisioningApprovalRequests(BatchGetProvisioningApprovalRequestsRequest) returns (BatchGetProvisioningApprovalRequestsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.batchGet

The equivalent REST API is:

GET /v1/provisioningApprovalRequests:batchGet

ListProvisioningApprovalRequests Method

ListProvisioningApprovalRequests

rpc ListProvisioningApprovalRequests(ListProvisioningApprovalRequestsRequest) returns (ListProvisioningApprovalRequestsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*/provisioningPolicies/*}/provisioningApprovalRequests

WatchProvisioningApprovalRequest Method

WatchProvisioningApprovalRequest

rpc WatchProvisioningApprovalRequest(WatchProvisioningApprovalRequestRequest) returns (WatchProvisioningApprovalRequestResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*/provisioningApprovalRequests/*}:watch

WatchProvisioningApprovalRequests Method

WatchProvisioningApprovalRequests

rpc WatchProvisioningApprovalRequests(WatchProvisioningApprovalRequestsRequest) returns (WatchProvisioningApprovalRequestsResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*/provisioningPolicies/*}/provisioningApprovalRequests:watch

CreateProvisioningApprovalRequest Method

CreateProvisioningApprovalRequest

rpc CreateProvisioningApprovalRequest(CreateProvisioningApprovalRequestRequest) returns (ProvisioningApprovalRequest)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*/provisioningPolicies/*}/provisioningApprovalRequests (BODY: provisioning_approval_request)

UpdateProvisioningApprovalRequest Method

UpdateProvisioningApprovalRequest

rpc UpdateProvisioningApprovalRequest(UpdateProvisioningApprovalRequestRequest) returns (ProvisioningApprovalRequest)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.update

The equivalent REST API is:

PUT /v1/{provisioning_approval_request.name=projects/*/regions/*/provisioningPolicies/*/provisioningApprovalRequests/*} (BODY: provisioning_approval_request)

DeleteProvisioningApprovalRequest Method

DeleteProvisioningApprovalRequest

rpc DeleteProvisioningApprovalRequest(DeleteProvisioningApprovalRequestRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/provisioningPolicies/*/provisioningApprovalRequests/*}

ProvisionDeviceForApprovedRequest Method

ProvisionDeviceForApprovedRequest

rpc ProvisionDeviceForApprovedRequest(ProvisionDeviceForApprovedRequestRequest) returns (ProvisionDeviceForApprovedRequestResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningApprovalRequests.provisionDeviceForApprovedRequest

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*/provisioningApprovalRequests/*}:provisionDeviceForApprovedRequest

ProvisioningApprovalRequest Messages

Here is the list of ProvisioningApprovalRequest resource messages:

ProvisioningApprovalRequest Message

Name Type Description
name string (name of ProvisioningApprovalRequest) Name of ProvisioningApprovalRequest When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
spec ProvisioningApprovalRequest.Spec
status ProvisioningApprovalRequest.Status

ProvisioningApprovalRequest.Spec Message

Name Type Description
conclusion ProvisioningApprovalRequest.Spec.Conclusion The verdicit for the approval, approved or revoked.
service_account string (reference to ServiceAccount) System managed, this service account will be used by the Device resource once it’s approved. A device finds its pending request using this field.

ProvisioningApprovalRequest.Status Message

Name Type Description
none none none

GetProvisioningApprovalRequestRequest Message

A request message of the GetProvisioningApprovalRequest method.

Name Type Description
name string (name of ProvisioningApprovalRequest) Name of ntt.devices.v1.ProvisioningApprovalRequest
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProvisioningApprovalRequestsRequest Message

A request message of the BatchGetProvisioningApprovalRequests method.

Name Type Description
names repeated string (name of ProvisioningApprovalRequest) Names of ProvisioningApprovalRequests
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProvisioningApprovalRequestsResponse Message

A response message of the BatchGetProvisioningApprovalRequests method.

Name Type Description
provisioning_approval_requests repeated ProvisioningApprovalRequest found ProvisioningApprovalRequests
missing repeated string (name of ProvisioningApprovalRequest) list of not found ProvisioningApprovalRequests

ListProvisioningApprovalRequestsRequest Message

A request message of the ListProvisioningApprovalRequests method.

Name Type Description
parent string (parent name of ProvisioningApprovalRequest) Parent name of ntt.devices.v1.ProvisioningApprovalRequest
page_size int32 Requested page size. Server may return fewer ProvisioningApprovalRequests than requested. If unspecified, server will pick an appropriate default.
page_token string (cursor of ProvisioningApprovalRequest) A token identifying a page of results the server should return. Typically, this is the value of ListProvisioningApprovalRequestsResponse.next_page_token.
order_by string (orderBy of ProvisioningApprovalRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination list of field path with order directive, either ‘asc’ or ‘desc’. If direction is not provided, ‘asc’ is assumed. e.g. “state.nested_field asc, state.something.else desc, theme”
filter string (filter of ProvisioningApprovalRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask
include_paging_info bool Indicates if list response should contain total count and offset (fields current_offset and total_results_count).

ListProvisioningApprovalRequestsResponse Message

A response message of the ListProvisioningApprovalRequests method.

Name Type Description
provisioning_approval_requests repeated ProvisioningApprovalRequest The list of ProvisioningApprovalRequests
prev_page_token string (cursor of ProvisioningApprovalRequest) A token to retrieve previous page of results. Pass this value in the ListProvisioningApprovalRequestsRequest.page_token.
next_page_token string (cursor of ProvisioningApprovalRequest) A token to retrieve next page of results. Pass this value in the ListProvisioningApprovalRequestsRequest.page_token.
current_offset int32 Current offset from the first page or 0 if no page tokens were given, paging info was not requested or there was an error while trying to get it). Page index can be computed from offset and limit provided in a request.
total_results_count int32 Number of total ProvisioningApprovalRequests across all pages or 0, if there are no items, paging info was not requested or there was an error while trying to get it.

WatchProvisioningApprovalRequestRequest Message

A request message of the WatchProvisioningApprovalRequest method.

Name Type Description
name string (name of ProvisioningApprovalRequest) Name of ntt.devices.v1.ProvisioningApprovalRequest
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

WatchProvisioningApprovalRequestResponse Message

A response message of the WatchProvisioningApprovalRequest method.

Name Type Description
change ProvisioningApprovalRequestChange

WatchProvisioningApprovalRequestsRequest Message

A request message of the WatchProvisioningApprovalRequests method.

Name Type Description
type WatchType Type of a watch. Identifies how server stream data to a client, which fields in a request are allowed and which fields in response are relevant.
parent string (parent name of ProvisioningApprovalRequest) Parent name of ntt.devices.v1.ProvisioningApprovalRequest
page_size int32 Requested page size. Server may return fewer ProvisioningApprovalRequests than requested. If unspecified, server will pick an appropriate default. Can be populated only for stateful watch type.
page_token string (cursor of ProvisioningApprovalRequest) A token identifying a page of results the server should return. Can be populated only for stateful watch type.
order_by string (orderBy of ProvisioningApprovalRequest) Order By - https://cloud.google.com/apis/design/design_patterns#list_pagination Can be populated only for stateful watch type.
resume_token string A token identifying watch resume point from previous session. Can be populated only for stateless watch type.
starting_time .google.protobuf.Timestamp Point in the time from which we want to start getting updates. This field can be populated only for stateless watch type and if resume token is not known yet. If specified, initial snapshot will NOT be provided. It is assumed client can obtain it using separate means. Watch responses will contain resume tokens which should be used to resume broken connection.
filter string (filter of ProvisioningApprovalRequest) Filter - filter results by field criteria. Simplified SQL-like syntax with following operators: <=, >=, =, !=, <, >, LIKE, CONTAINS (aliases CONTAIN, HAS, HAVE), IN, IS [NOT] NULL
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view Changes to ProvisioningApprovalRequest that don’t affect any of masked fields won’t be sent back.
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask Changes to ProvisioningApprovalRequest that don’t affect any of masked fields won’t be sent back.
max_chunk_size int32 Maximum amount of changes in each response message. Query result response is divided on the server side into chunks with size of a specified amount to limit memory footprint of each message. Responses will hold information whether more elements will continue for the actual change. If unspecified, server will pick an appropriate default.

WatchProvisioningApprovalRequestsResponse Message

A response message of the WatchProvisioningApprovalRequests method.

Name Type Description
provisioning_approval_request_changes repeated ProvisioningApprovalRequestChange Changes of ProvisioningApprovalRequests
is_current bool If request specified max_chunk_size (or this limit was enforced if stateless watch has been chosen), then responses with “full changeset” will be divided into chunks. Client should keep receiving messages and, once is_current has value true, combine this recent message with all previous ones where is_current is false. If this is the first is_current in a whole watch stream, then it means that client should have, at this moment, contain snapshot of the current situation (or more accurately, snapshot of situation at the moment of request). All ProvisioningApprovalRequests will be of type Added/Current (depending on watch_type specified in the request). Further responses will be incremental - however messages may still be chunked and is_current logic still applies. is_current is always true for stateful watch if max_chunk_size was left to 0.
page_token_change WatchProvisioningApprovalRequestsResponse.PageTokenChange When present, PageTokens used for page navigation should be updated. Present only if is_current is true (last chunk).
resume_token string Token that can be used if current connection drops and client needs to reconnect. Populated only for stateless watch type. Present only if is_current is true (last chunk).
snapshot_size int64 Server may occasionally send information how many resources should client have in its state so far (response message without any changes, but with snapshot_size field specified). If client has different value than the one sent by the server, then it should be treated by a client as an error and should reconnect. If value is smaller then 0, then client should ignore this field as unpopulated. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will be never sent together with is_current, is_soft_reset and is_hard_reset flags.
is_soft_reset bool In case of internal issue server may send response message with this flag. It indicates that client should drop all changes from recent responses where is_current is false only! If last message had is_current set to true, client should do nothing and process normally. Resume token received before is still valid. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_hard_reset or snapshot_size.
is_hard_reset bool In case of internal issue server may send response message with this flag. After receiving, client should clear whole state (drop all changes received so far) as server will send new snapshot (ProvisioningApprovalRequests will contains changes of type Current only). Any resume tokens should be discarded as well. This field should be checked only for stateless watch. In stateful those kind of errors are handled by the server side. Will never be sent along with is_current, is_soft_reset or snapshot_size.

WatchProvisioningApprovalRequestsResponse.PageTokenChange Message

Name Type Description
prev_page_token string (cursor of ProvisioningApprovalRequest) New token to retrieve previous page of results.
next_page_token string (cursor of ProvisioningApprovalRequest) New token to retrieve next page of results.

CreateProvisioningApprovalRequestRequest Message

A request message of the CreateProvisioningApprovalRequest method.

Name Type Description
parent string (parent name of ProvisioningApprovalRequest) Parent name of ntt.devices.v1.ProvisioningApprovalRequest
provisioning_approval_request ProvisioningApprovalRequest ProvisioningApprovalRequest resource body
response_mask CreateProvisioningApprovalRequestRequest.ResponseMask Optional masking applied to response object to reduce message response size.

CreateProvisioningApprovalRequestRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields.

UpdateProvisioningApprovalRequestRequest Message

A request message of the UpdateProvisioningApprovalRequest method.

Name Type Description
provisioning_approval_request ProvisioningApprovalRequest ProvisioningApprovalRequest resource body
update_mask .google.protobuf.FieldMask FieldMask applied to request - change will be applied only for fields in the mask
cas UpdateProvisioningApprovalRequestRequest.CAS Conditional update applied to request if update should be executed only for specific resource state. If this field is populated, then server will fetch existing resource, compare with the one stored in the cas field (after applying field mask) and proceed with update only and only if they match. Otherwise RPC error Aborted will be returned.
allow_missing bool If set to true, and the resource is not found, a new resource will be created. In this situation, ‘field_mask’ is ignored. https://google.aip.dev/134#create-or-update
response_mask UpdateProvisioningApprovalRequestRequest.ResponseMask reduce message response size.

UpdateProvisioningApprovalRequestRequest.CAS Message

CAS - Compare and Swap. This object is used if user wants to make update conditional based upon previous resource version.

Name Type Description
conditional_state ProvisioningApprovalRequest Conditional desired state of a resource before update.
field_mask .google.protobuf.FieldMask Field paths from conditional state of resource server should check and compare.

UpdateProvisioningApprovalRequestRequest.ResponseMask Message

ResponseMask allows client to reduce response message size.

Name Type Description
skip_entire_response_body bool If this flag has value true, then response will contain just empty resource without any fields populated. Field body_mask is ignored if set.
updated_fields_only bool Include all fields that were actually updated during processing. Note this may be larger than update mask if some fields were computed additionally. Name is added as well.
body_mask .google.protobuf.FieldMask If this field is populated, then resource in response will contain only specific fields. If skip_entire_response_body is true, this field is ignored.

DeleteProvisioningApprovalRequestRequest Message

A request message of the DeleteProvisioningApprovalRequest method.

Name Type Description
name string (name of ProvisioningApprovalRequest) Name of ntt.devices.v1.ProvisioningApprovalRequest
allow_missing bool If set to true, and the resource is not found, method will be successful and will not return NotFound error.

ProvisionDeviceForApprovedRequestRequest Message

Request message for method [ProvisionDeviceForApprovedRequest][ntt.devices.v1.ProvisionDeviceForApprovedRequest]

Name Type Description
name string (name of ProvisioningApprovalRequest) name of ntt.devices.v1.ProvisioningApprovalRequest
device_status Device.Status

ProvisionDeviceForApprovedRequestResponse Message

Response message for method [ProvisionDeviceForApprovedRequest][ntt.devices.v1.ProvisionDeviceForApprovedRequest]

Name Type Description
device Device

ProvisioningApprovalRequest Enumerations

Here is the list of ProvisioningApprovalRequest resource enumerations:

ProvisioningApprovalRequest.Spec.Conclusion Enumeration

Name Description
CONCLUSION_NOT_SPECIFIED
APPROVED
REVOKED

ProvisioningPolicy Resource

ProvisioningPolicy Resource

Name patterns:

  • projects/{project}/regions/{region}/provisioningPolicies/{provisioning_policy}

Parent resources:

This section covers the methods and messages to interact with ProvisioningPolicy resource.

ProvisioningPolicy Methods

Here is the list of ProvisioningPolicy resource methods:

GetProvisioningPolicy Method

GetProvisioningPolicy

rpc GetProvisioningPolicy(GetProvisioningPolicyRequest) returns (ProvisioningPolicy)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.get

The equivalent REST API is:

GET /v1/{name=projects/*/regions/*/provisioningPolicies/*}

BatchGetProvisioningPolicies Method

BatchGetProvisioningPolicies

rpc BatchGetProvisioningPolicies(BatchGetProvisioningPoliciesRequest) returns (BatchGetProvisioningPoliciesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.batchGet

The equivalent REST API is:

GET /v1/provisioningPolicies:batchGet

ListProvisioningPolicies Method

ListProvisioningPolicies

rpc ListProvisioningPolicies(ListProvisioningPoliciesRequest) returns (ListProvisioningPoliciesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.list

The equivalent REST API is:

GET /v1/{parent=projects/*/regions/*}/provisioningPolicies

WatchProvisioningPolicy Method

WatchProvisioningPolicy

rpc WatchProvisioningPolicy(WatchProvisioningPolicyRequest) returns (WatchProvisioningPolicyResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.watch

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*}:watch

WatchProvisioningPolicies Method

WatchProvisioningPolicies

rpc WatchProvisioningPolicies(WatchProvisioningPoliciesRequest) returns (WatchProvisioningPoliciesResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.watch

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/provisioningPolicies:watch

CreateProvisioningPolicy Method

CreateProvisioningPolicy

rpc CreateProvisioningPolicy(CreateProvisioningPolicyRequest) returns (ProvisioningPolicy)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.create

The equivalent REST API is:

POST /v1/{parent=projects/*/regions/*}/provisioningPolicies (BODY: provisioning_policy)

UpdateProvisioningPolicy Method

UpdateProvisioningPolicy

rpc UpdateProvisioningPolicy(UpdateProvisioningPolicyRequest) returns (ProvisioningPolicy)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.update

The equivalent REST API is:

PUT /v1/{provisioning_policy.name=projects/*/regions/*/provisioningPolicies/*} (BODY: provisioning_policy)

DeleteProvisioningPolicy Method

DeleteProvisioningPolicy

rpc DeleteProvisioningPolicy(DeleteProvisioningPolicyRequest) returns (Empty)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.delete

The equivalent REST API is:

DELETE /v1/{name=projects/*/regions/*/provisioningPolicies/*}

ProvisionServiceAccountToProvisioningPolicy Method

ProvisionServiceAccountToProvisioningPolicy

rpc ProvisionServiceAccountToProvisioningPolicy(ProvisionServiceAccountToProvisioningPolicyRequest) returns (ProvisionServiceAccountToProvisioningPolicyResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.provisionServiceAccountToProvisioningPolicy

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*}:provisionServiceAccountToProvisioningPolicy

RemoveServiceAccountFromProvisioningPolicy Method

RemoveServiceAccountFromProvisioningPolicy

rpc RemoveServiceAccountFromProvisioningPolicy(RemoveServiceAccountFromProvisioningPolicyRequest) returns (RemoveServiceAccountFromProvisioningPolicyResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.removeServiceAccountFromProvisioningPolicy

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*}:removeServiceAccountFromProvisioningPolicy

ProvisionDeviceViaPolicy Method

ProvisionDeviceViaPolicy

rpc ProvisionDeviceViaPolicy(ProvisionDeviceViaPolicyRequest) returns (ProvisionDeviceViaPolicyResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.provisionDeviceViaPolicy

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*}:provisionDeviceViaPolicy

RequestProvisioningApproval Method

RequestProvisioningApproval

rpc RequestProvisioningApproval(RequestProvisioningApprovalRequest) returns (RequestProvisioningApprovalResponse)

with the following messages:

Required Permissions:

  • services/devices.edgelq.com/permissions/provisioningPolicies.requestProvisioningApproval

The equivalent REST API is:

POST /v1/{name=projects/*/regions/*/provisioningPolicies/*}:requestProvisioningApproval

ProvisioningPolicy Messages

Here is the list of ProvisioningPolicy resource messages:

ProvisioningPolicy Message

Name Type Description
name string (name of ProvisioningPolicy) Name of ProvisioningPolicy When creating a new instance, this field is optional and if not provided, it will be generated automatically. Last ID segment must conform to the following regex: [a-z][a-z0-9\-]{0,28}[a-z0-9]
metadata Meta Metadata is an object with information like create, update and delete time (for async deleted resources), has user labels/annotations, sharding information, multi-region syncing information and may have non-schema owners (useful for taking ownership of resources belonging to lower level services by higher ones).
display_name string Display Name
description string Description
spec ProvisioningPolicy.Spec
status ProvisioningPolicy.Status

ProvisioningPolicy.Spec Message

Name Type Description
mode ProvisioningPolicy.Mode Provisioning mode.
service_account string (reference to ServiceAccount) The service account associated with the policy. Devices have to have a key of this service account to conduct self-provisioning.
device_name_format string Template for device name.
device_display_name_format string Template for device display name.
labels map<string, string> Deprecated: Use template instead. labels that provisioned Device resources will have.
template ProvisioningPolicy.Spec.Template Template for Devices to be generated. Used only on Device resource creation, changing the value won’t affect existing Device resources.
identity_field_paths repeated string Device hardware identity paths (fields) to use for matching pre-existing device resources when provisioning.
role string (reference to Role) Role that the newly created service account should be bound to. If not specified, will use the default value of “services/devices.edgelq.com/roles/v1-device-agent”.
scope_params repeated ScopeParam List of scope params to add IF role is specified. Ignored if role is empty.
condition string (reference to Condition) Optional condition for the role binding. DEPRECATED, use extra_conditions
condition_params .google.protobuf.Struct Condition params DEPRECATED, use extra_conditions
extra_conditions repeated ExecutableCondition Optional extra conditions to be attached for a role.

ProvisioningPolicy.Status Message

Name Type Description
none none none

ProvisioningPolicy.Spec.Template Message

Name Type Description
metadata Meta
spec Device.Spec service_account will be ignored.
public_listing_spec Device.PublicListingSpec

GetProvisioningPolicyRequest Message

A request message of the GetProvisioningPolicy method.

Name Type Description
name string (name of ProvisioningPolicy) Name of ntt.devices.v1.ProvisioningPolicy
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on top of fields defined by request field view
view View View defines list of standard response fields present in response items. Additional fields can be amended by request field field_mask

BatchGetProvisioningPoliciesRequest Message

A request message of the BatchGetProvisioningPolicies method.

Name Type Description
names repeated string (name of ProvisioningPolicy) Names of ProvisioningPolicies
field_mask .google.protobuf.FieldMask A list of extra fields to be obtained for each response item on