Automator: update common-files@master in istio/api@master (#3538)

* add RetryBudget in DestinationRule

* address comment

* gen

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>

.circleci/config.yml

@@ -1,29 +0,0 @@
-version: 2
-defaults: &defaults
-  working_directory: /src/istio.io/api
-  docker:
-    - image: gcr.io/istio-testing/protoc:2018-06-12
-  environment:
-    GOPATH: /go
-    OUT_PATH: /src
-
-jobs:
-  build:
-    <<: *defaults
-    steps:
-      - checkout
-      - run:
-          command: |
-            ./scripts/generate-protos.sh || die "could not generate *.pb.go"
-            if [[ -n $(git status --porcelain) ]]; then
-              git status
-              git --no-pager diff
-              echo "Repo has unstaged changes. Re-run ./scripts/generate-protos.sh"
-              exit 1
-            fi
-
-workflows:
-  version: 2
-  all:
-    jobs:
-      - build

.devcontainer/devcontainer.json

@@ -0,0 +1,33 @@
+{
+  "name": "istio build-tools",
+  "image": "gcr.io/istio-testing/build-tools:master-8e6480403f5cf4c9a4cd9d65174d01850e632e1a",
+  "privileged": true,
+  "remoteEnv": {
+    "USE_GKE_GCLOUD_AUTH_PLUGIN": "True",
+    "BUILD_WITH_CONTAINER": "0",
+    "CARGO_HOME": "/home/.cargo",
+    "RUSTUP_HOME": "/home/.rustup"
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+    "ghcr.io/mpriscella/features/kind:1": {}
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "golang.go",
+        "rust-lang.rust-analyzer",
+        "eamodio.gitlens",
+        "zxh404.vscode-proto3",
+        "ms-azuretools.vscode-docker",
+        "redhat.vscode-yaml",
+        "IBM.output-colorizer"
+      ],
+      "settings": {
+        "files.eol": "\n",
+        "go.useLanguageServer": true,
+        "go.lintTool": "golangci-lint"
+      }
+    }
+  }
+}

.gitattributes

@@ -0,0 +1,16 @@
+*.descriptor      linguist-generated=true
+*.descriptor      -diff -merge
+*.descriptor_set  linguist-generated=true
+*.descriptor_set  -diff -merge
+*.pb.html linguist-generated=true
+*.pb.go linguist-generated=true
+*.gen.go linguist-generated=true
+*.gen.yaml linguist-generated=true
+*.gen.json linguist-generated=true
+*_pb2.py linguist-generated=true
+manifests/charts/**/profile*.yaml linguist-generated=true
+go.sum merge=union
+vendor/**  linguist-vendored
+common/**  linguist-vendored
+archive/**  linquist-vendored
+**/vmlinux.h  linquist-vendored

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,36 @@
+---
+name: Bug report
+about: Report a bug to help us improve Istio
+---
+(NOTE: This is used to report product bugs:
+  To report a security vulnerability, please visit <https://istio.io/about/security-vulnerabilities/>
+  To ask questions about how to use Istio, please visit <https://discuss.istio.io>
+)
+
+**Bug description**
+
+**Affected product area (please put an X in all that apply)**
+
+[ ] Configuration Infrastructure
+[ ] Docs
+[ ] Installation
+[ ] Networking
+[ ] Performance and Scalability
+[ ] Policies and Telemetry
+[ ] Security
+[ ] Test and Release
+[ ] User Experience
+
+**Expected behavior**
+
+**Steps to reproduce the bug**
+
+**Version (include the output of `istioctl version --remote` and `kubectl version`)**
+
+**How was Istio installed?**
+
+**Environment where bug was observed (cloud vendor, OS, etc)**
+
+Additionally, please consider attaching a [cluster state archive](http://istio.io/help/bugs/#generating-a-cluster-state-archive) by attaching
+the dump file to this issue.
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,24 @@
+---
+name: Feature request
+about: Suggest an idea to improve Istio
+
+---
+(This is used to request new product features, please visit <https://discuss.istio.io> for questions on using Istio)
+
+**Describe the feature request**
+
+**Describe alternatives you've considered**
+
+**Affected product area (please put an X in all that apply)**
+
+[ ] Configuration Infrastructure
+[ ] Docs
+[ ] Installation
+[ ] Networking
+[ ] Performance and Scalability
+[ ] Policies and Telemetry
+[ ] Security
+[ ] Test and Release
+[ ] User Experience
+
+**Additional context**

.github/SECURITY.md

@@ -0,0 +1 @@
+Refer to [Istio Security Overview](https://github.com/istio/istio/blob/master/.github/SECURITY.md) for more details.

.gitignore

@@ -13,10 +13,6 @@
 *.dylib
 *.dll
 
-# Fortran module files
-*.mod
-*.smod
-
 # Compiled Static libraries
 *.lai
 *.la
@@ -39,3 +35,8 @@
 genbin/
 
 /vendor
+
+.htmlproofer
+
+# Contains the built artifacts
+out/

BUGS-AND-FEATURE-REQUESTS.md

@@ -0,0 +1,10 @@
+# Bugs and Feature Requests
+
+You can report bugs and feature requests to the Istio team in one of three places:
+
+- [Product Bugs and Feature Requests](https://github.com/istio/istio/issues)
+- [Documentation Bugs and Feature Requests](https://github.com/istio/istio.io/issues)
+- [Community and Governance Issues](https://github.com/istio/community/issues)
+
+For security vulnerabilities, please don't report a bug (which is public) and instead follow
+[these procedures](https://istio.io/about/security-vulnerabilities/).

BUILD

@@ -1,3 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_prefix")
-
-go_prefix("istio.io/api")

CODEOWNERS

@@ -0,0 +1,6 @@
+*                @istio/technical-oversight-committee 
+/Makefile*       @istio/wg-test-and-release-maintainers
+/*.md            @istio/wg-test-and-release-maintainers
+/common/         @istio/wg-test-and-release-maintainers
+/common-protos/  @istio/wg-test-and-release-maintainers
+/scripts/        @istio/wg-test-and-release-maintainers

CONTRIBUTING.md

@@ -0,0 +1,5 @@
+# Contribution guidelines
+
+So you want to hack on Istio? Yay! Please refer to Istio's overall
+[contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md)
+to find out how you can help.

GUIDELINES.md

@@ -1,6 +1,6 @@
 # Istio API Guidelines
 
-This page defines the design guidelines for Istio APIs. They apply to 
+This page defines the design guidelines for Istio APIs. They apply to
 [Kubernetes Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
 and all [proto files](https://developers.google.com/protocol-buffers/) that are used to
 configure Istio components through the [Mesh Configuration Protocol(MCP)](https://docs.google.com/document/d/1o2-V4TLJ8fJACXdlsnxKxDv2Luryo48bAhR8ShxE5-k/edit).
@@ -10,87 +10,108 @@ Google's [API Design Guide](https://cloud.google.com/apis/design) as
 the baseline for protos. Because Envoy APIs also uses the same baseline, the
 commonality across Envoy, Istio, proto3 and gRPC will greatly help
 developer experience in the long term.
- 
+
 In addition to Google's guide, the following conventions should be
 followed for Istio APIs.
 
 ## Contents
 
 - [Proto Guidelines](#proto-guidelines)
-  - [Style](#style)
-  - [Basic Proto Versioning](#basic-proto-ersioning)
+    - [Style](#style)
+    - [Basic Proto Versioning](#basic-proto-ersioning)
+- [Validation Guidelines](#validation-guidelines)
 - [CRD Guidelines](#crd-guidelines)
-  - [Style](#style-1)
-  - [Basic CRD Versioning](#basic-crd-versioning)
+    - [Style](#crd-style)
+    - [Basic CRD Versioning](#basic-crd-versioning)
 
 ## Proto Guidelines
+
 This section captures guidelines that apply to the proto form of the configuration resources.
 
 ### Style
 
 #### Placement
-* **Do** place new API protos under ```istio.io/api/<area>/<version>``` folder.
-* **Prefer** complete words for file names.
-  * ```config.proto // Not cfg.proto!```
+
+- **Do** place new API protos under ```istio.io/api/<area>/<version>``` folder.
+- **Prefer** complete words for file names.
+
+    ```
+    index.proto // Not idx.proto!
+    ```
 
 #### Package Names
 
-* **Do** use `lowercase` without any `_`.
-* **Do** use singular words
-* **Do** use the name pattern ```istio.<area>.<version>```.
+- **Do** use `lowercase` without any `_`.
+- **Do** use singular words
+- **Do** use the name pattern ```istio.<area>.<version>```.
+
+    ```proto
+    package istio.networking.v1alpha3;
+    ```
 
-```proto
-package istio.networking.v1alpha3;
-```
-  
-  
 #### Message/Enum/Method Names
-* **Do not** use embedded acronyms. See [#364](https://github.com/istio/api/issues/364) for details.
 
-```proto
-message HttpRequest {/*...*/}  // Not HTTPRequest!
+- **Do not** use embedded acronyms. See [#364](https://github.com/istio/api/issues/364) for details.
 
-rpc DoHttpRequest(/*...*/)     // Not DoHTTPRequest!
+    ```proto
+    message HttpRequest {/*...*/}  // Not HTTPRequest!
 
-enum HttpStatusCodes {/*...*/} // Not HTTPStatusCodes!
-```
+    rpc DoHttpRequest(/*...*/)     // Not DoHTTPRequest!
 
+    enum HttpStatusCodes {/*...*/} // Not HTTPStatusCodes!
+    ```
 
 #### Messages
-* **Do** use ```CamelCase``` for message names.
-  * ```proto 
+
+- **Do** use ```CamelCase``` for message names.
+
+    ```proto
     message MyMessage {...}
     ```
 
 #### Fields
-* **Do** use ```lowercase_with_underscore``` for field names: 
-  * ```proto 
+
+- **Do** use ```lowercase_with_underscore``` for field names:
+
+    ```proto
     string display_name = 1;
     ```
-* **Do** use plural names for repeated fields:
-  * ```proto
+
+- **Do** use plural names for repeated fields:
+
+    ```proto
     repeated rule rules = 2;
     ```
-* **Do not** use postpositive adjectives in names.
-  * ```proto
+
+- **Do not** use postpositive adjectives in names.
+
+    ```proto
     repeated Items collected_items = 3; // Not items_collected!
     ```
- 
+
 #### Enums
-* **Do** use ```CamelCase``` for  types names.
-  * ```proto
+
+- **Do** use ```CamelCase``` for  types names.
+
+    ```proto
     enum Types {/*...*/}
     ```
-* **Do** use `UPPERCASE_WITH_UNDERSCORE` for enum names: 
-  * ```proto
+
+- **Do** use `UPPERCASE_WITH_UNDERSCORE` for enum names:
+
+    ```proto
     enum Types {INT_TYPE = 1;}
     ```
-* **Do** have an enum entry for value ```0```.
-  * When a new field with an enum type is introduced to a proto, when reading 
-  the older versions of the data, it will be defaulted to ```0``` value.
-* **Do** name the ```0``` value either as ```<ENUMTYPE>_UNDEFINED``` or use a sane,
+
+- **Do** have an enum entry for value ```0```.
+
+    - When a new field with an enum type is introduced to a proto, when reading
+    the older versions of the data, it will be defaulted to the ```0``` value.
+
+- **Do** name the ```0``` value either as ```<ENUMTYPE>_UNDEFINED``` or use a sane,
 well-known value that will be considered as default.
-  * ```proto
+
+    ```proto
     enum Types { TYPE_UNDEFINED = 0;}
     ```
 
@@ -102,56 +123,71 @@ get ignored, and additive, and non-breaking changes are acceptable.
 In addition to the standard proto versioning semantics, Istio tooling imposes its own restrictions, as CRD
 to proto conversion system in Istio depends on names in certain situations.
 
-The following rules captures the basic rules that should be followed when making changes to Istio config 
+The following rules captures the basic rules that should be followed when making changes to Istio config
 protos.
 
-* **Do not** change field numbers.
-  * Proto depends on field numbers to find fields.
-  * ```proto
+- **Do not** change field numbers.
+
+    - Proto depends on field numbers to find fields.
+
+        ```proto
         // Field number has changed from 1 to 2!
-        
+
         // string field = 1; // Deleted
-        string field = 2;         
-    ```
-* **Do not** rename fields.
-  * Our tooling automatically maps YAML fields to proto fields.
-  * ```proto
+        string field = 2;
+        ```
+
+- **Do not** rename fields.
+
+    - Our tooling automatically maps YAML fields to proto fields.
+
+        ```proto
         // Field name has changed!
-        
+
         // string old_field = 1;
-        string new_field = 1; 
+        string new_field = 1;
+        ```
+
+- **Do not** change cardinality of fields.
+
+    ```proto
+    // Field cardinality has changed!
+
+    // string should_have_been_plural = 1;
+    repeated string should_have_been_plural = 1;
     ```
-* **Do not** change cardinality of fields.
-  * ```proto
-        // Field cardinality has changed!
-        
-        // string should_have_been_plural = 1;
-        repeated string should_have_been_plural = 1;
-    ```
-* **Do not** rename top-level protos that map to CRD config types.
-  * Istio tooling depends on the name of the top-level protos to map CRDs to the matching proto
-  counterparts.
-  ```proto
-     // Top-level proto name has changed!
-   
-     // message Rule {
-     message PolicyRule {
-          // ...
-     }
-  ``` 
-* **Avoid** changing/renaming field types.
-  * If the field types changes, the new type **must** be structurally equivalent to the old.
-  ```proto
-      // Field type changed from Boo to Zoo!
-      // Boo and Zoo must be structurally equivalent!
-      message Foo {
-         // Boo boo = 1;  
-         Zoo boo = 2;
-      }
-    ```
-* **Do not** rename enum names, or change values.
-  * Istio tooling depends on names to convert enums from CRD form to proto.
-  * ```proto   
+
+- **Do not** rename top-level protos that map to CRD config types.
+
+    - Istio tooling depends on the name of the top-level protos to map CRDs to the matching proto counterparts.
+
+        ```proto
+        // Top-level proto name has changed!
+
+        // message Rule {
+        message PolicyRule {
+            // ...
+        }
+        ```
+
+- **Avoid** changing/renaming field types.
+
+    - If the field types changes, the new type **must** be structurally equivalent to the old.
+
+        ```proto
+        // Field type changed from Boo to Zoo!
+        // Boo and Zoo must be structurally equivalent!
+        message Foo {
+           // Boo boo = 1;
+           Zoo boo = 2;
+        }
+        ```
+
+- **Do not** rename enum names, or change values.
+
+    - Istio tooling depends on names to convert enums from CRD form to proto.
+
+        ```proto
         enum Types {
            // Enum name has changed!
            // Foo = 1;
@@ -160,25 +196,111 @@ protos.
            // Enum value has changed!
            // Baz = 2;
            Baz = 3;
+        }
+        ```
 
-        }    
-    ```
+- **Do not** remove fields.
+
+    - This is backwards compatible for protobuf, but not for CRDs which have strict validation preventing unknown fields.
+
+- **Do not** make validation stricter than in previous versions.
+
+    - This applies to OpenAPI schema validation, validation webhooks, or any similar validation that would reject and API.
+
+    - Previously valid APIs must continue to remain valid in future upgrades; a change to validation is just as impactful as
+      removal of a field.
+
+    - For example, changing a `string` value to have a max length of X characters would break users with
+      configurations beyond X characters upon upgrade, and would not be permitted.
+
+    - Loosening validation is permitted. As a result, it is recommended to err on the side of stricter validation.
+
+## Validation Guidelines
+
+All types should have as strict validation specified on it as possible to rule out invalid states.
+These are ultimately compiled to Kubernetes CustomResourceDefinitions, which use OpenAPI validation with some Kubernetes extras.
+This is handled by our own custom [protoc-gen-crd](https://github.com/istio/tools/tree/master/cmd/protoc-gen-crd) which compiles our
+protobuf definitions down to CRDs.
+
+There are a few types of validations:
+* Automatic ones, based on the protobuf type. For example, a UInt32Value automatically has a validation to check the number between `0` and `MaxUint32`
+* Protobuf `field_behavior`. Currently only `[(google.api.field_behavior) = REQUIRED]` is implemented.
+* Comment driven validations (see below).
+
+Most validation is driven by comments on fields and messages.
+All validations in [KubeBuilder](https://book.kubebuilder.io/reference/markers/crd-validation) are supported, as well as some extras:
+
+- `+protoc-gen-crd:map-value-validation`: apply the validation to each *value* in a map.
+  Note it's not possible to apply validations to each key. You can, however, validate the entire map together with a CEL rule.
+- `+protoc-gen-crd:list-value-validation`: apply the validation to each value in a list.
+- `+protoc-gen-crd:duration-validation:none`: exclude the default requirement that a duration field is non-zero.
+- `+protoc-gen-crd:validation:XIntOrString`: marks a field as accepting integers or strings.
+- `+protoc-gen-crd:validation:IgnoreSubValidation`: if referencing a message in a field, and that message has some validation on it already, exclude the listed validations.
+  This is uncommon, but can be used when referencing a message in a certain context has different rules than others.
+
+The most common validations are:
+- Sizes: `MaxLength` (strings), `MaxItems` (lists), `MaxProperties` (maps)
+- Regex: `Pattern`
+- CEL: `XValidation`
+
+### CEL
+
+[CEL](https://cel.dev/) is a small language that allows us to write expressions to represent validation logic.
+This comes with a lot of quirks!
+
+Useful tools and references:
+* [CEL playground](https://playcel.undistro.io/) allows an easy way to run CEL expressions against some types.
+* [Kubernetes CEL docs](https://kubernetes.io/docs/reference/using-api/cel/).
+* [CEL language definition](https://github.com/google/cel-spec/blob/master/doc/langdef.md).
+
+The biggest challenge with CEL is the complexity limit imposed by Kubernetes.
+This estimates the cost to run the function, and rejects it if it is too high.
+This takes into account the cost of a function and the cost of *potential* inputs.
+This makes it, typically, required to put maximum size bounds on items.
+
+Kubernetes changes version-to-version on how it estimates cost (usually getting more lenient) and what functions are available.
+We want to target the oldest version for compatibility purposes.
+Our tests do not currently cover this (a prototype of doing so can be found [here](https://github.com/istio/api/pull/3275)).
+A list of what features are in which versions can be found [here](https://kubernetes.io/docs/reference/using-api/cel/#cel-options-language-features-and-libraries).
+
+Istio has some custom macros that are expanded at compile time, driven by the [celpp](https://github.com/howardjohn/celpp) package.
+This extends CEL with these capabilities:
+* **default**. Usage: `default(self.x, 'DEF')`.
+* **oneof**. Usage: `oneof(self.x, self.y, self.z)`. This checks that 0 or 1 of these fields is set.
+* **index**. Usage: `self.index({}, x, z, b)`. This does `self.x.z.b` and returns `{}` if any of these is not set.
+
+Unlike typical Go usage, CEL does not have a concept of zero values for unset fields.
+As a result, an optional field needs special care.
+Do not write `self.fruit == 'apple'`, for instance, write `default(self.fruit, '') == 'apple'.
+
+### Testing
+
+As validation logic is really easy to get wrong, it's useful to write tests.
+This is done by adding YAML files under `tests/testdata`.
+Each type has a `valid` and `invalid` file to do positive and negative cases.
+
+Aside from explicitly testing these, these also form the seed corpus for fuzzing when these are pulled into `istio/istio`.
+This fuzz testing verifies the CRD validation has the same result as the webhook (Golang) validation code.
+Currently, this mostly serves to ensure we do not make something overly strict.
+In the future, it may show us that its safe to disable the webhook entirely, if CRD validation can cover the full validation surface.
 
 ## CRD Guidelines
 
-### Style
-* **Do** use the name pattern ```<area>.istio.io``` for API group names.
-* **Do** use the version from the proto package as the API version.
-* **Do** use the top-level proto Message name as the ```kind``` of the CRD.
+### CRD Style
+
+- **Do** use the name pattern ```<area>.istio.io``` for API group names.
+- **Do** use the version from the proto package as the API version.
+- **Do** use the top-level proto Message name as the ```kind``` of the CRD.
 
 ```yaml
 # A custom resource that describes a Gateway resource
 apiVersion: networking.istio.io/v1alpha3
-kind: Gateway 
+kind: Gateway
 # ...
 ```
 
 Matches to:
+
 ```proto
 package istio.networking.v1alpha3;
 message Gateway {
@@ -190,11 +312,17 @@ message Gateway {
 
 Istio APIs should use a simple versioning strategy based on
 major versions and releases, such as `v1alpha`, `v2beta`, or
-`v3`. Within each release, there should not be any breaking
-change to released features, such as changing the type of
-a field type, renaming a field, or changing a field number.
-Breaking changes are allowed between different releases,
-such as `v1alpha1` and `v1alpha2`.
+`v3`. Due to current limitations in Istio's CRD versioning, namely
+a lack of a conversion webhook, the schema of all versions of an API
+must be strictly identical.
+
+New APIs progress through feature stages according to our [policy](https://istio.io/latest/docs/releases/feature-stages/) before achieving stability, `v1`. When adding a new API, follow these steps:
+- Add `// +cue-gen:<Replace with API Name>:releaseChannel:extended` tag to the proto message definition of the API.
+- Update the stable validation policy to exclude the new API in the [base chart](https://github.com/istio/istio/blob/199f76a601fc4520b675169d4b53503edfaa34e3/manifests/charts/base/templates/validatingadmissionpolicy.yaml#L31) and [istio-discovery chart](https://github.com/istio/istio/blob/199f76a601fc4520b675169d4b53503edfaa34e3/manifests/charts/istio-control/istio-discovery/templates/validatingadmissionpolicy.yaml#L37) manifests.
+
+Similarly, new API fields added to a stable `v1` API independently progress through feature stages based on our [policy](https://istio.io/latest/docs/releases/feature-stages/) before achieving stability. When adding a new API field to a stable `v1` API, follow these steps:
+- Add `// +cue-gen:<Replace with API Name>:releaseChannel:extended` tag to the proto field definition.
+- Update the stable validation policy to exclude the new field in the [base chart](https://github.com/istio/istio/blob/199f76a601fc4520b675169d4b53503edfaa34e3/manifests/charts/base/templates/validatingadmissionpolicy.yaml#L31) and [istio-discovery chart](https://github.com/istio/istio/blob/199f76a601fc4520b675169d4b53503edfaa34e3/manifests/charts/istio-control/istio-discovery/templates/validatingadmissionpolicy.yaml#L37) manifests.
 
 Deprecating a feature in an API release is allowed by following
 the applicable deprecation process. The reason to allow
@@ -202,3 +330,14 @@ deprecation of individual features in a release is that it is
 significantly cheaper and simpler for everyone involved. In
 practice, it works out much better than deprecating an entire
 API version.
+
+## Exceptions
+
+Many of the guidelines above are related to limiting backward incompatible changes.
+These guidelines apply only between released versions of Istio (including patches
+and minor releases). This means that if a commit is merged into the `master` branch,
+breaking changes can still be made to it (such as removal, renaming, etc) up until
+it has been officially released.
+
+While violating the above guidelines is generally disallowed, exceptions may be made
+on a case-by-case basis.

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017 Istio Authors
+   Copyright {yyyy} {name of copyright owner}
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -1,335 +1,69 @@
-all: generate
+# WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY
+#
+# The original version of this file is located in the https://github.com/istio/common-files repo.
+# If you're looking at this file in a different repo and want to make a change, please go to the
+# common-files repo, make the change there and check it in. Then come back to this repo and run
+# "make update-common".
 
-########################
-# docker_gen
-########################
+# Copyright Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SHELL := /usr/bin/env bash
+
+# allow optional per-repo overrides
+-include Makefile.overrides.mk
+
+# Set the environment variable BUILD_WITH_CONTAINER to use a container
+# to build the repo. The only dependencies in this mode are to have make and
+# docker. If you'd rather build with a local tool chain instead, you'll need to
+# figure out all the tools you need in your environment to make that work.
+export BUILD_WITH_CONTAINER ?= 0
+
+ifeq ($(BUILD_WITH_CONTAINER),1)
+
+# An export free of arguments in a Makefile places all variables in the Makefile into the
+# environment. This is needed to allow overrides from Makefile.overrides.mk.
+export
+
+RUN = ./common/scripts/run.sh
+
+MAKE_DOCKER = $(RUN) make --no-print-directory -e -f Makefile.core.mk
+
+%:
+	@$(MAKE_DOCKER) $@
+
+default:
+	@$(MAKE_DOCKER)
+
+shell:
+	@$(RUN) /bin/bash
+
+.PHONY: default shell
 
-# Use a different generation mechanism when running from the
-# image itself
-ifdef CIRCLECI
-repo_dir = .
-docker_gen = /usr/bin/protoc -I/protobuf -I$(repo_dir)
-out_path = $(OUT_PATH)
 else
-gen_img := gcr.io/istio-testing/protoc:2018-06-12
-pwd := $(shell pwd)
-mount_dir := /src
-repo_dir := istio.io/api
-repo_mount := $(mount_dir)/istio.io/api
-docker_gen := docker run --rm -v $(pwd):$(repo_mount) -w $(mount_dir) $(gen_img) -I$(repo_dir)
-out_path = .
+
+# If we are not in build container, we need a workaround to get environment properly set
+# Write to file, then include
+$(shell mkdir -p out)
+$(shell $(shell pwd)/common/scripts/setup_env.sh envfile > out/.env)
+include out/.env
+# An export free of arguments in a Makefile places all variables in the Makefile into the
+# environment. This behavior may be surprising to many that use shell often, which simply
+# displays the existing environment
+export
+
+export GOBIN ?= $(GOPATH)/bin
+include Makefile.core.mk
+
 endif
-
-########################
-# protoc_gen_gogo*
-########################
-
-gogo_plugin_prefix := --gogo_out=plugins=grpc,
-gogofast_plugin_prefix := --gogofast_out=plugins=grpc,
-gogoslick_plugin_prefix := --gogoslick_out=plugins=grpc,
-
-########################
-# protoc_gen_python
-########################
-
-protoc_gen_python_prefix := --python_out=,
-protoc_gen_python_plugin := $(protoc_gen_python_prefix):$(repo_dir)/python/istio_api
-
-comma := ,
-empty:=
-space := $(empty) $(empty)
-
-importmaps := \
-	gogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto \
-	google/protobuf/any.proto=github.com/gogo/protobuf/types \
-	google/protobuf/descriptor.proto=github.com/gogo/protobuf/protoc-gen-gogo/descriptor \
-	google/protobuf/duration.proto=github.com/gogo/protobuf/types \
-	google/protobuf/struct.proto=github.com/gogo/protobuf/types \
-	google/protobuf/timestamp.proto=github.com/gogo/protobuf/types \
-	google/protobuf/wrappers.proto=github.com/gogo/protobuf/types \
-	google/rpc/status.proto=github.com/gogo/googleapis/google/rpc \
-	google/rpc/code.proto=github.com/gogo/googleapis/google/rpc \
-	google/rpc/error_details.proto=github.com/gogo/googleapis/google/rpc \
-
-# generate mapping directive with M<proto>:<go pkg>, format for each proto file
-mapping_with_spaces := $(foreach map,$(importmaps),M$(map),)
-gogo_mapping := $(subst $(space),$(empty),$(mapping_with_spaces))
-
-gogo_plugin := $(gogo_plugin_prefix)$(gogo_mapping):$(out_path)
-gogofast_plugin := $(gogofast_plugin_prefix)$(gogo_mapping):$(out_path)
-gogoslick_plugin := $(gogoslick_plugin_prefix)$(gogo_mapping):$(out_path)
-
-########################
-# protoc_gen_docs
-########################
-
-protoc_gen_docs_plugin := --docs_out=warnings=true,mode=html_fragment_with_front_matter:$(repo_dir)/
-
-#####################
-# Generation Rules
-#####################
-
-generate: \
-	generate-mcp-go \
-	generate-mcp-python \
-	generate-mesh-go \
-	generate-mesh-python \
-	generate-mixer-go \
-	generate-mixer-python \
-	generate-routing-go \
-	generate-routing-python \
-	generate-rbac-go \
-	generate-rbac-python \
-	generate-authn-go \
-	generate-authn-python \
-	generate-envoy-go \
-	generate-envoy-python
-
-#####################
-# mcp/...
-#####################
-
-config_mcp_path := mcp/v1alpha1
-config_mcp_protos := $(shell find $(config_mcp_path) -type f -name '*.proto' | sort)
-config_mcp_pb_gos := $(config_mcp_protos:.proto=.pb.go)
-config_mcp_pb_pythons := $(config_mcp_protos:.proto=_pb2.py)
-config_mcp_pb_doc := $(config_mcp_path)/istio.mcp.v1alpha1.pb.html
-
-generate-mcp-go: $(config_mcp_pb_gos) $(config_mcp_pb_doc)
-
-$(config_mcp_pb_gos) $(config_mcp_pb_doc): $(config_mcp_protos)
-	## Generate mcp/v1alpha1/*.pb.go + $(config_mcp_pb_doc)
-	@$(docker_gen) $(gogofast_plugin) $(protoc_gen_docs_plugin)$(config_mcp_path) $^
-
-generate-mcp-python: $(config_mcp_pb_pythons)
-
-$(config_mcp_pb_pythons): $(config_mcp_protos)
-	## Generate python/istio_api/mcp/v1alpha1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-mcp:
-	rm -f $(config_mcp_pb_gos)
-	rm -f $(config_mcp_pb_doc)
-
-#####################
-# mesh/...
-#####################
-
-mesh_path := mesh/v1alpha1
-mesh_protos := $(shell find $(mesh_path) -type f -name '*.proto' | sort)
-mesh_pb_gos := $(mesh_protos:.proto=.pb.go)
-mesh_pb_pythons := $(mesh_protos:.proto=_pb2.py)
-mesh_pb_doc := $(mesh_path)/istio.mesh.v1alpha1.pb.html
-
-generate-mesh-go: $(mesh_pb_gos) $(mesh_pb_doc)
-
-$(mesh_pb_gos) $(mesh_pb_doc): $(mesh_protos)
-	## Generate mesh/v1alpha1/*.pb.go + $(mesh_pb_doc)
-	@$(docker_gen) $(gogofast_plugin) $(protoc_gen_docs_plugin)$(mesh_path) $^
-
-generate-mesh-python: $(mesh_pb_pythons)
-
-$(mesh_pb_pythons): $(mesh_protos)
-	## Generate python/istio_api/mesh/v1alpha1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-mesh:
-	rm -f $(mesh_pb_gos)
-	rm -f $(mesh_pb_doc)
-
-#####################
-# mixer/...
-#####################
-
-mixer_v1_path := mixer/v1
-mixer_v1_protos :=  $(shell find $(mixer_v1_path) -maxdepth 1 -type f -name '*.proto' | sort)
-mixer_v1_pb_gos := $(mixer_v1_protos:.proto=.pb.go)
-mixer_v1_pb_pythons := $(mixer_v1_protos:.proto=_pb2.py)
-mixer_v1_pb_doc := $(mixer_v1_path)/istio.mixer.v1.pb.html
-
-mixer_config_client_path := mixer/v1/config/client
-mixer_config_client_protos := $(shell find $(mixer_config_client_path) -maxdepth 1 -type f -name '*.proto' | sort)
-mixer_config_client_pb_gos := $(mixer_config_client_protos:.proto=.pb.go)
-mixer_config_client_pb_pythons := $(mixer_config_client_protos:.proto=_pb2.py)
-mixer_config_client_pb_doc := $(mixer_config_client_path)/istio.mixer.v1.config.client.pb.html
-
-mixer_adapter_model_v1beta1_path := mixer/adapter/model/v1beta1
-mixer_adapter_model_v1beta1_protos := $(shell find $(mixer_adapter_model_v1beta1_path) -maxdepth 1 -type f -name '*.proto' | sort)
-mixer_adapter_model_v1beta1_pb_gos := $(mixer_adapter_model_v1beta1_protos:.proto=.pb.go)
-mixer_adapter_model_v1beta1_pb_pythons := $(mixer_adapter_model_v1beta1_protos:.proto=_pb2.py)
-mixer_adapter_model_v1beta1_pb_doc := $(mixer_adapter_model_v1beta1_path)/istio.mixer.adapter.model.v1beta1.pb.html
-
-policy_v1beta1_path := policy/v1beta1
-policy_v1beta1_protos := $(shell find $(policy_v1beta1_path) -maxdepth 1 -type f -name '*.proto' | sort)
-policy_v1beta1_pb_gos := $(policy_v1beta1_protos:.proto=.pb.go)
-policy_v1beta1_pb_pythons := $(policy_v1beta1_protos:.proto=_pb2.py)
-policy_v1beta1_pb_doc := $(policy_v1beta1_path)/istio.policy.v1beta1.pb.html
-
-generate-mixer-go: \
-	$(mixer_v1_pb_gos) $(mixer_v1_pb_doc) \
-	$(mixer_config_client_pb_gos) $(mixer_config_client_pb_doc) \
-	$(mixer_adapter_model_v1beta1_pb_gos) $(mixer_adapter_model_v1beta1_pb_doc) \
-	$(policy_v1beta1_pb_gos) $(policy_v1beta1_pb_doc)
-
-$(mixer_v1_pb_gos) $(mixer_v1_pb_doc): $(mixer_v1_protos)
-	## Generate mixer/v1/*.pb.go + $(mixer_v1_pb_doc)
-	@$(docker_gen) $(gogoslick_plugin) $(protoc_gen_docs_plugin)$(mixer_v1_path) $^
-
-$(mixer_config_client_pb_gos) $(mixer_config_client_pb_doc): $(mixer_config_client_protos)
-	## Generate mixer/v1/config/client/*.pb.go + $(mixer_config_client_pb_doc)
-	@$(docker_gen) $(gogoslick_plugin) $(protoc_gen_docs_plugin)$(mixer_config_client_path) $^
-
-$(mixer_adapter_model_v1beta1_pb_gos) $(mixer_adapter_model_v1beta1_pb_doc) : $(mixer_adapter_model_v1beta1_protos)
-	## Generate mixer/adapter/model/v1beta1/*.pb.go + $(mixer_adapter_model_v1beta1_pb_doc)
-	@$(docker_gen) $(gogoslick_plugin) $(protoc_gen_docs_plugin)$(mixer_adapter_model_v1beta1_path) $^
-
-$(policy_v1beta1_pb_gos) $(policy_v1beta1_pb_doc) : $(policy_v1beta1_protos)
-	## Generate policy/v1beta1/*.pb.go + $(policy_v1beta1_pb_doc)
-	@$(docker_gen) $(gogoslick_plugin) $(protoc_gen_docs_plugin)$(policy_v1beta1_path) $^
-
-generate-mixer-python: \
-	$(mixer_v1_pb_pythons) \
-	$(mixer_config_client_pb_pythons) \
-	$(mixer_adapter_model_v1beta1_pb_pythons) \
-	$(policy_v1beta1_pb_pythons)
-
-$(mixer_v1_pb_pythons): $(mixer_v1_protos)
-	## Generate python/istio_api/mixer/v1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-$(mixer_config_client_pb_pythons): $(mixer_config_client_protos)
-	## Generate python/istio_api/mixer/v1/config/client/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-$(mixer_adapter_model_v1beta1_pb_pythons): $(mixer_adapter_model_v1beta1_protos)
-	## Generate python/istio_api/mixer/adapter/model/v1beta1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-$(policy_v1beta1_pb_pythons): $(policy_v1beta1_protos)
-	## Generate python/istio_api/policy/v1beta1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-mixer:
-	rm -f $(mixer_v1_pb_gos) $(mixer_config_client_pb_gos) $(mixer_adapter_model_v1beta1_pb_gos) $(policy_v1beta1_pb_gos) policy/v1beta1/fixed_cfg.pb.go
-	rm -f $(mixer_v1_pb_doc) $(mixer_config_client_pb_doc) $(mixer_adapter_model_v1beta1_pb_doc) $(policy_v1beta1_pb_doc)
-
-#####################
-# routing/...
-#####################
-
-routing_v1alpha3_path := networking/v1alpha3
-routing_v1alpha3_protos := $(shell find networking/v1alpha3 -type f -name '*.proto' | sort)
-routing_v1alpha3_pb_gos := $(routing_v1alpha3_protos:.proto=.pb.go)
-routing_v1alpha3_pb_pythons := $(routing_v1alpha3_protos:.proto=_pb2.py)
-routing_v1alpha3_pb_doc := $(routing_v1alpha3_path)/istio.routing.v1alpha3.pb.html
-
-generate-routing-go: $(routing_v1alpha3_pb_gos) $(routing_v1alpha3_pb_doc)
-
-$(routing_v1alpha3_pb_gos) $(routing_v1alpha3_pb_doc): $(routing_v1alpha3_protos)
-	## Generate networking/v1alpha3/*.pb.go
-	@$(docker_gen) $(gogofast_plugin) $(protoc_gen_docs_plugin)$(routing_v1alpha3_path) $^
-
-generate-routing-python: $(routing_v1alpha3_pb_pythons)
-
-$(routing_v1alpha3_pb_pythons): $(routing_v1alpha3_protos)
-	## Generate python/istio_api/networking/v1alpha3/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-routing:
-	rm -f $(routing_v1alpha3_pb_gos)
-	rm -f $(routing_v1alpha3_pb_doc)
-
-#####################
-# rbac/...
-#####################
-
-rbac_v1alpha1_path := rbac/v1alpha1
-rbac_v1alpha1_protos := $(shell find $(rbac_v1alpha1_path) -type f -name '*.proto' | sort)
-rbac_v1alpha1_pb_gos := $(rbac_v1alpha1_protos:.proto=.pb.go)
-rbac_v1alpha1_pb_pythons := $(rbac_v1alpha1_protos:.proto=_pb2.py)
-rbac_v1alpha1_pb_doc := $(rbac_v1alpha1_path)/istio.rbac.v1alpha1.pb.html
-
-generate-rbac-go: $(rbac_v1alpha1_pb_gos) $(rbac_v1alpha1_pb_doc)
-
-$(rbac_v1alpha1_pb_gos) $(rbac_v1alpha1_pb_doc): $(rbac_v1alpha1_protos)
-	## Generate rbac/v1alpha1/*.pb.go
-	@$(docker_gen) $(gogofast_plugin) $(protoc_gen_docs_plugin)$(rbac_v1alpha1_path) $^
-
-generate-rbac-python: $(rbac_v1alpha1_protos)
-
-$(rbac_v1alpha1_pb_pythons): $(rbac_v1alpha1_protos)
-	## Generate python/istio_api/rbac/v1alpha1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-rbac:
-	rm -f $(rbac_v1alpha1_pb_gos)
-	rm -f $(rbac_v1alpha1_pb_doc)
-
-
-#####################
-# authentication/...
-#####################
-
-authn_v1alpha1_path := authentication/v1alpha1
-authn_v1alpha1_protos := $(shell find $(authn_v1alpha1_path) -type f -name '*.proto' | sort)
-authn_v1alpha1_pb_gos := $(authn_v1alpha1_protos:.proto=.pb.go)
-authn_v1alpha1_pb_pythons := $(authn_v1alpha1_protos:.proto=_pb2.py)
-authn_v1alpha1_pb_doc := $(authn_v1alpha1_path)/istio.authentication.v1alpha1.pb.html
-
-generate-authn-go: $(authn_v1alpha1_pb_gos) $(authn_v1alpha1_pb_doc)
-
-$(authn_v1alpha1_pb_gos) $(authn_v1alpha1_pb_doc): $(authn_v1alpha1_protos)
-	## Generate authentication/v1alpha1/*.pb.go
-	@$(docker_gen) $(gogofast_plugin) $(protoc_gen_docs_plugin)$(authn_v1alpha1_path) $^
-
-generate-authn-python: $(authn_v1alpha1_pb_pythons)
-
-$(authn_v1alpha1_pb_pythons): $(authn_v1alpha1_protos)
-	## Generate python/istio_api/authentication/v1alpha1/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-authn:
-	rm -f $(authn_v1alpha1_pb_gos)
-	rm -f $(authn_v1alpha1_pb_doc)
-
-#####################
-# envoy/...
-#####################
-
-envoy_path := envoy
-envoy_protos := $(shell find $(envoy_path) -type f -name '*.proto' | sort)
-envoy_pb_gos := $(envoy_protos:.proto=.pb.go)
-envoy_pb_pythons := $(envoy_protos:.proto=_pb2.py)
-
-generate-envoy-go: $(envoy_pb_gos) $(envoy_pb_doc)
-
-# Envoy APIs is internal APIs, documents is not required.
-$(envoy_pb_gos): $(envoy_protos)
-	## Generate envoy/*/*.pb.go
-	@$(docker_gen) $(gogofast_plugin) $^
-
-generate-envoy-python: $(envoy_pb_pythons)
-
-# Envoy APIs is internal APIs, documents is not required.
-$(envoy_pb_pythons): $(envoy_protos)
-	## Generate envoy/*/*_pb2.py
-	@$(docker_gen) $(protoc_gen_python_plugin) $^
-
-clean-envoy:
-	rm -f $(envoy_pb_gos)
-
-#####################
-# Cleanup
-#####################
-
-clean-python:
-	rm -rf python/istio_api/*
-
-clean: 	clean-mcp \
-	clean-mesh \
-	clean-mixer \
-	clean-routing \
-	clean-rbac \
-	clean-authn \
-	clean-envoy \
-	clean-python

Makefile.core.mk

@@ -0,0 +1,118 @@
+# Copyright Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SHELL := /bin/bash
+
+all: gen
+
+########################
+# setup
+########################
+
+repo_dir := .
+
+annotations_prep = annotations_prep
+htmlproofer = htmlproofer
+
+#####################
+# Generation Rules
+#####################
+
+.PHONY: gen-proto
+gen-proto:
+	./gen.sh
+
+.PHONY: clean
+clean:
+	./clean.sh
+
+.PHONY: gen
+gen: \
+	clean \
+	gen-proto \
+	generate-annotations \
+	generate-labels \
+	mirror-licenses \
+	tidy-go \
+	breaking
+
+gen-check: gen check-clean-repo
+
+breaking:
+	@./scripts/breaking.sh $(UPDATE_BRANCH)
+
+#####################
+# annotation/...
+#####################
+
+annotations_path := annotation
+annotations_pb_go := $(annotations_path)/annotations.gen.go
+annotations_pb_doc := $(annotations_path)/annotations.pb.html
+annotations_yaml := $(annotations_path)/annotations.yaml
+
+$(annotations_pb_go) $(annotations_pb_doc): $(annotations_yaml)
+	@$(annotations_prep) --input $(annotations_yaml) --output $(annotations_pb_go) --html_output $(annotations_pb_doc) --collection_type annotation
+
+generate-annotations: $(annotations_pb_go) $(annotations_pb_doc)
+
+clean-annotations:
+	@rm -fr $(annotations_pb_go) $(annotations_pb_doc)
+
+#####################
+# label/...
+#####################
+
+labels_path := label
+labels_pb_go := $(labels_path)/labels.gen.go
+labels_pb_doc := $(labels_path)/labels.pb.html
+labels_yaml := $(labels_path)/labels.yaml
+
+$(labels_pb_go) $(labels_pb_doc): $(labels_yaml)
+	@$(annotations_prep) --input $(labels_yaml) --output $(labels_pb_go) --html_output $(labels_pb_doc) --collection_type label
+
+generate-labels: $(labels_pb_go) $(labels_pb_doc)
+
+clean-labels:
+	@rm -fr $(labels_pb_go) $(labels_pb_doc)
+
+#####################
+# Misc
+#####################
+
+# lint-protos is different for istio/api. List all other lint-all targets and add local-lint-protos
+local-lint-protos:
+	@buf lint
+	@./scripts/check-operator-proto.sh
+	@./scripts/check-imports.sh
+
+lint: lint-dockerfiles lint-scripts lint-yaml lint-helm lint-copyright-banner lint-go lint-python lint-markdown lint-sass lint-typescript lint-licenses local-lint-protos
+ 	@$(htmlproofer) . --url-swap "istio.io:preliminary.istio.io" --assume-extension --check-html --check-external-hash --check-opengraph --timeframe 2d --storage-dir $(repo_dir)/.htmlproofer --url-ignore "/localhost/"
+
+test: breaking
+	(pushd tests && go test -v ./...)
+
+fmt: format-python
+
+#####################
+# CI System
+#####################
+
+presubmit: lint test
+postsubmit: presubmit
+
+#####################
+# Common definitions
+#####################
+
+include common/Makefile.common.mk

Makefile.overrides.mk

@@ -0,0 +1,21 @@
+# Copyright 2019 Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# this repo is on the container plan by default
+BUILD_WITH_CONTAINER ?= 1
+
+
+# if enabled, will verify that schema definitions match between versions (ie. v1alpha3 & v1beta1).
+# only works with apiextensions.k8s.io/v1 kubernetes api (not with v1beta1)
+VERIFY_CRDS_SCHEMA ?= 0

OWNERS

@@ -1,27 +0,0 @@
-# Please add your github ID alphabetically.
-reviewers:
-  - andraxylia
-  - costinm
-  - diemtvu
-  - frankbu
-  - geeknoid
-  - hklai
-  - kyessenov
-  - mandarjog
-  - qiwzhang
-  - rshriram
-  - sebastienvas
-  - wattli
-approvers:
-  - andraxylia
-  - costinm
-  - diemtvu
-  - frankbu
-  - geeknoid
-  - hklai
-  - kyessenov
-  - mandarjog
-  - qiwzhang
-  - rshriram
-  - sebastienvas
-  - wattli

README.md

@@ -4,7 +4,8 @@ This repository defines component-level APIs and common configuration formats fo
 platform. These definitions are specified using the [protobuf](https://github.com/google/protobuf)
 syntax.
 
-This repository depends only on the [tools](https://github.com/istio/tools) repository for tools used during build. This repository *will not* depend on any other repositories. Except for tools, all other Istio repositories can take a dependency on the api repository. 
+This repository depends only on the [tools](https://github.com/istio/tools) repository for tools used during build. This repository *will not* depend on any
+other repositories. Except for tools, all other Istio repositories can take a dependency on the api repository.
 
 ## API Guidelines
 
@@ -12,6 +13,15 @@ When making changes to the protos in this repository, your changes **must** comp
 
 ## Updating
 
-After the [protobuf](https://github.com/google/protobuf) definitions are updated, the corresponding `*pb.go` and `_pb2.py` files must be generated by running `scripts/generate-protos.sh` and submitted as part of the same PR as the updated definitions.
+After the [protobuf](https://github.com/google/protobuf) definitions
+are updated, the corresponding `*pb.go`, `_pb2.py`, `*.json` and
+Kubernetes Custom Resource Definition files must be
+generated by running `make gen` and submitted as
+part of the same PR as the updated definitions. Also `make
+gen` will update the proto.lock file with new changes.
 
-If releasing a new tagged version, please update python/istio-api/setup.py version to reflect.
+## Backwards Incompatible Changes
+
+If a PR tries to make backwards incompatible changes, it will be blocked by `buf breaking`.
+If there are legitimate reasons to make these breaking changes forever, the configuration in [`buf.yaml`](buf.yaml) can be changed.
+If it is a one-off case, the PR can be force approved skipping the test.

SUPPORT.md

@@ -0,0 +1,7 @@
+# Support
+
+Here are some resources to help you understand and use Istio:
+
+- For in-depth information about how to use Istio, visit [istio.io](https://istio.io)
+- To ask questions and get assistance from our community, visit [GitHub Discussions](https://github.com/istio/istio/discussions)
+- To learn how to participate in our overall community, visit [our community page](https://istio.io/latest/get-involved/)

WORKSPACE

@@ -1,15 +0,0 @@
-workspace(name = "io_istio_api")
-
-load("//:check_bazel_version.bzl", "check_version")
-check_version()
-
-git_repository(
-    name = "io_bazel_rules_go",
-    commit = "9cf23e2aab101f86e4f51d8c5e0f14c012c2161c",  # Oct 12, 2017 (Add `build_external` option to `go_repository`)
-    remote = "https://github.com/bazelbuild/rules_go.git",
-)
-
-load("//:api_dependencies.bzl", "mixer_api_dependencies")
-mixer_api_dependencies()
-
-

analysis/v1alpha1/message.pb.go

@@ -0,0 +1,589 @@
+// Copyright 2019 Istio Authors
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.6
+// 	protoc        (unknown)
+// source: analysis/v1alpha1/message.proto
+
+// $title: Analysis Messages
+// $description: Describes the structure of messages generated by Istio analyzers.
+// $location: https://istio.io/docs/reference/config/istio.analysis.v1alpha1.html
+// $weight: 20
+
+// Describes the structure of messages generated by Istio analyzers.
+
+package v1alpha1
+
+import (
+	_struct "github.com/golang/protobuf/ptypes/struct"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The values here are chosen so that more severe messages get sorted higher,
+// as well as leaving space in between to add more later
+type AnalysisMessageBase_Level int32
+
+const (
+	AnalysisMessageBase_UNKNOWN AnalysisMessageBase_Level = 0 // invalid, but included for proto compatibility for 0 values
+	AnalysisMessageBase_ERROR   AnalysisMessageBase_Level = 3
+	AnalysisMessageBase_WARNING AnalysisMessageBase_Level = 8
+	AnalysisMessageBase_INFO    AnalysisMessageBase_Level = 12
+)
+
+// Enum value maps for AnalysisMessageBase_Level.
+var (
+	AnalysisMessageBase_Level_name = map[int32]string{
+		0:  "UNKNOWN",
+		3:  "ERROR",
+		8:  "WARNING",
+		12: "INFO",
+	}
+	AnalysisMessageBase_Level_value = map[string]int32{
+		"UNKNOWN": 0,
+		"ERROR":   3,
+		"WARNING": 8,
+		"INFO":    12,
+	}
+)
+
+func (x AnalysisMessageBase_Level) Enum() *AnalysisMessageBase_Level {
+	p := new(AnalysisMessageBase_Level)
+	*p = x
+	return p
+}
+
+func (x AnalysisMessageBase_Level) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AnalysisMessageBase_Level) Descriptor() protoreflect.EnumDescriptor {
+	return file_analysis_v1alpha1_message_proto_enumTypes[0].Descriptor()
+}
+
+func (AnalysisMessageBase_Level) Type() protoreflect.EnumType {
+	return &file_analysis_v1alpha1_message_proto_enumTypes[0]
+}
+
+func (x AnalysisMessageBase_Level) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AnalysisMessageBase_Level.Descriptor instead.
+func (AnalysisMessageBase_Level) EnumDescriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// AnalysisMessageBase describes some common information that is needed for all
+// messages. All information should be static with respect to the error code.
+type AnalysisMessageBase struct {
+	state protoimpl.MessageState    `protogen:"open.v1"`
+	Type  *AnalysisMessageBase_Type `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	// Represents how severe a message is. Required.
+	Level AnalysisMessageBase_Level `protobuf:"varint,2,opt,name=level,proto3,enum=istio.analysis.v1alpha1.AnalysisMessageBase_Level" json:"level,omitempty"`
+	// A url pointing to the Istio documentation for this specific error type.
+	// Should be of the form
+	// `^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/`
+	// Required.
+	DocumentationUrl string `protobuf:"bytes,3,opt,name=documentation_url,json=documentationUrl,proto3" json:"documentation_url,omitempty"`
+	unknownFields    protoimpl.UnknownFields
+	sizeCache        protoimpl.SizeCache
+}
+
+func (x *AnalysisMessageBase) Reset() {
+	*x = AnalysisMessageBase{}
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AnalysisMessageBase) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AnalysisMessageBase) ProtoMessage() {}
+
+func (x *AnalysisMessageBase) ProtoReflect() protoreflect.Message {
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AnalysisMessageBase.ProtoReflect.Descriptor instead.
+func (*AnalysisMessageBase) Descriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AnalysisMessageBase) GetType() *AnalysisMessageBase_Type {
+	if x != nil {
+		return x.Type
+	}
+	return nil
+}
+
+func (x *AnalysisMessageBase) GetLevel() AnalysisMessageBase_Level {
+	if x != nil {
+		return x.Level
+	}
+	return AnalysisMessageBase_UNKNOWN
+}
+
+func (x *AnalysisMessageBase) GetDocumentationUrl() string {
+	if x != nil {
+		return x.DocumentationUrl
+	}
+	return ""
+}
+
+// AnalysisMessageWeakSchema is the set of information that's needed to define a
+// weakly-typed schema. The purpose of this proto is to provide a mechanism for
+// validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make
+// sure that we don't allow committing underspecified types.
+type AnalysisMessageWeakSchema struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Required
+	MessageBase *AnalysisMessageBase `protobuf:"bytes,1,opt,name=message_base,json=messageBase,proto3" json:"message_base,omitempty"`
+	// A human readable description of what the error means. Required.
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	// A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing)
+	// defining how to combine the args for a  particular message into a log line.
+	// Required.
+	Template string `protobuf:"bytes,3,opt,name=template,proto3" json:"template,omitempty"`
+	// A description of the arguments for a particular message type
+	Args          []*AnalysisMessageWeakSchema_ArgType `protobuf:"bytes,4,rep,name=args,proto3" json:"args,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AnalysisMessageWeakSchema) Reset() {
+	*x = AnalysisMessageWeakSchema{}
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AnalysisMessageWeakSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AnalysisMessageWeakSchema) ProtoMessage() {}
+
+func (x *AnalysisMessageWeakSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AnalysisMessageWeakSchema.ProtoReflect.Descriptor instead.
+func (*AnalysisMessageWeakSchema) Descriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *AnalysisMessageWeakSchema) GetMessageBase() *AnalysisMessageBase {
+	if x != nil {
+		return x.MessageBase
+	}
+	return nil
+}
+
+func (x *AnalysisMessageWeakSchema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *AnalysisMessageWeakSchema) GetTemplate() string {
+	if x != nil {
+		return x.Template
+	}
+	return ""
+}
+
+func (x *AnalysisMessageWeakSchema) GetArgs() []*AnalysisMessageWeakSchema_ArgType {
+	if x != nil {
+		return x.Args
+	}
+	return nil
+}
+
+// GenericAnalysisMessage is an instance of an AnalysisMessage defined by a
+// schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code
+// should be able to perform validation of arguments as needed by using the
+// message type information to look at the AnalysisMessageWeakSchema and examine the
+// list of args at runtime. Developers can also create stronger-typed versions
+// of GenericAnalysisMessage for well-known and stable message types.
+type GenericAnalysisMessage struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Required
+	MessageBase *AnalysisMessageBase `protobuf:"bytes,1,opt,name=message_base,json=messageBase,proto3" json:"message_base,omitempty"`
+	// Any message-type specific arguments that need to get codified. Optional.
+	Args *_struct.Struct `protobuf:"bytes,2,opt,name=args,proto3" json:"args,omitempty"`
+	// A list of strings specifying the resource identifiers that were the cause
+	// of message generation. A "path" here is a (NAMESPACE\/)?RESOURCETYPE/NAME
+	// tuple that uniquely identifies a particular resource. There doesn't seem to
+	// be a single concept for this, but this is intuitively taken from
+	// https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology
+	// At least one is required.
+	ResourcePaths []string `protobuf:"bytes,3,rep,name=resource_paths,json=resourcePaths,proto3" json:"resource_paths,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GenericAnalysisMessage) Reset() {
+	*x = GenericAnalysisMessage{}
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GenericAnalysisMessage) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GenericAnalysisMessage) ProtoMessage() {}
+
+func (x *GenericAnalysisMessage) ProtoReflect() protoreflect.Message {
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GenericAnalysisMessage.ProtoReflect.Descriptor instead.
+func (*GenericAnalysisMessage) Descriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GenericAnalysisMessage) GetMessageBase() *AnalysisMessageBase {
+	if x != nil {
+		return x.MessageBase
+	}
+	return nil
+}
+
+func (x *GenericAnalysisMessage) GetArgs() *_struct.Struct {
+	if x != nil {
+		return x.Args
+	}
+	return nil
+}
+
+func (x *GenericAnalysisMessage) GetResourcePaths() []string {
+	if x != nil {
+		return x.ResourcePaths
+	}
+	return nil
+}
+
+// InternalErrorAnalysisMessage is a strongly-typed message representing some
+// error in Istio code that prevented us from performing analysis at all.
+type InternalErrorAnalysisMessage struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Required
+	MessageBase *AnalysisMessageBase `protobuf:"bytes,1,opt,name=message_base,json=messageBase,proto3" json:"message_base,omitempty"`
+	// Any detail regarding specifics of the error. Should be human-readable.
+	Detail        string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *InternalErrorAnalysisMessage) Reset() {
+	*x = InternalErrorAnalysisMessage{}
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *InternalErrorAnalysisMessage) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InternalErrorAnalysisMessage) ProtoMessage() {}
+
+func (x *InternalErrorAnalysisMessage) ProtoReflect() protoreflect.Message {
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InternalErrorAnalysisMessage.ProtoReflect.Descriptor instead.
+func (*InternalErrorAnalysisMessage) Descriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *InternalErrorAnalysisMessage) GetMessageBase() *AnalysisMessageBase {
+	if x != nil {
+		return x.MessageBase
+	}
+	return nil
+}
+
+func (x *InternalErrorAnalysisMessage) GetDetail() string {
+	if x != nil {
+		return x.Detail
+	}
+	return ""
+}
+
+// A unique identifier for the type of message. Name is intended to be
+// human-readable, code is intended to be machine readable. There should be a
+// one-to-one mapping between name and code. (i.e. do not re-use names or
+// codes between message types.)
+type AnalysisMessageBase_Type struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// A human-readable name for the message type. e.g. "InternalError",
+	// "PodMissingProxy". This should be the same for all messages of the same type.
+	// Required.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify
+	// the message type. (e.g. "IST0001" is mapped to the "InternalError" message
+	// type.) 0000-0100 are reserved. Required.
+	Code          string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AnalysisMessageBase_Type) Reset() {
+	*x = AnalysisMessageBase_Type{}
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AnalysisMessageBase_Type) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AnalysisMessageBase_Type) ProtoMessage() {}
+
+func (x *AnalysisMessageBase_Type) ProtoReflect() protoreflect.Message {
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AnalysisMessageBase_Type.ProtoReflect.Descriptor instead.
+func (*AnalysisMessageBase_Type) Descriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *AnalysisMessageBase_Type) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *AnalysisMessageBase_Type) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+type AnalysisMessageWeakSchema_ArgType struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Required
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Required. Should be a golang type, used in code generation.
+	// Ideally this will change to a less language-pinned type before this gets
+	// out of alpha, but for compatibility with current istio/istio code it's
+	// go_type for now.
+	GoType        string `protobuf:"bytes,2,opt,name=go_type,json=goType,proto3" json:"go_type,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AnalysisMessageWeakSchema_ArgType) Reset() {
+	*x = AnalysisMessageWeakSchema_ArgType{}
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AnalysisMessageWeakSchema_ArgType) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AnalysisMessageWeakSchema_ArgType) ProtoMessage() {}
+
+func (x *AnalysisMessageWeakSchema_ArgType) ProtoReflect() protoreflect.Message {
+	mi := &file_analysis_v1alpha1_message_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AnalysisMessageWeakSchema_ArgType.ProtoReflect.Descriptor instead.
+func (*AnalysisMessageWeakSchema_ArgType) Descriptor() ([]byte, []int) {
+	return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{1, 0}
+}
+
+func (x *AnalysisMessageWeakSchema_ArgType) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *AnalysisMessageWeakSchema_ArgType) GetGoType() string {
+	if x != nil {
+		return x.GoType
+	}
+	return ""
+}
+
+var File_analysis_v1alpha1_message_proto protoreflect.FileDescriptor
+
+const file_analysis_v1alpha1_message_proto_rawDesc = "" +
+	"\n" +
+	"\x1fanalysis/v1alpha1/message.proto\x12\x17istio.analysis.v1alpha1\x1a\x1cgoogle/protobuf/struct.proto\"\xbb\x02\n" +
+	"\x13AnalysisMessageBase\x12E\n" +
+	"\x04type\x18\x01 \x01(\v21.istio.analysis.v1alpha1.AnalysisMessageBase.TypeR\x04type\x12H\n" +
+	"\x05level\x18\x02 \x01(\x0e22.istio.analysis.v1alpha1.AnalysisMessageBase.LevelR\x05level\x12+\n" +
+	"\x11documentation_url\x18\x03 \x01(\tR\x10documentationUrl\x1a.\n" +
+	"\x04Type\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12\x12\n" +
+	"\x04code\x18\x02 \x01(\tR\x04code\"6\n" +
+	"\x05Level\x12\v\n" +
+	"\aUNKNOWN\x10\x00\x12\t\n" +
+	"\x05ERROR\x10\x03\x12\v\n" +
+	"\aWARNING\x10\b\x12\b\n" +
+	"\x04INFO\x10\f\"\xb2\x02\n" +
+	"\x19AnalysisMessageWeakSchema\x12O\n" +
+	"\fmessage_base\x18\x01 \x01(\v2,.istio.analysis.v1alpha1.AnalysisMessageBaseR\vmessageBase\x12 \n" +
+	"\vdescription\x18\x02 \x01(\tR\vdescription\x12\x1a\n" +
+	"\btemplate\x18\x03 \x01(\tR\btemplate\x12N\n" +
+	"\x04args\x18\x04 \x03(\v2:.istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgTypeR\x04args\x1a6\n" +
+	"\aArgType\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12\x17\n" +
+	"\ago_type\x18\x02 \x01(\tR\x06goType\"\xbd\x01\n" +
+	"\x16GenericAnalysisMessage\x12O\n" +
+	"\fmessage_base\x18\x01 \x01(\v2,.istio.analysis.v1alpha1.AnalysisMessageBaseR\vmessageBase\x12+\n" +
+	"\x04args\x18\x02 \x01(\v2\x17.google.protobuf.StructR\x04args\x12%\n" +
+	"\x0eresource_paths\x18\x03 \x03(\tR\rresourcePaths\"\x87\x01\n" +
+	"\x1cInternalErrorAnalysisMessage\x12O\n" +
+	"\fmessage_base\x18\x01 \x01(\v2,.istio.analysis.v1alpha1.AnalysisMessageBaseR\vmessageBase\x12\x16\n" +
+	"\x06detail\x18\x02 \x01(\tR\x06detailB Z\x1eistio.io/api/analysis/v1alpha1b\x06proto3"
+
+var (
+	file_analysis_v1alpha1_message_proto_rawDescOnce sync.Once
+	file_analysis_v1alpha1_message_proto_rawDescData []byte
+)
+
+func file_analysis_v1alpha1_message_proto_rawDescGZIP() []byte {
+	file_analysis_v1alpha1_message_proto_rawDescOnce.Do(func() {
+		file_analysis_v1alpha1_message_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_analysis_v1alpha1_message_proto_rawDesc), len(file_analysis_v1alpha1_message_proto_rawDesc)))
+	})
+	return file_analysis_v1alpha1_message_proto_rawDescData
+}
+
+var file_analysis_v1alpha1_message_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_analysis_v1alpha1_message_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+var file_analysis_v1alpha1_message_proto_goTypes = []any{
+	(AnalysisMessageBase_Level)(0),            // 0: istio.analysis.v1alpha1.AnalysisMessageBase.Level
+	(*AnalysisMessageBase)(nil),               // 1: istio.analysis.v1alpha1.AnalysisMessageBase
+	(*AnalysisMessageWeakSchema)(nil),         // 2: istio.analysis.v1alpha1.AnalysisMessageWeakSchema
+	(*GenericAnalysisMessage)(nil),            // 3: istio.analysis.v1alpha1.GenericAnalysisMessage
+	(*InternalErrorAnalysisMessage)(nil),      // 4: istio.analysis.v1alpha1.InternalErrorAnalysisMessage
+	(*AnalysisMessageBase_Type)(nil),          // 5: istio.analysis.v1alpha1.AnalysisMessageBase.Type
+	(*AnalysisMessageWeakSchema_ArgType)(nil), // 6: istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgType
+	(*_struct.Struct)(nil),                    // 7: google.protobuf.Struct
+}
+var file_analysis_v1alpha1_message_proto_depIdxs = []int32{
+	5, // 0: istio.analysis.v1alpha1.AnalysisMessageBase.type:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase.Type
+	0, // 1: istio.analysis.v1alpha1.AnalysisMessageBase.level:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase.Level
+	1, // 2: istio.analysis.v1alpha1.AnalysisMessageWeakSchema.message_base:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase
+	6, // 3: istio.analysis.v1alpha1.AnalysisMessageWeakSchema.args:type_name -> istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgType
+	1, // 4: istio.analysis.v1alpha1.GenericAnalysisMessage.message_base:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase
+	7, // 5: istio.analysis.v1alpha1.GenericAnalysisMessage.args:type_name -> google.protobuf.Struct
+	1, // 6: istio.analysis.v1alpha1.InternalErrorAnalysisMessage.message_base:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase
+	7, // [7:7] is the sub-list for method output_type
+	7, // [7:7] is the sub-list for method input_type
+	7, // [7:7] is the sub-list for extension type_name
+	7, // [7:7] is the sub-list for extension extendee
+	0, // [0:7] is the sub-list for field type_name
+}
+
+func init() { file_analysis_v1alpha1_message_proto_init() }
+func file_analysis_v1alpha1_message_proto_init() {
+	if File_analysis_v1alpha1_message_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_analysis_v1alpha1_message_proto_rawDesc), len(file_analysis_v1alpha1_message_proto_rawDesc)),
+			NumEnums:      1,
+			NumMessages:   6,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_analysis_v1alpha1_message_proto_goTypes,
+		DependencyIndexes: file_analysis_v1alpha1_message_proto_depIdxs,
+		EnumInfos:         file_analysis_v1alpha1_message_proto_enumTypes,
+		MessageInfos:      file_analysis_v1alpha1_message_proto_msgTypes,
+	}.Build()
+	File_analysis_v1alpha1_message_proto = out.File
+	file_analysis_v1alpha1_message_proto_goTypes = nil
+	file_analysis_v1alpha1_message_proto_depIdxs = nil
+}

analysis/v1alpha1/message.pb.html

@@ -0,0 +1,309 @@
+---
+title: Analysis Messages
+description: Describes the structure of messages generated by Istio analyzers.
+location: https://istio.io/docs/reference/config/istio.analysis.v1alpha1.html
+layout: protoc-gen-docs
+generator: protoc-gen-docs
+weight: 20
+number_of_entries: 7
+---
+<p>Describes the structure of messages generated by Istio analyzers.</p>
+
+<h2 id="AnalysisMessageBase">AnalysisMessageBase</h2>
+<section>
+<p>AnalysisMessageBase describes some common information that is needed for all
+messages. All information should be static with respect to the error code.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="AnalysisMessageBase-type">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageBase-type">type</a></code></div>
+<div class="type"><a href="#AnalysisMessageBase-Type">Type</a></div>
+</div></td>
+<td>
+</td>
+</tr>
+<tr id="AnalysisMessageBase-level">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageBase-level">level</a></code></div>
+<div class="type"><a href="#AnalysisMessageBase-Level">Level</a></div>
+</div></td>
+<td>
+<p>Represents how severe a message is. Required.</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageBase-documentation_url">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageBase-documentation_url">documentationUrl</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>A url pointing to the Istio documentation for this specific error type.
+Should be of the form
+<code>^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/</code>
+Required.</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h3 id="AnalysisMessageBase-Type">Type</h3>
+<section>
+<p>A unique identifier for the type of message. Name is intended to be
+human-readable, code is intended to be machine readable. There should be a
+one-to-one mapping between name and code. (i.e. do not re-use names or
+codes between message types.)</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="AnalysisMessageBase-Type-name">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageBase-Type-name">name</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>A human-readable name for the message type. e.g. &ldquo;InternalError&rdquo;,
+&ldquo;PodMissingProxy&rdquo;. This should be the same for all messages of the same type.
+Required.</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageBase-Type-code">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageBase-Type-code">code</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>A 7 character code matching <code>^IST[0-9]{4}$</code> intended to uniquely identify
+the message type. (e.g. &ldquo;IST0001&rdquo; is mapped to the &ldquo;InternalError&rdquo; message
+type.) 0000-0100 are reserved. Required.</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h3 id="AnalysisMessageBase-Level">Level</h3>
+<section>
+<p>The values here are chosen so that more severe messages get sorted higher,
+as well as leaving space in between to add more later</p>
+
+<table class="enum-values">
+<thead>
+<tr>
+<th>Name</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="AnalysisMessageBase-Level-UNKNOWN">
+<td><code><a href="#AnalysisMessageBase-Level-UNKNOWN">UNKNOWN</a></code></td>
+<td>
+<p>invalid, but included for proto compatibility for 0 values</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageBase-Level-ERROR">
+<td><code><a href="#AnalysisMessageBase-Level-ERROR">ERROR</a></code></td>
+<td>
+</td>
+</tr>
+<tr id="AnalysisMessageBase-Level-WARNING">
+<td><code><a href="#AnalysisMessageBase-Level-WARNING">WARNING</a></code></td>
+<td>
+</td>
+</tr>
+<tr id="AnalysisMessageBase-Level-INFO">
+<td><code><a href="#AnalysisMessageBase-Level-INFO">INFO</a></code></td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="AnalysisMessageWeakSchema">AnalysisMessageWeakSchema</h2>
+<section>
+<p>AnalysisMessageWeakSchema is the set of information that&rsquo;s needed to define a
+weakly-typed schema. The purpose of this proto is to provide a mechanism for
+validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make
+sure that we don&rsquo;t allow committing underspecified types.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="AnalysisMessageWeakSchema-message_base">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageWeakSchema-message_base">messageBase</a></code></div>
+<div class="type"><a href="#AnalysisMessageBase">AnalysisMessageBase</a></div>
+</div></td>
+<td>
+<p>Required</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageWeakSchema-description">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageWeakSchema-description">description</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>A human readable description of what the error means. Required.</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageWeakSchema-template">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageWeakSchema-template">template</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>A go-style template string (<a href="https://golang.org/pkg/fmt/#hdr-Printing">https://golang.org/pkg/fmt/#hdr-Printing</a>)
+defining how to combine the args for a  particular message into a log line.
+Required.</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageWeakSchema-args">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageWeakSchema-args">args</a></code></div>
+<div class="type"><a href="#AnalysisMessageWeakSchema-ArgType">ArgType[]</a></div>
+</div></td>
+<td>
+<p>A description of the arguments for a particular message type</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h3 id="AnalysisMessageWeakSchema-ArgType">ArgType</h3>
+<section>
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="AnalysisMessageWeakSchema-ArgType-name">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageWeakSchema-ArgType-name">name</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>Required</p>
+
+</td>
+</tr>
+<tr id="AnalysisMessageWeakSchema-ArgType-go_type">
+<td><div class="field"><div class="name"><code><a href="#AnalysisMessageWeakSchema-ArgType-go_type">goType</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>Should be a golang type, used in code generation.
+Ideally this will change to a less language-pinned type before this gets
+out of alpha, but for compatibility with current istio/istio code it&rsquo;s
+go_type for now.</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="GenericAnalysisMessage">GenericAnalysisMessage</h2>
+<section>
+<p>GenericAnalysisMessage is an instance of an AnalysisMessage defined by a
+schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code
+should be able to perform validation of arguments as needed by using the
+message type information to look at the AnalysisMessageWeakSchema and examine the
+list of args at runtime. Developers can also create stronger-typed versions
+of GenericAnalysisMessage for well-known and stable message types.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="GenericAnalysisMessage-message_base">
+<td><div class="field"><div class="name"><code><a href="#GenericAnalysisMessage-message_base">messageBase</a></code></div>
+<div class="type"><a href="#AnalysisMessageBase">AnalysisMessageBase</a></div>
+</div></td>
+<td>
+<p>Required</p>
+
+</td>
+</tr>
+<tr id="GenericAnalysisMessage-args">
+<td><div class="field"><div class="name"><code><a href="#GenericAnalysisMessage-args">args</a></code></div>
+<div class="type"><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">Struct</a></div>
+</div></td>
+<td>
+<p>Any message-type specific arguments that need to get codified. Optional.</p>
+
+</td>
+</tr>
+<tr id="GenericAnalysisMessage-resource_paths">
+<td><div class="field"><div class="name"><code><a href="#GenericAnalysisMessage-resource_paths">resourcePaths</a></code></div>
+<div class="type">string[]</div>
+</div></td>
+<td>
+<p>A list of strings specifying the resource identifiers that were the cause
+of message generation. A &ldquo;path&rdquo; here is a (NAMESPACE/)?RESOURCETYPE/NAME
+tuple that uniquely identifies a particular resource. There doesn&rsquo;t seem to
+be a single concept for this, but this is intuitively taken from
+<a href="https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology">https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology</a>
+At least one is required.</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="InternalErrorAnalysisMessage">InternalErrorAnalysisMessage</h2>
+<section>
+<p>InternalErrorAnalysisMessage is a strongly-typed message representing some
+error in Istio code that prevented us from performing analysis at all.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="InternalErrorAnalysisMessage-message_base">
+<td><div class="field"><div class="name"><code><a href="#InternalErrorAnalysisMessage-message_base">messageBase</a></code></div>
+<div class="type"><a href="#AnalysisMessageBase">AnalysisMessageBase</a></div>
+</div></td>
+<td>
+<p>Required</p>
+
+</td>
+</tr>
+<tr id="InternalErrorAnalysisMessage-detail">
+<td><div class="field"><div class="name"><code><a href="#InternalErrorAnalysisMessage-detail">detail</a></code></div>
+<div class="type">string</div>
+</div></td>
+<td>
+<p>Any detail regarding specifics of the error. Should be human-readable.</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>

analysis/v1alpha1/message.proto

@@ -0,0 +1,143 @@
+// Copyright 2019 Istio Authors
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+syntax = "proto3";
+
+// $title: Analysis Messages
+// $description: Describes the structure of messages generated by Istio analyzers.
+// $location: https://istio.io/docs/reference/config/istio.analysis.v1alpha1.html
+// $weight: 20
+
+// Describes the structure of messages generated by Istio analyzers.
+package istio.analysis.v1alpha1;
+
+import "google/protobuf/struct.proto";
+
+option go_package = "istio.io/api/analysis/v1alpha1";
+
+// There are four messages described in this file. One of them is a struct
+// common to the other three: AnalysisMessageBase. Using this, we can construct
+// one of three different structures.
+// One is the AnalysisMessageWeakSchema, a  YAML only description of a message
+// type intended to be used where strong API guarantees are not necessary.
+// One is the GenericAnalysisMessage, which is the struct that we guarantee that
+// you can deserialize any analysis message to. Istio internally uses generated
+// golang types from messages.yaml, so in order to reduce friction in creating
+// new analyzers we offer a path that doesn't require committing to two
+// different repos and solidifying the interface.
+// Finally, we can create a new proto message of a specific message type and
+// commit it to istio/api when we need a strong guarantee for cross platform
+// communication.
+
+// AnalysisMessageBase describes some common information that is needed for all
+// messages. All information should be static with respect to the error code.
+message AnalysisMessageBase {
+  // A unique identifier for the type of message. Name is intended to be
+  // human-readable, code is intended to be machine readable. There should be a
+  // one-to-one mapping between name and code. (i.e. do not re-use names or
+  // codes between message types.)
+  message Type {
+    // A human-readable name for the message type. e.g. "InternalError",
+    // "PodMissingProxy". This should be the same for all messages of the same type.
+    // Required.
+    string name = 1;
+
+    // A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify
+    // the message type. (e.g. "IST0001" is mapped to the "InternalError" message
+    // type.) 0000-0100 are reserved. Required.
+    string code = 2;
+  }
+
+  Type type = 1;
+
+  // The values here are chosen so that more severe messages get sorted higher,
+  // as well as leaving space in between to add more later
+  enum Level {
+    UNKNOWN = 0; // invalid, but included for proto compatibility for 0 values
+    ERROR = 3;
+    WARNING = 8;
+    INFO = 12;
+  }
+
+  // Represents how severe a message is. Required.
+  Level level = 2;
+
+  // A url pointing to the Istio documentation for this specific error type.
+  // Should be of the form
+  // `^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/`
+  // Required.
+  string documentation_url = 3;
+}
+
+// AnalysisMessageWeakSchema is the set of information that's needed to define a
+// weakly-typed schema. The purpose of this proto is to provide a mechanism for
+// validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make
+// sure that we don't allow committing underspecified types.
+message AnalysisMessageWeakSchema {
+  // Required
+  AnalysisMessageBase message_base = 1;
+
+  // A human readable description of what the error means. Required.
+  string description = 2;
+
+  // A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing)
+  // defining how to combine the args for a  particular message into a log line.
+  // Required.
+  string template = 3;
+
+  message ArgType {
+    // Required
+    string name = 1;
+    // Required. Should be a golang type, used in code generation.
+    // Ideally this will change to a less language-pinned type before this gets
+    // out of alpha, but for compatibility with current istio/istio code it's
+    // go_type for now.
+    string go_type = 2;
+  }
+
+  // A description of the arguments for a particular message type
+  repeated ArgType args = 4;
+}
+
+// GenericAnalysisMessage is an instance of an AnalysisMessage defined by a
+// schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code
+// should be able to perform validation of arguments as needed by using the
+// message type information to look at the AnalysisMessageWeakSchema and examine the
+// list of args at runtime. Developers can also create stronger-typed versions
+// of GenericAnalysisMessage for well-known and stable message types.
+message GenericAnalysisMessage {
+  // Required
+  AnalysisMessageBase message_base = 1;
+
+  // Any message-type specific arguments that need to get codified. Optional.
+  google.protobuf.Struct args = 2;
+
+  // A list of strings specifying the resource identifiers that were the cause
+  // of message generation. A "path" here is a (NAMESPACE\/)?RESOURCETYPE/NAME
+  // tuple that uniquely identifies a particular resource. There doesn't seem to
+  // be a single concept for this, but this is intuitively taken from
+  // https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology
+  // At least one is required.
+  repeated string resource_paths = 3;
+}
+
+// InternalErrorAnalysisMessage is a strongly-typed message representing some
+// error in Istio code that prevented us from performing analysis at all.
+message InternalErrorAnalysisMessage {
+  // Required
+  AnalysisMessageBase message_base = 1;
+
+  // Any detail regarding specifics of the error. Should be human-readable.
+  string detail = 2;
+}

analysis/v1alpha1/message_deepcopy.gen.go

@@ -0,0 +1,132 @@
+// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
+package v1alpha1
+
+import (
+	proto "google.golang.org/protobuf/proto"
+)
+
+// DeepCopyInto supports using AnalysisMessageBase within kubernetes types, where deepcopy-gen is used.
+func (in *AnalysisMessageBase) DeepCopyInto(out *AnalysisMessageBase) {
+	p := proto.Clone(in).(*AnalysisMessageBase)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase. Required by controller-gen.
+func (in *AnalysisMessageBase) DeepCopy() *AnalysisMessageBase {
+	if in == nil {
+		return nil
+	}
+	out := new(AnalysisMessageBase)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase. Required by controller-gen.
+func (in *AnalysisMessageBase) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto supports using AnalysisMessageBase_Type within kubernetes types, where deepcopy-gen is used.
+func (in *AnalysisMessageBase_Type) DeepCopyInto(out *AnalysisMessageBase_Type) {
+	p := proto.Clone(in).(*AnalysisMessageBase_Type)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase_Type. Required by controller-gen.
+func (in *AnalysisMessageBase_Type) DeepCopy() *AnalysisMessageBase_Type {
+	if in == nil {
+		return nil
+	}
+	out := new(AnalysisMessageBase_Type)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase_Type. Required by controller-gen.
+func (in *AnalysisMessageBase_Type) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto supports using AnalysisMessageWeakSchema within kubernetes types, where deepcopy-gen is used.
+func (in *AnalysisMessageWeakSchema) DeepCopyInto(out *AnalysisMessageWeakSchema) {
+	p := proto.Clone(in).(*AnalysisMessageWeakSchema)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema. Required by controller-gen.
+func (in *AnalysisMessageWeakSchema) DeepCopy() *AnalysisMessageWeakSchema {
+	if in == nil {
+		return nil
+	}
+	out := new(AnalysisMessageWeakSchema)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema. Required by controller-gen.
+func (in *AnalysisMessageWeakSchema) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto supports using AnalysisMessageWeakSchema_ArgType within kubernetes types, where deepcopy-gen is used.
+func (in *AnalysisMessageWeakSchema_ArgType) DeepCopyInto(out *AnalysisMessageWeakSchema_ArgType) {
+	p := proto.Clone(in).(*AnalysisMessageWeakSchema_ArgType)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema_ArgType. Required by controller-gen.
+func (in *AnalysisMessageWeakSchema_ArgType) DeepCopy() *AnalysisMessageWeakSchema_ArgType {
+	if in == nil {
+		return nil
+	}
+	out := new(AnalysisMessageWeakSchema_ArgType)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema_ArgType. Required by controller-gen.
+func (in *AnalysisMessageWeakSchema_ArgType) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto supports using GenericAnalysisMessage within kubernetes types, where deepcopy-gen is used.
+func (in *GenericAnalysisMessage) DeepCopyInto(out *GenericAnalysisMessage) {
+	p := proto.Clone(in).(*GenericAnalysisMessage)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericAnalysisMessage. Required by controller-gen.
+func (in *GenericAnalysisMessage) DeepCopy() *GenericAnalysisMessage {
+	if in == nil {
+		return nil
+	}
+	out := new(GenericAnalysisMessage)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new GenericAnalysisMessage. Required by controller-gen.
+func (in *GenericAnalysisMessage) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto supports using InternalErrorAnalysisMessage within kubernetes types, where deepcopy-gen is used.
+func (in *InternalErrorAnalysisMessage) DeepCopyInto(out *InternalErrorAnalysisMessage) {
+	p := proto.Clone(in).(*InternalErrorAnalysisMessage)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalErrorAnalysisMessage. Required by controller-gen.
+func (in *InternalErrorAnalysisMessage) DeepCopy() *InternalErrorAnalysisMessage {
+	if in == nil {
+		return nil
+	}
+	out := new(InternalErrorAnalysisMessage)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new InternalErrorAnalysisMessage. Required by controller-gen.
+func (in *InternalErrorAnalysisMessage) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}

analysis/v1alpha1/message_json.gen.go

@@ -0,0 +1,78 @@
+// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
+package v1alpha1
+
+import (
+	bytes "bytes"
+	jsonpb "github.com/golang/protobuf/jsonpb"
+)
+
+// MarshalJSON is a custom marshaler for AnalysisMessageBase
+func (this *AnalysisMessageBase) MarshalJSON() ([]byte, error) {
+	str, err := MessageMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for AnalysisMessageBase
+func (this *AnalysisMessageBase) UnmarshalJSON(b []byte) error {
+	return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+// MarshalJSON is a custom marshaler for AnalysisMessageBase_Type
+func (this *AnalysisMessageBase_Type) MarshalJSON() ([]byte, error) {
+	str, err := MessageMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for AnalysisMessageBase_Type
+func (this *AnalysisMessageBase_Type) UnmarshalJSON(b []byte) error {
+	return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+// MarshalJSON is a custom marshaler for AnalysisMessageWeakSchema
+func (this *AnalysisMessageWeakSchema) MarshalJSON() ([]byte, error) {
+	str, err := MessageMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for AnalysisMessageWeakSchema
+func (this *AnalysisMessageWeakSchema) UnmarshalJSON(b []byte) error {
+	return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+// MarshalJSON is a custom marshaler for AnalysisMessageWeakSchema_ArgType
+func (this *AnalysisMessageWeakSchema_ArgType) MarshalJSON() ([]byte, error) {
+	str, err := MessageMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for AnalysisMessageWeakSchema_ArgType
+func (this *AnalysisMessageWeakSchema_ArgType) UnmarshalJSON(b []byte) error {
+	return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+// MarshalJSON is a custom marshaler for GenericAnalysisMessage
+func (this *GenericAnalysisMessage) MarshalJSON() ([]byte, error) {
+	str, err := MessageMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for GenericAnalysisMessage
+func (this *GenericAnalysisMessage) UnmarshalJSON(b []byte) error {
+	return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+// MarshalJSON is a custom marshaler for InternalErrorAnalysisMessage
+func (this *InternalErrorAnalysisMessage) MarshalJSON() ([]byte, error) {
+	str, err := MessageMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for InternalErrorAnalysisMessage
+func (this *InternalErrorAnalysisMessage) UnmarshalJSON(b []byte) error {
+	return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
+var (
+	MessageMarshaler   = &jsonpb.Marshaler{}
+	MessageUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
+)

annotation/annotations.yaml

@@ -0,0 +1,605 @@
+# Copyright 2019 Istio Authors
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+annotations:
+  - name: prometheus.istio.io/merge-metrics
+    featureStatus: Alpha
+    variableName: PrometheusMergeMetrics
+    description: Specifies if application Prometheus metric will be merged with Envoy metrics
+      for this workload.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: alpha.istio.io/kubernetes-serviceaccounts
+    featureStatus: Alpha
+    variableName: AlphaKubernetesServiceAccounts
+    description: Specifies the Kubernetes service accounts that are allowed to run this
+      service on the VMs.
+    deprecated: true
+    hidden: true
+    resources:
+      - Service
+
+  - name: alpha.istio.io/canonical-serviceaccounts
+    featureStatus: Alpha
+    variableName: AlphaCanonicalServiceAccounts
+    description: Specifies the non-Kubernetes service accounts that are allowed to
+      run this service.
+    deprecated: true
+    hidden: true
+    resources:
+      - Service
+
+  - name: networking.istio.io/exportTo
+    featureStatus: Alpha
+    description: Specifies the namespaces to which this service should be exported to.
+      A value of `*` indicates it is reachable within the mesh. `.` indicates it is
+      reachable within its namespace. '~' indicates it is hidden and exported to no namespaces. Additionally, a list of comma separated namespace names can be specified.
+    deprecated: false
+    hidden: false
+    resources:
+      - Service
+
+  - name: sidecar.istio.io/inject
+    featureStatus: Beta
+    description: Specifies whether or not an Envoy sidecar should be automatically
+      injected into the workload. This annotation has been deprecated in favor of the
+      `sidecar.istio.io/inject` label documented [here](/docs/reference/config/labels/#SidecarInject).
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/status
+    featureStatus: Alpha
+    description: Generated by Envoy sidecar injection that indicates the status of
+      the operation. Includes a version hash of the executed template, as well as names of
+      injected resources.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/rewriteAppHTTPProbers
+    featureStatus: Alpha
+    description: Rewrite HTTP readiness and liveness probes to be redirected to
+      the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/discoveryAddress
+    featureStatus: Alpha
+    description: Specifies the XDS discovery address to be used by the Envoy
+      sidecar.
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/proxyImage
+    featureStatus: Alpha
+    description: Specifies the Docker image to be used by the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/proxyImageType
+    featureStatus: Alpha
+    description: Specifies the Docker image type to be used by the Envoy sidecar. Istio publishes debug
+      and distroless image types for every release tag.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/proxyCPU
+    featureStatus: Alpha
+    description: Specifies the requested CPU setting for the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/proxyCPULimit
+    featureStatus: Alpha
+    description: Specifies the CPU limit for the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/proxyMemory
+    featureStatus: Alpha
+    description: Specifies the requested memory setting for the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/proxyMemoryLimit
+    description: Specifies the memory limit for the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/interceptionMode
+    featureStatus: Alpha
+    description: Specifies the mode used to redirect inbound connections to Envoy
+      (REDIRECT or TPROXY).
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/bootstrapOverride
+    featureStatus: Alpha
+    description: Specifies an alternative Envoy bootstrap configuration file.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/statsInclusionPrefixes
+    featureStatus: Alpha
+    description: Specifies the comma separated list of prefixes of the stats to be
+      emitted by Envoy.
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/statsInclusionSuffixes
+    featureStatus: Alpha
+    description: Specifies the comma separated list of suffixes of the stats to be
+      emitted by Envoy.
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/statsInclusionRegexps
+    featureStatus: Alpha
+    description: Specifies the comma separated list of regexes the stats should match
+      to be emitted by Envoy.
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/statsHistogramBuckets
+    featureStatus: Alpha
+    description: Specifies the custom histogram buckets with a prefix matcher to separate the Istio mesh metrics from the Envoy stats, e.g. `{"istiocustom":[1,5,10,50,100,500,1000,5000,10000],"cluster.xds-grpc":[1,5,10,25,50,100,250,500,1000,2500,5000,10000]}`. Default buckets are `[0.5,1,5,10,25,50,100,250,500,1000,2500,5000,10000,30000,60000,300000,600000,1800000,3600000]`.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/userVolume
+    featureStatus: Alpha
+    description: Specifies one or more user volumes (as a JSON array) to be added to
+      the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/userVolumeMount
+    description: Specifies one or more user volume mounts (as a JSON array) to be added
+      to the Envoy sidecar.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: status.sidecar.istio.io/port
+    featureStatus: Alpha
+    description: Specifies the HTTP status Port for the Envoy sidecar. If zero, the
+      sidecar will not provide status.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/logLevel
+    featureStatus: Alpha
+    description: Specifies the log level for Envoy.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/componentLogLevel
+    featureStatus: Alpha
+    description: Specifies the component log level for Envoy.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/agentLogLevel
+    featureStatus: Alpha
+    description: Specifies the log output level for pilot-agent.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/nativeSidecar
+    featureStatus: Alpha
+    description: Specifies if the istio-proxy sidecar should be injected as a
+      native sidecar or not. Takes precedence over the ENABLE_NATIVE_SIDECARS
+      environment variable.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: readiness.status.sidecar.istio.io/initialDelaySeconds
+    featureStatus: Alpha
+    description: Specifies the initial delay (in seconds) for the Envoy sidecar readiness
+      probe.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: readiness.status.sidecar.istio.io/periodSeconds
+    featureStatus: Alpha
+    description: Specifies the period (in seconds) for the Envoy sidecar readiness probe.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: readiness.status.sidecar.istio.io/failureThreshold
+    featureStatus: Alpha
+    description: Specifies the failure threshold for the Envoy sidecar readiness probe.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: readiness.status.sidecar.istio.io/applicationPorts
+    featureStatus: Alpha
+    description: Specifies the list of ports exposed by the application container. Used
+      by the Envoy sidecar readiness probe to determine that Envoy is configured and ready
+      to receive traffic.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.istio.io/nodeSelector
+    featureStatus: Stable
+    description: This annotation is a set of node-labels (key1=value,key2=value). If the
+      annotated Service is of type NodePort and is a multi-network gateway (see
+      topology.istio.io/network), the addresses for selected nodes will be used for
+      cross-network communication.
+    deprecated: false
+    hidden: false
+    resources:
+      - Service
+
+  - name: traffic.sidecar.istio.io/includeOutboundIPRanges
+    featureStatus: Alpha
+    description: A comma separated list of IP ranges in CIDR form to redirect to Envoy
+      (optional). The wildcard character '*' can be used to redirect all outbound traffic.
+      An empty list will disable all outbound redirection.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/excludeOutboundIPRanges
+    featureStatus: Alpha
+    description: A comma separated list of IP ranges in CIDR form to be excluded from
+      redirection. Only applies when all outbound traffic (i.e. '*') is being redirected.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/includeInboundPorts
+    description: A comma separated list of inbound ports for which traffic is to be
+      redirected to Envoy. The wildcard character '*' can be used to configure redirection
+      for all ports. An empty list will disable all inbound redirection.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/excludeInboundPorts
+    featureStatus: Alpha
+    description: A comma separated list of inbound ports to be excluded from redirection
+      to Envoy. Only applies when all inbound traffic (i.e. '*') is being redirected.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/excludeInterfaces
+    featureStatus: Alpha
+    description: A comma separated list of interfaces to be excluded from Istio traffic capture
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/includeOutboundPorts
+    featureStatus: Alpha
+    description: A comma separated list of outbound ports for which traffic is to be
+      redirected to Envoy, regardless of the destination IP.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/excludeOutboundPorts
+    featureStatus: Alpha
+    description: A comma separated list of outbound ports to be excluded from redirection
+      to Envoy.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: traffic.sidecar.istio.io/kubevirtInterfaces
+    featureStatus: Alpha
+    description: A comma separated list of virtual interfaces whose inbound traffic
+      (from VM) will be treated as outbound. Deprecated in favor of `istio.io/redirect-virtual-interfaces`
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: kubernetes.io/ingress.class
+    featureStatus: Stable
+    description: Annotation on an Ingress resources denoting the class of controllers responsible for it.
+    deprecated: false
+    hidden: false
+    resources:
+      - Ingress
+
+  - name: galley.istio.io/analyze-suppress
+    featureStatus: Alpha
+    description: A comma separated list of configuration analysis message codes
+      to suppress when Istio analyzers are run. For example, to suppress
+      reporting of IST0103 (PodMissingProxy) and IST0108 (UnknownAnnotation) on
+      a resource, apply the annotation
+      'galley.istio.io/analyze-suppress=IST0108,IST0103'. If the value is '*',
+      then all configuration analysis messages are suppressed.
+    deprecated: false
+    hidden: false
+    resources:
+      - Any
+
+  - name: proxy.istio.io/config
+    featureStatus: Beta
+    description: Overrides for the proxy configuration for this specific proxy. Available options
+      can be found at https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: istio.io/dry-run
+    featureStatus: Alpha
+    description: Specifies whether or not the given resource is in dry-run mode. See
+      https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/ for more information.
+    deprecated: false
+    hidden: false
+    resources:
+      - AuthorizationPolicy
+
+  - name: istio.io/rev
+    featureStatus: Alpha
+    description: Specifies a control plane revision to which a given proxy is connected.
+      This annotation is added automatically, not set by a user. In contrary to the label istio.io/rev,
+      it represents the actual revision, not the requested revision.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: proxy.istio.io/overrides
+    featureStatus: Alpha
+    description: Used internally to indicate user-specified overrides in the proxy container of the pod during injection.
+    deprecated: false
+    hidden: true
+    resources:
+      - Pod
+
+  - name: inject.istio.io/templates
+    featureStatus: Alpha
+    description: The name of the inject template(s) to use, as a comma separate list. See
+      https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental for more information.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/extraStatTags
+    featureStatus: Alpha
+    description: An additional list of tags to extract from the in-proxy Istio Wasm telemetry. Each additional tag needs to be present in this list.
+    deprecated: true
+    hidden: false
+    resources:
+      - Pod
+
+  - name: istio.io/autoRegistrationGroup
+    featureStatus: Alpha
+    description: On a WorkloadEntry stores the associated WorkloadGroup.
+    deprecated: false
+    hidden: true
+    resources:
+      - WorkloadEntry
+
+  - name: istio.io/workloadController
+    featureStatus: Alpha
+    description: On a WorkloadEntry should store the current/last pilot instance connected to the workload for XDS.
+    deprecated: false
+    hidden: true
+    resources:
+      - WorkloadEntry
+
+  - name: istio.io/connectedAt
+    featureStatus: Alpha
+    description: On a WorkloadEntry stores the time in nanoseconds when the associated workload connected to a Pilot instance.
+    deprecated: false
+    hidden: true
+    resources:
+      - WorkloadEntry
+
+  - name: istio.io/disconnectedAt
+    featureStatus: Alpha
+    description: On a WorkloadEntry stores the time in nanoseconds when the associated workload disconnected from a Pilot instance.
+    deprecated: false
+    hidden: true
+    resources:
+      - WorkloadEntry
+
+  - name: topology.istio.io/controlPlaneClusters
+    featureStatus: Alpha
+    description: A comma-separated list of clusters (or * for any) running istiod that should attempt leader election
+      for a remote cluster thats system namespace includes this annotation. Istiod will not attempt to lead unannotated
+      remote clusters.
+    deprecated: false
+    hidden: false
+    resources:
+      - Namespace
+
+  - name: gateway.istio.io/controller-version
+    featureStatus: Alpha
+    description: A version added to the Gateway by the controller specifying the "controller version".
+    deprecated: false
+    hidden: true
+    resources:
+      - Any
+
+  - name: ambient.istio.io/redirection
+    featureStatus: Beta
+    description: |-
+      Automatically configured by Istio to indicate a Pod was successfully enrolled in ambient mode.
+      This shows the actual state; to specify intent that a workload should be in ambient mode, see `istio.io/dataplane-mode`.
+      User should not manually modify this annotation.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: ambient.istio.io/waypoint-inbound-binding
+    featureStatus: Alpha
+    description: |
+      When set on a waypoint (either by its specific `Gateway`, or for the entire collection on the `GatewayClass`),
+      indicates how traffic should be sent to the waypoint. If unset, traffic will be sent to the waypoint as HBONE directly.
+
+      This takes the format: `<protocol>` or `<protocol>/<port>`.
+    deprecated: false
+    hidden: true
+    resources:
+      - GatewayClass
+      - Gateway
+
+  - name: gateway.istio.io/service-account
+    featureStatus: Alpha
+    description: |
+      Overrides the name of the generated `ServiceAccount` resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+    deprecated: false
+    hidden: true
+    resources:
+      - Gateway
+
+  - name: gateway.istio.io/name-override
+    featureStatus: Alpha
+    description: |
+      Overrides the name of the generated `Deployment` and `Service` resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+    deprecated: false
+    hidden: true
+    resources:
+      - Gateway
+
+  - name: networking.istio.io/service-type
+    featureStatus: Alpha
+    description: |
+      Overrides the type of the generated `Service` resource when using [Gateway auto-deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment)
+    deprecated: false
+    hidden: true
+    resources:
+      - Gateway
+
+  - name: networking.istio.io/traffic-distribution
+    featureStatus: Alpha
+    description: |
+      Controls how traffic is distributed across the set of available endpoints.
+      
+      At this time, this annotation only impacts routing done by Ztunnel.
+      
+      Accepted values:
+      * `PreferClose`: endpoints will be categorized by how "close" they are, consider network, region, zone, and subzone.
+        Traffic will be prioritized to the closest healthy endpoints.
+        For example, if I have a Service with `PreferClose` set, with endpoints in zones `us-west,us-west,us-east`. When 
+        sending traffic from a client in zone `us-west`, all traffic will go to the two `us-west` backends.
+        If one those backends become unhealthy, all traffic will go to the remaining endpoint in `us-west`.
+        If that backend becomes unhealthy, traffic will sent to `us-east`.
+    deprecated: false
+    hidden: false
+    resources:
+      - Service
+      - ServiceEntry
+
+  - name: ambient.istio.io/bypass-inbound-capture
+    featureStatus: Alpha
+    description: |
+      When specified on a `Pod` enrolled in ambient mesh, only outbound traffic will be captured.
+      This is intended to be used when enrolling a workload that only receives traffic from out-of-the-mesh clients, such as third party ingress controllers.
+    deprecated: false
+    hidden: true
+    resources:
+      - Pod
+
+  - name: istio.io/reroute-virtual-interfaces
+    featureStatus: Alpha
+    description: |
+      A comma separated list of virtual interfaces whose inbound traffic will be unconditionally treated as outbound. This allows workloads using virtualized networking (kubeVirt, VMs, docker-in-docker, etc) to function correctly with mesh traffic capture.
+      Note: When using docker-in-docker container, the default bridge interface name is typically `docker0`. However, custom networks (often used with docker compose) are assigned a randomized interface name. To have a predictable name, you can configure the Docker option `com.docker.network.bridge.name` with a fixed value and use that name in the annotation.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod
+
+  - name: ambient.istio.io/dns-capture
+    featureStatus: Alpha
+    description: |
+      When specified on a `Pod` enrolled in ambient mesh, controls whether DNS traffic (TCP and UDP on port 53) will be captured and proxied in ambient.
+      Note that setting this to `false` will break some Istio features, such as ServiceEntries and egress waypoints, but may be desirable for workloads that interact poorly with DNS proxies.
+    deprecated: false
+    hidden: true
+    resources:
+      - Pod
+
+  - name: sidecar.istio.io/statsCompression
+    featureStatus: Alpha
+    description: |
+      Specifies the compression algorithm to use for stats emitted by the Envoy sidecar.
+      Supported values are `brotli`, `gzip`, and `zstd`.
+    deprecated: false
+    hidden: false
+    resources:
+      - Pod

authentication/v1alpha1/istio.authentication.v1alpha1.pb.html

@@ -1,636 +0,0 @@
----
-title: Authentication Policy
-description: Authentication policy for Istio services.
-location: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html
-layout: protoc-gen-docs
-generator: protoc-gen-docs
-number_of_entries: 11
----
-<p>This package defines user-facing authentication policy.</p>
-
-<h2 id="Jwt">Jwt</h2>
-<section>
-<p>JSON Web Token (JWT) token format for authentication as defined by
-https://tools.ietf.org/html/rfc7519. See <a href="https://tools.ietf.org/html/rfc6749">OAuth
-2.0</a> and <a href="http://openid.net/connect">OIDC
-1.0</a> for how this is used in the whole
-authentication flow.</p>
-
-<p>For example:</p>
-
-<p>A JWT for any requests:</p>
-
-<pre><code class="language-yaml">issuer: https://example.com
-audiences:
-- bookstore_android.apps.googleusercontent.com
-  bookstore_web.apps.googleusercontent.com
-jwksUri: https://example.com/.well-known/jwks.json
-</code></pre>
-
-<p>A JWT for all requests except request at path <code>/health_check</code> and path with
-prefix <code>/status/</code>. This is useful to expose some paths for public access but
-keep others JWT validated.</p>
-
-<pre><code class="language-yaml">issuer: https://example.com
-jwks_uri: https://example.com/.well-known/jwks.json
-trigger_rules:
-- excluded_paths:
-  - exact: /health_check
-  - prefix: /status/
-</code></pre>
-
-<p>A JWT only for requests at path <code>/admin</code>. This is useful to only require JWT
-validation on a specific set of paths but keep others public accessible.</p>
-
-<pre><code class="language-yaml">issuer: https://example.com
-jwks_uri: https://example.com/.well-known/jwks.json
-trigger_rules:
-- included_paths:
-  - prefix: /admin
-</code></pre>
-
-<p>A JWT only for requests at path of prefix <code>/status/</code> but except the path of
-<code>/status/version</code>. This means for any request path with prefix <code>/status/</code> except
-<code>/status/version</code> will require a valid JWT to proceed.</p>
-
-<pre><code class="language-yaml">issuer: https://example.com
-jwks_uri: https://example.com/.well-known/jwks.json
-trigger_rules:
-- excluded_paths:
-  - exact: /status/version
-  included_paths:
-  - prefix: /status/
-</code></pre>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="Jwt-issuer">
-<td><code>issuer</code></td>
-<td><code>string</code></td>
-<td>
-<p>Identifies the issuer that issued the JWT. See
-<a href="https://tools.ietf.org/html/rfc7519#section-4.1.1">issuer</a>
-Usually a URL or an email address.</p>
-
-<p>Example: https://securetoken.google.com
-Example: 1234567-compute@developer.gserviceaccount.com</p>
-
-</td>
-</tr>
-<tr id="Jwt-audiences">
-<td><code>audiences</code></td>
-<td><code>string[]</code></td>
-<td>
-<p>The list of JWT
-<a href="https://tools.ietf.org/html/rfc7519#section-4.1.3">audiences</a>.
-that are allowed to access. A JWT containing any of these
-audiences will be accepted.</p>
-
-<p>The service name will be accepted if audiences is empty.</p>
-
-<p>Example:</p>
-
-<pre><code class="language-yaml">audiences:
-- bookstore_android.apps.googleusercontent.com
-  bookstore_web.apps.googleusercontent.com
-</code></pre>
-
-</td>
-</tr>
-<tr id="Jwt-jwks_uri">
-<td><code>jwksUri</code></td>
-<td><code>string</code></td>
-<td>
-<p>URL of the provider&rsquo;s public key set to validate signature of the
-JWT. See <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata">OpenID
-Discovery</a>.</p>
-
-<p>Optional if the key set document can either (a) be retrieved from
-<a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID
-Discovery</a> of
-the issuer or (b) inferred from the email domain of the issuer (e.g. a
-Google service account).</p>
-
-<p>Example: https://www.googleapis.com/oauth2/v1/certs</p>
-
-</td>
-</tr>
-<tr id="Jwt-jwt_headers">
-<td><code>jwtHeaders</code></td>
-<td><code>string[]</code></td>
-<td>
-<p>JWT is sent in a request header. <code>header</code> represents the
-header name.</p>
-
-<p>For example, if <code>header=x-goog-iap-jwt-assertion</code>, the header
-format will be x-goog-iap-jwt-assertion: <JWT>.</p>
-
-</td>
-</tr>
-<tr id="Jwt-jwt_params">
-<td><code>jwtParams</code></td>
-<td><code>string[]</code></td>
-<td>
-<p>JWT is sent in a query parameter. <code>query</code> represents the
-query parameter name.</p>
-
-<p>For example, <code>query=jwt_token</code>.</p>
-
-</td>
-</tr>
-<tr id="Jwt-trigger_rules">
-<td><code>triggerRules</code></td>
-<td><code><a href="#Jwt-TriggerRule">Jwt.TriggerRule[]</a></code></td>
-<td>
-<p>List of trigger rules to decide if this JWT should be used to validate the
-request. The JWT validation happens if any one of the rules matched.
-If the list is not empty and none of the rules matched, authentication will
-skip the JWT validation.
-Leave this empty to always trigger the JWT validation.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="Jwt-TriggerRule">Jwt.TriggerRule</h2>
-<section>
-<p>Trigger rule to match against a request. The trigger rule is satisfied if
-and only if both rules, excluded<em>paths and include</em>paths are satisfied.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="Jwt-TriggerRule-excluded_paths">
-<td><code>excludedPaths</code></td>
-<td><code><a href="#StringMatch">StringMatch[]</a></code></td>
-<td>
-<p>List of paths to be excluded from the request. The rule is satisfied if
-request path does not match to any of the path in this list.</p>
-
-</td>
-</tr>
-<tr id="Jwt-TriggerRule-included_paths">
-<td><code>includedPaths</code></td>
-<td><code><a href="#StringMatch">StringMatch[]</a></code></td>
-<td>
-<p>List of paths that the request must include. If the list is not empty, the
-rule is satisfied if request path matches at least one of the path in the list.
-If the list is empty, the rule is ignored, in other words the rule is always satisfied.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="MutualTls">MutualTls</h2>
-<section>
-<p>TLS authentication params.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="MutualTls-allow_tls">
-<td><code>allowTls</code></td>
-<td><code>bool</code></td>
-<td>
-<p>WILL BE DEPRECATED, if set, will translates to <code>TLS_PERMISSIVE</code> mode.
-Set this flag to true to allow regular TLS (i.e without client x509
-certificate). If request carries client certificate, identity will be
-extracted and used (set to peer identity). Otherwise, peer identity will
-be left unset.
-When the flag is false (default), request must have client certificate.</p>
-
-</td>
-</tr>
-<tr id="MutualTls-mode">
-<td><code>mode</code></td>
-<td><code><a href="#MutualTls-Mode">MutualTls.Mode</a></code></td>
-<td>
-<p>Defines the mode of mTLS authentication.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="MutualTls-Mode">MutualTls.Mode</h2>
-<section>
-<p>Defines the acceptable connection TLS mode.</p>
-
-<table class="enum-values">
-<thead>
-<tr>
-<th>Name</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="MutualTls-Mode-STRICT">
-<td><code>STRICT</code></td>
-<td>
-<p>Client cert must be presented, connection is in TLS.</p>
-
-</td>
-</tr>
-<tr id="MutualTls-Mode-PERMISSIVE">
-<td><code>PERMISSIVE</code></td>
-<td>
-<p>Connection can be either plaintext or TLS, and client cert can be omitted.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="OriginAuthenticationMethod">OriginAuthenticationMethod</h2>
-<section>
-<p>OriginAuthenticationMethod defines authentication method/params for origin
-authentication. Origin could be end-user, device, delegate service etc.
-Currently, only JWT is supported for origin authentication.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="OriginAuthenticationMethod-jwt">
-<td><code>jwt</code></td>
-<td><code><a href="#Jwt">Jwt</a></code></td>
-<td>
-<p>Jwt params for the method.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="PeerAuthenticationMethod">PeerAuthenticationMethod</h2>
-<section>
-<p>PeerAuthenticationMethod defines one particular type of authentication, e.g
-mutual TLS, JWT etc, (no authentication is one type by itself) that can
-be used for peer authentication.
-The type can be progammatically determine by checking the type of the
-&ldquo;params&rdquo; field.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="PeerAuthenticationMethod-mtls" class="oneof oneof-start">
-<td><code>mtls</code></td>
-<td><code><a href="#MutualTls">MutualTls (oneof)</a></code></td>
-<td>
-<p>Set if mTLS is used.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="Policy">Policy</h2>
-<section>
-<p>Policy defines what authentication methods can be accepted on workload(s),
-and if authenticated, which method/certificate will set the request principal
-(i.e request.auth.principal attribute).</p>
-
-<p>Authentication policy is composed of 2-part authentication:
-- peer: verify caller service credentials. This part will set source.user
-(peer identity).
-- origin: verify the origin credentials. This part will set request.auth.user
-(origin identity), as well as other attributes like request.auth.presenter,
-request.auth.audiences and raw claims. Note that the identity could be
-end-user, service account, device etc.</p>
-
-<p>Last but not least, the principal binding rule defines which identity (peer
-or origin) should be used as principal. By default, it uses peer.</p>
-
-<p>Examples:</p>
-
-<p>Policy to enable mTLS for all services in namespace frod</p>
-
-<pre><code class="language-yaml">apiVersion: authentication.istio.io/v1alpha1
-kind: Policy
-metadata:
-  name: mTLS_enable
-  namespace: frod
-spec:
-  peers:
-  - mtls:
-</code></pre>
-
-<p>Policy to disable mTLS for &ldquo;productpage&rdquo; service</p>
-
-<pre><code class="language-yaml">apiVersion: authentication.istio.io/v1alpha1
-kind: Policy
-metadata:
-  name: mTLS_disable
-  namespace: frod
-spec:
-  targets:
-  - name: productpage
-</code></pre>
-
-<p>Policy to require mTLS for peer authentication, and JWT for origin authentication
-for productpage:9000 except the path &lsquo;/health_check&rsquo; . Principal is set from origin identity.</p>
-
-<pre><code class="language-yaml">apiVersion: authentication.istio.io/v1alpha1
-kind: Policy
-metadata:
-  name: mTLS_enable
-  namespace: frod
-spec:
-  target:
-  - name: productpage
-    ports:
-    - number: 9000
-  peers:
-  - mtls:
-  origins:
-  - jwt:
-      issuer: &quot;https://securetoken.google.com&quot;
-      audiences:
-      - &quot;productpage&quot;
-      jwksUri: &quot;https://www.googleapis.com/oauth2/v1/certs&quot;
-      jwt_headers:
-      - &quot;x-goog-iap-jwt-assertion&quot;
-      trigger_rules:
-      - excluded_paths:
-        - exact: /health_check
-  principalBinding: USE_ORIGIN
-</code></pre>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="Policy-targets">
-<td><code>targets</code></td>
-<td><code><a href="#TargetSelector">TargetSelector[]</a></code></td>
-<td>
-<p>List rules to select workloads that the policy should be applied on.
-If empty, policy will be used on all workloads in the same namespace.</p>
-
-</td>
-</tr>
-<tr id="Policy-peers">
-<td><code>peers</code></td>
-<td><code><a href="#PeerAuthenticationMethod">PeerAuthenticationMethod[]</a></code></td>
-<td>
-<p>List of authentication methods that can be used for peer authentication.
-They will be evaluated in order; the first validate one will be used to
-set peer identity (source.user) and other peer attributes. If none of
-these methods pass, request will be rejected with authentication failed error (401).
-Leave the list empty if peer authentication is not required</p>
-
-</td>
-</tr>
-<tr id="Policy-peer_is_optional">
-<td><code>peerIsOptional</code></td>
-<td><code>bool</code></td>
-<td>
-<p>Set this flag to true to accept request (for peer authentication perspective),
-even when none of the peer authentication methods defined above satisfied.
-Typically, this is used to delay the rejection decision to next layer (e.g
-authorization).
-This flag is ignored if no authentication defined for peer (peers field is empty).</p>
-
-</td>
-</tr>
-<tr id="Policy-origins">
-<td><code>origins</code></td>
-<td><code><a href="#OriginAuthenticationMethod">OriginAuthenticationMethod[]</a></code></td>
-<td>
-<p>List of authentication methods that can be used for origin authentication.
-Similar to peers, these will be evaluated in order; the first validate one
-will be used to set origin identity and attributes (i.e request.auth.user,
-request.auth.issuer etc). If none of these methods pass, request will be
-rejected with authentication failed error (401).
-A method may be skipped, depends on its trigger rule. If all of these methods
-are skipped, origin authentication will be ignored, as if it is not defined.
-Leave the list empty if origin authentication is not required.</p>
-
-</td>
-</tr>
-<tr id="Policy-origin_is_optional">
-<td><code>originIsOptional</code></td>
-<td><code>bool</code></td>
-<td>
-<p>Set this flag to true to accept request (for origin authentication perspective),
-even when none of the origin authentication methods defined above satisfied.
-Typically, this is used to delay the rejection decision to next layer (e.g
-authorization).
-This flag is ignored if no authentication defined for origin (origins field is empty).</p>
-
-</td>
-</tr>
-<tr id="Policy-principal_binding">
-<td><code>principalBinding</code></td>
-<td><code><a href="#PrincipalBinding">PrincipalBinding</a></code></td>
-<td>
-<p>Define whether peer or origin identity should be use for principal. Default
-value is USE_PEER.
-If peer (or origin) identity is not available, either because of peer/origin
-authentication is not defined, or failed, principal will be left unset.
-In other words, binding rule does not affect the decision to accept or
-reject request.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="PortSelector">PortSelector</h2>
-<section>
-<p>PortSelector specifies the name or number of a port to be used for
-matching targets for authentication policy. This is copied from
-networking API to avoid dependency.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="PortSelector-number" class="oneof oneof-start">
-<td><code>number</code></td>
-<td><code>uint32 (oneof)</code></td>
-<td>
-<p>Valid port number</p>
-
-</td>
-</tr>
-<tr id="PortSelector-name" class="oneof">
-<td><code>name</code></td>
-<td><code>string (oneof)</code></td>
-<td>
-<p>Port name</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="PrincipalBinding">PrincipalBinding</h2>
-<section>
-<p>Associates authentication with request principal.</p>
-
-<table class="enum-values">
-<thead>
-<tr>
-<th>Name</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="PrincipalBinding-USE_PEER">
-<td><code>USE_PEER</code></td>
-<td>
-<p>Principal will be set to the identity from peer authentication.</p>
-
-</td>
-</tr>
-<tr id="PrincipalBinding-USE_ORIGIN">
-<td><code>USE_ORIGIN</code></td>
-<td>
-<p>Principal will be set to the identity from origin authentication.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="StringMatch">StringMatch</h2>
-<section>
-<p>Describes how to match a given string. Match is case-sensitive.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="StringMatch-exact" class="oneof oneof-start">
-<td><code>exact</code></td>
-<td><code>string (oneof)</code></td>
-<td>
-<p>exact string match.</p>
-
-</td>
-</tr>
-<tr id="StringMatch-prefix" class="oneof">
-<td><code>prefix</code></td>
-<td><code>string (oneof)</code></td>
-<td>
-<p>prefix-based match.</p>
-
-</td>
-</tr>
-<tr id="StringMatch-suffix" class="oneof">
-<td><code>suffix</code></td>
-<td><code>string (oneof)</code></td>
-<td>
-<p>suffix-based match.</p>
-
-</td>
-</tr>
-<tr id="StringMatch-regex" class="oneof">
-<td><code>regex</code></td>
-<td><code>string (oneof)</code></td>
-<td>
-<p>ECMAscript style regex-based match as defined by <a href="http://en.cppreference.com/w/cpp/regex/ecmascript">EDCA-262</a>.
-Example: &ldquo;^/pets/(.*?)?&rdquo;</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="TargetSelector">TargetSelector</h2>
-<section>
-<p>TargetSelector defines a matching rule to a workload. A workload is selected
-if it is associated with the service name and service port(s) specified in the selector rule.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="TargetSelector-name">
-<td><code>name</code></td>
-<td><code>string</code></td>
-<td>
-<p>REQUIRED. The name must be a short name from the service registry. The
-fully qualified domain name will be resolved in a platform specific manner.</p>
-
-</td>
-</tr>
-<tr id="TargetSelector-ports">
-<td><code>ports</code></td>
-<td><code><a href="#PortSelector">PortSelector[]</a></code></td>
-<td>
-<p>Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports.
-For example, if a service is defined as below, then <code>8000</code> should be used, not <code>9000</code>.</p>
-
-<pre><code>kind: Service
-metadata:
-  ...
-spec:
-  ports:
-  - name: http
-    port: 8000
-    targetPort: 9000
-  selector:
-    app: backend
-</code></pre>
-
-<p>Leave empty to match all ports that are exposed.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>

authentication/v1alpha1/policy.proto

@@ -1,391 +0,0 @@
-// Copyright 2018 Istio Authors
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-
-syntax = "proto3";
-
-// $title: Authentication Policy
-// $description: Authentication policy for Istio services.
-// $location: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html
-
-// This package defines user-facing authentication policy.
-package istio.authentication.v1alpha1;
-
-option go_package = "istio.io/api/authentication/v1alpha1";
-
-// Describes how to match a given string. Match is case-sensitive.
-message StringMatch {
-  oneof match_type {
-    // exact string match.
-    string exact = 1;
-
-    // prefix-based match.
-    string prefix = 2;
-
-    // suffix-based match.
-    string suffix = 3;
-
-    // ECMAscript style regex-based match as defined by [EDCA-262](
-    // http://en.cppreference.com/w/cpp/regex/ecmascript).
-    // Example: "^/pets/(.*?)?"
-    string regex = 4;
-  }
-}
-
-// TLS authentication params.
-message MutualTls {
-  // Defines the acceptable connection TLS mode.
-  enum Mode {
-    // Client cert must be presented, connection is in TLS.
-    STRICT = 0;
-
-    // Connection can be either plaintext or TLS, and client cert can be omitted.
-    PERMISSIVE = 1;
-  };
-
-  // WILL BE DEPRECATED, if set, will translates to `TLS_PERMISSIVE` mode.
-  // Set this flag to true to allow regular TLS (i.e without client x509
-  // certificate). If request carries client certificate, identity will be
-  // extracted and used (set to peer identity). Otherwise, peer identity will
-  // be left unset.
-  // When the flag is false (default), request must have client certificate.
-  bool allow_tls = 1;
-
-  // Defines the mode of mTLS authentication.
-  Mode mode = 2;
-}
-
-// JSON Web Token (JWT) token format for authentication as defined by
-// https://tools.ietf.org/html/rfc7519. See [OAuth
-// 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC
-// 1.0](http://openid.net/connect) for how this is used in the whole
-// authentication flow.
-//
-// For example:
-//
-// A JWT for any requests:
-//
-// ```yaml
-// issuer: https://example.com
-// audiences:
-// - bookstore_android.apps.googleusercontent.com
-//   bookstore_web.apps.googleusercontent.com
-// jwksUri: https://example.com/.well-known/jwks.json
-// ```
-//
-// A JWT for all requests except request at path `/health_check` and path with
-// prefix `/status/`. This is useful to expose some paths for public access but
-// keep others JWT validated.
-//
-// ```yaml
-// issuer: https://example.com
-// jwks_uri: https://example.com/.well-known/jwks.json
-// trigger_rules:
-// - excluded_paths:
-//   - exact: /health_check
-//   - prefix: /status/
-// ```
-//
-// A JWT only for requests at path `/admin`. This is useful to only require JWT
-// validation on a specific set of paths but keep others public accessible.
-//
-// ```yaml
-// issuer: https://example.com
-// jwks_uri: https://example.com/.well-known/jwks.json
-// trigger_rules:
-// - included_paths:
-//   - prefix: /admin
-// ```
-//
-// A JWT only for requests at path of prefix `/status/` but except the path of
-// `/status/version`. This means for any request path with prefix `/status/` except
-// `/status/version` will require a valid JWT to proceed.
-//
-// ```yaml
-// issuer: https://example.com
-// jwks_uri: https://example.com/.well-known/jwks.json
-// trigger_rules:
-// - excluded_paths:
-//   - exact: /status/version
-//   included_paths:
-//   - prefix: /status/
-// ```
-message Jwt {
-  // Identifies the issuer that issued the JWT. See
-  // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1)
-  // Usually a URL or an email address.
-  //
-  // Example: https://securetoken.google.com
-  // Example: 1234567-compute@developer.gserviceaccount.com
-  string issuer = 1;
-
-  // The list of JWT
-  // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3).
-  // that are allowed to access. A JWT containing any of these
-  // audiences will be accepted.
-  //
-  // The service name will be accepted if audiences is empty.
-  //
-  // Example:
-  //
-  // ```yaml
-  // audiences:
-  // - bookstore_android.apps.googleusercontent.com
-  //   bookstore_web.apps.googleusercontent.com
-  // ```
-  repeated string audiences = 2;
-
-  // URL of the provider's public key set to validate signature of the
-  // JWT. See [OpenID
-  // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
-  //
-  // Optional if the key set document can either (a) be retrieved from
-  // [OpenID
-  // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of
-  // the issuer or (b) inferred from the email domain of the issuer (e.g. a
-  // Google service account).
-  //
-  // Example: https://www.googleapis.com/oauth2/v1/certs
-  string jwks_uri = 3;
-
-  // Two fields below define where to extract the JWT from an HTTP request.
-  //
-  // If no explicit location is specified the following default
-  // locations are tried in order:
-  //
-  //     1) The Authorization header using the Bearer schema,
-  //        e.g. Authorization: Bearer <token>. (see
-  //        [Authorization Request Header
-  //        Field](https://tools.ietf.org/html/rfc6750#section-2.1))
-  //
-  //     2) `access_token` query parameter (see
-  //     [URI Query Parameter](https://tools.ietf.org/html/rfc6750#section-2.3))
-
-  // JWT is sent in a request header. `header` represents the
-  // header name.
-  //
-  // For example, if `header=x-goog-iap-jwt-assertion`, the header
-  // format will be x-goog-iap-jwt-assertion: <JWT>.
-  repeated string jwt_headers = 6;
-
-  // JWT is sent in a query parameter. `query` represents the
-  // query parameter name.
-  //
-  // For example, `query=jwt_token`.
-  repeated string jwt_params = 7;
-
-  // Trigger rule to match against a request. The trigger rule is satisfied if
-  // and only if both rules, excluded_paths and include_paths are satisfied.
-  message TriggerRule {
-    // List of paths to be excluded from the request. The rule is satisfied if
-    // request path does not match to any of the path in this list.
-    repeated StringMatch excluded_paths = 1;
-
-    // List of paths that the request must include. If the list is not empty, the
-    // rule is satisfied if request path matches at least one of the path in the list.
-    // If the list is empty, the rule is ignored, in other words the rule is always satisfied.
-    repeated StringMatch included_paths = 2;
-  }
-
-  // List of trigger rules to decide if this JWT should be used to validate the
-  // request. The JWT validation happens if any one of the rules matched.
-  // If the list is not empty and none of the rules matched, authentication will
-  // skip the JWT validation.
-  // Leave this empty to always trigger the JWT validation.
-  repeated TriggerRule trigger_rules = 9;
-}
-
-// PeerAuthenticationMethod defines one particular type of authentication, e.g
-// mutual TLS, JWT etc, (no authentication is one type by itself) that can
-// be used for peer authentication.
-// The type can be progammatically determine by checking the type of the
-// "params" field.
-message PeerAuthenticationMethod {
-  oneof params {
-    // Set if mTLS is used.
-    MutualTls mtls = 1;
-
-    // $hide_from_docs
-    // Set if JWT is used. This option is not yet available.
-    Jwt jwt = 2;
-  }
-}
-
-// OriginAuthenticationMethod defines authentication method/params for origin
-// authentication. Origin could be end-user, device, delegate service etc.
-// Currently, only JWT is supported for origin authentication.
-message OriginAuthenticationMethod {
-  // Jwt params for the method.
-  Jwt jwt = 1;
-}
-
-// Associates authentication with request principal.
-enum PrincipalBinding {
-  // Principal will be set to the identity from peer authentication.
-  USE_PEER = 0;
-
-  // Principal will be set to the identity from origin authentication.
-  USE_ORIGIN = 1;
-}
-
-// Policy defines what authentication methods can be accepted on workload(s),
-// and if authenticated, which method/certificate will set the request principal
-// (i.e request.auth.principal attribute).
-//
-// Authentication policy is composed of 2-part authentication:
-// - peer: verify caller service credentials. This part will set source.user
-// (peer identity).
-// - origin: verify the origin credentials. This part will set request.auth.user
-// (origin identity), as well as other attributes like request.auth.presenter,
-// request.auth.audiences and raw claims. Note that the identity could be
-// end-user, service account, device etc.
-//
-// Last but not least, the principal binding rule defines which identity (peer
-// or origin) should be used as principal. By default, it uses peer.
-//
-// Examples:
-//
-// Policy to enable mTLS for all services in namespace frod
-//
-// ```yaml
-// apiVersion: authentication.istio.io/v1alpha1
-// kind: Policy
-// metadata:
-//   name: mTLS_enable
-//   namespace: frod
-// spec:
-//   peers:
-//   - mtls:
-// ```
-// Policy to disable mTLS for "productpage" service
-//
-// ```yaml
-// apiVersion: authentication.istio.io/v1alpha1
-// kind: Policy
-// metadata:
-//   name: mTLS_disable
-//   namespace: frod
-// spec:
-//   targets:
-//   - name: productpage
-// ```
-// Policy to require mTLS for peer authentication, and JWT for origin authentication
-// for productpage:9000 except the path '/health_check' . Principal is set from origin identity.
-//
-// ```yaml
-// apiVersion: authentication.istio.io/v1alpha1
-// kind: Policy
-// metadata:
-//   name: mTLS_enable
-//   namespace: frod
-// spec:
-//   target:
-//   - name: productpage
-//     ports:
-//     - number: 9000
-//   peers:
-//   - mtls:
-//   origins:
-//   - jwt:
-//       issuer: "https://securetoken.google.com"
-//       audiences:
-//       - "productpage"
-//       jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
-//       jwt_headers:
-//       - "x-goog-iap-jwt-assertion"
-//       trigger_rules:
-//       - excluded_paths:
-//         - exact: /health_check
-//   principalBinding: USE_ORIGIN
-// ```
-message Policy {
-  // List rules to select workloads that the policy should be applied on.
-  // If empty, policy will be used on all workloads in the same namespace.
-  repeated TargetSelector targets = 1;
-
-  // List of authentication methods that can be used for peer authentication.
-  // They will be evaluated in order; the first validate one will be used to
-  // set peer identity (source.user) and other peer attributes. If none of
-  // these methods pass, request will be rejected with authentication failed error (401).
-  // Leave the list empty if peer authentication is not required
-  repeated PeerAuthenticationMethod peers = 2;
-
-  // Set this flag to true to accept request (for peer authentication perspective),
-  // even when none of the peer authentication methods defined above satisfied.
-  // Typically, this is used to delay the rejection decision to next layer (e.g
-  // authorization).
-  // This flag is ignored if no authentication defined for peer (peers field is empty).
-  bool peer_is_optional = 3;
-
-  // List of authentication methods that can be used for origin authentication.
-  // Similar to peers, these will be evaluated in order; the first validate one
-  // will be used to set origin identity and attributes (i.e request.auth.user,
-  // request.auth.issuer etc). If none of these methods pass, request will be
-  // rejected with authentication failed error (401).
-  // A method may be skipped, depends on its trigger rule. If all of these methods
-  // are skipped, origin authentication will be ignored, as if it is not defined.
-  // Leave the list empty if origin authentication is not required.
-  repeated OriginAuthenticationMethod origins = 4;
-
-  // Set this flag to true to accept request (for origin authentication perspective),
-  // even when none of the origin authentication methods defined above satisfied.
-  // Typically, this is used to delay the rejection decision to next layer (e.g
-  // authorization).
-  // This flag is ignored if no authentication defined for origin (origins field is empty).
-  bool origin_is_optional = 5;
-
-  // Define whether peer or origin identity should be use for principal. Default
-  // value is USE_PEER.
-  // If peer (or origin) identity is not available, either because of peer/origin
-  // authentication is not defined, or failed, principal will be left unset.
-  // In other words, binding rule does not affect the decision to accept or
-  // reject request.
-  PrincipalBinding principal_binding = 6;
-}
-
-// TargetSelector defines a matching rule to a workload. A workload is selected
-// if it is associated with the service name and service port(s) specified in the selector rule.
-message TargetSelector {
-  // REQUIRED. The name must be a short name from the service registry. The
-  // fully qualified domain name will be resolved in a platform specific manner.
-  string name = 1;
-
-  // Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports.
-  // For example, if a service is defined as below, then `8000` should be used, not `9000`.
-  // ```
-  // kind: Service
-  // metadata:
-  //   ...
-  // spec:
-  //   ports:
-  //   - name: http
-  //     port: 8000
-  //     targetPort: 9000
-  //   selector:
-  //     app: backend
-  // ```
-  //Leave empty to match all ports that are exposed.
-  repeated PortSelector ports = 2;
-}
-
-// PortSelector specifies the name or number of a port to be used for
-// matching targets for authentication policy. This is copied from
-// networking API to avoid dependency.
-message PortSelector {
-  oneof port {
-    // Valid port number
-    uint32 number = 1;
-    // Port name
-    string name = 2;
-  }
-}

buf.gen-golang.yaml

@@ -0,0 +1,8 @@
+# buf.gen.yaml sets up the generation configuration for all of our plugins.
+# Note: buf does not allow multi roots that are within each other; as a result, the common-protos folders are
+# symlinked into the top level directory.
+version: v1
+plugins:
+- name: go
+  out: .
+  opt: paths=source_relative

buf.gen-noncrd.yaml

@@ -0,0 +1,14 @@
+version: v1
+plugins:
+- name: go
+  out: .
+  opt: paths=source_relative
+- name: go-grpc
+  out: .
+  opt: paths=source_relative
+- name: docs
+  out: .
+  opt: warnings=false,dictionary=./dictionaries/en-US,custom_word_list=./dictionaries/custom.txt,per_file=true,mode=html_fragment_with_front_matter
+- name: golang-jsonshim
+  out: .
+  opt: paths=source_relative

buf.gen.yaml

@@ -0,0 +1,26 @@
+# buf.gen.yaml sets up the generation configuration for all of our plugins.
+# Note: buf does not allow multi roots that are within each other; as a result, the common-protos folders are
+# symlinked into the top level directory.
+version: v1
+plugins:
+- name: go
+  out: .
+  opt: paths=source_relative
+- name: go-grpc
+  out: .
+  opt: paths=source_relative
+- name: golang-deepcopy
+  out: .
+  opt: paths=source_relative
+- name: crd
+  out: .
+  strategy: all
+- name: golang-jsonshim
+  out: .
+  opt: paths=source_relative
+- name: alias
+  out: .
+  opt: paths=source_relative
+- name: docs
+  out: .
+  opt: warnings=false,dictionary=./dictionaries/en-US,custom_word_list=./dictionaries/custom.txt,per_file=true,mode=html_fragment_with_front_matter

buf.yaml

@@ -0,0 +1,14 @@
+version: v1
+build:
+  excludes:
+    - common-protos
+breaking:
+  use:
+  - WIRE_JSON
+lint:
+  use:
+    - BASIC
+  except:
+    - FIELD_LOWER_SNAKE_CASE
+    - PACKAGE_DIRECTORY_MATCH
+  allow_comment_ignores: true

clean.sh

@@ -1,27 +1,24 @@
 #!/bin/bash
 
-# Copyright 2017 Istio Authors
+# Copyright Istio Authors
 
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
 #   You may obtain a copy of the License at
-
+#
 #       http://www.apache.org/licenses/LICENSE-2.0
-
+#
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS,
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 
+set -eu
 
-########################################
-# Postsubmit script triggered by Prow. #
-########################################
+PATTERNS="_deepcopy.gen.go .gen.json .pb.go .pb.html _json.gen.go customresourcedefinitions.gen.yaml"
+shopt -s globstar
 
-# Exit immediately for non zero status
-set -e
-# Check unset variables
-set -u
-# Print commands
-set -x
+for p in $PATTERNS; do
+    rm -f ./**/*"${p}"
+done

common-protos/.commonfiles.sha

@@ -0,0 +1 @@
+d309fa11788426a813280dc0ab06e160893d0dad

common-protos/google/api/annotations.proto

@@ -1,4 +1,4 @@
-// Copyright 2018 Istio Authors
+// Copyright (c) 2015, Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,15 +14,18 @@
 
 syntax = "proto3";
 
-package istio.mixer.adapter.model.v1beta1;
+package google.api;
 
-option go_package="istio.io/api/mixer/adapter/model/v1beta1";
+import "google/api/http.proto";
+import "google/protobuf/descriptor.proto";
 
-import "gogoproto/gogo.proto";
+option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
+option java_multiple_files = true;
+option java_outer_classname = "AnnotationsProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
 
-option (gogoproto.goproto_getters_all) = false;
-option (gogoproto.equal_all) = false;
-option (gogoproto.gostring_all) = false;
-
-// Expresses the result of a report call.
-message ReportResult {}
+extend google.protobuf.MethodOptions {
+  // See `HttpRule`.
+  HttpRule http = 72295728;
+}

common-protos/google/api/auth.proto

@@ -0,0 +1,184 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "AuthProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Authentication` defines the authentication configuration for an API.
+//
+// Example for an API targeted for external use:
+//
+//     name: calendar.googleapis.com
+//     authentication:
+//       providers:
+//       - id: google_calendar_auth
+//         jwks_uri: https://www.googleapis.com/oauth2/v1/certs
+//         issuer: https://securetoken.google.com
+//       rules:
+//       - selector: "*"
+//         requirements:
+//           provider_id: google_calendar_auth
+message Authentication {
+  // A list of authentication rules that apply to individual API methods.
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated AuthenticationRule rules = 3;
+
+  // Defines a set of authentication providers that a service supports.
+  repeated AuthProvider providers = 4;
+}
+
+// Authentication rules for the service.
+//
+// By default, if a method has any authentication requirements, every request
+// must include a valid credential matching one of the requirements.
+// It's an error to include more than one kind of credential in a single
+// request.
+//
+// If a method doesn't have any auth requirements, request credentials will be
+// ignored.
+message AuthenticationRule {
+  // Selects the methods to which this rule applies.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // The requirements for OAuth credentials.
+  OAuthRequirements oauth = 2;
+
+  // If true, the service accepts API keys without any other credential.
+  bool allow_without_credential = 5;
+
+  // Requirements for additional authentication providers.
+  repeated AuthRequirement requirements = 7;
+}
+
+// Configuration for an authentication provider, including support for
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+message AuthProvider {
+  // The unique identifier of the auth provider. It will be referred to by
+  // `AuthRequirement.provider_id`.
+  //
+  // Example: "bookstore_auth".
+  string id = 1;
+
+  // Identifies the principal that issued the JWT. See
+  // https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
+  // Usually a URL or an email address.
+  //
+  // Example: https://securetoken.google.com
+  // Example: 1234567-compute@developer.gserviceaccount.com
+  string issuer = 2;
+
+  // URL of the provider's public key set to validate signature of the JWT. See
+  // [OpenID
+  // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+  // Optional if the key set document:
+  //  - can be retrieved from
+  //    [OpenID
+  //    Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of
+  //    the issuer.
+  //  - can be inferred from the email domain of the issuer (e.g. a Google
+  //  service account).
+  //
+  // Example: https://www.googleapis.com/oauth2/v1/certs
+  string jwks_uri = 3;
+
+  // The list of JWT
+  // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+  // that are allowed to access. A JWT containing any of these audiences will
+  // be accepted. When this setting is absent, only JWTs with audience
+  // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
+  // will be accepted. For example, if no audiences are in the setting,
+  // LibraryService API will only accept JWTs with the following audience
+  // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
+  //
+  // Example:
+  //
+  //     audiences: bookstore_android.apps.googleusercontent.com,
+  //                bookstore_web.apps.googleusercontent.com
+  string audiences = 4;
+
+  // Redirect URL if JWT token is required but not present or is expired.
+  // Implement authorizationUrl of securityDefinitions in OpenAPI spec.
+  string authorization_url = 5;
+}
+
+// OAuth scopes are a way to define data and permissions on data. For example,
+// there are scopes defined for "Read-only access to Google Calendar" and
+// "Access to Cloud Platform". Users can consent to a scope for an application,
+// giving it permission to access that data on their behalf.
+//
+// OAuth scope specifications should be fairly coarse grained; a user will need
+// to see and understand the text description of what your scope means.
+//
+// In most cases: use one or at most two OAuth scopes for an entire family of
+// products. If your product has multiple APIs, you should probably be sharing
+// the OAuth scope across all of those APIs.
+//
+// When you need finer grained OAuth consent screens: talk with your product
+// management about how developers will use them in practice.
+//
+// Please note that even though each of the canonical scopes is enough for a
+// request to be accepted and passed to the backend, a request can still fail
+// due to the backend requiring additional scopes or permissions.
+message OAuthRequirements {
+  // The list of publicly documented OAuth scopes that are allowed access. An
+  // OAuth token containing any of these scopes will be accepted.
+  //
+  // Example:
+  //
+  //      canonical_scopes: https://www.googleapis.com/auth/calendar,
+  //                        https://www.googleapis.com/auth/calendar.read
+  string canonical_scopes = 1;
+}
+
+// User-defined authentication requirements, including support for
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+message AuthRequirement {
+  // [id][google.api.AuthProvider.id] from authentication provider.
+  //
+  // Example:
+  //
+  //     provider_id: bookstore_auth
+  string provider_id = 1;
+
+  // NOTE: This will be deprecated soon, once AuthProvider.audiences is
+  // implemented and accepted in all the runtime components.
+  //
+  // The list of JWT
+  // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+  // that are allowed to access. A JWT containing any of these audiences will
+  // be accepted. When this setting is absent, only JWTs with audience
+  // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
+  // will be accepted. For example, if no audiences are in the setting,
+  // LibraryService API will only accept JWTs with the following audience
+  // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
+  //
+  // Example:
+  //
+  //     audiences: bookstore_android.apps.googleusercontent.com,
+  //                bookstore_web.apps.googleusercontent.com
+  string audiences = 2;
+}

common-protos/google/api/backend.proto

@@ -0,0 +1,127 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "BackendProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Backend` defines the backend configuration for a service.
+message Backend {
+  // A list of API backend rules that apply to individual API methods.
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated BackendRule rules = 1;
+}
+
+// A backend rule provides configuration for an individual API element.
+message BackendRule {
+  // Path Translation specifies how to combine the backend address with the
+  // request path in order to produce the appropriate forwarding URL for the
+  // request.
+  //
+  // Path Translation is applicable only to HTTP-based backends. Backends which
+  // do not accept requests over HTTP/HTTPS should leave `path_translation`
+  // unspecified.
+  enum PathTranslation {
+    PATH_TRANSLATION_UNSPECIFIED = 0;
+
+    // Use the backend address as-is, with no modification to the path. If the
+    // URL pattern contains variables, the variable names and values will be
+    // appended to the query string. If a query string parameter and a URL
+    // pattern variable have the same name, this may result in duplicate keys in
+    // the query string.
+    //
+    // # Examples
+    //
+    // Given the following operation config:
+    //
+    //     Method path:        /api/company/{cid}/user/{uid}
+    //     Backend address:    https://example.cloudfunctions.net/getUser
+    //
+    // Requests to the following request paths will call the backend at the
+    // translated path:
+    //
+    //     Request path: /api/company/widgetworks/user/johndoe
+    //     Translated:
+    //     https://example.cloudfunctions.net/getUser?cid=widgetworks&uid=johndoe
+    //
+    //     Request path: /api/company/widgetworks/user/johndoe?timezone=EST
+    //     Translated:
+    //     https://example.cloudfunctions.net/getUser?timezone=EST&cid=widgetworks&uid=johndoe
+    CONSTANT_ADDRESS = 1;
+
+    // The request path will be appended to the backend address.
+    //
+    // # Examples
+    //
+    // Given the following operation config:
+    //
+    //     Method path:        /api/company/{cid}/user/{uid}
+    //     Backend address:    https://example.appspot.com
+    //
+    // Requests to the following request paths will call the backend at the
+    // translated path:
+    //
+    //     Request path: /api/company/widgetworks/user/johndoe
+    //     Translated:
+    //     https://example.appspot.com/api/company/widgetworks/user/johndoe
+    //
+    //     Request path: /api/company/widgetworks/user/johndoe?timezone=EST
+    //     Translated:
+    //     https://example.appspot.com/api/company/widgetworks/user/johndoe?timezone=EST
+    APPEND_PATH_TO_ADDRESS = 2;
+  }
+
+  // Selects the methods to which this rule applies.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // The address of the API backend.
+  string address = 2;
+
+  // The number of seconds to wait for a response from a request.  The default
+  // deadline for gRPC is infinite (no deadline) and HTTP requests is 5 seconds.
+  double deadline = 3;
+
+  // Minimum deadline in seconds needed for this method. Calls having deadline
+  // value lower than this will be rejected.
+  double min_deadline = 4;
+
+  // The number of seconds to wait for the completion of a long running
+  // operation. The default is no deadline.
+  double operation_deadline = 5;
+
+  PathTranslation path_translation = 6;
+
+  // Authentication settings used by the backend.
+  //
+  // These are typically used to provide service management functionality to
+  // a backend served on a publicly-routable URL. The `authentication`
+  // details should match the authentication behavior used by the backend.
+  //
+  // For example, specifying `jwt_audience` implies that the backend expects
+  // authentication via a JWT.
+  oneof authentication {
+    // The JWT audience is used when generating a JWT id token for the backend.
+    string jwt_audience = 7;
+  }
+}

common-protos/google/api/billing.proto

@@ -0,0 +1,67 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/api/metric.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "BillingProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Billing related configuration of the service.
+//
+// The following example shows how to configure monitored resources and metrics
+// for billing:
+//
+//     monitored_resources:
+//     - type: library.googleapis.com/branch
+//       labels:
+//       - key: /city
+//         description: The city where the library branch is located in.
+//       - key: /name
+//         description: The name of the branch.
+//     metrics:
+//     - name: library.googleapis.com/book/borrowed_count
+//       metric_kind: DELTA
+//       value_type: INT64
+//     billing:
+//       consumer_destinations:
+//       - monitored_resource: library.googleapis.com/branch
+//         metrics:
+//         - library.googleapis.com/book/borrowed_count
+message Billing {
+  // Configuration of a specific billing destination (Currently only support
+  // bill against consumer project).
+  message BillingDestination {
+    // The monitored resource type. The type must be defined in
+    // [Service.monitored_resources][google.api.Service.monitored_resources] section.
+    string monitored_resource = 1;
+
+    // Names of the metrics to report to this billing destination.
+    // Each name must be defined in [Service.metrics][google.api.Service.metrics] section.
+    repeated string metrics = 2;
+  }
+
+  // Billing configurations for sending metrics to the consumer project.
+  // There can be multiple consumer destinations per service, each one must have
+  // a different monitored resource type. A metric can be used in at most
+  // one consumer destination.
+  repeated BillingDestination consumer_destinations = 8;
+}

common-protos/google/api/client.proto

@@ -0,0 +1,100 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/protobuf/descriptor.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
+option java_multiple_files = true;
+option java_outer_classname = "ClientProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+extend google.protobuf.MethodOptions {
+  // A definition of a client library method signature.
+  //
+  // In client libraries, each proto RPC corresponds to one or more methods
+  // which the end user is able to call, and calls the underlying RPC.
+  // Normally, this method receives a single argument (a struct or instance
+  // corresponding to the RPC request object). Defining this field will
+  // add one or more overloads providing flattened or simpler method signatures
+  // in some languages.
+  //
+  // The fields on the method signature are provided as a comma-separated
+  // string.
+  //
+  // For example, the proto RPC and annotation:
+  //
+  //   rpc CreateSubscription(CreateSubscriptionRequest)
+  //       returns (Subscription) {
+  //     option (google.api.method_signature) = "name,topic";
+  //   }
+  //
+  // Would add the following Java overload (in addition to the method accepting
+  // the request object):
+  //
+  //   public final Subscription createSubscription(String name, String topic)
+  //
+  // The following backwards-compatibility guidelines apply:
+  //
+  //   * Adding this annotation to an unannotated method is backwards
+  //     compatible.
+  //   * Adding this annotation to a method which already has existing
+  //     method signature annotations is backwards compatible if and only if
+  //     the new method signature annotation is last in the sequence.
+  //   * Modifying or removing an existing method signature annotation is
+  //     a breaking change.
+  //   * Re-ordering existing method signature annotations is a breaking
+  //     change.
+  repeated string method_signature = 1051;
+}
+
+extend google.protobuf.ServiceOptions {
+  // The hostname for this service.
+  // This should be specified with no prefix or protocol.
+  //
+  // Example:
+  //
+  //   service Foo {
+  //     option (google.api.default_host) = "foo.googleapi.com";
+  //     ...
+  //   }
+  string default_host = 1049;
+
+  // OAuth scopes needed for the client.
+  //
+  // Example:
+  //
+  //   service Foo {
+  //     option (google.api.oauth_scopes) = \
+  //       "https://www.googleapis.com/auth/cloud-platform";
+  //     ...
+  //   }
+  //
+  // If there is more than one scope, use a comma-separated string:
+  //
+  // Example:
+  //
+  //   service Foo {
+  //     option (google.api.oauth_scopes) = \
+  //       "https://www.googleapis.com/auth/cloud-platform,"
+  //       "https://www.googleapis.com/auth/monitoring";
+  //     ...
+  //   }
+  string oauth_scopes = 1050;
+}

common-protos/google/api/config_change.proto

@@ -0,0 +1,85 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/configchange;configchange";
+option java_multiple_files = true;
+option java_outer_classname = "ConfigChangeProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Output generated from semantically comparing two versions of a service
+// configuration.
+//
+// Includes detailed information about a field that have changed with
+// applicable advice about potential consequences for the change, such as
+// backwards-incompatibility.
+message ConfigChange {
+  // Object hierarchy path to the change, with levels separated by a '.'
+  // character. For repeated fields, an applicable unique identifier field is
+  // used for the index (usually selector, name, or id). For maps, the term
+  // 'key' is used. If the field has no unique identifier, the numeric index
+  // is used.
+  // Examples:
+  // - visibility.rules[selector=="google.LibraryService.ListBooks"].restriction
+  // - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value
+  // - logging.producer_destinations[0]
+  string element = 1;
+
+  // Value of the changed object in the old Service configuration,
+  // in JSON format. This field will not be populated if ChangeType == ADDED.
+  string old_value = 2;
+
+  // Value of the changed object in the new Service configuration,
+  // in JSON format. This field will not be populated if ChangeType == REMOVED.
+  string new_value = 3;
+
+  // The type for this change, either ADDED, REMOVED, or MODIFIED.
+  ChangeType change_type = 4;
+
+  // Collection of advice provided for this change, useful for determining the
+  // possible impact of this change.
+  repeated Advice advices = 5;
+}
+
+// Generated advice about this change, used for providing more
+// information about how a change will affect the existing service.
+message Advice {
+  // Useful description for why this advice was applied and what actions should
+  // be taken to mitigate any implied risks.
+  string description = 2;
+}
+
+// Classifies set of possible modifications to an object in the service
+// configuration.
+enum ChangeType {
+  // No value was provided.
+  CHANGE_TYPE_UNSPECIFIED = 0;
+
+  // The changed object exists in the 'new' service configuration, but not
+  // in the 'old' service configuration.
+  ADDED = 1;
+
+  // The changed object exists in the 'old' service configuration, but not
+  // in the 'new' service configuration.
+  REMOVED = 2;
+
+  // The changed object exists in both service configurations, but its value
+  // is different.
+  MODIFIED = 3;
+}

common-protos/google/api/consumer.proto

@@ -0,0 +1,82 @@
+// Copyright 2016 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "ConsumerProto";
+option java_package = "com.google.api";
+
+// A descriptor for defining project properties for a service. One service may
+// have many consumer projects, and the service may want to behave differently
+// depending on some properties on the project. For example, a project may be
+// associated with a school, or a business, or a government agency, a business
+// type property on the project may affect how a service responds to the client.
+// This descriptor defines which properties are allowed to be set on a project.
+//
+// Example:
+//
+//    project_properties:
+//      properties:
+//      - name: NO_WATERMARK
+//        type: BOOL
+//        description: Allows usage of the API without watermarks.
+//      - name: EXTENDED_TILE_CACHE_PERIOD
+//        type: INT64
+message ProjectProperties {
+  // List of per consumer project-specific properties.
+  repeated Property properties = 1;
+}
+
+// Defines project properties.
+//
+// API services can define properties that can be assigned to consumer projects
+// so that backends can perform response customization without having to make
+// additional calls or maintain additional storage. For example, Maps API
+// defines properties that controls map tile cache period, or whether to embed a
+// watermark in a result.
+//
+// These values can be set via API producer console. Only API providers can
+// define and set these properties.
+message Property {
+  // Supported data type of the property values
+  enum PropertyType {
+    // The type is unspecified, and will result in an error.
+    UNSPECIFIED = 0;
+
+    // The type is `int64`.
+    INT64 = 1;
+
+    // The type is `bool`.
+    BOOL = 2;
+
+    // The type is `string`.
+    STRING = 3;
+
+    // The type is 'double'.
+    DOUBLE = 4;
+  }
+
+  // The name of the property (a.k.a key).
+  string name = 1;
+
+  // The type of this property.
+  PropertyType type = 2;
+
+  // The description of the property
+  string description = 3;
+}

common-protos/google/api/context.proto

@@ -0,0 +1,90 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "ContextProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Context` defines which contexts an API requests.
+//
+// Example:
+//
+//     context:
+//       rules:
+//       - selector: "*"
+//         requested:
+//         - google.rpc.context.ProjectContext
+//         - google.rpc.context.OriginContext
+//
+// The above specifies that all methods in the API request
+// `google.rpc.context.ProjectContext` and
+// `google.rpc.context.OriginContext`.
+//
+// Available context types are defined in package
+// `google.rpc.context`.
+//
+// This also provides mechanism to whitelist any protobuf message extension that
+// can be sent in grpc metadata using “x-goog-ext-<extension_id>-bin” and
+// “x-goog-ext-<extension_id>-jspb” format. For example, list any service
+// specific protobuf types that can appear in grpc metadata as follows in your
+// yaml file:
+//
+// Example:
+//
+//     context:
+//       rules:
+//        - selector: "google.example.library.v1.LibraryService.CreateBook"
+//          allowed_request_extensions:
+//          - google.foo.v1.NewExtension
+//          allowed_response_extensions:
+//          - google.foo.v1.NewExtension
+//
+// You can also specify extension ID instead of fully qualified extension name
+// here.
+message Context {
+  // A list of RPC context rules that apply to individual API methods.
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated ContextRule rules = 1;
+}
+
+// A context rule provides information about the context for an individual API
+// element.
+message ContextRule {
+  // Selects the methods to which this rule applies.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // A list of full type names of requested contexts.
+  repeated string requested = 2;
+
+  // A list of full type names of provided contexts.
+  repeated string provided = 3;
+
+  // A list of full type names or extension IDs of extensions allowed in grpc
+  // side channel from client to backend.
+  repeated string allowed_request_extensions = 4;
+
+  // A list of full type names or extension IDs of extensions allowed in grpc
+  // side channel from backend to client.
+  repeated string allowed_response_extensions = 5;
+}

common-protos/google/api/control.proto

@@ -0,0 +1,33 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "ControlProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Selects and configures the service controller used by the service.  The
+// service controller handles features like abuse, quota, billing, logging,
+// monitoring, etc.
+message Control {
+  // The service control environment to use. If empty, no control plane
+  // feature (like quota and billing) will be enabled.
+  string environment = 1;
+}

common-protos/google/api/distribution.proto

@@ -0,0 +1,212 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/distribution;distribution";
+option java_multiple_files = true;
+option java_outer_classname = "DistributionProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Distribution` contains summary statistics for a population of values. It
+// optionally contains a histogram representing the distribution of those values
+// across a set of buckets.
+//
+// The summary statistics are the count, mean, sum of the squared deviation from
+// the mean, the minimum, and the maximum of the set of population of values.
+// The histogram is based on a sequence of buckets and gives a count of values
+// that fall into each bucket. The boundaries of the buckets are given either
+// explicitly or by formulas for buckets of fixed or exponentially increasing
+// widths.
+//
+// Although it is not forbidden, it is generally a bad idea to include
+// non-finite values (infinities or NaNs) in the population of values, as this
+// will render the `mean` and `sum_of_squared_deviation` fields meaningless.
+message Distribution {
+  // The range of the population values.
+  message Range {
+    // The minimum of the population values.
+    double min = 1;
+
+    // The maximum of the population values.
+    double max = 2;
+  }
+
+  // `BucketOptions` describes the bucket boundaries used to create a histogram
+  // for the distribution. The buckets can be in a linear sequence, an
+  // exponential sequence, or each bucket can be specified explicitly.
+  // `BucketOptions` does not include the number of values in each bucket.
+  //
+  // A bucket has an inclusive lower bound and exclusive upper bound for the
+  // values that are counted for that bucket. The upper bound of a bucket must
+  // be strictly greater than the lower bound. The sequence of N buckets for a
+  // distribution consists of an underflow bucket (number 0), zero or more
+  // finite buckets (number 1 through N - 2) and an overflow bucket (number N -
+  // 1). The buckets are contiguous: the lower bound of bucket i (i > 0) is the
+  // same as the upper bound of bucket i - 1. The buckets span the whole range
+  // of finite values: lower bound of the underflow bucket is -infinity and the
+  // upper bound of the overflow bucket is +infinity. The finite buckets are
+  // so-called because both bounds are finite.
+  message BucketOptions {
+    // Specifies a linear sequence of buckets that all have the same width
+    // (except overflow and underflow). Each bucket represents a constant
+    // absolute uncertainty on the specific value in the bucket.
+    //
+    // There are `num_finite_buckets + 2` (= N) buckets. Bucket `i` has the
+    // following boundaries:
+    //
+    //    Upper bound (0 <= i < N-1):     offset + (width * i).
+    //    Lower bound (1 <= i < N):       offset + (width * (i - 1)).
+    message Linear {
+      // Must be greater than 0.
+      int32 num_finite_buckets = 1;
+
+      // Must be greater than 0.
+      double width = 2;
+
+      // Lower bound of the first bucket.
+      double offset = 3;
+    }
+
+    // Specifies an exponential sequence of buckets that have a width that is
+    // proportional to the value of the lower bound. Each bucket represents a
+    // constant relative uncertainty on a specific value in the bucket.
+    //
+    // There are `num_finite_buckets + 2` (= N) buckets. Bucket `i` has the
+    // following boundaries:
+    //
+    //    Upper bound (0 <= i < N-1):     scale * (growth_factor ^ i).
+    //    Lower bound (1 <= i < N):       scale * (growth_factor ^ (i - 1)).
+    message Exponential {
+      // Must be greater than 0.
+      int32 num_finite_buckets = 1;
+
+      // Must be greater than 1.
+      double growth_factor = 2;
+
+      // Must be greater than 0.
+      double scale = 3;
+    }
+
+    // Specifies a set of buckets with arbitrary widths.
+    //
+    // There are `size(bounds) + 1` (= N) buckets. Bucket `i` has the following
+    // boundaries:
+    //
+    //    Upper bound (0 <= i < N-1):     bounds[i]
+    //    Lower bound (1 <= i < N);       bounds[i - 1]
+    //
+    // The `bounds` field must contain at least one element. If `bounds` has
+    // only one element, then there are no finite buckets, and that single
+    // element is the common boundary of the overflow and underflow buckets.
+    message Explicit {
+      // The values must be monotonically increasing.
+      repeated double bounds = 1;
+    }
+
+    // Exactly one of these three fields must be set.
+    oneof options {
+      // The linear bucket.
+      Linear linear_buckets = 1;
+
+      // The exponential buckets.
+      Exponential exponential_buckets = 2;
+
+      // The explicit buckets.
+      Explicit explicit_buckets = 3;
+    }
+  }
+
+  // Exemplars are example points that may be used to annotate aggregated
+  // distribution values. They are metadata that gives information about a
+  // particular value added to a Distribution bucket, such as a trace ID that
+  // was active when a value was added. They may contain further information,
+  // such as a example values and timestamps, origin, etc.
+  message Exemplar {
+    // Value of the exemplar point. This value determines to which bucket the
+    // exemplar belongs.
+    double value = 1;
+
+    // The observation (sampling) time of the above value.
+    google.protobuf.Timestamp timestamp = 2;
+
+    // Contextual information about the example value. Examples are:
+    //
+    //   Trace: type.googleapis.com/google.monitoring.v3.SpanContext
+    //
+    //   Literal string: type.googleapis.com/google.protobuf.StringValue
+    //
+    //   Labels dropped during aggregation:
+    //     type.googleapis.com/google.monitoring.v3.DroppedLabels
+    //
+    // There may be only a single attachment of any given message type in a
+    // single exemplar, and this is enforced by the system.
+    repeated google.protobuf.Any attachments = 3;
+  }
+
+  // The number of values in the population. Must be non-negative. This value
+  // must equal the sum of the values in `bucket_counts` if a histogram is
+  // provided.
+  int64 count = 1;
+
+  // The arithmetic mean of the values in the population. If `count` is zero
+  // then this field must be zero.
+  double mean = 2;
+
+  // The sum of squared deviations from the mean of the values in the
+  // population. For values x_i this is:
+  //
+  //     Sum[i=1..n]((x_i - mean)^2)
+  //
+  // Knuth, "The Art of Computer Programming", Vol. 2, page 323, 3rd edition
+  // describes Welford's method for accumulating this sum in one pass.
+  //
+  // If `count` is zero then this field must be zero.
+  double sum_of_squared_deviation = 3;
+
+  // If specified, contains the range of the population values. The field
+  // must not be present if the `count` is zero.
+  Range range = 4;
+
+  // Defines the histogram bucket boundaries. If the distribution does not
+  // contain a histogram, then omit this field.
+  BucketOptions bucket_options = 6;
+
+  // The number of values in each bucket of the histogram, as described in
+  // `bucket_options`. If the distribution does not have a histogram, then omit
+  // this field. If there is a histogram, then the sum of the values in
+  // `bucket_counts` must equal the value in the `count` field of the
+  // distribution.
+  //
+  // If present, `bucket_counts` should contain N values, where N is the number
+  // of buckets specified in `bucket_options`. If you supply fewer than N
+  // values, the remaining values are assumed to be 0.
+  //
+  // The order of the values in `bucket_counts` follows the bucket numbering
+  // schemes described for the three bucket types. The first value must be the
+  // count for the underflow bucket (number 0). The next N-2 values are the
+  // counts for the finite buckets (number 1 through N-2). The N'th value in
+  // `bucket_counts` is the count for the overflow bucket (number N-1).
+  repeated int64 bucket_counts = 7;
+
+  // Must be in increasing order of `value` field.
+  repeated Exemplar exemplars = 10;
+}

common-protos/google/api/documentation.proto

@@ -0,0 +1,157 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "DocumentationProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Documentation` provides the information for describing a service.
+//
+// Example:
+// <pre><code>documentation:
+//   summary: >
+//     The Google Calendar API gives access
+//     to most calendar features.
+//   pages:
+//   - name: Overview
+//     content: &#40;== include google/foo/overview.md ==&#41;
+//   - name: Tutorial
+//     content: &#40;== include google/foo/tutorial.md ==&#41;
+//     subpages;
+//     - name: Java
+//       content: &#40;== include google/foo/tutorial_java.md ==&#41;
+//   rules:
+//   - selector: google.calendar.Calendar.Get
+//     description: >
+//       ...
+//   - selector: google.calendar.Calendar.Put
+//     description: >
+//       ...
+// </code></pre>
+// Documentation is provided in markdown syntax. In addition to
+// standard markdown features, definition lists, tables and fenced
+// code blocks are supported. Section headers can be provided and are
+// interpreted relative to the section nesting of the context where
+// a documentation fragment is embedded.
+//
+// Documentation from the IDL is merged with documentation defined
+// via the config at normalization time, where documentation provided
+// by config rules overrides IDL provided.
+//
+// A number of constructs specific to the API platform are supported
+// in documentation text.
+//
+// In order to reference a proto element, the following
+// notation can be used:
+// <pre><code>&#91;fully.qualified.proto.name]&#91;]</code></pre>
+// To override the display text used for the link, this can be used:
+// <pre><code>&#91;display text]&#91;fully.qualified.proto.name]</code></pre>
+// Text can be excluded from doc using the following notation:
+// <pre><code>&#40;-- internal comment --&#41;</code></pre>
+//
+// A few directives are available in documentation. Note that
+// directives must appear on a single line to be properly
+// identified. The `include` directive includes a markdown file from
+// an external source:
+// <pre><code>&#40;== include path/to/file ==&#41;</code></pre>
+// The `resource_for` directive marks a message to be the resource of
+// a collection in REST view. If it is not specified, tools attempt
+// to infer the resource from the operations in a collection:
+// <pre><code>&#40;== resource_for v1.shelves.books ==&#41;</code></pre>
+// The directive `suppress_warning` does not directly affect documentation
+// and is documented together with service config validation.
+message Documentation {
+  // A short summary of what the service does. Can only be provided by
+  // plain text.
+  string summary = 1;
+
+  // The top level pages for the documentation set.
+  repeated Page pages = 5;
+
+  // A list of documentation rules that apply to individual API elements.
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated DocumentationRule rules = 3;
+
+  // The URL to the root of documentation.
+  string documentation_root_url = 4;
+
+  // Declares a single overview page. For example:
+  // <pre><code>documentation:
+  //   summary: ...
+  //   overview: &#40;== include overview.md ==&#41;
+  // </code></pre>
+  // This is a shortcut for the following declaration (using pages style):
+  // <pre><code>documentation:
+  //   summary: ...
+  //   pages:
+  //   - name: Overview
+  //     content: &#40;== include overview.md ==&#41;
+  // </code></pre>
+  // Note: you cannot specify both `overview` field and `pages` field.
+  string overview = 2;
+}
+
+// A documentation rule provides information about individual API elements.
+message DocumentationRule {
+  // The selector is a comma-separated list of patterns. Each pattern is a
+  // qualified name of the element which may end in "*", indicating a wildcard.
+  // Wildcards are only allowed at the end and for a whole component of the
+  // qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A
+  // wildcard will match one or more components. To specify a default for all
+  // applicable elements, the whole pattern "*" is used.
+  string selector = 1;
+
+  // Description of the selected API(s).
+  string description = 2;
+
+  // Deprecation description of the selected element(s). It can be provided if
+  // an element is marked as `deprecated`.
+  string deprecation_description = 3;
+}
+
+// Represents a documentation page. A page can contain subpages to represent
+// nested documentation set structure.
+message Page {
+  // The name of the page. It will be used as an identity of the page to
+  // generate URI of the page, text of the link to this page in navigation,
+  // etc. The full page name (start from the root page name to this page
+  // concatenated with `.`) can be used as reference to the page in your
+  // documentation. For example:
+  // <pre><code>pages:
+  // - name: Tutorial
+  //   content: &#40;== include tutorial.md ==&#41;
+  //   subpages:
+  //   - name: Java
+  //     content: &#40;== include tutorial_java.md ==&#41;
+  // </code></pre>
+  // You can reference `Java` page using Markdown reference link syntax:
+  // `[Java][Tutorial.Java]`.
+  string name = 1;
+
+  // The Markdown content of the page. You can use <code>&#40;== include {path}
+  // ==&#41;</code> to include content from a Markdown file.
+  string content = 2;
+
+  // Subpages of this page. The order of subpages specified here will be
+  // honored in the generated docset.
+  repeated Page subpages = 3;
+}

common-protos/google/api/endpoint.proto

@@ -0,0 +1,70 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "EndpointProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Endpoint` describes a network endpoint that serves a set of APIs.
+// A service may expose any number of endpoints, and all endpoints share the
+// same service configuration, such as quota configuration and monitoring
+// configuration.
+//
+// Example service configuration:
+//
+//     name: library-example.googleapis.com
+//     endpoints:
+//       # Below entry makes 'google.example.library.v1.Library'
+//       # API be served from endpoint address library-example.googleapis.com.
+//       # It also allows HTTP OPTIONS calls to be passed to the backend, for
+//       # it to decide whether the subsequent cross-origin request is
+//       # allowed to proceed.
+//     - name: library-example.googleapis.com
+//       allow_cors: true
+message Endpoint {
+  // The canonical name of this endpoint.
+  string name = 1;
+
+  // DEPRECATED: This field is no longer supported. Instead of using aliases,
+  // please specify multiple [google.api.Endpoint][google.api.Endpoint] for each of the intended
+  // aliases.
+  //
+  // Additional names that this endpoint will be hosted on.
+  repeated string aliases = 2 [deprecated = true];
+
+  // The list of features enabled on this endpoint.
+  repeated string features = 4;
+
+  // The specification of an Internet routable address of API frontend that will
+  // handle requests to this [API
+  // Endpoint](https://cloud.google.com/apis/design/glossary). It should be
+  // either a valid IPv4 address or a fully-qualified domain name. For example,
+  // "8.8.8.8" or "myservice.appspot.com".
+  string target = 101;
+
+  // Allowing
+  // [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka
+  // cross-domain traffic, would allow the backends served from this endpoint to
+  // receive and respond to HTTP OPTIONS requests. The response will be used by
+  // the browser to determine whether the subsequent cross-origin request is
+  // allowed to proceed.
+  bool allow_cors = 5;
+}

common-protos/google/api/expr/v1alpha1/cel_service.proto

@@ -0,0 +1,44 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/api/expr/v1alpha1/conformance_service.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "CelServiceProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// Access a CEL implementation from another process or machine.
+// A CEL implementation is decomposed as a parser, a static checker,
+// and an evaluator.  Every CEL implementation is expected to provide
+// a server for this API.  The API will be used for conformance testing,
+// utilities, and execution as a service.
+service CelService {
+  // Transforms CEL source text into a parsed representation.
+  rpc Parse(ParseRequest) returns (ParseResponse) {}
+
+  // Runs static checks on a parsed CEL representation and return
+  // an annotated representation, or a set of issues.
+  rpc Check(CheckRequest) returns (CheckResponse) {}
+
+  // Evaluates a parsed or annotation CEL representation given
+  // values of external bindings.
+  rpc Eval(EvalRequest) returns (EvalResponse) {}
+}

common-protos/google/api/expr/v1alpha1/checked.proto

@@ -0,0 +1,336 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/api/expr/v1alpha1/syntax.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/struct.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "DeclProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// Protos for representing CEL declarations and typed checked expressions.
+
+// A CEL expression which has been successfully type checked.
+message CheckedExpr {
+  // A map from expression ids to resolved references.
+  //
+  // The following entries are in this table:
+  //
+  // - An Ident or Select expression is represented here if it resolves to a
+  //   declaration. For instance, if `a.b.c` is represented by
+  //   `select(select(id(a), b), c)`, and `a.b` resolves to a declaration,
+  //   while `c` is a field selection, then the reference is attached to the
+  //   nested select expression (but not to the id or or the outer select).
+  //   In turn, if `a` resolves to a declaration and `b.c` are field selections,
+  //   the reference is attached to the ident expression.
+  // - Every Call expression has an entry here, identifying the function being
+  //   called.
+  // - Every CreateStruct expression for a message has an entry, identifying
+  //   the message.
+  map<int64, Reference> reference_map = 2;
+
+  // A map from expression ids to types.
+  //
+  // Every expression node which has a type different than DYN has a mapping
+  // here. If an expression has type DYN, it is omitted from this map to save
+  // space.
+  map<int64, Type> type_map = 3;
+
+  // The source info derived from input that generated the parsed `expr` and
+  // any optimizations made during the type-checking pass.
+  SourceInfo source_info = 5;
+
+  // The checked expression. Semantically equivalent to the parsed `expr`, but
+  // may have structural differences.
+  Expr expr = 4;
+}
+
+// Represents a CEL type.
+message Type {
+  // List type with typed elements, e.g. `list<example.proto.MyMessage>`.
+  message ListType {
+    // The element type.
+    Type elem_type = 1;
+  }
+
+  // Map type with parameterized key and value types, e.g. `map<string, int>`.
+  message MapType {
+    // The type of the key.
+    Type key_type = 1;
+
+    // The type of the value.
+    Type value_type = 2;
+  }
+
+  // Function type with result and arg types.
+  message FunctionType {
+    // Result type of the function.
+    Type result_type = 1;
+
+    // Argument types of the function.
+    repeated Type arg_types = 2;
+  }
+
+  // Application defined abstract type.
+  message AbstractType {
+    // The fully qualified name of this abstract type.
+    string name = 1;
+
+    // Parameter types for this abstract type.
+    repeated Type parameter_types = 2;
+  }
+
+  // CEL primitive types.
+  enum PrimitiveType {
+    // Unspecified type.
+    PRIMITIVE_TYPE_UNSPECIFIED = 0;
+
+    // Boolean type.
+    BOOL = 1;
+
+    // Int64 type.
+    //
+    // Proto-based integer values are widened to int64.
+    INT64 = 2;
+
+    // Uint64 type.
+    //
+    // Proto-based unsigned integer values are widened to uint64.
+    UINT64 = 3;
+
+    // Double type.
+    //
+    // Proto-based float values are widened to double values.
+    DOUBLE = 4;
+
+    // String type.
+    STRING = 5;
+
+    // Bytes type.
+    BYTES = 6;
+  }
+
+  // Well-known protobuf types treated with first-class support in CEL.
+  enum WellKnownType {
+    // Unspecified type.
+    WELL_KNOWN_TYPE_UNSPECIFIED = 0;
+
+    // Well-known protobuf.Any type.
+    //
+    // Any types are a polymorphic message type. During type-checking they are
+    // treated like `DYN` types, but at runtime they are resolved to a specific
+    // message type specified at evaluation time.
+    ANY = 1;
+
+    // Well-known protobuf.Timestamp type, internally referenced as `timestamp`.
+    TIMESTAMP = 2;
+
+    // Well-known protobuf.Duration type, internally referenced as `duration`.
+    DURATION = 3;
+  }
+
+  // The kind of type.
+  oneof type_kind {
+    // Dynamic type.
+    google.protobuf.Empty dyn = 1;
+
+    // Null value.
+    google.protobuf.NullValue null = 2;
+
+    // Primitive types: `true`, `1u`, `-2.0`, `'string'`, `b'bytes'`.
+    PrimitiveType primitive = 3;
+
+    // Wrapper of a primitive type, e.g. `google.protobuf.Int64Value`.
+    PrimitiveType wrapper = 4;
+
+    // Well-known protobuf type such as `google.protobuf.Timestamp`.
+    WellKnownType well_known = 5;
+
+    // Parameterized list with elements of `list_type`, e.g. `list<timestamp>`.
+    ListType list_type = 6;
+
+    // Parameterized map with typed keys and values.
+    MapType map_type = 7;
+
+    // Function type.
+    FunctionType function = 8;
+
+    // Protocol buffer message type.
+    //
+    // The `message_type` string specifies the qualified message type name. For
+    // example, `google.plus.Profile`.
+    string message_type = 9;
+
+    // Type param type.
+    //
+    // The `type_param` string specifies the type parameter name, e.g. `list<E>`
+    // would be a `list_type` whose element type was a `type_param` type
+    // named `E`.
+    string type_param = 10;
+
+    // Type type.
+    //
+    // The `type` value specifies the target type. e.g. int is type with a
+    // target type of `Primitive.INT`.
+    Type type = 11;
+
+    // Error type.
+    //
+    // During type-checking if an expression is an error, its type is propagated
+    // as the `ERROR` type. This permits the type-checker to discover other
+    // errors present in the expression.
+    google.protobuf.Empty error = 12;
+
+    // Abstract, application defined type.
+    AbstractType abstract_type = 14;
+  }
+}
+
+// Represents a declaration of a named value or function.
+//
+// A declaration is part of the contract between the expression, the agent
+// evaluating that expression, and the caller requesting evaluation.
+message Decl {
+  // Identifier declaration which specifies its type and optional `Expr` value.
+  //
+  // An identifier without a value is a declaration that must be provided at
+  // evaluation time. An identifier with a value should resolve to a constant,
+  // but may be used in conjunction with other identifiers bound at evaluation
+  // time.
+  message IdentDecl {
+    // Required. The type of the identifier.
+    Type type = 1;
+
+    // The constant value of the identifier. If not specified, the identifier
+    // must be supplied at evaluation time.
+    Constant value = 2;
+
+    // Documentation string for the identifier.
+    string doc = 3;
+  }
+
+  // Function declaration specifies one or more overloads which indicate the
+  // function's parameter types and return type, and may optionally specify a
+  // function definition in terms of CEL expressions.
+  //
+  // Functions have no observable side-effects (there may be side-effects like
+  // logging which are not observable from CEL).
+  message FunctionDecl {
+    // An overload indicates a function's parameter types and return type, and
+    // may optionally include a function body described in terms of
+    // [Expr][google.api.expr.v1alpha1.Expr] values.
+    //
+    // Functions overloads are declared in either a function or method
+    // call-style. For methods, the `params[0]` is the expected type of the
+    // target receiver.
+    //
+    // Overloads must have non-overlapping argument types after erasure of all
+    // parameterized type variables (similar as type erasure in Java).
+    message Overload {
+      // Required. Globally unique overload name of the function which reflects
+      // the function name and argument types.
+      //
+      // This will be used by a [Reference][google.api.expr.v1alpha1.Reference]
+      // to indicate the `overload_id` that was resolved for the function
+      // `name`.
+      string overload_id = 1;
+
+      // List of function parameter [Type][google.api.expr.v1alpha1.Type]
+      // values.
+      //
+      // Param types are disjoint after generic type parameters have been
+      // replaced with the type `DYN`. Since the `DYN` type is compatible with
+      // any other type, this means that if `A` is a type parameter, the
+      // function types `int<A>` and `int<int>` are not disjoint. Likewise,
+      // `map<string, string>` is not disjoint from `map<K, V>`.
+      //
+      // When the `result_type` of a function is a generic type param, the
+      // type param name also appears as the `type` of on at least one params.
+      repeated Type params = 2;
+
+      // The type param names associated with the function declaration.
+      //
+      // For example, `function ex<K,V>(K key, map<K, V> map) : V` would yield
+      // the type params of `K, V`.
+      repeated string type_params = 3;
+
+      // Required. The result type of the function. For example, the operator
+      // `string.isEmpty()` would have `result_type` of `kind: BOOL`.
+      Type result_type = 4;
+
+      // Whether the function is to be used in a method call-style `x.f(...)`
+      // of a function call-style `f(x, ...)`.
+      //
+      // For methods, the first parameter declaration, `params[0]` is the
+      // expected type of the target receiver.
+      bool is_instance_function = 5;
+
+      // Documentation string for the overload.
+      string doc = 6;
+    }
+
+    // Required. List of function overloads, must contain at least one overload.
+    repeated Overload overloads = 1;
+  }
+
+  // The fully qualified name of the declaration.
+  //
+  // Declarations are organized in containers and this represents the full path
+  // to the declaration in its container, as in `google.api.expr.Decl`.
+  //
+  // Declarations used as
+  // [FunctionDecl.Overload][google.api.expr.v1alpha1.Decl.FunctionDecl.Overload]
+  // parameters may or may not have a name depending on whether the overload is
+  // function declaration or a function definition containing a result
+  // [Expr][google.api.expr.v1alpha1.Expr].
+  string name = 1;
+
+  // Required. The declaration kind.
+  oneof decl_kind {
+    // Identifier declaration.
+    IdentDecl ident = 2;
+
+    // Function declaration.
+    FunctionDecl function = 3;
+  }
+}
+
+// Describes a resolved reference to a declaration.
+message Reference {
+  // The fully qualified name of the declaration.
+  string name = 1;
+
+  // For references to functions, this is a list of `Overload.overload_id`
+  // values which match according to typing rules.
+  //
+  // If the list has more than one element, overload resolution among the
+  // presented candidates must happen at runtime because of dynamic types. The
+  // type checker attempts to narrow down this list as much as possible.
+  //
+  // Empty if this is not a reference to a
+  // [Decl.FunctionDecl][google.api.expr.v1alpha1.Decl.FunctionDecl].
+  repeated string overload_id = 3;
+
+  // For references to constants, this may contain the value of the
+  // constant if known at compile time.
+  Constant value = 4;
+}

common-protos/google/api/expr/v1alpha1/conformance_service.proto

@@ -0,0 +1,165 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/api/expr/v1alpha1/checked.proto";
+import "google/api/expr/v1alpha1/eval.proto";
+import "google/api/expr/v1alpha1/syntax.proto";
+import "google/rpc/status.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "ConformanceServiceProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// Access a CEL implementation from another process or machine.
+// A CEL implementation is decomposed as a parser, a static checker,
+// and an evaluator.  Every CEL implementation is expected to provide
+// a server for this API.  The API will be used for conformance testing
+// and other utilities.
+service ConformanceService {
+  // Transforms CEL source text into a parsed representation.
+  rpc Parse(ParseRequest) returns (ParseResponse) {}
+
+  // Runs static checks on a parsed CEL representation and return
+  // an annotated representation, or a set of issues.
+  rpc Check(CheckRequest) returns (CheckResponse) {}
+
+  // Evaluates a parsed or annotation CEL representation given
+  // values of external bindings.
+  rpc Eval(EvalRequest) returns (EvalResponse) {}
+}
+
+// Request message for the Parse method.
+message ParseRequest {
+  // Required. Source text in CEL syntax.
+  string cel_source = 1;
+
+  // Tag for version of CEL syntax, for future use.
+  string syntax_version = 2;
+
+  // File or resource for source text, used in
+  // [SourceInfo][google.api.expr.v1alpha1.SourceInfo].
+  string source_location = 3;
+
+  // Prevent macro expansion.  See "Macros" in Language Defiinition.
+  bool disable_macros = 4;
+}
+
+// Response message for the Parse method.
+message ParseResponse {
+  // The parsed representation, or unset if parsing failed.
+  ParsedExpr parsed_expr = 1;
+
+  // Any number of issues with [StatusDetails][] as the details.
+  repeated google.rpc.Status issues = 2;
+}
+
+// Request message for the Check method.
+message CheckRequest {
+  // Required. The parsed representation of the CEL program.
+  ParsedExpr parsed_expr = 1;
+
+  // Declarations of types for external variables and functions.
+  // Required if program uses external variables or functions
+  // not in the default environment.
+  repeated Decl type_env = 2;
+
+  // The protocol buffer context.  See "Name Resolution" in the
+  // Language Definition.
+  string container = 3;
+
+  // If true, use only the declarations in
+  // [type_env][google.api.expr.v1alpha1.CheckRequest.type_env].  If false
+  // (default), add declarations for the standard definitions to the type
+  // environment.  See "Standard Definitions" in the Language Definition.
+  bool no_std_env = 4;
+}
+
+// Response message for the Check method.
+message CheckResponse {
+  // The annotated representation, or unset if checking failed.
+  CheckedExpr checked_expr = 1;
+
+  // Any number of issues with [StatusDetails][] as the details.
+  repeated google.rpc.Status issues = 2;
+}
+
+// Request message for the Eval method.
+message EvalRequest {
+  // Required. Either the parsed or annotated representation of the CEL program.
+  oneof expr_kind {
+    // Evaluate based on the parsed representation.
+    ParsedExpr parsed_expr = 1;
+
+    // Evaluate based on the checked representation.
+    CheckedExpr checked_expr = 2;
+  }
+
+  // Bindings for the external variables.  The types SHOULD be compatible
+  // with the type environment in
+  // [CheckRequest][google.api.expr.v1alpha1.CheckRequest], if checked.
+  map<string, ExprValue> bindings = 3;
+
+  // SHOULD be the same container as used in
+  // [CheckRequest][google.api.expr.v1alpha1.CheckRequest], if checked.
+  string container = 4;
+}
+
+// Response message for the Eval method.
+message EvalResponse {
+  // The execution result, or unset if execution couldn't start.
+  ExprValue result = 1;
+
+  // Any number of issues with [StatusDetails][] as the details.
+  // Note that CEL execution errors are reified into
+  // [ExprValue][google.api.expr.v1alpha1.ExprValue]. Nevertheless, we'll allow
+  // out-of-band issues to be raised, which also makes the replies more regular.
+  repeated google.rpc.Status issues = 2;
+}
+
+// Warnings or errors in service execution are represented by
+// [google.rpc.Status][google.rpc.Status] messages, with the following message
+// in the details field.
+message IssueDetails {
+  // Severities of issues.
+  enum Severity {
+    // An unspecified severity.
+    SEVERITY_UNSPECIFIED = 0;
+
+    // Deprecation issue for statements and method that may no longer be
+    // supported or maintained.
+    DEPRECATION = 1;
+
+    // Warnings such as: unused variables.
+    WARNING = 2;
+
+    // Errors such as: unmatched curly braces or variable redefinition.
+    ERROR = 3;
+  }
+
+  // The severity of the issue.
+  Severity severity = 1;
+
+  // Position in the source, if known.
+  SourcePosition position = 2;
+
+  // Expression ID from [Expr][google.api.expr.v1alpha1.Expr], 0 if unknown.
+  int64 id = 3;
+}

common-protos/google/api/expr/v1alpha1/eval.proto

@@ -0,0 +1,119 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/api/expr/v1alpha1/value.proto";
+import "google/rpc/status.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "EvalProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// The state of an evaluation.
+//
+// Can represent an inital, partial, or completed state of evaluation.
+message EvalState {
+  // A single evalution result.
+  message Result {
+    // The id of the expression this result if for.
+    int64 expr = 1;
+
+    // The index in `values` of the resulting value.
+    int64 value = 2;
+  }
+
+  // The unique values referenced in this message.
+  repeated ExprValue values = 1;
+
+  // An ordered list of results.
+  //
+  // Tracks the flow of evaluation through the expression.
+  // May be sparse.
+  repeated Result results = 3;
+}
+
+// The value of an evaluated expression.
+message ExprValue {
+  // An expression can resolve to a value, error or unknown.
+  oneof kind {
+    // A concrete value.
+    Value value = 1;
+
+    // The set of errors in the critical path of evalution.
+    //
+    // Only errors in the critical path are included. For example,
+    // `(<error1> || true) && <error2>` will only result in `<error2>`,
+    // while `<error1> || <error2>` will result in both `<error1>` and
+    // `<error2>`.
+    //
+    // Errors cause by the presence of other errors are not included in the
+    // set. For example `<error1>.foo`, `foo(<error1>)`, and `<error1> + 1` will
+    // only result in `<error1>`.
+    //
+    // Multiple errors *might* be included when evaluation could result
+    // in different errors. For example `<error1> + <error2>` and
+    // `foo(<error1>, <error2>)` may result in `<error1>`, `<error2>` or both.
+    // The exact subset of errors included for this case is unspecified and
+    // depends on the implementation details of the evaluator.
+    ErrorSet error = 2;
+
+    // The set of unknowns in the critical path of evaluation.
+    //
+    // Unknown behaves identically to Error with regards to propagation.
+    // Specifically, only unknowns in the critical path are included, unknowns
+    // caused by the presence of other unknowns are not included, and multiple
+    // unknowns *might* be included included when evaluation could result in
+    // different unknowns. For example:
+    //
+    //     (<unknown[1]> || true) && <unknown[2]> -> <unknown[2]>
+    //     <unknown[1]> || <unknown[2]> -> <unknown[1,2]>
+    //     <unknown[1]>.foo -> <unknown[1]>
+    //     foo(<unknown[1]>) -> <unknown[1]>
+    //     <unknown[1]> + <unknown[2]> -> <unknown[1]> or <unknown[2[>
+    //
+    // Unknown takes precidence over Error in cases where a `Value` can short
+    // circuit the result:
+    //
+    //     <error> || <unknown> -> <unknown>
+    //     <error> && <unknown> -> <unknown>
+    //
+    // Errors take precidence in all other cases:
+    //
+    //     <unknown> + <error> -> <error>
+    //     foo(<unknown>, <error>) -> <error>
+    UnknownSet unknown = 3;
+  }
+}
+
+// A set of errors.
+//
+// The errors included depend on the context. See `ExprValue.error`.
+message ErrorSet {
+  // The errors in the set.
+  repeated google.rpc.Status errors = 1;
+}
+
+// A set of expressions for which the value is unknown.
+//
+// The unknowns included depend on the context. See `ExprValue.unknown`.
+message UnknownSet {
+  // The ids of the expressions with unknown values.
+  repeated int64 exprs = 1;
+}

common-protos/google/api/expr/v1alpha1/explain.proto

@@ -0,0 +1,54 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/api/expr/v1alpha1/value.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "ExplainProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// Values of intermediate expressions produced when evaluating expression.
+// Deprecated, use `EvalState` instead.
+message Explain {
+  option deprecated = true;
+
+  // ID and value index of one step.
+  message ExprStep {
+    // ID of corresponding Expr node.
+    int64 id = 1;
+
+    // Index of the value in the values list.
+    int32 value_index = 2;
+  }
+
+  // All of the observed values.
+  //
+  // The field value_index is an index in the values list.
+  // Separating values from steps is needed to remove redundant values.
+  repeated Value values = 1;
+
+  // List of steps.
+  //
+  // Repeated evaluations of the same expression generate new ExprStep
+  // instances. The order of such ExprStep instances matches the order of
+  // elements returned by Comprehension.iter_range.
+  repeated ExprStep expr_steps = 2;
+}

common-protos/google/api/expr/v1alpha1/syntax.proto

@@ -0,0 +1,322 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "SyntaxProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// A representation of the abstract syntax of the Common Expression Language.
+
+// An expression together with source information as returned by the parser.
+message ParsedExpr {
+  // The parsed expression.
+  Expr expr = 2;
+
+  // The source info derived from input that generated the parsed `expr`.
+  SourceInfo source_info = 3;
+}
+
+// An abstract representation of a common expression.
+//
+// Expressions are abstractly represented as a collection of identifiers,
+// select statements, function calls, literals, and comprehensions. All
+// operators with the exception of the '.' operator are modelled as function
+// calls. This makes it easy to represent new operators into the existing AST.
+//
+// All references within expressions must resolve to a
+// [Decl][google.api.expr.v1alpha1.Decl] provided at type-check for an
+// expression to be valid. A reference may either be a bare identifier `name` or
+// a qualified identifier `google.api.name`. References may either refer to a
+// value or a function declaration.
+//
+// For example, the expression `google.api.name.startsWith('expr')` references
+// the declaration `google.api.name` within a
+// [Expr.Select][google.api.expr.v1alpha1.Expr.Select] expression, and the
+// function declaration `startsWith`.
+message Expr {
+  // An identifier expression. e.g. `request`.
+  message Ident {
+    // Required. Holds a single, unqualified identifier, possibly preceded by a
+    // '.'.
+    //
+    // Qualified names are represented by the
+    // [Expr.Select][google.api.expr.v1alpha1.Expr.Select] expression.
+    string name = 1;
+  }
+
+  // A field selection expression. e.g. `request.auth`.
+  message Select {
+    // Required. The target of the selection expression.
+    //
+    // For example, in the select expression `request.auth`, the `request`
+    // portion of the expression is the `operand`.
+    Expr operand = 1;
+
+    // Required. The name of the field to select.
+    //
+    // For example, in the select expression `request.auth`, the `auth` portion
+    // of the expression would be the `field`.
+    string field = 2;
+
+    // Whether the select is to be interpreted as a field presence test.
+    //
+    // This results from the macro `has(request.auth)`.
+    bool test_only = 3;
+  }
+
+  // A call expression, including calls to predefined functions and operators.
+  //
+  // For example, `value == 10`, `size(map_value)`.
+  message Call {
+    // The target of an method call-style expression. For example, `x` in
+    // `x.f()`.
+    Expr target = 1;
+
+    // Required. The name of the function or method being called.
+    string function = 2;
+
+    // The arguments.
+    repeated Expr args = 3;
+  }
+
+  // A list creation expression.
+  //
+  // Lists may either be homogenous, e.g. `[1, 2, 3]`, or heterogenous, e.g.
+  // `dyn([1, 'hello', 2.0])`
+  message CreateList {
+    // The elements part of the list.
+    repeated Expr elements = 1;
+  }
+
+  // A map or message creation expression.
+  //
+  // Maps are constructed as `{'key_name': 'value'}`. Message construction is
+  // similar, but prefixed with a type name and composed of field ids:
+  // `types.MyType{field_id: 'value'}`.
+  message CreateStruct {
+    // Represents an entry.
+    message Entry {
+      // Required. An id assigned to this node by the parser which is unique
+      // in a given expression tree. This is used to associate type
+      // information and other attributes to the node.
+      int64 id = 1;
+
+      // The `Entry` key kinds.
+      oneof key_kind {
+        // The field key for a message creator statement.
+        string field_key = 2;
+
+        // The key expression for a map creation statement.
+        Expr map_key = 3;
+      }
+
+      // Required. The value assigned to the key.
+      Expr value = 4;
+    }
+
+    // The type name of the message to be created, empty when creating map
+    // literals.
+    string message_name = 1;
+
+    // The entries in the creation expression.
+    repeated Entry entries = 2;
+  }
+
+  // A comprehension expression applied to a list or map.
+  //
+  // Comprehensions are not part of the core syntax, but enabled with macros.
+  // A macro matches a specific call signature within a parsed AST and replaces
+  // the call with an alternate AST block. Macro expansion happens at parse
+  // time.
+  //
+  // The following macros are supported within CEL:
+  //
+  // Aggregate type macros may be applied to all elements in a list or all keys
+  // in a map:
+  //
+  // *  `all`, `exists`, `exists_one` -  test a predicate expression against
+  //    the inputs and return `true` if the predicate is satisfied for all,
+  //    any, or only one value `list.all(x, x < 10)`.
+  // *  `filter` - test a predicate expression against the inputs and return
+  //    the subset of elements which satisfy the predicate:
+  //    `payments.filter(p, p > 1000)`.
+  // *  `map` - apply an expression to all elements in the input and return the
+  //    output aggregate type: `[1, 2, 3].map(i, i * i)`.
+  //
+  // The `has(m.x)` macro tests whether the property `x` is present in struct
+  // `m`. The semantics of this macro depend on the type of `m`. For proto2
+  // messages `has(m.x)` is defined as 'defined, but not set`. For proto3, the
+  // macro tests whether the property is set to its default. For map and struct
+  // types, the macro tests whether the property `x` is defined on `m`.
+  message Comprehension {
+    // The name of the iteration variable.
+    string iter_var = 1;
+
+    // The range over which var iterates.
+    Expr iter_range = 2;
+
+    // The name of the variable used for accumulation of the result.
+    string accu_var = 3;
+
+    // The initial value of the accumulator.
+    Expr accu_init = 4;
+
+    // An expression which can contain iter_var and accu_var.
+    //
+    // Returns false when the result has been computed and may be used as
+    // a hint to short-circuit the remainder of the comprehension.
+    Expr loop_condition = 5;
+
+    // An expression which can contain iter_var and accu_var.
+    //
+    // Computes the next value of accu_var.
+    Expr loop_step = 6;
+
+    // An expression which can contain accu_var.
+    //
+    // Computes the result.
+    Expr result = 7;
+  }
+
+  // Required. An id assigned to this node by the parser which is unique in a
+  // given expression tree. This is used to associate type information and other
+  // attributes to a node in the parse tree.
+  int64 id = 2;
+
+  // Required. Variants of expressions.
+  oneof expr_kind {
+    // A literal expression.
+    Constant const_expr = 3;
+
+    // An identifier expression.
+    Ident ident_expr = 4;
+
+    // A field selection expression, e.g. `request.auth`.
+    Select select_expr = 5;
+
+    // A call expression, including calls to predefined functions and operators.
+    Call call_expr = 6;
+
+    // A list creation expression.
+    CreateList list_expr = 7;
+
+    // A map or message creation expression.
+    CreateStruct struct_expr = 8;
+
+    // A comprehension expression.
+    Comprehension comprehension_expr = 9;
+  }
+}
+
+// Represents a primitive literal.
+//
+// Named 'Constant' here for backwards compatibility.
+//
+// This is similar as the primitives supported in the well-known type
+// `google.protobuf.Value`, but richer so it can represent CEL's full range of
+// primitives.
+//
+// Lists and structs are not included as constants as these aggregate types may
+// contain [Expr][google.api.expr.v1alpha1.Expr] elements which require
+// evaluation and are thus not constant.
+//
+// Examples of literals include: `"hello"`, `b'bytes'`, `1u`, `4.2`, `-2`,
+// `true`, `null`.
+message Constant {
+  // Required. The valid constant kinds.
+  oneof constant_kind {
+    // null value.
+    google.protobuf.NullValue null_value = 1;
+
+    // boolean value.
+    bool bool_value = 2;
+
+    // int64 value.
+    int64 int64_value = 3;
+
+    // uint64 value.
+    uint64 uint64_value = 4;
+
+    // double value.
+    double double_value = 5;
+
+    // string value.
+    string string_value = 6;
+
+    // bytes value.
+    bytes bytes_value = 7;
+
+    // protobuf.Duration value.
+    //
+    // Deprecated: duration is no longer considered a builtin cel type.
+    google.protobuf.Duration duration_value = 8 [deprecated = true];
+
+    // protobuf.Timestamp value.
+    //
+    // Deprecated: timestamp is no longer considered a builtin cel type.
+    google.protobuf.Timestamp timestamp_value = 9 [deprecated = true];
+  }
+}
+
+// Source information collected at parse time.
+message SourceInfo {
+  // The syntax version of the source, e.g. `cel1`.
+  string syntax_version = 1;
+
+  // The location name. All position information attached to an expression is
+  // relative to this location.
+  //
+  // The location could be a file, UI element, or similar. For example,
+  // `acme/app/AnvilPolicy.cel`.
+  string location = 2;
+
+  // Monotonically increasing list of character offsets where newlines appear.
+  //
+  // The line number of a given position is the index `i` where for a given
+  // `id` the `line_offsets[i] < id_positions[id] < line_offsets[i+1]`. The
+  // column may be derivd from `id_positions[id] - line_offsets[i]`.
+  repeated int32 line_offsets = 3;
+
+  // A map from the parse node id (e.g. `Expr.id`) to the character offset
+  // within source.
+  map<int64, int32> positions = 4;
+}
+
+// A specific position in source.
+message SourcePosition {
+  // The soucre location name (e.g. file name).
+  string location = 1;
+
+  // The character offset.
+  int32 offset = 2;
+
+  // The 1-based index of the starting line in the source text
+  // where the issue occurs, or 0 if unknown.
+  int32 line = 3;
+
+  // The 0-based index of the starting position within the line of source text
+  // where the issue occurs.  Only meaningful if line is nonzero.
+  int32 column = 4;
+}

common-protos/google/api/expr/v1alpha1/value.proto

@@ -0,0 +1,116 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1alpha1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/struct.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "ValueProto";
+option java_package = "com.google.api.expr.v1alpha1";
+
+// Contains representations for CEL runtime values.
+
+// Represents a CEL value.
+//
+// This is similar to `google.protobuf.Value`, but can represent CEL's full
+// range of values.
+message Value {
+  // Required. The valid kinds of values.
+  oneof kind {
+    // Null value.
+    google.protobuf.NullValue null_value = 1;
+
+    // Boolean value.
+    bool bool_value = 2;
+
+    // Signed integer value.
+    int64 int64_value = 3;
+
+    // Unsigned integer value.
+    uint64 uint64_value = 4;
+
+    // Floating point value.
+    double double_value = 5;
+
+    // UTF-8 string value.
+    string string_value = 6;
+
+    // Byte string value.
+    bytes bytes_value = 7;
+
+    // An enum value.
+    EnumValue enum_value = 9;
+
+    // The proto message backing an object value.
+    google.protobuf.Any object_value = 10;
+
+    // Map value.
+    MapValue map_value = 11;
+
+    // List value.
+    ListValue list_value = 12;
+
+    // Type value.
+    string type_value = 15;
+  }
+}
+
+// An enum value.
+message EnumValue {
+  // The fully qualified name of the enum type.
+  string type = 1;
+
+  // The value of the enum.
+  int32 value = 2;
+}
+
+// A list.
+//
+// Wrapped in a message so 'not set' and empty can be differentiated, which is
+// required for use in a 'oneof'.
+message ListValue {
+  // The ordered values in the list.
+  repeated Value values = 1;
+}
+
+// A map.
+//
+// Wrapped in a message so 'not set' and empty can be differentiated, which is
+// required for use in a 'oneof'.
+message MapValue {
+  // An entry in the map.
+  message Entry {
+    // The key.
+    //
+    // Must be unique with in the map.
+    // Currently only boolean, int, uint, and string values can be keys.
+    Value key = 1;
+
+    // The value.
+    Value value = 2;
+  }
+
+  // The set of map entries.
+  //
+  // CEL has fewer restrictions on keys, so a protobuf map represenation
+  // cannot be used.
+  repeated Entry entries = 1;
+}

common-protos/google/api/expr/v1beta1/decl.proto

@@ -0,0 +1,84 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1beta1;
+
+import "google/api/expr/v1beta1/expr.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "DeclProto";
+option java_package = "com.google.api.expr.v1beta1";
+
+// A declaration.
+message Decl {
+  // The id of the declaration.
+  int32 id = 1;
+
+  // The name of the declaration.
+  string name = 2;
+
+  // The documentation string for the declaration.
+  string doc = 3;
+
+  // The kind of declaration.
+  oneof kind {
+    // An identifier declaration.
+    IdentDecl ident = 4;
+
+    // A function declaration.
+    FunctionDecl function = 5;
+  }
+}
+
+// The declared type of a variable.
+//
+// Extends runtime type values with extra information used for type checking
+// and dispatching.
+message DeclType {
+  // The expression id of the declared type, if applicable.
+  int32 id = 1;
+
+  // The type name, e.g. 'int', 'my.type.Type' or 'T'
+  string type = 2;
+
+  // An ordered list of type parameters, e.g. `<string, int>`.
+  // Only applies to a subset of types, e.g. `map`, `list`.
+  repeated DeclType type_params = 4;
+}
+
+// An identifier declaration.
+message IdentDecl {
+  // Optional type of the identifier.
+  DeclType type = 3;
+
+  // Optional value of the identifier.
+  Expr value = 4;
+}
+
+// A function declaration.
+message FunctionDecl {
+  // The function arguments.
+  repeated IdentDecl args = 1;
+
+  // Optional declared return type.
+  DeclType return_type = 2;
+
+  // If the first argument of the function is the receiver.
+  bool receiver_function = 3;
+}

common-protos/google/api/expr/v1beta1/eval.proto

@@ -0,0 +1,125 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1beta1;
+
+import "google/api/expr/v1beta1/value.proto";
+import "google/rpc/status.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "EvalProto";
+option java_package = "com.google.api.expr.v1beta1";
+
+// The state of an evaluation.
+//
+// Can represent an initial, partial, or completed state of evaluation.
+message EvalState {
+  // A single evaluation result.
+  message Result {
+    // The expression this result is for.
+    IdRef expr = 1;
+
+    // The index in `values` of the resulting value.
+    int32 value = 2;
+  }
+
+  // The unique values referenced in this message.
+  repeated ExprValue values = 1;
+
+  // An ordered list of results.
+  //
+  // Tracks the flow of evaluation through the expression.
+  // May be sparse.
+  repeated Result results = 3;
+}
+
+// The value of an evaluated expression.
+message ExprValue {
+  // An expression can resolve to a value, error or unknown.
+  oneof kind {
+    // A concrete value.
+    Value value = 1;
+
+    // The set of errors in the critical path of evalution.
+    //
+    // Only errors in the critical path are included. For example,
+    // `(<error1> || true) && <error2>` will only result in `<error2>`,
+    // while `<error1> || <error2>` will result in both `<error1>` and
+    // `<error2>`.
+    //
+    // Errors cause by the presence of other errors are not included in the
+    // set. For example `<error1>.foo`, `foo(<error1>)`, and `<error1> + 1` will
+    // only result in `<error1>`.
+    //
+    // Multiple errors *might* be included when evaluation could result
+    // in different errors. For example `<error1> + <error2>` and
+    // `foo(<error1>, <error2>)` may result in `<error1>`, `<error2>` or both.
+    // The exact subset of errors included for this case is unspecified and
+    // depends on the implementation details of the evaluator.
+    ErrorSet error = 2;
+
+    // The set of unknowns in the critical path of evaluation.
+    //
+    // Unknown behaves identically to Error with regards to propagation.
+    // Specifically, only unknowns in the critical path are included, unknowns
+    // caused by the presence of other unknowns are not included, and multiple
+    // unknowns *might* be included included when evaluation could result in
+    // different unknowns. For example:
+    //
+    //     (<unknown[1]> || true) && <unknown[2]> -> <unknown[2]>
+    //     <unknown[1]> || <unknown[2]> -> <unknown[1,2]>
+    //     <unknown[1]>.foo -> <unknown[1]>
+    //     foo(<unknown[1]>) -> <unknown[1]>
+    //     <unknown[1]> + <unknown[2]> -> <unknown[1]> or <unknown[2[>
+    //
+    // Unknown takes precidence over Error in cases where a `Value` can short
+    // circuit the result:
+    //
+    //     <error> || <unknown> -> <unknown>
+    //     <error> && <unknown> -> <unknown>
+    //
+    // Errors take precidence in all other cases:
+    //
+    //     <unknown> + <error> -> <error>
+    //     foo(<unknown>, <error>) -> <error>
+    UnknownSet unknown = 3;
+  }
+}
+
+// A set of errors.
+//
+// The errors included depend on the context. See `ExprValue.error`.
+message ErrorSet {
+  // The errors in the set.
+  repeated google.rpc.Status errors = 1;
+}
+
+// A set of expressions for which the value is unknown.
+//
+// The unknowns included depend on the context. See `ExprValue.unknown`.
+message UnknownSet {
+  // The ids of the expressions with unknown values.
+  repeated IdRef exprs = 1;
+}
+
+// A reference to an expression id.
+message IdRef {
+  // The expression id.
+  int32 id = 1;
+}

common-protos/google/api/expr/v1beta1/expr.proto

@@ -0,0 +1,269 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1beta1;
+
+import "google/api/expr/v1beta1/source.proto";
+import "google/protobuf/struct.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "ExprProto";
+option java_package = "com.google.api.expr.v1beta1";
+
+// An expression together with source information as returned by the parser.
+message ParsedExpr {
+  // The parsed expression.
+  Expr expr = 2;
+
+  // The source info derived from input that generated the parsed `expr`.
+  SourceInfo source_info = 3;
+
+  // The syntax version of the source, e.g. `cel1`.
+  string syntax_version = 4;
+}
+
+// An abstract representation of a common expression.
+//
+// Expressions are abstractly represented as a collection of identifiers,
+// select statements, function calls, literals, and comprehensions. All
+// operators with the exception of the '.' operator are modelled as function
+// calls. This makes it easy to represent new operators into the existing AST.
+//
+// All references within expressions must resolve to a
+// [Decl][google.api.expr.v1beta1.Decl] provided at type-check for an expression
+// to be valid. A reference may either be a bare identifier `name` or a
+// qualified identifier `google.api.name`. References may either refer to a
+// value or a function declaration.
+//
+// For example, the expression `google.api.name.startsWith('expr')` references
+// the declaration `google.api.name` within a
+// [Expr.Select][google.api.expr.v1beta1.Expr.Select] expression, and the
+// function declaration `startsWith`.
+message Expr {
+  // An identifier expression. e.g. `request`.
+  message Ident {
+    // Required. Holds a single, unqualified identifier, possibly preceded by a
+    // '.'.
+    //
+    // Qualified names are represented by the
+    // [Expr.Select][google.api.expr.v1beta1.Expr.Select] expression.
+    string name = 1;
+  }
+
+  // A field selection expression. e.g. `request.auth`.
+  message Select {
+    // Required. The target of the selection expression.
+    //
+    // For example, in the select expression `request.auth`, the `request`
+    // portion of the expression is the `operand`.
+    Expr operand = 1;
+
+    // Required. The name of the field to select.
+    //
+    // For example, in the select expression `request.auth`, the `auth` portion
+    // of the expression would be the `field`.
+    string field = 2;
+
+    // Whether the select is to be interpreted as a field presence test.
+    //
+    // This results from the macro `has(request.auth)`.
+    bool test_only = 3;
+  }
+
+  // A call expression, including calls to predefined functions and operators.
+  //
+  // For example, `value == 10`, `size(map_value)`.
+  message Call {
+    // The target of an method call-style expression. For example, `x` in
+    // `x.f()`.
+    Expr target = 1;
+
+    // Required. The name of the function or method being called.
+    string function = 2;
+
+    // The arguments.
+    repeated Expr args = 3;
+  }
+
+  // A list creation expression.
+  //
+  // Lists may either be homogenous, e.g. `[1, 2, 3]`, or heterogenous, e.g.
+  // `dyn([1, 'hello', 2.0])`
+  message CreateList {
+    // The elements part of the list.
+    repeated Expr elements = 1;
+  }
+
+  // A map or message creation expression.
+  //
+  // Maps are constructed as `{'key_name': 'value'}`. Message construction is
+  // similar, but prefixed with a type name and composed of field ids:
+  // `types.MyType{field_id: 'value'}`.
+  message CreateStruct {
+    // Represents an entry.
+    message Entry {
+      // Required. An id assigned to this node by the parser which is unique
+      // in a given expression tree. This is used to associate type
+      // information and other attributes to the node.
+      int32 id = 1;
+
+      // The `Entry` key kinds.
+      oneof key_kind {
+        // The field key for a message creator statement.
+        string field_key = 2;
+
+        // The key expression for a map creation statement.
+        Expr map_key = 3;
+      }
+
+      // Required. The value assigned to the key.
+      Expr value = 4;
+    }
+
+    // The type name of the message to be created, empty when creating map
+    // literals.
+    string type = 1;
+
+    // The entries in the creation expression.
+    repeated Entry entries = 2;
+  }
+
+  // A comprehension expression applied to a list or map.
+  //
+  // Comprehensions are not part of the core syntax, but enabled with macros.
+  // A macro matches a specific call signature within a parsed AST and replaces
+  // the call with an alternate AST block. Macro expansion happens at parse
+  // time.
+  //
+  // The following macros are supported within CEL:
+  //
+  // Aggregate type macros may be applied to all elements in a list or all keys
+  // in a map:
+  //
+  // *  `all`, `exists`, `exists_one` -  test a predicate expression against
+  //    the inputs and return `true` if the predicate is satisfied for all,
+  //    any, or only one value `list.all(x, x < 10)`.
+  // *  `filter` - test a predicate expression against the inputs and return
+  //    the subset of elements which satisfy the predicate:
+  //    `payments.filter(p, p > 1000)`.
+  // *  `map` - apply an expression to all elements in the input and return the
+  //    output aggregate type: `[1, 2, 3].map(i, i * i)`.
+  //
+  // The `has(m.x)` macro tests whether the property `x` is present in struct
+  // `m`. The semantics of this macro depend on the type of `m`. For proto2
+  // messages `has(m.x)` is defined as 'defined, but not set`. For proto3, the
+  // macro tests whether the property is set to its default. For map and struct
+  // types, the macro tests whether the property `x` is defined on `m`.
+  message Comprehension {
+    // The name of the iteration variable.
+    string iter_var = 1;
+
+    // The range over which var iterates.
+    Expr iter_range = 2;
+
+    // The name of the variable used for accumulation of the result.
+    string accu_var = 3;
+
+    // The initial value of the accumulator.
+    Expr accu_init = 4;
+
+    // An expression which can contain iter_var and accu_var.
+    //
+    // Returns false when the result has been computed and may be used as
+    // a hint to short-circuit the remainder of the comprehension.
+    Expr loop_condition = 5;
+
+    // An expression which can contain iter_var and accu_var.
+    //
+    // Computes the next value of accu_var.
+    Expr loop_step = 6;
+
+    // An expression which can contain accu_var.
+    //
+    // Computes the result.
+    Expr result = 7;
+  }
+
+  // Required. An id assigned to this node by the parser which is unique in a
+  // given expression tree. This is used to associate type information and other
+  // attributes to a node in the parse tree.
+  int32 id = 2;
+
+  // Required. Variants of expressions.
+  oneof expr_kind {
+    // A literal expression.
+    Literal literal_expr = 3;
+
+    // An identifier expression.
+    Ident ident_expr = 4;
+
+    // A field selection expression, e.g. `request.auth`.
+    Select select_expr = 5;
+
+    // A call expression, including calls to predefined functions and operators.
+    Call call_expr = 6;
+
+    // A list creation expression.
+    CreateList list_expr = 7;
+
+    // A map or object creation expression.
+    CreateStruct struct_expr = 8;
+
+    // A comprehension expression.
+    Comprehension comprehension_expr = 9;
+  }
+}
+
+// Represents a primitive literal.
+//
+// This is similar to the primitives supported in the well-known type
+// `google.protobuf.Value`, but richer so it can represent CEL's full range of
+// primitives.
+//
+// Lists and structs are not included as constants as these aggregate types may
+// contain [Expr][google.api.expr.v1beta1.Expr] elements which require
+// evaluation and are thus not constant.
+//
+// Examples of literals include: `"hello"`, `b'bytes'`, `1u`, `4.2`, `-2`,
+// `true`, `null`.
+message Literal {
+  // Required. The valid constant kinds.
+  oneof constant_kind {
+    // null value.
+    google.protobuf.NullValue null_value = 1;
+
+    // boolean value.
+    bool bool_value = 2;
+
+    // int64 value.
+    int64 int64_value = 3;
+
+    // uint64 value.
+    uint64 uint64_value = 4;
+
+    // double value.
+    double double_value = 5;
+
+    // string value.
+    string string_value = 6;
+
+    // bytes value.
+    bytes bytes_value = 7;
+  }
+}

common-protos/google/api/expr/v1beta1/source.proto

@@ -0,0 +1,62 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1beta1;
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "SourceProto";
+option java_package = "com.google.api.expr.v1beta1";
+
+// Source information collected at parse time.
+message SourceInfo {
+  // The location name. All position information attached to an expression is
+  // relative to this location.
+  //
+  // The location could be a file, UI element, or similar. For example,
+  // `acme/app/AnvilPolicy.cel`.
+  string location = 2;
+
+  // Monotonically increasing list of character offsets where newlines appear.
+  //
+  // The line number of a given position is the index `i` where for a given
+  // `id` the `line_offsets[i] < id_positions[id] < line_offsets[i+1]`. The
+  // column may be derivd from `id_positions[id] - line_offsets[i]`.
+  repeated int32 line_offsets = 3;
+
+  // A map from the parse node id (e.g. `Expr.id`) to the character offset
+  // within source.
+  map<int32, int32> positions = 4;
+}
+
+// A specific position in source.
+message SourcePosition {
+  // The soucre location name (e.g. file name).
+  string location = 1;
+
+  // The character offset.
+  int32 offset = 2;
+
+  // The 1-based index of the starting line in the source text
+  // where the issue occurs, or 0 if unknown.
+  int32 line = 3;
+
+  // The 0-based index of the starting position within the line of source text
+  // where the issue occurs.  Only meaningful if line is nonzer..
+  int32 column = 4;
+}

common-protos/google/api/expr/v1beta1/value.proto

@@ -0,0 +1,114 @@
+// Copyright 2018 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api.expr.v1beta1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/struct.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr";
+option java_multiple_files = true;
+option java_outer_classname = "ValueProto";
+option java_package = "com.google.api.expr.v1beta1";
+
+// Represents a CEL value.
+//
+// This is similar to `google.protobuf.Value`, but can represent CEL's full
+// range of values.
+message Value {
+  // Required. The valid kinds of values.
+  oneof kind {
+    // Null value.
+    google.protobuf.NullValue null_value = 1;
+
+    // Boolean value.
+    bool bool_value = 2;
+
+    // Signed integer value.
+    int64 int64_value = 3;
+
+    // Unsigned integer value.
+    uint64 uint64_value = 4;
+
+    // Floating point value.
+    double double_value = 5;
+
+    // UTF-8 string value.
+    string string_value = 6;
+
+    // Byte string value.
+    bytes bytes_value = 7;
+
+    // An enum value.
+    EnumValue enum_value = 9;
+
+    // The proto message backing an object value.
+    google.protobuf.Any object_value = 10;
+
+    // Map value.
+    MapValue map_value = 11;
+
+    // List value.
+    ListValue list_value = 12;
+
+    // A Type value represented by the fully qualified name of the type.
+    string type_value = 15;
+  }
+}
+
+// An enum value.
+message EnumValue {
+  // The fully qualified name of the enum type.
+  string type = 1;
+
+  // The value of the enum.
+  int32 value = 2;
+}
+
+// A list.
+//
+// Wrapped in a message so 'not set' and empty can be differentiated, which is
+// required for use in a 'oneof'.
+message ListValue {
+  // The ordered values in the list.
+  repeated Value values = 1;
+}
+
+// A map.
+//
+// Wrapped in a message so 'not set' and empty can be differentiated, which is
+// required for use in a 'oneof'.
+message MapValue {
+  // An entry in the map.
+  message Entry {
+    // The key.
+    //
+    // Must be unique with in the map.
+    // Currently only boolean, int, uint, and string values can be keys.
+    Value key = 1;
+
+    // The value.
+    Value value = 2;
+  }
+
+  // The set of map entries.
+  //
+  // CEL has fewer restrictions on keys, so a protobuf map represenation
+  // cannot be used.
+  repeated Entry entries = 1;
+}

common-protos/google/api/field_behavior.proto

@@ -0,0 +1,79 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/protobuf/descriptor.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
+option java_multiple_files = true;
+option java_outer_classname = "FieldBehaviorProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+extend google.protobuf.FieldOptions {
+  // A designation of a specific field behavior (required, output only, etc.)
+  // in protobuf messages.
+  //
+  // Examples:
+  //
+  //   string name = 1 [(google.api.field_behavior) = REQUIRED];
+  //   State state = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+  //   google.protobuf.Duration ttl = 1
+  //     [(google.api.field_behavior) = INPUT_ONLY];
+  //   google.protobuf.Timestamp expire_time = 1
+  //     [(google.api.field_behavior) = OUTPUT_ONLY,
+  //      (google.api.field_behavior) = IMMUTABLE];
+  repeated google.api.FieldBehavior field_behavior = 1052;
+}
+
+// An indicator of the behavior of a given field (for example, that a field
+// is required in requests, or given as output but ignored as input).
+// This **does not** change the behavior in protocol buffers itself; it only
+// denotes the behavior and may affect how API tooling handles the field.
+//
+// Note: This enum **may** receive new values in the future.
+enum FieldBehavior {
+  // Conventional default for enums. Do not use this.
+  FIELD_BEHAVIOR_UNSPECIFIED = 0;
+
+  // Specifically denotes a field as optional.
+  // While all fields in protocol buffers are optional, this may be specified
+  // for emphasis if appropriate.
+  OPTIONAL = 1;
+
+  // Denotes a field as required.
+  // This indicates that the field **must** be provided as part of the request,
+  // and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
+  REQUIRED = 2;
+
+  // Denotes a field as output only.
+  // This indicates that the field is provided in responses, but including the
+  // field in a request does nothing (the server *must* ignore it and
+  // *must not* throw an error as a result of the field's presence).
+  OUTPUT_ONLY = 3;
+
+  // Denotes a field as input only.
+  // This indicates that the field is provided in requests, and the
+  // corresponding field is not included in output.
+  INPUT_ONLY = 4;
+
+  // Denotes a field as immutable.
+  // This indicates that the field may be set once in a request to create a
+  // resource, but may not be changed thereafter.
+  IMMUTABLE = 5;
+}

common-protos/google/api/http.proto

@@ -0,0 +1,376 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
+option java_multiple_files = true;
+option java_outer_classname = "HttpProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Defines the HTTP configuration for an API service. It contains a list of
+// [HttpRule][google.api.HttpRule], each specifying the mapping of an RPC method
+// to one or more HTTP REST API methods.
+message Http {
+  // A list of HTTP configuration rules that apply to individual API methods.
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated HttpRule rules = 1;
+
+  // When set to true, URL path parameters will be fully URI-decoded except in
+  // cases of single segment matches in reserved expansion, where "%2F" will be
+  // left encoded.
+  //
+  // The default behavior is to not decode RFC 6570 reserved characters in multi
+  // segment matches.
+  bool fully_decode_reserved_expansion = 2;
+}
+
+// # gRPC Transcoding
+//
+// gRPC Transcoding is a feature for mapping between a gRPC method and one or
+// more HTTP REST endpoints. It allows developers to build a single API service
+// that supports both gRPC APIs and REST APIs. Many systems, including [Google
+// APIs](https://github.com/googleapis/googleapis),
+// [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC
+// Gateway](https://github.com/grpc-ecosystem/grpc-gateway),
+// and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature
+// and use it for large scale production services.
+//
+// `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies
+// how different portions of the gRPC request message are mapped to the URL
+// path, URL query parameters, and HTTP request body. It also controls how the
+// gRPC response message is mapped to the HTTP response body. `HttpRule` is
+// typically specified as an `google.api.http` annotation on the gRPC method.
+//
+// Each mapping specifies a URL path template and an HTTP method. The path
+// template may refer to one or more fields in the gRPC request message, as long
+// as each field is a non-repeated field with a primitive (non-message) type.
+// The path template controls how fields of the request message are mapped to
+// the URL path.
+//
+// Example:
+//
+//     service Messaging {
+//       rpc GetMessage(GetMessageRequest) returns (Message) {
+//         option (google.api.http) = {
+//             get: "/v1/{name=messages/*}"
+//         };
+//       }
+//     }
+//     message GetMessageRequest {
+//       string name = 1; // Mapped to URL path.
+//     }
+//     message Message {
+//       string text = 1; // The resource content.
+//     }
+//
+// This enables an HTTP REST to gRPC mapping as below:
+//
+// HTTP | gRPC
+// -----|-----
+// `GET /v1/messages/123456`  | `GetMessage(name: "messages/123456")`
+//
+// Any fields in the request message which are not bound by the path template
+// automatically become HTTP query parameters if there is no HTTP request body.
+// For example:
+//
+//     service Messaging {
+//       rpc GetMessage(GetMessageRequest) returns (Message) {
+//         option (google.api.http) = {
+//             get:"/v1/messages/{message_id}"
+//         };
+//       }
+//     }
+//     message GetMessageRequest {
+//       message SubMessage {
+//         string subfield = 1;
+//       }
+//       string message_id = 1; // Mapped to URL path.
+//       int64 revision = 2;    // Mapped to URL query parameter `revision`.
+//       SubMessage sub = 3;    // Mapped to URL query parameter `sub.subfield`.
+//     }
+//
+// This enables a HTTP JSON to RPC mapping as below:
+//
+// HTTP | gRPC
+// -----|-----
+// `GET /v1/messages/123456?revision=2&sub.subfield=foo` |
+// `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield:
+// "foo"))`
+//
+// Note that fields which are mapped to URL query parameters must have a
+// primitive type or a repeated primitive type or a non-repeated message type.
+// In the case of a repeated type, the parameter can be repeated in the URL
+// as `...?param=A&param=B`. In the case of a message type, each field of the
+// message is mapped to a separate parameter, such as
+// `...?foo.a=A&foo.b=B&foo.c=C`.
+//
+// For HTTP methods that allow a request body, the `body` field
+// specifies the mapping. Consider a REST update method on the
+// message resource collection:
+//
+//     service Messaging {
+//       rpc UpdateMessage(UpdateMessageRequest) returns (Message) {
+//         option (google.api.http) = {
+//           patch: "/v1/messages/{message_id}"
+//           body: "message"
+//         };
+//       }
+//     }
+//     message UpdateMessageRequest {
+//       string message_id = 1; // mapped to the URL
+//       Message message = 2;   // mapped to the body
+//     }
+//
+// The following HTTP JSON to RPC mapping is enabled, where the
+// representation of the JSON in the request body is determined by
+// protos JSON encoding:
+//
+// HTTP | gRPC
+// -----|-----
+// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
+// "123456" message { text: "Hi!" })`
+//
+// The special name `*` can be used in the body mapping to define that
+// every field not bound by the path template should be mapped to the
+// request body.  This enables the following alternative definition of
+// the update method:
+//
+//     service Messaging {
+//       rpc UpdateMessage(Message) returns (Message) {
+//         option (google.api.http) = {
+//           patch: "/v1/messages/{message_id}"
+//           body: "*"
+//         };
+//       }
+//     }
+//     message Message {
+//       string message_id = 1;
+//       string text = 2;
+//     }
+//
+//
+// The following HTTP JSON to RPC mapping is enabled:
+//
+// HTTP | gRPC
+// -----|-----
+// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
+// "123456" text: "Hi!")`
+//
+// Note that when using `*` in the body mapping, it is not possible to
+// have HTTP parameters, as all fields not bound by the path end in
+// the body. This makes this option more rarely used in practice when
+// defining REST APIs. The common usage of `*` is in custom methods
+// which don't use the URL at all for transferring data.
+//
+// It is possible to define multiple HTTP methods for one RPC by using
+// the `additional_bindings` option. Example:
+//
+//     service Messaging {
+//       rpc GetMessage(GetMessageRequest) returns (Message) {
+//         option (google.api.http) = {
+//           get: "/v1/messages/{message_id}"
+//           additional_bindings {
+//             get: "/v1/users/{user_id}/messages/{message_id}"
+//           }
+//         };
+//       }
+//     }
+//     message GetMessageRequest {
+//       string message_id = 1;
+//       string user_id = 2;
+//     }
+//
+// This enables the following two alternative HTTP JSON to RPC mappings:
+//
+// HTTP | gRPC
+// -----|-----
+// `GET /v1/messages/123456` | `GetMessage(message_id: "123456")`
+// `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id:
+// "123456")`
+//
+// ## Rules for HTTP mapping
+//
+// 1. Leaf request fields (recursive expansion nested messages in the request
+//    message) are classified into three categories:
+//    - Fields referred by the path template. They are passed via the URL path.
+//    - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They are passed via the HTTP
+//      request body.
+//    - All other fields are passed via the URL query parameters, and the
+//      parameter name is the field path in the request message. A repeated
+//      field can be represented as multiple query parameters under the same
+//      name.
+//  2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL query parameter, all fields
+//     are passed via URL path and HTTP request body.
+//  3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP request body, all
+//     fields are passed via URL path and URL query parameters.
+//
+// ### Path template syntax
+//
+//     Template = "/" Segments [ Verb ] ;
+//     Segments = Segment { "/" Segment } ;
+//     Segment  = "*" | "**" | LITERAL | Variable ;
+//     Variable = "{" FieldPath [ "=" Segments ] "}" ;
+//     FieldPath = IDENT { "." IDENT } ;
+//     Verb     = ":" LITERAL ;
+//
+// The syntax `*` matches a single URL path segment. The syntax `**` matches
+// zero or more URL path segments, which must be the last part of the URL path
+// except the `Verb`.
+//
+// The syntax `Variable` matches part of the URL path as specified by its
+// template. A variable template must not contain other variables. If a variable
+// matches a single path segment, its template may be omitted, e.g. `{var}`
+// is equivalent to `{var=*}`.
+//
+// The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL`
+// contains any reserved character, such characters should be percent-encoded
+// before the matching.
+//
+// If a variable contains exactly one path segment, such as `"{var}"` or
+// `"{var=*}"`, when such a variable is expanded into a URL path on the client
+// side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The
+// server side does the reverse decoding. Such variables show up in the
+// [Discovery
+// Document](https://developers.google.com/discovery/v1/reference/apis) as
+// `{var}`.
+//
+// If a variable contains multiple path segments, such as `"{var=foo/*}"`
+// or `"{var=**}"`, when such a variable is expanded into a URL path on the
+// client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded.
+// The server side does the reverse decoding, except "%2F" and "%2f" are left
+// unchanged. Such variables show up in the
+// [Discovery
+// Document](https://developers.google.com/discovery/v1/reference/apis) as
+// `{+var}`.
+//
+// ## Using gRPC API Service Configuration
+//
+// gRPC API Service Configuration (service config) is a configuration language
+// for configuring a gRPC service to become a user-facing product. The
+// service config is simply the YAML representation of the `google.api.Service`
+// proto message.
+//
+// As an alternative to annotating your proto file, you can configure gRPC
+// transcoding in your service config YAML files. You do this by specifying a
+// `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same
+// effect as the proto annotation. This can be particularly useful if you
+// have a proto that is reused in multiple services. Note that any transcoding
+// specified in the service config will override any matching transcoding
+// configuration in the proto.
+//
+// Example:
+//
+//     http:
+//       rules:
+//         # Selects a gRPC method and applies HttpRule to it.
+//         - selector: example.v1.Messaging.GetMessage
+//           get: /v1/messages/{message_id}/{sub.subfield}
+//
+// ## Special notes
+//
+// When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the
+// proto to JSON conversion must follow the [proto3
+// specification](https://developers.google.com/protocol-buffers/docs/proto3#json).
+//
+// While the single segment variable follows the semantics of
+// [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String
+// Expansion, the multi segment variable **does not** follow RFC 6570 Section
+// 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion
+// does not expand special characters like `?` and `#`, which would lead
+// to invalid URLs. As the result, gRPC Transcoding uses a custom encoding
+// for multi segment variables.
+//
+// The path variables **must not** refer to any repeated or mapped field,
+// because client libraries are not capable of handling such variable expansion.
+//
+// The path variables **must not** capture the leading "/" character. The reason
+// is that the most common use case "{var}" does not capture the leading "/"
+// character. For consistency, all path variables must share the same behavior.
+//
+// Repeated message fields must not be mapped to URL query parameters, because
+// no client library can support such complicated mapping.
+//
+// If an API needs to use a JSON array for request or response body, it can map
+// the request or response body to a repeated field. However, some gRPC
+// Transcoding implementations may not support this feature.
+message HttpRule {
+  // Selects a method to which this rule applies.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // Determines the URL pattern is matched by this rules. This pattern can be
+  // used with any of the {get|put|post|delete|patch} methods. A custom method
+  // can be defined using the 'custom' field.
+  oneof pattern {
+    // Maps to HTTP GET. Used for listing and getting information about
+    // resources.
+    string get = 2;
+
+    // Maps to HTTP PUT. Used for replacing a resource.
+    string put = 3;
+
+    // Maps to HTTP POST. Used for creating a resource or performing an action.
+    string post = 4;
+
+    // Maps to HTTP DELETE. Used for deleting a resource.
+    string delete = 5;
+
+    // Maps to HTTP PATCH. Used for updating a resource.
+    string patch = 6;
+
+    // The custom pattern is used for specifying an HTTP method that is not
+    // included in the `pattern` field, such as HEAD, or "*" to leave the
+    // HTTP method unspecified for this rule. The wild-card rule is useful
+    // for services that provide content to Web (HTML) clients.
+    CustomHttpPattern custom = 8;
+  }
+
+  // The name of the request field whose value is mapped to the HTTP request
+  // body, or `*` for mapping all request fields not captured by the path
+  // pattern to the HTTP body, or omitted for not having any HTTP request body.
+  //
+  // NOTE: the referred field must be present at the top-level of the request
+  // message type.
+  string body = 7;
+
+  // Optional. The name of the response field whose value is mapped to the HTTP
+  // response body. When omitted, the entire response message will be used
+  // as the HTTP response body.
+  //
+  // NOTE: The referred field must be present at the top-level of the response
+  // message type.
+  string response_body = 12;
+
+  // Additional HTTP bindings for the selector. Nested bindings must
+  // not contain an `additional_bindings` field themselves (that is,
+  // the nesting may only be one level deep).
+  repeated HttpRule additional_bindings = 11;
+}
+
+// A custom pattern is used for defining custom HTTP verb.
+message CustomHttpPattern {
+  // The name of this custom HTTP verb.
+  string kind = 1;
+
+  // The path matched by this custom verb.
+  string path = 2;
+}

common-protos/google/api/httpbody.proto

@@ -0,0 +1,78 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/protobuf/any.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/httpbody;httpbody";
+option java_multiple_files = true;
+option java_outer_classname = "HttpBodyProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Message that represents an arbitrary HTTP body. It should only be used for
+// payload formats that can't be represented as JSON, such as raw binary or
+// an HTML page.
+//
+//
+// This message can be used both in streaming and non-streaming API methods in
+// the request as well as the response.
+//
+// It can be used as a top-level request field, which is convenient if one
+// wants to extract parameters from either the URL or HTTP template into the
+// request fields and also want access to the raw HTTP body.
+//
+// Example:
+//
+//     message GetResourceRequest {
+//       // A unique request id.
+//       string request_id = 1;
+//
+//       // The raw HTTP body is bound to this field.
+//       google.api.HttpBody http_body = 2;
+//     }
+//
+//     service ResourceService {
+//       rpc GetResource(GetResourceRequest) returns (google.api.HttpBody);
+//       rpc UpdateResource(google.api.HttpBody) returns
+//       (google.protobuf.Empty);
+//     }
+//
+// Example with streaming methods:
+//
+//     service CaldavService {
+//       rpc GetCalendar(stream google.api.HttpBody)
+//         returns (stream google.api.HttpBody);
+//       rpc UpdateCalendar(stream google.api.HttpBody)
+//         returns (stream google.api.HttpBody);
+//     }
+//
+// Use of this type only changes how the request and response bodies are
+// handled, all other features will continue to work unchanged.
+message HttpBody {
+  // The HTTP Content-Type header value specifying the content type of the body.
+  string content_type = 1;
+
+  // The HTTP request/response body as raw binary.
+  bytes data = 2;
+
+  // Application specific response metadata. Must be set in the first response
+  // for streaming APIs.
+  repeated google.protobuf.Any extensions = 3;
+}

common-protos/google/api/label.proto

@@ -0,0 +1,49 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/label;label";
+option java_multiple_files = true;
+option java_outer_classname = "LabelProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// A description of a label.
+message LabelDescriptor {
+  // Value types that can be used as label values.
+  enum ValueType {
+    // A variable-length string. This is the default.
+    STRING = 0;
+
+    // Boolean; true or false.
+    BOOL = 1;
+
+    // A 64-bit signed integer.
+    INT64 = 2;
+  }
+
+  // The label key.
+  string key = 1;
+
+  // The type of data that can be assigned to the label.
+  ValueType value_type = 2;
+
+  // A human-readable description for the label.
+  string description = 3;
+}

common-protos/google/api/launch_stage.proto

@@ -0,0 +1,67 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api;api";
+option java_multiple_files = true;
+option java_outer_classname = "LaunchStageProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// The launch stage as defined by [Google Cloud Platform
+// Launch Stages](http://cloud.google.com/terms/launch-stages).
+enum LaunchStage {
+  // Do not use this default value.
+  LAUNCH_STAGE_UNSPECIFIED = 0;
+
+  // Early Access features are limited to a closed group of testers. To use
+  // these features, you must sign up in advance and sign a Trusted Tester
+  // agreement (which includes confidentiality provisions). These features may
+  // be unstable, changed in backward-incompatible ways, and are not
+  // guaranteed to be released.
+  EARLY_ACCESS = 1;
+
+  // Alpha is a limited availability test for releases before they are cleared
+  // for widespread use. By Alpha, all significant design issues are resolved
+  // and we are in the process of verifying functionality. Alpha customers
+  // need to apply for access, agree to applicable terms, and have their
+  // projects whitelisted. Alpha releases don’t have to be feature complete,
+  // no SLAs are provided, and there are no technical support obligations, but
+  // they will be far enough along that customers can actually use them in
+  // test environments or for limited-use tests -- just like they would in
+  // normal production cases.
+  ALPHA = 2;
+
+  // Beta is the point at which we are ready to open a release for any
+  // customer to use. There are no SLA or technical support obligations in a
+  // Beta release. Products will be complete from a feature perspective, but
+  // may have some open outstanding issues. Beta releases are suitable for
+  // limited production use cases.
+  BETA = 3;
+
+  // GA features are open to all developers and are considered stable and
+  // fully qualified for production use.
+  GA = 4;
+
+  // Deprecated features are scheduled to be shut down and removed. For more
+  // information, see the “Deprecation Policy” section of our [Terms of
+  // Service](https://cloud.google.com/terms/)
+  // and the [Google Cloud Platform Subject to the Deprecation
+  // Policy](https://cloud.google.com/terms/deprecation) documentation.
+  DEPRECATED = 5;
+}

common-protos/google/api/log.proto

@@ -0,0 +1,55 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/api/label.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "LogProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// A description of a log type. Example in YAML format:
+//
+//     - name: library.googleapis.com/activity_history
+//       description: The history of borrowing and returning library items.
+//       display_name: Activity
+//       labels:
+//       - key: /customer_id
+//         description: Identifier of a library customer
+message LogDescriptor {
+  // The name of the log. It must be less than 512 characters long and can
+  // include the following characters: upper- and lower-case alphanumeric
+  // characters [A-Za-z0-9], and punctuation characters including
+  // slash, underscore, hyphen, period [/_-.].
+  string name = 1;
+
+  // The set of labels that are available to describe a specific log entry.
+  // Runtime requests that contain labels not specified here are
+  // considered invalid.
+  repeated LabelDescriptor labels = 2;
+
+  // A human-readable description of this log. This information appears in
+  // the documentation and can contain details.
+  string description = 3;
+
+  // The human-readable name for this log. This information appears on
+  // the user interface and should be concise.
+  string display_name = 4;
+}

common-protos/google/api/logging.proto

@@ -0,0 +1,81 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "LoggingProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Logging configuration of the service.
+//
+// The following example shows how to configure logs to be sent to the
+// producer and consumer projects. In the example, the `activity_history`
+// log is sent to both the producer and consumer projects, whereas the
+// `purchase_history` log is only sent to the producer project.
+//
+//     monitored_resources:
+//     - type: library.googleapis.com/branch
+//       labels:
+//       - key: /city
+//         description: The city where the library branch is located in.
+//       - key: /name
+//         description: The name of the branch.
+//     logs:
+//     - name: activity_history
+//       labels:
+//       - key: /customer_id
+//     - name: purchase_history
+//     logging:
+//       producer_destinations:
+//       - monitored_resource: library.googleapis.com/branch
+//         logs:
+//         - activity_history
+//         - purchase_history
+//       consumer_destinations:
+//       - monitored_resource: library.googleapis.com/branch
+//         logs:
+//         - activity_history
+message Logging {
+  // Configuration of a specific logging destination (the producer project
+  // or the consumer project).
+  message LoggingDestination {
+    // The monitored resource type. The type must be defined in the
+    // [Service.monitored_resources][google.api.Service.monitored_resources] section.
+    string monitored_resource = 3;
+
+    // Names of the logs to be sent to this destination. Each name must
+    // be defined in the [Service.logs][google.api.Service.logs] section. If the log name is
+    // not a domain scoped name, it will be automatically prefixed with
+    // the service name followed by "/".
+    repeated string logs = 1;
+  }
+
+  // Logging configurations for sending logs to the producer project.
+  // There can be multiple producer destinations, each one must have a
+  // different monitored resource type. A log can be used in at most
+  // one producer destination.
+  repeated LoggingDestination producer_destinations = 1;
+
+  // Logging configurations for sending logs to the consumer project.
+  // There can be multiple consumer destinations, each one must have a
+  // different monitored resource type. A log can be used in at most
+  // one consumer destination.
+  repeated LoggingDestination consumer_destinations = 2;
+}

common-protos/google/api/metric.proto

@@ -0,0 +1,219 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/api/label.proto";
+import "google/api/launch_stage.proto";
+import "google/protobuf/duration.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/metric;metric";
+option java_multiple_files = true;
+option java_outer_classname = "MetricProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Defines a metric type and its schema. Once a metric descriptor is created,
+// deleting or altering it stops data collection and makes the metric type's
+// existing data unusable.
+message MetricDescriptor {
+  // Additional annotations that can be used to guide the usage of a metric.
+  message MetricDescriptorMetadata {
+    // Deprecated. Please use the MetricDescriptor.launch_stage instead.
+    // The launch stage of the metric definition.
+    LaunchStage launch_stage = 1 [deprecated = true];
+
+    // The sampling period of metric data points. For metrics which are written
+    // periodically, consecutive data points are stored at this time interval,
+    // excluding data loss due to errors. Metrics with a higher granularity have
+    // a smaller sampling period.
+    google.protobuf.Duration sample_period = 2;
+
+    // The delay of data points caused by ingestion. Data points older than this
+    // age are guaranteed to be ingested and available to be read, excluding
+    // data loss due to errors.
+    google.protobuf.Duration ingest_delay = 3;
+  }
+
+  // The kind of measurement. It describes how the data is reported.
+  enum MetricKind {
+    // Do not use this default value.
+    METRIC_KIND_UNSPECIFIED = 0;
+
+    // An instantaneous measurement of a value.
+    GAUGE = 1;
+
+    // The change in a value during a time interval.
+    DELTA = 2;
+
+    // A value accumulated over a time interval.  Cumulative
+    // measurements in a time series should have the same start time
+    // and increasing end times, until an event resets the cumulative
+    // value to zero and sets a new start time for the following
+    // points.
+    CUMULATIVE = 3;
+  }
+
+  // The value type of a metric.
+  enum ValueType {
+    // Do not use this default value.
+    VALUE_TYPE_UNSPECIFIED = 0;
+
+    // The value is a boolean.
+    // This value type can be used only if the metric kind is `GAUGE`.
+    BOOL = 1;
+
+    // The value is a signed 64-bit integer.
+    INT64 = 2;
+
+    // The value is a double precision floating point number.
+    DOUBLE = 3;
+
+    // The value is a text string.
+    // This value type can be used only if the metric kind is `GAUGE`.
+    STRING = 4;
+
+    // The value is a [`Distribution`][google.api.Distribution].
+    DISTRIBUTION = 5;
+
+    // The value is money.
+    MONEY = 6;
+  }
+
+  // The resource name of the metric descriptor.
+  string name = 1;
+
+  // The metric type, including its DNS name prefix. The type is not
+  // URL-encoded.  All user-defined metric types have the DNS name
+  // `custom.googleapis.com` or `external.googleapis.com`.  Metric types should
+  // use a natural hierarchical grouping. For example:
+  //
+  //     "custom.googleapis.com/invoice/paid/amount"
+  //     "external.googleapis.com/prometheus/up"
+  //     "appengine.googleapis.com/http/server/response_latencies"
+  string type = 8;
+
+  // The set of labels that can be used to describe a specific
+  // instance of this metric type. For example, the
+  // `appengine.googleapis.com/http/server/response_latencies` metric
+  // type has a label for the HTTP response code, `response_code`, so
+  // you can look at latencies for successful responses or just
+  // for responses that failed.
+  repeated LabelDescriptor labels = 2;
+
+  // Whether the metric records instantaneous values, changes to a value, etc.
+  // Some combinations of `metric_kind` and `value_type` might not be supported.
+  MetricKind metric_kind = 3;
+
+  // Whether the measurement is an integer, a floating-point number, etc.
+  // Some combinations of `metric_kind` and `value_type` might not be supported.
+  ValueType value_type = 4;
+
+  // The unit in which the metric value is reported. It is only applicable
+  // if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The
+  // supported units are a subset of [The Unified Code for Units of
+  // Measure](http://unitsofmeasure.org/ucum.html) standard:
+  //
+  // **Basic units (UNIT)**
+  //
+  // * `bit`   bit
+  // * `By`    byte
+  // * `s`     second
+  // * `min`   minute
+  // * `h`     hour
+  // * `d`     day
+  //
+  // **Prefixes (PREFIX)**
+  //
+  // * `k`     kilo    (10**3)
+  // * `M`     mega    (10**6)
+  // * `G`     giga    (10**9)
+  // * `T`     tera    (10**12)
+  // * `P`     peta    (10**15)
+  // * `E`     exa     (10**18)
+  // * `Z`     zetta   (10**21)
+  // * `Y`     yotta   (10**24)
+  // * `m`     milli   (10**-3)
+  // * `u`     micro   (10**-6)
+  // * `n`     nano    (10**-9)
+  // * `p`     pico    (10**-12)
+  // * `f`     femto   (10**-15)
+  // * `a`     atto    (10**-18)
+  // * `z`     zepto   (10**-21)
+  // * `y`     yocto   (10**-24)
+  // * `Ki`    kibi    (2**10)
+  // * `Mi`    mebi    (2**20)
+  // * `Gi`    gibi    (2**30)
+  // * `Ti`    tebi    (2**40)
+  //
+  // **Grammar**
+  //
+  // The grammar also includes these connectors:
+  //
+  // * `/`    division (as an infix operator, e.g. `1/s`).
+  // * `.`    multiplication (as an infix operator, e.g. `GBy.d`)
+  //
+  // The grammar for a unit is as follows:
+  //
+  //     Expression = Component { "." Component } { "/" Component } ;
+  //
+  //     Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ]
+  //               | Annotation
+  //               | "1"
+  //               ;
+  //
+  //     Annotation = "{" NAME "}" ;
+  //
+  // Notes:
+  //
+  // * `Annotation` is just a comment if it follows a `UNIT` and is
+  //    equivalent to `1` if it is used alone. For examples,
+  //    `{requests}/s == 1/s`, `By{transmitted}/s == By/s`.
+  // * `NAME` is a sequence of non-blank printable ASCII characters not
+  //    containing '{' or '}'.
+  // * `1` represents dimensionless value 1, such as in `1/s`.
+  // * `%` represents dimensionless value 1/100, and annotates values giving
+  //    a percentage.
+  string unit = 5;
+
+  // A detailed description of the metric, which can be used in documentation.
+  string description = 6;
+
+  // A concise name for the metric, which can be displayed in user interfaces.
+  // Use sentence case without an ending period, for example "Request count".
+  // This field is optional but it is recommended to be set for any metrics
+  // associated with user-visible concepts, such as Quota.
+  string display_name = 7;
+
+  // Optional. Metadata which can be used to guide usage of the metric.
+  MetricDescriptorMetadata metadata = 10;
+
+  // Optional. The launch stage of the metric definition.
+  LaunchStage launch_stage = 12;
+}
+
+// A specific metric, identified by specifying values for all of the
+// labels of a [`MetricDescriptor`][google.api.MetricDescriptor].
+message Metric {
+  // An existing metric type, see [google.api.MetricDescriptor][google.api.MetricDescriptor].
+  // For example, `custom.googleapis.com/invoice/paid/amount`.
+  string type = 3;
+
+  // The set of label values that uniquely identify this metric. All
+  // labels listed in the `MetricDescriptor` must be assigned values.
+  map<string, string> labels = 2;
+}

common-protos/google/api/monitored_resource.proto

@@ -0,0 +1,119 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/api/label.proto";
+import "google/api/launch_stage.proto";
+import "google/protobuf/struct.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/monitoredres;monitoredres";
+option java_multiple_files = true;
+option java_outer_classname = "MonitoredResourceProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// An object that describes the schema of a [MonitoredResource][google.api.MonitoredResource] object using a
+// type name and a set of labels.  For example, the monitored resource
+// descriptor for Google Compute Engine VM instances has a type of
+// `"gce_instance"` and specifies the use of the labels `"instance_id"` and
+// `"zone"` to identify particular VM instances.
+//
+// Different APIs can support different monitored resource types. APIs generally
+// provide a `list` method that returns the monitored resource descriptors used
+// by the API.
+message MonitoredResourceDescriptor {
+  // Optional. The resource name of the monitored resource descriptor:
+  // `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where
+  // {type} is the value of the `type` field in this object and
+  // {project_id} is a project ID that provides API-specific context for
+  // accessing the type.  APIs that do not use project information can use the
+  // resource name format `"monitoredResourceDescriptors/{type}"`.
+  string name = 5;
+
+  // Required. The monitored resource type. For example, the type
+  // `"cloudsql_database"` represents databases in Google Cloud SQL.
+  // The maximum length of this value is 256 characters.
+  string type = 1;
+
+  // Optional. A concise name for the monitored resource type that might be
+  // displayed in user interfaces. It should be a Title Cased Noun Phrase,
+  // without any article or other determiners. For example,
+  // `"Google Cloud SQL Database"`.
+  string display_name = 2;
+
+  // Optional. A detailed description of the monitored resource type that might
+  // be used in documentation.
+  string description = 3;
+
+  // Required. A set of labels used to describe instances of this monitored
+  // resource type. For example, an individual Google Cloud SQL database is
+  // identified by values for the labels `"database_id"` and `"zone"`.
+  repeated LabelDescriptor labels = 4;
+
+  // Optional. The launch stage of the monitored resource definition.
+  LaunchStage launch_stage = 7;
+}
+
+// An object representing a resource that can be used for monitoring, logging,
+// billing, or other purposes. Examples include virtual machine instances,
+// databases, and storage devices such as disks. The `type` field identifies a
+// [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object that describes the resource's
+// schema. Information in the `labels` field identifies the actual resource and
+// its attributes according to the schema. For example, a particular Compute
+// Engine VM instance could be represented by the following object, because the
+// [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] for `"gce_instance"` has labels
+// `"instance_id"` and `"zone"`:
+//
+//     { "type": "gce_instance",
+//       "labels": { "instance_id": "12345678901234",
+//                   "zone": "us-central1-a" }}
+message MonitoredResource {
+  // Required. The monitored resource type. This field must match
+  // the `type` field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object. For
+  // example, the type of a Compute Engine VM instance is `gce_instance`.
+  string type = 1;
+
+  // Required. Values for all of the labels listed in the associated monitored
+  // resource descriptor. For example, Compute Engine VM instances use the
+  // labels `"project_id"`, `"instance_id"`, and `"zone"`.
+  map<string, string> labels = 2;
+}
+
+// Auxiliary metadata for a [MonitoredResource][google.api.MonitoredResource] object.
+// [MonitoredResource][google.api.MonitoredResource] objects contain the minimum set of information to
+// uniquely identify a monitored resource instance. There is some other useful
+// auxiliary metadata. Monitoring and Logging use an ingestion
+// pipeline to extract metadata for cloud resources of all types, and store
+// the metadata in this message.
+message MonitoredResourceMetadata {
+  // Output only. Values for predefined system metadata labels.
+  // System labels are a kind of metadata extracted by Google, including
+  // "machine_image", "vpc", "subnet_id",
+  // "security_group", "name", etc.
+  // System label values can be only strings, Boolean values, or a list of
+  // strings. For example:
+  //
+  //     { "name": "my-test-instance",
+  //       "security_group": ["a", "b", "c"],
+  //       "spot_instance": false }
+  google.protobuf.Struct system_labels = 1;
+
+  // Output only. A map of user-defined metadata labels.
+  map<string, string> user_labels = 2;
+}

common-protos/google/api/monitoring.proto

@@ -0,0 +1,91 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "MonitoringProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Monitoring configuration of the service.
+//
+// The example below shows how to configure monitored resources and metrics
+// for monitoring. In the example, a monitored resource and two metrics are
+// defined. The `library.googleapis.com/book/returned_count` metric is sent
+// to both producer and consumer projects, whereas the
+// `library.googleapis.com/book/overdue_count` metric is only sent to the
+// consumer project.
+//
+//     monitored_resources:
+//     - type: library.googleapis.com/branch
+//       labels:
+//       - key: /city
+//         description: The city where the library branch is located in.
+//       - key: /name
+//         description: The name of the branch.
+//     metrics:
+//     - name: library.googleapis.com/book/returned_count
+//       metric_kind: DELTA
+//       value_type: INT64
+//       labels:
+//       - key: /customer_id
+//     - name: library.googleapis.com/book/overdue_count
+//       metric_kind: GAUGE
+//       value_type: INT64
+//       labels:
+//       - key: /customer_id
+//     monitoring:
+//       producer_destinations:
+//       - monitored_resource: library.googleapis.com/branch
+//         metrics:
+//         - library.googleapis.com/book/returned_count
+//       consumer_destinations:
+//       - monitored_resource: library.googleapis.com/branch
+//         metrics:
+//         - library.googleapis.com/book/returned_count
+//         - library.googleapis.com/book/overdue_count
+message Monitoring {
+  // Configuration of a specific monitoring destination (the producer project
+  // or the consumer project).
+  message MonitoringDestination {
+    // The monitored resource type. The type must be defined in
+    // [Service.monitored_resources][google.api.Service.monitored_resources] section.
+    string monitored_resource = 1;
+
+    // Types of the metrics to report to this monitoring destination.
+    // Each type must be defined in [Service.metrics][google.api.Service.metrics] section.
+    repeated string metrics = 2;
+  }
+
+  // Monitoring configurations for sending metrics to the producer project.
+  // There can be multiple producer destinations. A monitored resouce type may
+  // appear in multiple monitoring destinations if different aggregations are
+  // needed for different sets of metrics associated with that monitored
+  // resource type. A monitored resource and metric pair may only be used once
+  // in the Monitoring configuration.
+  repeated MonitoringDestination producer_destinations = 1;
+
+  // Monitoring configurations for sending metrics to the consumer project.
+  // There can be multiple consumer destinations. A monitored resouce type may
+  // appear in multiple monitoring destinations if different aggregations are
+  // needed for different sets of metrics associated with that monitored
+  // resource type. A monitored resource and metric pair may only be used once
+  // in the Monitoring configuration.
+  repeated MonitoringDestination consumer_destinations = 2;
+}

common-protos/google/api/quota.proto

@@ -0,0 +1,187 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "QuotaProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Quota configuration helps to achieve fairness and budgeting in service
+// usage.
+//
+// The metric based quota configuration works this way:
+// - The service configuration defines a set of metrics.
+// - For API calls, the quota.metric_rules maps methods to metrics with
+//   corresponding costs.
+// - The quota.limits defines limits on the metrics, which will be used for
+//   quota checks at runtime.
+//
+// An example quota configuration in yaml format:
+//
+//    quota:
+//      limits:
+//
+//      - name: apiWriteQpsPerProject
+//        metric: library.googleapis.com/write_calls
+//        unit: "1/min/{project}"  # rate limit for consumer projects
+//        values:
+//          STANDARD: 10000
+//
+//
+//      # The metric rules bind all methods to the read_calls metric,
+//      # except for the UpdateBook and DeleteBook methods. These two methods
+//      # are mapped to the write_calls metric, with the UpdateBook method
+//      # consuming at twice rate as the DeleteBook method.
+//      metric_rules:
+//      - selector: "*"
+//        metric_costs:
+//          library.googleapis.com/read_calls: 1
+//      - selector: google.example.library.v1.LibraryService.UpdateBook
+//        metric_costs:
+//          library.googleapis.com/write_calls: 2
+//      - selector: google.example.library.v1.LibraryService.DeleteBook
+//        metric_costs:
+//          library.googleapis.com/write_calls: 1
+//
+//  Corresponding Metric definition:
+//
+//      metrics:
+//      - name: library.googleapis.com/read_calls
+//        display_name: Read requests
+//        metric_kind: DELTA
+//        value_type: INT64
+//
+//      - name: library.googleapis.com/write_calls
+//        display_name: Write requests
+//        metric_kind: DELTA
+//        value_type: INT64
+//
+//
+message Quota {
+  // List of `QuotaLimit` definitions for the service.
+  repeated QuotaLimit limits = 3;
+
+  // List of `MetricRule` definitions, each one mapping a selected method to one
+  // or more metrics.
+  repeated MetricRule metric_rules = 4;
+}
+
+// Bind API methods to metrics. Binding a method to a metric causes that
+// metric's configured quota behaviors to apply to the method call.
+message MetricRule {
+  // Selects the methods to which this rule applies.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // Metrics to update when the selected methods are called, and the associated
+  // cost applied to each metric.
+  //
+  // The key of the map is the metric name, and the values are the amount
+  // increased for the metric against which the quota limits are defined.
+  // The value must not be negative.
+  map<string, int64> metric_costs = 2;
+}
+
+// `QuotaLimit` defines a specific limit that applies over a specified duration
+// for a limit type. There can be at most one limit for a duration and limit
+// type combination defined within a `QuotaGroup`.
+message QuotaLimit {
+  // Name of the quota limit.
+  //
+  // The name must be provided, and it must be unique within the service. The
+  // name can only include alphanumeric characters as well as '-'.
+  //
+  // The maximum length of the limit name is 64 characters.
+  string name = 6;
+
+  // Optional. User-visible, extended description for this quota limit.
+  // Should be used only when more context is needed to understand this limit
+  // than provided by the limit's display name (see: `display_name`).
+  string description = 2;
+
+  // Default number of tokens that can be consumed during the specified
+  // duration. This is the number of tokens assigned when a client
+  // application developer activates the service for his/her project.
+  //
+  // Specifying a value of 0 will block all requests. This can be used if you
+  // are provisioning quota to selected consumers and blocking others.
+  // Similarly, a value of -1 will indicate an unlimited quota. No other
+  // negative values are allowed.
+  //
+  // Used by group-based quotas only.
+  int64 default_limit = 3;
+
+  // Maximum number of tokens that can be consumed during the specified
+  // duration. Client application developers can override the default limit up
+  // to this maximum. If specified, this value cannot be set to a value less
+  // than the default limit. If not specified, it is set to the default limit.
+  //
+  // To allow clients to apply overrides with no upper bound, set this to -1,
+  // indicating unlimited maximum quota.
+  //
+  // Used by group-based quotas only.
+  int64 max_limit = 4;
+
+  // Free tier value displayed in the Developers Console for this limit.
+  // The free tier is the number of tokens that will be subtracted from the
+  // billed amount when billing is enabled.
+  // This field can only be set on a limit with duration "1d", in a billable
+  // group; it is invalid on any other limit. If this field is not set, it
+  // defaults to 0, indicating that there is no free tier for this service.
+  //
+  // Used by group-based quotas only.
+  int64 free_tier = 7;
+
+  // Duration of this limit in textual notation. Example: "100s", "24h", "1d".
+  // For duration longer than a day, only multiple of days is supported. We
+  // support only "100s" and "1d" for now. Additional support will be added in
+  // the future. "0" indicates indefinite duration.
+  //
+  // Used by group-based quotas only.
+  string duration = 5;
+
+  // The name of the metric this quota limit applies to. The quota limits with
+  // the same metric will be checked together during runtime. The metric must be
+  // defined within the service config.
+  string metric = 8;
+
+  // Specify the unit of the quota limit. It uses the same syntax as
+  // [Metric.unit][]. The supported unit kinds are determined by the quota
+  // backend system.
+  //
+  // Here are some examples:
+  // * "1/min/{project}" for quota per minute per project.
+  //
+  // Note: the order of unit components is insignificant.
+  // The "1" at the beginning is required to follow the metric unit syntax.
+  string unit = 9;
+
+  // Tiered limit values. You must specify this as a key:value pair, with an
+  // integer value that is the maximum number of requests allowed for the
+  // specified unit. Currently only STANDARD is supported.
+  map<string, int64> values = 10;
+
+  // User-visible display name for this limit.
+  // Optional. If not set, the UI will provide a default display name based on
+  // the quota configuration. This field can be used to override the default
+  // display name generated from the configuration.
+  string display_name = 12;
+}

common-protos/google/api/resource.proto

@@ -0,0 +1,175 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/protobuf/descriptor.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
+option java_multiple_files = true;
+option java_outer_classname = "ResourceProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+extend google.protobuf.FieldOptions {
+  // An annotation that describes a resource reference.
+  //
+  // Example:
+  //
+  //   message Subscription {
+  //     string topic = 2 [(google.api.resource_reference) = {
+  //       type: "pubsub.googleapis.com/Topic"
+  //     }];
+  //   }
+  google.api.ResourceReference resource_reference = 1055;
+}
+
+extend google.protobuf.MessageOptions {
+  // An annotation that describes a resource definition.
+  //
+  // Example:
+  //
+  //     message Topic {
+  //       option (google.api.resource) = {
+  //         type: "pubsub.googleapis.com/Topic"
+  //         pattern: "projects/{project}/topics/{topic}"
+  //       };
+  //     }
+  google.api.ResourceDescriptor resource = 1053;
+}
+
+// A simple descriptor of a resource type.
+//
+// ResourceDescriptor annotates a resource message (either by means of a
+// protobuf annotation or use in the service config), and associates the
+// resource's schema, the resource type, and the pattern of the resource name.
+//
+// Example:
+//
+//   message Topic {
+//     // Indicates this message defines a resource schema.
+//     // Declares the resource type in the format of {service}/{kind}.
+//     // For Kubernetes resources, the format is {api group}/{kind}.
+//     option (google.api.resource) = {
+//       type: "pubsub.googleapis.com/Topic"
+//       pattern: "projects/{project}/topics/{topic}"
+//     };
+//   }
+//
+// Sometimes, resources have multiple patterns, typically because they can
+// live under multiple parents.
+//
+// Example:
+//
+//   message LogEntry {
+//     option (google.api.resource) = {
+//       type: "logging.googleapis.com/LogEntry"
+//       pattern: "projects/{project}/logs/{log}"
+//       pattern: "organizations/{organization}/logs/{log}"
+//       pattern: "folders/{folder}/logs/{log}"
+//       pattern: "billingAccounts/{billing_account}/logs/{log}"
+//     };
+//   }
+message ResourceDescriptor {
+  // A description of the historical or future-looking state of the
+  // resource pattern.
+  enum History {
+    // The "unset" value.
+    HISTORY_UNSPECIFIED = 0;
+
+    // The resource originally had one pattern and launched as such, and
+    // additional patterns were added later.
+    ORIGINALLY_SINGLE_PATTERN = 1;
+
+    // The resource has one pattern, but the API owner expects to add more
+    // later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
+    // that from being necessary once there are multiple patterns.)
+    FUTURE_MULTI_PATTERN = 2;
+  }
+
+  // The resource type. It must be in the format of
+  // {service_name}/{resource_type_kind}. The `resource_type_kind` must be
+  // singular and must not include version numbers.
+  //
+  // Example: `storage.googleapis.com/Bucket`
+  //
+  // The value of the resource_type_kind must follow the regular expression
+  // /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
+  // should use PascalCase (UpperCamelCase). The maximum number of
+  // characters allowed for the `resource_type_kind` is 100.
+  string type = 1;
+
+  // Optional. The valid resource name pattern(s) for this resource type.
+  //
+  // Examples:
+  //   - "projects/{project}/topics/{topic}"
+  //   - "projects/{project}/knowledgeBases/{knowledge_base}"
+  //
+  // The components in braces correspond to the IDs for each resource in the
+  // hierarchy. It is expected that, if multiple patterns are provided,
+  // the same component name (e.g. "project") refers to IDs of the same
+  // type of resource.
+  repeated string pattern = 2;
+
+  // Optional. The field on the resource that designates the resource name
+  // field. If omitted, this is assumed to be "name".
+  string name_field = 3;
+
+  // Optional. The historical or future-looking state of the resource pattern.
+  //
+  // Example:
+  //   // The InspectTemplate message originally only supported resource
+  //   // names with organization, and project was added later.
+  //   message InspectTemplate {
+  //     option (google.api.resource) = {
+  //       type: "dlp.googleapis.com/InspectTemplate"
+  //       pattern:
+  //       "organizations/{organization}/inspectTemplates/{inspect_template}"
+  //       pattern: "projects/{project}/inspectTemplates/{inspect_template}"
+  //       history: ORIGINALLY_SINGLE_PATTERN
+  //     };
+  //   }
+  History history = 4;
+}
+
+// Defines a proto annotation that describes a field that refers to a resource.
+message ResourceReference {
+  // The resource type that the annotated field references.
+  //
+  // Example:
+  //
+  //   message Subscription {
+  //     string topic = 2 [(google.api.resource_reference) = {
+  //       type = "pubsub.googleapis.com/Topic"
+  //     }];
+  //   }
+  string type = 1;
+
+  // The resource type of a child collection that the annotated field
+  // references. This is useful for `parent` fields where a resource has more
+  // than one possible type of parent.
+  //
+  // Example:
+  //
+  //   message ListLogEntriesRequest {
+  //     string parent = 1 [(google.api.resource_reference) = {
+  //       child_type: "logging.googleapis.com/LogEntry"
+  //     };
+  //   }
+  string child_type = 2;
+}

common-protos/google/api/service.proto

@@ -0,0 +1,176 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/api/auth.proto";
+import "google/api/backend.proto";
+import "google/api/billing.proto";
+import "google/api/context.proto";
+import "google/api/control.proto";
+import "google/api/documentation.proto";
+import "google/api/endpoint.proto";
+import "google/api/http.proto";
+import "google/api/label.proto";
+import "google/api/log.proto";
+import "google/api/logging.proto";
+import "google/api/metric.proto";
+import "google/api/monitored_resource.proto";
+import "google/api/monitoring.proto";
+import "google/api/quota.proto";
+import "google/api/resource.proto";
+import "google/api/source_info.proto";
+import "google/api/system_parameter.proto";
+import "google/api/usage.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/api.proto";
+import "google/protobuf/type.proto";
+import "google/protobuf/wrappers.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "ServiceProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Service` is the root object of Google service configuration schema. It
+// describes basic information about a service, such as the name and the
+// title, and delegates other aspects to sub-sections. Each sub-section is
+// either a proto message or a repeated proto message that configures a
+// specific aspect, such as auth. See each proto message definition for details.
+//
+// Example:
+//
+//     type: google.api.Service
+//     config_version: 3
+//     name: calendar.googleapis.com
+//     title: Google Calendar API
+//     apis:
+//     - name: google.calendar.v3.Calendar
+//     authentication:
+//       providers:
+//       - id: google_calendar_auth
+//         jwks_uri: https://www.googleapis.com/oauth2/v1/certs
+//         issuer: https://securetoken.google.com
+//       rules:
+//       - selector: "*"
+//         requirements:
+//           provider_id: google_calendar_auth
+message Service {
+  // The semantic version of the service configuration. The config version
+  // affects the interpretation of the service configuration. For example,
+  // certain features are enabled by default for certain config versions.
+  // The latest config version is `3`.
+  google.protobuf.UInt32Value config_version = 20;
+
+  // The service name, which is a DNS-like logical identifier for the
+  // service, such as `calendar.googleapis.com`. The service name
+  // typically goes through DNS verification to make sure the owner
+  // of the service also owns the DNS name.
+  string name = 1;
+
+  // A unique ID for a specific instance of this message, typically assigned
+  // by the client for tracking purpose. If empty, the server may choose to
+  // generate one instead. Must be no longer than 60 characters.
+  string id = 33;
+
+  // The product title for this service.
+  string title = 2;
+
+  // The Google project that owns this service.
+  string producer_project_id = 22;
+
+  // A list of API interfaces exported by this service. Only the `name` field
+  // of the [google.protobuf.Api][google.protobuf.Api] needs to be provided by the configuration
+  // author, as the remaining fields will be derived from the IDL during the
+  // normalization process. It is an error to specify an API interface here
+  // which cannot be resolved against the associated IDL files.
+  repeated google.protobuf.Api apis = 3;
+
+  // A list of all proto message types included in this API service.
+  // Types referenced directly or indirectly by the `apis` are
+  // automatically included.  Messages which are not referenced but
+  // shall be included, such as types used by the `google.protobuf.Any` type,
+  // should be listed here by name. Example:
+  //
+  //     types:
+  //     - name: google.protobuf.Int32
+  repeated google.protobuf.Type types = 4;
+
+  // A list of all enum types included in this API service.  Enums
+  // referenced directly or indirectly by the `apis` are automatically
+  // included.  Enums which are not referenced but shall be included
+  // should be listed here by name. Example:
+  //
+  //     enums:
+  //     - name: google.someapi.v1.SomeEnum
+  repeated google.protobuf.Enum enums = 5;
+
+  // Additional API documentation.
+  Documentation documentation = 6;
+
+  // API backend configuration.
+  Backend backend = 8;
+
+  // HTTP configuration.
+  Http http = 9;
+
+  // Quota configuration.
+  Quota quota = 10;
+
+  // Auth configuration.
+  Authentication authentication = 11;
+
+  // Context configuration.
+  Context context = 12;
+
+  // Configuration controlling usage of this service.
+  Usage usage = 15;
+
+  // Configuration for network endpoints.  If this is empty, then an endpoint
+  // with the same name as the service is automatically generated to service all
+  // defined APIs.
+  repeated Endpoint endpoints = 18;
+
+  // Configuration for the service control plane.
+  Control control = 21;
+
+  // Defines the logs used by this service.
+  repeated LogDescriptor logs = 23;
+
+  // Defines the metrics used by this service.
+  repeated MetricDescriptor metrics = 24;
+
+  // Defines the monitored resources used by this service. This is required
+  // by the [Service.monitoring][google.api.Service.monitoring] and [Service.logging][google.api.Service.logging] configurations.
+  repeated MonitoredResourceDescriptor monitored_resources = 25;
+
+  // Billing configuration.
+  Billing billing = 26;
+
+  // Logging configuration.
+  Logging logging = 27;
+
+  // Monitoring configuration.
+  Monitoring monitoring = 28;
+
+  // System parameter configuration.
+  SystemParameters system_parameters = 29;
+
+  // Output only. The source information for this configuration if available.
+  SourceInfo source_info = 37;
+}

common-protos/google/api/servicecontrol/v1/check_error.proto

@@ -0,0 +1,98 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+import "google/api/annotations.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "CheckErrorProto";
+option java_package = "com.google.api.servicecontrol.v1";
+
+// Defines the errors to be returned in
+// [google.api.servicecontrol.v1.CheckResponse.check_errors][google.api.servicecontrol.v1.CheckResponse.check_errors].
+message CheckError {
+  // Error codes for Check responses.
+  enum Code {
+    // This is never used in `CheckResponse`.
+    ERROR_CODE_UNSPECIFIED = 0;
+
+    // The consumer's project id was not found.
+    // Same as [google.rpc.Code.NOT_FOUND][].
+    NOT_FOUND = 5;
+
+    // The consumer doesn't have access to the specified resource.
+    // Same as [google.rpc.Code.PERMISSION_DENIED][].
+    PERMISSION_DENIED = 7;
+
+    // Quota check failed. Same as [google.rpc.Code.RESOURCE_EXHAUSTED][].
+    RESOURCE_EXHAUSTED = 8;
+
+    // The consumer hasn't activated the service.
+    SERVICE_NOT_ACTIVATED = 104;
+
+    // The consumer cannot access the service because billing is disabled.
+    BILLING_DISABLED = 107;
+
+    // The consumer's project has been marked as deleted (soft deletion).
+    PROJECT_DELETED = 108;
+
+    // The consumer's project number or id does not represent a valid project.
+    PROJECT_INVALID = 114;
+
+    // The IP address of the consumer is invalid for the specific consumer
+    // project.
+    IP_ADDRESS_BLOCKED = 109;
+
+    // The referer address of the consumer request is invalid for the specific
+    // consumer project.
+    REFERER_BLOCKED = 110;
+
+    // The client application of the consumer request is invalid for the
+    // specific consumer project.
+    CLIENT_APP_BLOCKED = 111;
+
+    // The API targeted by this request is invalid for the specified consumer
+    // project.
+    API_TARGET_BLOCKED = 122;
+
+    // The consumer's API key is invalid.
+    API_KEY_INVALID = 105;
+
+    // The consumer's API Key has expired.
+    API_KEY_EXPIRED = 112;
+
+    // The consumer's API Key was not found in config record.
+    API_KEY_NOT_FOUND = 113;
+
+    // The backend server for looking up project id/number is unavailable.
+    NAMESPACE_LOOKUP_UNAVAILABLE = 300;
+
+    // The backend server for checking service status is unavailable.
+    SERVICE_STATUS_UNAVAILABLE = 301;
+
+    // The backend server for checking billing status is unavailable.
+    BILLING_STATUS_UNAVAILABLE = 302;
+  }
+
+  // The error code.
+  Code code = 1;
+
+  // Free-form text providing details on the error cause of the error.
+  string detail = 2;
+}

common-protos/google/api/servicecontrol/v1/distribution.proto

@@ -0,0 +1,158 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "DistributionProto";
+option java_package = "com.google.api.servicecontrol.v1";
+
+// Distribution represents a frequency distribution of double-valued sample
+// points. It contains the size of the population of sample points plus
+// additional optional information:
+//
+//   - the arithmetic mean of the samples
+//   - the minimum and maximum of the samples
+//   - the sum-squared-deviation of the samples, used to compute variance
+//   - a histogram of the values of the sample points
+message Distribution {
+  // Describing buckets with constant width.
+  message LinearBuckets {
+    // The number of finite buckets. With the underflow and overflow buckets,
+    // the total number of buckets is `num_finite_buckets` + 2.
+    // See comments on `bucket_options` for details.
+    int32 num_finite_buckets = 1;
+
+    // The i'th linear bucket covers the interval
+    //   [offset + (i-1) * width, offset + i * width)
+    // where i ranges from 1 to num_finite_buckets, inclusive.
+    // Must be strictly positive.
+    double width = 2;
+
+    // The i'th linear bucket covers the interval
+    //   [offset + (i-1) * width, offset + i * width)
+    // where i ranges from 1 to num_finite_buckets, inclusive.
+    double offset = 3;
+  }
+
+  // Describing buckets with exponentially growing width.
+  message ExponentialBuckets {
+    // The number of finite buckets. With the underflow and overflow buckets,
+    // the total number of buckets is `num_finite_buckets` + 2.
+    // See comments on `bucket_options` for details.
+    int32 num_finite_buckets = 1;
+
+    // The i'th exponential bucket covers the interval
+    //   [scale * growth_factor^(i-1), scale * growth_factor^i)
+    // where i ranges from 1 to num_finite_buckets inclusive.
+    // Must be larger than 1.0.
+    double growth_factor = 2;
+
+    // The i'th exponential bucket covers the interval
+    //   [scale * growth_factor^(i-1), scale * growth_factor^i)
+    // where i ranges from 1 to num_finite_buckets inclusive.
+    // Must be > 0.
+    double scale = 3;
+  }
+
+  // Describing buckets with arbitrary user-provided width.
+  message ExplicitBuckets {
+    // 'bound' is a list of strictly increasing boundaries between
+    // buckets. Note that a list of length N-1 defines N buckets because
+    // of fenceposting. See comments on `bucket_options` for details.
+    //
+    // The i'th finite bucket covers the interval
+    //   [bound[i-1], bound[i])
+    // where i ranges from 1 to bound_size() - 1. Note that there are no
+    // finite buckets at all if 'bound' only contains a single element; in
+    // that special case the single bound defines the boundary between the
+    // underflow and overflow buckets.
+    //
+    // bucket number                   lower bound    upper bound
+    //  i == 0 (underflow)              -inf           bound[i]
+    //  0 < i < bound_size()            bound[i-1]     bound[i]
+    //  i == bound_size() (overflow)    bound[i-1]     +inf
+    repeated double bounds = 1;
+  }
+
+  // The total number of samples in the distribution. Must be >= 0.
+  int64 count = 1;
+
+  // The arithmetic mean of the samples in the distribution. If `count` is
+  // zero then this field must be zero.
+  double mean = 2;
+
+  // The minimum of the population of values. Ignored if `count` is zero.
+  double minimum = 3;
+
+  // The maximum of the population of values. Ignored if `count` is zero.
+  double maximum = 4;
+
+  // The sum of squared deviations from the mean:
+  //   Sum[i=1..count]((x_i - mean)^2)
+  // where each x_i is a sample values. If `count` is zero then this field
+  // must be zero, otherwise validation of the request fails.
+  double sum_of_squared_deviation = 5;
+
+  // The number of samples in each histogram bucket. `bucket_counts` are
+  // optional. If present, they must sum to the `count` value.
+  //
+  // The buckets are defined below in `bucket_option`. There are N buckets.
+  // `bucket_counts[0]` is the number of samples in the underflow bucket.
+  // `bucket_counts[1]` to `bucket_counts[N-1]` are the numbers of samples
+  // in each of the finite buckets. And `bucket_counts[N] is the number
+  // of samples in the overflow bucket. See the comments of `bucket_option`
+  // below for more details.
+  //
+  // Any suffix of trailing zeros may be omitted.
+  repeated int64 bucket_counts = 6;
+
+  // Defines the buckets in the histogram. `bucket_option` and `bucket_counts`
+  // must be both set, or both unset.
+  //
+  // Buckets are numbered in the range of [0, N], with a total of N+1 buckets.
+  // There must be at least two buckets (a single-bucket histogram gives
+  // no information that isn't already provided by `count`).
+  //
+  // The first bucket is the underflow bucket which has a lower bound
+  // of -inf. The last bucket is the overflow bucket which has an
+  // upper bound of +inf. All other buckets (if any) are called "finite"
+  // buckets because they have finite lower and upper bounds. As described
+  // below, there are three ways to define the finite buckets.
+  //
+  //   (1) Buckets with constant width.
+  //   (2) Buckets with exponentially growing widths.
+  //   (3) Buckets with arbitrary user-provided widths.
+  //
+  // In all cases, the buckets cover the entire real number line (-inf,
+  // +inf). Bucket upper bounds are exclusive and lower bounds are
+  // inclusive. The upper bound of the underflow bucket is equal to the
+  // lower bound of the smallest finite bucket; the lower bound of the
+  // overflow bucket is equal to the upper bound of the largest finite
+  // bucket.
+  oneof bucket_option {
+    // Buckets with constant width.
+    LinearBuckets linear_buckets = 7;
+
+    // Buckets with exponentially growing width.
+    ExponentialBuckets exponential_buckets = 8;
+
+    // Buckets with arbitrary user-provided width.
+    ExplicitBuckets explicit_buckets = 9;
+  }
+}

common-protos/google/api/servicecontrol/v1/log_entry.proto

@@ -0,0 +1,66 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+import "google/api/annotations.proto";
+import "google/logging/type/log_severity.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "LogEntryProto";
+option java_package = "com.google.api.servicecontrol.v1";
+
+// An individual log entry.
+message LogEntry {
+  // Required. The log to which this log entry belongs. Examples: `"syslog"`,
+  // `"book_log"`.
+  string name = 10;
+
+  // The time the event described by the log entry occurred. If
+  // omitted, defaults to operation start time.
+  google.protobuf.Timestamp timestamp = 11;
+
+  // The severity of the log entry. The default value is
+  // `LogSeverity.DEFAULT`.
+  google.logging.type.LogSeverity severity = 12;
+
+  // A unique ID for the log entry used for deduplication. If omitted,
+  // the implementation will generate one based on operation_id.
+  string insert_id = 4;
+
+  // A set of user-defined (key, value) data that provides additional
+  // information about the log entry.
+  map<string, string> labels = 13;
+
+  // The log entry payload, which can be one of multiple types.
+  oneof payload {
+    // The log entry payload, represented as a protocol buffer that is
+    // expressed as a JSON object. The only accepted type currently is
+    // [AuditLog][google.cloud.audit.AuditLog].
+    google.protobuf.Any proto_payload = 2;
+
+    // The log entry payload, represented as a Unicode string (UTF-8).
+    string text_payload = 3;
+
+    // The log entry payload, represented as a structure that
+    // is expressed as a JSON object.
+    google.protobuf.Struct struct_payload = 6;
+  }
+}

common-protos/google/api/servicecontrol/v1/metric_value.proto

@@ -0,0 +1,78 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+import "google/api/annotations.proto";
+import "google/api/servicecontrol/v1/distribution.proto";
+import "google/protobuf/timestamp.proto";
+import "google/type/money.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "MetricValueSetProto";
+option java_package = "com.google.api.servicecontrol.v1";
+
+// Represents a single metric value.
+message MetricValue {
+  // The labels describing the metric value.
+  // See comments on
+  // [google.api.servicecontrol.v1.Operation.labels][google.api.servicecontrol.v1.Operation.labels]
+  // for the overriding relationship.
+  map<string, string> labels = 1;
+
+  // The start of the time period over which this metric value's measurement
+  // applies. The time period has different semantics for different metric
+  // types (cumulative, delta, and gauge). See the metric definition
+  // documentation in the service configuration for details.
+  google.protobuf.Timestamp start_time = 2;
+
+  // The end of the time period over which this metric value's measurement
+  // applies.
+  google.protobuf.Timestamp end_time = 3;
+
+  // The value. The type of value used in the request must
+  // agree with the metric definition in the service configuration, otherwise
+  // the MetricValue is rejected.
+  oneof value {
+    // A boolean value.
+    bool bool_value = 4;
+
+    // A signed 64-bit integer value.
+    int64 int64_value = 5;
+
+    // A double precision floating point value.
+    double double_value = 6;
+
+    // A text string value.
+    string string_value = 7;
+
+    // A distribution value.
+    Distribution distribution_value = 8;
+  }
+}
+
+// Represents a set of metric values in the same metric.
+// Each metric value in the set should have a unique combination of start time,
+// end time, and label values.
+message MetricValueSet {
+  // The metric name defined in the service configuration.
+  string metric_name = 1;
+
+  // The values in this metric.
+  repeated MetricValue metric_values = 2;
+}

common-protos/google/api/servicecontrol/v1/operation.proto

@@ -0,0 +1,113 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+import "google/api/annotations.proto";
+import "google/api/servicecontrol/v1/log_entry.proto";
+import "google/api/servicecontrol/v1/metric_value.proto";
+import "google/protobuf/timestamp.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "OperationProto";
+option java_package = "com.google.api.servicecontrol.v1";
+
+// Represents information regarding an operation.
+message Operation {
+  // Defines the importance of the data contained in the operation.
+  enum Importance {
+    // The API implementation may cache and aggregate the data.
+    // The data may be lost when rare and unexpected system failures occur.
+    LOW = 0;
+
+    // The API implementation doesn't cache and aggregate the data.
+    // If the method returns successfully, it's guaranteed that the data has
+    // been persisted in durable storage.
+    HIGH = 1;
+  }
+
+  // Identity of the operation. This must be unique within the scope of the
+  // service that generated the operation. If the service calls
+  // Check() and Report() on the same operation, the two calls should carry
+  // the same id.
+  //
+  // UUID version 4 is recommended, though not required.
+  // In scenarios where an operation is computed from existing information
+  // and an idempotent id is desirable for deduplication purpose, UUID version 5
+  // is recommended. See RFC 4122 for details.
+  string operation_id = 1;
+
+  // Fully qualified name of the operation. Reserved for future use.
+  string operation_name = 2;
+
+  // Identity of the consumer who is using the service.
+  // This field should be filled in for the operations initiated by a
+  // consumer, but not for service-initiated operations that are
+  // not related to a specific consumer.
+  //
+  // This can be in one of the following formats:
+  //   project:<project_id>,
+  //   project_number:<project_number>,
+  //   api_key:<api_key>.
+  string consumer_id = 3;
+
+  // Required. Start time of the operation.
+  google.protobuf.Timestamp start_time = 4;
+
+  // End time of the operation.
+  // Required when the operation is used in
+  // [ServiceController.Report][google.api.servicecontrol.v1.ServiceController.Report],
+  // but optional when the operation is used in
+  // [ServiceController.Check][google.api.servicecontrol.v1.ServiceController.Check].
+  google.protobuf.Timestamp end_time = 5;
+
+  // Labels describing the operation. Only the following labels are allowed:
+  //
+  // - Labels describing monitored resources as defined in
+  //   the service configuration.
+  // - Default labels of metric values. When specified, labels defined in the
+  //   metric value override these default.
+  // - The following labels defined by Google Cloud Platform:
+  //     - `cloud.googleapis.com/location` describing the location where the
+  //        operation happened,
+  //     - `servicecontrol.googleapis.com/user_agent` describing the user agent
+  //        of the API request,
+  //     - `servicecontrol.googleapis.com/service_agent` describing the service
+  //        used to handle the API request (e.g. ESP),
+  //     - `servicecontrol.googleapis.com/platform` describing the platform
+  //        where the API is served (e.g. GAE, GCE, GKE).
+  map<string, string> labels = 6;
+
+  // Represents information about this operation. Each MetricValueSet
+  // corresponds to a metric defined in the service configuration.
+  // The data type used in the MetricValueSet must agree with
+  // the data type specified in the metric definition.
+  //
+  // Within a single operation, it is not allowed to have more than one
+  // MetricValue instances that have the same metric names and identical
+  // label value combinations. If a request has such duplicated MetricValue
+  // instances, the entire request is rejected with
+  // an invalid argument error.
+  repeated MetricValueSet metric_value_sets = 7;
+
+  // Represents information to be logged.
+  repeated LogEntry log_entries = 8;
+
+  // DO NOT USE. This is an experimental field.
+  Importance importance = 11;
+}

common-protos/google/api/servicecontrol/v1/quota_controller.proto

@@ -0,0 +1,206 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+import "google/api/annotations.proto";
+import "google/api/servicecontrol/v1/metric_value.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "QuotaControllerProto";
+option java_package = "com.google.api.servicecontrol.v1";
+
+// [Google Quota Control API](/service-control/overview)
+//
+// Allows clients to allocate and release quota against a [managed
+// service](https://cloud.google.com/service-management/reference/rpc/google.api/servicemanagement.v1#google.api.servicemanagement.v1.ManagedService).
+service QuotaController {
+  // Attempts to allocate quota for the specified consumer. It should be called
+  // before the operation is executed.
+  //
+  // This method requires the `servicemanagement.services.quota`
+  // permission on the specified service. For more information, see
+  // [Cloud IAM](https://cloud.google.com/iam).
+  //
+  // **NOTE:** The client **must** fail-open on server errors `INTERNAL`,
+  // `UNKNOWN`, `DEADLINE_EXCEEDED`, and `UNAVAILABLE`. To ensure system
+  // reliability, the server may inject these errors to prohibit any hard
+  // dependency on the quota functionality.
+  rpc AllocateQuota(AllocateQuotaRequest) returns (AllocateQuotaResponse) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}:allocateQuota"
+      body: "*"
+    };
+  }
+}
+
+// Request message for the AllocateQuota method.
+message AllocateQuotaRequest {
+  // Name of the service as specified in the service configuration. For example,
+  // `"pubsub.googleapis.com"`.
+  //
+  // See [google.api.Service][google.api.Service] for the definition of a
+  // service name.
+  string service_name = 1;
+
+  // Operation that describes the quota allocation.
+  QuotaOperation allocate_operation = 2;
+
+  // Specifies which version of service configuration should be used to process
+  // the request. If unspecified or no matching version can be found, the latest
+  // one will be used.
+  string service_config_id = 4;
+}
+
+// Represents information regarding a quota operation.
+message QuotaOperation {
+  // Supported quota modes.
+  enum QuotaMode {
+    // Guard against implicit default. Must not be used.
+    UNSPECIFIED = 0;
+
+    // For AllocateQuota request, allocates quota for the amount specified in
+    // the service configuration or specified using the quota metrics. If the
+    // amount is higher than the available quota, allocation error will be
+    // returned and no quota will be allocated.
+    NORMAL = 1;
+
+    // The operation allocates quota for the amount specified in the service
+    // configuration or specified using the quota metrics. If the amount is
+    // higher than the available quota, request does not fail but all available
+    // quota will be allocated.
+    BEST_EFFORT = 2;
+
+    // For AllocateQuota request, only checks if there is enough quota
+    // available and does not change the available quota. No lock is placed on
+    // the available quota either.
+    CHECK_ONLY = 3;
+  }
+
+  // Identity of the operation. This is expected to be unique within the scope
+  // of the service that generated the operation, and guarantees idempotency in
+  // case of retries.
+  //
+  // UUID version 4 is recommended, though not required. In scenarios where an
+  // operation is computed from existing information and an idempotent id is
+  // desirable for deduplication purpose, UUID version 5 is recommended. See
+  // RFC 4122 for details.
+  string operation_id = 1;
+
+  // Fully qualified name of the API method for which this quota operation is
+  // requested. This name is used for matching quota rules or metric rules and
+  // billing status rules defined in service configuration. This field is not
+  // required if the quota operation is performed on non-API resources.
+  //
+  // Example of an RPC method name:
+  //     google.example.library.v1.LibraryService.CreateShelf
+  string method_name = 2;
+
+  // Identity of the consumer for whom this quota operation is being performed.
+  //
+  // This can be in one of the following formats:
+  //   project:<project_id>,
+  //   project_number:<project_number>,
+  //   api_key:<api_key>.
+  string consumer_id = 3;
+
+  // Labels describing the operation.
+  map<string, string> labels = 4;
+
+  // Represents information about this operation. Each MetricValueSet
+  // corresponds to a metric defined in the service configuration.
+  // The data type used in the MetricValueSet must agree with
+  // the data type specified in the metric definition.
+  //
+  // Within a single operation, it is not allowed to have more than one
+  // MetricValue instances that have the same metric names and identical
+  // label value combinations. If a request has such duplicated MetricValue
+  // instances, the entire request is rejected with
+  // an invalid argument error.
+  repeated MetricValueSet quota_metrics = 5;
+
+  // Quota mode for this operation.
+  QuotaMode quota_mode = 6;
+}
+
+// Response message for the AllocateQuota method.
+message AllocateQuotaResponse {
+  // The same operation_id value used in the AllocateQuotaRequest. Used for
+  // logging and diagnostics purposes.
+  string operation_id = 1;
+
+  // Indicates the decision of the allocate.
+  repeated QuotaError allocate_errors = 2;
+
+  // Quota metrics to indicate the result of allocation. Depending on the
+  // request, one or more of the following metrics will be included:
+  //
+  // 1. Per quota group or per quota metric incremental usage will be specified
+  // using the following delta metric :
+  //   "serviceruntime.googleapis.com/api/consumer/quota_used_count"
+  //
+  // 2. The quota limit reached condition will be specified using the following
+  // boolean metric :
+  //   "serviceruntime.googleapis.com/quota/exceeded"
+  repeated MetricValueSet quota_metrics = 3;
+
+  // ID of the actual config used to process the request.
+  string service_config_id = 4;
+}
+
+// Represents error information for
+// [QuotaOperation][google.api.servicecontrol.v1.QuotaOperation].
+message QuotaError {
+  // Error codes related to project config validations are deprecated since the
+  // quota controller methods do not perform these validations. Instead services
+  // have to call the Check method, without quota_properties field, to perform
+  // these validations before calling the quota controller methods. These
+  // methods check only for project deletion to be wipe out compliant.
+  enum Code {
+    // This is never used.
+    UNSPECIFIED = 0;
+
+    // Quota allocation failed.
+    // Same as [google.rpc.Code.RESOURCE_EXHAUSTED][].
+    RESOURCE_EXHAUSTED = 8;
+
+    // Consumer cannot access the service because the service requires active
+    // billing.
+    BILLING_NOT_ACTIVE = 107;
+
+    // Consumer's project has been marked as deleted (soft deletion).
+    PROJECT_DELETED = 108;
+
+    // Specified API key is invalid.
+    API_KEY_INVALID = 105;
+
+    // Specified API Key has expired.
+    API_KEY_EXPIRED = 112;
+  }
+
+  // Error code.
+  Code code = 1;
+
+  // Subject to whom this error applies. See the specific enum for more details
+  // on this field. For example, "clientip:<ip address of client>" or
+  // "project:<Google developer project id>".
+  string subject = 2;
+
+  // Free-form text that provides details on the cause of the error.
+  string description = 3;
+}

common-protos/google/api/servicecontrol/v1/service_controller.proto

@@ -0,0 +1,204 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicecontrol.v1;
+
+import "google/api/annotations.proto";
+import "google/api/servicecontrol/v1/check_error.proto";
+import "google/api/servicecontrol/v1/operation.proto";
+import "google/rpc/status.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol";
+option java_multiple_files = true;
+option java_outer_classname = "ServiceControllerProto";
+option java_package = "com.google.api.servicecontrol.v1";
+option objc_class_prefix = "GASC";
+
+// [Google Service Control API](/service-control/overview)
+//
+// Lets clients check and report operations against a [managed
+// service](https://cloud.google.com/service-management/reference/rpc/google.api/servicemanagement.v1#google.api.servicemanagement.v1.ManagedService).
+service ServiceController {
+  // Checks an operation with Google Service Control to decide whether
+  // the given operation should proceed. It should be called before the
+  // operation is executed.
+  //
+  // If feasible, the client should cache the check results and reuse them for
+  // 60 seconds. In case of server errors, the client can rely on the cached
+  // results for longer time.
+  //
+  // NOTE: the [CheckRequest][google.api.servicecontrol.v1.CheckRequest] has the
+  // size limit of 64KB.
+  //
+  // This method requires the `servicemanagement.services.check` permission
+  // on the specified service. For more information, see
+  // [Google Cloud IAM](https://cloud.google.com/iam).
+  rpc Check(CheckRequest) returns (CheckResponse) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}:check"
+      body: "*"
+    };
+  }
+
+  // Reports operation results to Google Service Control, such as logs and
+  // metrics. It should be called after an operation is completed.
+  //
+  // If feasible, the client should aggregate reporting data for up to 5
+  // seconds to reduce API traffic. Limiting aggregation to 5 seconds is to
+  // reduce data loss during client crashes. Clients should carefully choose
+  // the aggregation time window to avoid data loss risk more than 0.01%
+  // for business and compliance reasons.
+  //
+  // NOTE: the [ReportRequest][google.api.servicecontrol.v1.ReportRequest] has
+  // the size limit of 1MB.
+  //
+  // This method requires the `servicemanagement.services.report` permission
+  // on the specified service. For more information, see
+  // [Google Cloud IAM](https://cloud.google.com/iam).
+  rpc Report(ReportRequest) returns (ReportResponse) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}:report"
+      body: "*"
+    };
+  }
+}
+
+// Request message for the Check method.
+message CheckRequest {
+  // The service name as specified in its service configuration. For example,
+  // `"pubsub.googleapis.com"`.
+  //
+  // See
+  // [google.api.Service](https://cloud.google.com/service-management/reference/rpc/google.api#google.api.Service)
+  // for the definition of a service name.
+  string service_name = 1;
+
+  // The operation to be checked.
+  Operation operation = 2;
+
+  // Specifies which version of service configuration should be used to process
+  // the request.
+  //
+  // If unspecified or no matching version can be found, the
+  // latest one will be used.
+  string service_config_id = 4;
+}
+
+// Response message for the Check method.
+message CheckResponse {
+  message CheckInfo {
+    // Consumer info of this check.
+    ConsumerInfo consumer_info = 2;
+  }
+
+  // `ConsumerInfo` provides information about the consumer project.
+  message ConsumerInfo {
+    // The Google cloud project number, e.g. 1234567890. A value of 0 indicates
+    // no project number is found.
+    int64 project_number = 1;
+  }
+
+  // The same operation_id value used in the
+  // [CheckRequest][google.api.servicecontrol.v1.CheckRequest]. Used for logging
+  // and diagnostics purposes.
+  string operation_id = 1;
+
+  // The current service rollout id used to process the request.
+  string service_rollout_id = 11;
+
+  // Indicate the decision of the check.
+  //
+  // If no check errors are present, the service should process the operation.
+  // Otherwise the service should use the list of errors to determine the
+  // appropriate action.
+  repeated CheckError check_errors = 2;
+
+  // The actual config id used to process the request.
+  string service_config_id = 5;
+
+  // Feedback data returned from the server during processing a Check request.
+  CheckInfo check_info = 6;
+}
+
+// Request message for the Report method.
+message ReportRequest {
+  // The service name as specified in its service configuration. For example,
+  // `"pubsub.googleapis.com"`.
+  //
+  // See
+  // [google.api.Service](https://cloud.google.com/service-management/reference/rpc/google.api#google.api.Service)
+  // for the definition of a service name.
+  string service_name = 1;
+
+  // Operations to be reported.
+  //
+  // Typically the service should report one operation per request.
+  // Putting multiple operations into a single request is allowed, but should
+  // be used only when multiple operations are natually available at the time
+  // of the report.
+  //
+  // If multiple operations are in a single request, the total request size
+  // should be no larger than 1MB. See
+  // [ReportResponse.report_errors][google.api.servicecontrol.v1.ReportResponse.report_errors]
+  // for partial failure behavior.
+  repeated Operation operations = 2;
+
+  // Specifies which version of service config should be used to process the
+  // request.
+  //
+  // If unspecified or no matching version can be found, the
+  // latest one will be used.
+  string service_config_id = 3;
+}
+
+// Response message for the Report method.
+message ReportResponse {
+  // Represents the processing error of one
+  // [Operation][google.api.servicecontrol.v1.Operation] in the request.
+  message ReportError {
+    // The
+    // [Operation.operation_id][google.api.servicecontrol.v1.Operation.operation_id]
+    // value from the request.
+    string operation_id = 1;
+
+    // Details of the error when processing the
+    // [Operation][google.api.servicecontrol.v1.Operation].
+    google.rpc.Status status = 2;
+  }
+
+  // Partial failures, one for each `Operation` in the request that failed
+  // processing. There are three possible combinations of the RPC status:
+  //
+  // 1. The combination of a successful RPC status and an empty `report_errors`
+  //    list indicates a complete success where all `Operations` in the
+  //    request are processed successfully.
+  // 2. The combination of a successful RPC status and a non-empty
+  //    `report_errors` list indicates a partial success where some
+  //    `Operations` in the request succeeded. Each
+  //    `Operation` that failed processing has a corresponding item
+  //    in this list.
+  // 3. A failed RPC status indicates a general non-deterministic failure.
+  //    When this happens, it's impossible to know which of the
+  //    'Operations' in the request succeeded or failed.
+  repeated ReportError report_errors = 1;
+
+  // The actual config id used to process the request.
+  string service_config_id = 2;
+
+  // The current service rollout id used to process the request.
+  string service_rollout_id = 4;
+}

common-protos/google/api/servicemanagement/v1/resources.proto

@@ -0,0 +1,299 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicemanagement.v1;
+
+import "google/api/annotations.proto";
+import "google/api/config_change.proto";
+import "google/api/metric.proto";
+import "google/api/service.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+import "google/rpc/status.proto";
+
+option csharp_namespace = "Google.Cloud.ServiceManagement.V1";
+option go_package = "google.golang.org/genproto/googleapis/api/servicemanagement/v1;servicemanagement";
+option java_multiple_files = true;
+option java_outer_classname = "ResourcesProto";
+option java_package = "com.google.api.servicemanagement.v1";
+option objc_class_prefix = "GASM";
+option php_namespace = "Google\\Cloud\\ServiceManagement\\V1";
+
+// The full representation of a Service that is managed by
+// Google Service Management.
+message ManagedService {
+  // The name of the service. See the [overview](/service-management/overview)
+  // for naming requirements.
+  string service_name = 2;
+
+  // ID of the project that produces and owns this service.
+  string producer_project_id = 3;
+}
+
+// The metadata associated with a long running operation resource.
+message OperationMetadata {
+  // Represents the status of one operation step.
+  message Step {
+    // The short description of the step.
+    string description = 2;
+
+    // The status code.
+    Status status = 4;
+  }
+
+  // Code describes the status of the operation (or one of its steps).
+  enum Status {
+    // Unspecifed code.
+    STATUS_UNSPECIFIED = 0;
+
+    // The operation or step has completed without errors.
+    DONE = 1;
+
+    // The operation or step has not started yet.
+    NOT_STARTED = 2;
+
+    // The operation or step is in progress.
+    IN_PROGRESS = 3;
+
+    // The operation or step has completed with errors. If the operation is
+    // rollbackable, the rollback completed with errors too.
+    FAILED = 4;
+
+    // The operation or step has completed with cancellation.
+    CANCELLED = 5;
+  }
+
+  // The full name of the resources that this operation is directly
+  // associated with.
+  repeated string resource_names = 1;
+
+  // Detailed status information for each step. The order is undetermined.
+  repeated Step steps = 2;
+
+  // Percentage of completion of this operation, ranging from 0 to 100.
+  int32 progress_percentage = 3;
+
+  // The start time of the operation.
+  google.protobuf.Timestamp start_time = 4;
+}
+
+// Represents a diagnostic message (error or warning)
+message Diagnostic {
+  // The kind of diagnostic information possible.
+  enum Kind {
+    // Warnings and errors
+    WARNING = 0;
+
+    // Only errors
+    ERROR = 1;
+  }
+
+  // File name and line number of the error or warning.
+  string location = 1;
+
+  // The kind of diagnostic information provided.
+  Kind kind = 2;
+
+  // Message describing the error or warning.
+  string message = 3;
+}
+
+// Represents a source file which is used to generate the service configuration
+// defined by `google.api.Service`.
+message ConfigSource {
+  // A unique ID for a specific instance of this message, typically assigned
+  // by the client for tracking purpose. If empty, the server may choose to
+  // generate one instead.
+  string id = 5;
+
+  // Set of source configuration files that are used to generate a service
+  // configuration (`google.api.Service`).
+  repeated ConfigFile files = 2;
+}
+
+// Generic specification of a source configuration file
+message ConfigFile {
+  enum FileType {
+    // Unknown file type.
+    FILE_TYPE_UNSPECIFIED = 0;
+
+    // YAML-specification of service.
+    SERVICE_CONFIG_YAML = 1;
+
+    // OpenAPI specification, serialized in JSON.
+    OPEN_API_JSON = 2;
+
+    // OpenAPI specification, serialized in YAML.
+    OPEN_API_YAML = 3;
+
+    // FileDescriptorSet, generated by protoc.
+    //
+    // To generate, use protoc with imports and source info included.
+    // For an example test.proto file, the following command would put the value
+    // in a new file named out.pb.
+    //
+    // $protoc --include_imports --include_source_info test.proto -o out.pb
+    FILE_DESCRIPTOR_SET_PROTO = 4;
+
+    // Uncompiled Proto file. Used for storage and display purposes only,
+    // currently server-side compilation is not supported. Should match the
+    // inputs to 'protoc' command used to generated FILE_DESCRIPTOR_SET_PROTO. A
+    // file of this type can only be included if at least one file of type
+    // FILE_DESCRIPTOR_SET_PROTO is included.
+    PROTO_FILE = 6;
+  }
+
+  // The file name of the configuration file (full or relative path).
+  string file_path = 1;
+
+  // The bytes that constitute the file.
+  bytes file_contents = 3;
+
+  // The type of configuration file this represents.
+  FileType file_type = 4;
+}
+
+// Represents a service configuration with its name and id.
+message ConfigRef {
+  // Resource name of a service config. It must have the following
+  // format: "services/{service name}/configs/{config id}".
+  string name = 1;
+}
+
+// Change report associated with a particular service configuration.
+//
+// It contains a list of ConfigChanges based on the comparison between
+// two service configurations.
+message ChangeReport {
+  // List of changes between two service configurations.
+  // The changes will be alphabetically sorted based on the identifier
+  // of each change.
+  // A ConfigChange identifier is a dot separated path to the configuration.
+  // Example: visibility.rules[selector='LibraryService.CreateBook'].restriction
+  repeated google.api.ConfigChange config_changes = 1;
+}
+
+// A rollout resource that defines how service configuration versions are pushed
+// to control plane systems. Typically, you create a new version of the
+// service config, and then create a Rollout to push the service config.
+message Rollout {
+  // Strategy that specifies how clients of Google Service Controller want to
+  // send traffic to use different config versions. This is generally
+  // used by API proxy to split traffic based on your configured precentage for
+  // each config version.
+  //
+  // One example of how to gradually rollout a new service configuration using
+  // this
+  // strategy:
+  // Day 1
+  //
+  //     Rollout {
+  //       id: "example.googleapis.com/rollout_20160206"
+  //       traffic_percent_strategy {
+  //         percentages: {
+  //           "example.googleapis.com/20160201": 70.00
+  //           "example.googleapis.com/20160206": 30.00
+  //         }
+  //       }
+  //     }
+  //
+  // Day 2
+  //
+  //     Rollout {
+  //       id: "example.googleapis.com/rollout_20160207"
+  //       traffic_percent_strategy: {
+  //         percentages: {
+  //           "example.googleapis.com/20160206": 100.00
+  //         }
+  //       }
+  //     }
+  message TrafficPercentStrategy {
+    // Maps service configuration IDs to their corresponding traffic percentage.
+    // Key is the service configuration ID, Value is the traffic percentage
+    // which must be greater than 0.0 and the sum must equal to 100.0.
+    map<string, double> percentages = 1;
+  }
+
+  // Strategy used to delete a service. This strategy is a placeholder only
+  // used by the system generated rollout to delete a service.
+  message DeleteServiceStrategy {}
+
+  // Status of a Rollout.
+  enum RolloutStatus {
+    // No status specified.
+    ROLLOUT_STATUS_UNSPECIFIED = 0;
+
+    // The Rollout is in progress.
+    IN_PROGRESS = 1;
+
+    // The Rollout has completed successfully.
+    SUCCESS = 2;
+
+    // The Rollout has been cancelled. This can happen if you have overlapping
+    // Rollout pushes, and the previous ones will be cancelled.
+    CANCELLED = 3;
+
+    // The Rollout has failed and the rollback attempt has failed too.
+    FAILED = 4;
+
+    // The Rollout has not started yet and is pending for execution.
+    PENDING = 5;
+
+    // The Rollout has failed and rolled back to the previous successful
+    // Rollout.
+    FAILED_ROLLED_BACK = 6;
+  }
+
+  // Optional unique identifier of this Rollout. Only lower case letters, digits
+  //  and '-' are allowed.
+  //
+  // If not specified by client, the server will generate one. The generated id
+  // will have the form of <date><revision number>, where "date" is the create
+  // date in ISO 8601 format.  "revision number" is a monotonically increasing
+  // positive number that is reset every day for each service.
+  // An example of the generated rollout_id is '2016-02-16r1'
+  string rollout_id = 1;
+
+  // Creation time of the rollout. Readonly.
+  google.protobuf.Timestamp create_time = 2;
+
+  // The user who created the Rollout. Readonly.
+  string created_by = 3;
+
+  // The status of this rollout. Readonly. In case of a failed rollout,
+  // the system will automatically rollback to the current Rollout
+  // version. Readonly.
+  RolloutStatus status = 4;
+
+  // Strategy that defines which versions of service configurations should be
+  // pushed
+  // and how they should be used at runtime.
+  oneof strategy {
+    // Google Service Control selects service configurations based on
+    // traffic percentage.
+    TrafficPercentStrategy traffic_percent_strategy = 5;
+
+    // The strategy associated with a rollout to delete a `ManagedService`.
+    // Readonly.
+    DeleteServiceStrategy delete_service_strategy = 200;
+  }
+
+  // The name of the service associated with this Rollout.
+  string service_name = 8;
+}

common-protos/google/api/servicemanagement/v1/servicemanager.proto

@@ -0,0 +1,503 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api.servicemanagement.v1;
+
+import "google/api/annotations.proto";
+import "google/api/service.proto";
+import "google/api/servicemanagement/v1/resources.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/struct.proto";
+import "google/rpc/status.proto";
+
+option csharp_namespace = "Google.Cloud.ServiceManagement.V1";
+option go_package = "google.golang.org/genproto/googleapis/api/servicemanagement/v1;servicemanagement";
+option java_multiple_files = true;
+option java_outer_classname = "ServiceManagerProto";
+option java_package = "com.google.api.servicemanagement.v1";
+option objc_class_prefix = "GASM";
+option php_namespace = "Google\\Cloud\\ServiceManagement\\V1";
+
+// [Google Service Management API](/service-management/overview)
+service ServiceManager {
+  // Lists managed services.
+  //
+  // Returns all public services. For authenticated users, also returns all
+  // services the calling user has "servicemanagement.services.get" permission
+  // for.
+  //
+  // **BETA:** If the caller specifies the `consumer_id`, it returns only the
+  // services enabled on the consumer. The `consumer_id` must have the format
+  // of "project:{PROJECT-ID}".
+  rpc ListServices(ListServicesRequest) returns (ListServicesResponse) {
+    option (google.api.http) = {
+      get: "/v1/services"
+    };
+  }
+
+  // Gets a managed service. Authentication is required unless the service is
+  // public.
+  rpc GetService(GetServiceRequest) returns (ManagedService) {
+    option (google.api.http) = {
+      get: "/v1/services/{service_name}"
+    };
+  }
+
+  // Creates a new managed service.
+  // Please note one producer project can own no more than 20 services.
+  //
+  // Operation<response: ManagedService>
+  rpc CreateService(CreateServiceRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/services"
+      body: "service"
+    };
+  }
+
+  // Deletes a managed service. This method will change the service to the
+  // `Soft-Delete` state for 30 days. Within this period, service producers may
+  // call
+  // [UndeleteService][google.api.servicemanagement.v1.ServiceManager.UndeleteService]
+  // to restore the service. After 30 days, the service will be permanently
+  // deleted.
+  //
+  // Operation<response: google.protobuf.Empty>
+  rpc DeleteService(DeleteServiceRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/services/{service_name}"
+    };
+  }
+
+  // Revives a previously deleted managed service. The method restores the
+  // service using the configuration at the time the service was deleted.
+  // The target service must exist and must have been deleted within the
+  // last 30 days.
+  //
+  // Operation<response: UndeleteServiceResponse>
+  rpc UndeleteService(UndeleteServiceRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}:undelete"
+    };
+  }
+
+  // Lists the history of the service configuration for a managed service,
+  // from the newest to the oldest.
+  rpc ListServiceConfigs(ListServiceConfigsRequest)
+      returns (ListServiceConfigsResponse) {
+    option (google.api.http) = {
+      get: "/v1/services/{service_name}/configs"
+    };
+  }
+
+  // Gets a service configuration (version) for a managed service.
+  rpc GetServiceConfig(GetServiceConfigRequest) returns (google.api.Service) {
+    option (google.api.http) = {
+      get: "/v1/services/{service_name}/configs/{config_id}"
+      additional_bindings { get: "/v1/services/{service_name}/config" }
+    };
+  }
+
+  // Creates a new service configuration (version) for a managed service.
+  // This method only stores the service configuration. To roll out the service
+  // configuration to backend systems please call
+  // [CreateServiceRollout][google.api.servicemanagement.v1.ServiceManager.CreateServiceRollout].
+  //
+  // Only the 100 most recent service configurations and ones referenced by
+  // existing rollouts are kept for each service. The rest will be deleted
+  // eventually.
+  rpc CreateServiceConfig(CreateServiceConfigRequest)
+      returns (google.api.Service) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}/configs"
+      body: "service_config"
+    };
+  }
+
+  // Creates a new service configuration (version) for a managed service based
+  // on
+  // user-supplied configuration source files (for example: OpenAPI
+  // Specification). This method stores the source configurations as well as the
+  // generated service configuration. To rollout the service configuration to
+  // other services,
+  // please call
+  // [CreateServiceRollout][google.api.servicemanagement.v1.ServiceManager.CreateServiceRollout].
+  //
+  // Only the 100 most recent configuration sources and ones referenced by
+  // existing service configurtions are kept for each service. The rest will be
+  // deleted eventually.
+  //
+  // Operation<response: SubmitConfigSourceResponse>
+  rpc SubmitConfigSource(SubmitConfigSourceRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}/configs:submit"
+      body: "*"
+    };
+  }
+
+  // Lists the history of the service configuration rollouts for a managed
+  // service, from the newest to the oldest.
+  rpc ListServiceRollouts(ListServiceRolloutsRequest)
+      returns (ListServiceRolloutsResponse) {
+    option (google.api.http) = {
+      get: "/v1/services/{service_name}/rollouts"
+    };
+  }
+
+  // Gets a service configuration
+  // [rollout][google.api.servicemanagement.v1.Rollout].
+  rpc GetServiceRollout(GetServiceRolloutRequest) returns (Rollout) {
+    option (google.api.http) = {
+      get: "/v1/services/{service_name}/rollouts/{rollout_id}"
+    };
+  }
+
+  // Creates a new service configuration rollout. Based on rollout, the
+  // Google Service Management will roll out the service configurations to
+  // different backend services. For example, the logging configuration will be
+  // pushed to Google Cloud Logging.
+  //
+  // Please note that any previous pending and running Rollouts and associated
+  // Operations will be automatically cancelled so that the latest Rollout will
+  // not be blocked by previous Rollouts.
+  //
+  // Only the 100 most recent (in any state) and the last 10 successful (if not
+  // already part of the set of 100 most recent) rollouts are kept for each
+  // service. The rest will be deleted eventually.
+  //
+  // Operation<response: Rollout>
+  rpc CreateServiceRollout(CreateServiceRolloutRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}/rollouts"
+      body: "rollout"
+    };
+  }
+
+  // Generates and returns a report (errors, warnings and changes from
+  // existing configurations) associated with
+  // GenerateConfigReportRequest.new_value
+  //
+  // If GenerateConfigReportRequest.old_value is specified,
+  // GenerateConfigReportRequest will contain a single ChangeReport based on the
+  // comparison between GenerateConfigReportRequest.new_value and
+  // GenerateConfigReportRequest.old_value.
+  // If GenerateConfigReportRequest.old_value is not specified, this method
+  // will compare GenerateConfigReportRequest.new_value with the last pushed
+  // service configuration.
+  rpc GenerateConfigReport(GenerateConfigReportRequest)
+      returns (GenerateConfigReportResponse) {
+    option (google.api.http) = {
+      post: "/v1/services:generateConfigReport"
+      body: "*"
+    };
+  }
+
+  // Enables a [service][google.api.servicemanagement.v1.ManagedService] for a
+  // project, so it can be used for the project. See [Cloud Auth
+  // Guide](https://cloud.google.com/docs/authentication) for more information.
+  //
+  // Operation<response: EnableServiceResponse>
+  rpc EnableService(EnableServiceRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}:enable"
+      body: "*"
+    };
+  }
+
+  // Disables a [service][google.api.servicemanagement.v1.ManagedService] for a
+  // project, so it can no longer be be used for the project. It prevents
+  // accidental usage that may cause unexpected billing charges or security
+  // leaks.
+  //
+  // Operation<response: DisableServiceResponse>
+  rpc DisableService(DisableServiceRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/services/{service_name}:disable"
+      body: "*"
+    };
+  }
+}
+
+// Request message for `ListServices` method.
+message ListServicesRequest {
+  // Include services produced by the specified project.
+  string producer_project_id = 1;
+
+  // Requested size of the next page of data.
+  int32 page_size = 5;
+
+  // Token identifying which result to start with; returned by a previous list
+  // call.
+  string page_token = 6;
+
+  // Include services consumed by the specified consumer.
+  //
+  // The Google Service Management implementation accepts the following
+  // forms:
+  // - project:<project_id>
+  string consumer_id = 7;
+}
+
+// Response message for `ListServices` method.
+message ListServicesResponse {
+  // The returned services will only have the name field set.
+  repeated ManagedService services = 1;
+
+  // Token that can be passed to `ListServices` to resume a paginated query.
+  string next_page_token = 2;
+}
+
+// Request message for `GetService` method.
+message GetServiceRequest {
+  // The name of the service.  See the `ServiceManager` overview for naming
+  // requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+}
+
+// Request message for CreateService method.
+message CreateServiceRequest {
+  // Initial values for the service resource.
+  ManagedService service = 1;
+}
+
+// Request message for DeleteService method.
+message DeleteServiceRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+}
+
+// Request message for UndeleteService method.
+message UndeleteServiceRequest {
+  // The name of the service. See the [overview](/service-management/overview)
+  // for naming requirements. For example: `example.googleapis.com`.
+  string service_name = 1;
+}
+
+// Response message for UndeleteService method.
+message UndeleteServiceResponse {
+  // Revived service resource.
+  ManagedService service = 1;
+}
+
+// Request message for GetServiceConfig method.
+message GetServiceConfigRequest {
+  enum ConfigView {
+    // Server response includes all fields except SourceInfo.
+    BASIC = 0;
+
+    // Server response includes all fields including SourceInfo.
+    // SourceFiles are of type 'google.api.servicemanagement.v1.ConfigFile'
+    // and are only available for configs created using the
+    // SubmitConfigSource method.
+    FULL = 1;
+  }
+
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The id of the service configuration resource.
+  string config_id = 2;
+
+  // Specifies which parts of the Service Config should be returned in the
+  // response.
+  ConfigView view = 3;
+}
+
+// Request message for ListServiceConfigs method.
+message ListServiceConfigsRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The token of the page to retrieve.
+  string page_token = 2;
+
+  // The max number of items to include in the response list.
+  int32 page_size = 3;
+}
+
+// Response message for ListServiceConfigs method.
+message ListServiceConfigsResponse {
+  // The list of service configuration resources.
+  repeated google.api.Service service_configs = 1;
+
+  // The token of the next page of results.
+  string next_page_token = 2;
+}
+
+// Request message for CreateServiceConfig method.
+message CreateServiceConfigRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The service configuration resource.
+  google.api.Service service_config = 2;
+}
+
+// Request message for SubmitConfigSource method.
+message SubmitConfigSourceRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The source configuration for the service.
+  ConfigSource config_source = 2;
+
+  // Optional. If set, this will result in the generation of a
+  // `google.api.Service` configuration based on the `ConfigSource` provided,
+  // but the generated config and the sources will NOT be persisted.
+  bool validate_only = 3;
+}
+
+// Response message for SubmitConfigSource method.
+message SubmitConfigSourceResponse {
+  // The generated service configuration.
+  google.api.Service service_config = 1;
+}
+
+// Request message for 'CreateServiceRollout'
+message CreateServiceRolloutRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The rollout resource. The `service_name` field is output only.
+  Rollout rollout = 2;
+}
+
+// Request message for 'ListServiceRollouts'
+message ListServiceRolloutsRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The token of the page to retrieve.
+  string page_token = 2;
+
+  // The max number of items to include in the response list.
+  int32 page_size = 3;
+
+  // Use `filter` to return subset of rollouts.
+  // The following filters are supported:
+  //   -- To limit the results to only those in
+  //      [status](google.api.servicemanagement.v1.RolloutStatus) 'SUCCESS',
+  //      use filter='status=SUCCESS'
+  //   -- To limit the results to those in
+  //      [status](google.api.servicemanagement.v1.RolloutStatus) 'CANCELLED'
+  //      or 'FAILED', use filter='status=CANCELLED OR status=FAILED'
+  string filter = 4;
+}
+
+// Response message for ListServiceRollouts method.
+message ListServiceRolloutsResponse {
+  // The list of rollout resources.
+  repeated Rollout rollouts = 1;
+
+  // The token of the next page of results.
+  string next_page_token = 2;
+}
+
+// Request message for GetServiceRollout method.
+message GetServiceRolloutRequest {
+  // The name of the service.  See the [overview](/service-management/overview)
+  // for naming requirements.  For example: `example.googleapis.com`.
+  string service_name = 1;
+
+  // The id of the rollout resource.
+  string rollout_id = 2;
+}
+
+// Request message for EnableService method.
+message EnableServiceRequest {
+  // Name of the service to enable. Specifying an unknown service name will
+  // cause the request to fail.
+  string service_name = 1;
+
+  // The identity of consumer resource which service enablement will be
+  // applied to.
+  //
+  // The Google Service Management implementation accepts the following
+  // forms:
+  // - "project:<project_id>"
+  //
+  // Note: this is made compatible with
+  // google.api.servicecontrol.v1.Operation.consumer_id.
+  string consumer_id = 2;
+}
+
+// Request message for DisableService method.
+message DisableServiceRequest {
+  // Name of the service to disable. Specifying an unknown service name
+  // will cause the request to fail.
+  string service_name = 1;
+
+  // The identity of consumer resource which service disablement will be
+  // applied to.
+  //
+  // The Google Service Management implementation accepts the following
+  // forms:
+  // - "project:<project_id>"
+  //
+  // Note: this is made compatible with
+  // google.api.servicecontrol.v1.Operation.consumer_id.
+  string consumer_id = 2;
+}
+
+// Request message for GenerateConfigReport method.
+message GenerateConfigReportRequest {
+  // Service configuration for which we want to generate the report.
+  // For this version of API, the supported types are
+  // [google.api.servicemanagement.v1.ConfigRef][google.api.servicemanagement.v1.ConfigRef],
+  // [google.api.servicemanagement.v1.ConfigSource][google.api.servicemanagement.v1.ConfigSource],
+  // and [google.api.Service][google.api.Service]
+  google.protobuf.Any new_config = 1;
+
+  // Service configuration against which the comparison will be done.
+  // For this version of API, the supported types are
+  // [google.api.servicemanagement.v1.ConfigRef][google.api.servicemanagement.v1.ConfigRef],
+  // [google.api.servicemanagement.v1.ConfigSource][google.api.servicemanagement.v1.ConfigSource],
+  // and [google.api.Service][google.api.Service]
+  google.protobuf.Any old_config = 2;
+}
+
+// Response message for GenerateConfigReport method.
+message GenerateConfigReportResponse {
+  // Name of the service this report belongs to.
+  string service_name = 1;
+
+  // ID of the service configuration this report belongs to.
+  string id = 2;
+
+  // list of ChangeReport, each corresponding to comparison between two
+  // service configurations.
+  repeated ChangeReport change_reports = 3;
+
+  // Errors / Linter warnings associated with the service definition this
+  // report
+  // belongs to.
+  repeated Diagnostic diagnostics = 4;
+}

common-protos/google/api/source_info.proto

@@ -0,0 +1,32 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/protobuf/any.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "SourceInfoProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Source information used to create a Service Config
+message SourceInfo {
+  // All files used during config generation.
+  repeated google.protobuf.Any source_files = 1;
+}

common-protos/google/api/system_parameter.proto

@@ -0,0 +1,96 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "SystemParameterProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// ### System parameter configuration
+//
+// A system parameter is a special kind of parameter defined by the API
+// system, not by an individual API. It is typically mapped to an HTTP header
+// and/or a URL query parameter. This configuration specifies which methods
+// change the names of the system parameters.
+message SystemParameters {
+  // Define system parameters.
+  //
+  // The parameters defined here will override the default parameters
+  // implemented by the system. If this field is missing from the service
+  // config, default system parameters will be used. Default system parameters
+  // and names is implementation-dependent.
+  //
+  // Example: define api key for all methods
+  //
+  //     system_parameters
+  //       rules:
+  //         - selector: "*"
+  //           parameters:
+  //             - name: api_key
+  //               url_query_parameter: api_key
+  //
+  //
+  // Example: define 2 api key names for a specific method.
+  //
+  //     system_parameters
+  //       rules:
+  //         - selector: "/ListShelves"
+  //           parameters:
+  //             - name: api_key
+  //               http_header: Api-Key1
+  //             - name: api_key
+  //               http_header: Api-Key2
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated SystemParameterRule rules = 1;
+}
+
+// Define a system parameter rule mapping system parameter definitions to
+// methods.
+message SystemParameterRule {
+  // Selects the methods to which this rule applies. Use '*' to indicate all
+  // methods in all APIs.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // Define parameters. Multiple names may be defined for a parameter.
+  // For a given method call, only one of them should be used. If multiple
+  // names are used the behavior is implementation-dependent.
+  // If none of the specified names are present the behavior is
+  // parameter-dependent.
+  repeated SystemParameter parameters = 2;
+}
+
+// Define a parameter's name and location. The parameter may be passed as either
+// an HTTP header or a URL query parameter, and if both are passed the behavior
+// is implementation-dependent.
+message SystemParameter {
+  // Define the name of the parameter, such as "api_key" . It is case sensitive.
+  string name = 1;
+
+  // Define the HTTP header name to use for the parameter. It is case
+  // insensitive.
+  string http_header = 2;
+
+  // Define the URL query parameter name to use for the parameter. It is case
+  // sensitive.
+  string url_query_parameter = 3;
+}

common-protos/google/api/usage.proto

@@ -0,0 +1,90 @@
+// Copyright 2019 Google LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "UsageProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// Configuration controlling usage of a service.
+message Usage {
+  // Requirements that must be satisfied before a consumer project can use the
+  // service. Each requirement is of the form <service.name>/<requirement-id>;
+  // for example 'serviceusage.googleapis.com/billing-enabled'.
+  repeated string requirements = 1;
+
+  // A list of usage rules that apply to individual API methods.
+  //
+  // **NOTE:** All service configuration rules follow "last one wins" order.
+  repeated UsageRule rules = 6;
+
+  // The full resource name of a channel used for sending notifications to the
+  // service producer.
+  //
+  // Google Service Management currently only supports
+  // [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification
+  // channel. To use Google Cloud Pub/Sub as the channel, this must be the name
+  // of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format
+  // documented in https://cloud.google.com/pubsub/docs/overview.
+  string producer_notification_channel = 7;
+}
+
+// Usage configuration rules for the service.
+//
+// NOTE: Under development.
+//
+//
+// Use this rule to configure unregistered calls for the service. Unregistered
+// calls are calls that do not contain consumer project identity.
+// (Example: calls that do not contain an API key).
+// By default, API methods do not allow unregistered calls, and each method call
+// must be identified by a consumer project identity. Use this rule to
+// allow/disallow unregistered calls.
+//
+// Example of an API that wants to allow unregistered calls for entire service.
+//
+//     usage:
+//       rules:
+//       - selector: "*"
+//         allow_unregistered_calls: true
+//
+// Example of a method that wants to allow unregistered calls.
+//
+//     usage:
+//       rules:
+//       - selector: "google.example.library.v1.LibraryService.CreateBook"
+//         allow_unregistered_calls: true
+message UsageRule {
+  // Selects the methods to which this rule applies. Use '*' to indicate all
+  // methods in all APIs.
+  //
+  // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+  string selector = 1;
+
+  // If true, the selected method allows unregistered calls, e.g. calls
+  // that don't identify any user or application.
+  bool allow_unregistered_calls = 2;
+
+  // If true, the selected method should skip service control and the control
+  // plane features, such as quota and billing, will not be available.
+  // This flag is used by Google Cloud Endpoints to bypass checks for internal
+  // methods, such as service health check methods.
+  bool skip_service_control = 3;
+}

common-protos/google/protobuf/any.proto

@@ -0,0 +1,155 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option go_package = "github.com/golang/protobuf/ptypes/any";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "AnyProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+
+// `Any` contains an arbitrary serialized protocol buffer message along with a
+// URL that describes the type of the serialized message.
+//
+// Protobuf library provides support to pack/unpack Any values in the form
+// of utility functions or additional generated methods of the Any type.
+//
+// Example 1: Pack and unpack a message in C++.
+//
+//     Foo foo = ...;
+//     Any any;
+//     any.PackFrom(foo);
+//     ...
+//     if (any.UnpackTo(&foo)) {
+//       ...
+//     }
+//
+// Example 2: Pack and unpack a message in Java.
+//
+//     Foo foo = ...;
+//     Any any = Any.pack(foo);
+//     ...
+//     if (any.is(Foo.class)) {
+//       foo = any.unpack(Foo.class);
+//     }
+//
+//  Example 3: Pack and unpack a message in Python.
+//
+//     foo = Foo(...)
+//     any = Any()
+//     any.Pack(foo)
+//     ...
+//     if any.Is(Foo.DESCRIPTOR):
+//       any.Unpack(foo)
+//       ...
+//
+//  Example 4: Pack and unpack a message in Go
+//
+//      foo := &pb.Foo{...}
+//      any, err := ptypes.MarshalAny(foo)
+//      ...
+//      foo := &pb.Foo{}
+//      if err := ptypes.UnmarshalAny(any, foo); err != nil {
+//        ...
+//      }
+//
+// The pack methods provided by protobuf library will by default use
+// 'type.googleapis.com/full.type.name' as the type URL and the unpack
+// methods only use the fully qualified type name after the last '/'
+// in the type URL, for example "foo.bar.com/x/y.z" will yield type
+// name "y.z".
+//
+//
+// JSON
+// ====
+// The JSON representation of an `Any` value uses the regular
+// representation of the deserialized, embedded message, with an
+// additional field `@type` which contains the type URL. Example:
+//
+//     package google.profile;
+//     message Person {
+//       string first_name = 1;
+//       string last_name = 2;
+//     }
+//
+//     {
+//       "@type": "type.googleapis.com/google.profile.Person",
+//       "firstName": <string>,
+//       "lastName": <string>
+//     }
+//
+// If the embedded message type is well-known and has a custom JSON
+// representation, that representation will be embedded adding a field
+// `value` which holds the custom JSON in addition to the `@type`
+// field. Example (for message [google.protobuf.Duration][]):
+//
+//     {
+//       "@type": "type.googleapis.com/google.protobuf.Duration",
+//       "value": "1.212s"
+//     }
+//
+message Any {
+  // A URL/resource name that uniquely identifies the type of the serialized
+  // protocol buffer message. This string must contain at least
+  // one "/" character. The last segment of the URL's path must represent
+  // the fully qualified name of the type (as in
+  // `path/google.protobuf.Duration`). The name should be in a canonical form
+  // (e.g., leading "." is not accepted).
+  //
+  // In practice, teams usually precompile into the binary all types that they
+  // expect it to use in the context of Any. However, for URLs which use the
+  // scheme `http`, `https`, or no scheme, one can optionally set up a type
+  // server that maps type URLs to message definitions as follows:
+  //
+  // * If no scheme is provided, `https` is assumed.
+  // * An HTTP GET on the URL must yield a [google.protobuf.Type][]
+  //   value in binary format, or produce an error.
+  // * Applications are allowed to cache lookup results based on the
+  //   URL, or have them precompiled into a binary to avoid any
+  //   lookup. Therefore, binary compatibility needs to be preserved
+  //   on changes to types. (Use versioned type names to manage
+  //   breaking changes.)
+  //
+  // Note: this functionality is not currently available in the official
+  // protobuf release, and it is not used for type URLs beginning with
+  // type.googleapis.com.
+  //
+  // Schemes other than `http`, `https` (or the empty scheme) might be
+  // used with implementation specific semantics.
+  //
+  string type_url = 1;
+
+  // Must be a valid serialized protocol buffer of the above specified type.
+  bytes value = 2;
+}

common-protos/google/protobuf/api.proto

@@ -0,0 +1,210 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+import "google/protobuf/source_context.proto";
+import "google/protobuf/type.proto";
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "ApiProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "google.golang.org/genproto/protobuf/api;api";
+
+// Api is a light-weight descriptor for an API Interface.
+//
+// Interfaces are also described as "protocol buffer services" in some contexts,
+// such as by the "service" keyword in a .proto file, but they are different
+// from API Services, which represent a concrete implementation of an interface
+// as opposed to simply a description of methods and bindings. They are also
+// sometimes simply referred to as "APIs" in other contexts, such as the name of
+// this message itself. See https://cloud.google.com/apis/design/glossary for
+// detailed terminology.
+message Api {
+
+  // The fully qualified name of this interface, including package name
+  // followed by the interface's simple name.
+  string name = 1;
+
+  // The methods of this interface, in unspecified order.
+  repeated Method methods = 2;
+
+  // Any metadata attached to the interface.
+  repeated Option options = 3;
+
+  // A version string for this interface. If specified, must have the form
+  // `major-version.minor-version`, as in `1.10`. If the minor version is
+  // omitted, it defaults to zero. If the entire version field is empty, the
+  // major version is derived from the package name, as outlined below. If the
+  // field is not empty, the version in the package name will be verified to be
+  // consistent with what is provided here.
+  //
+  // The versioning schema uses [semantic
+  // versioning](http://semver.org) where the major version number
+  // indicates a breaking change and the minor version an additive,
+  // non-breaking change. Both version numbers are signals to users
+  // what to expect from different versions, and should be carefully
+  // chosen based on the product plan.
+  //
+  // The major version is also reflected in the package name of the
+  // interface, which must end in `v<major-version>`, as in
+  // `google.feature.v1`. For major versions 0 and 1, the suffix can
+  // be omitted. Zero major versions must only be used for
+  // experimental, non-GA interfaces.
+  //
+  //
+  string version = 4;
+
+  // Source context for the protocol buffer service represented by this
+  // message.
+  SourceContext source_context = 5;
+
+  // Included interfaces. See [Mixin][].
+  repeated Mixin mixins = 6;
+
+  // The source syntax of the service.
+  Syntax syntax = 7;
+}
+
+// Method represents a method of an API interface.
+message Method {
+
+  // The simple name of this method.
+  string name = 1;
+
+  // A URL of the input message type.
+  string request_type_url = 2;
+
+  // If true, the request is streamed.
+  bool request_streaming = 3;
+
+  // The URL of the output message type.
+  string response_type_url = 4;
+
+  // If true, the response is streamed.
+  bool response_streaming = 5;
+
+  // Any metadata attached to the method.
+  repeated Option options = 6;
+
+  // The source syntax of this method.
+  Syntax syntax = 7;
+}
+
+// Declares an API Interface to be included in this interface. The including
+// interface must redeclare all the methods from the included interface, but
+// documentation and options are inherited as follows:
+//
+// - If after comment and whitespace stripping, the documentation
+//   string of the redeclared method is empty, it will be inherited
+//   from the original method.
+//
+// - Each annotation belonging to the service config (http,
+//   visibility) which is not set in the redeclared method will be
+//   inherited.
+//
+// - If an http annotation is inherited, the path pattern will be
+//   modified as follows. Any version prefix will be replaced by the
+//   version of the including interface plus the [root][] path if
+//   specified.
+//
+// Example of a simple mixin:
+//
+//     package google.acl.v1;
+//     service AccessControl {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v1/{resource=**}:getAcl";
+//       }
+//     }
+//
+//     package google.storage.v2;
+//     service Storage {
+//       rpc GetAcl(GetAclRequest) returns (Acl);
+//
+//       // Get a data record.
+//       rpc GetData(GetDataRequest) returns (Data) {
+//         option (google.api.http).get = "/v2/{resource=**}";
+//       }
+//     }
+//
+// Example of a mixin configuration:
+//
+//     apis:
+//     - name: google.storage.v2.Storage
+//       mixins:
+//       - name: google.acl.v1.AccessControl
+//
+// The mixin construct implies that all methods in `AccessControl` are
+// also declared with same name and request/response types in
+// `Storage`. A documentation generator or annotation processor will
+// see the effective `Storage.GetAcl` method after inherting
+// documentation and annotations as follows:
+//
+//     service Storage {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v2/{resource=**}:getAcl";
+//       }
+//       ...
+//     }
+//
+// Note how the version in the path pattern changed from `v1` to `v2`.
+//
+// If the `root` field in the mixin is specified, it should be a
+// relative path under which inherited HTTP paths are placed. Example:
+//
+//     apis:
+//     - name: google.storage.v2.Storage
+//       mixins:
+//       - name: google.acl.v1.AccessControl
+//         root: acls
+//
+// This implies the following inherited HTTP annotation:
+//
+//     service Storage {
+//       // Get the underlying ACL object.
+//       rpc GetAcl(GetAclRequest) returns (Acl) {
+//         option (google.api.http).get = "/v2/acls/{resource=**}:getAcl";
+//       }
+//       ...
+//     }
+message Mixin {
+  // The fully qualified name of the interface which is included.
+  string name = 1;
+
+  // If non-empty specifies a path under which inherited HTTP paths
+  // are rooted.
+  string root = 2;
+}

common-protos/google/protobuf/compiler/plugin.proto

@@ -0,0 +1,168 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: kenton@google.com (Kenton Varda)
+//
+// WARNING:  The plugin interface is currently EXPERIMENTAL and is subject to
+//   change.
+//
+// protoc (aka the Protocol Compiler) can be extended via plugins.  A plugin is
+// just a program that reads a CodeGeneratorRequest from stdin and writes a
+// CodeGeneratorResponse to stdout.
+//
+// Plugins written using C++ can use google/protobuf/compiler/plugin.h instead
+// of dealing with the raw protocol defined here.
+//
+// A plugin executable needs only to be placed somewhere in the path.  The
+// plugin should be named "protoc-gen-$NAME", and will then be used when the
+// flag "--${NAME}_out" is passed to protoc.
+
+syntax = "proto2";
+
+package google.protobuf.compiler;
+option java_package = "com.google.protobuf.compiler";
+option java_outer_classname = "PluginProtos";
+
+option go_package = "github.com/golang/protobuf/protoc-gen-go/plugin;plugin_go";
+
+import "google/protobuf/descriptor.proto";
+
+// The version number of protocol compiler.
+message Version {
+  optional int32 major = 1;
+  optional int32 minor = 2;
+  optional int32 patch = 3;
+  // A suffix for alpha, beta or rc release, e.g., "alpha-1", "rc2". It should
+  // be empty for mainline stable releases.
+  optional string suffix = 4;
+}
+
+// An encoded CodeGeneratorRequest is written to the plugin's stdin.
+message CodeGeneratorRequest {
+  // The .proto files that were explicitly listed on the command-line.  The
+  // code generator should generate code only for these files.  Each file's
+  // descriptor will be included in proto_file, below.
+  repeated string file_to_generate = 1;
+
+  // The generator parameter passed on the command-line.
+  optional string parameter = 2;
+
+  // FileDescriptorProtos for all files in files_to_generate and everything
+  // they import.  The files will appear in topological order, so each file
+  // appears before any file that imports it.
+  //
+  // protoc guarantees that all proto_files will be written after
+  // the fields above, even though this is not technically guaranteed by the
+  // protobuf wire format.  This theoretically could allow a plugin to stream
+  // in the FileDescriptorProtos and handle them one by one rather than read
+  // the entire set into memory at once.  However, as of this writing, this
+  // is not similarly optimized on protoc's end -- it will store all fields in
+  // memory at once before sending them to the plugin.
+  //
+  // Type names of fields and extensions in the FileDescriptorProto are always
+  // fully qualified.
+  repeated FileDescriptorProto proto_file = 15;
+
+  // The version number of protocol compiler.
+  optional Version compiler_version = 3;
+
+}
+
+// The plugin writes an encoded CodeGeneratorResponse to stdout.
+message CodeGeneratorResponse {
+  // Error message.  If non-empty, code generation failed.  The plugin process
+  // should exit with status code zero even if it reports an error in this way.
+  //
+  // This should be used to indicate errors in .proto files which prevent the
+  // code generator from generating correct code.  Errors which indicate a
+  // problem in protoc itself -- such as the input CodeGeneratorRequest being
+  // unparseable -- should be reported by writing a message to stderr and
+  // exiting with a non-zero status code.
+  optional string error = 1;
+
+  // Represents a single generated file.
+  message File {
+    // The file name, relative to the output directory.  The name must not
+    // contain "." or ".." components and must be relative, not be absolute (so,
+    // the file cannot lie outside the output directory).  "/" must be used as
+    // the path separator, not "\".
+    //
+    // If the name is omitted, the content will be appended to the previous
+    // file.  This allows the generator to break large files into small chunks,
+    // and allows the generated text to be streamed back to protoc so that large
+    // files need not reside completely in memory at one time.  Note that as of
+    // this writing protoc does not optimize for this -- it will read the entire
+    // CodeGeneratorResponse before writing files to disk.
+    optional string name = 1;
+
+    // If non-empty, indicates that the named file should already exist, and the
+    // content here is to be inserted into that file at a defined insertion
+    // point.  This feature allows a code generator to extend the output
+    // produced by another code generator.  The original generator may provide
+    // insertion points by placing special annotations in the file that look
+    // like:
+    //   @@protoc_insertion_point(NAME)
+    // The annotation can have arbitrary text before and after it on the line,
+    // which allows it to be placed in a comment.  NAME should be replaced with
+    // an identifier naming the point -- this is what other generators will use
+    // as the insertion_point.  Code inserted at this point will be placed
+    // immediately above the line containing the insertion point (thus multiple
+    // insertions to the same point will come out in the order they were added).
+    // The double-@ is intended to make it unlikely that the generated code
+    // could contain things that look like insertion points by accident.
+    //
+    // For example, the C++ code generator places the following line in the
+    // .pb.h files that it generates:
+    //   // @@protoc_insertion_point(namespace_scope)
+    // This line appears within the scope of the file's package namespace, but
+    // outside of any particular class.  Another plugin can then specify the
+    // insertion_point "namespace_scope" to generate additional classes or
+    // other declarations that should be placed in this scope.
+    //
+    // Note that if the line containing the insertion point begins with
+    // whitespace, the same whitespace will be added to every line of the
+    // inserted text.  This is useful for languages like Python, where
+    // indentation matters.  In these languages, the insertion point comment
+    // should be indented the same amount as any inserted code will need to be
+    // in order to work correctly in that context.
+    //
+    // The code generator that generates the initial file and the one which
+    // inserts into it must both run as part of a single invocation of protoc.
+    // Code generators are executed in the order in which they appear on the
+    // command line.
+    //
+    // If |insertion_point| is present, |name| must also be present.
+    optional string insertion_point = 2;
+
+    // The file contents.
+    optional string content = 15;
+  }
+  repeated File file = 15;
+}

common-protos/google/protobuf/descriptor.proto

@@ -0,0 +1,885 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: kenton@google.com (Kenton Varda)
+//  Based on original Protocol Buffers design by
+//  Sanjay Ghemawat, Jeff Dean, and others.
+//
+// The messages in this file describe the definitions found in .proto files.
+// A valid .proto file can be translated directly to a FileDescriptorProto
+// without any other information (e.g. without reading its imports).
+
+
+syntax = "proto2";
+
+package google.protobuf;
+
+option go_package = "github.com/golang/protobuf/protoc-gen-go/descriptor;descriptor";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "DescriptorProtos";
+option csharp_namespace = "Google.Protobuf.Reflection";
+option objc_class_prefix = "GPB";
+option cc_enable_arenas = true;
+
+// descriptor.proto must be optimized for speed because reflection-based
+// algorithms don't work during bootstrapping.
+option optimize_for = SPEED;
+
+// The protocol compiler can output a FileDescriptorSet containing the .proto
+// files it parses.
+message FileDescriptorSet {
+  repeated FileDescriptorProto file = 1;
+}
+
+// Describes a complete .proto file.
+message FileDescriptorProto {
+  optional string name = 1;     // file name, relative to root of source tree
+  optional string package = 2;  // e.g. "foo", "foo.bar", etc.
+
+  // Names of files imported by this file.
+  repeated string dependency = 3;
+  // Indexes of the public imported files in the dependency list above.
+  repeated int32 public_dependency = 10;
+  // Indexes of the weak imported files in the dependency list.
+  // For Google-internal migration only. Do not use.
+  repeated int32 weak_dependency = 11;
+
+  // All top-level definitions in this file.
+  repeated DescriptorProto message_type = 4;
+  repeated EnumDescriptorProto enum_type = 5;
+  repeated ServiceDescriptorProto service = 6;
+  repeated FieldDescriptorProto extension = 7;
+
+  optional FileOptions options = 8;
+
+  // This field contains optional information about the original source code.
+  // You may safely remove this entire field without harming runtime
+  // functionality of the descriptors -- the information is needed only by
+  // development tools.
+  optional SourceCodeInfo source_code_info = 9;
+
+  // The syntax of the proto file.
+  // The supported values are "proto2" and "proto3".
+  optional string syntax = 12;
+}
+
+// Describes a message type.
+message DescriptorProto {
+  optional string name = 1;
+
+  repeated FieldDescriptorProto field = 2;
+  repeated FieldDescriptorProto extension = 6;
+
+  repeated DescriptorProto nested_type = 3;
+  repeated EnumDescriptorProto enum_type = 4;
+
+  message ExtensionRange {
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Exclusive.
+
+    optional ExtensionRangeOptions options = 3;
+  }
+  repeated ExtensionRange extension_range = 5;
+
+  repeated OneofDescriptorProto oneof_decl = 8;
+
+  optional MessageOptions options = 7;
+
+  // Range of reserved tag numbers. Reserved tag numbers may not be used by
+  // fields or extension ranges in the same message. Reserved ranges may
+  // not overlap.
+  message ReservedRange {
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Exclusive.
+  }
+  repeated ReservedRange reserved_range = 9;
+  // Reserved field names, which may not be used by fields in the same message.
+  // A given name may only be reserved once.
+  repeated string reserved_name = 10;
+}
+
+message ExtensionRangeOptions {
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+// Describes a field within a message.
+message FieldDescriptorProto {
+  enum Type {
+    // 0 is reserved for errors.
+    // Order is weird for historical reasons.
+    TYPE_DOUBLE = 1;
+    TYPE_FLOAT = 2;
+    // Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT64 if
+    // negative values are likely.
+    TYPE_INT64 = 3;
+    TYPE_UINT64 = 4;
+    // Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT32 if
+    // negative values are likely.
+    TYPE_INT32 = 5;
+    TYPE_FIXED64 = 6;
+    TYPE_FIXED32 = 7;
+    TYPE_BOOL = 8;
+    TYPE_STRING = 9;
+    // Tag-delimited aggregate.
+    // Group type is deprecated and not supported in proto3. However, Proto3
+    // implementations should still be able to parse the group wire format and
+    // treat group fields as unknown fields.
+    TYPE_GROUP = 10;
+    TYPE_MESSAGE = 11;  // Length-delimited aggregate.
+
+    // New in version 2.
+    TYPE_BYTES = 12;
+    TYPE_UINT32 = 13;
+    TYPE_ENUM = 14;
+    TYPE_SFIXED32 = 15;
+    TYPE_SFIXED64 = 16;
+    TYPE_SINT32 = 17;  // Uses ZigZag encoding.
+    TYPE_SINT64 = 18;  // Uses ZigZag encoding.
+  }
+
+  enum Label {
+    // 0 is reserved for errors
+    LABEL_OPTIONAL = 1;
+    LABEL_REQUIRED = 2;
+    LABEL_REPEATED = 3;
+  }
+
+  optional string name = 1;
+  optional int32 number = 3;
+  optional Label label = 4;
+
+  // If type_name is set, this need not be set.  If both this and type_name
+  // are set, this must be one of TYPE_ENUM, TYPE_MESSAGE or TYPE_GROUP.
+  optional Type type = 5;
+
+  // For message and enum types, this is the name of the type.  If the name
+  // starts with a '.', it is fully-qualified.  Otherwise, C++-like scoping
+  // rules are used to find the type (i.e. first the nested types within this
+  // message are searched, then within the parent, on up to the root
+  // namespace).
+  optional string type_name = 6;
+
+  // For extensions, this is the name of the type being extended.  It is
+  // resolved in the same manner as type_name.
+  optional string extendee = 2;
+
+  // For numeric types, contains the original text representation of the value.
+  // For booleans, "true" or "false".
+  // For strings, contains the default text contents (not escaped in any way).
+  // For bytes, contains the C escaped value.  All bytes >= 128 are escaped.
+  // TODO(kenton):  Base-64 encode?
+  optional string default_value = 7;
+
+  // If set, gives the index of a oneof in the containing type's oneof_decl
+  // list.  This field is a member of that oneof.
+  optional int32 oneof_index = 9;
+
+  // JSON name of this field. The value is set by protocol compiler. If the
+  // user has set a "json_name" option on this field, that option's value
+  // will be used. Otherwise, it's deduced from the field's name by converting
+  // it to camelCase.
+  optional string json_name = 10;
+
+  optional FieldOptions options = 8;
+}
+
+// Describes a oneof.
+message OneofDescriptorProto {
+  optional string name = 1;
+  optional OneofOptions options = 2;
+}
+
+// Describes an enum type.
+message EnumDescriptorProto {
+  optional string name = 1;
+
+  repeated EnumValueDescriptorProto value = 2;
+
+  optional EnumOptions options = 3;
+
+  // Range of reserved numeric values. Reserved values may not be used by
+  // entries in the same enum. Reserved ranges may not overlap.
+  //
+  // Note that this is distinct from DescriptorProto.ReservedRange in that it
+  // is inclusive such that it can appropriately represent the entire int32
+  // domain.
+  message EnumReservedRange {
+    optional int32 start = 1;  // Inclusive.
+    optional int32 end = 2;    // Inclusive.
+  }
+
+  // Range of reserved numeric values. Reserved numeric values may not be used
+  // by enum values in the same enum declaration. Reserved ranges may not
+  // overlap.
+  repeated EnumReservedRange reserved_range = 4;
+
+  // Reserved enum value names, which may not be reused. A given name may only
+  // be reserved once.
+  repeated string reserved_name = 5;
+}
+
+// Describes a value within an enum.
+message EnumValueDescriptorProto {
+  optional string name = 1;
+  optional int32 number = 2;
+
+  optional EnumValueOptions options = 3;
+}
+
+// Describes a service.
+message ServiceDescriptorProto {
+  optional string name = 1;
+  repeated MethodDescriptorProto method = 2;
+
+  optional ServiceOptions options = 3;
+}
+
+// Describes a method of a service.
+message MethodDescriptorProto {
+  optional string name = 1;
+
+  // Input and output type names.  These are resolved in the same way as
+  // FieldDescriptorProto.type_name, but must refer to a message type.
+  optional string input_type = 2;
+  optional string output_type = 3;
+
+  optional MethodOptions options = 4;
+
+  // Identifies if client streams multiple client messages
+  optional bool client_streaming = 5 [default = false];
+  // Identifies if server streams multiple server messages
+  optional bool server_streaming = 6 [default = false];
+}
+
+
+// ===================================================================
+// Options
+
+// Each of the definitions above may have "options" attached.  These are
+// just annotations which may cause code to be generated slightly differently
+// or may contain hints for code that manipulates protocol messages.
+//
+// Clients may define custom options as extensions of the *Options messages.
+// These extensions may not yet be known at parsing time, so the parser cannot
+// store the values in them.  Instead it stores them in a field in the *Options
+// message called uninterpreted_option. This field must have the same name
+// across all *Options messages. We then use this field to populate the
+// extensions when we build a descriptor, at which point all protos have been
+// parsed and so all extensions are known.
+//
+// Extension numbers for custom options may be chosen as follows:
+// * For options which will only be used within a single application or
+//   organization, or for experimental options, use field numbers 50000
+//   through 99999.  It is up to you to ensure that you do not use the
+//   same number for multiple options.
+// * For options which will be published and used publicly by multiple
+//   independent entities, e-mail protobuf-global-extension-registry@google.com
+//   to reserve extension numbers. Simply provide your project name (e.g.
+//   Objective-C plugin) and your project website (if available) -- there's no
+//   need to explain how you intend to use them. Usually you only need one
+//   extension number. You can declare multiple options with only one extension
+//   number by putting them in a sub-message. See the Custom Options section of
+//   the docs for examples:
+//   https://developers.google.com/protocol-buffers/docs/proto#options
+//   If this turns out to be popular, a web service will be set up
+//   to automatically assign option numbers.
+
+message FileOptions {
+
+  // Sets the Java package where classes generated from this .proto will be
+  // placed.  By default, the proto package is used, but this is often
+  // inappropriate because proto packages do not normally start with backwards
+  // domain names.
+  optional string java_package = 1;
+
+
+  // If set, all the classes from the .proto file are wrapped in a single
+  // outer class with the given name.  This applies to both Proto1
+  // (equivalent to the old "--one_java_file" option) and Proto2 (where
+  // a .proto always translates to a single class, but you may want to
+  // explicitly choose the class name).
+  optional string java_outer_classname = 8;
+
+  // If set true, then the Java code generator will generate a separate .java
+  // file for each top-level message, enum, and service defined in the .proto
+  // file.  Thus, these types will *not* be nested inside the outer class
+  // named by java_outer_classname.  However, the outer class will still be
+  // generated to contain the file's getDescriptor() method as well as any
+  // top-level extensions defined in the file.
+  optional bool java_multiple_files = 10 [default = false];
+
+  // This option does nothing.
+  optional bool java_generate_equals_and_hash = 20 [deprecated=true];
+
+  // If set true, then the Java2 code generator will generate code that
+  // throws an exception whenever an attempt is made to assign a non-UTF-8
+  // byte sequence to a string field.
+  // Message reflection will do the same.
+  // However, an extension field still accepts non-UTF-8 byte sequences.
+  // This option has no effect on when used with the lite runtime.
+  optional bool java_string_check_utf8 = 27 [default = false];
+
+
+  // Generated classes can be optimized for speed or code size.
+  enum OptimizeMode {
+    SPEED = 1;         // Generate complete code for parsing, serialization,
+                       // etc.
+    CODE_SIZE = 2;     // Use ReflectionOps to implement these methods.
+    LITE_RUNTIME = 3;  // Generate code using MessageLite and the lite runtime.
+  }
+  optional OptimizeMode optimize_for = 9 [default = SPEED];
+
+  // Sets the Go package where structs generated from this .proto will be
+  // placed. If omitted, the Go package will be derived from the following:
+  //   - The basename of the package import path, if provided.
+  //   - Otherwise, the package statement in the .proto file, if present.
+  //   - Otherwise, the basename of the .proto file, without extension.
+  optional string go_package = 11;
+
+
+
+
+  // Should generic services be generated in each language?  "Generic" services
+  // are not specific to any particular RPC system.  They are generated by the
+  // main code generators in each language (without additional plugins).
+  // Generic services were the only kind of service generation supported by
+  // early versions of google.protobuf.
+  //
+  // Generic services are now considered deprecated in favor of using plugins
+  // that generate code specific to your particular RPC system.  Therefore,
+  // these default to false.  Old code which depends on generic services should
+  // explicitly set them to true.
+  optional bool cc_generic_services = 16 [default = false];
+  optional bool java_generic_services = 17 [default = false];
+  optional bool py_generic_services = 18 [default = false];
+  optional bool php_generic_services = 42 [default = false];
+
+  // Is this file deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for everything in the file, or it will be completely ignored; in the very
+  // least, this is a formalization for deprecating files.
+  optional bool deprecated = 23 [default = false];
+
+  // Enables the use of arenas for the proto messages in this file. This applies
+  // only to generated classes for C++.
+  optional bool cc_enable_arenas = 31 [default = false];
+
+
+  // Sets the objective c class prefix which is prepended to all objective c
+  // generated classes from this .proto. There is no default.
+  optional string objc_class_prefix = 36;
+
+  // Namespace for generated classes; defaults to the package.
+  optional string csharp_namespace = 37;
+
+  // By default Swift generators will take the proto package and CamelCase it
+  // replacing '.' with underscore and use that to prefix the types/symbols
+  // defined. When this options is provided, they will use this value instead
+  // to prefix the types/symbols defined.
+  optional string swift_prefix = 39;
+
+  // Sets the php class prefix which is prepended to all php generated classes
+  // from this .proto. Default is empty.
+  optional string php_class_prefix = 40;
+
+  // Use this option to change the namespace of php generated classes. Default
+  // is empty. When this option is empty, the package name will be used for
+  // determining the namespace.
+  optional string php_namespace = 41;
+
+  // Use this option to change the namespace of php generated metadata classes.
+  // Default is empty. When this option is empty, the proto file name will be
+  // used for determining the namespace.
+  optional string php_metadata_namespace = 44;
+
+  // Use this option to change the package of ruby generated classes. Default
+  // is empty. When this option is not set, the package name will be used for
+  // determining the ruby package.
+  optional string ruby_package = 45;
+
+
+  // The parser stores options it doesn't recognize here.
+  // See the documentation for the "Options" section above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message.
+  // See the documentation for the "Options" section above.
+  extensions 1000 to max;
+
+  reserved 38;
+}
+
+message MessageOptions {
+  // Set true to use the old proto1 MessageSet wire format for extensions.
+  // This is provided for backwards-compatibility with the MessageSet wire
+  // format.  You should not use this for any other reason:  It's less
+  // efficient, has fewer features, and is more complicated.
+  //
+  // The message must be defined exactly as follows:
+  //   message Foo {
+  //     option message_set_wire_format = true;
+  //     extensions 4 to max;
+  //   }
+  // Note that the message cannot have any defined fields; MessageSets only
+  // have extensions.
+  //
+  // All extensions of your type must be singular messages; e.g. they cannot
+  // be int32s, enums, or repeated messages.
+  //
+  // Because this is an option, the above two restrictions are not enforced by
+  // the protocol compiler.
+  optional bool message_set_wire_format = 1 [default = false];
+
+  // Disables the generation of the standard "descriptor()" accessor, which can
+  // conflict with a field of the same name.  This is meant to make migration
+  // from proto1 easier; new code should avoid fields named "descriptor".
+  optional bool no_standard_descriptor_accessor = 2 [default = false];
+
+  // Is this message deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for the message, or it will be completely ignored; in the very least,
+  // this is a formalization for deprecating messages.
+  optional bool deprecated = 3 [default = false];
+
+  // Whether the message is an automatically generated map entry type for the
+  // maps field.
+  //
+  // For maps fields:
+  //     map<KeyType, ValueType> map_field = 1;
+  // The parsed descriptor looks like:
+  //     message MapFieldEntry {
+  //         option map_entry = true;
+  //         optional KeyType key = 1;
+  //         optional ValueType value = 2;
+  //     }
+  //     repeated MapFieldEntry map_field = 1;
+  //
+  // Implementations may choose not to generate the map_entry=true message, but
+  // use a native map in the target language to hold the keys and values.
+  // The reflection APIs in such implementations still need to work as
+  // if the field is a repeated message field.
+  //
+  // NOTE: Do not set the option in .proto files. Always use the maps syntax
+  // instead. The option should only be implicitly set by the proto compiler
+  // parser.
+  optional bool map_entry = 7;
+
+  reserved 8;  // javalite_serializable
+  reserved 9;  // javanano_as_lite
+
+
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+message FieldOptions {
+  // The ctype option instructs the C++ code generator to use a different
+  // representation of the field than it normally would.  See the specific
+  // options below.  This option is not yet implemented in the open source
+  // release -- sorry, we'll try to include it in a future version!
+  optional CType ctype = 1 [default = STRING];
+  enum CType {
+    // Default mode.
+    STRING = 0;
+
+    CORD = 1;
+
+    STRING_PIECE = 2;
+  }
+  // The packed option can be enabled for repeated primitive fields to enable
+  // a more efficient representation on the wire. Rather than repeatedly
+  // writing the tag and type for each element, the entire array is encoded as
+  // a single length-delimited blob. In proto3, only explicit setting it to
+  // false will avoid using packed encoding.
+  optional bool packed = 2;
+
+  // The jstype option determines the JavaScript type used for values of the
+  // field.  The option is permitted only for 64 bit integral and fixed types
+  // (int64, uint64, sint64, fixed64, sfixed64).  A field with jstype JS_STRING
+  // is represented as JavaScript string, which avoids loss of precision that
+  // can happen when a large value is converted to a floating point JavaScript.
+  // Specifying JS_NUMBER for the jstype causes the generated JavaScript code to
+  // use the JavaScript "number" type.  The behavior of the default option
+  // JS_NORMAL is implementation dependent.
+  //
+  // This option is an enum to permit additional types to be added, e.g.
+  // goog.math.Integer.
+  optional JSType jstype = 6 [default = JS_NORMAL];
+  enum JSType {
+    // Use the default type.
+    JS_NORMAL = 0;
+
+    // Use JavaScript strings.
+    JS_STRING = 1;
+
+    // Use JavaScript numbers.
+    JS_NUMBER = 2;
+  }
+
+  // Should this field be parsed lazily?  Lazy applies only to message-type
+  // fields.  It means that when the outer message is initially parsed, the
+  // inner message's contents will not be parsed but instead stored in encoded
+  // form.  The inner message will actually be parsed when it is first accessed.
+  //
+  // This is only a hint.  Implementations are free to choose whether to use
+  // eager or lazy parsing regardless of the value of this option.  However,
+  // setting this option true suggests that the protocol author believes that
+  // using lazy parsing on this field is worth the additional bookkeeping
+  // overhead typically needed to implement it.
+  //
+  // This option does not affect the public interface of any generated code;
+  // all method signatures remain the same.  Furthermore, thread-safety of the
+  // interface is not affected by this option; const methods remain safe to
+  // call from multiple threads concurrently, while non-const methods continue
+  // to require exclusive access.
+  //
+  //
+  // Note that implementations may choose not to check required fields within
+  // a lazy sub-message.  That is, calling IsInitialized() on the outer message
+  // may return true even if the inner message has missing required fields.
+  // This is necessary because otherwise the inner message would have to be
+  // parsed in order to perform the check, defeating the purpose of lazy
+  // parsing.  An implementation which chooses not to check required fields
+  // must be consistent about it.  That is, for any particular sub-message, the
+  // implementation must either *always* check its required fields, or *never*
+  // check its required fields, regardless of whether or not the message has
+  // been parsed.
+  optional bool lazy = 5 [default = false];
+
+  // Is this field deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for accessors, or it will be completely ignored; in the very least, this
+  // is a formalization for deprecating fields.
+  optional bool deprecated = 3 [default = false];
+
+  // For Google-internal migration only. Do not use.
+  optional bool weak = 10 [default = false];
+
+
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+
+  reserved 4;  // removed jtype
+}
+
+message OneofOptions {
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+message EnumOptions {
+
+  // Set this option to true to allow mapping different tag names to the same
+  // value.
+  optional bool allow_alias = 2;
+
+  // Is this enum deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for the enum, or it will be completely ignored; in the very least, this
+  // is a formalization for deprecating enums.
+  optional bool deprecated = 3 [default = false];
+
+  reserved 5;  // javanano_as_lite
+
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+message EnumValueOptions {
+  // Is this enum value deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for the enum value, or it will be completely ignored; in the very least,
+  // this is a formalization for deprecating enum values.
+  optional bool deprecated = 1 [default = false];
+
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+message ServiceOptions {
+
+  // Note:  Field numbers 1 through 32 are reserved for Google's internal RPC
+  //   framework.  We apologize for hoarding these numbers to ourselves, but
+  //   we were already using them long before we decided to release Protocol
+  //   Buffers.
+
+  // Is this service deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for the service, or it will be completely ignored; in the very least,
+  // this is a formalization for deprecating services.
+  optional bool deprecated = 33 [default = false];
+
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+message MethodOptions {
+
+  // Note:  Field numbers 1 through 32 are reserved for Google's internal RPC
+  //   framework.  We apologize for hoarding these numbers to ourselves, but
+  //   we were already using them long before we decided to release Protocol
+  //   Buffers.
+
+  // Is this method deprecated?
+  // Depending on the target platform, this can emit Deprecated annotations
+  // for the method, or it will be completely ignored; in the very least,
+  // this is a formalization for deprecating methods.
+  optional bool deprecated = 33 [default = false];
+
+  // Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
+  // or neither? HTTP based RPC implementation may choose GET verb for safe
+  // methods, and PUT verb for idempotent methods instead of the default POST.
+  enum IdempotencyLevel {
+    IDEMPOTENCY_UNKNOWN = 0;
+    NO_SIDE_EFFECTS = 1;  // implies idempotent
+    IDEMPOTENT = 2;       // idempotent, but may have side effects
+  }
+  optional IdempotencyLevel idempotency_level = 34
+      [default = IDEMPOTENCY_UNKNOWN];
+
+  // The parser stores options it doesn't recognize here. See above.
+  repeated UninterpretedOption uninterpreted_option = 999;
+
+  // Clients can define custom options in extensions of this message. See above.
+  extensions 1000 to max;
+}
+
+
+// A message representing a option the parser does not recognize. This only
+// appears in options protos created by the compiler::Parser class.
+// DescriptorPool resolves these when building Descriptor objects. Therefore,
+// options protos in descriptor objects (e.g. returned by Descriptor::options(),
+// or produced by Descriptor::CopyTo()) will never have UninterpretedOptions
+// in them.
+message UninterpretedOption {
+  // The name of the uninterpreted option.  Each string represents a segment in
+  // a dot-separated name.  is_extension is true iff a segment represents an
+  // extension (denoted with parentheses in options specs in .proto files).
+  // E.g.,{ ["foo", false], ["bar.baz", true], ["qux", false] } represents
+  // "foo.(bar.baz).qux".
+  message NamePart {
+    required string name_part = 1;
+    required bool is_extension = 2;
+  }
+  repeated NamePart name = 2;
+
+  // The value of the uninterpreted option, in whatever type the tokenizer
+  // identified it as during parsing. Exactly one of these should be set.
+  optional string identifier_value = 3;
+  optional uint64 positive_int_value = 4;
+  optional int64 negative_int_value = 5;
+  optional double double_value = 6;
+  optional bytes string_value = 7;
+  optional string aggregate_value = 8;
+}
+
+// ===================================================================
+// Optional source code info
+
+// Encapsulates information about the original source file from which a
+// FileDescriptorProto was generated.
+message SourceCodeInfo {
+  // A Location identifies a piece of source code in a .proto file which
+  // corresponds to a particular definition.  This information is intended
+  // to be useful to IDEs, code indexers, documentation generators, and similar
+  // tools.
+  //
+  // For example, say we have a file like:
+  //   message Foo {
+  //     optional string foo = 1;
+  //   }
+  // Let's look at just the field definition:
+  //   optional string foo = 1;
+  //   ^       ^^     ^^  ^  ^^^
+  //   a       bc     de  f  ghi
+  // We have the following locations:
+  //   span   path               represents
+  //   [a,i)  [ 4, 0, 2, 0 ]     The whole field definition.
+  //   [a,b)  [ 4, 0, 2, 0, 4 ]  The label (optional).
+  //   [c,d)  [ 4, 0, 2, 0, 5 ]  The type (string).
+  //   [e,f)  [ 4, 0, 2, 0, 1 ]  The name (foo).
+  //   [g,h)  [ 4, 0, 2, 0, 3 ]  The number (1).
+  //
+  // Notes:
+  // - A location may refer to a repeated field itself (i.e. not to any
+  //   particular index within it).  This is used whenever a set of elements are
+  //   logically enclosed in a single code segment.  For example, an entire
+  //   extend block (possibly containing multiple extension definitions) will
+  //   have an outer location whose path refers to the "extensions" repeated
+  //   field without an index.
+  // - Multiple locations may have the same path.  This happens when a single
+  //   logical declaration is spread out across multiple places.  The most
+  //   obvious example is the "extend" block again -- there may be multiple
+  //   extend blocks in the same scope, each of which will have the same path.
+  // - A location's span is not always a subset of its parent's span.  For
+  //   example, the "extendee" of an extension declaration appears at the
+  //   beginning of the "extend" block and is shared by all extensions within
+  //   the block.
+  // - Just because a location's span is a subset of some other location's span
+  //   does not mean that it is a descendant.  For example, a "group" defines
+  //   both a type and a field in a single declaration.  Thus, the locations
+  //   corresponding to the type and field and their components will overlap.
+  // - Code which tries to interpret locations should probably be designed to
+  //   ignore those that it doesn't understand, as more types of locations could
+  //   be recorded in the future.
+  repeated Location location = 1;
+  message Location {
+    // Identifies which part of the FileDescriptorProto was defined at this
+    // location.
+    //
+    // Each element is a field number or an index.  They form a path from
+    // the root FileDescriptorProto to the place where the definition.  For
+    // example, this path:
+    //   [ 4, 3, 2, 7, 1 ]
+    // refers to:
+    //   file.message_type(3)  // 4, 3
+    //       .field(7)         // 2, 7
+    //       .name()           // 1
+    // This is because FileDescriptorProto.message_type has field number 4:
+    //   repeated DescriptorProto message_type = 4;
+    // and DescriptorProto.field has field number 2:
+    //   repeated FieldDescriptorProto field = 2;
+    // and FieldDescriptorProto.name has field number 1:
+    //   optional string name = 1;
+    //
+    // Thus, the above path gives the location of a field name.  If we removed
+    // the last element:
+    //   [ 4, 3, 2, 7 ]
+    // this path refers to the whole field declaration (from the beginning
+    // of the label to the terminating semicolon).
+    repeated int32 path = 1 [packed = true];
+
+    // Always has exactly three or four elements: start line, start column,
+    // end line (optional, otherwise assumed same as start line), end column.
+    // These are packed into a single field for efficiency.  Note that line
+    // and column numbers are zero-based -- typically you will want to add
+    // 1 to each before displaying to a user.
+    repeated int32 span = 2 [packed = true];
+
+    // If this SourceCodeInfo represents a complete declaration, these are any
+    // comments appearing before and after the declaration which appear to be
+    // attached to the declaration.
+    //
+    // A series of line comments appearing on consecutive lines, with no other
+    // tokens appearing on those lines, will be treated as a single comment.
+    //
+    // leading_detached_comments will keep paragraphs of comments that appear
+    // before (but not connected to) the current element. Each paragraph,
+    // separated by empty lines, will be one comment element in the repeated
+    // field.
+    //
+    // Only the comment content is provided; comment markers (e.g. //) are
+    // stripped out.  For block comments, leading whitespace and an asterisk
+    // will be stripped from the beginning of each line other than the first.
+    // Newlines are included in the output.
+    //
+    // Examples:
+    //
+    //   optional int32 foo = 1;  // Comment attached to foo.
+    //   // Comment attached to bar.
+    //   optional int32 bar = 2;
+    //
+    //   optional string baz = 3;
+    //   // Comment attached to baz.
+    //   // Another line attached to baz.
+    //
+    //   // Comment attached to qux.
+    //   //
+    //   // Another line attached to qux.
+    //   optional double qux = 4;
+    //
+    //   // Detached comment for corge. This is not leading or trailing comments
+    //   // to qux or corge because there are blank lines separating it from
+    //   // both.
+    //
+    //   // Detached comment for corge paragraph 2.
+    //
+    //   optional string corge = 5;
+    //   /* Block comment attached
+    //    * to corge.  Leading asterisks
+    //    * will be removed. */
+    //   /* Block comment attached to
+    //    * grault. */
+    //   optional int32 grault = 6;
+    //
+    //   // ignored detached comments.
+    optional string leading_comments = 3;
+    optional string trailing_comments = 4;
+    repeated string leading_detached_comments = 6;
+  }
+}
+
+// Describes the relationship between generated code and its original source
+// file. A GeneratedCodeInfo message is associated with only one generated
+// source file, but may contain references to different source .proto files.
+message GeneratedCodeInfo {
+  // An Annotation connects some span of text in generated code to an element
+  // of its generating .proto file.
+  repeated Annotation annotation = 1;
+  message Annotation {
+    // Identifies the element in the original source .proto file. This field
+    // is formatted the same as SourceCodeInfo.Location.path.
+    repeated int32 path = 1 [packed = true];
+
+    // Identifies the filesystem path to the original source .proto.
+    optional string source_file = 2;
+
+    // Identifies the starting offset in bytes in the generated code
+    // that relates to the identified object.
+    optional int32 begin = 3;
+
+    // Identifies the ending offset in bytes in the generated code that
+    // relates to the identified offset. The end offset should be one past
+    // the last relevant byte (so the length of the text = end - begin).
+    optional int32 end = 4;
+  }
+}

common-protos/google/protobuf/duration.proto

@@ -0,0 +1,116 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option cc_enable_arenas = true;
+option go_package = "github.com/golang/protobuf/ptypes/duration";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "DurationProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+
+// A Duration represents a signed, fixed-length span of time represented
+// as a count of seconds and fractions of seconds at nanosecond
+// resolution. It is independent of any calendar and concepts like "day"
+// or "month". It is related to Timestamp in that the difference between
+// two Timestamp values is a Duration and it can be added or subtracted
+// from a Timestamp. Range is approximately +-10,000 years.
+//
+// # Examples
+//
+// Example 1: Compute Duration from two Timestamps in pseudo code.
+//
+//     Timestamp start = ...;
+//     Timestamp end = ...;
+//     Duration duration = ...;
+//
+//     duration.seconds = end.seconds - start.seconds;
+//     duration.nanos = end.nanos - start.nanos;
+//
+//     if (duration.seconds < 0 && duration.nanos > 0) {
+//       duration.seconds += 1;
+//       duration.nanos -= 1000000000;
+//     } else if (duration.seconds > 0 && duration.nanos < 0) {
+//       duration.seconds -= 1;
+//       duration.nanos += 1000000000;
+//     }
+//
+// Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
+//
+//     Timestamp start = ...;
+//     Duration duration = ...;
+//     Timestamp end = ...;
+//
+//     end.seconds = start.seconds + duration.seconds;
+//     end.nanos = start.nanos + duration.nanos;
+//
+//     if (end.nanos < 0) {
+//       end.seconds -= 1;
+//       end.nanos += 1000000000;
+//     } else if (end.nanos >= 1000000000) {
+//       end.seconds += 1;
+//       end.nanos -= 1000000000;
+//     }
+//
+// Example 3: Compute Duration from datetime.timedelta in Python.
+//
+//     td = datetime.timedelta(days=3, minutes=10)
+//     duration = Duration()
+//     duration.FromTimedelta(td)
+//
+// # JSON Mapping
+//
+// In JSON format, the Duration type is encoded as a string rather than an
+// object, where the string ends in the suffix "s" (indicating seconds) and
+// is preceded by the number of seconds, with nanoseconds expressed as
+// fractional seconds. For example, 3 seconds with 0 nanoseconds should be
+// encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should
+// be expressed in JSON format as "3.000000001s", and 3 seconds and 1
+// microsecond should be expressed in JSON format as "3.000001s".
+//
+//
+message Duration {
+  // Signed seconds of the span of time. Must be from -315,576,000,000
+  // to +315,576,000,000 inclusive. Note: these bounds are computed from:
+  // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
+  int64 seconds = 1;
+
+  // Signed fractions of a second at nanosecond resolution of the span
+  // of time. Durations less than one second are represented with a 0
+  // `seconds` field and a positive or negative `nanos` field. For durations
+  // of one second or more, a non-zero value for the `nanos` field must be
+  // of the same sign as the `seconds` field. Must be from -999,999,999
+  // to +999,999,999 inclusive.
+  int32 nanos = 2;
+}

common-protos/google/protobuf/empty.proto

@@ -0,0 +1,52 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option go_package = "github.com/golang/protobuf/ptypes/empty";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "EmptyProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option cc_enable_arenas = true;
+
+// A generic empty message that you can re-use to avoid defining duplicated
+// empty messages in your APIs. A typical example is to use it as the request
+// or the response type of an API method. For instance:
+//
+//     service Foo {
+//       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
+//     }
+//
+// The JSON representation for `Empty` is empty JSON object `{}`.
+message Empty {}

common-protos/google/protobuf/field_mask.proto

@@ -0,0 +1,245 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "FieldMaskProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "google.golang.org/genproto/protobuf/field_mask;field_mask";
+option cc_enable_arenas = true;
+
+// `FieldMask` represents a set of symbolic field paths, for example:
+//
+//     paths: "f.a"
+//     paths: "f.b.d"
+//
+// Here `f` represents a field in some root message, `a` and `b`
+// fields in the message found in `f`, and `d` a field found in the
+// message in `f.b`.
+//
+// Field masks are used to specify a subset of fields that should be
+// returned by a get operation or modified by an update operation.
+// Field masks also have a custom JSON encoding (see below).
+//
+// # Field Masks in Projections
+//
+// When used in the context of a projection, a response message or
+// sub-message is filtered by the API to only contain those fields as
+// specified in the mask. For example, if the mask in the previous
+// example is applied to a response message as follows:
+//
+//     f {
+//       a : 22
+//       b {
+//         d : 1
+//         x : 2
+//       }
+//       y : 13
+//     }
+//     z: 8
+//
+// The result will not contain specific values for fields x,y and z
+// (their value will be set to the default, and omitted in proto text
+// output):
+//
+//
+//     f {
+//       a : 22
+//       b {
+//         d : 1
+//       }
+//     }
+//
+// A repeated field is not allowed except at the last position of a
+// paths string.
+//
+// If a FieldMask object is not present in a get operation, the
+// operation applies to all fields (as if a FieldMask of all fields
+// had been specified).
+//
+// Note that a field mask does not necessarily apply to the
+// top-level response message. In case of a REST get operation, the
+// field mask applies directly to the response, but in case of a REST
+// list operation, the mask instead applies to each individual message
+// in the returned resource list. In case of a REST custom method,
+// other definitions may be used. Where the mask applies will be
+// clearly documented together with its declaration in the API.  In
+// any case, the effect on the returned resource/resources is required
+// behavior for APIs.
+//
+// # Field Masks in Update Operations
+//
+// A field mask in update operations specifies which fields of the
+// targeted resource are going to be updated. The API is required
+// to only change the values of the fields as specified in the mask
+// and leave the others untouched. If a resource is passed in to
+// describe the updated values, the API ignores the values of all
+// fields not covered by the mask.
+//
+// If a repeated field is specified for an update operation, new values will
+// be appended to the existing repeated field in the target resource. Note that
+// a repeated field is only allowed in the last position of a `paths` string.
+//
+// If a sub-message is specified in the last position of the field mask for an
+// update operation, then new value will be merged into the existing sub-message
+// in the target resource.
+//
+// For example, given the target message:
+//
+//     f {
+//       b {
+//         d: 1
+//         x: 2
+//       }
+//       c: [1]
+//     }
+//
+// And an update message:
+//
+//     f {
+//       b {
+//         d: 10
+//       }
+//       c: [2]
+//     }
+//
+// then if the field mask is:
+//
+//  paths: ["f.b", "f.c"]
+//
+// then the result will be:
+//
+//     f {
+//       b {
+//         d: 10
+//         x: 2
+//       }
+//       c: [1, 2]
+//     }
+//
+// An implementation may provide options to override this default behavior for
+// repeated and message fields.
+//
+// In order to reset a field's value to the default, the field must
+// be in the mask and set to the default value in the provided resource.
+// Hence, in order to reset all fields of a resource, provide a default
+// instance of the resource and set all fields in the mask, or do
+// not provide a mask as described below.
+//
+// If a field mask is not present on update, the operation applies to
+// all fields (as if a field mask of all fields has been specified).
+// Note that in the presence of schema evolution, this may mean that
+// fields the client does not know and has therefore not filled into
+// the request will be reset to their default. If this is unwanted
+// behavior, a specific service may require a client to always specify
+// a field mask, producing an error if not.
+//
+// As with get operations, the location of the resource which
+// describes the updated values in the request message depends on the
+// operation kind. In any case, the effect of the field mask is
+// required to be honored by the API.
+//
+// ## Considerations for HTTP REST
+//
+// The HTTP kind of an update operation which uses a field mask must
+// be set to PATCH instead of PUT in order to satisfy HTTP semantics
+// (PUT must only be used for full updates).
+//
+// # JSON Encoding of Field Masks
+//
+// In JSON, a field mask is encoded as a single string where paths are
+// separated by a comma. Fields name in each path are converted
+// to/from lower-camel naming conventions.
+//
+// As an example, consider the following message declarations:
+//
+//     message Profile {
+//       User user = 1;
+//       Photo photo = 2;
+//     }
+//     message User {
+//       string display_name = 1;
+//       string address = 2;
+//     }
+//
+// In proto a field mask for `Profile` may look as such:
+//
+//     mask {
+//       paths: "user.display_name"
+//       paths: "photo"
+//     }
+//
+// In JSON, the same mask is represented as below:
+//
+//     {
+//       mask: "user.displayName,photo"
+//     }
+//
+// # Field Masks and Oneof Fields
+//
+// Field masks treat fields in oneofs just as regular fields. Consider the
+// following message:
+//
+//     message SampleMessage {
+//       oneof test_oneof {
+//         string name = 4;
+//         SubMessage sub_message = 9;
+//       }
+//     }
+//
+// The field mask can be:
+//
+//     mask {
+//       paths: "name"
+//     }
+//
+// Or:
+//
+//     mask {
+//       paths: "sub_message"
+//     }
+//
+// Note that oneof type names ("test_oneof" in this case) cannot be used in
+// paths.
+//
+// ## Field Mask Verification
+//
+// The implementation of any API method which has a FieldMask type field in the
+// request should verify the included field paths, and return an
+// `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
+message FieldMask {
+  // The set of field mask paths.
+  repeated string paths = 1;
+}

common-protos/google/protobuf/source_context.proto

@@ -0,0 +1,48 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "SourceContextProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "google.golang.org/genproto/protobuf/source_context;source_context";
+
+// `SourceContext` represents information about the source of a
+// protobuf element, like the file in which it is defined.
+message SourceContext {
+  // The path-qualified name of the .proto file that contained the associated
+  // protobuf element.  For example: `"google/protobuf/source_context.proto"`.
+  string file_name = 1;
+}

common-protos/google/protobuf/struct.proto

@@ -0,0 +1,95 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option cc_enable_arenas = true;
+option go_package = "github.com/golang/protobuf/ptypes/struct;structpb";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "StructProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+
+// `Struct` represents a structured data value, consisting of fields
+// which map to dynamically typed values. In some languages, `Struct`
+// might be supported by a native representation. For example, in
+// scripting languages like JS a struct is represented as an
+// object. The details of that representation are described together
+// with the proto support for the language.
+//
+// The JSON representation for `Struct` is JSON object.
+message Struct {
+  // Unordered map of dynamically typed values.
+  map<string, Value> fields = 1;
+}
+
+// `Value` represents a dynamically typed value which can be either
+// null, a number, a string, a boolean, a recursive struct value, or a
+// list of values. A producer of value is expected to set one of that
+// variants, absence of any variant indicates an error.
+//
+// The JSON representation for `Value` is JSON value.
+message Value {
+  // The kind of value.
+  oneof kind {
+    // Represents a null value.
+    NullValue null_value = 1;
+    // Represents a double value.
+    double number_value = 2;
+    // Represents a string value.
+    string string_value = 3;
+    // Represents a boolean value.
+    bool bool_value = 4;
+    // Represents a structured value.
+    Struct struct_value = 5;
+    // Represents a repeated `Value`.
+    ListValue list_value = 6;
+  }
+}
+
+// `NullValue` is a singleton enumeration to represent the null value for the
+// `Value` type union.
+//
+//  The JSON representation for `NullValue` is JSON `null`.
+enum NullValue {
+  // Null value.
+  NULL_VALUE = 0;
+}
+
+// `ListValue` is a wrapper around a repeated field of values.
+//
+// The JSON representation for `ListValue` is JSON array.
+message ListValue {
+  // Repeated field of dynamically typed values.
+  repeated Value values = 1;
+}

common-protos/google/protobuf/timestamp.proto

@@ -0,0 +1,138 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option cc_enable_arenas = true;
+option go_package = "github.com/golang/protobuf/ptypes/timestamp";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "TimestampProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+
+// A Timestamp represents a point in time independent of any time zone or local
+// calendar, encoded as a count of seconds and fractions of seconds at
+// nanosecond resolution. The count is relative to an epoch at UTC midnight on
+// January 1, 1970, in the proleptic Gregorian calendar which extends the
+// Gregorian calendar backwards to year one.
+//
+// All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+// second table is needed for interpretation, using a [24-hour linear
+// smear](https://developers.google.com/time/smear).
+//
+// The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+// restricting to that range, we ensure that we can convert to and from [RFC
+// 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
+//
+// # Examples
+//
+// Example 1: Compute Timestamp from POSIX `time()`.
+//
+//     Timestamp timestamp;
+//     timestamp.set_seconds(time(NULL));
+//     timestamp.set_nanos(0);
+//
+// Example 2: Compute Timestamp from POSIX `gettimeofday()`.
+//
+//     struct timeval tv;
+//     gettimeofday(&tv, NULL);
+//
+//     Timestamp timestamp;
+//     timestamp.set_seconds(tv.tv_sec);
+//     timestamp.set_nanos(tv.tv_usec * 1000);
+//
+// Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
+//
+//     FILETIME ft;
+//     GetSystemTimeAsFileTime(&ft);
+//     UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
+//
+//     // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
+//     // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
+//     Timestamp timestamp;
+//     timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
+//     timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
+//
+// Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
+//
+//     long millis = System.currentTimeMillis();
+//
+//     Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
+//         .setNanos((int) ((millis % 1000) * 1000000)).build();
+//
+//
+// Example 5: Compute Timestamp from current time in Python.
+//
+//     timestamp = Timestamp()
+//     timestamp.GetCurrentTime()
+//
+// # JSON Mapping
+//
+// In JSON format, the Timestamp type is encoded as a string in the
+// [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
+// format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z"
+// where {year} is always expressed using four digits while {month}, {day},
+// {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
+// seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
+// are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
+// is required. A proto3 JSON serializer should always use UTC (as indicated by
+// "Z") when printing the Timestamp type and a proto3 JSON parser should be
+// able to accept both UTC and other timezones (as indicated by an offset).
+//
+// For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
+// 01:30 UTC on January 15, 2017.
+//
+// In JavaScript, one can convert a Date object to this format using the
+// standard
+// [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
+// method. In Python, a standard `datetime.datetime` object can be converted
+// to this format using
+// [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+// the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+// the Joda Time's [`ISODateTimeFormat.dateTime()`](
+// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// ) to obtain a formatter capable of generating timestamps in this format.
+//
+//
+message Timestamp {
+  // Represents seconds of UTC time since Unix epoch
+  // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+  // 9999-12-31T23:59:59Z inclusive.
+  int64 seconds = 1;
+
+  // Non-negative fractions of a second at nanosecond resolution. Negative
+  // second values with fractions must still have non-negative nanos values
+  // that count forward in time. Must be from 0 to 999,999,999
+  // inclusive.
+  int32 nanos = 2;
+}

common-protos/google/protobuf/type.proto

@@ -0,0 +1,187 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/source_context.proto";
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option cc_enable_arenas = true;
+option java_package = "com.google.protobuf";
+option java_outer_classname = "TypeProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+option go_package = "google.golang.org/genproto/protobuf/ptype;ptype";
+
+// A protocol buffer message type.
+message Type {
+  // The fully qualified message name.
+  string name = 1;
+  // The list of fields.
+  repeated Field fields = 2;
+  // The list of types appearing in `oneof` definitions in this type.
+  repeated string oneofs = 3;
+  // The protocol buffer options.
+  repeated Option options = 4;
+  // The source context.
+  SourceContext source_context = 5;
+  // The source syntax.
+  Syntax syntax = 6;
+}
+
+// A single field of a message type.
+message Field {
+  // Basic field types.
+  enum Kind {
+    // Field type unknown.
+    TYPE_UNKNOWN = 0;
+    // Field type double.
+    TYPE_DOUBLE = 1;
+    // Field type float.
+    TYPE_FLOAT = 2;
+    // Field type int64.
+    TYPE_INT64 = 3;
+    // Field type uint64.
+    TYPE_UINT64 = 4;
+    // Field type int32.
+    TYPE_INT32 = 5;
+    // Field type fixed64.
+    TYPE_FIXED64 = 6;
+    // Field type fixed32.
+    TYPE_FIXED32 = 7;
+    // Field type bool.
+    TYPE_BOOL = 8;
+    // Field type string.
+    TYPE_STRING = 9;
+    // Field type group. Proto2 syntax only, and deprecated.
+    TYPE_GROUP = 10;
+    // Field type message.
+    TYPE_MESSAGE = 11;
+    // Field type bytes.
+    TYPE_BYTES = 12;
+    // Field type uint32.
+    TYPE_UINT32 = 13;
+    // Field type enum.
+    TYPE_ENUM = 14;
+    // Field type sfixed32.
+    TYPE_SFIXED32 = 15;
+    // Field type sfixed64.
+    TYPE_SFIXED64 = 16;
+    // Field type sint32.
+    TYPE_SINT32 = 17;
+    // Field type sint64.
+    TYPE_SINT64 = 18;
+  }
+
+  // Whether a field is optional, required, or repeated.
+  enum Cardinality {
+    // For fields with unknown cardinality.
+    CARDINALITY_UNKNOWN = 0;
+    // For optional fields.
+    CARDINALITY_OPTIONAL = 1;
+    // For required fields. Proto2 syntax only.
+    CARDINALITY_REQUIRED = 2;
+    // For repeated fields.
+    CARDINALITY_REPEATED = 3;
+  };
+
+  // The field type.
+  Kind kind = 1;
+  // The field cardinality.
+  Cardinality cardinality = 2;
+  // The field number.
+  int32 number = 3;
+  // The field name.
+  string name = 4;
+  // The field type URL, without the scheme, for message or enumeration
+  // types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
+  string type_url = 6;
+  // The index of the field type in `Type.oneofs`, for message or enumeration
+  // types. The first type has index 1; zero means the type is not in the list.
+  int32 oneof_index = 7;
+  // Whether to use alternative packed wire representation.
+  bool packed = 8;
+  // The protocol buffer options.
+  repeated Option options = 9;
+  // The field JSON name.
+  string json_name = 10;
+  // The string value of the default value of this field. Proto2 syntax only.
+  string default_value = 11;
+}
+
+// Enum type definition.
+message Enum {
+  // Enum type name.
+  string name = 1;
+  // Enum value definitions.
+  repeated EnumValue enumvalue = 2;
+  // Protocol buffer options.
+  repeated Option options = 3;
+  // The source context.
+  SourceContext source_context = 4;
+  // The source syntax.
+  Syntax syntax = 5;
+}
+
+// Enum value definition.
+message EnumValue {
+  // Enum value name.
+  string name = 1;
+  // Enum value number.
+  int32 number = 2;
+  // Protocol buffer options.
+  repeated Option options = 3;
+}
+
+// A protocol buffer option, which can be attached to a message, field,
+// enumeration, etc.
+message Option {
+  // The option's name. For protobuf built-in options (options defined in
+  // descriptor.proto), this is the short name. For example, `"map_entry"`.
+  // For custom options, it should be the fully-qualified name. For example,
+  // `"google.api.http"`.
+  string name = 1;
+  // The option's value packed in an Any message. If the value is a primitive,
+  // the corresponding wrapper type defined in google/protobuf/wrappers.proto
+  // should be used. If the value is an enum, it should be stored as an int32
+  // value using the google.protobuf.Int32Value type.
+  Any value = 2;
+}
+
+// The syntax in which a protocol buffer element is defined.
+enum Syntax {
+  // Syntax `proto2`.
+  SYNTAX_PROTO2 = 0;
+  // Syntax `proto3`.
+  SYNTAX_PROTO3 = 1;
+}

common-protos/google/protobuf/util/json_format.proto

@@ -0,0 +1,130 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: kenton@google.com (Kenton Varda)
+//  Based on original Protocol Buffers design by
+//  Sanjay Ghemawat, Jeff Dean, and others.
+//
+// A proto file we will use for unit testing.
+
+syntax = "proto2";
+
+package protobuf_unittest;
+
+message TestFlagsAndStrings {
+  required int32 A = 1;
+  repeated group RepeatedGroup = 2 {
+    required string f = 3;
+  }
+}
+
+message TestBase64ByteArrays {
+  required bytes a = 1;
+}
+
+message TestJavaScriptJSON {
+  optional int32 a = 1;
+  optional float final = 2;
+  optional string in = 3;
+  optional string Var = 4;
+}
+
+message TestJavaScriptOrderJSON1 {
+  optional int32 d = 1;
+  optional int32 c = 2;
+  optional bool x = 3;
+  optional int32 b = 4;
+  optional int32 a = 5;
+}
+
+message TestJavaScriptOrderJSON2 {
+  optional int32 d = 1;
+  optional int32 c = 2;
+  optional bool x = 3;
+  optional int32 b = 4;
+  optional int32 a = 5;
+  repeated TestJavaScriptOrderJSON1 z = 6;
+}
+
+message TestLargeInt {
+  required int64 a = 1;
+  required uint64 b = 2;
+}
+
+message TestNumbers {
+  enum MyType {
+    OK = 0;
+    WARNING = 1;
+    ERROR = 2;
+  }
+  optional MyType a = 1;
+  optional int32 b = 2;
+  optional float c = 3;
+  optional bool d = 4;
+  optional double e = 5;
+  optional uint32 f = 6;
+}
+
+
+message TestCamelCase {
+  optional string normal_field = 1;
+  optional int32 CAPITAL_FIELD = 2;
+  optional int32 CamelCaseField = 3;
+}
+
+message TestBoolMap {
+  map<bool, int32> bool_map = 1;
+}
+
+message TestRecursion {
+  optional int32 value = 1;
+  optional TestRecursion child = 2;
+}
+
+message TestStringMap {
+  map<string, string> string_map = 1;
+}
+
+message TestStringSerializer {
+  optional string scalar_string = 1;
+  repeated string repeated_string = 2;
+  map<string, string> string_map = 3;
+}
+
+message TestMessageWithExtension {
+  extensions 100 to max;
+}
+
+message TestExtension {
+  extend TestMessageWithExtension {
+    optional TestExtension ext = 100;
+  }
+  optional string value = 1;
+}

common-protos/google/protobuf/util/json_format_proto3.proto

@@ -0,0 +1,193 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package proto3;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/wrappers.proto";
+import "google/protobuf/unittest.proto";
+
+option java_package = "com.google.protobuf.util";
+option java_outer_classname = "JsonFormatProto3";
+
+enum EnumType {
+  FOO = 0;
+  BAR = 1;
+}
+
+message MessageType {
+  int32 value = 1;
+}
+
+message TestMessage {
+  bool bool_value = 1;
+  int32 int32_value = 2;
+  int64 int64_value = 3;
+  uint32 uint32_value = 4;
+  uint64 uint64_value = 5;
+  float float_value = 6;
+  double double_value = 7;
+  string string_value = 8;
+  bytes bytes_value = 9;
+  EnumType enum_value = 10;
+  MessageType message_value = 11;
+
+  repeated bool repeated_bool_value = 21;
+  repeated int32 repeated_int32_value = 22;
+  repeated int64 repeated_int64_value = 23;
+  repeated uint32 repeated_uint32_value = 24;
+  repeated uint64 repeated_uint64_value = 25;
+  repeated float repeated_float_value = 26;
+  repeated double repeated_double_value = 27;
+  repeated string repeated_string_value = 28;
+  repeated bytes repeated_bytes_value = 29;
+  repeated EnumType repeated_enum_value = 30;
+  repeated MessageType repeated_message_value = 31;
+}
+
+message TestOneof {
+  // In JSON format oneof fields behave mostly the same as optional
+  // fields except that:
+  //   1. Oneof fields have field presence information and will be
+  //      printed if it's set no matter whether it's the default value.
+  //   2. Multiple oneof fields in the same oneof cannot appear at the
+  //      same time in the input.
+  oneof oneof_value {
+    int32 oneof_int32_value = 1;
+    string oneof_string_value = 2;
+    bytes oneof_bytes_value = 3;
+    EnumType oneof_enum_value = 4;
+    MessageType oneof_message_value = 5;
+  }
+}
+
+message TestMap {
+  map<bool, int32> bool_map = 1;
+  map<int32, int32> int32_map = 2;
+  map<int64, int32> int64_map = 3;
+  map<uint32, int32> uint32_map = 4;
+  map<uint64, int32> uint64_map = 5;
+  map<string, int32> string_map = 6;
+}
+
+message TestNestedMap {
+  map<bool, int32> bool_map = 1;
+  map<int32, int32> int32_map = 2;
+  map<int64, int32> int64_map = 3;
+  map<uint32, int32> uint32_map = 4;
+  map<uint64, int32> uint64_map = 5;
+  map<string, int32> string_map = 6;
+  map<string, TestNestedMap> map_map = 7;
+}
+
+message TestStringMap {
+  map<string, string> string_map = 1;
+}
+
+message TestWrapper {
+  google.protobuf.BoolValue bool_value = 1;
+  google.protobuf.Int32Value int32_value = 2;
+  google.protobuf.Int64Value int64_value = 3;
+  google.protobuf.UInt32Value uint32_value = 4;
+  google.protobuf.UInt64Value uint64_value = 5;
+  google.protobuf.FloatValue float_value = 6;
+  google.protobuf.DoubleValue double_value = 7;
+  google.protobuf.StringValue string_value = 8;
+  google.protobuf.BytesValue bytes_value = 9;
+
+  repeated google.protobuf.BoolValue repeated_bool_value = 11;
+  repeated google.protobuf.Int32Value repeated_int32_value = 12;
+  repeated google.protobuf.Int64Value repeated_int64_value = 13;
+  repeated google.protobuf.UInt32Value repeated_uint32_value = 14;
+  repeated google.protobuf.UInt64Value repeated_uint64_value = 15;
+  repeated google.protobuf.FloatValue repeated_float_value = 16;
+  repeated google.protobuf.DoubleValue repeated_double_value = 17;
+  repeated google.protobuf.StringValue repeated_string_value = 18;
+  repeated google.protobuf.BytesValue repeated_bytes_value = 19;
+}
+
+message TestTimestamp {
+  google.protobuf.Timestamp value = 1;
+  repeated google.protobuf.Timestamp repeated_value = 2;
+}
+
+message TestDuration {
+  google.protobuf.Duration value = 1;
+  repeated google.protobuf.Duration repeated_value = 2;
+}
+
+message TestFieldMask {
+  google.protobuf.FieldMask value = 1;
+}
+
+message TestStruct {
+  google.protobuf.Struct value = 1;
+  repeated google.protobuf.Struct repeated_value = 2;
+}
+
+message TestAny {
+  google.protobuf.Any value = 1;
+  repeated google.protobuf.Any repeated_value = 2;
+}
+
+message TestValue {
+  google.protobuf.Value value = 1;
+  repeated google.protobuf.Value repeated_value = 2;
+}
+
+message TestListValue {
+  google.protobuf.ListValue value = 1;
+  repeated google.protobuf.ListValue repeated_value = 2;
+}
+
+message TestBoolValue {
+  bool bool_value = 1;
+  map<bool, int32> bool_map = 2;
+}
+
+message TestCustomJsonName {
+  int32 value = 1 [json_name = "@value"];
+}
+
+message TestExtensions {
+  .protobuf_unittest.TestAllExtensions extensions = 1;
+}
+
+message TestEnumValue {
+  EnumType enum_value1 = 1;
+  EnumType enum_value2 = 2;
+  EnumType enum_value3 = 3;
+}

common-protos/google/protobuf/wrappers.proto

@@ -0,0 +1,123 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Wrappers for primitive (non-message) types. These types are useful
+// for embedding primitives in the `google.protobuf.Any` type and for places
+// where we need to distinguish between the absence of a primitive
+// typed field and its default value.
+//
+// These wrappers have no meaningful use within repeated fields as they lack
+// the ability to detect presence on individual elements.
+// These wrappers have no meaningful use within a map or a oneof since
+// individual entries of a map or fields of a oneof can already detect presence.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option cc_enable_arenas = true;
+option go_package = "github.com/golang/protobuf/ptypes/wrappers";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "WrappersProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+
+// Wrapper message for `double`.
+//
+// The JSON representation for `DoubleValue` is JSON number.
+message DoubleValue {
+  // The double value.
+  double value = 1;
+}
+
+// Wrapper message for `float`.
+//
+// The JSON representation for `FloatValue` is JSON number.
+message FloatValue {
+  // The float value.
+  float value = 1;
+}
+
+// Wrapper message for `int64`.
+//
+// The JSON representation for `Int64Value` is JSON string.
+message Int64Value {
+  // The int64 value.
+  int64 value = 1;
+}
+
+// Wrapper message for `uint64`.
+//
+// The JSON representation for `UInt64Value` is JSON string.
+message UInt64Value {
+  // The uint64 value.
+  uint64 value = 1;
+}
+
+// Wrapper message for `int32`.
+//
+// The JSON representation for `Int32Value` is JSON number.
+message Int32Value {
+  // The int32 value.
+  int32 value = 1;
+}
+
+// Wrapper message for `uint32`.
+//
+// The JSON representation for `UInt32Value` is JSON number.
+message UInt32Value {
+  // The uint32 value.
+  uint32 value = 1;
+}
+
+// Wrapper message for `bool`.
+//
+// The JSON representation for `BoolValue` is JSON `true` and `false`.
+message BoolValue {
+  // The bool value.
+  bool value = 1;
+}
+
+// Wrapper message for `string`.
+//
+// The JSON representation for `StringValue` is JSON string.
+message StringValue {
+  // The string value.
+  string value = 1;
+}
+
+// Wrapper message for `bytes`.
+//
+// The JSON representation for `BytesValue` is JSON string.
+message BytesValue {
+  // The bytes value.
+  bytes value = 1;
+}