fix: restore *.proto files removed in version 1.67.0 (#13614)

- [ ] Regenerate this pull request now. chore(python): include *.proto files in //google/api:api-py chore(python): include *.proto files in //google/cloud:extended-operations-py chore(python): include *.proto files in //google/cloud/location:location-py chore(python): include *.proto files in //google/logging/type:logging-type-py chore(python): include *.proto files in //google/longrunning:operations-py chore(python): include *.proto files in //google/rpc:rpc-py chore(python): include *.proto files in //google/rpc/context:rpc-context-py chore(python): include *.proto files in //google/type:type-py PiperOrigin-RevId: 733643032 Source-Link: googleapis/googleapis@ada88fe Source-Link: googleapis/googleapis-gen@0f6fb8e Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlYXBpcy1jb21tb24tcHJvdG9zLy5Pd2xCb3QueWFtbCIsImgiOiIwZjZmYjhlZWQ0NjJjN2U1ZWFhN2RjYTcyNzhmYWYzOTcyMDc0MzQ0In0= Fixes #13545 --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

packages/googleapis-common-protos/README.rst

@@ -106,3 +106,92 @@ Next Steps
 
 .. _Google APIs Common Protos Product documentation: https://github.com/googleapis/googleapis/tree/master/google
 .. _README: https://github.com/googleapis/google-cloud-python/blob/main/README.rst
+
+Logging
+-------
+
+This library uses the standard Python :code:`logging` functionality to log some RPC events that could be of interest for debugging and monitoring purposes.
+Note the following:
+
+#. Logs may contain sensitive information. Take care to **restrict access to the logs** if they are saved, whether it be on local storage or on Google Cloud Logging.
+#. Google may refine the occurrence, level, and content of various log messages in this library without flagging such changes as breaking. **Do not depend on immutability of the logging events**.
+#. By default, the logging events from this library are not handled. You must **explicitly configure log handling** using one of the mechanisms below.
+
+Simple, environment-based configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To enable logging for this library without any changes in your code, set the :code:`GOOGLE_SDK_PYTHON_LOGGING_SCOPE` environment variable to a valid Google
+logging scope. This configures handling of logging events (at level :code:`logging.DEBUG` or higher) from this library in a default manner, emitting the logged
+messages in a structured format. It does not currently allow customizing the logging levels captured nor the handlers, formatters, etc. used for any logging
+event.
+
+A logging scope is a period-separated namespace that begins with :code:`google`, identifying the Python module or package to log.
+
+- Valid logging scopes: :code:`google`, :code:`google.cloud.asset.v1`, :code:`google.api`, :code:`google.auth`, etc.
+- Invalid logging scopes: :code:`foo`, :code:`123`, etc.
+
+**NOTE**: If the logging scope is invalid, the library does not set up any logging handlers.
+
+Environment-Based Examples
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Enabling the default handler for all Google-based loggers
+
+.. code-block:: console
+
+ export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google
+
+- Enabling the default handler for a specific Google module (for a client library called :code:`library_v1`):
+
+.. code-block:: console
+
+ export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google.cloud.library_v1
+
+
+Advanced, code-based configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can also configure a valid logging scope using Python's standard `logging` mechanism.
+
+Code-Based Examples
+^^^^^^^^^^^^^^^^^^^
+
+- Configuring a handler for all Google-based loggers
+
+.. code-block:: python
+
+ import logging
+ 
+ from google.cloud.translate_v3 import translate
+ 
+ base_logger = logging.getLogger("google")
+ base_logger.addHandler(logging.StreamHandler())
+ base_logger.setLevel(logging.DEBUG)
+
+- Configuring a handler for a specific Google module (for a client library called :code:`library_v1`):
+
+.. code-block:: python
+
+ import logging
+ 
+ from google.cloud.translate_v3 import translate
+ 
+ base_logger = logging.getLogger("google.cloud.library_v1")
+ base_logger.addHandler(logging.StreamHandler())
+ base_logger.setLevel(logging.DEBUG)
+
+Logging details
+~~~~~~~~~~~~~~~
+
+#. Regardless of which of the mechanisms above you use to configure logging for this library, by default logging events are not propagated up to the root
+ logger from the `google`-level logger. If you need the events to be propagated to the root logger, you must explicitly set
+ :code:`logging.getLogger("google").propagate = True` in your code.
+#. You can mix the different logging configurations above for different Google modules. For example, you may want use a code-based logging configuration for
+ one library, but decide you need to also set up environment-based logging configuration for another library.
+
+ #. If you attempt to use both code-based and environment-based configuration for the same module, the environment-based configuration will be ineffectual
+ if the code -based configuration gets applied first.
+
+#. The Google-specific logging configurations (default handlers for environment-based configuration; not propagating logging events to the root logger) get
+ executed the first time *any* client library is instantiated in your application, and only if the affected loggers have not been previously configured.
+ (This is the reason for 2.i. above.)

packages/googleapis-common-protos/google/api/annotations.proto

@@ -0,0 +1,31 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api;
+
+import "google/api/http.proto";
+import "google/protobuf/descriptor.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations";
+option java_multiple_files = true;
+option java_outer_classname = "AnnotationsProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+extend google.protobuf.MethodOptions {
+ // See `HttpRule`.
+ HttpRule http = 72295728;
+}

packages/googleapis-common-protos/google/api/auth.proto

@@ -0,0 +1,237 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.api;
+
+option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig";
+option java_multiple_files = true;
+option java_outer_classname = "AuthProto";
+option java_package = "com.google.api";
+option objc_class_prefix = "GAPI";
+
+// `Authentication` defines the authentication configuration for API methods
+// provided by an API service.
+//
+// Example:
+//
+// name: calendar.googleapis.com
+// authentication:
+// providers:
+// - id: google_calendar_auth
+// jwks_uri: https://www.googleapis.com/oauth2/v1/certs
+// issuer: https://securetoken.google.com
+// rules:
+// - selector: "*"
+// requirements:
+// provider_id: google_calendar_auth
+// - selector: google.calendar.Delegate
+// oauth:
+// canonical_scopes: https://www.googleapis.com/auth/calendar.read
+message Authentication {
+ // A list of authentication rules that apply to individual API methods.
+ //
+ // **NOTE:** All service configuration rules follow "last one wins" order.
+ repeated AuthenticationRule rules = 3;
+
+ // Defines a set of authentication providers that a service supports.
+ repeated AuthProvider providers = 4;
+}
+
+// Authentication rules for the service.
+//
+// By default, if a method has any authentication requirements, every request
+// must include a valid credential matching one of the requirements.
+// It's an error to include more than one kind of credential in a single
+// request.
+//
+// If a method doesn't have any auth requirements, request credentials will be
+// ignored.
+message AuthenticationRule {
+ // Selects the methods to which this rule applies.
+ //
+ // Refer to [selector][google.api.DocumentationRule.selector] for syntax
+ // details.
+ string selector = 1;
+
+ // The requirements for OAuth credentials.
+ OAuthRequirements oauth = 2;
+
+ // If true, the service accepts API keys without any other credential.
+ // This flag only applies to HTTP and gRPC requests.
+ bool allow_without_credential = 5;
+
+ // Requirements for additional authentication providers.
+ repeated AuthRequirement requirements = 7;
+}
+
+// Specifies a location to extract JWT from an API request.
+message JwtLocation {
+ oneof in {
+ // Specifies HTTP header name to extract JWT token.
+ string header = 1;
+
+ // Specifies URL query parameter name to extract JWT token.
+ string query = 2;
+
+ // Specifies cookie name to extract JWT token.
+ string cookie = 4;
+ }
+
+ // The value prefix. The value format is "value_prefix{token}"
+ // Only applies to "in" header type. Must be empty for "in" query type.
+ // If not empty, the header value has to match (case sensitive) this prefix.
+ // If not matched, JWT will not be extracted. If matched, JWT will be
+ // extracted after the prefix is removed.
+ //
+ // For example, for "Authorization: Bearer {JWT}",
+ // value_prefix="Bearer " with a space at the end.
+ string value_prefix = 3;
+}
+
+// Configuration for an authentication provider, including support for
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+message AuthProvider {
+ // The unique identifier of the auth provider. It will be referred to by
+ // `AuthRequirement.provider_id`.
+ //
+ // Example: "bookstore_auth".
+ string id = 1;
+
+ // Identifies the principal that issued the JWT. See
+ // https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
+ // Usually a URL or an email address.
+ //
+ // Example: https://securetoken.google.com
+ // Example: 1234567-compute@developer.gserviceaccount.com
+ string issuer = 2;
+
+ // URL of the provider's public key set to validate signature of the JWT. See
+ // [OpenID
+ // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+ // Optional if the key set document:
+ // - can be retrieved from
+ // [OpenID
+ // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)
+ // of the issuer.
+ // - can be inferred from the email domain of the issuer (e.g. a Google
+ // service account).
+ //
+ // Example: https://www.googleapis.com/oauth2/v1/certs
+ string jwks_uri = 3;
+
+ // The list of JWT
+ // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+ // that are allowed to access. A JWT containing any of these audiences will
+ // be accepted. When this setting is absent, JWTs with audiences:
+ // - "https://[service.name]/[google.protobuf.Api.name]"
+ // - "https://[service.name]/"
+ // will be accepted.
+ // For example, if no audiences are in the setting, LibraryService API will
+ // accept JWTs with the following audiences:
+ // -
+ // https://library-example.googleapis.com/google.example.library.v1.LibraryService
+ // - https://library-example.googleapis.com/
+ //
+ // Example:
+ //
+ // audiences: bookstore_android.apps.googleusercontent.com,
+ // bookstore_web.apps.googleusercontent.com
+ string audiences = 4;
+
+ // Redirect URL if JWT token is required but not present or is expired.
+ // Implement authorizationUrl of securityDefinitions in OpenAPI spec.
+ string authorization_url = 5;
+
+ // Defines the locations to extract the JWT. For now it is only used by the
+ // Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
+ // (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
+ //
+ // JWT locations can be one of HTTP headers, URL query parameters or
+ // cookies. The rule is that the first match wins.
+ //
+ // If not specified, default to use following 3 locations:
+ // 1) Authorization: Bearer
+ // 2) x-goog-iap-jwt-assertion
+ // 3) access_token query parameter
+ //
+ // Default locations can be specified as followings:
+ // jwt_locations:
+ // - header: Authorization
+ // value_prefix: "Bearer "
+ // - header: x-goog-iap-jwt-assertion
+ // - query: access_token
+ repeated JwtLocation jwt_locations = 6;
+}
+
+// OAuth scopes are a way to define data and permissions on data. For example,
+// there are scopes defined for "Read-only access to Google Calendar" and
+// "Access to Cloud Platform". Users can consent to a scope for an application,
+// giving it permission to access that data on their behalf.
+//
+// OAuth scope specifications should be fairly coarse grained; a user will need
+// to see and understand the text description of what your scope means.
+//
+// In most cases: use one or at most two OAuth scopes for an entire family of
+// products. If your product has multiple APIs, you should probably be sharing
+// the OAuth scope across all of those APIs.
+//
+// When you need finer grained OAuth consent screens: talk with your product
+// management about how developers will use them in practice.
+//
+// Please note that even though each of the canonical scopes is enough for a
+// request to be accepted and passed to the backend, a request can still fail
+// due to the backend requiring additional scopes or permissions.
+message OAuthRequirements {
+ // The list of publicly documented OAuth scopes that are allowed access. An
+ // OAuth token containing any of these scopes will be accepted.
+ //
+ // Example:
+ //
+ // canonical_scopes: https://www.googleapis.com/auth/calendar,
+ // https://www.googleapis.com/auth/calendar.read
+ string canonical_scopes = 1;
+}
+
+// User-defined authentication requirements, including support for
+// [JSON Web Token
+// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+message AuthRequirement {
+ // [id][google.api.AuthProvider.id] from authentication provider.
+ //
+ // Example:
+ //
+ // provider_id: bookstore_auth
+ string provider_id = 1;
+
+ // NOTE: This will be deprecated soon, once AuthProvider.audiences is
+ // implemented and accepted in all the runtime components.
+ //
+ // The list of JWT
+ // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+ // that are allowed to access. A JWT containing any of these audiences will
+ // be accepted. When this setting is absent, only JWTs with audience
+ // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
+ // will be accepted. For example, if no audiences are in the setting,
+ // LibraryService API will only accept JWTs with the following audience
+ // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
+ //
+ // Example:
+ //
+ // audiences: bookstore_android.apps.googleusercontent.com,
+ // bookstore_web.apps.googleusercontent.com
+ string audiences = 2;
+}