add contrib/python/yandexcloud to import

03b7d3cad2237366b55b393e18d4dc5eb222798c

14 files changed, 1505 insertions, 0 deletions

diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/blob.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/blob.proto
new file mode 100644
index 0000000000..56ed703c23
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/blob.proto
@@ -0,0 +1,21 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A Blob resource.
+message Blob {
+  // Output only. ID of the blob.
+  string id = 1;
+
+  // Content-addressable identifier of the blob.
+  string digest = 2;
+
+  // Size of the blob, specified in bytes.
+  int64 size = 3;
+  
+  // List of blob urls.
+  repeated string urls = 4;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/image.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/image.proto
new file mode 100644
index 0000000000..4df727d8a7
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/image.proto
@@ -0,0 +1,39 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/containerregistry/v1/blob.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// An Image resource. For more information, see [Docker image](/docs/container-registry/concepts/docker-image).
+message Image {
+  // Output only. ID of the Docker image.
+  string id = 1;
+
+  // Name of the Docker image.
+  // The name is unique within the registry.
+  string name = 2;
+
+  // Content-addressable identifier of the Docker image.
+  string digest = 3;
+
+  // Compressed size of the Docker image, specified in bytes.
+  int64 compressed_size = 4;
+
+  // Configuration of the Docker image.
+  Blob config = 5;
+
+  // Layers of the Docker image.
+  repeated Blob layers = 6;
+
+  // Tags of the Docker image.
+  //
+  // Each tag is unique within the repository.
+  repeated string tags = 7;
+
+  // Output only. Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
+  google.protobuf.Timestamp created_at = 8;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/image_service.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/image_service.proto
new file mode 100644
index 0000000000..ad8fbc1433
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/image_service.proto
@@ -0,0 +1,110 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/api/operation.proto";
+import "yandex/cloud/containerregistry/v1/image.proto";
+import "yandex/cloud/operation/operation.proto";
+import "yandex/cloud/validation.proto";
+
+import "google/api/annotations.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A set of methods for managing Image resources.
+service ImageService {
+  // Retrieves the list of Image resources in the specified registry or repository.
+  rpc List (ListImagesRequest) returns (ListImagesResponse) {
+    option (google.api.http) = { get: "/container-registry/v1/images" };
+  };
+
+  // Returns the specified Image resource.
+  //
+  // To get the list of available Image resources, make a [List] request.
+  rpc Get (GetImageRequest) returns (Image) {
+    option (google.api.http) = { get: "/container-registry/v1/images/{image_id}" };
+  };
+
+  // Deletes the specified Docker image.
+  rpc Delete (DeleteImageRequest) returns (operation.Operation) {
+    option (google.api.http) = { delete: "/container-registry/v1/images/{image_id}" };
+    option (yandex.cloud.api.operation) = {
+          metadata: "DeleteImageMetadata"
+          response: "google.protobuf.Empty"
+        };
+  }
+}
+
+
+message ListImagesRequest {
+  // ID of the registry to list Docker images in.
+  //
+  // [registry_id] is ignored if a [ListImagesRequest.repository_name] is specified in the request.
+  //
+  // To get the registry ID use a [RegistryService.List] request.
+  string registry_id = 1 [(length) = "<=50"];
+
+  // Name of the repository to list Docker images in.
+  //
+  // To get the repository name use a [RepositoryService.List] request.
+  string repository_name = 2 [(pattern) = "|[a-z0-9]+(?:[._-][a-z0-9]+)*(/([a-z0-9]+(?:[._-][a-z0-9]+)*))*"];
+
+  // ID of the folder to list Docker images in.
+  //
+  // [folder_id] is ignored if a [ListImagesRequest.repository_name] or a [ListImagesRequest.registry_id] are specified in the request.
+  //
+  // To get the folder ID use a [yandex.cloud.resourcemanager.v1.FolderService.List] request.
+  string folder_id = 7[(length) = "<=50"];
+
+  // The maximum number of results per page to return. If the number of available
+  // results is larger than [page_size],
+  // the service returns a [ListImagesResponse.next_page_token]
+  // that can be used to get the next page of results in subsequent list requests.
+  // Default value: 100.
+  int64 page_size = 3 [(value) = "<=1000"];
+
+  // Page token. To get the next page of results, set [page_token] to the
+  // [ListImagesResponse.next_page_token] returned by a previous list request.
+  string page_token = 4 [(length) = "<=100"];
+
+  // A filter expression that filters resources listed in the response.
+  // The expression must specify:
+  // 1. The field name. Currently you can use filtering only on [Image.name] field.
+  // 2. An `=` operator.
+  // 3. The value in double quotes (`"`). Must be a maximum of 256 characters long and match the regular expression `[a-z0-9]+(?:[._-][a-z0-9]+)*(/([a-z0-9]+(?:[._-][a-z0-9]+)*))`.
+  string filter = 5 [(length) = "<=1000"];
+  string order_by = 6 [(length) = "<=100"];
+}
+
+message ListImagesResponse {
+  // List of Image resources.
+  repeated Image images = 1;
+
+  // This token allows you to get the next page of results for list requests. If the number of results
+  // is larger than [ListImagesRequest.page_size], use
+  // the [next_page_token] as the value
+  // for the [ListImagesRequest.page_token] query parameter
+  // in the next list request. Each subsequent list request will have its own
+  // [next_page_token] to continue paging through the results.
+  string next_page_token = 2;
+}
+
+message GetImageRequest {
+  // ID of the Docker image resource to return.
+  //
+  // To get the Docker image ID use a [ImageService.List] request.
+  string image_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message DeleteImageRequest {
+  // ID of the Docker image to delete.
+  //
+  // To get Docker image ID use a [ImageService.List] request.
+  string image_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message DeleteImageMetadata {
+  // ID of the Docker image that is being deleted.
+  string image_id = 1;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/ip_permission.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/ip_permission.proto
new file mode 100644
index 0000000000..3e8c0b5703
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/ip_permission.proto
@@ -0,0 +1,36 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/validation.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+message IpPermission {
+    enum Action {
+        ACTION_UNSPECIFIED = 0;
+        PULL = 1;
+        PUSH = 2;
+    }
+    Action action = 1;
+    string ip = 2;
+}
+
+enum IpPermissionAction {
+    IP_PERMISSION_ACTION_UNSPECIFIED = 0;
+
+    // Addition of an ip permission.
+    ADD = 1;
+
+    // Removal of an ip permission.
+    REMOVE = 2;
+}
+
+message IpPermissionDelta {
+    // The action that is being performed on an ip permission.
+    IpPermissionAction action = 1 [(required) = true];
+
+    // Ip permission.
+    IpPermission ip_permission = 2 [(required) = true];
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/lifecycle_policy.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/lifecycle_policy.proto
new file mode 100644
index 0000000000..c9f127566e
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/lifecycle_policy.proto
@@ -0,0 +1,64 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/validation.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+message LifecyclePolicy {
+    enum Status {
+        STATUS_UNSPECIFIED = 0;
+
+        // Policy is active and regularly deletes Docker images according to the established rules.
+        ACTIVE = 1;
+
+        // Policy is disabled and does not delete Docker images in the repository.
+        // Policies in this status can be used for preparing and testing rules.
+        DISABLED = 2;
+    }
+
+    // ID of the lifecycle policy.
+    string id = 1;
+
+    // Name of the lifecycle policy.
+    string name = 2;
+
+    // ID of the repository that the lifecycle policy belongs to.
+    // Required. The maximum string length in characters is 50.
+    string repository_id = 3;
+
+    // Description of the lifecycle policy.
+    // The maximum string length in characters is 256.
+    string description = 4;
+
+    // Status of lifecycle policy.
+    Status status = 5;
+
+    // Creation timestamp.
+    google.protobuf.Timestamp created_at = 6;
+
+    // The rules of lifecycle policy.
+    repeated LifecycleRule rules = 7;
+}
+
+message LifecycleRule {
+    // Description of the lifecycle policy rule.
+    string description = 1 [(length) = "<=256"];
+
+    // Period of time for automatic deletion.
+    // Period must be a multiple of 24 hours.
+    google.protobuf.Duration expire_period = 2 [(value) = ">=24h"];
+
+    // Tag for specifying a filter in the form of a regular expression.
+    string tag_regexp = 3 [(length) = "<=256"];
+
+    // Tag for applying the rule to Docker images without tags.
+    bool untagged = 4;
+
+    // Number of Docker images (falling under the specified filter by tags) that must be left, even if the expire_period has already expired.
+    int64 retained_top = 5 [(value) = ">=0"];
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/lifecycle_policy_service.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/lifecycle_policy_service.proto
new file mode 100644
index 0000000000..d84ec77bdd
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/lifecycle_policy_service.proto
@@ -0,0 +1,304 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/api/operation.proto";
+import "yandex/cloud/containerregistry/v1/image.proto";
+import "yandex/cloud/containerregistry/v1/lifecycle_policy.proto";
+import "yandex/cloud/operation/operation.proto";
+import "yandex/cloud/validation.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+
+import "google/api/annotations.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A set of methods for managing Lifecycle policy resources.
+service LifecyclePolicyService {
+
+    // Returns the specified lifecycle policy.
+    //
+    // To get the list of all available lifecycle policies, make a [List] request.
+    rpc Get (GetLifecyclePolicyRequest) returns (LifecyclePolicy) {
+        option (google.api.http) = { get: "/container-registry/v1/lifecyclePolicies/{lifecycle_policy_id}" };
+    }
+
+    // Retrieves the list of lifecycle policies in the specified repository.
+    rpc List (ListLifecyclePoliciesRequest) returns (ListLifecyclePoliciesResponse) {
+        option (google.api.http) = { get: "/container-registry/v1/lifecyclePolicies" };
+    }
+
+    // Creates a lifecycle policy in the specified repository.
+    rpc Create (CreateLifecyclePolicyRequest) returns (operation.Operation) {
+        option (google.api.http) = { post: "/container-registry/v1/lifecyclePolicies" body: "*" };
+        option (yandex.cloud.api.operation) = {
+          metadata: "CreateLifecyclePolicyMetadata"
+          response: "LifecyclePolicy"
+        };
+    }
+
+    // Updates the specified lifecycle policy.
+    rpc Update (UpdateLifecyclePolicyRequest) returns (operation.Operation) {
+        option (google.api.http) = { patch: "/container-registry/v1/lifecyclePolicies/{lifecycle_policy_id}" body: "*" };
+        option (yandex.cloud.api.operation) = {
+          metadata: "UpdateLifecyclePolicyMetadata"
+          response: "LifecyclePolicy"
+        };
+    };
+
+    // Deletes the specified lifecycle policy.
+    rpc Delete (DeleteLifecyclePolicyRequest) returns (operation.Operation) {
+        option (google.api.http) = { delete: "/container-registry/v1/lifecyclePolicies/{lifecycle_policy_id}" };
+        option (yandex.cloud.api.operation) = {
+          metadata: "DeleteLifecyclePolicyMetadata"
+          response: "google.protobuf.Empty"
+        };
+    }
+
+    // Creates a request of a dry run of the lifecycle policy.
+    rpc DryRun (DryRunLifecyclePolicyRequest) returns (operation.Operation) {
+        option (google.api.http) = { post: "/container-registry/v1/dryRunLifecyclePolicy/{lifecycle_policy_id}" body: "*" };
+        option (yandex.cloud.api.operation) = {
+          metadata: "DryRunLifecyclePolicyMetadata"
+          response: "DryRunLifecyclePolicyResult"
+        };
+    }
+    
+    // Returns the dry run result of the specified lifecycle policy.
+    rpc GetDryRunResult (GetDryRunLifecyclePolicyResultRequest) returns (DryRunLifecyclePolicyResult){
+        option (google.api.http) = { get: "/container-registry/v1/dryRunLifecyclePolicyResults/{dry_run_lifecycle_policy_result_id}" };
+    }
+
+    // Retrieves the list of the dry run results.
+    rpc ListDryRunResults (ListDryRunLifecyclePolicyResultsRequest) returns (ListDryRunLifecyclePolicyResultsResponse){
+        option (google.api.http) = { get: "/container-registry/v1/dryRunLifecyclePolicyResults" };
+    }
+
+    // Retrieves the list of the affected images.
+    rpc ListDryRunResultAffectedImages (ListDryRunLifecyclePolicyResultAffectedImagesRequest) returns (ListDryRunLifecyclePolicyResultAffectedImagesResponse) {
+        option (google.api.http) = { get: "/container-registry/v1/dryRunLifecyclePolicyResults/{dry_run_lifecycle_policy_result_id}:affectedImages" };
+    }
+}
+
+message GetLifecyclePolicyRequest {
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message ListLifecyclePoliciesRequest {
+    oneof id {
+        option (exactly_one) = true;
+
+        // ID of the lifecycle policy.
+        string registry_id = 1 [(length) = "<=50"];
+
+        // Repository of the lifecycle policy.
+        string repository_id = 6 [(length) = "<=50"];
+    }
+
+    // The maximum number of results per page to return. If the number of available
+    // results is larger than `page_size`, the service returns 
+    // a [ListLifecyclePoliciesResponse.next_page_token] that can be used to get the next page of results in subsequent list requests.
+    // Default value: 100.
+    int64 page_size = 2 [(value) = "0-1000"];
+
+    // Page token. To get the next page of results, set `page_token` to the
+    // [ListLifecyclePoliciesResponse.next_page_token] returned by a previous list request.
+    string page_token = 3 [(length) = "<=100"];
+
+    // A filter expression that filters lifecycle policy resources listed in the response.
+    //
+    // The expression must specify:
+    // 1. The field name. Currently you can use filtering only on [LifecyclePolicy.name] field.
+    // 2. An `=` operator.
+    // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`.
+    string filter = 4 [(length) = "<=1000"];
+
+    // Sorting the list by [LifecyclePolicy.name], [LifecyclePolicy.created_at] and [LifecyclePolicy.status] fields.
+    // The default sorting order is ascending.
+    string order_by = 5 [(length) = "<=100"];
+}
+
+message ListLifecyclePoliciesResponse {
+    // List of lifecycle policies.
+    repeated LifecyclePolicy lifecycle_policies = 1;
+
+    // Token for getting the next page of the list. If the number of results is greater than
+    // the specified [ListLifecyclePoliciesRequest.page_size], use `next_page_token` as the value
+    // for the [ListLifecyclePoliciesRequest.page_token] parameter in the next list request.
+    //
+    // Each subsequent page will have its own `next_page_token` to continue paging through the results.
+    string next_page_token = 2;
+}
+
+message CreateLifecyclePolicyRequest {
+    // ID of the lifecycle policy repository.
+    string repository_id = 1 [(required) = true, (length) = "<=50"];
+
+    // Name of lifecycle policy.
+    string name = 2 [(pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
+
+    // Description of lifecycle policy.
+    string description = 3 [(length) = "<=256"];
+
+    // Status of the lifecycle policy.
+    LifecyclePolicy.Status status = 4 [(required) = true];
+
+    // The rules of the lifecycle policy.
+    repeated LifecycleRule rules = 5;
+}
+
+message UpdateLifecyclePolicyRequest {
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 1 [(required) = true, (length) = "<=50"];
+
+    // Field mask that specifies which fields of the lifecycle policy resource are going to be updated.
+    google.protobuf.FieldMask update_mask = 2;
+
+    // Name of lifecycle policy.
+    string name = 3 [(pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
+
+    // Description of lifecycle policy.
+    string description = 4 [(length) = "<=256"];
+
+     // Status of the lifecycle policy.
+    LifecyclePolicy.Status status = 5 [(required) = true];
+
+    // The rules of the lifecycle policy.
+    repeated LifecycleRule rules = 6;
+}
+
+message DeleteLifecyclePolicyRequest {
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message CreateLifecyclePolicyMetadata {
+    // ID of the lifecycle policy resource that is being created.
+    string lifecycle_policy_id = 1;
+}
+
+message UpdateLifecyclePolicyMetadata {
+    // ID of the lifecycle policy resource that is being updated.
+    string lifecycle_policy_id = 1;
+}
+
+message DeleteLifecyclePolicyMetadata {
+    // ID of the lifecycle policy resource that is being deleted.
+    string lifecycle_policy_id = 1;
+}
+
+message DryRunLifecyclePolicyRequest {
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message DryRunLifecyclePolicyMetadata {
+    
+    // ID of the dry run result of the lifecycle policy.
+    string dry_run_lifecycle_policy_result_id = 1;
+
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 2;
+}
+
+message DryRunLifecyclePolicyResult {
+    
+    // ID of the dry run result of the lifecycle policy.
+    string dry_run_lifecycle_policy_result_id = 1;
+
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 2;
+
+    // Time of the getting result.
+    google.protobuf.Timestamp run_at = 3;
+
+    // Count of affected images.
+    int64 affected_images_count = 4;
+}
+
+message GetDryRunLifecyclePolicyResultRequest {
+
+    // ID of the dry run result of the lifecycle policy.
+    string dry_run_lifecycle_policy_result_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message ListDryRunLifecyclePolicyResultsRequest {
+    // ID of the lifecycle policy.
+    string lifecycle_policy_id = 1 [(required) = true, (length) = "<=50"];
+
+    // The maximum number of results per page to return. If the number of available
+    // results is larger than `page_size`, the service returns 
+    // a [ListDryRunLifecyclePolicyResultsResponse.next_page_token] that can be used to get 
+    // the next page of results in subsequent list requests.
+    int64 page_size = 2 [(value) = "0-1000"];
+
+    // Page token. To get the next page of results, set `page_token` to the
+    // [ListDryRunLifecyclePolicyResultsResponse.next_page_token] returned by a previous list request.
+    string page_token = 3 [(length) = "<=100"];
+
+    // A filter expression that filters dry run results listed in the response.
+    //
+    // The expression must specify:
+    // 1. The field name. Currently you can use filtering only on [LifecyclePolicy.name] field.
+    // 2. An `=` operator.
+    // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`.
+    string filter = 4 [(length) = "<=1000"];
+
+    // Sorting the list by [DryRunLifecyclePolicyResult.run_at] and [DryRunLifecyclePolicyResult.affected_images_count] fields.
+    // The default sorting order is ascending.
+    string order_by = 5 [(length) = "<=100"];
+}
+
+message ListDryRunLifecyclePolicyResultsResponse {
+    // List of results of dry runs of a lifecycle policy.
+    repeated DryRunLifecyclePolicyResult dry_run_lifecycle_policy_results = 1;
+
+    // Token for getting the next page of the list. If the number of results is greater than
+    // the specified [ListDryRunLifecyclePolicyResultsRequest.page_size] use `next_page_token` as the value
+    // for the [ListDryRunLifecyclePolicyResultsRequest.page_token] parameter in the next list request.
+    //
+    // Each subsequent page will have its own `next_page_token` to continue paging through the results.
+    string next_page_token = 2;
+}
+
+message ListDryRunLifecyclePolicyResultAffectedImagesRequest {
+    
+    // ID of the dry run result of the lifecycle policy
+    string dry_run_lifecycle_policy_result_id = 1 [(required) = true, (length) = "<=50"];
+
+    // The maximum number of results per page to return. If the number of available
+    // results is larger than `page_size`, the service returns a [ListDryRunLifecyclePolicyResultAffectedImagesResponse.next_page_token]
+    // that can be used to get the next page of results in subsequent list requests.
+    int64 page_size = 2 [(value) = "0-1000"];
+
+    // Page token. To get the next page of results, set `page_token` to the
+    // [ListDryRunLifecyclePolicyResultAffectedImagesResponse.next_page_token] returned by a previous list request.
+    string page_token = 3 [(length) = "<=100"];
+
+    // A filter expression that filters affected images listed in the response.
+    //
+    // The expression must specify:
+    // 1. The field name. Currently you can use filtering only on [LifecyclePolicy.name] field.
+    // 2. An `=` operator.
+    // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`.
+    string filter = 4 [(length) = "<=1000"];
+
+    // Sorting the list by [LifecyclePolicy.name] and [LifecyclePolicy.created_at] fields.
+    // The default sorting order is ascending.
+    string order_by = 5 [(length) = "<=100"];
+}
+
+message ListDryRunLifecyclePolicyResultAffectedImagesResponse {
+    // List of affected images.
+    repeated Image affected_images = 1;
+
+    // Token for getting the next page of the list. If the number of results is greater than
+    // the specified [ListDryRunLifecyclePolicyResultAffectedImagesRequest.page_size], use `next_page_token` as the value
+    // for the [ListDryRunLifecyclePolicyResultAffectedImagesRequest.page_token] parameter in the next list request.
+    //
+    // Each subsequent page will have its own `next_page_token` to continue paging through the results.
+    string next_page_token = 2;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/registry.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/registry.proto
new file mode 100644
index 0000000000..1f161ac998
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/registry.proto
@@ -0,0 +1,42 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A Registry resource. For more information, see the [Registry](/docs/container-registry/concepts/registry) section of the documentation.
+message Registry {
+  enum Status {
+    STATUS_UNSPECIFIED = 0;
+
+    // Registry is being created.
+    CREATING = 1;
+
+    // Registry is ready to use.
+    ACTIVE = 2;
+
+    // Registry is being deleted.
+    DELETING = 3;
+  }
+
+  // Output only. ID of the registry.
+  string id = 1;
+
+  // ID of the folder that the registry belongs to.
+  string folder_id = 2;
+
+  // Name of the registry.
+  string name = 3;
+
+  // Output only. Status of the registry.
+  Status status = 4;
+
+  // Output only. Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format.
+  google.protobuf.Timestamp created_at = 5;
+
+  // Resource labels as `key:value` pairs. Maximum of 64 per resource.
+  map<string, string> labels = 6;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/registry_service.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/registry_service.proto
new file mode 100644
index 0000000000..2a884fcdb7
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/registry_service.proto
@@ -0,0 +1,244 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/api/operation.proto";
+import "yandex/cloud/access/access.proto";
+import "yandex/cloud/containerregistry/v1/registry.proto";
+import "yandex/cloud/containerregistry/v1/ip_permission.proto";
+import "yandex/cloud/operation/operation.proto";
+import "yandex/cloud/validation.proto";
+import "google/protobuf/field_mask.proto";
+
+import "google/api/annotations.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A set of methods for managing Registry resources.
+service RegistryService {
+  // Returns the specified Registry resource.
+  //
+  // To get the list of available Registry resources, make a [List] request.
+  rpc Get (GetRegistryRequest) returns (Registry) {
+    option (google.api.http) = { get: "/container-registry/v1/registries/{registry_id}" };
+  };
+
+  // Retrieves the list of Registry resources in the specified folder.
+  rpc List (ListRegistriesRequest) returns (ListRegistriesResponse) {
+    option (google.api.http) = { get: "/container-registry/v1/registries" };
+  };
+
+  // Creates a registry in the specified folder.
+  rpc Create (CreateRegistryRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/registries" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "CreateRegistryMetadata"
+      response: "Registry"
+    };
+  };
+
+  // Updates the specified registry.
+  rpc Update (UpdateRegistryRequest) returns (operation.Operation) {
+    option (google.api.http) = { patch: "/container-registry/v1/registries/{registry_id}" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "UpdateRegistryMetadata"
+      response: "Registry"
+    };
+  };
+
+  // Deletes the specified registry.
+  rpc Delete (DeleteRegistryRequest) returns (operation.Operation) {
+    option (google.api.http) = { delete: "/container-registry/v1/registries/{registry_id}" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "DeleteRegistryMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+
+  //access
+
+  // Lists access bindings for the specified registry.
+  rpc ListAccessBindings (access.ListAccessBindingsRequest) returns (access.ListAccessBindingsResponse) {
+    option (google.api.http) = { get: "/container-registry/v1/registries/{resource_id}:listAccessBindings" };
+  }
+
+  // Sets access bindings for the specified registry.
+  rpc SetAccessBindings (access.SetAccessBindingsRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/registries/{resource_id}:setAccessBindings" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "access.SetAccessBindingsMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+
+  // Updates access bindings for the specified registry.
+  rpc UpdateAccessBindings (access.UpdateAccessBindingsRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/registries/{resource_id}:updateAccessBindings" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "access.UpdateAccessBindingsMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+
+  //ip permissions
+  
+  // List ip permissions for the specified registry.
+  rpc ListIpPermission (ListIpPermissionRequest) returns (ListIpPermissionsResponse){
+    option (google.api.http) = { get: "/container-registry/v1/registries/{registry_id}:listIpPermission" };
+  }
+
+  // Set ip permissions for the specified registry.
+  rpc SetIpPermission (SetIpPermissionRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/registries/{registry_id}:setIpPermission" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "SetIpPermissionMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+
+  // Update ip permissions for the specified registry.
+  rpc UpdateIpPermission (UpdateIpPermissionRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/registries/{registry_id}:updateIpPermission" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "UpdateIpPermissionMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+}
+
+message GetRegistryRequest {
+  // ID of the Registry resource to return.
+  //
+  // To get the registry ID use a [RegistryService.List] request.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message ListRegistriesRequest {
+  // ID of the folder to list registries in.
+  //
+  // To get the folder ID use a [yandex.cloud.resourcemanager.v1.FolderService.List] request.
+  string folder_id = 1 [(required) = true, (length) = "<=50"];
+
+  // The maximum number of results per page to return. If the number of available
+  // results is larger than [page_size],
+  // the service returns a [ListRegistriesResponse.next_page_token]
+  // that can be used to get the next page of results in subsequent list requests.
+  // Default value: 100.
+  int64 page_size = 2 [(value) = "<=1000"];
+
+  // Page token. To get the next page of results, set [page_token] to the
+  // [ListRegistriesResponse.next_page_token] returned by a previous list request.
+  string page_token = 3 [(length) = "<=100"];
+
+  // A filter expression that filters resources listed in the response.
+  // The expression must specify:
+  // 1. The field name. Currently you can use filtering only on [Registry.name] field.
+  // 2. An `=` operator.
+  // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`.
+  string filter = 4 [(length) = "<=1000"];
+}
+
+message ListRegistriesResponse {
+  // List of Registry resources.
+  repeated Registry registries = 1;
+
+  // This token allows you to get the next page of results for list requests. If the number of results
+  // is larger than [ListRegistriesRequest.page_size], use
+  // the [next_page_token] as the value
+  // for the [ListRegistriesRequest.page_token] query parameter
+  // in the next list request. Each subsequent list request will have its own
+  // [next_page_token] to continue paging through the results.
+  string next_page_token = 2;
+}
+
+message CreateRegistryRequest {
+  // ID of the folder to create a registry in.
+  //
+  // To get the folder ID, use a [yandex.cloud.resourcemanager.v1.FolderService.List] request.
+  string folder_id = 1 [(required) = true, (length) = "<=50"];
+
+  // Name of the registry.
+  //
+  // There may be only one registry per folder.
+  string name = 2 [(pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
+
+  // Resource labels as `key:value` pairs.
+  map<string, string> labels = 3 [(yandex.cloud.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"];
+}
+
+message CreateRegistryMetadata {
+  // ID of the registry that is being created.
+  string registry_id = 1;
+}
+
+message UpdateRegistryRequest {
+  // ID of the Registry resource to update.
+  //
+  // To get the registry ID use a [RegistryService.List] request.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+
+  // Field mask that specifies which fields of the Registry resource are going to be updated.
+  google.protobuf.FieldMask update_mask = 2;
+
+  // Name of the registry.
+  //
+  // There may be only one registry per folder.
+  string name = 3 [(pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
+
+  // Resource labels as `key:value` pairs.
+  //
+  // Existing set of `labels` is completely replaced by the provided set.
+  map<string, string> labels = 4 [(yandex.cloud.size) = "<=64", (length) = "<=63", (pattern) = "[-_0-9a-z]*", (map_key).length = "1-63", (map_key).pattern = "[a-z][-_0-9a-z]*"];
+}
+
+message UpdateRegistryMetadata {
+  // ID of the Registry resource that is being updated.
+  string registry_id = 1;
+}
+
+message DeleteRegistryRequest {
+  // ID of the registry to delete.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message DeleteRegistryMetadata {
+  // ID of the registry that is being deleted.
+  string registry_id = 1;
+}
+
+message SetIpPermissionRequest {
+  // ID of the registry for which ip permissions are being set.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+
+  // IP permission to be set.
+  repeated IpPermission ip_permission = 2;
+}
+
+message UpdateIpPermissionRequest {
+  // ID of the registry for which ip permissions are being updated.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+
+  // Updates to IP permissions.
+  repeated IpPermissionDelta ip_permission_deltas = 2;
+}
+
+message ListIpPermissionRequest {
+  // ID of the Registry to return ip permission list.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message ListIpPermissionsResponse {
+  // List of ip permissions for registry
+  repeated IpPermission permissions = 1;
+}
+
+message SetIpPermissionMetadata {
+  // ID of the registry that ip permission is being set.
+  string registry_id = 1;
+}
+
+message UpdateIpPermissionMetadata {
+  // ID of the registry that ip permission is being updated.
+  string registry_id = 1;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/repository.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/repository.proto
new file mode 100644
index 0000000000..d8d5246602
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/repository.proto
@@ -0,0 +1,15 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A Repository resource. For more information, see [Repository](/docs/container-registry/concepts/repository).
+message Repository {
+  // Name of the repository.
+  // The name is unique within the registry.
+  string name = 1;
+  // Output only. ID of the repository.
+  string id = 2;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/repository_service.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/repository_service.proto
new file mode 100644
index 0000000000..c4a66aa86c
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/repository_service.proto
@@ -0,0 +1,162 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/api/operation.proto";
+import "yandex/cloud/access/access.proto";
+import "yandex/cloud/containerregistry/v1/repository.proto";
+import "yandex/cloud/operation/operation.proto";
+import "yandex/cloud/validation.proto";
+
+import "google/api/annotations.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A set of methods for managing Repository resources.
+service RepositoryService {
+  // Returns the specified Repository resource.
+  //
+  // To get the list of available Repository resources, make a [List] request.
+  rpc Get (GetRepositoryRequest) returns (Repository) {
+    option (google.api.http) = { get: "/container-registry/v1/repositories/{repository_id}" };
+  };
+
+  // Returns the specified Repository resource.
+  //
+  // To get the list of available Repository resources, make a [List] request.
+  rpc GetByName (GetRepositoryByNameRequest) returns (Repository) {
+    option (google.api.http) = { get: "/container-registry/v1/repositories/{repository_name}:byName" };
+  }
+
+  // Retrieves the list of Repository resources in the specified registry.
+  rpc List (ListRepositoriesRequest) returns (ListRepositoriesResponse) {
+    option (google.api.http) = { get: "/container-registry/v1/repositories" };
+  };
+
+  //access
+
+  // Lists access bindings for the specified repository.
+  rpc ListAccessBindings (access.ListAccessBindingsRequest) returns (access.ListAccessBindingsResponse) {
+    option (google.api.http) = { get: "/container-registry/v1/repositories/{resource_id}:listAccessBindings" };
+  }
+
+  // Upserts a repository in the specified registry.
+  rpc Upsert (UpsertRepositoryRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/repositories" body: "*" };
+    option (yandex.cloud.api.operation) = {
+          metadata: "UpsertRepositoryMetadata"
+          response: "Repository"
+        };
+  };
+
+  // Deletes the specified repository.
+  rpc Delete (DeleteRepositoryRequest) returns (operation.Operation) {
+    option (google.api.http) = { delete: "/container-registry/v1/repositories/{repository_id}" };
+    option (yandex.cloud.api.operation) = {
+          metadata: "DeleteRepositoryMetadata"
+          response: "google.protobuf.Empty"
+        };
+  }
+
+  // Sets access bindings for the specified repository.
+  rpc SetAccessBindings (access.SetAccessBindingsRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/repositories/{resource_id}:setAccessBindings" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "access.SetAccessBindingsMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+
+  // Updates access bindings for the specified repository.
+  rpc UpdateAccessBindings (access.UpdateAccessBindingsRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/repositories/{resource_id}:updateAccessBindings" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "access.UpdateAccessBindingsMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+
+}
+
+message GetRepositoryRequest {
+  // ID of the Repository resource to return.
+  //
+  // To get the repository ID use a [RepositoryService.List] request.
+  string repository_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message GetRepositoryByNameRequest {
+  // Name of the Repository resource to return.
+  //
+  // To get the repository name use a [RepositoryService.List] request.
+  string repository_name = 1 [(required) = true, (pattern) = "[a-z0-9]+(?:[._-][a-z0-9]+)*(/([a-z0-9]+(?:[._-][a-z0-9]+)*))*"];
+}
+
+message ListRepositoriesRequest {
+  // ID of the registry to list repositories in.
+  //
+  // To get the registry ID use a [RegistryService.List] request.
+  string registry_id = 1 [(length) = "<=50"];
+
+  // ID of the folder to list registries in.
+  //
+  // [folder_id] is ignored if a [ListImagesRequest.registry_id] is specified in the request.
+  //
+  // To get the folder ID use a [yandex.cloud.resourcemanager.v1.FolderService.List] request.
+  string folder_id = 6 [(length) = "<=50"];
+
+  // The maximum number of results per page to return. If the number of available
+  // results is larger than [page_size],
+  // the service returns a [ListRepositoriesResponse.next_page_token]
+  // that can be used to get the next page of results in subsequent list requests.
+  // Default value: 100.
+  int64 page_size = 2 [(value) = "<=1000"];
+
+  // Page token. To get the next page of results, set [page_token] to the
+  // [ListRepositoriesResponse.next_page_token] returned by a previous list request.
+  string page_token = 3 [(length) = "<=100"];
+
+  // A filter expression that filters resources listed in the response.
+  // The expression must specify:
+  // 1. The field name. Currently you can use filtering only on [Repository.name] field.
+  // 2. An `=` operator.
+  // 3. The value in double quotes (`"`). Must be 3-63 characters long and match the regular expression `[a-z][-a-z0-9]{1,61}[a-z0-9]`.
+  string filter = 4 [(length) = "<=1000"];
+  string order_by = 5 [(length) = "<=100"];
+}
+
+message ListRepositoriesResponse {
+  // List of Repository resources.
+  repeated Repository repositories = 1;
+
+  // This token allows you to get the next page of results for list requests. If the number of results
+  // is larger than [ListRepositoriesRequest.page_size], use
+  // the [next_page_token] as the value
+  // for the [ListRepositoriesRequest.page_token] query parameter
+  // in the next list request. Each subsequent list request will have its own
+  // [next_page_token] to continue paging through the results.
+  string next_page_token = 2;
+}
+
+message UpsertRepositoryRequest {
+  // Name of the repository.
+  //
+  // The name of the repository should match the name of the images that will be pushed in the repository.
+  string name = 1 [(required) = true, (pattern) = "[a-z0-9]+(?:[._-][a-z0-9]+)*(/([a-z0-9]+(?:[._-][a-z0-9]+)*))*"];
+}
+
+message UpsertRepositoryMetadata {
+  // ID of the repository that is being upserted.
+  string repository_id = 1;
+}
+
+message DeleteRepositoryRequest {
+  // ID of the repository to delete.
+  string repository_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message DeleteRepositoryMetadata {
+  // ID of the repository that is being deleted.
+  string repository_id = 1;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scan_policy.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scan_policy.proto
new file mode 100644
index 0000000000..fb918a0e6e
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scan_policy.proto
@@ -0,0 +1,62 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/validation.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+message ScanPolicy {
+  // Output only. ID of the scan policy.
+  string id = 1;
+
+  // ID of the registry that the scan policy belongs to.
+  // Required. The maximum string length in characters is 50.
+  string registry_id = 2;
+
+  // Name of the scan policy.
+  string name = 3;
+
+  // Description of the scan policy.
+  // The maximum string length in characters is 256.
+  string description = 4;
+
+  // The rules of scan policy.
+  ScanRules rules = 5;
+
+  // Output only. Creation timestamp.
+  google.protobuf.Timestamp created_at = 6;
+
+  // Turns off scan policy.
+  bool disabled = 7;
+}
+
+message ScanRules {
+  // Description of on-push scan rule.
+  PushRule push_rule = 1;
+
+  // Description of time based rescan rule.
+  repeated ScheduledRule schedule_rules = 2;
+}
+
+message PushRule {
+  // List of repositories that are scanned with rule. Child repositories are included into parent node. "*" - means all repositories in registry
+  repeated string repository_prefixes = 1 [(size) = ">0",(pattern) = "\\*|[a-z0-9]+(?:[._-][a-z0-9]+)*(/([a-z0-9]+(?:[._-][a-z0-9]+)*))*"];
+
+  // Turns off scan rule.
+  bool disabled = 2;
+}
+
+message ScheduledRule {
+  // List of repositories that are scanned with rule. Child repositories are included into parent node. "*" - means all repositories in registry
+  repeated string repository_prefixes = 1 [(size) = ">0",(pattern) = "\\*|[a-z0-9]+(?:[._-][a-z0-9]+)*(/([a-z0-9]+(?:[._-][a-z0-9]+)*))*"];
+
+  // Period of time since last scan to trigger automatic rescan.
+  google.protobuf.Duration rescan_period = 2 [(required) = true];
+
+  // Turns off scan rule.
+  bool disabled = 3;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scan_policy_service.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scan_policy_service.proto
new file mode 100644
index 0000000000..8e660e140d
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scan_policy_service.proto
@@ -0,0 +1,116 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/api/operation.proto";
+import "yandex/cloud/containerregistry/v1/scan_policy.proto";
+import "yandex/cloud/operation/operation.proto";
+import "yandex/cloud/validation.proto";
+import "google/protobuf/field_mask.proto";
+
+import "google/api/annotations.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A set of methods for managing scan policy resources.
+service ScanPolicyService {
+
+  // Returns the specified scan policy.
+  rpc Get (GetScanPolicyRequest) returns (ScanPolicy) {
+    option (google.api.http) = { get: "/container-registry/v1/scanPolicies/{scan_policy_id}" };
+  }
+
+  // Returns scan policy for the registry if any exists.
+  rpc GetByRegistry (GetScanPolicyByRegistryRequest) returns (ScanPolicy) {
+    option (google.api.http) = { get: "/container-registry/v1/scanPolicies/{registry_id}:byRegistry" };
+  }
+
+  // Creates a scan policy for the specified registry.
+  rpc Create (CreateScanPolicyRequest) returns (operation.Operation) {
+    option (google.api.http) = { post: "/container-registry/v1/scanPolicies" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "CreateScanPolicyMetadata"
+      response: "ScanPolicy"
+    };
+  }
+
+  // Updates the specified scan policy.
+  rpc Update (UpdateScanPolicyRequest) returns (operation.Operation) {
+    option (google.api.http) = { patch: "/container-registry/v1/scanPolicies/{scan_policy_id}" body: "*" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "UpdateScanPolicyMetadata"
+      response: "ScanPolicy"
+    };
+  }
+
+  // Deletes the specified scan policy.
+  rpc Delete (DeleteScanPolicyRequest) returns (operation.Operation) {
+    option (google.api.http) = { delete: "/container-registry/v1/scanPolicies/{scan_policy_id}" };
+    option (yandex.cloud.api.operation) = {
+      metadata: "DeleteScanPolicyMetadata"
+      response: "google.protobuf.Empty"
+    };
+  }
+}
+
+message GetScanPolicyRequest {
+  // ID of the scan policy.
+  string scan_policy_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message GetScanPolicyByRegistryRequest {
+  // ID of the registry with scan policy.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message CreateScanPolicyRequest {
+  // ID of the scan policy registry.
+  string registry_id = 1 [(required) = true, (length) = "<=50"];
+
+  // Name of the scan policy.
+  string name = 2 [(pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
+
+  // Description of the scan policy.
+  string description = 3 [(length) = "<=256"];
+
+  // Rules of the scan policy.
+  ScanRules rules = 4;
+}
+
+message UpdateScanPolicyRequest {
+  // ID of the scan policy.
+  string scan_policy_id = 1 [(required) = true, (length) = "<=50"];
+
+  // Field mask that specifies which fields of the scan policy resource are going to be updated.
+  google.protobuf.FieldMask update_mask = 2;
+
+  // Name of the scan policy.
+  string name = 3 [(pattern) = "|[a-z][-a-z0-9]{1,61}[a-z0-9]"];
+
+  // Description of the scan policy.
+  string description = 4 [(length) = "<=256"];
+
+  // Rules of the scan policy.
+  ScanRules rules = 5;
+}
+
+message DeleteScanPolicyRequest {
+  // ID of the scan policy.
+  string scan_policy_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message CreateScanPolicyMetadata {
+  // ID of created scan policy resource.
+  string scan_policy_id = 1;
+}
+
+message UpdateScanPolicyMetadata {
+  // ID of the scan policy resource that is updated.
+  string scan_policy_id = 1;
+}
+
+message DeleteScanPolicyMetadata {
+  // ID of the scan policy resource that is deleted.
+  string scan_policy_id = 1;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scanner.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scanner.proto
new file mode 100644
index 0000000000..1d554981a6
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scanner.proto
@@ -0,0 +1,131 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/validation.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A ScanResult resource.
+message ScanResult {
+    enum Status {
+        STATUS_UNSPECIFIED = 0;
+
+        // Image scan is in progress.
+        RUNNING = 1;
+
+        // Image has been scanned and result is ready.
+        READY = 2;
+
+        // Image scan is failed.
+        ERROR = 3;
+    }
+
+    // Output only. ID of the ScanResult.
+    string id = 1;
+
+    // Output only. ID of the Image that the ScanResult belongs to.
+    string image_id = 2;
+
+    // Output only. The timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format when the scan been finished.
+    google.protobuf.Timestamp scanned_at = 3;
+
+    // Output only. The status of the ScanResult.
+    Status status = 4;
+
+    // Output only. Summary information about vulnerabilities found.
+    VulnerabilityStats vulnerabilities = 5;
+}
+
+// A VulnerabilityStats resource.
+message VulnerabilityStats {
+    // Count of CRITICAL vulnerabilities.
+    int64 critical = 1;
+
+    // Count of HIGH vulnerabilities.
+    int64 high = 2;
+
+    // Count of MEDIUM vulnerabilities.
+    int64 medium = 3;
+
+    // Count of LOW vulnerabilities.
+    int64 low = 4;
+
+    // Count of NEGLIGIBLE vulnerabilities.
+    int64 negligible = 5;
+
+    // Count of other vulnerabilities.
+    int64 undefined = 6;
+}
+
+// A Vulnerability resource.
+message Vulnerability {
+    enum Severity {
+        SEVERITY_UNSPECIFIED = 0;
+
+        // Critical severity is a world-burning problem, exploitable for nearly all users.
+        // Includes remote root privilege escalations, or massive data loss.
+        CRITICAL = 1;
+
+        // High severity is a real problem, exploitable for many users in a default installation.
+        // Includes serious remote denial of services, local root privilege escalations, or data loss.
+        HIGH = 2;
+
+        // Medium severity is a real security problem, and is exploitable for many users.
+        // Includes network daemon denial of service attacks, cross-site scripting, and gaining user privileges.
+        // Updates should be made soon for this priority of issue.
+        MEDIUM = 3;
+
+        // Low severity is a security problem, but is hard to exploit due to environment, requires a user-assisted attack,
+        // a small install base, or does very little damage. These tend to be included in security updates only when
+        // higher priority issues require an update, or if many low priority issues have built up.
+        LOW = 4;
+
+        // Negligible severity is technically a security problem, but is only theoretical in nature, requires a very special situation,
+        // has almost no install base, or does no real damage. These tend not to get backport from upstream,
+        // and will likely not be included in security updates unless there is an easy fix and some other issue causes an update.
+        NEGLIGIBLE = 5;
+
+        // Unknown severity is either a security problem that has not been assigned to a priority yet or
+        // a priority that our system did not recognize.
+        UNDEFINED = 6;
+    }
+
+    // Output only. Severity of the Vulnerability.
+    Severity severity = 1;
+
+    // Details of vulnerability depending on type. Only `package` vulnerability is supported at the moment.
+    oneof vulnerability {
+        option (exactly_one) = true;
+        PackageVulnerability package = 2;
+    }
+}
+
+// A PackageVulnerability resource.
+message PackageVulnerability {
+    // Name of vulnerability in CVE database.
+    string name = 1;
+
+    // URL to the page with description of vulnerability.
+    string link = 2;
+
+    // The package name where vulnerability has been found.
+    string package = 3;
+
+    // The package manager name. Ex.: yum, rpm, dpkg.
+    string source = 4;
+
+    // The version of the package where vulnerability has been found.
+    string version = 5;
+
+    // The version of the package where vulnerability has been fixed.
+    string fixed_by = 6;
+
+    // The place where vulnerability is originated (OS, lang package, etc.)
+    string origin = 7;
+
+    // The type of vulnerability origin - name of OS if origin="os" or package type (jar, gobinary, etc.) if origin="lang"
+    string type = 8;
+}
diff --git a/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scanner_service.proto b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scanner_service.proto
new file mode 100644
index 0000000000..110946f431
--- /dev/null
+++ b/contrib/libs/yandex-cloud-api-protos/yandex/cloud/containerregistry/v1/scanner_service.proto
@@ -0,0 +1,159 @@
+syntax = "proto3";
+
+package yandex.cloud.containerregistry.v1;
+
+import "yandex/cloud/api/operation.proto";
+import "yandex/cloud/containerregistry/v1/scanner.proto";
+import "yandex/cloud/operation/operation.proto";
+import "yandex/cloud/validation.proto";
+import "google/api/annotations.proto";
+
+option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/containerregistry/v1;containerregistry";
+option java_package = "yandex.cloud.api.containerregistry.v1";
+
+// A set of methods for scanning Docker images.
+service ScannerService {
+
+  // Executes scanning of specified image.
+  rpc Scan (ScanRequest) returns (operation.Operation) {
+    option (google.api.http) = {post: "/container-registry/v1/scans" body: "*"};
+    option (yandex.cloud.api.operation) = {
+      metadata: "ScanMetadata"
+      response: "ScanResult"
+    };
+  }
+
+  // Returns the specified ScanResult resource.
+  //
+  // To get the list of ScanResults for specified Image, make a [List] request.
+  rpc Get (GetScanResultRequest) returns (ScanResult) {
+    option (google.api.http) = {get: "/container-registry/v1/scans/{scan_result_id}"};
+  }
+
+  // Returns the last finished ScanResult for the specified Image.
+  rpc GetLast (GetLastScanResultRequest) returns (ScanResult) {
+    option (google.api.http) = {get: "/container-registry/v1/images/{image_id}:lastScanResult"};
+  }
+
+  // Retrieves the list of ScanResults for specified Image.
+  rpc List (ListScanResultsRequest) returns (ListScanResultsResponse) {
+    option (google.api.http) = {get: "/container-registry/v1/scans"};
+  }
+
+  // Retrieves the list of vulnerabilities found in particular scan.
+  rpc ListVulnerabilities (ListVulnerabilitiesRequest) returns (ListVulnerabilitiesResponse) {
+    option (google.api.http) = {get: "/container-registry/v1/scans/{scan_result_id}:listVulnerabilities"};
+  }
+
+}
+
+message ScanRequest {
+  // ID of the Image to be scanned for vulnerabilities.
+  string image_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message ScanMetadata {
+  // ID of the ScanResult that is being created.
+  string scan_result_id = 1;
+}
+
+message GetScanResultRequest {
+  // ID of the ScanResult to return.
+  string scan_result_id = 1 [(required) = true, (length) = "<=50"];
+}
+
+message GetLastScanResultRequest {
+  // ID of the Image to get last finished ScanResult.
+  string image_id = 1 [(length) = "<=50"];
+}
+
+message ListScanResultsRequest {
+  // ID of the Image or Repository to list ScanResults for.
+  //
+  // To get the image ID use a [yandex.cloud.containerregistry.v1.ImageService.List] request.
+  // To get the repository ID use a [yandex.cloud.containerregistry.v1.RepositoryService.List] request.
+  oneof id {
+    option (exactly_one) = true;
+    string image_id = 1 [(length) = "<=50"];
+    string repository_id = 2 [(length) = "<=50"];
+  }
+
+  // The maximum number of results per page to return. If the number of available
+  // results is larger than [page_size],
+  // the service returns a [ListRegistriesResponse.next_page_token]
+  // that can be used to get the next page of results in subsequent list requests.
+  // Default value: 100.
+  int64 page_size = 3 [(value) = "0-1000"];
+
+  // Page token. To get the next page of results, set [page_token] to the
+  // [ListRegistriesResponse.next_page_token] returned by a previous list request.
+  string page_token = 4 [(length) = "<=100"];
+
+    // A filter expression that filters resources listed in the response.
+    // The expression must specify:
+    // 1. The field name. Currently you can use filtering only on [ScanResult.status] field.
+    // 2. An `=` operator.
+    // 3. The value in double quotes (`"`).
+    string filter = 5 [(length) = "<=1000"];
+
+  // An order expression that orders resources listed in the response.
+  // The expression must specify:
+  // 1. The field name. Currently you can use filtering only on [ScanResult.status] field.
+  // 2. Order selector. Currently you can use ordering only on `ScanResult.status` field (critical first).
+  string order_by = 6 [(length) = "<=100"];
+}
+
+message ListScanResultsResponse {
+  // List of ScanResult resources.
+  repeated ScanResult scan_results = 1;
+
+  // This token allows you to get the next page of results for list requests. If the number of results
+  // is larger than [ListImagesRequest.page_size], use
+  // the [next_page_token] as the value
+  // for the [ListImagesRequest.page_token] query parameter
+  // in the next list request. Each subsequent list request will have its own
+  // [next_page_token] to continue paging through the results.
+  string next_page_token = 2;
+}
+
+message ListVulnerabilitiesRequest {
+  // ID of the ScanResult to get list of vulnerabilities for.
+  string scan_result_id = 1 [(required) = true, (length) = "<=50"];
+
+  // The maximum number of results per page to return. If the number of available
+  // results is larger than [page_size],
+  // the service returns a [ListRegistriesResponse.next_page_token]
+  // that can be used to get the next page of results in subsequent list requests.
+  // Default value: 100.
+  int64 page_size = 2 [(value) = "0-1000"];
+
+  // Page token. To get the next page of results, set [page_token] to the
+  // [ListRegistriesResponse.next_page_token] returned by a previous list request.
+  string page_token = 3 [(length) = "<=100"];
+
+    // A filter expression that filters resources listed in the response.
+    // The expression must specify:
+    // 1. The field name. Currently you can use filtering only on [Vulnerability.severity] and [PackageVulnerability.name] fields.
+    // 2. An `=` operator.
+    // 3. The value in double quotes (`"`).
+    string filter = 4 [(length) = "<=1000"];
+
+  // An order expression that orders resources listed in the response.
+  // The expression must specify:
+  // 1. The field name. Currently you can use filtering only on [Vulnerability.severity] and [PackageVulnerability.name] fields.
+  // 2. Order selector. Currently you can use ordering only on `Vulnerability.severity` field (recent first).
+  string order_by = 5 [(length) = "<=100"];
+}
+
+message ListVulnerabilitiesResponse {
+  // List of Vulnerability resources.
+  repeated Vulnerability vulnerabilities = 1;
+
+  // This token allows you to get the next page of results for list requests. If the number of results
+  // is larger than [ListImagesRequest.page_size], use
+  // the [next_page_token] as the value
+  // for the [ListImagesRequest.page_token] query parameter
+  // in the next list request. Each subsequent list request will have its own
+  // [next_page_token] to continue paging through the results.
+  string next_page_token = 2;
+}