xuyiping
/
kpt-grpc-demo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
							// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.connectors.v1;

import "google/cloud/connectors/v1/common.proto";

option go_package = "google.golang.org/genproto/googleapis/cloud/connectors/v1;connectors";
option java_multiple_files = true;
option java_outer_classname = "AuthConfigProto";
option java_package = "com.google.cloud.connectors.v1";

// AuthConfig defines details of a authentication type.
message AuthConfig {
  // Parameters to support Username and Password Authentication.
  message UserPassword {
    // Username.
    string username = 1;

    // Secret version reference containing the password.
    Secret password = 2;
  }

  // Parameters to support JSON Web Token (JWT) Profile for Oauth 2.0
  // Authorization Grant based authentication.
  // See https://tools.ietf.org/html/rfc7523 for more details.
  message Oauth2JwtBearer {
    // JWT claims used for the jwt-bearer authorization grant.
    message JwtClaims {
      // Value for the "iss" claim.
      string issuer = 1;

      // Value for the "sub" claim.
      string subject = 2;

      // Value for the "aud" claim.
      string audience = 3;
    }

    // Secret version reference containing a PKCS#8 PEM-encoded private
    // key associated with the Client Certificate. This private key will be
    // used to sign JWTs used for the jwt-bearer authorization grant.
    // Specified in the form as: `projects/*/secrets/*/versions/*`.
    Secret client_key = 1;

    // JwtClaims providers fields to generate the token.
    JwtClaims jwt_claims = 2;
  }

  // Parameters to support Oauth 2.0 Client Credentials Grant Authentication.
  // See https://tools.ietf.org/html/rfc6749#section-1.3.4 for more details.
  message Oauth2ClientCredentials {
    // The client identifier.
    string client_id = 1;

    // Secret version reference containing the client secret.
    Secret client_secret = 2;
  }

  // Parameters to support Ssh public key Authentication.
  message SshPublicKey {
    // The user account used to authenticate.
    string username = 1;

    // This is an optional field used in case client has enabled multi-factor
    // authentication
    Secret password = 2;

    // SSH Client Cert. It should contain both public and private key.
    Secret ssh_client_cert = 3;

    // Format of SSH Client cert.
    string cert_type = 4;

    // Password (passphrase) for ssh client certificate if it has one.
    Secret ssh_client_cert_pass = 5;
  }

  // The type of authentication configured.
  AuthType auth_type = 1;

  // Supported auth types.
  oneof type {
    // UserPassword.
    UserPassword user_password = 2;

    // Oauth2JwtBearer.
    Oauth2JwtBearer oauth2_jwt_bearer = 3;

    // Oauth2ClientCredentials.
    Oauth2ClientCredentials oauth2_client_credentials = 4;

    // SSH Public Key.
    SshPublicKey ssh_public_key = 6;
  }

  // List containing additional auth configs.
  repeated ConfigVariable additional_variables = 5;
}

// AuthConfigTemplate defines required field over an authentication type.
message AuthConfigTemplate {
  // The type of authentication configured.
  AuthType auth_type = 1;

  // Config variables to describe an `AuthConfig` for a `Connection`.
  repeated ConfigVariableTemplate config_variable_templates = 2;
}

// AuthType defines different authentication types.
enum AuthType {
  // Authentication type not specified.
  AUTH_TYPE_UNSPECIFIED = 0;

  // Username and Password Authentication.
  USER_PASSWORD = 1;

  // JSON Web Token (JWT) Profile for Oauth 2.0
  // Authorization Grant based authentication
  OAUTH2_JWT_BEARER = 2;

  // Oauth 2.0 Client Credentials Grant Authentication
  OAUTH2_CLIENT_CREDENTIALS = 3;

  // SSH Public Key Authentication
  SSH_PUBLIC_KEY = 4;
}