kpt-grpc-demo/google/cloud/iot/v1/resources.proto

// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.iot.v1;

import "google/api/resource.proto";
import "google/protobuf/timestamp.proto";
import "google/rpc/status.proto";

option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/cloud/iot/v1;iot";
option java_multiple_files = true;
option java_outer_classname = "ResourcesProto";
option java_package = "com.google.cloud.iot.v1";

// The device resource.
message Device {
  option (google.api.resource) = {
    type: "cloudiot.googleapis.com/Device"
    pattern: "projects/{project}/locations/{location}/registries/{registry}/devices/{device}"
  };

  // The user-defined device identifier. The device ID must be unique
  // within a device registry.
  string id = 1;

  // The resource path name. For example,
  // `projects/p1/locations/us-central1/registries/registry0/devices/dev0` or
  // `projects/p1/locations/us-central1/registries/registry0/devices/{num_id}`.
  // When `name` is populated as a response from the service, it always ends
  // in the device numeric ID.
  string name = 2;

  // [Output only] A server-defined unique numeric ID for the device. This is a
  // more compact way to identify devices, and it is globally unique.
  uint64 num_id = 3;

  // The credentials used to authenticate this device. To allow credential
  // rotation without interruption, multiple device credentials can be bound to
  // this device. No more than 3 credentials can be bound to a single device at
  // a time. When new credentials are added to a device, they are verified
  // against the registry credentials. For details, see the description of the
  // `DeviceRegistry.credentials` field.
  repeated DeviceCredential credentials = 12;

  // [Output only] The last time an MQTT `PINGREQ` was received. This field
  // applies only to devices connecting through MQTT. MQTT clients usually only
  // send `PINGREQ` messages if the connection is idle, and no other messages
  // have been sent. Timestamps are periodically collected and written to
  // storage; they may be stale by a few minutes.
  google.protobuf.Timestamp last_heartbeat_time = 7;

  // [Output only] The last time a telemetry event was received. Timestamps are
  // periodically collected and written to storage; they may be stale by a few
  // minutes.
  google.protobuf.Timestamp last_event_time = 8;

  // [Output only] The last time a state event was received. Timestamps are
  // periodically collected and written to storage; they may be stale by a few
  // minutes.
  google.protobuf.Timestamp last_state_time = 20;

  // [Output only] The last time a cloud-to-device config version acknowledgment
  // was received from the device. This field is only for configurations
  // sent through MQTT.
  google.protobuf.Timestamp last_config_ack_time = 14;

  // [Output only] The last time a cloud-to-device config version was sent to
  // the device.
  google.protobuf.Timestamp last_config_send_time = 18;

  // If a device is blocked, connections or requests from this device will fail.
  // Can be used to temporarily prevent the device from connecting if, for
  // example, the sensor is generating bad data and needs maintenance.
  bool blocked = 19;

  // [Output only] The time the most recent error occurred, such as a failure to
  // publish to Cloud Pub/Sub. This field is the timestamp of
  // 'last_error_status'.
  google.protobuf.Timestamp last_error_time = 10;

  // [Output only] The error message of the most recent error, such as a failure
  // to publish to Cloud Pub/Sub. 'last_error_time' is the timestamp of this
  // field. If no errors have occurred, this field has an empty message
  // and the status code 0 == OK. Otherwise, this field is expected to have a
  // status code other than OK.
  google.rpc.Status last_error_status = 11;

  // The most recent device configuration, which is eventually sent from
  // Cloud IoT Core to the device. If not present on creation, the
  // configuration will be initialized with an empty payload and version value
  // of `1`. To update this field after creation, use the
  // `DeviceManager.ModifyCloudToDeviceConfig` method.
  DeviceConfig config = 13;

  // [Output only] The state most recently received from the device. If no state
  // has been reported, this field is not present.
  DeviceState state = 16;

  // **Beta Feature**
  //
  // The logging verbosity for device activity. If unspecified,
  // DeviceRegistry.log_level will be used.
  LogLevel log_level = 21;

  // The metadata key-value pairs assigned to the device. This metadata is not
  // interpreted or indexed by Cloud IoT Core. It can be used to add contextual
  // information for the device.
  //
  // Keys must conform to the regular expression [a-zA-Z][a-zA-Z0-9-_.+~%]+ and
  // be less than 128 bytes in length.
  //
  // Values are free-form strings. Each value must be less than or equal to 32
  // KB in size.
  //
  // The total size of all keys and values must be less than 256 KB, and the
  // maximum number of key-value pairs is 500.
  map<string, string> metadata = 17;

  // Gateway-related configuration and state.
  GatewayConfig gateway_config = 24;
}

// Gateway-related configuration and state.
message GatewayConfig {
  // Indicates whether the device is a gateway.
  GatewayType gateway_type = 1;

  // Indicates how to authorize and/or authenticate devices to access the
  // gateway.
  GatewayAuthMethod gateway_auth_method = 2;

  // [Output only] The ID of the gateway the device accessed most recently.
  string last_accessed_gateway_id = 3;

  // [Output only] The most recent time at which the device accessed the gateway
  // specified in `last_accessed_gateway`.
  google.protobuf.Timestamp last_accessed_gateway_time = 4;
}

// A container for a group of devices.
message DeviceRegistry {
  option (google.api.resource) = {
    type: "cloudiot.googleapis.com/Registry"
    pattern: "projects/{project}/locations/{location}/registries/{registry}"
  };

  // The identifier of this device registry. For example, `myRegistry`.
  string id = 1;

  // The resource path name. For example,
  // `projects/example-project/locations/us-central1/registries/my-registry`.
  string name = 2;

  // The configuration for notification of telemetry events received from the
  // device. All telemetry events that were successfully published by the
  // device and acknowledged by Cloud IoT Core are guaranteed to be
  // delivered to Cloud Pub/Sub. If multiple configurations match a message,
  // only the first matching configuration is used. If you try to publish a
  // device telemetry event using MQTT without specifying a Cloud Pub/Sub topic
  // for the device's registry, the connection closes automatically. If you try
  // to do so using an HTTP connection, an error is returned. Up to 10
  // configurations may be provided.
  repeated EventNotificationConfig event_notification_configs = 10;

  // The configuration for notification of new states received from the device.
  // State updates are guaranteed to be stored in the state history, but
  // notifications to Cloud Pub/Sub are not guaranteed. For example, if
  // permissions are misconfigured or the specified topic doesn't exist, no
  // notification will be published but the state will still be stored in Cloud
  // IoT Core.
  StateNotificationConfig state_notification_config = 7;

  // The MQTT configuration for this device registry.
  MqttConfig mqtt_config = 4;

  // The DeviceService (HTTP) configuration for this device registry.
  HttpConfig http_config = 9;

  // **Beta Feature**
  //
  // The default logging verbosity for activity from devices in this registry.
  // The verbosity level can be overridden by Device.log_level.
  LogLevel log_level = 11;

  // The credentials used to verify the device credentials. No more than 10
  // credentials can be bound to a single registry at a time. The verification
  // process occurs at the time of device creation or update. If this field is
  // empty, no verification is performed. Otherwise, the credentials of a newly
  // created device or added credentials of an updated device should be signed
  // with one of these registry credentials.
  //
  // Note, however, that existing devices will never be affected by
  // modifications to this list of credentials: after a device has been
  // successfully created in a registry, it should be able to connect even if
  // its registry credentials are revoked, deleted, or modified.
  repeated RegistryCredential credentials = 8;
}

// The configuration of MQTT for a device registry.
message MqttConfig {
  // If enabled, allows connections using the MQTT protocol. Otherwise, MQTT
  // connections to this registry will fail.
  MqttState mqtt_enabled_state = 1;
}

// Indicates whether an MQTT connection is enabled or disabled. See the field
// description for details.
enum MqttState {
  // No MQTT state specified. If not specified, MQTT will be enabled by default.
  MQTT_STATE_UNSPECIFIED = 0;

  // Enables a MQTT connection.
  MQTT_ENABLED = 1;

  // Disables a MQTT connection.
  MQTT_DISABLED = 2;
}

// The configuration of the HTTP bridge for a device registry.
message HttpConfig {
  // If enabled, allows devices to use DeviceService via the HTTP protocol.
  // Otherwise, any requests to DeviceService will fail for this registry.
  HttpState http_enabled_state = 1;
}

// Indicates whether DeviceService (HTTP) is enabled or disabled for the
// registry. See the field description for details.
enum HttpState {
  // No HTTP state specified. If not specified, DeviceService will be
  // enabled by default.
  HTTP_STATE_UNSPECIFIED = 0;

  // Enables DeviceService (HTTP) service for the registry.
  HTTP_ENABLED = 1;

  // Disables DeviceService (HTTP) service for the registry.
  HTTP_DISABLED = 2;
}

// **Beta Feature**
//
// The logging verbosity for device activity. Specifies which events should be
// written to logs. For example, if the LogLevel is ERROR, only events that
// terminate in errors will be logged. LogLevel is inclusive; enabling INFO
// logging will also enable ERROR logging.
enum LogLevel {
  // No logging specified. If not specified, logging will be disabled.
  LOG_LEVEL_UNSPECIFIED = 0;

  // Disables logging.
  NONE = 10;

  // Error events will be logged.
  ERROR = 20;

  // Informational events will be logged, such as connections and
  // disconnections.
  INFO = 30;

  // All events will be logged.
  DEBUG = 40;
}

// Gateway type.
enum GatewayType {
  // If unspecified, the device is considered a non-gateway device.
  GATEWAY_TYPE_UNSPECIFIED = 0;

  // The device is a gateway.
  GATEWAY = 1;

  // The device is not a gateway.
  NON_GATEWAY = 2;
}

// The gateway authorization/authentication method. This setting determines how
// Cloud IoT Core authorizes/authenticate devices to access the gateway.
enum GatewayAuthMethod {
  // No authentication/authorization method specified. No devices are allowed to
  // access the gateway.
  GATEWAY_AUTH_METHOD_UNSPECIFIED = 0;

  // The device is authenticated through the gateway association only. Device
  // credentials are ignored even if provided.
  ASSOCIATION_ONLY = 1;

  // The device is authenticated through its own credentials. Gateway
  // association is not checked.
  DEVICE_AUTH_TOKEN_ONLY = 2;

  // The device is authenticated through both device credentials and gateway
  // association. The device must be bound to the gateway and must provide its
  // own credentials.
  ASSOCIATION_AND_DEVICE_AUTH_TOKEN = 3;
}

// The configuration for forwarding telemetry events.
message EventNotificationConfig {
  // If the subfolder name matches this string exactly, this configuration will
  // be used. The string must not include the leading '/' character. If empty,
  // all strings are matched. This field is used only for telemetry events;
  // subfolders are not supported for state changes.
  string subfolder_matches = 2;

  // A Cloud Pub/Sub topic name. For example,
  // `projects/myProject/topics/deviceEvents`.
  string pubsub_topic_name = 1;
}

// The configuration for notification of new states received from the device.
message StateNotificationConfig {
  // A Cloud Pub/Sub topic name. For example,
  // `projects/myProject/topics/deviceEvents`.
  string pubsub_topic_name = 1;
}

// A server-stored registry credential used to validate device credentials.
message RegistryCredential {
  // The credential data. Reserved for expansion in the future.
  oneof credential {
    // A public key certificate used to verify the device credentials.
    PublicKeyCertificate public_key_certificate = 1;
  }
}

// Details of an X.509 certificate. For informational purposes only.
message X509CertificateDetails {
  // The entity that signed the certificate.
  string issuer = 1;

  // The entity the certificate and public key belong to.
  string subject = 2;

  // The time the certificate becomes valid.
  google.protobuf.Timestamp start_time = 3;

  // The time the certificate becomes invalid.
  google.protobuf.Timestamp expiry_time = 4;

  // The algorithm used to sign the certificate.
  string signature_algorithm = 5;

  // The type of public key in the certificate.
  string public_key_type = 6;
}

// A public key certificate format and data.
message PublicKeyCertificate {
  // The certificate format.
  PublicKeyCertificateFormat format = 1;

  // The certificate data.
  string certificate = 2;

  // [Output only] The certificate details. Used only for X.509 certificates.
  X509CertificateDetails x509_details = 3;
}

// The supported formats for the public key.
enum PublicKeyCertificateFormat {
  // The format has not been specified. This is an invalid default value and
  // must not be used.
  UNSPECIFIED_PUBLIC_KEY_CERTIFICATE_FORMAT = 0;

  // An X.509v3 certificate ([RFC5280](https://www.ietf.org/rfc/rfc5280.txt)),
  // encoded in base64, and wrapped by `-----BEGIN CERTIFICATE-----` and
  // `-----END CERTIFICATE-----`.
  X509_CERTIFICATE_PEM = 1;
}

// A server-stored device credential used for authentication.
message DeviceCredential {
  // The credential data. Reserved for expansion in the future.
  oneof credential {
    // A public key used to verify the signature of JSON Web Tokens (JWTs).
    // When adding a new device credential, either via device creation or via
    // modifications, this public key credential may be required to be signed by
    // one of the registry level certificates. More specifically, if the
    // registry contains at least one certificate, any new device credential
    // must be signed by one of the registry certificates. As a result,
    // when the registry contains certificates, only X.509 certificates are
    // accepted as device credentials. However, if the registry does
    // not contain a certificate, self-signed certificates and public keys will
    // be accepted. New device credentials must be different from every
    // registry-level certificate.
    PublicKeyCredential public_key = 2;
  }

  // [Optional] The time at which this credential becomes invalid. This
  // credential will be ignored for new client authentication requests after
  // this timestamp; however, it will not be automatically deleted.
  google.protobuf.Timestamp expiration_time = 6;
}

// A public key format and data.
message PublicKeyCredential {
  // The format of the key.
  PublicKeyFormat format = 1;

  // The key data.
  string key = 2;
}

// The supported formats for the public key.
enum PublicKeyFormat {
  // The format has not been specified. This is an invalid default value and
  // must not be used.
  UNSPECIFIED_PUBLIC_KEY_FORMAT = 0;

  // An RSA public key encoded in base64, and wrapped by
  // `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----`. This can be
  // used to verify `RS256` signatures in JWT tokens ([RFC7518](
  // https://www.ietf.org/rfc/rfc7518.txt)).
  RSA_PEM = 3;

  // As RSA_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
  // https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
  // `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
  RSA_X509_PEM = 1;

  // Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in
  // base64, and wrapped by `-----BEGIN PUBLIC KEY-----` and `-----END
  // PUBLIC KEY-----`. This can be used to verify JWT tokens with the `ES256`
  // algorithm ([RFC7518](https://www.ietf.org/rfc/rfc7518.txt)). This curve is
  // defined in [OpenSSL](https://www.openssl.org/) as the `prime256v1` curve.
  ES256_PEM = 2;

  // As ES256_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
  // https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
  // `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
  ES256_X509_PEM = 4;
}

// The device configuration. Eventually delivered to devices.
message DeviceConfig {
  // [Output only] The version of this update. The version number is assigned by
  // the server, and is always greater than 0 after device creation. The
  // version must be 0 on the `CreateDevice` request if a `config` is
  // specified; the response of `CreateDevice` will always have a value of 1.
  int64 version = 1;

  // [Output only] The time at which this configuration version was updated in
  // Cloud IoT Core. This timestamp is set by the server.
  google.protobuf.Timestamp cloud_update_time = 2;

  // [Output only] The time at which Cloud IoT Core received the
  // acknowledgment from the device, indicating that the device has received
  // this configuration version. If this field is not present, the device has
  // not yet acknowledged that it received this version. Note that when
  // the config was sent to the device, many config versions may have been
  // available in Cloud IoT Core while the device was disconnected, and on
  // connection, only the latest version is sent to the device. Some
  // versions may never be sent to the device, and therefore are never
  // acknowledged. This timestamp is set by Cloud IoT Core.
  google.protobuf.Timestamp device_ack_time = 3;

  // The device configuration data.
  bytes binary_data = 4;
}

// The device state, as reported by the device.
message DeviceState {
  // [Output only] The time at which this state version was updated in Cloud
  // IoT Core.
  google.protobuf.Timestamp update_time = 1;

  // The device state data.
  bytes binary_data = 2;
}