xuyiping
/
kpt-grpc-demo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224
							// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.sql.v1beta4;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/cloud/sql/v1beta4/cloud_sql_resources.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";

option go_package = "google.golang.org/genproto/googleapis/cloud/sql/v1beta4;sql";
option java_multiple_files = true;
option java_outer_classname = "CloudSqlUsersProto";
option java_package = "com.google.cloud.sql.v1beta4";

// NOTE: No sensitive PII logging is allowed. If you are adding a field/enum
// value that is sensitive PII, please add corresponding datapol annotation to
// it. For more information, please see
// https://g3doc.corp.google.com/storage/speckle/g3doc/purple_team/data_pol_annotations.md?cl=head

service SqlUsersService {
  option (google.api.default_host) = "sqladmin.googleapis.com";
  option (google.api.oauth_scopes) =
      "https://www.googleapis.com/auth/cloud-platform,"
      "https://www.googleapis.com/auth/sqlservice.admin";

  // Deletes a user from a Cloud SQL instance.
  rpc Delete(SqlUsersDeleteRequest) returns (Operation) {
    option (google.api.http) = {
      delete: "/sql/v1beta4/projects/{project}/instances/{instance}/users"
    };
  }

  // Creates a new user in a Cloud SQL instance.
  rpc Insert(SqlUsersInsertRequest) returns (Operation) {
    option (google.api.http) = {
      post: "/sql/v1beta4/projects/{project}/instances/{instance}/users"
      body: "body"
    };
  }

  // Lists users in the specified Cloud SQL instance.
  rpc List(SqlUsersListRequest) returns (UsersListResponse) {
    option (google.api.http) = {
      get: "/sql/v1beta4/projects/{project}/instances/{instance}/users"
    };
  }

  // Updates an existing user in a Cloud SQL instance.
  rpc Update(SqlUsersUpdateRequest) returns (Operation) {
    option (google.api.http) = {
      put: "/sql/v1beta4/projects/{project}/instances/{instance}/users"
      body: "body"
    };
  }
}

message SqlUsersDeleteRequest {
  // Host of the user in the instance.
  string host = 1;

  // Database instance ID. This does not include the project ID.
  string instance = 2;

  // Name of the user in the instance.
  string name = 3;

  // Project ID of the project that contains the instance.
  string project = 4;
}

message SqlUsersInsertRequest {
  // Database instance ID. This does not include the project ID.
  string instance = 1;

  // Project ID of the project that contains the instance.
  string project = 2;

  User body = 100;
}

message SqlUsersListRequest {
  // Database instance ID. This does not include the project ID.
  string instance = 1;

  // Project ID of the project that contains the instance.
  string project = 2;
}

message SqlUsersUpdateRequest {
  // Optional. Host of the user in the instance.
  string host = 1 [(google.api.field_behavior) = OPTIONAL];

  // Database instance ID. This does not include the project ID.
  string instance = 2;

  // Name of the user in the instance.
  string name = 3;

  // Project ID of the project that contains the instance.
  string project = 4;

  User body = 100;
}

// User level password validation policy.
message UserPasswordValidationPolicy {
  // Number of failed login attempts allowed before user get locked.
  int32 allowed_failed_attempts = 1;

  // Expiration duration after password is updated.
  google.protobuf.Duration password_expiration_duration = 2;

  // If true, failed login attempts check will be enabled.
  bool enable_failed_attempts_check = 3;

  // Output only. Read-only password status.
  PasswordStatus status = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Read-only password status.
message PasswordStatus {
  // If true, user does not have login privileges.
  bool locked = 1;

  // The expiration time of the current password.
  google.protobuf.Timestamp password_expiration_time = 2;
}

// A Cloud SQL user resource.
message User {
  // The user type.
  enum SqlUserType {
    // The database's built-in user type.
    BUILT_IN = 0;

    // Cloud IAM user.
    CLOUD_IAM_USER = 1;

    // Cloud IAM service account.
    CLOUD_IAM_SERVICE_ACCOUNT = 2;
  }

  // This is always `sql#user`.
  string kind = 1;

  // The password for the user.
  string password = 2;

  // This field is deprecated and will be removed from a future version of the
  // API.
  string etag = 3;

  // The name of the user in the Cloud SQL instance. Can be omitted for
  // `update` because it is already specified in the URL.
  string name = 4;

  // Optional. The host from which the user can connect. For `insert`
  // operations, host defaults to an empty string. For `update`
  // operations, host is specified as part of the request URL. The host name
  // cannot be updated after insertion.  For a MySQL instance, it's required;
  // for a PostgreSQL or SQL Server instance, it's optional.
  string host = 5 [(google.api.field_behavior) = OPTIONAL];

  // The name of the Cloud SQL instance. This does not include the project ID.
  // Can be omitted for <b>update</b> because it is already specified on the
  // URL.
  string instance = 6;

  // The project ID of the project containing the Cloud SQL database. The Google
  // apps domain is prefixed if applicable. Can be omitted for
  // <b>update</b> because it is already specified on the URL.
  string project = 7;

  // The user type. It determines the method to authenticate the user during
  // login. The default is the database's built-in user type.
  SqlUserType type = 8;

  // User details for specific database type
  oneof user_details {
    SqlServerUserDetails sqlserver_user_details = 9;
  }

  // User level password validation policy.
  UserPasswordValidationPolicy password_policy = 12;
}

// Represents a Sql Server user on the Cloud SQL instance.
message SqlServerUserDetails {
  // If the user has been disabled
  bool disabled = 1;

  // The server roles for this user
  repeated string server_roles = 2;
}

// User list response.
message UsersListResponse {
  // This is always <b>sql#usersList</b>.
  string kind = 1;

  // List of user resources in the instance.
  repeated User items = 2;

  // An identifier that uniquely identifies the operation. You can use this
  // identifier to retrieve the Operations resource that has information about
  // the operation.
  string next_page_token = 3;
}