1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.sql.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/cloud/sql/v1/cloud_sql_resources.proto"; 22 23option go_package = "cloud.google.com/go/sql/apiv1/sqlpb;sqlpb"; 24option java_multiple_files = true; 25option java_outer_classname = "CloudSqlSslCertsProto"; 26option java_package = "com.google.cloud.sql.v1"; 27 28// LINT: LEGACY_NAMES 29 30// Service to manage SSL certs for Cloud SQL instances. 31service SqlSslCertsService { 32 option (google.api.default_host) = "sqladmin.googleapis.com"; 33 option (google.api.oauth_scopes) = 34 "https://www.googleapis.com/auth/cloud-platform," 35 "https://www.googleapis.com/auth/sqlservice.admin"; 36 37 // Deletes the SSL certificate. For First Generation instances, the 38 // certificate remains valid until the instance is restarted. 39 rpc Delete(SqlSslCertsDeleteRequest) returns (Operation) { 40 option (google.api.http) = { 41 delete: "/v1/projects/{project}/instances/{instance}/sslCerts/{sha1_fingerprint}" 42 }; 43 } 44 45 // Retrieves a particular SSL certificate. Does not include the private key 46 // (required for usage). The private key must be saved from the response to 47 // initial creation. 48 rpc Get(SqlSslCertsGetRequest) returns (SslCert) { 49 option (google.api.http) = { 50 get: "/v1/projects/{project}/instances/{instance}/sslCerts/{sha1_fingerprint}" 51 }; 52 } 53 54 // Creates an SSL certificate and returns it along with the private key and 55 // server certificate authority. The new certificate will not be usable until 56 // the instance is restarted. 57 rpc Insert(SqlSslCertsInsertRequest) returns (SslCertsInsertResponse) { 58 option (google.api.http) = { 59 post: "/v1/projects/{project}/instances/{instance}/sslCerts" 60 body: "body" 61 }; 62 } 63 64 // Lists all of the current SSL certificates for the instance. 65 rpc List(SqlSslCertsListRequest) returns (SslCertsListResponse) { 66 option (google.api.http) = { 67 get: "/v1/projects/{project}/instances/{instance}/sslCerts" 68 }; 69 } 70} 71 72message SqlSslCertsDeleteRequest { 73 // Cloud SQL instance ID. This does not include the project ID. 74 string instance = 1; 75 76 // Project ID of the project that contains the instance. 77 string project = 2; 78 79 // Sha1 FingerPrint. 80 string sha1_fingerprint = 3; 81} 82 83message SqlSslCertsGetRequest { 84 // Cloud SQL instance ID. This does not include the project ID. 85 string instance = 1; 86 87 // Project ID of the project that contains the instance. 88 string project = 2; 89 90 // Sha1 FingerPrint. 91 string sha1_fingerprint = 3; 92} 93 94message SqlSslCertsInsertRequest { 95 // Cloud SQL instance ID. This does not include the project ID. 96 string instance = 1; 97 98 // Project ID of the project that contains the instance. 99 string project = 2; 100 101 SslCertsInsertRequest body = 100; 102} 103 104message SqlSslCertsListRequest { 105 // Cloud SQL instance ID. This does not include the project ID. 106 string instance = 1; 107 108 // Project ID of the project that contains the instance. 109 string project = 2; 110} 111 112// SslCerts insert request. 113message SslCertsInsertRequest { 114 // User supplied name. Must be a distinct name from the other certificates 115 // for this instance. 116 string common_name = 1; 117} 118 119// SslCert insert response. 120message SslCertsInsertResponse { 121 // This is always `sql#sslCertsInsert`. 122 string kind = 1; 123 124 // The operation to track the ssl certs insert request. 125 Operation operation = 2; 126 127 // The server Certificate Authority's certificate. If this is missing you can 128 // force a new one to be generated by calling resetSslConfig method on 129 // instances resource. 130 SslCert server_ca_cert = 3; 131 132 // The new client certificate and private key. 133 SslCertDetail client_cert = 4; 134} 135 136// SslCerts list response. 137message SslCertsListResponse { 138 // This is always `sql#sslCertsList`. 139 string kind = 1; 140 141 // List of client certificates for the instance. 142 repeated SslCert items = 2; 143} 144