xref: /aosp_15_r20/external/federated-compute/fcp/protos/federatedcompute/common.proto (revision 14675a029014e728ec732f129a32e299b2da0601) 
1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.internal.federatedcompute.v1;
18
19import "google/protobuf/duration.proto";
20
21option java_package = "com.google.internal.federatedcompute.v1";
22option java_multiple_files = true;
23option java_outer_classname = "FederatedComputeApi";
24
25// Information that tells the client where to send the request for the next
26// protocol phase (the immediately following phase only, not any additional
27// subsequent phases). For example, this may point to the frontend to which
28// a StartTaskAssignmentRequest should be sent, but it should not then be used
29// for uploading aggregation results. A ForwardingInfo will always be returned
30// to the client unless the client was not selected to continue with the
31// protocol.
32message ForwardingInfo {
33  // A URI prefix for the next service to send the request for the next protocol
34  // phase to.
35  //
36  // The URI prefix must always start with "https://".
37  //
38  // The URI prefix may end with a trailing '/', but is not required to. During
39  // the construction of the next protocol request, a slash will always be
40  // inserted by the client between this prefix and the request's URI suffix.
41  //
42  // For example, if some protocol response's ForwardingInfo contains the prefix
43  // "https://foo.bar.com" or "https://foo.bar.com/", and if the subsequent
44  // protocol request's URI suffix is "/baz", then the subsequent request's full
45  // URI would be "https://foo.bar.com/baz".
46  string target_uri_prefix = 1;
47  // Request headers that should be included with the next request for the next
48  // protocol phase. Note that these headers should only be applied to protocol
49  // requests (incl. requests to the long running `Operations` service), but not
50  // to any `Resource` fetch requests.
51  map<string, string> extra_request_headers = 2;
52}
53
54// The attestation measurement providing evidence of integrity for a client.
55message AttestationMeasurement {
56  string value = 1;
57}
58
59message ClientVersion {
60  // Version code identifying the client release.
61  string version_code = 1;
62}
63
64message Resource {
65  // A resource can either be downloaded via a URI, or has its data inlined in
66  // in this message itself.
67  oneof resource {
68    // The URI the resource can be downloaded from. Note that
69    // `ForwardingInfo.target_uri_prefix` field generally don't apply to these
70    // URIs.
71    string uri = 1;
72
73    // The inlined data for the resource. This will eventually replace `data`.
74    InlineResource inline_resource = 3;
75  }
76
77  message InlineResource {
78    // The inlined data for the resource.
79    bytes data = 1;
80
81    // The compression used for the inlined data, or unset if the data is
82    // uncompressed.
83    optional ResourceCompressionFormat compression_format = 2;
84  }
85
86  // Stable identifier for this resource, used by the client cache
87  // implementation. If this field is not set, the client should not attempt to
88  // cache the resource referenced by `uri`. Not set for inline_resources.
89  string client_cache_id = 4;
90
91  // The maximum duration for how long the resource should be cached by the
92  // client. Not set if `client_cache_id` is not set.
93  google.protobuf.Duration max_age = 5;
94
95  // The compression used for resource, or unset if the data is
96  // uncompressed.
97  optional ResourceCompressionFormat compression_format = 999;
98
99  reserved 2;
100}
101
102// The client's capabilities for processing Resource messages, such as the
103// compressed file formats supported.
104message ResourceCapabilities {
105  // Compression formats supported for resources downloaded via `Resource.uri`.
106  // All clients are assumed to support uncompressed payloads.
107  repeated ResourceCompressionFormat supported_compression_formats = 1;
108}
109
110// Different file formats that may be used to compress resources.
111enum ResourceCompressionFormat {
112  RESOURCE_COMPRESSION_FORMAT_UNSPECIFIED = 0;
113  // Gzip-compressed data. If data is compressed in this way, then the
114  // "Content-Type" HTTP response header will have a "+gzip" suffix.
115  RESOURCE_COMPRESSION_FORMAT_GZIP = 1;
116}
117
118// Currently empty message which is sent when client (device) is rejected for
119// participation and is not assigned a task.
120// Next id: 1004
121message RejectionInfo {
122
123  RejectionReason.Enum reason = 1001;
124
125  // Metadata for client to take next action.
126  oneof metadata {
127    // Retry after a period of time.
128    RetryWindow retry_window = 1002;
129
130    // The field is used when the RejectionReason is UNAUTHENTICATED.
131    AuthenticationMetadata auth_metadata = 1003;
132  }
133}
134
135// The metadata used to authenticate a device.
136// Next Id: 2
137message AuthenticationMetadata {
138  KeyAttestationAuthMetadata key_attestation_metadata = 1;
139}
140
141// The metadata to authenticate with key attestation.
142// Next Id: 2
143message KeyAttestationAuthMetadata {
144  // The challenge to generate hardware-backed key pairs on device.
145  bytes challenge = 1;
146}
147
148// Next id: 4
149message RejectionReason {
150  enum Enum {
151    // Unknown status.
152    UNKNOWN = 0;
153
154    // There is no available task to join.
155    NO_TASK_AVAILABLE = 1;
156
157    // No permission to do the operation.
158    UNAUTHORIZED = 2;
159
160    // The device is not authenticated to the server.
161    UNAUTHENTICATED = 3;
162  }
163}
164
165// A suggestion to the client when to retry the connection to the service next
166// time
167message RetryWindow {
168  // The suggested minimal duration after which the client should
169  // retry. If the client retries earlier, it is likely it will be rejected
170  // again.
171  google.protobuf.Duration delay_min = 1;
172
173  // Required. The suggested maximal duration after which the client should
174  // retry, provided scheduling conditions allow. The client is supposed to make
175  // a best effort to callback in the min..max window, and should avoid
176  // calling before min. If the client calls after max, the likelihood to be
177  // rejected again is higher.
178  google.protobuf.Duration delay_max = 2;
179}
180
181// Information about where to upload data (e.g. aggregation results, client
182// stats).
183message ByteStreamResource {
184  // Information to construct the URI to use for uploading the data.
185  ForwardingInfo data_upload_forwarding_info = 1;
186  // Resource name to which the data should be uploaded.
187  // Clients should use this field as well as the
188  // `ForwardingInfo.target_uri_prefix` to create the upload URL:
189  // {target_uri_prefix}/upload/v1/media/{resource_name} (where
190  // `{resource_name}` should be encoded as a multipath segment, as described
191  // in
192  // https://github.com/googleapis/googleapis/blob/master/google/api/http.proto).
193  string resource_name = 2;
194}
195
196// Copied from //google/rpc/status.proto.
197message Status {
198  // The status code, which should be an enum value of [google.rpc.Code][].
199  int32 code = 1;
200
201  string message = 2;
202}
203
204enum Code {
205  // Not an error; returned on success.
206  //
207  // HTTP Mapping: 200 OK
208  OK = 0;
209
210  // The operation was cancelled, typically by the caller.
211  //
212  // HTTP Mapping: 499 Client Closed Request
213  CANCELLED = 1;
214
215  // Unknown error.  For example, this error may be returned when
216  // a `Status` value received from another address space belongs to
217  // an error space that is not known in this address space.  Also
218  // errors raised by APIs that do not return enough error information
219  // may be converted to this error.
220  //
221  // HTTP Mapping: 500 Internal Server Error
222  UNKNOWN = 2;
223
224  // The client specified an invalid argument.  Note that this differs
225  // from `FAILED_PRECONDITION`.  `INVALID_ARGUMENT` indicates arguments
226  // that are problematic regardless of the state of the system
227  // (e.g., a malformed file name).
228  //
229  // HTTP Mapping: 400 Bad Request
230  INVALID_ARGUMENT = 3;
231
232  // The deadline expired before the operation could complete. For operations
233  // that change the state of the system, this error may be returned
234  // even if the operation has completed successfully.  For example, a
235  // successful response from a server could have been delayed long
236  // enough for the deadline to expire.
237  //
238  // HTTP Mapping: 504 Gateway Timeout
239  DEADLINE_EXCEEDED = 4;
240
241  // Some requested entity (e.g., file or directory) was not found.
242  //
243  // Note to server developers: if a request is denied for an entire class
244  // of users, such as gradual feature rollout or undocumented allowlist,
245  // `NOT_FOUND` may be used. If a request is denied for some users within
246  // a class of users, such as user-based access control, `PERMISSION_DENIED`
247  // must be used.
248  //
249  // HTTP Mapping: 404 Not Found
250  NOT_FOUND = 5;
251
252  // The entity that a client attempted to create (e.g., file or directory)
253  // already exists.
254  //
255  // HTTP Mapping: 409 Conflict
256  ALREADY_EXISTS = 6;
257
258  // The caller does not have permission to execute the specified
259  // operation. `PERMISSION_DENIED` must not be used for rejections
260  // caused by exhausting some resource (use `RESOURCE_EXHAUSTED`
261  // instead for those errors). `PERMISSION_DENIED` must not be
262  // used if the caller can not be identified (use `UNAUTHENTICATED`
263  // instead for those errors). This error code does not imply the
264  // request is valid or the requested entity exists or satisfies
265  // other pre-conditions.
266  //
267  // HTTP Mapping: 403 Forbidden
268  PERMISSION_DENIED = 7;
269
270  // The request does not have valid authentication credentials for the
271  // operation.
272  //
273  // HTTP Mapping: 401 Unauthorized
274  UNAUTHENTICATED = 16;
275
276  // Some resource has been exhausted, perhaps a per-user quota, or
277  // perhaps the entire file system is out of space.
278  //
279  // HTTP Mapping: 429 Too Many Requests
280  RESOURCE_EXHAUSTED = 8;
281
282  // The operation was rejected because the system is not in a state
283  // required for the operation's execution.  For example, the directory
284  // to be deleted is non-empty, an rmdir operation is applied to
285  // a non-directory, etc.
286  //
287  // Service implementors can use the following guidelines to decide
288  // between `FAILED_PRECONDITION`, `ABORTED`, and `UNAVAILABLE`:
289  //  (a) Use `UNAVAILABLE` if the client can retry just the failing call.
290  //  (b) Use `ABORTED` if the client should retry at a higher level. For
291  //      example, when a client-specified test-and-set fails, indicating the
292  //      client should restart a read-modify-write sequence.
293  //  (c) Use `FAILED_PRECONDITION` if the client should not retry until
294  //      the system state has been explicitly fixed. For example, if an "rmdir"
295  //      fails because the directory is non-empty, `FAILED_PRECONDITION`
296  //      should be returned since the client should not retry unless
297  //      the files are deleted from the directory.
298  //
299  // HTTP Mapping: 400 Bad Request
300  FAILED_PRECONDITION = 9;
301
302  // The operation was aborted, typically due to a concurrency issue such as
303  // a sequencer check failure or transaction abort.
304  //
305  // See the guidelines above for deciding between `FAILED_PRECONDITION`,
306  // `ABORTED`, and `UNAVAILABLE`.
307  //
308  // HTTP Mapping: 409 Conflict
309  ABORTED = 10;
310
311  // The operation was attempted past the valid range.  E.g., seeking or
312  // reading past end-of-file.
313  //
314  // Unlike `INVALID_ARGUMENT`, this error indicates a problem that may
315  // be fixed if the system state changes. For example, a 32-bit file
316  // system will generate `INVALID_ARGUMENT` if asked to read at an
317  // offset that is not in the range [0,2^32-1], but it will generate
318  // `OUT_OF_RANGE` if asked to read from an offset past the current
319  // file size.
320  //
321  // There is a fair bit of overlap between `FAILED_PRECONDITION` and
322  // `OUT_OF_RANGE`.  We recommend using `OUT_OF_RANGE` (the more specific
323  // error) when it applies so that callers who are iterating through
324  // a space can easily look for an `OUT_OF_RANGE` error to detect when
325  // they are done.
326  //
327  // HTTP Mapping: 400 Bad Request
328  OUT_OF_RANGE = 11;
329
330  // The operation is not implemented or is not supported/enabled in this
331  // service.
332  //
333  // HTTP Mapping: 501 Not Implemented
334  UNIMPLEMENTED = 12;
335
336  // Internal errors.  This means that some invariants expected by the
337  // underlying system have been broken.  This error code is reserved
338  // for serious errors.
339  //
340  // HTTP Mapping: 500 Internal Server Error
341  INTERNAL = 13;
342
343  // The service is currently unavailable.  This is most likely a
344  // transient condition, which can be corrected by retrying with
345  // a backoff. Note that it is not always safe to retry
346  // non-idempotent operations.
347  //
348  // See the guidelines above for deciding between `FAILED_PRECONDITION`,
349  // `ABORTED`, and `UNAVAILABLE`.
350  //
351  // HTTP Mapping: 503 Service Unavailable
352  UNAVAILABLE = 14;
353
354  // Unrecoverable data loss or corruption.
355  //
356  // HTTP Mapping: 500 Internal Server Error
357  DATA_LOSS = 15;
358}
359