xref: /aosp_15_r20/external/googleapis/google/api/apikeys/v2/resources.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.api.apikeys.v2;
18
19import "google/api/field_behavior.proto";
20import "google/api/resource.proto";
21import "google/protobuf/timestamp.proto";
22
23option csharp_namespace = "Google.Cloud.ApiKeys.V2";
24option go_package = "cloud.google.com/go/apikeys/apiv2/apikeyspb;apikeyspb";
25option java_multiple_files = true;
26option java_outer_classname = "ResourcesProto";
27option java_package = "com.google.api.apikeys.v2";
28option php_namespace = "Google\\Cloud\\ApiKeys\\V2";
29option ruby_package = "Google::Cloud::ApiKeys::V2";
30
31// The representation of a key managed by the API Keys API.
32message Key {
33  option (google.api.resource) = {
34    type: "apikeys.googleapis.com/Key"
35    pattern: "projects/{project}/locations/{location}/keys/{key}"
36    plural: "keys"
37    singular: "key"
38    style: DECLARATIVE_FRIENDLY
39  };
40
41  // Output only. The resource name of the key.
42  // The `name` has the form:
43  // `projects/<PROJECT_NUMBER>/locations/global/keys/<KEY_ID>`.
44  // For example:
45  // `projects/123456867718/locations/global/keys/b7ff1f9f-8275-410a-94dd-3855ee9b5dd2`
46  //
47  // NOTE: Key is a global resource; hence the only supported value for
48  // location is `global`.
49  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
50
51  // Output only. Unique id in UUID4 format.
52  string uid = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
53
54  // Human-readable display name of this key that you can modify.
55  // The maximum length is 63 characters.
56  string display_name = 2;
57
58  // Output only. An encrypted and signed value held by this key.
59  // This field can be accessed only through the `GetKeyString` method.
60  string key_string = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
61
62  // Output only. A timestamp identifying the time this key was originally
63  // created.
64  google.protobuf.Timestamp create_time = 4
65      [(google.api.field_behavior) = OUTPUT_ONLY];
66
67  // Output only. A timestamp identifying the time this key was last
68  // updated.
69  google.protobuf.Timestamp update_time = 6
70      [(google.api.field_behavior) = OUTPUT_ONLY];
71
72  // Output only. A timestamp when this key was deleted. If the resource is not
73  // deleted, this must be empty.
74  google.protobuf.Timestamp delete_time = 7
75      [(google.api.field_behavior) = OUTPUT_ONLY];
76
77  // Annotations is an unstructured key-value map stored with a policy that
78  // may be set by external tools to store and retrieve arbitrary metadata.
79  // They are not queryable and should be preserved when modifying objects.
80  map<string, string> annotations = 8;
81
82  // Key restrictions.
83  Restrictions restrictions = 9;
84
85  // Output only. A checksum computed by the server based on the current value
86  // of the Key resource. This may be sent on update and delete requests to
87  // ensure the client has an up-to-date value before proceeding. See
88  // https://google.aip.dev/154.
89  string etag = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
90}
91
92// Describes the restrictions on the key.
93message Restrictions {
94  // The websites, IP addresses, Android apps, or iOS apps (the clients) that
95  // are allowed to use the key. You can specify only one type of client
96  // restrictions per key.
97  oneof client_restrictions {
98    // The HTTP referrers (websites) that are allowed to use the key.
99    BrowserKeyRestrictions browser_key_restrictions = 1;
100
101    // The IP addresses of callers that are allowed to use the key.
102    ServerKeyRestrictions server_key_restrictions = 2;
103
104    // The Android apps that are allowed to use the key.
105    AndroidKeyRestrictions android_key_restrictions = 3;
106
107    // The iOS apps that are allowed to use the key.
108    IosKeyRestrictions ios_key_restrictions = 4;
109  }
110
111  // A restriction for a specific service and optionally one or
112  // more specific methods. Requests are allowed if they
113  // match any of these restrictions. If no restrictions are
114  // specified, all targets are allowed.
115  repeated ApiTarget api_targets = 5;
116}
117
118// The HTTP referrers (websites) that are allowed to use the key.
119message BrowserKeyRestrictions {
120  // A list of regular expressions for the referrer URLs that are allowed
121  // to make API calls with this key.
122  repeated string allowed_referrers = 1;
123}
124
125// The IP addresses of callers that are allowed to use the key.
126message ServerKeyRestrictions {
127  // A list of the caller IP addresses that are allowed to make API calls
128  // with this key.
129  repeated string allowed_ips = 1;
130}
131
132// The Android apps that are allowed to use the key.
133message AndroidKeyRestrictions {
134  // A list of Android applications that are allowed to make API calls with
135  // this key.
136  repeated AndroidApplication allowed_applications = 1;
137}
138
139// Identifier of an Android application for key use.
140message AndroidApplication {
141  // The SHA1 fingerprint of the application. For example, both sha1 formats are
142  // acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or
143  // DA39A3EE5E6B4B0D3255BFEF95601890AFD80709.
144  // Output format is the latter.
145  string sha1_fingerprint = 1;
146
147  // The package name of the application.
148  string package_name = 2;
149}
150
151// The iOS apps that are allowed to use the key.
152message IosKeyRestrictions {
153  // A list of bundle IDs that are allowed when making API calls with this key.
154  repeated string allowed_bundle_ids = 1;
155}
156
157// A restriction for a specific service and optionally one or multiple
158// specific methods. Both fields are case insensitive.
159message ApiTarget {
160  // The service for this restriction. It should be the canonical
161  // service name, for example: `translate.googleapis.com`.
162  // You can use [`gcloud services list`](/sdk/gcloud/reference/services/list)
163  // to get a list of services that are enabled in the project.
164  string service = 1;
165
166  // Optional. List of one or more methods that can be called.
167  // If empty, all methods for the service are allowed. A wildcard
168  // (*) can be used as the last symbol.
169  // Valid examples:
170  //   `google.cloud.translate.v2.TranslateService.GetSupportedLanguage`
171  //   `TranslateText`
172  //   `Get*`
173  //   `translate.googleapis.com.Get*`
174  repeated string methods = 2 [(google.api.field_behavior) = OPTIONAL];
175}
176