xref: /aosp_15_r20/external/googleapis/google/cloud/iot/v1/resources.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2020 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.iot.v1;
18
19import "google/api/resource.proto";
20import "google/protobuf/timestamp.proto";
21import "google/rpc/status.proto";
22
23option cc_enable_arenas = true;
24option go_package = "cloud.google.com/go/iot/apiv1/iotpb;iotpb";
25option java_multiple_files = true;
26option java_outer_classname = "ResourcesProto";
27option java_package = "com.google.cloud.iot.v1";
28
29// The device resource.
30message Device {
31  option (google.api.resource) = {
32    type: "cloudiot.googleapis.com/Device"
33    pattern: "projects/{project}/locations/{location}/registries/{registry}/devices/{device}"
34  };
35
36  // The user-defined device identifier. The device ID must be unique
37  // within a device registry.
38  string id = 1;
39
40  // The resource path name. For example,
41  // `projects/p1/locations/us-central1/registries/registry0/devices/dev0` or
42  // `projects/p1/locations/us-central1/registries/registry0/devices/{num_id}`.
43  // When `name` is populated as a response from the service, it always ends
44  // in the device numeric ID.
45  string name = 2;
46
47  // [Output only] A server-defined unique numeric ID for the device. This is a
48  // more compact way to identify devices, and it is globally unique.
49  uint64 num_id = 3;
50
51  // The credentials used to authenticate this device. To allow credential
52  // rotation without interruption, multiple device credentials can be bound to
53  // this device. No more than 3 credentials can be bound to a single device at
54  // a time. When new credentials are added to a device, they are verified
55  // against the registry credentials. For details, see the description of the
56  // `DeviceRegistry.credentials` field.
57  repeated DeviceCredential credentials = 12;
58
59  // [Output only] The last time an MQTT `PINGREQ` was received. This field
60  // applies only to devices connecting through MQTT. MQTT clients usually only
61  // send `PINGREQ` messages if the connection is idle, and no other messages
62  // have been sent. Timestamps are periodically collected and written to
63  // storage; they may be stale by a few minutes.
64  google.protobuf.Timestamp last_heartbeat_time = 7;
65
66  // [Output only] The last time a telemetry event was received. Timestamps are
67  // periodically collected and written to storage; they may be stale by a few
68  // minutes.
69  google.protobuf.Timestamp last_event_time = 8;
70
71  // [Output only] The last time a state event was received. Timestamps are
72  // periodically collected and written to storage; they may be stale by a few
73  // minutes.
74  google.protobuf.Timestamp last_state_time = 20;
75
76  // [Output only] The last time a cloud-to-device config version acknowledgment
77  // was received from the device. This field is only for configurations
78  // sent through MQTT.
79  google.protobuf.Timestamp last_config_ack_time = 14;
80
81  // [Output only] The last time a cloud-to-device config version was sent to
82  // the device.
83  google.protobuf.Timestamp last_config_send_time = 18;
84
85  // If a device is blocked, connections or requests from this device will fail.
86  // Can be used to temporarily prevent the device from connecting if, for
87  // example, the sensor is generating bad data and needs maintenance.
88  bool blocked = 19;
89
90  // [Output only] The time the most recent error occurred, such as a failure to
91  // publish to Cloud Pub/Sub. This field is the timestamp of
92  // 'last_error_status'.
93  google.protobuf.Timestamp last_error_time = 10;
94
95  // [Output only] The error message of the most recent error, such as a failure
96  // to publish to Cloud Pub/Sub. 'last_error_time' is the timestamp of this
97  // field. If no errors have occurred, this field has an empty message
98  // and the status code 0 == OK. Otherwise, this field is expected to have a
99  // status code other than OK.
100  google.rpc.Status last_error_status = 11;
101
102  // The most recent device configuration, which is eventually sent from
103  // Cloud IoT Core to the device. If not present on creation, the
104  // configuration will be initialized with an empty payload and version value
105  // of `1`. To update this field after creation, use the
106  // `DeviceManager.ModifyCloudToDeviceConfig` method.
107  DeviceConfig config = 13;
108
109  // [Output only] The state most recently received from the device. If no state
110  // has been reported, this field is not present.
111  DeviceState state = 16;
112
113  // **Beta Feature**
114  //
115  // The logging verbosity for device activity. If unspecified,
116  // DeviceRegistry.log_level will be used.
117  LogLevel log_level = 21;
118
119  // The metadata key-value pairs assigned to the device. This metadata is not
120  // interpreted or indexed by Cloud IoT Core. It can be used to add contextual
121  // information for the device.
122  //
123  // Keys must conform to the regular expression [a-zA-Z][a-zA-Z0-9-_.+~%]+ and
124  // be less than 128 bytes in length.
125  //
126  // Values are free-form strings. Each value must be less than or equal to 32
127  // KB in size.
128  //
129  // The total size of all keys and values must be less than 256 KB, and the
130  // maximum number of key-value pairs is 500.
131  map<string, string> metadata = 17;
132
133  // Gateway-related configuration and state.
134  GatewayConfig gateway_config = 24;
135}
136
137// Gateway-related configuration and state.
138message GatewayConfig {
139  // Indicates whether the device is a gateway.
140  GatewayType gateway_type = 1;
141
142  // Indicates how to authorize and/or authenticate devices to access the
143  // gateway.
144  GatewayAuthMethod gateway_auth_method = 2;
145
146  // [Output only] The ID of the gateway the device accessed most recently.
147  string last_accessed_gateway_id = 3;
148
149  // [Output only] The most recent time at which the device accessed the gateway
150  // specified in `last_accessed_gateway`.
151  google.protobuf.Timestamp last_accessed_gateway_time = 4;
152}
153
154// A container for a group of devices.
155message DeviceRegistry {
156  option (google.api.resource) = {
157    type: "cloudiot.googleapis.com/Registry"
158    pattern: "projects/{project}/locations/{location}/registries/{registry}"
159  };
160
161  // The identifier of this device registry. For example, `myRegistry`.
162  string id = 1;
163
164  // The resource path name. For example,
165  // `projects/example-project/locations/us-central1/registries/my-registry`.
166  string name = 2;
167
168  // The configuration for notification of telemetry events received from the
169  // device. All telemetry events that were successfully published by the
170  // device and acknowledged by Cloud IoT Core are guaranteed to be
171  // delivered to Cloud Pub/Sub. If multiple configurations match a message,
172  // only the first matching configuration is used. If you try to publish a
173  // device telemetry event using MQTT without specifying a Cloud Pub/Sub topic
174  // for the device's registry, the connection closes automatically. If you try
175  // to do so using an HTTP connection, an error is returned. Up to 10
176  // configurations may be provided.
177  repeated EventNotificationConfig event_notification_configs = 10;
178
179  // The configuration for notification of new states received from the device.
180  // State updates are guaranteed to be stored in the state history, but
181  // notifications to Cloud Pub/Sub are not guaranteed. For example, if
182  // permissions are misconfigured or the specified topic doesn't exist, no
183  // notification will be published but the state will still be stored in Cloud
184  // IoT Core.
185  StateNotificationConfig state_notification_config = 7;
186
187  // The MQTT configuration for this device registry.
188  MqttConfig mqtt_config = 4;
189
190  // The DeviceService (HTTP) configuration for this device registry.
191  HttpConfig http_config = 9;
192
193  // **Beta Feature**
194  //
195  // The default logging verbosity for activity from devices in this registry.
196  // The verbosity level can be overridden by Device.log_level.
197  LogLevel log_level = 11;
198
199  // The credentials used to verify the device credentials. No more than 10
200  // credentials can be bound to a single registry at a time. The verification
201  // process occurs at the time of device creation or update. If this field is
202  // empty, no verification is performed. Otherwise, the credentials of a newly
203  // created device or added credentials of an updated device should be signed
204  // with one of these registry credentials.
205  //
206  // Note, however, that existing devices will never be affected by
207  // modifications to this list of credentials: after a device has been
208  // successfully created in a registry, it should be able to connect even if
209  // its registry credentials are revoked, deleted, or modified.
210  repeated RegistryCredential credentials = 8;
211}
212
213// The configuration of MQTT for a device registry.
214message MqttConfig {
215  // If enabled, allows connections using the MQTT protocol. Otherwise, MQTT
216  // connections to this registry will fail.
217  MqttState mqtt_enabled_state = 1;
218}
219
220// Indicates whether an MQTT connection is enabled or disabled. See the field
221// description for details.
222enum MqttState {
223  // No MQTT state specified. If not specified, MQTT will be enabled by default.
224  MQTT_STATE_UNSPECIFIED = 0;
225
226  // Enables a MQTT connection.
227  MQTT_ENABLED = 1;
228
229  // Disables a MQTT connection.
230  MQTT_DISABLED = 2;
231}
232
233// The configuration of the HTTP bridge for a device registry.
234message HttpConfig {
235  // If enabled, allows devices to use DeviceService via the HTTP protocol.
236  // Otherwise, any requests to DeviceService will fail for this registry.
237  HttpState http_enabled_state = 1;
238}
239
240// Indicates whether DeviceService (HTTP) is enabled or disabled for the
241// registry. See the field description for details.
242enum HttpState {
243  // No HTTP state specified. If not specified, DeviceService will be
244  // enabled by default.
245  HTTP_STATE_UNSPECIFIED = 0;
246
247  // Enables DeviceService (HTTP) service for the registry.
248  HTTP_ENABLED = 1;
249
250  // Disables DeviceService (HTTP) service for the registry.
251  HTTP_DISABLED = 2;
252}
253
254// **Beta Feature**
255//
256// The logging verbosity for device activity. Specifies which events should be
257// written to logs. For example, if the LogLevel is ERROR, only events that
258// terminate in errors will be logged. LogLevel is inclusive; enabling INFO
259// logging will also enable ERROR logging.
260enum LogLevel {
261  // No logging specified. If not specified, logging will be disabled.
262  LOG_LEVEL_UNSPECIFIED = 0;
263
264  // Disables logging.
265  NONE = 10;
266
267  // Error events will be logged.
268  ERROR = 20;
269
270  // Informational events will be logged, such as connections and
271  // disconnections.
272  INFO = 30;
273
274  // All events will be logged.
275  DEBUG = 40;
276}
277
278// Gateway type.
279enum GatewayType {
280  // If unspecified, the device is considered a non-gateway device.
281  GATEWAY_TYPE_UNSPECIFIED = 0;
282
283  // The device is a gateway.
284  GATEWAY = 1;
285
286  // The device is not a gateway.
287  NON_GATEWAY = 2;
288}
289
290// The gateway authorization/authentication method. This setting determines how
291// Cloud IoT Core authorizes/authenticate devices to access the gateway.
292enum GatewayAuthMethod {
293  // No authentication/authorization method specified. No devices are allowed to
294  // access the gateway.
295  GATEWAY_AUTH_METHOD_UNSPECIFIED = 0;
296
297  // The device is authenticated through the gateway association only. Device
298  // credentials are ignored even if provided.
299  ASSOCIATION_ONLY = 1;
300
301  // The device is authenticated through its own credentials. Gateway
302  // association is not checked.
303  DEVICE_AUTH_TOKEN_ONLY = 2;
304
305  // The device is authenticated through both device credentials and gateway
306  // association. The device must be bound to the gateway and must provide its
307  // own credentials.
308  ASSOCIATION_AND_DEVICE_AUTH_TOKEN = 3;
309}
310
311// The configuration for forwarding telemetry events.
312message EventNotificationConfig {
313  // If the subfolder name matches this string exactly, this configuration will
314  // be used. The string must not include the leading '/' character. If empty,
315  // all strings are matched. This field is used only for telemetry events;
316  // subfolders are not supported for state changes.
317  string subfolder_matches = 2;
318
319  // A Cloud Pub/Sub topic name. For example,
320  // `projects/myProject/topics/deviceEvents`.
321  string pubsub_topic_name = 1;
322}
323
324// The configuration for notification of new states received from the device.
325message StateNotificationConfig {
326  // A Cloud Pub/Sub topic name. For example,
327  // `projects/myProject/topics/deviceEvents`.
328  string pubsub_topic_name = 1;
329}
330
331// A server-stored registry credential used to validate device credentials.
332message RegistryCredential {
333  // The credential data. Reserved for expansion in the future.
334  oneof credential {
335    // A public key certificate used to verify the device credentials.
336    PublicKeyCertificate public_key_certificate = 1;
337  }
338}
339
340// Details of an X.509 certificate. For informational purposes only.
341message X509CertificateDetails {
342  // The entity that signed the certificate.
343  string issuer = 1;
344
345  // The entity the certificate and public key belong to.
346  string subject = 2;
347
348  // The time the certificate becomes valid.
349  google.protobuf.Timestamp start_time = 3;
350
351  // The time the certificate becomes invalid.
352  google.protobuf.Timestamp expiry_time = 4;
353
354  // The algorithm used to sign the certificate.
355  string signature_algorithm = 5;
356
357  // The type of public key in the certificate.
358  string public_key_type = 6;
359}
360
361// A public key certificate format and data.
362message PublicKeyCertificate {
363  // The certificate format.
364  PublicKeyCertificateFormat format = 1;
365
366  // The certificate data.
367  string certificate = 2;
368
369  // [Output only] The certificate details. Used only for X.509 certificates.
370  X509CertificateDetails x509_details = 3;
371}
372
373// The supported formats for the public key.
374enum PublicKeyCertificateFormat {
375  // The format has not been specified. This is an invalid default value and
376  // must not be used.
377  UNSPECIFIED_PUBLIC_KEY_CERTIFICATE_FORMAT = 0;
378
379  // An X.509v3 certificate ([RFC5280](https://www.ietf.org/rfc/rfc5280.txt)),
380  // encoded in base64, and wrapped by `-----BEGIN CERTIFICATE-----` and
381  // `-----END CERTIFICATE-----`.
382  X509_CERTIFICATE_PEM = 1;
383}
384
385// A server-stored device credential used for authentication.
386message DeviceCredential {
387  // The credential data. Reserved for expansion in the future.
388  oneof credential {
389    // A public key used to verify the signature of JSON Web Tokens (JWTs).
390    // When adding a new device credential, either via device creation or via
391    // modifications, this public key credential may be required to be signed by
392    // one of the registry level certificates. More specifically, if the
393    // registry contains at least one certificate, any new device credential
394    // must be signed by one of the registry certificates. As a result,
395    // when the registry contains certificates, only X.509 certificates are
396    // accepted as device credentials. However, if the registry does
397    // not contain a certificate, self-signed certificates and public keys will
398    // be accepted. New device credentials must be different from every
399    // registry-level certificate.
400    PublicKeyCredential public_key = 2;
401  }
402
403  // [Optional] The time at which this credential becomes invalid. This
404  // credential will be ignored for new client authentication requests after
405  // this timestamp; however, it will not be automatically deleted.
406  google.protobuf.Timestamp expiration_time = 6;
407}
408
409// A public key format and data.
410message PublicKeyCredential {
411  // The format of the key.
412  PublicKeyFormat format = 1;
413
414  // The key data.
415  string key = 2;
416}
417
418// The supported formats for the public key.
419enum PublicKeyFormat {
420  // The format has not been specified. This is an invalid default value and
421  // must not be used.
422  UNSPECIFIED_PUBLIC_KEY_FORMAT = 0;
423
424  // An RSA public key encoded in base64, and wrapped by
425  // `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----`. This can be
426  // used to verify `RS256` signatures in JWT tokens ([RFC7518](
427  // https://www.ietf.org/rfc/rfc7518.txt)).
428  RSA_PEM = 3;
429
430  // As RSA_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
431  // https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
432  // `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
433  RSA_X509_PEM = 1;
434
435  // Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in
436  // base64, and wrapped by `-----BEGIN PUBLIC KEY-----` and `-----END
437  // PUBLIC KEY-----`. This can be used to verify JWT tokens with the `ES256`
438  // algorithm ([RFC7518](https://www.ietf.org/rfc/rfc7518.txt)). This curve is
439  // defined in [OpenSSL](https://www.openssl.org/) as the `prime256v1` curve.
440  ES256_PEM = 2;
441
442  // As ES256_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
443  // https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
444  // `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
445  ES256_X509_PEM = 4;
446}
447
448// The device configuration. Eventually delivered to devices.
449message DeviceConfig {
450  // [Output only] The version of this update. The version number is assigned by
451  // the server, and is always greater than 0 after device creation. The
452  // version must be 0 on the `CreateDevice` request if a `config` is
453  // specified; the response of `CreateDevice` will always have a value of 1.
454  int64 version = 1;
455
456  // [Output only] The time at which this configuration version was updated in
457  // Cloud IoT Core. This timestamp is set by the server.
458  google.protobuf.Timestamp cloud_update_time = 2;
459
460  // [Output only] The time at which Cloud IoT Core received the
461  // acknowledgment from the device, indicating that the device has received
462  // this configuration version. If this field is not present, the device has
463  // not yet acknowledged that it received this version. Note that when
464  // the config was sent to the device, many config versions may have been
465  // available in Cloud IoT Core while the device was disconnected, and on
466  // connection, only the latest version is sent to the device. Some
467  // versions may never be sent to the device, and therefore are never
468  // acknowledged. This timestamp is set by Cloud IoT Core.
469  google.protobuf.Timestamp device_ack_time = 3;
470
471  // The device configuration data.
472  bytes binary_data = 4;
473}
474
475// The device state, as reported by the device.
476message DeviceState {
477  // [Output only] The time at which this state version was updated in Cloud
478  // IoT Core.
479  google.protobuf.Timestamp update_time = 1;
480
481  // The device state data.
482  bytes binary_data = 2;
483}
484