1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.managedidentities.v1beta1;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/api/resource.proto";
23import "google/cloud/managedidentities/v1beta1/resource.proto";
24import "google/longrunning/operations.proto";
25import "google/protobuf/field_mask.proto";
26import "google/protobuf/timestamp.proto";
27
28option csharp_namespace = "Google.Cloud.ManagedIdentities.V1Beta1";
29option go_package = "cloud.google.com/go/managedidentities/apiv1beta1/managedidentitiespb;managedidentitiespb";
30option java_multiple_files = true;
31option java_outer_classname = "ManagedIdentitiesServiceProto";
32option java_package = "com.google.cloud.managedidentities.v1beta1";
33option objc_class_prefix = "GCMI";
34option php_namespace = "Google\\Cloud\\ManagedIdentities\\V1beta1";
35option ruby_package = "Google::Cloud::ManagedIdentities::V1beta1";
36
37service ManagedIdentitiesService {
38  option (google.api.default_host) = "managedidentities.googleapis.com";
39  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
40
41  // Creates a Microsoft AD domain.
42  rpc CreateMicrosoftAdDomain(CreateMicrosoftAdDomainRequest) returns (google.longrunning.Operation) {
43    option (google.api.http) = {
44      post: "/v1beta1/{parent=projects/*/locations/global}/domains"
45      body: "domain"
46    };
47    option (google.api.method_signature) = "parent,domain_name,domain";
48    option (google.longrunning.operation_info) = {
49      response_type: "Domain"
50      metadata_type: "OpMetadata"
51    };
52  }
53
54  // Resets a domain's administrator password.
55  rpc ResetAdminPassword(ResetAdminPasswordRequest) returns (ResetAdminPasswordResponse) {
56    option (google.api.http) = {
57      post: "/v1beta1/{name=projects/*/locations/global/domains/*}:resetAdminPassword"
58      body: "*"
59    };
60    option (google.api.method_signature) = "name";
61  }
62
63  // Lists domains in a project.
64  rpc ListDomains(ListDomainsRequest) returns (ListDomainsResponse) {
65    option (google.api.http) = {
66      get: "/v1beta1/{parent=projects/*/locations/global}/domains"
67    };
68    option (google.api.method_signature) = "parent";
69  }
70
71  // Gets information about a domain.
72  rpc GetDomain(GetDomainRequest) returns (Domain) {
73    option (google.api.http) = {
74      get: "/v1beta1/{name=projects/*/locations/global/domains/*}"
75    };
76    option (google.api.method_signature) = "name";
77  }
78
79  // Updates the metadata and configuration of a domain.
80  rpc UpdateDomain(UpdateDomainRequest) returns (google.longrunning.Operation) {
81    option (google.api.http) = {
82      patch: "/v1beta1/{domain.name=projects/*/locations/global/domains/*}"
83      body: "domain"
84    };
85    option (google.api.method_signature) = "domain,update_mask";
86    option (google.longrunning.operation_info) = {
87      response_type: "Domain"
88      metadata_type: "OpMetadata"
89    };
90  }
91
92  // Deletes a domain.
93  rpc DeleteDomain(DeleteDomainRequest) returns (google.longrunning.Operation) {
94    option (google.api.http) = {
95      delete: "/v1beta1/{name=projects/*/locations/global/domains/*}"
96    };
97    option (google.api.method_signature) = "name";
98    option (google.longrunning.operation_info) = {
99      response_type: "google.protobuf.Empty"
100      metadata_type: "OpMetadata"
101    };
102  }
103
104  // Adds an AD trust to a domain.
105  rpc AttachTrust(AttachTrustRequest) returns (google.longrunning.Operation) {
106    option (google.api.http) = {
107      post: "/v1beta1/{name=projects/*/locations/global/domains/*}:attachTrust"
108      body: "*"
109    };
110    option (google.api.method_signature) = "name,trust";
111    option (google.longrunning.operation_info) = {
112      response_type: "Domain"
113      metadata_type: "OpMetadata"
114    };
115  }
116
117  // Updates the DNS conditional forwarder.
118  rpc ReconfigureTrust(ReconfigureTrustRequest) returns (google.longrunning.Operation) {
119    option (google.api.http) = {
120      post: "/v1beta1/{name=projects/*/locations/global/domains/*}:reconfigureTrust"
121      body: "*"
122    };
123    option (google.api.method_signature) = "name,target_domain_name,target_dns_ip_addresses";
124    option (google.longrunning.operation_info) = {
125      response_type: "Domain"
126      metadata_type: "OpMetadata"
127    };
128  }
129
130  // Removes an AD trust.
131  rpc DetachTrust(DetachTrustRequest) returns (google.longrunning.Operation) {
132    option (google.api.http) = {
133      post: "/v1beta1/{name=projects/*/locations/global/domains/*}:detachTrust"
134      body: "*"
135    };
136    option (google.api.method_signature) = "name,trust";
137    option (google.longrunning.operation_info) = {
138      response_type: "Domain"
139      metadata_type: "OpMetadata"
140    };
141  }
142
143  // Validates a trust state, that the target domain is reachable, and that the
144  // target domain is able to accept incoming trust requests.
145  rpc ValidateTrust(ValidateTrustRequest) returns (google.longrunning.Operation) {
146    option (google.api.http) = {
147      post: "/v1beta1/{name=projects/*/locations/global/domains/*}:validateTrust"
148      body: "*"
149    };
150    option (google.api.method_signature) = "name,trust";
151    option (google.longrunning.operation_info) = {
152      response_type: "Domain"
153      metadata_type: "OpMetadata"
154    };
155  }
156}
157
158// Represents the metadata of the long-running operation.
159message OpMetadata {
160  // Output only. The time the operation was created.
161  google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
162
163  // Output only. The time the operation finished running.
164  google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
165
166  // Output only. Server-defined resource path for the target of the operation.
167  string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
168
169  // Output only. Name of the verb executed by the operation.
170  string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
171
172  // Output only. Identifies whether the user has requested cancellation
173  // of the operation. Operations that have successfully been cancelled
174  // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
175  // corresponding to `Code.CANCELLED`.
176  bool requested_cancellation = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
177
178  // Output only. API version used to start the operation.
179  string api_version = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
180}
181
182// Request message for
183// [CreateMicrosoftAdDomain][google.cloud.managedidentities.v1beta1.CreateMicrosoftAdDomain]
184message CreateMicrosoftAdDomainRequest {
185  // Required. The resource project name and location using the form:
186  // `projects/{project_id}/locations/global`
187  string parent = 1 [
188    (google.api.field_behavior) = REQUIRED,
189    (google.api.resource_reference) = {
190      child_type: "managedidentities.googleapis.com/Domain"
191    }
192  ];
193
194  // Required. A domain name, e.g. mydomain.myorg.com, with the following restrictions:
195  //  * Must contain only lowercase letters, numbers, periods and hyphens.
196  //  * Must start with a letter.
197  //  * Must contain between 2-64 characters.
198  //  * Must end with a number or a letter.
199  //  * Must not start with period.
200  //  * First segment length (mydomain form example above) shouldn't exceed
201  //    15 chars.
202  //  * The last segment cannot be fully numeric.
203  //  * Must be unique within the customer project.
204  string domain_name = 2 [(google.api.field_behavior) = REQUIRED];
205
206  // Required. A Managed Identity domain resource.
207  Domain domain = 3 [(google.api.field_behavior) = REQUIRED];
208}
209
210// Request message for
211// [ResetAdminPassword][google.cloud.managedidentities.v1beta1.ResetAdminPassword]
212message ResetAdminPasswordRequest {
213  // Required. The domain resource name using the form:
214  // `projects/{project_id}/locations/global/domains/{domain_name}`
215  string name = 1 [
216    (google.api.field_behavior) = REQUIRED,
217    (google.api.resource_reference) = {
218      type: "managedidentities.googleapis.com/Domain"
219    }
220  ];
221}
222
223// Response message for
224// [ResetAdminPassword][google.cloud.managedidentities.v1beta1.ResetAdminPassword]
225message ResetAdminPasswordResponse {
226  // A random password. See [admin][google.cloud.managedidentities.v1beta1.Domain.admin] for more information.
227  string password = 1;
228}
229
230// Request message for
231// [ListDomains][google.cloud.managedidentities.v1beta1.ListDomains]
232message ListDomainsRequest {
233  // Required. The resource name of the domain location using the form:
234  // `projects/{project_id}/locations/global`
235  string parent = 1 [
236    (google.api.field_behavior) = REQUIRED,
237    (google.api.resource_reference) = {
238      child_type: "managedidentities.googleapis.com/Domain"
239    }
240  ];
241
242  // Optional. The maximum number of items to return.
243  // If not specified, a default value of 1000 will be used.
244  // Regardless of the page_size value, the response may include a partial list.
245  // Callers should rely on a response's
246  // [next_page_token][google.cloud.managedidentities.v1beta1.ListDomainsResponse.next_page_token]
247  // to determine if there are additional results to list.
248  int32 page_size = 2;
249
250  // The `next_page_token` value returned from a previous ListDomainsRequest
251  // request, if any.
252  string page_token = 3;
253
254  // Optional. A filter specifying constraints of a list operation.
255  // For example, `Domain.fqdn="mydomain.myorginization"`.
256  string filter = 4;
257
258  // Optional. Specifies the ordering of results. See
259  // [Sorting
260  // order](https://cloud.google.com/apis/design/design_patterns#sorting_order)
261  // for more information.
262  string order_by = 5;
263}
264
265// Response message for
266// [ListDomains][google.cloud.managedidentities.v1beta1.ListDomains]
267message ListDomainsResponse {
268  // A list of Managed Identities Service domains in the project.
269  repeated Domain domains = 1;
270
271  // A token to retrieve the next page of results, or empty if there are no more
272  // results in the list.
273  string next_page_token = 2;
274
275  // A list of locations that could not be reached.
276  repeated string unreachable = 3;
277}
278
279// Request message for
280// [GetDomain][google.cloud.managedidentities.v1beta1.GetDomain]
281message GetDomainRequest {
282  // Required. The domain resource name using the form:
283  // `projects/{project_id}/locations/global/domains/{domain_name}`
284  string name = 1 [
285    (google.api.field_behavior) = REQUIRED,
286    (google.api.resource_reference) = {
287      type: "managedidentities.googleapis.com/Domain"
288    }
289  ];
290}
291
292// Request message for
293// [UpdateDomain][google.cloud.managedidentities.v1beta1.UpdateDomain]
294message UpdateDomainRequest {
295  // Required. Mask of fields to update. At least one path must be supplied in this
296  // field. The elements of the repeated paths field may only include
297  // fields from [Domain][google.cloud.managedidentities.v1beta1.Domain]:
298  //  * `labels`
299  //  * `locations`
300  //  * `authorized_networks`
301  //  * `audit_logs_enabled`
302  google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = REQUIRED];
303
304  // Required. Domain message with updated fields. Only supported fields specified in
305  // update_mask are updated.
306  Domain domain = 2 [(google.api.field_behavior) = REQUIRED];
307}
308
309// Request message for
310// [DeleteDomain][google.cloud.managedidentities.v1beta1.DeleteDomain]
311message DeleteDomainRequest {
312  // Required. The domain resource name using the form:
313  // `projects/{project_id}/locations/global/domains/{domain_name}`
314  string name = 1 [
315    (google.api.field_behavior) = REQUIRED,
316    (google.api.resource_reference) = {
317      type: "managedidentities.googleapis.com/Domain"
318    }
319  ];
320}
321
322// Request message for
323// [AttachTrust][google.cloud.managedidentities.v1beta1.AttachTrust]
324message AttachTrustRequest {
325  // Required. The resource domain name, project name and location using the form:
326  // `projects/{project_id}/locations/global/domains/{domain_name}`
327  string name = 1 [
328    (google.api.field_behavior) = REQUIRED,
329    (google.api.resource_reference) = {
330      type: "managedidentities.googleapis.com/Domain"
331    }
332  ];
333
334  // Required. The domain trust resource.
335  Trust trust = 2 [(google.api.field_behavior) = REQUIRED];
336}
337
338// Request message for
339// [ReconfigureTrust][google.cloud.managedidentities.v1beta1.ReconfigureTrust]
340message ReconfigureTrustRequest {
341  // Required. The resource domain name, project name and location using the form:
342  // `projects/{project_id}/locations/global/domains/{domain_name}`
343  string name = 1 [
344    (google.api.field_behavior) = REQUIRED,
345    (google.api.resource_reference) = {
346      type: "managedidentities.googleapis.com/Domain"
347    }
348  ];
349
350  // Required. The fully-qualified target domain name which will be in trust with current
351  // domain.
352  string target_domain_name = 2 [(google.api.field_behavior) = REQUIRED];
353
354  // Required. The target DNS server IP addresses to resolve the remote domain involved
355  // in the trust.
356  repeated string target_dns_ip_addresses = 3 [(google.api.field_behavior) = REQUIRED];
357}
358
359// Request message for
360// [DetachTrust][google.cloud.managedidentities.v1beta1.DetachTrust]
361message DetachTrustRequest {
362  // Required. The resource domain name, project name, and location using the form:
363  // `projects/{project_id}/locations/global/domains/{domain_name}`
364  string name = 1 [
365    (google.api.field_behavior) = REQUIRED,
366    (google.api.resource_reference) = {
367      type: "managedidentities.googleapis.com/Domain"
368    }
369  ];
370
371  // Required. The domain trust resource to removed.
372  Trust trust = 2 [(google.api.field_behavior) = REQUIRED];
373}
374
375// Request message for
376// [ValidateTrust][google.cloud.managedidentities.v1beta1.ValidateTrust]
377message ValidateTrustRequest {
378  // Required. The resource domain name, project name, and location using the form:
379  // `projects/{project_id}/locations/global/domains/{domain_name}`
380  string name = 1 [
381    (google.api.field_behavior) = REQUIRED,
382    (google.api.resource_reference) = {
383      type: "managedidentities.googleapis.com/Domain"
384    }
385  ];
386
387  // Required. The domain trust to validate trust state for.
388  Trust trust = 2 [(google.api.field_behavior) = REQUIRED];
389}
390