1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.netapp.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/field_mask.proto"; 22import "google/protobuf/timestamp.proto"; 23 24option csharp_namespace = "Google.Cloud.NetApp.V1"; 25option go_package = "cloud.google.com/go/netapp/apiv1/netapppb;netapppb"; 26option java_multiple_files = true; 27option java_outer_classname = "KmsProto"; 28option java_package = "com.google.cloud.netapp.v1"; 29option php_namespace = "Google\\Cloud\\NetApp\\V1"; 30option ruby_package = "Google::Cloud::NetApp::V1"; 31 32// GetKmsConfigRequest gets a KMS Config. 33message GetKmsConfigRequest { 34 // Required. Name of the KmsConfig 35 string name = 1 [ 36 (google.api.field_behavior) = REQUIRED, 37 (google.api.resource_reference) = { 38 type: "netapp.googleapis.com/KmsConfig" 39 } 40 ]; 41} 42 43// ListKmsConfigsRequest lists KMS Configs. 44message ListKmsConfigsRequest { 45 // Required. Parent value 46 string parent = 1 [ 47 (google.api.field_behavior) = REQUIRED, 48 (google.api.resource_reference) = { 49 child_type: "netapp.googleapis.com/KmsConfig" 50 } 51 ]; 52 53 // The maximum number of items to return. 54 int32 page_size = 2; 55 56 // The next_page_token value to use if there are additional 57 // results to retrieve for this list request. 58 string page_token = 3; 59 60 // Sort results. Supported values are "name", "name desc" or "" (unsorted). 61 string order_by = 4; 62 63 // List filter. 64 string filter = 5; 65} 66 67// ListKmsConfigsResponse is the response to a ListKmsConfigsRequest. 68message ListKmsConfigsResponse { 69 // The list of KmsConfigs 70 repeated KmsConfig kms_configs = 1; 71 72 // A token identifying a page of results the server should return. 73 string next_page_token = 2; 74 75 // Locations that could not be reached. 76 repeated string unreachable = 3; 77} 78 79// CreateKmsConfigRequest creates a KMS Config. 80message CreateKmsConfigRequest { 81 // Required. Value for parent. 82 string parent = 1 [ 83 (google.api.field_behavior) = REQUIRED, 84 (google.api.resource_reference) = { 85 child_type: "netapp.googleapis.com/KmsConfig" 86 } 87 ]; 88 89 // Required. Id of the requesting KmsConfig 90 // If auto-generating Id server-side, remove this field and 91 // id from the method_signature of Create RPC 92 string kms_config_id = 2 [(google.api.field_behavior) = REQUIRED]; 93 94 // Required. The required parameters to create a new KmsConfig. 95 KmsConfig kms_config = 3 [(google.api.field_behavior) = REQUIRED]; 96} 97 98// UpdateKmsConfigRequest updates a KMS Config. 99message UpdateKmsConfigRequest { 100 // Required. Field mask is used to specify the fields to be overwritten in the 101 // KmsConfig resource by the update. 102 // The fields specified in the update_mask are relative to the resource, not 103 // the full request. A field will be overwritten if it is in the mask. If the 104 // user does not provide a mask then all fields will be overwritten. 105 google.protobuf.FieldMask update_mask = 1 106 [(google.api.field_behavior) = REQUIRED]; 107 108 // Required. The KmsConfig being updated 109 KmsConfig kms_config = 2 [(google.api.field_behavior) = REQUIRED]; 110} 111 112// DeleteKmsConfigRequest deletes a KMS Config. 113message DeleteKmsConfigRequest { 114 // Required. Name of the KmsConfig. 115 string name = 1 [ 116 (google.api.field_behavior) = REQUIRED, 117 (google.api.resource_reference) = { 118 type: "netapp.googleapis.com/KmsConfig" 119 } 120 ]; 121} 122 123// EncryptVolumesRequest specifies the KMS config to encrypt existing volumes. 124message EncryptVolumesRequest { 125 // Required. Name of the KmsConfig. 126 string name = 1 [ 127 (google.api.field_behavior) = REQUIRED, 128 (google.api.resource_reference) = { 129 type: "netapp.googleapis.com/KmsConfig" 130 } 131 ]; 132} 133 134// VerifyKmsConfigRequest specifies the KMS config to be validated. 135message VerifyKmsConfigRequest { 136 // Required. Name of the KMS Config to be verified. 137 string name = 1 [ 138 (google.api.field_behavior) = REQUIRED, 139 (google.api.resource_reference) = { 140 type: "netapp.googleapis.com/KmsConfig" 141 } 142 ]; 143} 144 145// VerifyKmsConfigResponse contains the information if the config is correctly 146// and error message. 147message VerifyKmsConfigResponse { 148 // Output only. If the customer key configured correctly to the encrypt 149 // volume. 150 bool healthy = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 151 152 // Output only. Error message if config is not healthy. 153 string health_error = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 154 155 // Output only. Instructions for the customers to provide the access to the 156 // encryption key. 157 string instructions = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 158} 159 160// KmsConfig is the customer managed encryption key(CMEK) configuration. 161message KmsConfig { 162 option (google.api.resource) = { 163 type: "netapp.googleapis.com/KmsConfig" 164 pattern: "projects/{project}/locations/{location}/kmsConfigs/{kms_config}" 165 plural: "kmsConfigs" 166 singular: "kmsConfig" 167 }; 168 169 // The KmsConfig States 170 enum State { 171 // Unspecified KmsConfig State 172 STATE_UNSPECIFIED = 0; 173 174 // KmsConfig State is Ready 175 READY = 1; 176 177 // KmsConfig State is Creating 178 CREATING = 2; 179 180 // KmsConfig State is Deleting 181 DELETING = 3; 182 183 // KmsConfig State is Updating 184 UPDATING = 4; 185 186 // KmsConfig State is In Use. 187 IN_USE = 5; 188 189 // KmsConfig State is Error 190 ERROR = 6; 191 192 // KmsConfig State is Pending to verify crypto key access. 193 KEY_CHECK_PENDING = 7; 194 195 // KmsConfig State is Not accessbile by the SDE service account to the 196 // crypto key. 197 KEY_NOT_REACHABLE = 8; 198 199 // KmsConfig State is Disabling. 200 DISABLING = 9; 201 202 // KmsConfig State is Disabled. 203 DISABLED = 10; 204 205 // KmsConfig State is Migrating. 206 // The existing volumes are migrating from SMEK to CMEK. 207 MIGRATING = 11; 208 } 209 210 // Identifier. Name of the KmsConfig. 211 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 212 213 // Required. Customer managed crypto key resource full name. Format: 214 // projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{key}. 215 string crypto_key_name = 2 [(google.api.field_behavior) = REQUIRED]; 216 217 // Output only. State of the KmsConfig. 218 State state = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 219 220 // Output only. State details of the KmsConfig. 221 string state_details = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 222 223 // Output only. Create time of the KmsConfig. 224 google.protobuf.Timestamp create_time = 5 225 [(google.api.field_behavior) = OUTPUT_ONLY]; 226 227 // Description of the KmsConfig. 228 string description = 6; 229 230 // Labels as key value pairs 231 map<string, string> labels = 7; 232 233 // Output only. Instructions to provide the access to the customer provided 234 // encryption key. 235 string instructions = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 236 237 // Output only. The Service account which will have access to the customer 238 // provided encryption key. 239 string service_account = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 240} 241