-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
oslogin.proto
239 lines (208 loc) · 8.64 KB
/
oslogin.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.oslogin.v1;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/oslogin/common/common.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
option csharp_namespace = "Google.Cloud.OsLogin.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/oslogin/v1;oslogin";
option java_multiple_files = true;
option java_outer_classname = "OsLoginProto";
option java_package = "com.google.cloud.oslogin.v1";
option php_namespace = "Google\\Cloud\\OsLogin\\V1";
option ruby_package = "Google::Cloud::OsLogin::V1";
// Cloud OS Login API
//
// The Cloud OS Login API allows you to manage users and their associated SSH
// public keys for logging into virtual machines on Google Cloud Platform.
service OsLoginService {
option (google.api.default_host) = "oslogin.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform,"
"https://www.googleapis.com/auth/cloud-platform.read-only,"
"https://www.googleapis.com/auth/compute,"
"https://www.googleapis.com/auth/compute.readonly";
// Create an SSH public key
rpc CreateSshPublicKey(CreateSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) {
option (google.api.http) = {
post: "/v1/{parent=users/*}/sshPublicKeys"
body: "ssh_public_key"
};
option (google.api.method_signature) = "parent,ssh_public_key";
}
// Deletes a POSIX account.
rpc DeletePosixAccount(DeletePosixAccountRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1/{name=users/*/projects/*}"
};
option (google.api.method_signature) = "name";
}
// Deletes an SSH public key.
rpc DeleteSshPublicKey(DeleteSshPublicKeyRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1/{name=users/*/sshPublicKeys/*}"
};
option (google.api.method_signature) = "name";
}
// Retrieves the profile information used for logging in to a virtual machine
// on Google Compute Engine.
rpc GetLoginProfile(GetLoginProfileRequest) returns (LoginProfile) {
option (google.api.http) = {
get: "/v1/{name=users/*}/loginProfile"
};
option (google.api.method_signature) = "name";
}
// Retrieves an SSH public key.
rpc GetSshPublicKey(GetSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) {
option (google.api.http) = {
get: "/v1/{name=users/*/sshPublicKeys/*}"
};
option (google.api.method_signature) = "name";
}
// Adds an SSH public key and returns the profile information. Default POSIX
// account information is set when no username and UID exist as part of the
// login profile.
rpc ImportSshPublicKey(ImportSshPublicKeyRequest) returns (ImportSshPublicKeyResponse) {
option (google.api.http) = {
post: "/v1/{parent=users/*}:importSshPublicKey"
body: "ssh_public_key"
};
option (google.api.method_signature) = "parent,ssh_public_key";
option (google.api.method_signature) = "parent,ssh_public_key,project_id";
}
// Updates an SSH public key and returns the profile information. This method
// supports patch semantics.
rpc UpdateSshPublicKey(UpdateSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) {
option (google.api.http) = {
patch: "/v1/{name=users/*/sshPublicKeys/*}"
body: "ssh_public_key"
};
option (google.api.method_signature) = "name,ssh_public_key";
option (google.api.method_signature) = "name,ssh_public_key,update_mask";
}
}
// The user profile information used for logging in to a virtual machine on
// Google Compute Engine.
message LoginProfile {
// Required. A unique user ID.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// The list of POSIX accounts associated with the user.
repeated google.cloud.oslogin.common.PosixAccount posix_accounts = 2;
// A map from SSH public key fingerprint to the associated key object.
map<string, google.cloud.oslogin.common.SshPublicKey> ssh_public_keys = 3;
}
// A request message for creating an SSH public key.
message CreateSshPublicKeyRequest {
// Required. The unique ID for the user in format `users/{user}`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "oslogin.googleapis.com/SshPublicKey"
}
];
// Required. The SSH public key and expiration time.
google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = REQUIRED];
}
// A request message for deleting a POSIX account entry.
message DeletePosixAccountRequest {
// Required. A reference to the POSIX account to update. POSIX accounts are identified
// by the project ID they are associated with. A reference to the POSIX
// account is in format `users/{user}/projects/{project}`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "oslogin.googleapis.com/PosixAccount"
}
];
}
// A request message for deleting an SSH public key.
message DeleteSshPublicKeyRequest {
// Required. The fingerprint of the public key to update. Public keys are identified by
// their SHA-256 fingerprint. The fingerprint of the public key is in format
// `users/{user}/sshPublicKeys/{fingerprint}`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "oslogin.googleapis.com/SshPublicKey"
}
];
}
// A request message for retrieving the login profile information for a user.
message GetLoginProfileRequest {
// Required. The unique ID for the user in format `users/{user}`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "oslogin.googleapis.com/PosixAccount"
}
];
// The project ID of the Google Cloud Platform project.
string project_id = 2;
// A system ID for filtering the results of the request.
string system_id = 3;
}
// A request message for retrieving an SSH public key.
message GetSshPublicKeyRequest {
// Required. The fingerprint of the public key to retrieve. Public keys are identified
// by their SHA-256 fingerprint. The fingerprint of the public key is in
// format `users/{user}/sshPublicKeys/{fingerprint}`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "oslogin.googleapis.com/SshPublicKey"
}
];
}
// A request message for importing an SSH public key.
message ImportSshPublicKeyRequest {
// Required. The unique ID for the user in format `users/{user}`.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "oslogin.googleapis.com/SshPublicKey"
}
];
// Optional. The SSH public key and expiration time.
google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = OPTIONAL];
// The project ID of the Google Cloud Platform project.
string project_id = 3;
}
// A response message for importing an SSH public key.
message ImportSshPublicKeyResponse {
// The login profile information for the user.
LoginProfile login_profile = 1;
// Detailed information about import results.
string details = 2;
}
// A request message for updating an SSH public key.
message UpdateSshPublicKeyRequest {
// Required. The fingerprint of the public key to update. Public keys are identified by
// their SHA-256 fingerprint. The fingerprint of the public key is in format
// `users/{user}/sshPublicKeys/{fingerprint}`.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "oslogin.googleapis.com/SshPublicKey"
}
];
// Required. The SSH public key and expiration time.
google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = REQUIRED];
// Mask to control which fields get updated. Updates all if not present.
google.protobuf.FieldMask update_mask = 3;
}