From 236055995b64ba17e1441fe12908ca6e0f1953b9 Mon Sep 17 00:00:00 2001 From: Google APIs Date: Mon, 14 Nov 2022 13:57:05 -0800 Subject: [PATCH] feat: added CreateSshPublicKey RPC PiperOrigin-RevId: 488460648 --- google/cloud/oslogin/common/common.proto | 5 +- google/cloud/oslogin/v1/oslogin.proto | 33 ++++++- google/cloud/oslogin/v1/oslogin_v1.yaml | 7 ++ google/cloud/oslogin/v1beta/oslogin.proto | 86 ++++++++++++++++++- .../cloud/oslogin/v1beta/oslogin_v1beta.yaml | 7 ++ 5 files changed, 128 insertions(+), 10 deletions(-) diff --git a/google/cloud/oslogin/common/common.proto b/google/cloud/oslogin/common/common.proto index 4d9755f0d205a..6eeaf8908d86d 100644 --- a/google/cloud/oslogin/common/common.proto +++ b/google/cloud/oslogin/common/common.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -26,8 +25,6 @@ option java_outer_classname = "OsLoginProto"; option java_package = "com.google.cloud.oslogin.common"; option php_namespace = "Google\\Cloud\\OsLogin\\Common"; option ruby_package = "Google::Cloud::OsLogin::Common"; - -// Define a "User" resource owned by OS Login. option (google.api.resource_definition) = { type: "oslogin.googleapis.com/User" pattern: "users/{user}" diff --git a/google/cloud/oslogin/v1/oslogin.proto b/google/cloud/oslogin/v1/oslogin.proto index 25e9be0a07e72..fb3575600c474 100644 --- a/google/cloud/oslogin/v1/oslogin.proto +++ b/google/cloud/oslogin/v1/oslogin.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -41,7 +40,18 @@ service OsLoginService { option (google.api.default_host) = "oslogin.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform," - "https://www.googleapis.com/auth/compute"; + "https://www.googleapis.com/auth/cloud-platform.read-only," + "https://www.googleapis.com/auth/compute," + "https://www.googleapis.com/auth/compute.readonly"; + + // Create an SSH public key + rpc CreateSshPublicKey(CreateSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) { + option (google.api.http) = { + post: "/v1/{parent=users/*}/sshPublicKeys" + body: "ssh_public_key" + }; + option (google.api.method_signature) = "parent,ssh_public_key"; + } // Deletes a POSIX account. rpc DeletePosixAccount(DeletePosixAccountRequest) returns (google.protobuf.Empty) { @@ -113,6 +123,20 @@ message LoginProfile { map ssh_public_keys = 3; } +// A request message for creating an SSH public key. +message CreateSshPublicKeyRequest { + // Required. The unique ID for the user in format `users/{user}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "oslogin.googleapis.com/SshPublicKey" + } + ]; + + // Required. The SSH public key and expiration time. + google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = REQUIRED]; +} + // A request message for deleting a POSIX account entry. message DeletePosixAccountRequest { // Required. A reference to the POSIX account to update. POSIX accounts are identified @@ -190,6 +214,9 @@ message ImportSshPublicKeyRequest { message ImportSshPublicKeyResponse { // The login profile information for the user. LoginProfile login_profile = 1; + + // Detailed information about import results. + string details = 2; } // A request message for updating an SSH public key. diff --git a/google/cloud/oslogin/v1/oslogin_v1.yaml b/google/cloud/oslogin/v1/oslogin_v1.yaml index 8d345ed2b5f40..3c150c0fe9eec 100644 --- a/google/cloud/oslogin/v1/oslogin_v1.yaml +++ b/google/cloud/oslogin/v1/oslogin_v1.yaml @@ -21,3 +21,10 @@ authentication: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/compute + - selector: google.cloud.oslogin.v1.OsLoginService.GetLoginProfile + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform, + https://www.googleapis.com/auth/cloud-platform.read-only, + https://www.googleapis.com/auth/compute, + https://www.googleapis.com/auth/compute.readonly diff --git a/google/cloud/oslogin/v1beta/oslogin.proto b/google/cloud/oslogin/v1beta/oslogin.proto index a5d7847466a0f..9a7a06b4a03d2 100644 --- a/google/cloud/oslogin/v1beta/oslogin.proto +++ b/google/cloud/oslogin/v1beta/oslogin.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC. +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -// syntax = "proto3"; @@ -45,6 +44,15 @@ service OsLoginService { "https://www.googleapis.com/auth/compute," "https://www.googleapis.com/auth/compute.readonly"; + // Create an SSH public key + rpc CreateSshPublicKey(CreateSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) { + option (google.api.http) = { + post: "/v1beta/{parent=users/*}/sshPublicKeys" + body: "ssh_public_key" + }; + option (google.api.method_signature) = "parent,ssh_public_key"; + } + // Deletes a POSIX account. rpc DeletePosixAccount(DeletePosixAccountRequest) returns (google.protobuf.Empty) { option (google.api.http) = { @@ -113,6 +121,23 @@ message LoginProfile { // A map from SSH public key fingerprint to the associated key object. map ssh_public_keys = 3; + + // The registered security key credentials for a user. + repeated SecurityKey security_keys = 5; +} + +// A request message for creating an SSH public key. +message CreateSshPublicKeyRequest { + // Required. The unique ID for the user in format `users/{user}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "oslogin.googleapis.com/SshPublicKey" + } + ]; + + // Required. The SSH public key and expiration time. + google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = REQUIRED]; } // A request message for deleting a POSIX account entry. @@ -146,13 +171,19 @@ message GetLoginProfileRequest { // Required. The unique ID for the user in format `users/{user}`. string name = 1 [ (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference).type = "oslogin.googleapis.com/User"]; + (google.api.resource_reference) = { + type: "oslogin.googleapis.com/User" + } + ]; // The project ID of the Google Cloud Platform project. string project_id = 2; // A system ID for filtering the results of the request. string system_id = 3; + + // The view configures whether to retrieve security keys information. + LoginProfileView view = 4; } // A request message for retrieving an SSH public key. @@ -180,12 +211,18 @@ message ImportSshPublicKeyRequest { // The project ID of the Google Cloud Platform project. string project_id = 3; + + // The view configures whether to retrieve security keys information. + LoginProfileView view = 4; } // A response message for importing an SSH public key. message ImportSshPublicKeyResponse { // The login profile information for the user. LoginProfile login_profile = 1; + + // Detailed information about import results. + string details = 2; } // A request message for updating an SSH public key. @@ -206,3 +243,46 @@ message UpdateSshPublicKeyRequest { // Mask to control which fields get updated. Updates all if not present. google.protobuf.FieldMask update_mask = 3; } + +// The credential information for a Google registered security key. +message SecurityKey { + // Public key text in SSH format, defined by + // [RFC4253]("https://www.ietf.org/rfc/rfc4253.txt") section 6.6. + string public_key = 1; + + // Hardware-backed private key text in SSH format. + string private_key = 2; + + // The FIDO protocol type used to register this credential. + oneof protocol_type { + // The U2F protocol type. + UniversalTwoFactor universal_two_factor = 3; + + // The Web Authentication protocol type. + WebAuthn web_authn = 4; + } +} + +// Security key information specific to the U2F protocol. +message UniversalTwoFactor { + // Application ID for the U2F protocol. + string app_id = 1; +} + +// Security key information specific to the Web Authentication protocol. +message WebAuthn { + // Relying party ID for Web Authentication. + string rp_id = 1; +} + +// The login profile view limits the user content retrieved. +enum LoginProfileView { + // The default login profile view. The API defaults to the BASIC view. + LOGIN_PROFILE_VIEW_UNSPECIFIED = 0; + + // Includes POSIX and SSH key information. + BASIC = 1; + + // Include security key information for the user. + SECURITY_KEY = 2; +} diff --git a/google/cloud/oslogin/v1beta/oslogin_v1beta.yaml b/google/cloud/oslogin/v1beta/oslogin_v1beta.yaml index eea7d547adc38..5ec5c36068b46 100644 --- a/google/cloud/oslogin/v1beta/oslogin_v1beta.yaml +++ b/google/cloud/oslogin/v1beta/oslogin_v1beta.yaml @@ -21,3 +21,10 @@ authentication: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/compute + - selector: google.cloud.oslogin.v1beta.OsLoginService.GetLoginProfile + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform, + https://www.googleapis.com/auth/cloud-platform.read-only, + https://www.googleapis.com/auth/compute, + https://www.googleapis.com/auth/compute.readonly