suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Expose managedidentities/v1/ API for client library usage. 

PiperOrigin-RevId: 292968186
This commit is contained in:
Google APIs 2020-02-03 11:42:11 -08:00 committed by Copybara-Service
parent b5cbe4a4ba
commit a22129a1fb
5 changed files with 963 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
google/cloud/managedidentities/v1/artman_managedidentities_v1.yaml Normal file
View File

@ -0,0 +1,34 @@
common:
api_name: managedidentities
api_version: v1
organization_name: google-cloud
proto_deps:
- name: google-common-protos
src_proto_paths:
- .
service_yaml: managedidentities_v1.yaml
gapic_yaml: managedidentities_gapic.yaml
artifacts:
- name: gapic_config
type: GAPIC_CONFIG
- name: java_gapic
type: GAPIC
language: JAVA
- name: python_gapic
type: GAPIC
language: PYTHON
- name: nodejs_gapic
type: GAPIC
language: NODEJS
- name: php_gapic
type: GAPIC
language: PHP
- name: go_gapic
type: GAPIC
language: GO
- name: ruby_gapic
type: GAPIC
language: RUBY
- name: csharp_gapic
type: GAPIC
language: CSHARP

365
google/cloud/managedidentities/v1/managed_identities_service.proto Normal file
View File

@ -0,0 +1,365 @@
// Copyright 2019 Google LLC.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
syntax = "proto3";
package google.cloud.managedidentities.v1;
import "google/api/annotations.proto";
import "google/api/field_behavior.proto";
import "google/cloud/managedidentities/v1/resource.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
import "google/api/client.proto";
option csharp_namespace = "Google.Cloud.ManagedIdentities.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/managedidentities/v1;managedidentities";
option java_multiple_files = true;
option java_outer_classname = "ManagedIdentitiesServiceProto";
option java_package = "com.google.cloud.managedidentities.v1";
option objc_class_prefix = "GCMI";
option php_namespace = "Google\\Cloud\\ManagedIdentities\\V1";
// ## API Overview
//
// The `managedidentites.googleapis.com` service implements the Google Cloud
// Managed Identites API for identity services
// (e.g. Microsoft Active Directory).
//
// The Managed Identities service provides methods to manage
// (create/read/update/delete) domains, reset managed identities admin password,
// add/remove domain controllers in GCP regions and add/remove VPC peering.
//
// ## Data Model
//
// The Managed Identities service exposes the following resources:
//
// * Locations as global, named as follows:
// `projects/{project_id}/locations/global`.
//
// * Domains, named as follows:
// `/projects/{project_id}/locations/global/domain/{domain_name}`.
//
// The `{domain_name}` refers to fully qualified domain name in the customer
// project e.g. mydomain.myorganization.com, with the following restrictions:
//
// * Must contain only lowercase letters, numbers, periods and hyphens.
// * Must start with a letter.
// * Must contain between 2-64 characters.
// * Must end with a number or a letter.
// * Must not start with period.
// * First segement length (mydomain form example above) shouldn't exceed
// 15 chars.
// * The last segment cannot be fully numeric.
// * Must be unique within the customer project.
service ManagedIdentitiesService {
option (google.api.default_host) = "managedidentities.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// Creates a Microsoft AD domain.
rpc CreateMicrosoftAdDomain(CreateMicrosoftAdDomainRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{parent=projects/*/locations/global}/domains"
body: "domain"
};
option (google.longrunning.operation_info) = {
response_type: "Domain"
metadata_type: "OpMetadata"
};
}
// Resets a domain's administrator password.
rpc ResetAdminPassword(ResetAdminPasswordRequest) returns (ResetAdminPasswordResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/global/domains/*}:resetAdminPassword"
body: "*"
};
}
// Lists domains in a project.
rpc ListDomains(ListDomainsRequest) returns (ListDomainsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/locations/global}/domains"
};
}
// Gets information about a domain.
rpc GetDomain(GetDomainRequest) returns (Domain) {
option (google.api.http) = {
get: "/v1/{name=projects/*/locations/global/domains/*}"
};
}
// Updates the metadata and configuration of a domain.
rpc UpdateDomain(UpdateDomainRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
patch: "/v1/{domain.name=projects/*/locations/global/domains/*}"
body: "domain"
};
option (google.longrunning.operation_info) = {
response_type: "Domain"
metadata_type: "OpMetadata"
};
}
// Deletes a domain.
rpc DeleteDomain(DeleteDomainRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
delete: "/v1/{name=projects/*/locations/global/domains/*}"
};
option (google.longrunning.operation_info) = {
response_type: "google.protobuf.Empty"
metadata_type: "OpMetadata"
};
}
// Adds an AD trust to a domain.
rpc AttachTrust(AttachTrustRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/global/domains/*}:attachTrust"
body: "*"
};
option (google.longrunning.operation_info) = {
response_type: "Domain"
metadata_type: "OpMetadata"
};
}
// Updates the DNS conditional forwarder.
rpc ReconfigureTrust(ReconfigureTrustRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/global/domains/*}:reconfigureTrust"
body: "*"
};
option (google.longrunning.operation_info) = {
response_type: "Domain"
metadata_type: "OpMetadata"
};
}
// Removes an AD trust.
rpc DetachTrust(DetachTrustRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/global/domains/*}:detachTrust"
body: "*"
};
option (google.longrunning.operation_info) = {
response_type: "Domain"
metadata_type: "OpMetadata"
};
}
// Validates a trust state, that the target domain is reachable, and that the
// target domain is able to accept incoming trust requests.
rpc ValidateTrust(ValidateTrustRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/global/domains/*}:validateTrust"
body: "*"
};
option (google.longrunning.operation_info) = {
response_type: "Domain"
metadata_type: "OpMetadata"
};
}
}
// Represents the metadata of the long-running operation.
message OpMetadata {
// Output only. The time the operation was created.
google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time the operation finished running.
google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Server-defined resource path for the target of the operation.
string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Name of the verb executed by the operation.
string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Identifies whether the user has requested cancellation
// of the operation. Operations that have successfully been cancelled
// have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
// corresponding to `Code.CANCELLED`.
bool requested_cancellation = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. API version used to start the operation.
string api_version = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Request message for
// [CreateMicrosoftAdDomain][google.cloud.managedidentities.v1.CreateMicrosoftAdDomain]
message CreateMicrosoftAdDomainRequest {
// Required. The resource project name and location using the form:
// `projects/{project_id}/locations/global`
string parent = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The fully qualified domain name.
// e.g. mydomain.myorganization.com, with the following restrictions:
//
// * Must contain only lowercase letters, numbers, periods and hyphens.
// * Must start with a letter.
// * Must contain between 2-64 characters.
// * Must end with a number or a letter.
// * Must not start with period.
// * First segement length (mydomain form example above) shouldn't exceed
// 15 chars.
// * The last segment cannot be fully numeric.
// * Must be unique within the customer project.
string domain_name = 2 [(google.api.field_behavior) = REQUIRED];
// Required. A Managed Identity domain resource.
Domain domain = 3 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [ResetAdminPassword][google.cloud.managedidentities.v1.ResetAdminPassword]
message ResetAdminPasswordRequest {
// Required. The domain resource name using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
}
// Response message for
// [ResetAdminPassword][google.cloud.managedidentities.v1.ResetAdminPassword]
message ResetAdminPasswordResponse {
// A random password. See [admin][google.cloud.managedidentities.v1.Domain.admin] for more information.
string password = 1;
}
// Request message for
// [ListDomains][google.cloud.managedidentities.v1.ListDomains]
message ListDomainsRequest {
// Required. The resource name of the domain location using the form:
// `projects/{project_id}/locations/global`
string parent = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. The maximum number of items to return.
// If not specified, a default value of 1000 will be used.
// Regardless of the page_size value, the response may include a partial list.
// Callers should rely on a response's
// [next_page_token][google.cloud.managedidentities.v1.ListDomainsResponse.next_page_token]
// to determine if there are additional results to list.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The `next_page_token` value returned from a previous ListDomainsRequest
// request, if any.
string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. A filter specifying constraints of a list operation.
// For example, `Domain.fqdn="mydomain.myorginization"`.
string filter = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. Specifies the ordering of results. See
// [Sorting
// order](https://cloud.google.com/apis/design/design_patterns#sorting_order)
// for more information.
string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
}
// Response message for
// [ListDomains][google.cloud.managedidentities.v1.ListDomains]
message ListDomainsResponse {
// A list of Managed Identities Service domains in the project.
repeated Domain domains = 1;
// A token to retrieve the next page of results, or empty if there are no more
// results in the list.
string next_page_token = 2;
// A list of locations that could not be reached.
repeated string unreachable = 3;
}
// Request message for [GetDomain][google.cloud.managedidentities.v1.GetDomain]
message GetDomainRequest {
// Required. The domain resource name using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [UpdateDomain][google.cloud.managedidentities.v1.UpdateDomain]
message UpdateDomainRequest {
// Required. Mask of fields to update. At least one path must be supplied in this
// field. The elements of the repeated paths field may only include
// fields from [Domain][google.cloud.managedidentities.v1.Domain]:
// * `labels`
// * `locations`
// * `authorized_networks`
google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = REQUIRED];
// Required. Domain message with updated fields. Only supported fields specified in
// update_mask are updated.
Domain domain = 2 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [DeleteDomain][google.cloud.managedidentities.v1.DeleteDomain]
message DeleteDomainRequest {
// Required. The domain resource name using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [AttachTrust][google.cloud.managedidentities.v1.AttachTrust]
message AttachTrustRequest {
// Required. The resource domain name, project name and location using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The domain trust resource.
Trust trust = 2 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [ReconfigureTrust][google.cloud.managedidentities.v1.ReconfigureTrust]
message ReconfigureTrustRequest {
// Required. The resource domain name, project name and location using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The fully-qualified target domain name which will be in trust with current
// domain.
string target_domain_name = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The target DNS server IP addresses to resolve the remote domain involved
// in the trust.
repeated string target_dns_ip_addresses = 3 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [DetachTrust][google.cloud.managedidentities.v1.DetachTrust]
message DetachTrustRequest {
// Required. The resource domain name, project name, and location using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The domain trust resource to removed.
Trust trust = 2 [(google.api.field_behavior) = REQUIRED];
}
// Request message for
// [ValidateTrust][google.cloud.managedidentities.v1.ValidateTrust]
message ValidateTrustRequest {
// Required. The resource domain name, project name, and location using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The domain trust to validate trust state for.
Trust trust = 2 [(google.api.field_behavior) = REQUIRED];
}

294
google/cloud/managedidentities/v1/managedidentities_gapic.yaml Normal file
View File

@ -0,0 +1,294 @@
type: com.google.api.codegen.ConfigProto
config_schema_version: 1.0.0
# The settings of generated code in a specific language.
language_settings:
java:
package_name: com.google.cloud.managedidentities.v1
python:
package_name: google.cloud.managedidentities_v1.gapic
go:
package_name: cloud.google.com/go/managedidentities/apiv1
csharp:
package_name: Google.Cloud.Managedidentities.V1
ruby:
package_name: Google::Cloud::Managedidentities::V1
php:
package_name: Google\Cloud\Managedidentities\V1
nodejs:
package_name: managedidentities.v1
# A list of API interface configurations.
interfaces:
# The fully qualified name of the API interface.
- name: google.cloud.managedidentities.v1.ManagedIdentitiesService
# A list of resource collection configurations.
# Consists of a name_pattern and an entity_name.
# The name_pattern is a pattern to describe the names of the resources of this
# collection, using the platform's conventions for URI patterns. A generator
# may use this to generate methods to compose and decompose such names. The
# pattern should use named placeholders as in `shelves/{shelf}/books/{book}`;
# those will be taken as hints for the parameter names of the generated
# methods. If empty, no name methods are generated.
# The entity_name is the name to be used as a basis for generated methods and
# classes.
collections:
- name_pattern: projects/{project}/locations/global
entity_name: project_locations
- name_pattern: projects/{project}/locations/global/domains/{domain}
entity_name: domain
# Definition for retryable codes.
retry_codes_def:
- name: idempotent
retry_codes:
- DEADLINE_EXCEEDED
- UNAVAILABLE
- name: non_idempotent
retry_codes: []
# Definition for retry/backoff parameters.
retry_params_def:
- name: default
initial_retry_delay_millis: 100
retry_delay_multiplier: 1.3
max_retry_delay_millis: 60000
initial_rpc_timeout_millis: 20000
rpc_timeout_multiplier: 1
max_rpc_timeout_millis: 20000
total_timeout_millis: 600000
# A list of method configurations.
# Common properties:
#
# name - The simple name of the method.
#
# flattening - Specifies the configuration for parameter flattening.
# Describes the parameter groups for which a generator should produce method
# overloads which allow a client to directly pass request message fields as
# method parameters. This information may or may not be used, depending on
# the target language.
# Consists of groups, which each represent a list of parameters to be
# flattened. Each parameter listed must be a field of the request message.
#
# required_fields - Fields that are always required for a request to be
# valid.
#
# page_streaming - Specifies the configuration for paging.
# Describes information for generating a method which transforms a paging
# list RPC into a stream of resources.
# Consists of a request and a response.
# The request specifies request information of the list method. It defines
# which fields match the paging pattern in the request. The request consists
# of a page_size_field and a token_field. The page_size_field is the name of
# the optional field specifying the maximum number of elements to be
# returned in the response. The token_field is the name of the field in the
# request containing the page token.
# The response specifies response information of the list method. It defines
# which fields match the paging pattern in the response. The response
# consists of a token_field and a resources_field. The token_field is the
# name of the field in the response containing the next page token. The
# resources_field is the name of the field in the response containing the
# list of resources belonging to the page.
#
# retry_codes_name - Specifies the configuration for retryable codes. The
# name must be defined in interfaces.retry_codes_def.
#
# retry_params_name - Specifies the configuration for retry/backoff
# parameters. The name must be defined in interfaces.retry_params_def.
#
# field_name_patterns - Maps the field name of the request type to
# entity_name of interfaces.collections.
# Specifies the string pattern that the field must follow.
#
# timeout_millis - Specifies the default timeout for a non-retrying call. If
# the call is retrying, refer to retry_params_name instead.
methods:
- name: CreateMicrosoftAdDomain
flattening:
groups:
- parameters:
- parent
- domain_name
- domain
required_fields:
- parent
- domain_name
- domain
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
parent: project_locations
long_running:
return_type: google.cloud.managedidentities.v1.Domain
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 60000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 360000
total_poll_timeout_millis: 54000000
timeout_millis: 60000
- name: ResetAdminPassword
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: domain
timeout_millis: 60000
- name: ListDomains
flattening:
groups:
- parameters:
- parent
- filter
- order_by
required_fields:
- parent
page_streaming:
request:
page_size_field: page_size
token_field: page_token
response:
token_field: next_page_token
resources_field: domains
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
parent: project_locations
timeout_millis: 60000
- name: GetDomain
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: domain
timeout_millis: 60000
- name: UpdateDomain
flattening:
groups:
- parameters:
- domain
- update_mask
required_fields:
- domain
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
domain.name: domain
long_running:
return_type: google.cloud.managedidentities.v1.Domain
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 60000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 360000
total_poll_timeout_millis: 54000000
timeout_millis: 60000
- name: DeleteDomain
flattening:
groups:
- parameters:
- name
required_fields:
- name
retry_codes_name: idempotent
retry_params_name: default
field_name_patterns:
name: domain
long_running:
return_type: google.protobuf.Empty
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 10000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 60000
total_poll_timeout_millis: 900000
timeout_millis: 60000
- name: AttachTrust
flattening:
groups:
- parameters:
- name
- trust
required_fields:
- name
- trust
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: domain
long_running:
return_type: google.cloud.managedidentities.v1.Domain
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 10000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 60000
total_poll_timeout_millis: 600000
timeout_millis: 60000
- name: ReconfigureTrust
flattening:
groups:
- parameters:
- name
- target_domain_name
- target_dns_ip_addresses
required_fields:
- name
- target_domain_name
- target_dns_ip_addresses
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: domain
long_running:
return_type: google.cloud.managedidentities.v1.Domain
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 10000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 60000
total_poll_timeout_millis: 600000
timeout_millis: 60000
- name: DetachTrust
flattening:
groups:
- parameters:
- name
- trust
required_fields:
- name
- trust
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: domain
long_running:
return_type: google.cloud.managedidentities.v1.Domain
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 10000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 60000
total_poll_timeout_millis: 600000
timeout_millis: 60000
- name: ValidateTrust
flattening:
groups:
- parameters:
- name
- trust
required_fields:
- name
- trust
retry_codes_name: non_idempotent
retry_params_name: default
field_name_patterns:
name: domain
long_running:
return_type: google.cloud.managedidentities.v1.Domain
metadata_type: google.cloud.managedidentities.v1.OpMetadata
initial_poll_delay_millis: 10000
poll_delay_multiplier: 1.5
max_poll_delay_millis: 60000
total_poll_timeout_millis: 600000
timeout_millis: 60000

65
google/cloud/managedidentities/v1/managedidentities_v1.yaml Normal file
View File

@ -0,0 +1,65 @@
type: google.api.Service
config_version: 3
name: managedidentities.googleapis.com
title: Managed Service for Microsoft Active Directory API
apis:
- name: google.cloud.managedidentities.v1.ManagedIdentitiesService
types:
- name: google.cloud.managedidentities.v1.OpMetadata
documentation:
summary: |-
The Managed Service for Microsoft Active Directory API is used for managing
a highly available, hardened service running Microsoft Active Directory
(AD).
rules:
- selector: google.iam.v1.IAMPolicy.GetIamPolicy
description: |-
Gets the access control policy for a resource. Returns an empty policy
if the resource exists and does not have a policy set.
- selector: google.iam.v1.IAMPolicy.SetIamPolicy
description: |-
Sets the access control policy on the specified resource. Replaces
any existing policy.
Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and
PERMISSION_DENIED
- selector: google.iam.v1.IAMPolicy.TestIamPermissions
description: |-
Returns permissions that a caller has on the specified resource. If the
resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building
permission-aware UIs and command-line tools, not for authorization
checking. This operation may "fail open" without warning.
backend:
rules:
- selector: 'google.cloud.managedidentities.v1.ManagedIdentitiesService.*'
deadline: 60.0
- selector: 'google.iam.v1.IAMPolicy.*'
deadline: 60.0
- selector: 'google.longrunning.Operations.*'
deadline: 60.0
- selector: google.longrunning.Operations.GetOperation
deadline: 5.0
authentication:
rules:
- selector: 'google.cloud.managedidentities.v1.ManagedIdentitiesService.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform
- selector: 'google.iam.v1.IAMPolicy.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform
- selector: 'google.longrunning.Operations.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform

205
google/cloud/managedidentities/v1/resource.proto Normal file
View File

@ -0,0 +1,205 @@
// Copyright 2019 Google LLC.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
syntax = "proto3";
package google.cloud.managedidentities.v1;
import "google/api/field_behavior.proto";
import "google/protobuf/timestamp.proto";
import "google/api/annotations.proto";
option csharp_namespace = "Google.Cloud.ManagedIdentities.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/managedidentities/v1;managedidentities";
option java_multiple_files = true;
option java_outer_classname = "ResourceProto";
option java_package = "com.google.cloud.managedidentities.v1";
// Represents a managed Microsoft Active Directory domain.
message Domain {
// Represents the different states of a managed domain.
enum State {
// Not set.
STATE_UNSPECIFIED = 0;
// The domain is being created.
CREATING = 1;
// The domain has been created and is fully usable.
READY = 2;
// The domain's configuration is being updated.
UPDATING = 3;
// The domain is being deleted.
DELETING = 4;
// The domain is being repaired and may be unusable. Details
// can be found in the `status_message` field.
REPAIRING = 5;
// The domain is undergoing maintenance.
PERFORMING_MAINTENANCE = 6;
// The domain is not serving requests.
UNAVAILABLE = 7;
}
// Required. The unique name of the domain using the form:
// `projects/{project_id}/locations/global/domains/{domain_name}`.
string name = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. Resource labels that can contain user-provided metadata.
map<string, string> labels = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The full names of the Google Compute Engine
// [networks](/compute/docs/networks-and-firewalls#networks) the domain
// instance is connected to. Networks can be added using UpdateDomain.
// The domain is only available on networks listed in `authorized_networks`.
// If CIDR subnets overlap between networks, domain creation will fail.
repeated string authorized_networks = 3 [(google.api.field_behavior) = OPTIONAL];
// Required. The CIDR range of internal addresses that are reserved for this
// domain. Reserved networks must be /24 or larger. Ranges must be
// unique and non-overlapping with existing subnets in
// [Domain].[authorized_networks].
string reserved_ip_range = 4 [(google.api.field_behavior) = REQUIRED];
// Required. Locations where domain needs to be provisioned.
// [regions][compute/docs/regions-zones/]
// e.g. us-west1 or us-east4
// Service supports up to 4 locations at once. Each location will use a /26
// block.
repeated string locations = 5 [(google.api.field_behavior) = REQUIRED];
// Optional. The name of delegated administrator account used to perform
// Active Directory operations. If not specified, `setupadmin` will be used.
string admin = 6 [(google.api.field_behavior) = OPTIONAL];
// Output only. The fully-qualified domain name of the exposed domain used by
// clients to connect to the service. Similar to what would be chosen for an
// Active Directory set up on an internal network.
string fqdn = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The time the instance was created.
google.protobuf.Timestamp create_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update time.
google.protobuf.Timestamp update_time = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The current state of this domain.
State state = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Additional information about the current status of this
// domain, if available.
string status_message = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The current trusts associated with the domain.
repeated Trust trusts = 15 [(google.api.field_behavior) = OUTPUT_ONLY];
}
// Represents a relationship between two domains. This allows a controller in
// one domain to authenticate a user in another domain.
message Trust {
// Represents the different states of a domain trust.
enum State {
// Not set.
STATE_UNSPECIFIED = 0;
// The domain trust is being created.
CREATING = 1;
// The domain trust is being updated.
UPDATING = 2;
// The domain trust is being deleted.
DELETING = 3;
// The domain trust is connected.
CONNECTED = 4;
// The domain trust is disconnected.
DISCONNECTED = 5;
}
// Represents the different inter-forest trust types.
enum TrustType {
// Not set.
TRUST_TYPE_UNSPECIFIED = 0;
// The forest trust.
FOREST = 1;
// The external domain trust.
EXTERNAL = 2;
}
// Represents the direction of trust.
// See
// [System.DirectoryServices.ActiveDirectory.TrustDirection](https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.trustdirection?view=netframework-4.7.2)
// for more information.
enum TrustDirection {
// Not set.
TRUST_DIRECTION_UNSPECIFIED = 0;
// The inbound direction represents the trusting side.
INBOUND = 1;
// The outboud direction represents the trusted side.
OUTBOUND = 2;
// The bidirectional direction represents the trusted / trusting side.
BIDIRECTIONAL = 3;
}
// Required. The fully qualified target domain name which will be in trust with the
// current domain.
string target_domain_name = 1 [(google.api.field_behavior) = REQUIRED];
// Required. The type of trust represented by the trust resource.
TrustType trust_type = 2 [(google.api.field_behavior) = REQUIRED];
// Required. The trust direction, which decides if the current domain is trusted,
// trusting, or both.
TrustDirection trust_direction = 3 [(google.api.field_behavior) = REQUIRED];
// Optional. The trust authentication type, which decides whether the trusted side has
// forest/domain wide access or selective access to an approved set of
// resources.
bool selective_authentication = 4 [(google.api.field_behavior) = OPTIONAL];
// Required. The target DNS server IP addresses which can resolve the remote domain
// involved in the trust.
repeated string target_dns_ip_addresses = 5 [(google.api.field_behavior) = REQUIRED];
// Required. The trust secret used for the handshake with the target domain. This will
// not be stored.
string trust_handshake_secret = 6 [(google.api.field_behavior) = REQUIRED];
// Output only. The time the instance was created.
google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last update time.
google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The current state of the trust.
State state = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Additional information about the current state of the trust, if available.
string state_description = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. The last heartbeat time when the trust was known to be connected.
google.protobuf.Timestamp last_trust_heartbeat_time = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
}