diff --git a/google/cloud/managedidentities/v1/artman_managedidentities_v1.yaml b/google/cloud/managedidentities/v1/artman_managedidentities_v1.yaml new file mode 100644 index 00000000..658b27ff --- /dev/null +++ b/google/cloud/managedidentities/v1/artman_managedidentities_v1.yaml @@ -0,0 +1,34 @@ +common: + api_name: managedidentities + api_version: v1 + organization_name: google-cloud + proto_deps: + - name: google-common-protos + src_proto_paths: + - . + service_yaml: managedidentities_v1.yaml + gapic_yaml: managedidentities_gapic.yaml +artifacts: +- name: gapic_config + type: GAPIC_CONFIG +- name: java_gapic + type: GAPIC + language: JAVA +- name: python_gapic + type: GAPIC + language: PYTHON +- name: nodejs_gapic + type: GAPIC + language: NODEJS +- name: php_gapic + type: GAPIC + language: PHP +- name: go_gapic + type: GAPIC + language: GO +- name: ruby_gapic + type: GAPIC + language: RUBY +- name: csharp_gapic + type: GAPIC + language: CSHARP diff --git a/google/cloud/managedidentities/v1/managed_identities_service.proto b/google/cloud/managedidentities/v1/managed_identities_service.proto new file mode 100644 index 00000000..bad1e166 --- /dev/null +++ b/google/cloud/managedidentities/v1/managed_identities_service.proto @@ -0,0 +1,365 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.managedidentities.v1; + +import "google/api/annotations.proto"; +import "google/api/field_behavior.proto"; +import "google/cloud/managedidentities/v1/resource.proto"; +import "google/longrunning/operations.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; +import "google/api/client.proto"; + +option csharp_namespace = "Google.Cloud.ManagedIdentities.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/managedidentities/v1;managedidentities"; +option java_multiple_files = true; +option java_outer_classname = "ManagedIdentitiesServiceProto"; +option java_package = "com.google.cloud.managedidentities.v1"; +option objc_class_prefix = "GCMI"; +option php_namespace = "Google\\Cloud\\ManagedIdentities\\V1"; + +// ## API Overview +// +// The `managedidentites.googleapis.com` service implements the Google Cloud +// Managed Identites API for identity services +// (e.g. Microsoft Active Directory). +// +// The Managed Identities service provides methods to manage +// (create/read/update/delete) domains, reset managed identities admin password, +// add/remove domain controllers in GCP regions and add/remove VPC peering. +// +// ## Data Model +// +// The Managed Identities service exposes the following resources: +// +// * Locations as global, named as follows: +// `projects/{project_id}/locations/global`. +// +// * Domains, named as follows: +// `/projects/{project_id}/locations/global/domain/{domain_name}`. +// +// The `{domain_name}` refers to fully qualified domain name in the customer +// project e.g. mydomain.myorganization.com, with the following restrictions: +// +// * Must contain only lowercase letters, numbers, periods and hyphens. +// * Must start with a letter. +// * Must contain between 2-64 characters. +// * Must end with a number or a letter. +// * Must not start with period. +// * First segement length (mydomain form example above) shouldn't exceed +// 15 chars. +// * The last segment cannot be fully numeric. +// * Must be unique within the customer project. +service ManagedIdentitiesService { + option (google.api.default_host) = "managedidentities.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Creates a Microsoft AD domain. + rpc CreateMicrosoftAdDomain(CreateMicrosoftAdDomainRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/global}/domains" + body: "domain" + }; + option (google.longrunning.operation_info) = { + response_type: "Domain" + metadata_type: "OpMetadata" + }; + } + + // Resets a domain's administrator password. + rpc ResetAdminPassword(ResetAdminPasswordRequest) returns (ResetAdminPasswordResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/global/domains/*}:resetAdminPassword" + body: "*" + }; + } + + // Lists domains in a project. + rpc ListDomains(ListDomainsRequest) returns (ListDomainsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/global}/domains" + }; + } + + // Gets information about a domain. + rpc GetDomain(GetDomainRequest) returns (Domain) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/global/domains/*}" + }; + } + + // Updates the metadata and configuration of a domain. + rpc UpdateDomain(UpdateDomainRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1/{domain.name=projects/*/locations/global/domains/*}" + body: "domain" + }; + option (google.longrunning.operation_info) = { + response_type: "Domain" + metadata_type: "OpMetadata" + }; + } + + // Deletes a domain. + rpc DeleteDomain(DeleteDomainRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1/{name=projects/*/locations/global/domains/*}" + }; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "OpMetadata" + }; + } + + // Adds an AD trust to a domain. + rpc AttachTrust(AttachTrustRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/global/domains/*}:attachTrust" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "Domain" + metadata_type: "OpMetadata" + }; + } + + // Updates the DNS conditional forwarder. + rpc ReconfigureTrust(ReconfigureTrustRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/global/domains/*}:reconfigureTrust" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "Domain" + metadata_type: "OpMetadata" + }; + } + + // Removes an AD trust. + rpc DetachTrust(DetachTrustRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/global/domains/*}:detachTrust" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "Domain" + metadata_type: "OpMetadata" + }; + } + + // Validates a trust state, that the target domain is reachable, and that the + // target domain is able to accept incoming trust requests. + rpc ValidateTrust(ValidateTrustRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/global/domains/*}:validateTrust" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "Domain" + metadata_type: "OpMetadata" + }; + } +} + +// Represents the metadata of the long-running operation. +message OpMetadata { + // Output only. The time the operation was created. + google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time the operation finished running. + google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Server-defined resource path for the target of the operation. + string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Name of the verb executed by the operation. + string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Identifies whether the user has requested cancellation + // of the operation. Operations that have successfully been cancelled + // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1, + // corresponding to `Code.CANCELLED`. + bool requested_cancellation = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. API version used to start the operation. + string api_version = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// Request message for +// [CreateMicrosoftAdDomain][google.cloud.managedidentities.v1.CreateMicrosoftAdDomain] +message CreateMicrosoftAdDomainRequest { + // Required. The resource project name and location using the form: + // `projects/{project_id}/locations/global` + string parent = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The fully qualified domain name. + // e.g. mydomain.myorganization.com, with the following restrictions: + // + // * Must contain only lowercase letters, numbers, periods and hyphens. + // * Must start with a letter. + // * Must contain between 2-64 characters. + // * Must end with a number or a letter. + // * Must not start with period. + // * First segement length (mydomain form example above) shouldn't exceed + // 15 chars. + // * The last segment cannot be fully numeric. + // * Must be unique within the customer project. + string domain_name = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A Managed Identity domain resource. + Domain domain = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [ResetAdminPassword][google.cloud.managedidentities.v1.ResetAdminPassword] +message ResetAdminPasswordRequest { + // Required. The domain resource name using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Response message for +// [ResetAdminPassword][google.cloud.managedidentities.v1.ResetAdminPassword] +message ResetAdminPasswordResponse { + // A random password. See [admin][google.cloud.managedidentities.v1.Domain.admin] for more information. + string password = 1; +} + +// Request message for +// [ListDomains][google.cloud.managedidentities.v1.ListDomains] +message ListDomainsRequest { + // Required. The resource name of the domain location using the form: + // `projects/{project_id}/locations/global` + string parent = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The maximum number of items to return. + // If not specified, a default value of 1000 will be used. + // Regardless of the page_size value, the response may include a partial list. + // Callers should rely on a response's + // [next_page_token][google.cloud.managedidentities.v1.ListDomainsResponse.next_page_token] + // to determine if there are additional results to list. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The `next_page_token` value returned from a previous ListDomainsRequest + // request, if any. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A filter specifying constraints of a list operation. + // For example, `Domain.fqdn="mydomain.myorginization"`. + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specifies the ordering of results. See + // [Sorting + // order](https://cloud.google.com/apis/design/design_patterns#sorting_order) + // for more information. + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for +// [ListDomains][google.cloud.managedidentities.v1.ListDomains] +message ListDomainsResponse { + // A list of Managed Identities Service domains in the project. + repeated Domain domains = 1; + + // A token to retrieve the next page of results, or empty if there are no more + // results in the list. + string next_page_token = 2; + + // A list of locations that could not be reached. + repeated string unreachable = 3; +} + +// Request message for [GetDomain][google.cloud.managedidentities.v1.GetDomain] +message GetDomainRequest { + // Required. The domain resource name using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [UpdateDomain][google.cloud.managedidentities.v1.UpdateDomain] +message UpdateDomainRequest { + // Required. Mask of fields to update. At least one path must be supplied in this + // field. The elements of the repeated paths field may only include + // fields from [Domain][google.cloud.managedidentities.v1.Domain]: + // * `labels` + // * `locations` + // * `authorized_networks` + google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Domain message with updated fields. Only supported fields specified in + // update_mask are updated. + Domain domain = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [DeleteDomain][google.cloud.managedidentities.v1.DeleteDomain] +message DeleteDomainRequest { + // Required. The domain resource name using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [AttachTrust][google.cloud.managedidentities.v1.AttachTrust] +message AttachTrustRequest { + // Required. The resource domain name, project name and location using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The domain trust resource. + Trust trust = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [ReconfigureTrust][google.cloud.managedidentities.v1.ReconfigureTrust] +message ReconfigureTrustRequest { + // Required. The resource domain name, project name and location using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The fully-qualified target domain name which will be in trust with current + // domain. + string target_domain_name = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The target DNS server IP addresses to resolve the remote domain involved + // in the trust. + repeated string target_dns_ip_addresses = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [DetachTrust][google.cloud.managedidentities.v1.DetachTrust] +message DetachTrustRequest { + // Required. The resource domain name, project name, and location using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The domain trust resource to removed. + Trust trust = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [ValidateTrust][google.cloud.managedidentities.v1.ValidateTrust] +message ValidateTrustRequest { + // Required. The resource domain name, project name, and location using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The domain trust to validate trust state for. + Trust trust = 2 [(google.api.field_behavior) = REQUIRED]; +} diff --git a/google/cloud/managedidentities/v1/managedidentities_gapic.yaml b/google/cloud/managedidentities/v1/managedidentities_gapic.yaml new file mode 100644 index 00000000..43ed89ca --- /dev/null +++ b/google/cloud/managedidentities/v1/managedidentities_gapic.yaml @@ -0,0 +1,294 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 1.0.0 +# The settings of generated code in a specific language. +language_settings: + java: + package_name: com.google.cloud.managedidentities.v1 + python: + package_name: google.cloud.managedidentities_v1.gapic + go: + package_name: cloud.google.com/go/managedidentities/apiv1 + csharp: + package_name: Google.Cloud.Managedidentities.V1 + ruby: + package_name: Google::Cloud::Managedidentities::V1 + php: + package_name: Google\Cloud\Managedidentities\V1 + nodejs: + package_name: managedidentities.v1 +# A list of API interface configurations. +interfaces: +# The fully qualified name of the API interface. +- name: google.cloud.managedidentities.v1.ManagedIdentitiesService + # A list of resource collection configurations. + # Consists of a name_pattern and an entity_name. + # The name_pattern is a pattern to describe the names of the resources of this + # collection, using the platform's conventions for URI patterns. A generator + # may use this to generate methods to compose and decompose such names. The + # pattern should use named placeholders as in `shelves/{shelf}/books/{book}`; + # those will be taken as hints for the parameter names of the generated + # methods. If empty, no name methods are generated. + # The entity_name is the name to be used as a basis for generated methods and + # classes. + collections: + - name_pattern: projects/{project}/locations/global + entity_name: project_locations + - name_pattern: projects/{project}/locations/global/domains/{domain} + entity_name: domain + # Definition for retryable codes. + retry_codes_def: + - name: idempotent + retry_codes: + - DEADLINE_EXCEEDED + - UNAVAILABLE + - name: non_idempotent + retry_codes: [] + # Definition for retry/backoff parameters. + retry_params_def: + - name: default + initial_retry_delay_millis: 100 + retry_delay_multiplier: 1.3 + max_retry_delay_millis: 60000 + initial_rpc_timeout_millis: 20000 + rpc_timeout_multiplier: 1 + max_rpc_timeout_millis: 20000 + total_timeout_millis: 600000 + # A list of method configurations. + # Common properties: + # + # name - The simple name of the method. + # + # flattening - Specifies the configuration for parameter flattening. + # Describes the parameter groups for which a generator should produce method + # overloads which allow a client to directly pass request message fields as + # method parameters. This information may or may not be used, depending on + # the target language. + # Consists of groups, which each represent a list of parameters to be + # flattened. Each parameter listed must be a field of the request message. + # + # required_fields - Fields that are always required for a request to be + # valid. + # + # page_streaming - Specifies the configuration for paging. + # Describes information for generating a method which transforms a paging + # list RPC into a stream of resources. + # Consists of a request and a response. + # The request specifies request information of the list method. It defines + # which fields match the paging pattern in the request. The request consists + # of a page_size_field and a token_field. The page_size_field is the name of + # the optional field specifying the maximum number of elements to be + # returned in the response. The token_field is the name of the field in the + # request containing the page token. + # The response specifies response information of the list method. It defines + # which fields match the paging pattern in the response. The response + # consists of a token_field and a resources_field. The token_field is the + # name of the field in the response containing the next page token. The + # resources_field is the name of the field in the response containing the + # list of resources belonging to the page. + # + # retry_codes_name - Specifies the configuration for retryable codes. The + # name must be defined in interfaces.retry_codes_def. + # + # retry_params_name - Specifies the configuration for retry/backoff + # parameters. The name must be defined in interfaces.retry_params_def. + # + # field_name_patterns - Maps the field name of the request type to + # entity_name of interfaces.collections. + # Specifies the string pattern that the field must follow. + # + # timeout_millis - Specifies the default timeout for a non-retrying call. If + # the call is retrying, refer to retry_params_name instead. + methods: + - name: CreateMicrosoftAdDomain + flattening: + groups: + - parameters: + - parent + - domain_name + - domain + required_fields: + - parent + - domain_name + - domain + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + parent: project_locations + long_running: + return_type: google.cloud.managedidentities.v1.Domain + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 60000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 360000 + total_poll_timeout_millis: 54000000 + timeout_millis: 60000 + - name: ResetAdminPassword + flattening: + groups: + - parameters: + - name + required_fields: + - name + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + name: domain + timeout_millis: 60000 + - name: ListDomains + flattening: + groups: + - parameters: + - parent + - filter + - order_by + required_fields: + - parent + page_streaming: + request: + page_size_field: page_size + token_field: page_token + response: + token_field: next_page_token + resources_field: domains + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + parent: project_locations + timeout_millis: 60000 + - name: GetDomain + flattening: + groups: + - parameters: + - name + required_fields: + - name + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + name: domain + timeout_millis: 60000 + - name: UpdateDomain + flattening: + groups: + - parameters: + - domain + - update_mask + required_fields: + - domain + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + domain.name: domain + long_running: + return_type: google.cloud.managedidentities.v1.Domain + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 60000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 360000 + total_poll_timeout_millis: 54000000 + timeout_millis: 60000 + - name: DeleteDomain + flattening: + groups: + - parameters: + - name + required_fields: + - name + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + name: domain + long_running: + return_type: google.protobuf.Empty + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 10000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 60000 + total_poll_timeout_millis: 900000 + timeout_millis: 60000 + - name: AttachTrust + flattening: + groups: + - parameters: + - name + - trust + required_fields: + - name + - trust + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + name: domain + long_running: + return_type: google.cloud.managedidentities.v1.Domain + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 10000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 60000 + total_poll_timeout_millis: 600000 + timeout_millis: 60000 + - name: ReconfigureTrust + flattening: + groups: + - parameters: + - name + - target_domain_name + - target_dns_ip_addresses + required_fields: + - name + - target_domain_name + - target_dns_ip_addresses + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + name: domain + long_running: + return_type: google.cloud.managedidentities.v1.Domain + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 10000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 60000 + total_poll_timeout_millis: 600000 + timeout_millis: 60000 + - name: DetachTrust + flattening: + groups: + - parameters: + - name + - trust + required_fields: + - name + - trust + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + name: domain + long_running: + return_type: google.cloud.managedidentities.v1.Domain + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 10000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 60000 + total_poll_timeout_millis: 600000 + timeout_millis: 60000 + - name: ValidateTrust + flattening: + groups: + - parameters: + - name + - trust + required_fields: + - name + - trust + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + name: domain + long_running: + return_type: google.cloud.managedidentities.v1.Domain + metadata_type: google.cloud.managedidentities.v1.OpMetadata + initial_poll_delay_millis: 10000 + poll_delay_multiplier: 1.5 + max_poll_delay_millis: 60000 + total_poll_timeout_millis: 600000 + timeout_millis: 60000 diff --git a/google/cloud/managedidentities/v1/managedidentities_v1.yaml b/google/cloud/managedidentities/v1/managedidentities_v1.yaml new file mode 100644 index 00000000..eac6504a --- /dev/null +++ b/google/cloud/managedidentities/v1/managedidentities_v1.yaml @@ -0,0 +1,65 @@ +type: google.api.Service +config_version: 3 +name: managedidentities.googleapis.com +title: Managed Service for Microsoft Active Directory API + +apis: +- name: google.cloud.managedidentities.v1.ManagedIdentitiesService + +types: +- name: google.cloud.managedidentities.v1.OpMetadata + +documentation: + summary: |- + The Managed Service for Microsoft Active Directory API is used for managing + a highly available, hardened service running Microsoft Active Directory + (AD). + rules: + - selector: google.iam.v1.IAMPolicy.GetIamPolicy + description: |- + Gets the access control policy for a resource. Returns an empty policy + if the resource exists and does not have a policy set. + + - selector: google.iam.v1.IAMPolicy.SetIamPolicy + description: |- + Sets the access control policy on the specified resource. Replaces + any existing policy. + + Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and + PERMISSION_DENIED + + - selector: google.iam.v1.IAMPolicy.TestIamPermissions + description: |- + Returns permissions that a caller has on the specified resource. If the + resource does not exist, this will return an empty set of + permissions, not a NOT_FOUND error. + + Note: This operation is designed to be used for building + permission-aware UIs and command-line tools, not for authorization + checking. This operation may "fail open" without warning. + +backend: + rules: + - selector: 'google.cloud.managedidentities.v1.ManagedIdentitiesService.*' + deadline: 60.0 + - selector: 'google.iam.v1.IAMPolicy.*' + deadline: 60.0 + - selector: 'google.longrunning.Operations.*' + deadline: 60.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 5.0 + +authentication: + rules: + - selector: 'google.cloud.managedidentities.v1.ManagedIdentitiesService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.iam.v1.IAMPolicy.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.longrunning.Operations.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/google/cloud/managedidentities/v1/resource.proto b/google/cloud/managedidentities/v1/resource.proto new file mode 100644 index 00000000..86af276b --- /dev/null +++ b/google/cloud/managedidentities/v1/resource.proto @@ -0,0 +1,205 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.managedidentities.v1; + +import "google/api/field_behavior.proto"; +import "google/protobuf/timestamp.proto"; +import "google/api/annotations.proto"; + +option csharp_namespace = "Google.Cloud.ManagedIdentities.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/managedidentities/v1;managedidentities"; +option java_multiple_files = true; +option java_outer_classname = "ResourceProto"; +option java_package = "com.google.cloud.managedidentities.v1"; + +// Represents a managed Microsoft Active Directory domain. +message Domain { + // Represents the different states of a managed domain. + enum State { + // Not set. + STATE_UNSPECIFIED = 0; + + // The domain is being created. + CREATING = 1; + + // The domain has been created and is fully usable. + READY = 2; + + // The domain's configuration is being updated. + UPDATING = 3; + + // The domain is being deleted. + DELETING = 4; + + // The domain is being repaired and may be unusable. Details + // can be found in the `status_message` field. + REPAIRING = 5; + + // The domain is undergoing maintenance. + PERFORMING_MAINTENANCE = 6; + + // The domain is not serving requests. + UNAVAILABLE = 7; + } + + // Required. The unique name of the domain using the form: + // `projects/{project_id}/locations/global/domains/{domain_name}`. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Resource labels that can contain user-provided metadata. + map labels = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The full names of the Google Compute Engine + // [networks](/compute/docs/networks-and-firewalls#networks) the domain + // instance is connected to. Networks can be added using UpdateDomain. + // The domain is only available on networks listed in `authorized_networks`. + // If CIDR subnets overlap between networks, domain creation will fail. + repeated string authorized_networks = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Required. The CIDR range of internal addresses that are reserved for this + // domain. Reserved networks must be /24 or larger. Ranges must be + // unique and non-overlapping with existing subnets in + // [Domain].[authorized_networks]. + string reserved_ip_range = 4 [(google.api.field_behavior) = REQUIRED]; + + // Required. Locations where domain needs to be provisioned. + // [regions][compute/docs/regions-zones/] + // e.g. us-west1 or us-east4 + // Service supports up to 4 locations at once. Each location will use a /26 + // block. + repeated string locations = 5 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The name of delegated administrator account used to perform + // Active Directory operations. If not specified, `setupadmin` will be used. + string admin = 6 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. The fully-qualified domain name of the exposed domain used by + // clients to connect to the service. Similar to what would be chosen for an + // Active Directory set up on an internal network. + string fqdn = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time the instance was created. + google.protobuf.Timestamp create_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The last update time. + google.protobuf.Timestamp update_time = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of this domain. + State state = 13 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Additional information about the current status of this + // domain, if available. + string status_message = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current trusts associated with the domain. + repeated Trust trusts = 15 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// Represents a relationship between two domains. This allows a controller in +// one domain to authenticate a user in another domain. +message Trust { + // Represents the different states of a domain trust. + enum State { + // Not set. + STATE_UNSPECIFIED = 0; + + // The domain trust is being created. + CREATING = 1; + + // The domain trust is being updated. + UPDATING = 2; + + // The domain trust is being deleted. + DELETING = 3; + + // The domain trust is connected. + CONNECTED = 4; + + // The domain trust is disconnected. + DISCONNECTED = 5; + } + + // Represents the different inter-forest trust types. + enum TrustType { + // Not set. + TRUST_TYPE_UNSPECIFIED = 0; + + // The forest trust. + FOREST = 1; + + // The external domain trust. + EXTERNAL = 2; + } + + // Represents the direction of trust. + // See + // [System.DirectoryServices.ActiveDirectory.TrustDirection](https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.trustdirection?view=netframework-4.7.2) + // for more information. + enum TrustDirection { + // Not set. + TRUST_DIRECTION_UNSPECIFIED = 0; + + // The inbound direction represents the trusting side. + INBOUND = 1; + + // The outboud direction represents the trusted side. + OUTBOUND = 2; + + // The bidirectional direction represents the trusted / trusting side. + BIDIRECTIONAL = 3; + } + + // Required. The fully qualified target domain name which will be in trust with the + // current domain. + string target_domain_name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The type of trust represented by the trust resource. + TrustType trust_type = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The trust direction, which decides if the current domain is trusted, + // trusting, or both. + TrustDirection trust_direction = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The trust authentication type, which decides whether the trusted side has + // forest/domain wide access or selective access to an approved set of + // resources. + bool selective_authentication = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Required. The target DNS server IP addresses which can resolve the remote domain + // involved in the trust. + repeated string target_dns_ip_addresses = 5 [(google.api.field_behavior) = REQUIRED]; + + // Required. The trust secret used for the handshake with the target domain. This will + // not be stored. + string trust_handshake_secret = 6 [(google.api.field_behavior) = REQUIRED]; + + // Output only. The time the instance was created. + google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The last update time. + google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of the trust. + State state = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Additional information about the current state of the trust, if available. + string state_description = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The last heartbeat time when the trust was known to be connected. + google.protobuf.Timestamp last_trust_heartbeat_time = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; +}