// Copyright 2019 Google LLC. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // syntax = "proto3"; package google.cloud.managedidentities.v1; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/managedidentities/v1/resource.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/field_mask.proto"; import "google/protobuf/timestamp.proto"; option csharp_namespace = "Google.Cloud.ManagedIdentities.V1"; option go_package = "google.golang.org/genproto/googleapis/cloud/managedidentities/v1;managedidentities"; option java_multiple_files = true; option java_outer_classname = "ManagedIdentitiesServiceProto"; option java_package = "com.google.cloud.managedidentities.v1"; option objc_class_prefix = "GCMI"; option php_namespace = "Google\\Cloud\\ManagedIdentities\\V1"; option ruby_package = "Google::Cloud::ManagedIdentities::V1"; // API Overview // // The `managedidentites.googleapis.com` service implements the Google Cloud // Managed Identites API for identity services // (e.g. Microsoft Active Directory). // // The Managed Identities service provides methods to manage // (create/read/update/delete) domains, reset managed identities admin password, // add/remove domain controllers in GCP regions and add/remove VPC peering. // // Data Model // // The Managed Identities service exposes the following resources: // // * Locations as global, named as follows: // `projects/{project_id}/locations/global`. // // * Domains, named as follows: // `/projects/{project_id}/locations/global/domain/{domain_name}`. // // The `{domain_name}` refers to fully qualified domain name in the customer // project e.g. mydomain.myorganization.com, with the following restrictions: // // * Must contain only lowercase letters, numbers, periods and hyphens. // * Must start with a letter. // * Must contain between 2-64 characters. // * Must end with a number or a letter. // * Must not start with period. // * First segement length (mydomain form example above) shouldn't exceed // 15 chars. // * The last segment cannot be fully numeric. // * Must be unique within the customer project. service ManagedIdentitiesService { option (google.api.default_host) = "managedidentities.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Creates a Microsoft AD domain. rpc CreateMicrosoftAdDomain(CreateMicrosoftAdDomainRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{parent=projects/*/locations/global}/domains" body: "domain" }; option (google.api.method_signature) = "parent,domain_name,domain"; option (google.longrunning.operation_info) = { response_type: "Domain" metadata_type: "OpMetadata" }; } // Resets a domain's administrator password. rpc ResetAdminPassword(ResetAdminPasswordRequest) returns (ResetAdminPasswordResponse) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/global/domains/*}:resetAdminPassword" body: "*" }; option (google.api.method_signature) = "name"; } // Lists domains in a project. rpc ListDomains(ListDomainsRequest) returns (ListDomainsResponse) { option (google.api.http) = { get: "/v1/{parent=projects/*/locations/global}/domains" }; option (google.api.method_signature) = "parent"; } // Gets information about a domain. rpc GetDomain(GetDomainRequest) returns (Domain) { option (google.api.http) = { get: "/v1/{name=projects/*/locations/global/domains/*}" }; option (google.api.method_signature) = "name"; } // Updates the metadata and configuration of a domain. rpc UpdateDomain(UpdateDomainRequest) returns (google.longrunning.Operation) { option (google.api.http) = { patch: "/v1/{domain.name=projects/*/locations/global/domains/*}" body: "domain" }; option (google.api.method_signature) = "domain,update_mask"; option (google.longrunning.operation_info) = { response_type: "Domain" metadata_type: "OpMetadata" }; } // Deletes a domain. rpc DeleteDomain(DeleteDomainRequest) returns (google.longrunning.Operation) { option (google.api.http) = { delete: "/v1/{name=projects/*/locations/global/domains/*}" }; option (google.api.method_signature) = "name"; option (google.longrunning.operation_info) = { response_type: "google.protobuf.Empty" metadata_type: "OpMetadata" }; } // Adds an AD trust to a domain. rpc AttachTrust(AttachTrustRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/global/domains/*}:attachTrust" body: "*" }; option (google.api.method_signature) = "name,trust"; option (google.longrunning.operation_info) = { response_type: "Domain" metadata_type: "OpMetadata" }; } // Updates the DNS conditional forwarder. rpc ReconfigureTrust(ReconfigureTrustRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/global/domains/*}:reconfigureTrust" body: "*" }; option (google.api.method_signature) = "name,target_domain_name,target_dns_ip_addresses"; option (google.longrunning.operation_info) = { response_type: "Domain" metadata_type: "OpMetadata" }; } // Removes an AD trust. rpc DetachTrust(DetachTrustRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/global/domains/*}:detachTrust" body: "*" }; option (google.api.method_signature) = "name,trust"; option (google.longrunning.operation_info) = { response_type: "Domain" metadata_type: "OpMetadata" }; } // Validates a trust state, that the target domain is reachable, and that the // target domain is able to accept incoming trust requests. rpc ValidateTrust(ValidateTrustRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{name=projects/*/locations/global/domains/*}:validateTrust" body: "*" }; option (google.api.method_signature) = "name,trust"; option (google.longrunning.operation_info) = { response_type: "Domain" metadata_type: "OpMetadata" }; } } // Represents the metadata of the long-running operation. message OpMetadata { // Output only. The time the operation was created. google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The time the operation finished running. google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Server-defined resource path for the target of the operation. string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Name of the verb executed by the operation. string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Identifies whether the user has requested cancellation // of the operation. Operations that have successfully been cancelled // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1, // corresponding to `Code.CANCELLED`. bool requested_cancellation = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. API version used to start the operation. string api_version = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; } // Request message for // [CreateMicrosoftAdDomain][google.cloud.managedidentities.v1.CreateMicrosoftAdDomain] message CreateMicrosoftAdDomainRequest { // Required. The resource project name and location using the form: // `projects/{project_id}/locations/global` string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { child_type: "managedidentities.googleapis.com/Domain" } ]; // Required. The fully qualified domain name. // e.g. mydomain.myorganization.com, with the following restrictions: // // * Must contain only lowercase letters, numbers, periods and hyphens. // * Must start with a letter. // * Must contain between 2-64 characters. // * Must end with a number or a letter. // * Must not start with period. // * First segement length (mydomain form example above) shouldn't exceed // 15 chars. // * The last segment cannot be fully numeric. // * Must be unique within the customer project. string domain_name = 2 [(google.api.field_behavior) = REQUIRED]; // Required. A Managed Identity domain resource. Domain domain = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for // [ResetAdminPassword][google.cloud.managedidentities.v1.ResetAdminPassword] message ResetAdminPasswordRequest { // Required. The domain resource name using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; } // Response message for // [ResetAdminPassword][google.cloud.managedidentities.v1.ResetAdminPassword] message ResetAdminPasswordResponse { // A random password. See [admin][google.cloud.managedidentities.v1.Domain.admin] for more information. string password = 1; } // Request message for // [ListDomains][google.cloud.managedidentities.v1.ListDomains] message ListDomainsRequest { // Required. The resource name of the domain location using the form: // `projects/{project_id}/locations/global` string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { child_type: "managedidentities.googleapis.com/Domain" } ]; // Optional. The maximum number of items to return. // If not specified, a default value of 1000 will be used. // Regardless of the page_size value, the response may include a partial list. // Callers should rely on a response's // [next_page_token][google.cloud.managedidentities.v1.ListDomainsResponse.next_page_token] // to determine if there are additional results to list. int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. The `next_page_token` value returned from a previous ListDomainsRequest // request, if any. string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; // Optional. A filter specifying constraints of a list operation. // For example, `Domain.fqdn="mydomain.myorginization"`. string filter = 4 [(google.api.field_behavior) = OPTIONAL]; // Optional. Specifies the ordering of results. See // [Sorting // order](https://cloud.google.com/apis/design/design_patterns#sorting_order) // for more information. string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; } // Response message for // [ListDomains][google.cloud.managedidentities.v1.ListDomains] message ListDomainsResponse { // A list of Managed Identities Service domains in the project. repeated Domain domains = 1; // A token to retrieve the next page of results, or empty if there are no more // results in the list. string next_page_token = 2; // A list of locations that could not be reached. repeated string unreachable = 3; } // Request message for [GetDomain][google.cloud.managedidentities.v1.GetDomain] message GetDomainRequest { // Required. The domain resource name using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; } // Request message for // [UpdateDomain][google.cloud.managedidentities.v1.UpdateDomain] message UpdateDomainRequest { // Required. Mask of fields to update. At least one path must be supplied in this // field. The elements of the repeated paths field may only include // fields from [Domain][google.cloud.managedidentities.v1.Domain]: // * `labels` // * `locations` // * `authorized_networks` google.protobuf.FieldMask update_mask = 1 [(google.api.field_behavior) = REQUIRED]; // Required. Domain message with updated fields. Only supported fields specified in // update_mask are updated. Domain domain = 2 [(google.api.field_behavior) = REQUIRED]; } // Request message for // [DeleteDomain][google.cloud.managedidentities.v1.DeleteDomain] message DeleteDomainRequest { // Required. The domain resource name using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; } // Request message for // [AttachTrust][google.cloud.managedidentities.v1.AttachTrust] message AttachTrustRequest { // Required. The resource domain name, project name and location using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; // Required. The domain trust resource. Trust trust = 2 [(google.api.field_behavior) = REQUIRED]; } // Request message for // [ReconfigureTrust][google.cloud.managedidentities.v1.ReconfigureTrust] message ReconfigureTrustRequest { // Required. The resource domain name, project name and location using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; // Required. The fully-qualified target domain name which will be in trust with current // domain. string target_domain_name = 2 [(google.api.field_behavior) = REQUIRED]; // Required. The target DNS server IP addresses to resolve the remote domain involved // in the trust. repeated string target_dns_ip_addresses = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for // [DetachTrust][google.cloud.managedidentities.v1.DetachTrust] message DetachTrustRequest { // Required. The resource domain name, project name, and location using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; // Required. The domain trust resource to removed. Trust trust = 2 [(google.api.field_behavior) = REQUIRED]; } // Request message for // [ValidateTrust][google.cloud.managedidentities.v1.ValidateTrust] message ValidateTrustRequest { // Required. The resource domain name, project name, and location using the form: // `projects/{project_id}/locations/global/domains/{domain_name}` string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "managedidentities.googleapis.com/Domain" } ]; // Required. The domain trust to validate trust state for. Trust trust = 2 [(google.api.field_behavior) = REQUIRED]; }