• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.oslogin.v1;
18
19import "google/api/annotations.proto";
20import "google/api/client.proto";
21import "google/api/field_behavior.proto";
22import "google/api/resource.proto";
23import "google/cloud/oslogin/common/common.proto";
24import "google/protobuf/empty.proto";
25import "google/protobuf/field_mask.proto";
26
27option csharp_namespace = "Google.Cloud.OsLogin.V1";
28option go_package = "cloud.google.com/go/oslogin/apiv1/osloginpb;osloginpb";
29option java_multiple_files = true;
30option java_outer_classname = "OsLoginProto";
31option java_package = "com.google.cloud.oslogin.v1";
32option php_namespace = "Google\\Cloud\\OsLogin\\V1";
33option ruby_package = "Google::Cloud::OsLogin::V1";
34
35// Cloud OS Login API
36//
37// The Cloud OS Login API allows you to manage users and their associated SSH
38// public keys for logging into virtual machines on Google Cloud Platform.
39service OsLoginService {
40  option (google.api.default_host) = "oslogin.googleapis.com";
41  option (google.api.oauth_scopes) =
42      "https://www.googleapis.com/auth/cloud-platform,"
43      "https://www.googleapis.com/auth/cloud-platform.read-only,"
44      "https://www.googleapis.com/auth/compute,"
45      "https://www.googleapis.com/auth/compute.readonly";
46
47  // Create an SSH public key
48  rpc CreateSshPublicKey(CreateSshPublicKeyRequest)
49      returns (google.cloud.oslogin.common.SshPublicKey) {
50    option (google.api.http) = {
51      post: "/v1/{parent=users/*}/sshPublicKeys"
52      body: "ssh_public_key"
53    };
54    option (google.api.method_signature) = "parent,ssh_public_key";
55  }
56
57  // Deletes a POSIX account.
58  rpc DeletePosixAccount(DeletePosixAccountRequest)
59      returns (google.protobuf.Empty) {
60    option (google.api.http) = {
61      delete: "/v1/{name=users/*/projects/*}"
62    };
63    option (google.api.method_signature) = "name";
64  }
65
66  // Deletes an SSH public key.
67  rpc DeleteSshPublicKey(DeleteSshPublicKeyRequest)
68      returns (google.protobuf.Empty) {
69    option (google.api.http) = {
70      delete: "/v1/{name=users/*/sshPublicKeys/*}"
71    };
72    option (google.api.method_signature) = "name";
73  }
74
75  // Retrieves the profile information used for logging in to a virtual machine
76  // on Google Compute Engine.
77  rpc GetLoginProfile(GetLoginProfileRequest) returns (LoginProfile) {
78    option (google.api.http) = {
79      get: "/v1/{name=users/*}/loginProfile"
80    };
81    option (google.api.method_signature) = "name";
82  }
83
84  // Retrieves an SSH public key.
85  rpc GetSshPublicKey(GetSshPublicKeyRequest)
86      returns (google.cloud.oslogin.common.SshPublicKey) {
87    option (google.api.http) = {
88      get: "/v1/{name=users/*/sshPublicKeys/*}"
89    };
90    option (google.api.method_signature) = "name";
91  }
92
93  // Adds an SSH public key and returns the profile information. Default POSIX
94  // account information is set when no username and UID exist as part of the
95  // login profile.
96  rpc ImportSshPublicKey(ImportSshPublicKeyRequest)
97      returns (ImportSshPublicKeyResponse) {
98    option (google.api.http) = {
99      post: "/v1/{parent=users/*}:importSshPublicKey"
100      body: "ssh_public_key"
101    };
102    option (google.api.method_signature) = "parent,ssh_public_key";
103    option (google.api.method_signature) = "parent,ssh_public_key,project_id";
104  }
105
106  // Updates an SSH public key and returns the profile information. This method
107  // supports patch semantics.
108  rpc UpdateSshPublicKey(UpdateSshPublicKeyRequest)
109      returns (google.cloud.oslogin.common.SshPublicKey) {
110    option (google.api.http) = {
111      patch: "/v1/{name=users/*/sshPublicKeys/*}"
112      body: "ssh_public_key"
113    };
114    option (google.api.method_signature) = "name,ssh_public_key";
115    option (google.api.method_signature) = "name,ssh_public_key,update_mask";
116  }
117}
118
119// The user profile information used for logging in to a virtual machine on
120// Google Compute Engine.
121message LoginProfile {
122  // Required. A unique user ID.
123  string name = 1 [(google.api.field_behavior) = REQUIRED];
124
125  // The list of POSIX accounts associated with the user.
126  repeated google.cloud.oslogin.common.PosixAccount posix_accounts = 2;
127
128  // A map from SSH public key fingerprint to the associated key object.
129  map<string, google.cloud.oslogin.common.SshPublicKey> ssh_public_keys = 3;
130}
131
132// A request message for creating an SSH public key.
133message CreateSshPublicKeyRequest {
134  // Required. The unique ID for the user in format `users/{user}`.
135  string parent = 1 [
136    (google.api.field_behavior) = REQUIRED,
137    (google.api.resource_reference) = {
138      child_type: "oslogin.googleapis.com/SshPublicKey"
139    }
140  ];
141
142  // Required. The SSH public key and expiration time.
143  google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2
144      [(google.api.field_behavior) = REQUIRED];
145}
146
147// A request message for deleting a POSIX account entry.
148message DeletePosixAccountRequest {
149  // Required. A reference to the POSIX account to update. POSIX accounts are
150  // identified by the project ID they are associated with. A reference to the
151  // POSIX account is in format `users/{user}/projects/{project}`.
152  string name = 1 [
153    (google.api.field_behavior) = REQUIRED,
154    (google.api.resource_reference) = {
155      type: "oslogin.googleapis.com/PosixAccount"
156    }
157  ];
158}
159
160// A request message for deleting an SSH public key.
161message DeleteSshPublicKeyRequest {
162  // Required. The fingerprint of the public key to update. Public keys are
163  // identified by their SHA-256 fingerprint. The fingerprint of the public key
164  // is in format `users/{user}/sshPublicKeys/{fingerprint}`.
165  string name = 1 [
166    (google.api.field_behavior) = REQUIRED,
167    (google.api.resource_reference) = {
168      type: "oslogin.googleapis.com/SshPublicKey"
169    }
170  ];
171}
172
173// A request message for retrieving the login profile information for a user.
174message GetLoginProfileRequest {
175  // Required. The unique ID for the user in format `users/{user}`.
176  string name = 1 [
177    (google.api.field_behavior) = REQUIRED,
178    (google.api.resource_reference) = {
179      child_type: "oslogin.googleapis.com/PosixAccount"
180    }
181  ];
182
183  // The project ID of the Google Cloud Platform project.
184  string project_id = 2;
185
186  // A system ID for filtering the results of the request.
187  string system_id = 3;
188}
189
190// A request message for retrieving an SSH public key.
191message GetSshPublicKeyRequest {
192  // Required. The fingerprint of the public key to retrieve. Public keys are
193  // identified by their SHA-256 fingerprint. The fingerprint of the public key
194  // is in format `users/{user}/sshPublicKeys/{fingerprint}`.
195  string name = 1 [
196    (google.api.field_behavior) = REQUIRED,
197    (google.api.resource_reference) = {
198      type: "oslogin.googleapis.com/SshPublicKey"
199    }
200  ];
201}
202
203// A request message for importing an SSH public key.
204message ImportSshPublicKeyRequest {
205  // Required. The unique ID for the user in format `users/{user}`.
206  string parent = 1 [
207    (google.api.field_behavior) = REQUIRED,
208    (google.api.resource_reference) = {
209      child_type: "oslogin.googleapis.com/SshPublicKey"
210    }
211  ];
212
213  // Optional. The SSH public key and expiration time.
214  google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2
215      [(google.api.field_behavior) = OPTIONAL];
216
217  // The project ID of the Google Cloud Platform project.
218  string project_id = 3;
219
220  // Optional. The regions to which to assert that the key was written.
221  // If unspecified, defaults to all regions.
222  // Regions are listed at https://cloud.google.com/about/locations#region.
223  repeated string regions = 5 [(google.api.field_behavior) = OPTIONAL];
224}
225
226// A response message for importing an SSH public key.
227message ImportSshPublicKeyResponse {
228  // The login profile information for the user.
229  LoginProfile login_profile = 1;
230
231  // Detailed information about import results.
232  string details = 2;
233}
234
235// A request message for updating an SSH public key.
236message UpdateSshPublicKeyRequest {
237  // Required. The fingerprint of the public key to update. Public keys are
238  // identified by their SHA-256 fingerprint. The fingerprint of the public key
239  // is in format `users/{user}/sshPublicKeys/{fingerprint}`.
240  string name = 1 [
241    (google.api.field_behavior) = REQUIRED,
242    (google.api.resource_reference) = {
243      type: "oslogin.googleapis.com/SshPublicKey"
244    }
245  ];
246
247  // Required. The SSH public key and expiration time.
248  google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2
249      [(google.api.field_behavior) = REQUIRED];
250
251  // Mask to control which fields get updated. Updates all if not present.
252  google.protobuf.FieldMask update_mask = 3;
253}
254