// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.shell.v1; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/timestamp.proto"; option go_package = "cloud.google.com/go/shell/apiv1/shellpb;shellpb"; option java_multiple_files = true; option java_outer_classname = "CloudShellProto"; option java_package = "com.google.cloud.shell.v1"; // API for interacting with Google Cloud Shell. Each user of Cloud Shell has at // least one environment, which has the ID "default". Environment consists of a // Docker image defining what is installed on the environment and a home // directory containing the user's data that will remain across sessions. // Clients use this API to start and fetch information about their environment, // which can then be used to connect to that environment via a separate SSH // client. service CloudShellService { option (google.api.default_host) = "cloudshell.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Gets an environment. Returns NOT_FOUND if the environment does not exist. rpc GetEnvironment(GetEnvironmentRequest) returns (Environment) { option (google.api.http) = { get: "/v1/{name=users/*/environments/*}" }; option (google.api.method_signature) = "name"; } // Starts an existing environment, allowing clients to connect to it. The // returned operation will contain an instance of StartEnvironmentMetadata in // its metadata field. Users can wait for the environment to start by polling // this operation via GetOperation. Once the environment has finished starting // and is ready to accept connections, the operation will contain a // StartEnvironmentResponse in its response field. rpc StartEnvironment(StartEnvironmentRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{name=users/*/environments/*}:start" body: "*" }; option (google.longrunning.operation_info) = { response_type: "StartEnvironmentResponse" metadata_type: "StartEnvironmentMetadata" }; } // Sends OAuth credentials to a running environment on behalf of a user. When // this completes, the environment will be authorized to run various Google // Cloud command line tools without requiring the user to manually // authenticate. rpc AuthorizeEnvironment(AuthorizeEnvironmentRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{name=users/*/environments/*}:authorize" body: "*" }; option (google.longrunning.operation_info) = { response_type: "AuthorizeEnvironmentResponse" metadata_type: "AuthorizeEnvironmentMetadata" }; } // Adds a public SSH key to an environment, allowing clients with the // corresponding private key to connect to that environment via SSH. If a key // with the same content already exists, this will error with ALREADY_EXISTS. rpc AddPublicKey(AddPublicKeyRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{environment=users/*/environments/*}:addPublicKey" body: "*" }; option (google.longrunning.operation_info) = { response_type: "AddPublicKeyResponse" metadata_type: "AddPublicKeyMetadata" }; } // Removes a public SSH key from an environment. Clients will no longer be // able to connect to the environment using the corresponding private key. // If a key with the same content is not present, this will error with // NOT_FOUND. rpc RemovePublicKey(RemovePublicKeyRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{environment=users/*/environments/*}:removePublicKey" body: "*" }; option (google.longrunning.operation_info) = { response_type: "RemovePublicKeyResponse" metadata_type: "RemovePublicKeyMetadata" }; } } // A Cloud Shell environment, which is defined as the combination of a Docker // image specifying what is installed on the environment and a home directory // containing the user's data that will remain across sessions. Each user has // at least an environment with the ID "default". message Environment { option (google.api.resource) = { type: "cloudshell.googleapis.com/Environment" pattern: "users/{user}/environments/{environment}" }; // Possible execution states for an environment. enum State { // The environment's states is unknown. STATE_UNSPECIFIED = 0; // The environment is not running and can't be connected to. Starting the // environment will transition it to the PENDING state. SUSPENDED = 1; // The environment is being started but is not yet ready to accept // connections. PENDING = 2; // The environment is running and ready to accept connections. It will // automatically transition back to DISABLED after a period of inactivity or // if another environment is started. RUNNING = 3; // The environment is being deleted and can't be connected to. DELETING = 4; } // Immutable. Full name of this resource, in the format // `users/{owner_email}/environments/{environment_id}`. `{owner_email}` is the // email address of the user to whom this environment belongs, and // `{environment_id}` is the identifier of this environment. For example, // `users/someone@example.com/environments/default`. string name = 1 [(google.api.field_behavior) = IMMUTABLE]; // Output only. The environment's identifier, unique among the user's // environments. string id = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; // Required. Immutable. Full path to the Docker image used to run this environment, e.g. // "gcr.io/dev-con/cloud-devshell:latest". string docker_image = 3 [ (google.api.field_behavior) = REQUIRED, (google.api.field_behavior) = IMMUTABLE ]; // Output only. Current execution state of this environment. State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Host to which clients can connect to initiate HTTPS or WSS // connections with the environment. string web_host = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Username that clients should use when initiating SSH sessions // with the environment. string ssh_username = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Host to which clients can connect to initiate SSH sessions // with the environment. string ssh_host = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Port to which clients can connect to initiate SSH sessions // with the environment. int32 ssh_port = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Public keys associated with the environment. Clients can // connect to this environment via SSH only if they possess a private key // corresponding to at least one of these public keys. Keys can be added to or // removed from the environment using the AddPublicKey and RemovePublicKey // methods. repeated string public_keys = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; } // Request message for // [GetEnvironment][google.cloud.shell.v1.CloudShellService.GetEnvironment]. message GetEnvironmentRequest { // Required. Name of the requested resource, for example `users/me/environments/default` // or `users/someone@example.com/environments/default`. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "cloudshell.googleapis.com/Environment" } ]; } // Message included in the metadata field of operations returned from // [CreateEnvironment][google.cloud.shell.v1.CloudShellService.CreateEnvironment]. message CreateEnvironmentMetadata { } // Message included in the metadata field of operations returned from // [DeleteEnvironment][google.cloud.shell.v1.CloudShellService.DeleteEnvironment]. message DeleteEnvironmentMetadata { } // Request message for // [StartEnvironment][google.cloud.shell.v1.CloudShellService.StartEnvironment]. message StartEnvironmentRequest { // Name of the resource that should be started, for example // `users/me/environments/default` or // `users/someone@example.com/environments/default`. string name = 1; // The initial access token passed to the environment. If this is present and // valid, the environment will be pre-authenticated with gcloud so that the // user can run gcloud commands in Cloud Shell without having to log in. This // code can be updated later by calling AuthorizeEnvironment. string access_token = 2; // Public keys that should be added to the environment before it is started. repeated string public_keys = 3; } // Request message for // [AuthorizeEnvironment][google.cloud.shell.v1.CloudShellService.AuthorizeEnvironment]. message AuthorizeEnvironmentRequest { // Name of the resource that should receive the credentials, for example // `users/me/environments/default` or // `users/someone@example.com/environments/default`. string name = 1; // The OAuth access token that should be sent to the environment. string access_token = 2; // The OAuth ID token that should be sent to the environment. string id_token = 4; // The time when the credentials expire. If not set, defaults to one hour from // when the server received the request. google.protobuf.Timestamp expire_time = 3; } // Response message for // [AuthorizeEnvironment][google.cloud.shell.v1.CloudShellService.AuthorizeEnvironment]. message AuthorizeEnvironmentResponse { } // Message included in the metadata field of operations returned from // [AuthorizeEnvironment][google.cloud.shell.v1.CloudShellService.AuthorizeEnvironment]. message AuthorizeEnvironmentMetadata { } // Message included in the metadata field of operations returned from // [StartEnvironment][google.cloud.shell.v1.CloudShellService.StartEnvironment]. message StartEnvironmentMetadata { // Possible states an environment might transition between during startup. // These states are not normally actionable by clients, but may be used to // show a progress message to the user. An environment won't necessarily go // through all of these states when starting. More states are likely to be // added in the future. enum State { // The environment's start state is unknown. STATE_UNSPECIFIED = 0; // The environment is in the process of being started, but no additional // details are available. STARTING = 1; // Startup is waiting for the user's disk to be unarchived. This can happen // when the user returns to Cloud Shell after not having used it for a // while, and suggests that startup will take longer than normal. UNARCHIVING_DISK = 2; // Startup is waiting for compute resources to be assigned to the // environment. This should normally happen very quickly, but an environment // might stay in this state for an extended period of time if the system is // experiencing heavy load. AWAITING_COMPUTE_RESOURCES = 4; // Startup has completed. If the start operation was successful, the user // should be able to establish an SSH connection to their environment. // Otherwise, the operation will contain details of the failure. FINISHED = 3; } // Current state of the environment being started. State state = 1; } // Message included in the response field of operations returned from // [StartEnvironment][google.cloud.shell.v1.CloudShellService.StartEnvironment] // once the operation is complete. message StartEnvironmentResponse { // Environment that was started. Environment environment = 1; } // Request message for // [AddPublicKey][google.cloud.shell.v1.CloudShellService.AddPublicKey]. message AddPublicKeyRequest { // Environment this key should be added to, e.g. // `users/me/environments/default`. string environment = 1; // Key that should be added to the environment. Supported formats are // `ssh-dss` (see RFC4253), `ssh-rsa` (see RFC4253), `ecdsa-sha2-nistp256` // (see RFC5656), `ecdsa-sha2-nistp384` (see RFC5656) and // `ecdsa-sha2-nistp521` (see RFC5656). It should be structured as // <format> <content>, where <content> part is encoded with // Base64. string key = 2; } // Response message for // [AddPublicKey][google.cloud.shell.v1.CloudShellService.AddPublicKey]. message AddPublicKeyResponse { // Key that was added to the environment. string key = 1; } // Message included in the metadata field of operations returned from // [AddPublicKey][google.cloud.shell.v1.CloudShellService.AddPublicKey]. message AddPublicKeyMetadata { } // Request message for // [RemovePublicKey][google.cloud.shell.v1.CloudShellService.RemovePublicKey]. message RemovePublicKeyRequest { // Environment this key should be removed from, e.g. // `users/me/environments/default`. string environment = 1; // Key that should be removed from the environment. string key = 2; } // Response message for // [RemovePublicKey][google.cloud.shell.v1.CloudShellService.RemovePublicKey]. message RemovePublicKeyResponse { } // Message included in the metadata field of operations returned from // [RemovePublicKey][google.cloud.shell.v1.CloudShellService.RemovePublicKey]. message RemovePublicKeyMetadata { } // Cloud-shell specific information that will be included as details in failure // responses. message CloudShellErrorDetails { // Set of possible errors returned from API calls. enum CloudShellErrorCode { // An unknown error occurred. CLOUD_SHELL_ERROR_CODE_UNSPECIFIED = 0; // The image used by the Cloud Shell environment either does not exist or // the user does not have access to it. IMAGE_UNAVAILABLE = 1; // Cloud Shell has been disabled by an administrator for the user making the // request. CLOUD_SHELL_DISABLED = 2; // Cloud Shell has been permanently disabled due to a Terms of Service // violation by the user. TOS_VIOLATION = 4; // The user has exhausted their weekly Cloud Shell quota, and Cloud Shell // will be disabled until the quota resets. QUOTA_EXCEEDED = 5; // The Cloud Shell environment is unavailable and cannot be connected to at // the moment. ENVIRONMENT_UNAVAILABLE = 6; } // Code indicating the specific error the occurred. CloudShellErrorCode code = 1; }