// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.sql.v1beta4; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/cloud/sql/v1beta4/cloud_sql_resources.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; option go_package = "google.golang.org/genproto/googleapis/cloud/sql/v1beta4;sql"; option java_multiple_files = true; option java_outer_classname = "CloudSqlUsersProto"; option java_package = "com.google.cloud.sql.v1beta4"; // NOTE: No sensitive PII logging is allowed. If you are adding a field/enum // value that is sensitive PII, please add corresponding datapol annotation to // it. For more information, please see // https://g3doc.corp.google.com/storage/speckle/g3doc/purple_team/data_pol_annotations.md?cl=head service SqlUsersService { option (google.api.default_host) = "sqladmin.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform," "https://www.googleapis.com/auth/sqlservice.admin"; // Deletes a user from a Cloud SQL instance. rpc Delete(SqlUsersDeleteRequest) returns (Operation) { option (google.api.http) = { delete: "/sql/v1beta4/projects/{project}/instances/{instance}/users" }; } // Creates a new user in a Cloud SQL instance. rpc Insert(SqlUsersInsertRequest) returns (Operation) { option (google.api.http) = { post: "/sql/v1beta4/projects/{project}/instances/{instance}/users" body: "body" }; } // Lists users in the specified Cloud SQL instance. rpc List(SqlUsersListRequest) returns (UsersListResponse) { option (google.api.http) = { get: "/sql/v1beta4/projects/{project}/instances/{instance}/users" }; } // Updates an existing user in a Cloud SQL instance. rpc Update(SqlUsersUpdateRequest) returns (Operation) { option (google.api.http) = { put: "/sql/v1beta4/projects/{project}/instances/{instance}/users" body: "body" }; } } message SqlUsersDeleteRequest { // Host of the user in the instance. string host = 1; // Database instance ID. This does not include the project ID. string instance = 2; // Name of the user in the instance. string name = 3; // Project ID of the project that contains the instance. string project = 4; } message SqlUsersInsertRequest { // Database instance ID. This does not include the project ID. string instance = 1; // Project ID of the project that contains the instance. string project = 2; User body = 100; } message SqlUsersListRequest { // Database instance ID. This does not include the project ID. string instance = 1; // Project ID of the project that contains the instance. string project = 2; } message SqlUsersUpdateRequest { // Optional. Host of the user in the instance. string host = 1 [(google.api.field_behavior) = OPTIONAL]; // Database instance ID. This does not include the project ID. string instance = 2; // Name of the user in the instance. string name = 3; // Project ID of the project that contains the instance. string project = 4; User body = 100; } // User level password validation policy. message UserPasswordValidationPolicy { // Number of failed login attempts allowed before user get locked. int32 allowed_failed_attempts = 1; // Expiration duration after password is updated. google.protobuf.Duration password_expiration_duration = 2; // If true, failed login attempts check will be enabled. bool enable_failed_attempts_check = 3; // Output only. Read-only password status. PasswordStatus status = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; } // Read-only password status. message PasswordStatus { // If true, user does not have login privileges. bool locked = 1; // The expiration time of the current password. google.protobuf.Timestamp password_expiration_time = 2; } // A Cloud SQL user resource. message User { // The user type. enum SqlUserType { // The database's built-in user type. BUILT_IN = 0; // Cloud IAM user. CLOUD_IAM_USER = 1; // Cloud IAM service account. CLOUD_IAM_SERVICE_ACCOUNT = 2; } // This is always `sql#user`. string kind = 1; // The password for the user. string password = 2; // This field is deprecated and will be removed from a future version of the // API. string etag = 3; // The name of the user in the Cloud SQL instance. Can be omitted for // `update` because it is already specified in the URL. string name = 4; // Optional. The host from which the user can connect. For `insert` // operations, host defaults to an empty string. For `update` // operations, host is specified as part of the request URL. The host name // cannot be updated after insertion. For a MySQL instance, it's required; // for a PostgreSQL or SQL Server instance, it's optional. string host = 5 [(google.api.field_behavior) = OPTIONAL]; // The name of the Cloud SQL instance. This does not include the project ID. // Can be omitted for update because it is already specified on the // URL. string instance = 6; // The project ID of the project containing the Cloud SQL database. The Google // apps domain is prefixed if applicable. Can be omitted for // update because it is already specified on the URL. string project = 7; // The user type. It determines the method to authenticate the user during // login. The default is the database's built-in user type. SqlUserType type = 8; // User details for specific database type oneof user_details { SqlServerUserDetails sqlserver_user_details = 9; } // User level password validation policy. UserPasswordValidationPolicy password_policy = 12; } // Represents a Sql Server user on the Cloud SQL instance. message SqlServerUserDetails { // If the user has been disabled bool disabled = 1; // The server roles for this user repeated string server_roles = 2; } // User list response. message UsersListResponse { // This is always sql#usersList. string kind = 1; // List of user resources in the instance. repeated User items = 2; // An identifier that uniquely identifies the operation. You can use this // identifier to retrieve the Operations resource that has information about // the operation. string next_page_token = 3; }