diff options
Diffstat (limited to 'third_party/googleapis/google/cloud/networksecurity/v1beta1')
9 files changed, 1485 insertions, 0 deletions
diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/BUILD.bazel b/third_party/googleapis/google/cloud/networksecurity/v1beta1/BUILD.bazel new file mode 100644 index 0000000..1de1993 --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/BUILD.bazel @@ -0,0 +1,404 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "networksecurity_proto", + srcs = [ + "authorization_policy.proto", + "client_tls_policy.proto", + "common.proto", + "network_security.proto", + "server_tls_policy.proto", + "tls.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/longrunning:operations_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "networksecurity_proto_with_info", + deps = [ + ":networksecurity_proto", + "//google/cloud:common_resources_proto", + "//google/cloud/location:location_proto", + "//google/iam/v1:iam_policy_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "networksecurity_java_proto", + deps = [":networksecurity_proto"], +) + +java_grpc_library( + name = "networksecurity_java_grpc", + srcs = [":networksecurity_proto"], + deps = [":networksecurity_java_proto"], +) + +java_gapic_library( + name = "networksecurity_java_gapic", + srcs = [":networksecurity_proto_with_info"], + gapic_yaml = None, + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + service_yaml = "networksecurity_v1beta1.yaml", + test_deps = [ + ":networksecurity_java_grpc", + "//google/cloud/location:location_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":networksecurity_java_proto", + "//google/api:api_java_proto", + "//google/cloud/location:location_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "networksecurity_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.networksecurity.v1beta1.NetworkSecurityClientHttpJsonTest", + "com.google.cloud.networksecurity.v1beta1.NetworkSecurityClientTest", + ], + runtime_deps = [":networksecurity_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-networksecurity-v1beta1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":networksecurity_java_gapic", + ":networksecurity_java_grpc", + ":networksecurity_java_proto", + ":networksecurity_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "networksecurity_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1", + protos = [":networksecurity_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/longrunning:longrunning_go_proto", + ], +) + +go_gapic_library( + name = "networksecurity_go_gapic", + srcs = [":networksecurity_proto_with_info"], + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + importpath = "cloud.google.com/go/networksecurity/apiv1beta1;networksecurity", + metadata = True, + service_yaml = "networksecurity_v1beta1.yaml", + transport = "grpc+rest", + deps = [ + ":networksecurity_go_proto", + "//google/cloud/location:location_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/longrunning:longrunning_go_proto", + "@com_google_cloud_go//longrunning:go_default_library", + "@com_google_cloud_go//longrunning/autogen:go_default_library", + ], +) + +go_test( + name = "networksecurity_go_gapic_test", + srcs = [":networksecurity_go_gapic_srcjar_test"], + embed = [":networksecurity_go_gapic"], + importpath = "cloud.google.com/go/networksecurity/apiv1beta1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-networksecurity-v1beta1-go", + deps = [ + ":networksecurity_go_gapic", + ":networksecurity_go_gapic_srcjar-metadata.srcjar", + ":networksecurity_go_gapic_srcjar-test.srcjar", + ":networksecurity_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "networksecurity_py_gapic", + srcs = [":networksecurity_proto"], + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + opt_args = [ + "warehouse-package-name=google-cloud-network-security", + "python-gapic-namespace=google.cloud", + "python-gapic-name=network_security", + ], + service_yaml = "networksecurity_v1beta1.yaml", + transport = "grpc+rest", + deps = [ + "//google/iam/v1:iam_policy_py_proto", + ], +) + +py_test( + name = "networksecurity_py_gapic_test", + srcs = [ + "networksecurity_py_gapic_pytest.py", + "networksecurity_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":networksecurity_py_gapic"], +) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "networksecurity-v1beta1-py", + deps = [ + ":networksecurity_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "networksecurity_php_proto", + deps = [":networksecurity_proto"], +) + +php_grpc_library( + name = "networksecurity_php_grpc", + srcs = [":networksecurity_proto"], + deps = [":networksecurity_php_proto"], +) + +php_gapic_library( + name = "networksecurity_php_gapic", + srcs = [":networksecurity_proto_with_info"], + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + service_yaml = "networksecurity_v1beta1.yaml", + deps = [ + ":networksecurity_php_grpc", + ":networksecurity_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-networksecurity-v1beta1-php", + deps = [ + ":networksecurity_php_gapic", + ":networksecurity_php_grpc", + ":networksecurity_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "networksecurity_nodejs_gapic", + package_name = "@google-cloud/network-security", + src = ":networksecurity_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + package = "google.cloud.networksecurity.v1beta1", + service_yaml = "networksecurity_v1beta1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "networksecurity-v1beta1-nodejs", + deps = [ + ":networksecurity_nodejs_gapic", + ":networksecurity_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "networksecurity_ruby_proto", + deps = [":networksecurity_proto"], +) + +ruby_grpc_library( + name = "networksecurity_ruby_grpc", + srcs = [":networksecurity_proto"], + deps = [":networksecurity_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "networksecurity_ruby_gapic", + srcs = [":networksecurity_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-api-id=networksecurity.googleapis.com", + "ruby-cloud-api-shortname=networksecurity", + "ruby-cloud-gem-name=google-cloud-network_security-v1beta1", + "ruby-cloud-product-url=https://cloud.google.com/traffic-director/docs/reference/network-security/rest/", + ], + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + ruby_cloud_description = "The client library for the Google Network Security V1beta1 API.", + ruby_cloud_title = "Network Security V1beta1", + service_yaml = "networksecurity_v1beta1.yaml", + deps = [ + ":networksecurity_ruby_grpc", + ":networksecurity_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-networksecurity-v1beta1-ruby", + deps = [ + ":networksecurity_ruby_gapic", + ":networksecurity_ruby_grpc", + ":networksecurity_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "networksecurity_csharp_proto", + deps = [":networksecurity_proto"], +) + +csharp_grpc_library( + name = "networksecurity_csharp_grpc", + srcs = [":networksecurity_proto"], + deps = [":networksecurity_csharp_proto"], +) + +csharp_gapic_library( + name = "networksecurity_csharp_gapic", + srcs = [":networksecurity_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "networksecurity_v1beta1_grpc_service_config.json", + service_yaml = "networksecurity_v1beta1.yaml", + deps = [ + ":networksecurity_csharp_grpc", + ":networksecurity_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-networksecurity-v1beta1-csharp", + deps = [ + ":networksecurity_csharp_gapic", + ":networksecurity_csharp_grpc", + ":networksecurity_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "networksecurity_cc_proto", + deps = [":networksecurity_proto"], +) + +cc_grpc_library( + name = "networksecurity_cc_grpc", + srcs = [":networksecurity_proto"], + grpc_only = True, + deps = [":networksecurity_cc_proto"], +) diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/authorization_policy.proto b/third_party/googleapis/google/cloud/networksecurity/v1beta1/authorization_policy.proto new file mode 100644 index 0000000..afae9ba --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/authorization_policy.proto @@ -0,0 +1,259 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.networksecurity.v1beta1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity"; +option java_multiple_files = true; +option java_outer_classname = "AuthorizationPolicyProto"; +option java_package = "com.google.cloud.networksecurity.v1beta1"; +option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; +option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; + +// AuthorizationPolicy is a resource that specifies how a server +// should authorize incoming connections. This resource in itself does +// not change the configuration unless it's attached to a target https +// proxy or endpoint config selector resource. +message AuthorizationPolicy { + option (google.api.resource) = { + type: "networksecurity.googleapis.com/AuthorizationPolicy" + pattern: "projects/{project}/locations/{location}/authorizationPolicies/{authorization_policy}" + }; + + // Specification of rules. + message Rule { + // Specification of traffic source attributes. + message Source { + // Optional. List of peer identities to match for authorization. At least + // one principal should match. Each peer can be an exact match, or a + // prefix match (example, "namespace/*") or a suffix match (example, + // "*/service-account") or a presence match "*". Authorization based on + // the principal name without certificate validation (configured by + // ServerTlsPolicy resource) is considered insecure. + repeated string principals = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. List of CIDR ranges to match based on source IP address. At + // least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR + // (e.g., "1.2.3.0/24") are supported. Authorization based on source IP + // alone should be avoided. The IP addresses of any load balancers or + // proxies should be considered untrusted. + repeated string ip_blocks = 2 [(google.api.field_behavior) = OPTIONAL]; + } + + // Specification of traffic destination attributes. + message Destination { + // Specification of HTTP header match attributes. + message HttpHeaderMatch { + oneof type { + // Required. The value of the header must match the regular expression + // specified in regexMatch. For regular expression grammar, + // please see: en.cppreference.com/w/cpp/regex/ecmascript + // For matching against a port specified in the HTTP + // request, use a headerMatch with headerName set to Host + // and a regular expression that satisfies the RFC2616 Host + // header's port specifier. + string regex_match = 2 [(google.api.field_behavior) = REQUIRED]; + } + + // Required. The name of the HTTP header to match. For matching + // against the HTTP request's authority, use a headerMatch + // with the header name ":authority". For matching a + // request's method, use the headerName ":method". + string header_name = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // Required. List of host names to match. Matched against the ":authority" + // header in http requests. At least one host should match. Each host can + // be an exact match, or a prefix match (example "mydomain.*") or a suffix + // match (example "*.myorg.com") or a presence (any) match "*". + repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. List of destination ports to match. At least one port should + // match. + repeated uint32 ports = 2 [(google.api.field_behavior) = REQUIRED]; + + // Optional. A list of HTTP methods to match. At least one method should + // match. Should not be set for gRPC services. + repeated string methods = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Match against key:value pair in http header. Provides a + // flexible match based on HTTP headers, for potentially advanced use + // cases. At least one header should match. Avoid using header matches to + // make authorization decisions unless there is a strong guarantee that + // requests arrive through a trusted client or proxy. + HttpHeaderMatch http_header_match = 5 + [(google.api.field_behavior) = OPTIONAL]; + } + + // Optional. List of attributes for the traffic source. All of the sources + // must match. A source is a match if both principals and ip_blocks match. + // If not set, the action specified in the 'action' field will be applied + // without any rule checks for the source. + repeated Source sources = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. List of attributes for the traffic destination. All of the + // destinations must match. A destination is a match if a request matches + // all the specified hosts, ports, methods and headers. If not set, the + // action specified in the 'action' field will be applied without any rule + // checks for the destination. + repeated Destination destinations = 2 + [(google.api.field_behavior) = OPTIONAL]; + } + + // Possible values that define what action to take. + enum Action { + // Default value. + ACTION_UNSPECIFIED = 0; + + // Grant access. + ALLOW = 1; + + // Deny access. + // Deny rules should be avoided unless they are used to provide a default + // "deny all" fallback. + DENY = 2; + } + + // Required. Name of the AuthorizationPolicy resource. It matches pattern + // `projects/{project}/locations/{location}/authorizationPolicies/<authorization_policy>`. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Free-text description of the resource. + string description = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. The timestamp when the resource was created. + google.protobuf.Timestamp create_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The timestamp when the resource was updated. + google.protobuf.Timestamp update_time = 4 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. Set of label tags associated with the AuthorizationPolicy + // resource. + map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Required. The action to take when a rule match is found. Possible values + // are "ALLOW" or "DENY". + Action action = 6 [(google.api.field_behavior) = REQUIRED]; + + // Optional. List of rules to match. Note that at least one of the rules must + // match in order for the action specified in the 'action' field to be taken. + // A rule is a match if there is a matching source and destination. If left + // blank, the action specified in the `action` field will be applied on every + // request. + repeated Rule rules = 7 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request used with the ListAuthorizationPolicies method. +message ListAuthorizationPoliciesRequest { + // Required. The project and location from which the AuthorizationPolicies + // should be listed, specified in the format + // `projects/{project}/locations/{location}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Maximum number of AuthorizationPolicies to return per call. + int32 page_size = 2; + + // The value returned by the last + // `ListAuthorizationPoliciesResponse` Indicates that this is a + // continuation of a prior `ListAuthorizationPolicies` call, and + // that the system should return the next page of data. + string page_token = 3; +} + +// Response returned by the ListAuthorizationPolicies method. +message ListAuthorizationPoliciesResponse { + // List of AuthorizationPolicies resources. + repeated AuthorizationPolicy authorization_policies = 1; + + // If there might be more results than those appearing in this response, then + // `next_page_token` is included. To get the next set of results, call this + // method again using the value of `next_page_token` as `page_token`. + string next_page_token = 2; +} + +// Request used by the GetAuthorizationPolicy method. +message GetAuthorizationPolicyRequest { + // Required. A name of the AuthorizationPolicy to get. Must be in the format + // `projects/{project}/locations/{location}/authorizationPolicies/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "networksecurity.googleapis.com/AuthorizationPolicy" + } + ]; +} + +// Request used by the CreateAuthorizationPolicy method. +message CreateAuthorizationPolicyRequest { + // Required. The parent resource of the AuthorizationPolicy. Must be in the + // format `projects/{project}/locations/{location}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "networksecurity.googleapis.com/AuthorizationPolicy" + } + ]; + + // Required. Short name of the AuthorizationPolicy resource to be created. + // This value should be 1-63 characters long, containing only + // letters, numbers, hyphens, and underscores, and should not start + // with a number. E.g. "authz_policy". + string authorization_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. AuthorizationPolicy resource to be created. + AuthorizationPolicy authorization_policy = 3 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request used by the UpdateAuthorizationPolicy method. +message UpdateAuthorizationPolicyRequest { + // Optional. Field mask is used to specify the fields to be overwritten in the + // AuthorizationPolicy resource by the update. + // The fields specified in the update_mask are relative to the resource, not + // the full request. A field will be overwritten if it is in the mask. If the + // user does not provide a mask then all fields will be overwritten. + google.protobuf.FieldMask update_mask = 1 + [(google.api.field_behavior) = OPTIONAL]; + + // Required. Updated AuthorizationPolicy resource. + AuthorizationPolicy authorization_policy = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request used by the DeleteAuthorizationPolicy method. +message DeleteAuthorizationPolicyRequest { + // Required. A name of the AuthorizationPolicy to delete. Must be in the + // format `projects/{project}/locations/{location}/authorizationPolicies/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "networksecurity.googleapis.com/AuthorizationPolicy" + } + ]; +} diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/client_tls_policy.proto b/third_party/googleapis/google/cloud/networksecurity/v1beta1/client_tls_policy.proto new file mode 100644 index 0000000..8f10ad7 --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/client_tls_policy.proto @@ -0,0 +1,169 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.networksecurity.v1beta1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/networksecurity/v1beta1/tls.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity"; +option java_multiple_files = true; +option java_outer_classname = "ClientTlsPolicyProto"; +option java_package = "com.google.cloud.networksecurity.v1beta1"; +option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; +option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; + +// ClientTlsPolicy is a resource that specifies how a client should authenticate +// connections to backends of a service. This resource itself does not affect +// configuration unless it is attached to a backend service resource. +message ClientTlsPolicy { + option (google.api.resource) = { + type: "networksecurity.googleapis.com/ClientTlsPolicy" + pattern: "projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}" + }; + + // Required. Name of the ClientTlsPolicy resource. It matches the pattern + // `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Free-text description of the resource. + string description = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Output only. The timestamp when the resource was created. + google.protobuf.Timestamp create_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The timestamp when the resource was updated. + google.protobuf.Timestamp update_time = 4 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Optional. Set of label tags associated with the resource. + map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Server Name Indication string to present to the server during TLS + // handshake. E.g: "secure.example.com". + string sni = 6 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Defines a mechanism to provision client identity (public and + // private keys) for peer to peer authentication. The presence of this + // dictates mTLS. + CertificateProvider client_certificate = 7 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Defines the mechanism to obtain the Certificate Authority + // certificate to validate the server certificate. If empty, client does not + // validate the server certificate. + repeated ValidationCA server_validation_ca = 8 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request used by the ListClientTlsPolicies method. +message ListClientTlsPoliciesRequest { + // Required. The project and location from which the ClientTlsPolicies should + // be listed, specified in the format `projects/*/locations/{location}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Maximum number of ClientTlsPolicies to return per call. + int32 page_size = 2; + + // The value returned by the last `ListClientTlsPoliciesResponse` + // Indicates that this is a continuation of a prior + // `ListClientTlsPolicies` call, and that the system + // should return the next page of data. + string page_token = 3; +} + +// Response returned by the ListClientTlsPolicies method. +message ListClientTlsPoliciesResponse { + // List of ClientTlsPolicy resources. + repeated ClientTlsPolicy client_tls_policies = 1; + + // If there might be more results than those appearing in this response, then + // `next_page_token` is included. To get the next set of results, call this + // method again using the value of `next_page_token` as `page_token`. + string next_page_token = 2; +} + +// Request used by the GetClientTlsPolicy method. +message GetClientTlsPolicyRequest { + // Required. A name of the ClientTlsPolicy to get. Must be in the format + // `projects/*/locations/{location}/clientTlsPolicies/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "networksecurity.googleapis.com/ClientTlsPolicy" + } + ]; +} + +// Request used by the CreateClientTlsPolicy method. +message CreateClientTlsPolicyRequest { + // Required. The parent resource of the ClientTlsPolicy. Must be in + // the format `projects/*/locations/{location}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "networksecurity.googleapis.com/ClientTlsPolicy" + } + ]; + + // Required. Short name of the ClientTlsPolicy resource to be created. This + // value should be 1-63 characters long, containing only letters, numbers, + // hyphens, and underscores, and should not start with a number. E.g. + // "client_mtls_policy". + string client_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. ClientTlsPolicy resource to be created. + ClientTlsPolicy client_tls_policy = 3 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request used by UpdateClientTlsPolicy method. +message UpdateClientTlsPolicyRequest { + // Optional. Field mask is used to specify the fields to be overwritten in the + // ClientTlsPolicy resource by the update. The fields + // specified in the update_mask are relative to the resource, not + // the full request. A field will be overwritten if it is in the + // mask. If the user does not provide a mask then all fields will be + // overwritten. + google.protobuf.FieldMask update_mask = 1 + [(google.api.field_behavior) = OPTIONAL]; + + // Required. Updated ClientTlsPolicy resource. + ClientTlsPolicy client_tls_policy = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request used by the DeleteClientTlsPolicy method. +message DeleteClientTlsPolicyRequest { + // Required. A name of the ClientTlsPolicy to delete. Must be in + // the format `projects/*/locations/{location}/clientTlsPolicies/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "networksecurity.googleapis.com/ClientTlsPolicy" + } + ]; +} diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/common.proto b/third_party/googleapis/google/cloud/networksecurity/v1beta1/common.proto new file mode 100644 index 0000000..7aa715d --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/common.proto @@ -0,0 +1,58 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.networksecurity.v1beta1; + +import "google/api/field_behavior.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity"; +option java_multiple_files = true; +option java_outer_classname = "CommonProto"; +option java_package = "com.google.cloud.networksecurity.v1beta1"; +option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; +option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; + +// Represents the metadata of the long-running operation. +message OperationMetadata { + // Output only. The time the operation was created. + google.protobuf.Timestamp create_time = 1 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time the operation finished running. + google.protobuf.Timestamp end_time = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Server-defined resource path for the target of the operation. + string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Name of the verb executed by the operation. + string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Human-readable status of the operation, if any. + string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Identifies whether the user has requested cancellation + // of the operation. Operations that have successfully been cancelled + // have [Operation.error][] value with a + // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to + // `Code.CANCELLED`. + bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. API version used to start the operation. + string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; +} diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/network_security.proto b/third_party/googleapis/google/cloud/networksecurity/v1beta1/network_security.proto new file mode 100644 index 0000000..bd1fc8c --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/network_security.proto @@ -0,0 +1,201 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.networksecurity.v1beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/cloud/networksecurity/v1beta1/authorization_policy.proto"; +import "google/cloud/networksecurity/v1beta1/client_tls_policy.proto"; +import "google/cloud/networksecurity/v1beta1/server_tls_policy.proto"; +import "google/longrunning/operations.proto"; + +option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity"; +option java_multiple_files = true; +option java_package = "com.google.cloud.networksecurity.v1beta1"; +option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; +option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; + +// Network Security API provides resources to configure authentication and +// authorization policies. Refer to per API resource documentation for more +// information. +service NetworkSecurity { + option (google.api.default_host) = "networksecurity.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Lists AuthorizationPolicies in a given project and location. + rpc ListAuthorizationPolicies(ListAuthorizationPoliciesRequest) returns (ListAuthorizationPoliciesResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*/locations/*}/authorizationPolicies" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets details of a single AuthorizationPolicy. + rpc GetAuthorizationPolicy(GetAuthorizationPolicyRequest) returns (AuthorizationPolicy) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/locations/*/authorizationPolicies/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Creates a new AuthorizationPolicy in a given project and location. + rpc CreateAuthorizationPolicy(CreateAuthorizationPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*/locations/*}/authorizationPolicies" + body: "authorization_policy" + }; + option (google.api.method_signature) = "parent,authorization_policy,authorization_policy_id"; + option (google.longrunning.operation_info) = { + response_type: "AuthorizationPolicy" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Updates the parameters of a single AuthorizationPolicy. + rpc UpdateAuthorizationPolicy(UpdateAuthorizationPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1beta1/{authorization_policy.name=projects/*/locations/*/authorizationPolicies/*}" + body: "authorization_policy" + }; + option (google.api.method_signature) = "authorization_policy,update_mask"; + option (google.longrunning.operation_info) = { + response_type: "AuthorizationPolicy" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Deletes a single AuthorizationPolicy. + rpc DeleteAuthorizationPolicy(DeleteAuthorizationPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1beta1/{name=projects/*/locations/*/authorizationPolicies/*}" + }; + option (google.api.method_signature) = "name"; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Lists ServerTlsPolicies in a given project and location. + rpc ListServerTlsPolicies(ListServerTlsPoliciesRequest) returns (ListServerTlsPoliciesResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*/locations/*}/serverTlsPolicies" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets details of a single ServerTlsPolicy. + rpc GetServerTlsPolicy(GetServerTlsPolicyRequest) returns (ServerTlsPolicy) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/locations/*/serverTlsPolicies/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Creates a new ServerTlsPolicy in a given project and location. + rpc CreateServerTlsPolicy(CreateServerTlsPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*/locations/*}/serverTlsPolicies" + body: "server_tls_policy" + }; + option (google.api.method_signature) = "parent,server_tls_policy,server_tls_policy_id"; + option (google.longrunning.operation_info) = { + response_type: "ServerTlsPolicy" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Updates the parameters of a single ServerTlsPolicy. + rpc UpdateServerTlsPolicy(UpdateServerTlsPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1beta1/{server_tls_policy.name=projects/*/locations/*/serverTlsPolicies/*}" + body: "server_tls_policy" + }; + option (google.api.method_signature) = "server_tls_policy,update_mask"; + option (google.longrunning.operation_info) = { + response_type: "ServerTlsPolicy" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Deletes a single ServerTlsPolicy. + rpc DeleteServerTlsPolicy(DeleteServerTlsPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1beta1/{name=projects/*/locations/*/serverTlsPolicies/*}" + }; + option (google.api.method_signature) = "name"; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Lists ClientTlsPolicies in a given project and location. + rpc ListClientTlsPolicies(ListClientTlsPoliciesRequest) returns (ListClientTlsPoliciesResponse) { + option (google.api.http) = { + get: "/v1beta1/{parent=projects/*/locations/*}/clientTlsPolicies" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets details of a single ClientTlsPolicy. + rpc GetClientTlsPolicy(GetClientTlsPolicyRequest) returns (ClientTlsPolicy) { + option (google.api.http) = { + get: "/v1beta1/{name=projects/*/locations/*/clientTlsPolicies/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Creates a new ClientTlsPolicy in a given project and location. + rpc CreateClientTlsPolicy(CreateClientTlsPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1beta1/{parent=projects/*/locations/*}/clientTlsPolicies" + body: "client_tls_policy" + }; + option (google.api.method_signature) = "parent,client_tls_policy,client_tls_policy_id"; + option (google.longrunning.operation_info) = { + response_type: "ClientTlsPolicy" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Updates the parameters of a single ClientTlsPolicy. + rpc UpdateClientTlsPolicy(UpdateClientTlsPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1beta1/{client_tls_policy.name=projects/*/locations/*/clientTlsPolicies/*}" + body: "client_tls_policy" + }; + option (google.api.method_signature) = "client_tls_policy,update_mask"; + option (google.longrunning.operation_info) = { + response_type: "ClientTlsPolicy" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } + + // Deletes a single ClientTlsPolicy. + rpc DeleteClientTlsPolicy(DeleteClientTlsPolicyRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1beta1/{name=projects/*/locations/*/clientTlsPolicies/*}" + }; + option (google.api.method_signature) = "name"; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "google.cloud.networksecurity.v1beta1.OperationMetadata" + }; + } +} diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/networksecurity_v1beta1.yaml b/third_party/googleapis/google/cloud/networksecurity/v1beta1/networksecurity_v1beta1.yaml new file mode 100644 index 0000000..432667f --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/networksecurity_v1beta1.yaml @@ -0,0 +1,117 @@ +type: google.api.Service +config_version: 3 +name: networksecurity.googleapis.com +title: Network Security API + +apis: +- name: google.cloud.location.Locations +- name: google.cloud.networksecurity.v1beta1.NetworkSecurity +- name: google.iam.v1.IAMPolicy +- name: google.longrunning.Operations + +types: +- name: google.cloud.networksecurity.v1beta1.OperationMetadata + +documentation: + rules: + - selector: google.cloud.location.Locations.GetLocation + description: Gets information about a location. + + - selector: google.cloud.location.Locations.ListLocations + description: Lists information about the supported locations for this service. + + - selector: google.iam.v1.IAMPolicy.GetIamPolicy + description: |- + Gets the access control policy for a resource. Returns an empty policy + if the resource exists and does not have a policy set. + + - selector: google.iam.v1.IAMPolicy.SetIamPolicy + description: |- + Sets the access control policy on the specified resource. Replaces + any existing policy. + + Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` + errors. + + - selector: google.iam.v1.IAMPolicy.TestIamPermissions + description: |- + Returns permissions that a caller has on the specified resource. If the + resource does not exist, this will return an empty set of + permissions, not a `NOT_FOUND` error. + + Note: This operation is designed to be used for building + permission-aware UIs and command-line tools, not for authorization + checking. This operation may "fail open" without warning. + +backend: + rules: + - selector: google.cloud.location.Locations.GetLocation + deadline: 60.0 + - selector: google.cloud.location.Locations.ListLocations + deadline: 60.0 + - selector: 'google.cloud.networksecurity.v1beta1.NetworkSecurity.*' + deadline: 60.0 + - selector: 'google.iam.v1.IAMPolicy.*' + deadline: 60.0 + - selector: 'google.longrunning.Operations.*' + deadline: 60.0 + +http: + rules: + - selector: google.cloud.location.Locations.GetLocation + get: '/v1beta1/{name=projects/*/locations/*}' + - selector: google.cloud.location.Locations.ListLocations + get: '/v1beta1/{name=projects/*}/locations' + - selector: google.iam.v1.IAMPolicy.GetIamPolicy + get: '/v1beta1/{resource=projects/*/locations/*/authorizationPolicies/*}:getIamPolicy' + additional_bindings: + - get: '/v1beta1/{resource=projects/*/locations/*/serverTlsPolicies/*}:getIamPolicy' + - get: '/v1beta1/{resource=projects/*/locations/*/clientTlsPolicies/*}:getIamPolicy' + - selector: google.iam.v1.IAMPolicy.SetIamPolicy + post: '/v1beta1/{resource=projects/*/locations/*/authorizationPolicies/*}:setIamPolicy' + body: '*' + additional_bindings: + - post: '/v1beta1/{resource=projects/*/locations/*/serverTlsPolicies/*}:setIamPolicy' + body: '*' + - post: '/v1beta1/{resource=projects/*/locations/*/clientTlsPolicies/*}:setIamPolicy' + body: '*' + - selector: google.iam.v1.IAMPolicy.TestIamPermissions + post: '/v1beta1/{resource=projects/*/locations/*/authorizationPolicies/*}:testIamPermissions' + body: '*' + additional_bindings: + - post: '/v1beta1/{resource=projects/*/locations/*/serverTlsPolicies/*}:testIamPermissions' + body: '*' + - post: '/v1beta1/{resource=projects/*/locations/*/clientTlsPolicies/*}:testIamPermissions' + body: '*' + - selector: google.longrunning.Operations.CancelOperation + post: '/v1beta1/{name=projects/*/locations/*/operations/*}:cancel' + body: '*' + - selector: google.longrunning.Operations.DeleteOperation + delete: '/v1beta1/{name=projects/*/locations/*/operations/*}' + - selector: google.longrunning.Operations.GetOperation + get: '/v1beta1/{name=projects/*/locations/*/operations/*}' + - selector: google.longrunning.Operations.ListOperations + get: '/v1beta1/{name=projects/*/locations/*}/operations' + +authentication: + rules: + - selector: google.cloud.location.Locations.GetLocation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.cloud.location.Locations.ListLocations + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.cloud.networksecurity.v1beta1.NetworkSecurity.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.iam.v1.IAMPolicy.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.longrunning.Operations.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/networksecurity_v1beta1_grpc_service_config.json b/third_party/googleapis/google/cloud/networksecurity/v1beta1/networksecurity_v1beta1_grpc_service_config.json new file mode 100644 index 0000000..3bb958d --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/networksecurity_v1beta1_grpc_service_config.json @@ -0,0 +1,12 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.networksecurity.v1beta1.NetworkSecurity" + } + ], + "timeout": "60s" + } + ] +} diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/server_tls_policy.proto b/third_party/googleapis/google/cloud/networksecurity/v1beta1/server_tls_policy.proto new file mode 100644 index 0000000..ce92cfc --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/server_tls_policy.proto @@ -0,0 +1,187 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.networksecurity.v1beta1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/networksecurity/v1beta1/tls.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity"; +option java_multiple_files = true; +option java_outer_classname = "ServerTlsPolicyProto"; +option java_package = "com.google.cloud.networksecurity.v1beta1"; +option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; +option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; + +// ServerTlsPolicy is a resource that specifies how a server should authenticate +// incoming requests. This resource itself does not affect configuration unless +// it is attached to a target https proxy or endpoint config selector resource. +message ServerTlsPolicy { + option (google.api.resource) = { + type: "networksecurity.googleapis.com/ServerTlsPolicy" + pattern: "projects/{project}/locations/{location}/serverTlsPolicies/{server_tls_policy}" + }; + + // Specification of the MTLSPolicy. + message MTLSPolicy { + // + // Defines the mechanism to obtain the Certificate Authority certificate to + // validate the client certificate. + repeated ValidationCA client_validation_ca = 1; + } + + // Required. Name of the ServerTlsPolicy resource. It matches the pattern + // `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}` + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Free-text description of the resource. + string description = 2; + + // Output only. The timestamp when the resource was created. + google.protobuf.Timestamp create_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The timestamp when the resource was updated. + google.protobuf.Timestamp update_time = 4 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Set of label tags associated with the resource. + map<string, string> labels = 5; + + // + // Determines if server allows plaintext connections. If set to true, server + // allows plain text connections. By default, it is set to false. This setting + // is not exclusive of other encryption modes. For example, if `allow_open` + // and `mtls_policy` are set, server allows both plain text and mTLS + // connections. See documentation of other encryption modes to confirm + // compatibility. + // + // Consider using it if you wish to upgrade in place your deployment to TLS + // while having mixed TLS and non-TLS traffic reaching port :80. + bool allow_open = 6; + + // + // Defines a mechanism to provision server identity (public and private keys). + // Cannot be combined with `allow_open` as a permissive mode that allows both + // plain text and TLS is not supported. + CertificateProvider server_certificate = 7; + + // + // Defines a mechanism to provision peer validation certificates for peer to + // peer authentication (Mutual TLS - mTLS). If not specified, client + // certificate will not be requested. The connection is treated as TLS and not + // mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain + // text and mTLS connections. + MTLSPolicy mtls_policy = 8; +} + +// Request used by the ListServerTlsPolicies method. +message ListServerTlsPoliciesRequest { + // Required. The project and location from which the ServerTlsPolicies should + // be listed, specified in the format `projects/*/locations/{location}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Maximum number of ServerTlsPolicies to return per call. + int32 page_size = 2; + + // The value returned by the last `ListServerTlsPoliciesResponse` + // Indicates that this is a continuation of a prior + // `ListServerTlsPolicies` call, and that the system + // should return the next page of data. + string page_token = 3; +} + +// Response returned by the ListServerTlsPolicies method. +message ListServerTlsPoliciesResponse { + // List of ServerTlsPolicy resources. + repeated ServerTlsPolicy server_tls_policies = 1; + + // If there might be more results than those appearing in this response, then + // `next_page_token` is included. To get the next set of results, call this + // method again using the value of `next_page_token` as `page_token`. + string next_page_token = 2; +} + +// Request used by the GetServerTlsPolicy method. +message GetServerTlsPolicyRequest { + // Required. A name of the ServerTlsPolicy to get. Must be in the format + // `projects/*/locations/{location}/serverTlsPolicies/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "networksecurity.googleapis.com/ServerTlsPolicy" + } + ]; +} + +// Request used by the CreateServerTlsPolicy method. +message CreateServerTlsPolicyRequest { + // Required. The parent resource of the ServerTlsPolicy. Must be in + // the format `projects/*/locations/{location}`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "networksecurity.googleapis.com/ServerTlsPolicy" + } + ]; + + // Required. Short name of the ServerTlsPolicy resource to be created. This + // value should be 1-63 characters long, containing only letters, numbers, + // hyphens, and underscores, and should not start with a number. E.g. + // "server_mtls_policy". + string server_tls_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. ServerTlsPolicy resource to be created. + ServerTlsPolicy server_tls_policy = 3 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request used by UpdateServerTlsPolicy method. +message UpdateServerTlsPolicyRequest { + // Optional. Field mask is used to specify the fields to be overwritten in the + // ServerTlsPolicy resource by the update. The fields + // specified in the update_mask are relative to the resource, not + // the full request. A field will be overwritten if it is in the + // mask. If the user does not provide a mask then all fields will be + // overwritten. + google.protobuf.FieldMask update_mask = 1 + [(google.api.field_behavior) = OPTIONAL]; + + // Required. Updated ServerTlsPolicy resource. + ServerTlsPolicy server_tls_policy = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request used by the DeleteServerTlsPolicy method. +message DeleteServerTlsPolicyRequest { + // Required. A name of the ServerTlsPolicy to delete. Must be in + // the format `projects/*/locations/{location}/serverTlsPolicies/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "networksecurity.googleapis.com/ServerTlsPolicy" + } + ]; +} diff --git a/third_party/googleapis/google/cloud/networksecurity/v1beta1/tls.proto b/third_party/googleapis/google/cloud/networksecurity/v1beta1/tls.proto new file mode 100644 index 0000000..3addee9 --- /dev/null +++ b/third_party/googleapis/google/cloud/networksecurity/v1beta1/tls.proto @@ -0,0 +1,78 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.networksecurity.v1beta1; + +import "google/api/field_behavior.proto"; + +option csharp_namespace = "Google.Cloud.NetworkSecurity.V1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/networksecurity/v1beta1;networksecurity"; +option java_multiple_files = true; +option java_outer_classname = "TlsProto"; +option java_package = "com.google.cloud.networksecurity.v1beta1"; +option php_namespace = "Google\\Cloud\\NetworkSecurity\\V1beta1"; +option ruby_package = "Google::Cloud::NetworkSecurity::V1beta1"; + +// Specification of the GRPC Endpoint. +message GrpcEndpoint { + // Required. The target URI of the gRPC endpoint. Only UDS path is supported, + // and should start with "unix:". + string target_uri = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Specification of ValidationCA. Defines the mechanism to obtain the +// Certificate Authority certificate to validate the peer certificate. +message ValidationCA { + // The type of certificate provider which provides the CA certificate. + oneof type { + // gRPC specific configuration to access the gRPC server to + // obtain the CA certificate. + GrpcEndpoint grpc_endpoint = 2; + + // The certificate provider instance specification that will be passed to + // the data plane, which will be used to load necessary credential + // information. + CertificateProviderInstance certificate_provider_instance = 3; + } +} + +// Specification of a TLS certificate provider instance. Workloads may have one +// or more CertificateProvider instances (plugins) and one of them is enabled +// and configured by specifying this message. Workloads use the values from this +// message to locate and load the CertificateProvider instance configuration. +message CertificateProviderInstance { + // Required. Plugin instance name, used to locate and load CertificateProvider + // instance configuration. Set to "google_cloud_private_spiffe" to use + // Certificate Authority Service certificate provider instance. + string plugin_instance = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Specification of certificate provider. Defines the mechanism to obtain the +// certificate and private key for peer to peer authentication. +message CertificateProvider { + // The type of certificate provider which provides the certificates and + // private keys. + oneof type { + // gRPC specific configuration to access the gRPC server to + // obtain the cert and private key. + GrpcEndpoint grpc_endpoint = 2; + + // The certificate provider instance specification that will be passed to + // the data plane, which will be used to load necessary credential + // information. + CertificateProviderInstance certificate_provider_instance = 3; + } +} |