// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.sql.v1;
import "google/api/annotations.proto";
import "google/api/field_behavior.proto";
import "google/cloud/sql/v1/cloud_sql_resources.proto";
import "google/api/client.proto";
option go_package = "google.golang.org/genproto/googleapis/cloud/sql/v1;sql";
option java_multiple_files = true;
option java_outer_classname = "CloudSqlUsersProto";
option java_package = "com.google.cloud.sql.v1";
// NOTE: No sensitive PII logging is allowed. If you are adding a field/enum
// value that is sensitive PII, please add corresponding datapol annotation to
// it. For more information, please see
// https://g3doc.corp.google.com/storage/speckle/g3doc/purple_team/data_pol_annotations.md?cl=head
// Cloud SQL users service.
service SqlUsersService {
option (google.api.default_host) = "sqladmin.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform,"
"https://www.googleapis.com/auth/sqlservice.admin";
// Deletes a user from a Cloud SQL instance.
rpc Delete(SqlUsersDeleteRequest) returns (Operation) {
option (google.api.http) = {
delete: "/v1/projects/{project}/instances/{instance}/users"
};
}
// Creates a new user in a Cloud SQL instance.
rpc Insert(SqlUsersInsertRequest) returns (Operation) {
option (google.api.http) = {
post: "/v1/projects/{project}/instances/{instance}/users"
body: "body"
};
}
// Lists users in the specified Cloud SQL instance.
rpc List(SqlUsersListRequest) returns (UsersListResponse) {
option (google.api.http) = {
get: "/v1/projects/{project}/instances/{instance}/users"
};
}
// Updates an existing user in a Cloud SQL instance.
rpc Update(SqlUsersUpdateRequest) returns (Operation) {
option (google.api.http) = {
put: "/v1/projects/{project}/instances/{instance}/users"
body: "body"
};
}
}
message SqlUsersDeleteRequest {
// Host of the user in the instance.
string host = 1;
// Database instance ID. This does not include the project ID.
string instance = 2;
// Name of the user in the instance.
string name = 3;
// Project ID of the project that contains the instance.
string project = 4;
}
message SqlUsersInsertRequest {
// Database instance ID. This does not include the project ID.
string instance = 1;
// Project ID of the project that contains the instance.
string project = 2;
User body = 100;
}
message SqlUsersListRequest {
// Database instance ID. This does not include the project ID.
string instance = 1;
// Project ID of the project that contains the instance.
string project = 2;
}
message SqlUsersUpdateRequest {
// Optional. Host of the user in the instance.
string host = 1 [(google.api.field_behavior) = OPTIONAL];
// Database instance ID. This does not include the project ID.
string instance = 2;
// Name of the user in the instance.
string name = 3;
// Project ID of the project that contains the instance.
string project = 4;
User body = 100;
}
// A Cloud SQL user resource.
message User {
// The user type.
enum SqlUserType {
// The database's built-in user type.
BUILT_IN = 0;
// Cloud IAM user.
CLOUD_IAM_USER = 1;
// Cloud IAM service account.
CLOUD_IAM_SERVICE_ACCOUNT = 2;
}
// This is always **sql#user**.
string kind = 1;
// The password for the user.
string password = 2;
// This field is deprecated and will be removed from a future version of the
// API.
string etag = 3;
// The name of the user in the Cloud SQL instance. Can be omitted for
// **update** since it is already specified in the URL.
string name = 4;
// The host name from which the user can connect. For **insert**
// operations, host defaults to an empty string. For **update**
// operations, host is specified as part of the request URL. The host name
// cannot be updated after insertion.
string host = 5;
// The name of the Cloud SQL instance. This does not include the project ID.
// Can be omitted for **update** since it is already specified on the
// URL.
string instance = 6;
// The project ID of the project containing the Cloud SQL database. The Google
// apps domain is prefixed if applicable. Can be omitted for **update** since
// it is already specified on the URL.
string project = 7;
// The user type. It determines the method to authenticate the user during
// login. The default is the database's built-in user type.
SqlUserType type = 8;
// User details for specific database type
oneof user_details {
SqlServerUserDetails sqlserver_user_details = 9;
}
}
// Represents a Sql Server user on the Cloud SQL instance.
message SqlServerUserDetails {
// If the user has been disabled
bool disabled = 1;
// The server roles for this user
repeated string server_roles = 2;
}
// User list response.
message UsersListResponse {
// This is always **sql#usersList**.
string kind = 1;
// List of user resources in the instance.
repeated User items = 2;
// An identifier that uniquely identifies the operation. You can use this
// identifier to retrieve the Operations resource that has information about
// the operation.
string next_page_token = 3;
}