// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.api.apikeys.v2;
import "google/api/annotations.proto";
import "google/api/apikeys/v2/resources.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
option csharp_namespace = "Google.Cloud.ApiKeys.V2";
option go_package = "cloud.google.com/go/apikeys/apiv2/apikeyspb;apikeyspb";
option java_multiple_files = true;
option java_outer_classname = "ApiKeysProto";
option java_package = "com.google.api.apikeys.v2";
option php_namespace = "Google\\Cloud\\ApiKeys\\V2";
option ruby_package = "Google::Cloud::ApiKeys::V2";
// Manages the API keys associated with projects.
service ApiKeys {
option (google.api.default_host) = "apikeys.googleapis.com";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform,"
"https://www.googleapis.com/auth/cloud-platform.read-only";
// Creates a new API key.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc CreateKey(CreateKeyRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v2/{parent=projects/*/locations/*}/keys"
body: "key"
};
option (google.api.method_signature) = "parent,key,key_id";
option (google.longrunning.operation_info) = {
response_type: "Key"
metadata_type: "google.protobuf.Empty"
};
}
// Lists the API keys owned by a project. The key string of the API key
// isn't included in the response.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) {
option (google.api.http) = {
get: "/v2/{parent=projects/*/locations/*}/keys"
};
option (google.api.method_signature) = "parent";
}
// Gets the metadata for an API key. The key string of the API key
// isn't included in the response.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc GetKey(GetKeyRequest) returns (Key) {
option (google.api.http) = {
get: "/v2/{name=projects/*/locations/*/keys/*}"
};
option (google.api.method_signature) = "name";
}
// Get the key string for an API key.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc GetKeyString(GetKeyStringRequest) returns (GetKeyStringResponse) {
option (google.api.http) = {
get: "/v2/{name=projects/*/locations/*/keys/*}/keyString"
};
option (google.api.method_signature) = "name";
}
// Patches the modifiable fields of an API key.
// The key string of the API key isn't included in the response.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc UpdateKey(UpdateKeyRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
patch: "/v2/{key.name=projects/*/locations/*/keys/*}"
body: "key"
};
option (google.api.method_signature) = "key,update_mask";
option (google.longrunning.operation_info) = {
response_type: "Key"
metadata_type: "google.protobuf.Empty"
};
}
// Deletes an API key. Deleted key can be retrieved within 30 days of
// deletion. Afterward, key will be purged from the project.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc DeleteKey(DeleteKeyRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
delete: "/v2/{name=projects/*/locations/*/keys/*}"
};
option (google.api.method_signature) = "name";
option (google.longrunning.operation_info) = {
response_type: "Key"
metadata_type: "google.protobuf.Empty"
};
}
// Undeletes an API key which was deleted within 30 days.
//
// NOTE: Key is a global resource; hence the only supported value for
// location is `global`.
rpc UndeleteKey(UndeleteKeyRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v2/{name=projects/*/locations/*/keys/*}:undelete"
body: "*"
};
option (google.longrunning.operation_info) = {
response_type: "Key"
metadata_type: "google.protobuf.Empty"
};
}
// Find the parent project and resource name of the API
// key that matches the key string in the request. If the API key has been
// purged, resource name will not be set.
// The service account must have the `apikeys.keys.lookup` permission
// on the parent project.
rpc LookupKey(LookupKeyRequest) returns (LookupKeyResponse) {
option (google.api.http) = {
get: "/v2/keys:lookupKey"
};
}
}
// Request message for `CreateKey` method.
message CreateKeyRequest {
// Required. The project in which the API key is created.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "apikeys.googleapis.com/Key"
}
];
// Required. The API key fields to set at creation time.
// You can configure only the `display_name`, `restrictions`, and
// `annotations` fields.
Key key = 2 [(google.api.field_behavior) = REQUIRED];
// User specified key id (optional). If specified, it will become the final
// component of the key resource name.
//
// The id must be unique within the project, must conform with RFC-1034,
// is restricted to lower-cased letters, and has a maximum length of 63
// characters. In another word, the id must match the regular
// expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.
//
// The id must NOT be a UUID-like string.
string key_id = 3;
}
// Request message for `ListKeys` method.
message ListKeysRequest {
// Required. Lists all API keys associated with this project.
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "apikeys.googleapis.com/Key"
}
];
// Optional. Specifies the maximum number of results to be returned at a time.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Requests a specific page of results.
string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. Indicate that keys deleted in the past 30 days should also be
// returned.
bool show_deleted = 6 [(google.api.field_behavior) = OPTIONAL];
}
// Response message for `ListKeys` method.
message ListKeysResponse {
// A list of API keys.
repeated Key keys = 1;
// The pagination token for the next page of results.
string next_page_token = 2;
}
// Request message for `GetKey` method.
message GetKeyRequest {
// Required. The resource name of the API key to get.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = { type: "apikeys.googleapis.com/Key" }
];
}
// Request message for `GetKeyString` method.
message GetKeyStringRequest {
// Required. The resource name of the API key to be retrieved.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = { type: "apikeys.googleapis.com/Key" }
];
}
// Response message for `GetKeyString` method.
message GetKeyStringResponse {
// An encrypted and signed value of the key.
string key_string = 1;
}
// Request message for `UpdateKey` method.
message UpdateKeyRequest {
// Required. Set the `name` field to the resource name of the API key to be
// updated. You can update only the `display_name`, `restrictions`, and
// `annotations` fields.
Key key = 1 [(google.api.field_behavior) = REQUIRED];
// The field mask specifies which fields to be updated as part of this
// request. All other fields are ignored.
// Mutable fields are: `display_name`, `restrictions`, and `annotations`.
// If an update mask is not provided, the service treats it as an implied mask
// equivalent to all allowed fields that are set on the wire. If the field
// mask has a special value "*", the service treats it equivalent to replace
// all allowed mutable fields.
google.protobuf.FieldMask update_mask = 2;
}
// Request message for `DeleteKey` method.
message DeleteKeyRequest {
// Required. The resource name of the API key to be deleted.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = { type: "apikeys.googleapis.com/Key" }
];
// Optional. The etag known to the client for the expected state of the key.
// This is to be used for optimistic concurrency.
string etag = 2 [(google.api.field_behavior) = OPTIONAL];
}
// Request message for `UndeleteKey` method.
message UndeleteKeyRequest {
// Required. The resource name of the API key to be undeleted.
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = { type: "apikeys.googleapis.com/Key" }
];
}
// Request message for `LookupKey` method.
message LookupKeyRequest {
// Required. Finds the project that owns the key string value.
string key_string = 1 [(google.api.field_behavior) = REQUIRED];
}
// Response message for `LookupKey` method.
message LookupKeyResponse {
// The project that owns the key with the value specified in the request.
string parent = 1;
// The resource name of the API key. If the API key has been purged,
// resource name is empty.
string name = 2;
}