xref: /aosp_15_r20/external/googleapis/google/cloud/connectors/v1/authconfig.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.connectors.v1;
18
19import "google/cloud/connectors/v1/common.proto";
20
21option go_package = "cloud.google.com/go/connectors/apiv1/connectorspb;connectorspb";
22option java_multiple_files = true;
23option java_outer_classname = "AuthConfigProto";
24option java_package = "com.google.cloud.connectors.v1";
25
26// AuthConfig defines details of a authentication type.
27message AuthConfig {
28  // Parameters to support Username and Password Authentication.
29  message UserPassword {
30    // Username.
31    string username = 1;
32
33    // Secret version reference containing the password.
34    Secret password = 2;
35  }
36
37  // Parameters to support JSON Web Token (JWT) Profile for Oauth 2.0
38  // Authorization Grant based authentication.
39  // See https://tools.ietf.org/html/rfc7523 for more details.
40  message Oauth2JwtBearer {
41    // JWT claims used for the jwt-bearer authorization grant.
42    message JwtClaims {
43      // Value for the "iss" claim.
44      string issuer = 1;
45
46      // Value for the "sub" claim.
47      string subject = 2;
48
49      // Value for the "aud" claim.
50      string audience = 3;
51    }
52
53    // Secret version reference containing a PKCS#8 PEM-encoded private
54    // key associated with the Client Certificate. This private key will be
55    // used to sign JWTs used for the jwt-bearer authorization grant.
56    // Specified in the form as: `projects/*/secrets/*/versions/*`.
57    Secret client_key = 1;
58
59    // JwtClaims providers fields to generate the token.
60    JwtClaims jwt_claims = 2;
61  }
62
63  // Parameters to support Oauth 2.0 Client Credentials Grant Authentication.
64  // See https://tools.ietf.org/html/rfc6749#section-1.3.4 for more details.
65  message Oauth2ClientCredentials {
66    // The client identifier.
67    string client_id = 1;
68
69    // Secret version reference containing the client secret.
70    Secret client_secret = 2;
71  }
72
73  // Parameters to support Ssh public key Authentication.
74  message SshPublicKey {
75    // The user account used to authenticate.
76    string username = 1;
77
78    // SSH Client Cert. It should contain both public and private key.
79    Secret ssh_client_cert = 3;
80
81    // Format of SSH Client cert.
82    string cert_type = 4;
83
84    // Password (passphrase) for ssh client certificate if it has one.
85    Secret ssh_client_cert_pass = 5;
86  }
87
88  // The type of authentication configured.
89  AuthType auth_type = 1;
90
91  // Supported auth types.
92  oneof type {
93    // UserPassword.
94    UserPassword user_password = 2;
95
96    // Oauth2JwtBearer.
97    Oauth2JwtBearer oauth2_jwt_bearer = 3;
98
99    // Oauth2ClientCredentials.
100    Oauth2ClientCredentials oauth2_client_credentials = 4;
101
102    // SSH Public Key.
103    SshPublicKey ssh_public_key = 6;
104  }
105
106  // List containing additional auth configs.
107  repeated ConfigVariable additional_variables = 5;
108}
109
110// AuthConfigTemplate defines required field over an authentication type.
111message AuthConfigTemplate {
112  // The type of authentication configured.
113  AuthType auth_type = 1;
114
115  // Config variables to describe an `AuthConfig` for a `Connection`.
116  repeated ConfigVariableTemplate config_variable_templates = 2;
117
118  // Display name for authentication template.
119  string display_name = 3;
120
121  // Connector specific description for an authentication template.
122  string description = 4;
123}
124
125// AuthType defines different authentication types.
126enum AuthType {
127  // Authentication type not specified.
128  AUTH_TYPE_UNSPECIFIED = 0;
129
130  // Username and Password Authentication.
131  USER_PASSWORD = 1;
132
133  // JSON Web Token (JWT) Profile for Oauth 2.0
134  // Authorization Grant based authentication
135  OAUTH2_JWT_BEARER = 2;
136
137  // Oauth 2.0 Client Credentials Grant Authentication
138  OAUTH2_CLIENT_CREDENTIALS = 3;
139
140  // SSH Public Key Authentication
141  SSH_PUBLIC_KEY = 4;
142
143  // Oauth 2.0 Authorization Code Flow
144  OAUTH2_AUTH_CODE_FLOW = 5;
145}
146