1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.bigtable.admin.v2; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/bigtable/admin/v2/types.proto"; 22import "google/protobuf/duration.proto"; 23import "google/protobuf/timestamp.proto"; 24import "google/rpc/status.proto"; 25 26option csharp_namespace = "Google.Cloud.Bigtable.Admin.V2"; 27option go_package = "google.golang.org/genproto/googleapis/bigtable/admin/v2;admin"; 28option java_multiple_files = true; 29option java_outer_classname = "TableProto"; 30option java_package = "com.google.bigtable.admin.v2"; 31option php_namespace = "Google\\Cloud\\Bigtable\\Admin\\V2"; 32option ruby_package = "Google::Cloud::Bigtable::Admin::V2"; 33option (google.api.resource_definition) = { 34 type: "cloudkms.googleapis.com/CryptoKeyVersion" 35 pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}" 36}; 37 38// Information about a table restore. 39message RestoreInfo { 40 // The type of the restore source. 41 RestoreSourceType source_type = 1; 42 43 // Information about the source used to restore the table. 44 oneof source_info { 45 // Information about the backup used to restore the table. The backup 46 // may no longer exist. 47 BackupInfo backup_info = 2; 48 } 49} 50 51// Change stream configuration. 52message ChangeStreamConfig { 53 // How long the change stream should be retained. Change stream data older 54 // than the retention period will not be returned when reading the change 55 // stream from the table. 56 // Values must be at least 1 day and at most 7 days, and will be truncated to 57 // microsecond granularity. 58 google.protobuf.Duration retention_period = 1; 59} 60 61// A collection of user data indexed by row, column, and timestamp. 62// Each table is served using the resources of its parent cluster. 63message Table { 64 option (google.api.resource) = { 65 type: "bigtableadmin.googleapis.com/Table" 66 pattern: "projects/{project}/instances/{instance}/tables/{table}" 67 }; 68 69 // The state of a table's data in a particular cluster. 70 message ClusterState { 71 // Table replication states. 72 enum ReplicationState { 73 // The replication state of the table is unknown in this cluster. 74 STATE_NOT_KNOWN = 0; 75 76 // The cluster was recently created, and the table must finish copying 77 // over pre-existing data from other clusters before it can begin 78 // receiving live replication updates and serving Data API requests. 79 INITIALIZING = 1; 80 81 // The table is temporarily unable to serve Data API requests from this 82 // cluster due to planned internal maintenance. 83 PLANNED_MAINTENANCE = 2; 84 85 // The table is temporarily unable to serve Data API requests from this 86 // cluster due to unplanned or emergency maintenance. 87 UNPLANNED_MAINTENANCE = 3; 88 89 // The table can serve Data API requests from this cluster. Depending on 90 // replication delay, reads may not immediately reflect the state of the 91 // table in other clusters. 92 READY = 4; 93 94 // The table is fully created and ready for use after a restore, and is 95 // being optimized for performance. When optimizations are complete, the 96 // table will transition to `READY` state. 97 READY_OPTIMIZING = 5; 98 } 99 100 // Output only. The state of replication for the table in this cluster. 101 ReplicationState replication_state = 1 102 [(google.api.field_behavior) = OUTPUT_ONLY]; 103 104 // Output only. The encryption information for the table in this cluster. 105 // If the encryption key protecting this resource is customer managed, then 106 // its version can be rotated in Cloud Key Management Service (Cloud KMS). 107 // The primary version of the key and its status will be reflected here when 108 // changes propagate from Cloud KMS. 109 repeated EncryptionInfo encryption_info = 2 110 [(google.api.field_behavior) = OUTPUT_ONLY]; 111 } 112 113 // Possible timestamp granularities to use when keeping multiple versions 114 // of data in a table. 115 enum TimestampGranularity { 116 // The user did not specify a granularity. Should not be returned. 117 // When specified during table creation, MILLIS will be used. 118 TIMESTAMP_GRANULARITY_UNSPECIFIED = 0; 119 120 // The table keeps data versioned at a granularity of 1ms. 121 MILLIS = 1; 122 } 123 124 // Defines a view over a table's fields. 125 enum View { 126 // Uses the default view for each method as documented in its request. 127 VIEW_UNSPECIFIED = 0; 128 129 // Only populates `name`. 130 NAME_ONLY = 1; 131 132 // Only populates `name` and fields related to the table's schema. 133 SCHEMA_VIEW = 2; 134 135 // Only populates `name` and fields related to the table's replication 136 // state. 137 REPLICATION_VIEW = 3; 138 139 // Only populates `name` and fields related to the table's encryption state. 140 ENCRYPTION_VIEW = 5; 141 142 // Populates all fields. 143 FULL = 4; 144 } 145 146 // Defines an automated backup policy for a table 147 message AutomatedBackupPolicy { 148 // Required. How long the automated backups should be retained. The only 149 // supported value at this time is 3 days. 150 google.protobuf.Duration retention_period = 1 151 [(google.api.field_behavior) = REQUIRED]; 152 153 // Required. How frequently automated backups should occur. The only 154 // supported value at this time is 24 hours. 155 google.protobuf.Duration frequency = 2 156 [(google.api.field_behavior) = REQUIRED]; 157 } 158 159 // The unique name of the table. Values are of the form 160 // `projects/{project}/instances/{instance}/tables/[_a-zA-Z0-9][-_.a-zA-Z0-9]*`. 161 // Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL` 162 string name = 1; 163 164 // Output only. Map from cluster ID to per-cluster table state. 165 // If it could not be determined whether or not the table has data in a 166 // particular cluster (for example, if its zone is unavailable), then 167 // there will be an entry for the cluster with UNKNOWN `replication_status`. 168 // Views: `REPLICATION_VIEW`, `ENCRYPTION_VIEW`, `FULL` 169 map<string, ClusterState> cluster_states = 2 170 [(google.api.field_behavior) = OUTPUT_ONLY]; 171 172 // The column families configured for this table, mapped by column family ID. 173 // Views: `SCHEMA_VIEW`, `STATS_VIEW`, `FULL` 174 map<string, ColumnFamily> column_families = 3; 175 176 // Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored 177 // in this table. Timestamps not matching the granularity will be rejected. If 178 // unspecified at creation time, the value will be set to `MILLIS`. Views: 179 // `SCHEMA_VIEW`, `FULL`. 180 TimestampGranularity granularity = 4 181 [(google.api.field_behavior) = IMMUTABLE]; 182 183 // Output only. If this table was restored from another data source (e.g. a 184 // backup), this field will be populated with information about the restore. 185 RestoreInfo restore_info = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 186 187 // If specified, enable the change stream on this table. 188 // Otherwise, the change stream is disabled and the change stream is not 189 // retained. 190 ChangeStreamConfig change_stream_config = 8; 191 192 // Set to true to make the table protected against data loss. i.e. deleting 193 // the following resources through Admin APIs are prohibited: 194 // 195 // * The table. 196 // * The column families in the table. 197 // * The instance containing the table. 198 // 199 // Note one can still delete the data stored in the table through Data APIs. 200 bool deletion_protection = 9; 201 202 oneof automated_backup_config { 203 // If specified, automated backups are enabled for this table. 204 // Otherwise, automated backups are disabled. 205 AutomatedBackupPolicy automated_backup_policy = 13; 206 } 207} 208 209// AuthorizedViews represent subsets of a particular Cloud Bigtable table. Users 210// can configure access to each Authorized View independently from the table and 211// use the existing Data APIs to access the subset of data. 212message AuthorizedView { 213 option (google.api.resource) = { 214 type: "bigtableadmin.googleapis.com/AuthorizedView" 215 pattern: "projects/{project}/instances/{instance}/tables/{table}/authorizedViews/{authorized_view}" 216 plural: "authorizedViews" 217 singular: "authorizedView" 218 }; 219 220 // Subsets of a column family that are included in this AuthorizedView. 221 message FamilySubsets { 222 // Individual exact column qualifiers to be included in the AuthorizedView. 223 repeated bytes qualifiers = 1; 224 225 // Prefixes for qualifiers to be included in the AuthorizedView. Every 226 // qualifier starting with one of these prefixes is included in the 227 // AuthorizedView. To provide access to all qualifiers, include the empty 228 // string as a prefix 229 // (""). 230 repeated bytes qualifier_prefixes = 2; 231 } 232 233 // Defines a simple AuthorizedView that is a subset of the underlying Table. 234 message SubsetView { 235 // Row prefixes to be included in the AuthorizedView. 236 // To provide access to all rows, include the empty string as a prefix (""). 237 repeated bytes row_prefixes = 1; 238 239 // Map from column family name to the columns in this family to be included 240 // in the AuthorizedView. 241 map<string, FamilySubsets> family_subsets = 2; 242 } 243 244 // Defines a subset of an AuthorizedView's fields. 245 enum ResponseView { 246 // Uses the default view for each method as documented in the request. 247 RESPONSE_VIEW_UNSPECIFIED = 0; 248 249 // Only populates `name`. 250 NAME_ONLY = 1; 251 252 // Only populates the AuthorizedView's basic metadata. This includes: 253 // name, deletion_protection, etag. 254 BASIC = 2; 255 256 // Populates every fields. 257 FULL = 3; 258 } 259 260 // Identifier. The name of this AuthorizedView. 261 // Values are of the form 262 // `projects/{project}/instances/{instance}/tables/{table}/authorizedViews/{authorized_view}` 263 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 264 265 // The type of this AuthorizedView. 266 oneof authorized_view { 267 // An AuthorizedView permitting access to an explicit subset of a Table. 268 SubsetView subset_view = 2; 269 } 270 271 // The etag for this AuthorizedView. 272 // If this is provided on update, it must match the server's etag. The server 273 // returns ABORTED error on a mismatched etag. 274 string etag = 3; 275 276 // Set to true to make the AuthorizedView protected against deletion. 277 // The parent Table and containing Instance cannot be deleted if an 278 // AuthorizedView has this bit set. 279 bool deletion_protection = 4; 280} 281 282// A set of columns within a table which share a common configuration. 283message ColumnFamily { 284 // Garbage collection rule specified as a protobuf. 285 // Must serialize to at most 500 bytes. 286 // 287 // NOTE: Garbage collection executes opportunistically in the background, and 288 // so it's possible for reads to return a cell even if it matches the active 289 // GC expression for its family. 290 GcRule gc_rule = 1; 291 292 // The type of data stored in each of this family's cell values, including its 293 // full encoding. If omitted, the family only serves raw untyped bytes. 294 // 295 // For now, only the `Aggregate` type is supported. 296 // 297 // `Aggregate` can only be set at family creation and is immutable afterwards. 298 // 299 // 300 // If `value_type` is `Aggregate`, written data must be compatible with: 301 // * `value_type.input_type` for `AddInput` mutations 302 Type value_type = 3; 303} 304 305// Rule for determining which cells to delete during garbage collection. 306message GcRule { 307 // A GcRule which deletes cells matching all of the given rules. 308 message Intersection { 309 // Only delete cells which would be deleted by every element of `rules`. 310 repeated GcRule rules = 1; 311 } 312 313 // A GcRule which deletes cells matching any of the given rules. 314 message Union { 315 // Delete cells which would be deleted by any element of `rules`. 316 repeated GcRule rules = 1; 317 } 318 319 // Garbage collection rules. 320 oneof rule { 321 // Delete all cells in a column except the most recent N. 322 int32 max_num_versions = 1; 323 324 // Delete cells in a column older than the given age. 325 // Values must be at least one millisecond, and will be truncated to 326 // microsecond granularity. 327 google.protobuf.Duration max_age = 2; 328 329 // Delete cells that would be deleted by every nested rule. 330 Intersection intersection = 3; 331 332 // Delete cells that would be deleted by any nested rule. 333 Union union = 4; 334 } 335} 336 337// Encryption information for a given resource. 338// If this resource is protected with customer managed encryption, the in-use 339// Cloud Key Management Service (Cloud KMS) key version is specified along with 340// its status. 341message EncryptionInfo { 342 // Possible encryption types for a resource. 343 enum EncryptionType { 344 // Encryption type was not specified, though data at rest remains encrypted. 345 ENCRYPTION_TYPE_UNSPECIFIED = 0; 346 347 // The data backing this resource is encrypted at rest with a key that is 348 // fully managed by Google. No key version or status will be populated. 349 // This is the default state. 350 GOOGLE_DEFAULT_ENCRYPTION = 1; 351 352 // The data backing this resource is encrypted at rest with a key that is 353 // managed by the customer. 354 // The in-use version of the key and its status are populated for 355 // CMEK-protected tables. 356 // CMEK-protected backups are pinned to the key version that was in use at 357 // the time the backup was taken. This key version is populated but its 358 // status is not tracked and is reported as `UNKNOWN`. 359 CUSTOMER_MANAGED_ENCRYPTION = 2; 360 } 361 362 // Output only. The type of encryption used to protect this resource. 363 EncryptionType encryption_type = 3 364 [(google.api.field_behavior) = OUTPUT_ONLY]; 365 366 // Output only. The status of encrypt/decrypt calls on underlying data for 367 // this resource. Regardless of status, the existing data is always encrypted 368 // at rest. 369 google.rpc.Status encryption_status = 4 370 [(google.api.field_behavior) = OUTPUT_ONLY]; 371 372 // Output only. The version of the Cloud KMS key specified in the parent 373 // cluster that is in use for the data underlying this table. 374 string kms_key_version = 2 [ 375 (google.api.field_behavior) = OUTPUT_ONLY, 376 (google.api.resource_reference) = { 377 type: "cloudkms.googleapis.com/CryptoKeyVersion" 378 } 379 ]; 380} 381 382// A snapshot of a table at a particular time. A snapshot can be used as a 383// checkpoint for data restoration or a data source for a new table. 384// 385// Note: This is a private alpha release of Cloud Bigtable snapshots. This 386// feature is not currently available to most Cloud Bigtable customers. This 387// feature might be changed in backward-incompatible ways and is not recommended 388// for production use. It is not subject to any SLA or deprecation policy. 389message Snapshot { 390 option (google.api.resource) = { 391 type: "bigtableadmin.googleapis.com/Snapshot" 392 pattern: "projects/{project}/instances/{instance}/clusters/{cluster}/snapshots/{snapshot}" 393 }; 394 395 // Possible states of a snapshot. 396 enum State { 397 // The state of the snapshot could not be determined. 398 STATE_NOT_KNOWN = 0; 399 400 // The snapshot has been successfully created and can serve all requests. 401 READY = 1; 402 403 // The snapshot is currently being created, and may be destroyed if the 404 // creation process encounters an error. A snapshot may not be restored to a 405 // table while it is being created. 406 CREATING = 2; 407 } 408 409 // The unique name of the snapshot. 410 // Values are of the form 411 // `projects/{project}/instances/{instance}/clusters/{cluster}/snapshots/{snapshot}`. 412 string name = 1; 413 414 // Output only. The source table at the time the snapshot was taken. 415 Table source_table = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 416 417 // Output only. The size of the data in the source table at the time the 418 // snapshot was taken. In some cases, this value may be computed 419 // asynchronously via a background process and a placeholder of 0 will be used 420 // in the meantime. 421 int64 data_size_bytes = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 422 423 // Output only. The time when the snapshot is created. 424 google.protobuf.Timestamp create_time = 4 425 [(google.api.field_behavior) = OUTPUT_ONLY]; 426 427 // The time when the snapshot will be deleted. The maximum amount of time a 428 // snapshot can stay active is 365 days. If 'ttl' is not specified, 429 // the default maximum of 365 days will be used. 430 google.protobuf.Timestamp delete_time = 5; 431 432 // Output only. The current state of the snapshot. 433 State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 434 435 // Description of the snapshot. 436 string description = 7; 437} 438 439// A backup of a Cloud Bigtable table. 440message Backup { 441 option (google.api.resource) = { 442 type: "bigtableadmin.googleapis.com/Backup" 443 pattern: "projects/{project}/instances/{instance}/clusters/{cluster}/backups/{backup}" 444 }; 445 446 // Indicates the current state of the backup. 447 enum State { 448 // Not specified. 449 STATE_UNSPECIFIED = 0; 450 451 // The pending backup is still being created. Operations on the 452 // backup may fail with `FAILED_PRECONDITION` in this state. 453 CREATING = 1; 454 455 // The backup is complete and ready for use. 456 READY = 2; 457 } 458 459 // A globally unique identifier for the backup which cannot be 460 // changed. Values are of the form 461 // `projects/{project}/instances/{instance}/clusters/{cluster}/ 462 // backups/[_a-zA-Z0-9][-_.a-zA-Z0-9]*` 463 // The final segment of the name must be between 1 and 50 characters 464 // in length. 465 // 466 // The backup is stored in the cluster identified by the prefix of the backup 467 // name of the form 468 // `projects/{project}/instances/{instance}/clusters/{cluster}`. 469 string name = 1; 470 471 // Required. Immutable. Name of the table from which this backup was created. 472 // This needs to be in the same instance as the backup. Values are of the form 473 // `projects/{project}/instances/{instance}/tables/{source_table}`. 474 string source_table = 2 [ 475 (google.api.field_behavior) = IMMUTABLE, 476 (google.api.field_behavior) = REQUIRED 477 ]; 478 479 // Output only. Name of the backup from which this backup was copied. If a 480 // backup is not created by copying a backup, this field will be empty. Values 481 // are of the form: projects/<project>/instances/<instance>/backups/<backup>. 482 string source_backup = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 483 484 // Required. The expiration time of the backup, with microseconds 485 // granularity that must be at least 6 hours and at most 90 days 486 // from the time the request is received. Once the `expire_time` 487 // has passed, Cloud Bigtable will delete the backup and free the 488 // resources used by the backup. 489 google.protobuf.Timestamp expire_time = 3 490 [(google.api.field_behavior) = REQUIRED]; 491 492 // Output only. `start_time` is the time that the backup was started 493 // (i.e. approximately the time the 494 // [CreateBackup][google.bigtable.admin.v2.BigtableTableAdmin.CreateBackup] 495 // request is received). The row data in this backup will be no older than 496 // this timestamp. 497 google.protobuf.Timestamp start_time = 4 498 [(google.api.field_behavior) = OUTPUT_ONLY]; 499 500 // Output only. `end_time` is the time that the backup was finished. The row 501 // data in the backup will be no newer than this timestamp. 502 google.protobuf.Timestamp end_time = 5 503 [(google.api.field_behavior) = OUTPUT_ONLY]; 504 505 // Output only. Size of the backup in bytes. 506 int64 size_bytes = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 507 508 // Output only. The current state of the backup. 509 State state = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 510 511 // Output only. The encryption information for the backup. 512 EncryptionInfo encryption_info = 9 513 [(google.api.field_behavior) = OUTPUT_ONLY]; 514} 515 516// Information about a backup. 517message BackupInfo { 518 // Output only. Name of the backup. 519 string backup = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 520 521 // Output only. The time that the backup was started. Row data in the backup 522 // will be no older than this timestamp. 523 google.protobuf.Timestamp start_time = 2 524 [(google.api.field_behavior) = OUTPUT_ONLY]; 525 526 // Output only. This time that the backup was finished. Row data in the 527 // backup will be no newer than this timestamp. 528 google.protobuf.Timestamp end_time = 3 529 [(google.api.field_behavior) = OUTPUT_ONLY]; 530 531 // Output only. Name of the table the backup was created from. 532 string source_table = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 533 534 // Output only. Name of the backup from which this backup was copied. If a 535 // backup is not created by copying a backup, this field will be empty. Values 536 // are of the form: projects/<project>/instances/<instance>/backups/<backup>. 537 string source_backup = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; 538} 539 540// Indicates the type of the restore source. 541enum RestoreSourceType { 542 // No restore associated. 543 RESTORE_SOURCE_TYPE_UNSPECIFIED = 0; 544 545 // A backup was used as the source of the restore. 546 BACKUP = 1; 547} 548