1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.appengine.v1beta; 18 19import "google/appengine/v1beta/application.proto"; 20import "google/appengine/v1beta/certificate.proto"; 21import "google/appengine/v1beta/domain.proto"; 22import "google/appengine/v1beta/domain_mapping.proto"; 23import "google/appengine/v1beta/firewall.proto"; 24import "google/appengine/v1beta/instance.proto"; 25import "google/appengine/v1beta/version.proto"; 26import "google/appengine/v1beta/service.proto"; 27import "google/api/annotations.proto"; 28import "google/longrunning/operations.proto"; 29import "google/protobuf/empty.proto"; 30import "google/protobuf/field_mask.proto"; 31import "google/api/client.proto"; 32 33option csharp_namespace = "Google.Cloud.AppEngine.V1Beta"; 34option go_package = "google.golang.org/genproto/googleapis/appengine/v1beta;appengine"; 35option java_multiple_files = true; 36option java_outer_classname = "AppengineProto"; 37option java_package = "com.google.appengine.v1beta"; 38option php_namespace = "Google\\Cloud\\AppEngine\\V1beta"; 39option ruby_package = "Google::Cloud::AppEngine::V1beta"; 40 41// Manages App Engine applications. 42service Applications { 43 option (google.api.default_host) = "appengine.googleapis.com"; 44 option (google.api.oauth_scopes) = 45 "https://www.googleapis.com/auth/appengine.admin," 46 "https://www.googleapis.com/auth/cloud-platform," 47 "https://www.googleapis.com/auth/cloud-platform.read-only"; 48 49 // Gets information about an application. 50 rpc GetApplication(GetApplicationRequest) returns (Application) { 51 option (google.api.http) = { 52 get: "/v1beta/{name=apps/*}" 53 }; 54 } 55 56 // Creates an App Engine application for a Google Cloud Platform project. 57 // Required fields: 58 // 59 // * `id` - The ID of the target Cloud Platform project. 60 // * *location* - The [region](https://cloud.google.com/appengine/docs/locations) where you want the App Engine application located. 61 // 62 // For more information about App Engine applications, see [Managing Projects, Applications, and Billing](https://cloud.google.com/appengine/docs/standard/python/console/). 63 rpc CreateApplication(CreateApplicationRequest) returns (google.longrunning.Operation) { 64 option (google.api.http) = { 65 post: "/v1beta/apps" 66 body: "application" 67 }; 68 option (google.longrunning.operation_info) = { 69 response_type: "Application" 70 metadata_type: "OperationMetadataV1Beta" 71 }; 72 } 73 74 // Updates the specified Application resource. 75 // You can update the following fields: 76 // 77 // * `auth_domain` - Google authentication domain for controlling user access to the application. 78 // * `default_cookie_expiration` - Cookie expiration policy for the application. 79 rpc UpdateApplication(UpdateApplicationRequest) returns (google.longrunning.Operation) { 80 option (google.api.http) = { 81 patch: "/v1beta/{name=apps/*}" 82 body: "application" 83 }; 84 option (google.longrunning.operation_info) = { 85 response_type: "Application" 86 metadata_type: "OperationMetadataV1Beta" 87 }; 88 } 89 90 // Recreates the required App Engine features for the specified App Engine 91 // application, for example a Cloud Storage bucket or App Engine service 92 // account. 93 // Use this method if you receive an error message about a missing feature, 94 // for example, *Error retrieving the App Engine service account*. 95 // If you have deleted your App Engine service account, this will 96 // not be able to recreate it. Instead, you should attempt to use the 97 // IAM undelete API if possible at https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/undelete?apix_params=%7B"name"%3A"projects%2F-%2FserviceAccounts%2Funique_id"%2C"resource"%3A%7B%7D%7D . 98 // If the deletion was recent, the numeric ID can be found in the Cloud 99 // Console Activity Log. 100 rpc RepairApplication(RepairApplicationRequest) returns (google.longrunning.Operation) { 101 option (google.api.http) = { 102 post: "/v1beta/{name=apps/*}:repair" 103 body: "*" 104 }; 105 option (google.longrunning.operation_info) = { 106 response_type: "Application" 107 metadata_type: "OperationMetadataV1Beta" 108 }; 109 } 110} 111 112// Request message for `Applications.GetApplication`. 113message GetApplicationRequest { 114 // Name of the Application resource to get. Example: `apps/myapp`. 115 string name = 1; 116} 117 118// Request message for `Applications.CreateApplication`. 119message CreateApplicationRequest { 120 // Application configuration. 121 Application application = 2; 122} 123 124// Request message for `Applications.UpdateApplication`. 125message UpdateApplicationRequest { 126 // Name of the Application resource to update. Example: `apps/myapp`. 127 string name = 1; 128 129 // An Application containing the updated resource. 130 Application application = 2; 131 132 // Standard field mask for the set of fields to be updated. 133 google.protobuf.FieldMask update_mask = 3; 134} 135 136// Request message for 'Applications.RepairApplication'. 137message RepairApplicationRequest { 138 // Name of the application to repair. Example: `apps/myapp` 139 string name = 1; 140} 141 142// Manages services of an application. 143service Services { 144 option (google.api.default_host) = "appengine.googleapis.com"; 145 option (google.api.oauth_scopes) = 146 "https://www.googleapis.com/auth/appengine.admin," 147 "https://www.googleapis.com/auth/cloud-platform," 148 "https://www.googleapis.com/auth/cloud-platform.read-only"; 149 150 // Lists all the services in the application. 151 rpc ListServices(ListServicesRequest) returns (ListServicesResponse) { 152 option (google.api.http) = { 153 get: "/v1beta/{parent=apps/*}/services" 154 }; 155 } 156 157 // Gets the current configuration of the specified service. 158 rpc GetService(GetServiceRequest) returns (Service) { 159 option (google.api.http) = { 160 get: "/v1beta/{name=apps/*/services/*}" 161 }; 162 } 163 164 // Updates the configuration of the specified service. 165 rpc UpdateService(UpdateServiceRequest) returns (google.longrunning.Operation) { 166 option (google.api.http) = { 167 patch: "/v1beta/{name=apps/*/services/*}" 168 body: "service" 169 }; 170 option (google.longrunning.operation_info) = { 171 response_type: "Service" 172 metadata_type: "OperationMetadataV1Beta" 173 }; 174 } 175 176 // Deletes the specified service and all enclosed versions. 177 rpc DeleteService(DeleteServiceRequest) returns (google.longrunning.Operation) { 178 option (google.api.http) = { 179 delete: "/v1beta/{name=apps/*/services/*}" 180 }; 181 option (google.longrunning.operation_info) = { 182 response_type: "google.protobuf.Empty" 183 metadata_type: "OperationMetadataV1Beta" 184 }; 185 } 186} 187 188// Request message for `Services.ListServices`. 189message ListServicesRequest { 190 // Name of the parent Application resource. Example: `apps/myapp`. 191 string parent = 1; 192 193 // Maximum results to return per page. 194 int32 page_size = 2; 195 196 // Continuation token for fetching the next page of results. 197 string page_token = 3; 198} 199 200// Response message for `Services.ListServices`. 201message ListServicesResponse { 202 // The services belonging to the requested application. 203 repeated Service services = 1; 204 205 // Continuation token for fetching the next page of results. 206 string next_page_token = 2; 207} 208 209// Request message for `Services.GetService`. 210message GetServiceRequest { 211 // Name of the resource requested. Example: `apps/myapp/services/default`. 212 string name = 1; 213} 214 215// Request message for `Services.UpdateService`. 216message UpdateServiceRequest { 217 // Name of the resource to update. Example: `apps/myapp/services/default`. 218 string name = 1; 219 220 // A Service resource containing the updated service. Only fields set in the 221 // field mask will be updated. 222 Service service = 2; 223 224 // Standard field mask for the set of fields to be updated. 225 google.protobuf.FieldMask update_mask = 3; 226 227 // Set to `true` to gradually shift traffic to one or more versions that you 228 // specify. By default, traffic is shifted immediately. 229 // For gradual traffic migration, the target versions 230 // must be located within instances that are configured for both 231 // [warmup requests](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#InboundServiceType) 232 // and 233 // [automatic scaling](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#AutomaticScaling). 234 // You must specify the 235 // [`shardBy`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services#ShardBy) 236 // field in the Service resource. Gradual traffic migration is not 237 // supported in the App Engine flexible environment. For examples, see 238 // [Migrating and Splitting Traffic](https://cloud.google.com/appengine/docs/admin-api/migrating-splitting-traffic). 239 bool migrate_traffic = 4; 240} 241 242// Request message for `Services.DeleteService`. 243message DeleteServiceRequest { 244 // Name of the resource requested. Example: `apps/myapp/services/default`. 245 string name = 1; 246} 247 248// Manages versions of a service. 249service Versions { 250 option (google.api.default_host) = "appengine.googleapis.com"; 251 option (google.api.oauth_scopes) = 252 "https://www.googleapis.com/auth/appengine.admin," 253 "https://www.googleapis.com/auth/cloud-platform," 254 "https://www.googleapis.com/auth/cloud-platform.read-only"; 255 256 // Lists the versions of a service. 257 rpc ListVersions(ListVersionsRequest) returns (ListVersionsResponse) { 258 option (google.api.http) = { 259 get: "/v1beta/{parent=apps/*/services/*}/versions" 260 }; 261 } 262 263 // Gets the specified Version resource. 264 // By default, only a `BASIC_VIEW` will be returned. 265 // Specify the `FULL_VIEW` parameter to get the full resource. 266 rpc GetVersion(GetVersionRequest) returns (Version) { 267 option (google.api.http) = { 268 get: "/v1beta/{name=apps/*/services/*/versions/*}" 269 }; 270 } 271 272 // Deploys code and resource files to a new version. 273 rpc CreateVersion(CreateVersionRequest) returns (google.longrunning.Operation) { 274 option (google.api.http) = { 275 post: "/v1beta/{parent=apps/*/services/*}/versions" 276 body: "version" 277 }; 278 option (google.longrunning.operation_info) = { 279 response_type: "Version" 280 metadata_type: "CreateVersionMetadataV1Beta" 281 }; 282 } 283 284 // Updates the specified Version resource. 285 // You can specify the following fields depending on the App Engine 286 // environment and type of scaling that the version resource uses: 287 // 288 // **Standard environment** 289 // 290 // * [`instance_class`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.instance_class) 291 // 292 // *automatic scaling* in the standard environment: 293 // 294 // * [`automatic_scaling.min_idle_instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.automatic_scaling) 295 // * [`automatic_scaling.max_idle_instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.automatic_scaling) 296 // * [`automaticScaling.standard_scheduler_settings.max_instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#StandardSchedulerSettings) 297 // * [`automaticScaling.standard_scheduler_settings.min_instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#StandardSchedulerSettings) 298 // * [`automaticScaling.standard_scheduler_settings.target_cpu_utilization`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#StandardSchedulerSettings) 299 // * [`automaticScaling.standard_scheduler_settings.target_throughput_utilization`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#StandardSchedulerSettings) 300 // 301 // *basic scaling* or *manual scaling* in the standard environment: 302 // 303 // * [`serving_status`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.serving_status) 304 // * [`manual_scaling.instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#manualscaling) 305 // 306 // **Flexible environment** 307 // 308 // * [`serving_status`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.serving_status) 309 // 310 // *automatic scaling* in the flexible environment: 311 // 312 // * [`automatic_scaling.min_total_instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.automatic_scaling) 313 // * [`automatic_scaling.max_total_instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.automatic_scaling) 314 // * [`automatic_scaling.cool_down_period_sec`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.automatic_scaling) 315 // * [`automatic_scaling.cpu_utilization.target_utilization`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#Version.FIELDS.automatic_scaling) 316 // 317 // *manual scaling* in the flexible environment: 318 // 319 // * [`manual_scaling.instances`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1beta/apps.services.versions#manualscaling) 320 rpc UpdateVersion(UpdateVersionRequest) returns (google.longrunning.Operation) { 321 option (google.api.http) = { 322 patch: "/v1beta/{name=apps/*/services/*/versions/*}" 323 body: "version" 324 }; 325 option (google.longrunning.operation_info) = { 326 response_type: "Version" 327 metadata_type: "OperationMetadataV1Beta" 328 }; 329 } 330 331 // Deletes an existing Version resource. 332 rpc DeleteVersion(DeleteVersionRequest) returns (google.longrunning.Operation) { 333 option (google.api.http) = { 334 delete: "/v1beta/{name=apps/*/services/*/versions/*}" 335 }; 336 option (google.longrunning.operation_info) = { 337 response_type: "google.protobuf.Empty" 338 metadata_type: "OperationMetadataV1Beta" 339 }; 340 } 341} 342 343// Request message for `Versions.ListVersions`. 344message ListVersionsRequest { 345 // Name of the parent Service resource. Example: 346 // `apps/myapp/services/default`. 347 string parent = 1; 348 349 // Controls the set of fields returned in the `List` response. 350 VersionView view = 2; 351 352 // Maximum results to return per page. 353 int32 page_size = 3; 354 355 // Continuation token for fetching the next page of results. 356 string page_token = 4; 357} 358 359// Response message for `Versions.ListVersions`. 360message ListVersionsResponse { 361 // The versions belonging to the requested service. 362 repeated Version versions = 1; 363 364 // Continuation token for fetching the next page of results. 365 string next_page_token = 2; 366} 367 368// Request message for `Versions.GetVersion`. 369message GetVersionRequest { 370 // Name of the resource requested. Example: 371 // `apps/myapp/services/default/versions/v1`. 372 string name = 1; 373 374 // Controls the set of fields returned in the `Get` response. 375 VersionView view = 2; 376} 377 378// Request message for `Versions.CreateVersion`. 379message CreateVersionRequest { 380 // Name of the parent resource to create this version under. Example: 381 // `apps/myapp/services/default`. 382 string parent = 1; 383 384 // Application deployment configuration. 385 Version version = 2; 386} 387 388// Request message for `Versions.UpdateVersion`. 389message UpdateVersionRequest { 390 // Name of the resource to update. Example: 391 // `apps/myapp/services/default/versions/1`. 392 string name = 1; 393 394 // A Version containing the updated resource. Only fields set in the field 395 // mask will be updated. 396 Version version = 2; 397 398 // Standard field mask for the set of fields to be updated. 399 google.protobuf.FieldMask update_mask = 3; 400} 401 402// Fields that should be returned when [Version][google.appengine.v1beta.Version] resources 403// are retrieved. 404enum VersionView { 405 // Basic version information including scaling and inbound services, 406 // but not detailed deployment information. 407 BASIC = 0; 408 409 // The information from `BASIC`, plus detailed information about the 410 // deployment. This format is required when creating resources, but 411 // is not returned in `Get` or `List` by default. 412 FULL = 1; 413} 414 415// Request message for `Versions.DeleteVersion`. 416message DeleteVersionRequest { 417 // Name of the resource requested. Example: 418 // `apps/myapp/services/default/versions/v1`. 419 string name = 1; 420} 421 422// Request message for `Instances.ListInstances`. 423message ListInstancesRequest { 424 // Name of the parent Version resource. Example: 425 // `apps/myapp/services/default/versions/v1`. 426 string parent = 1; 427 428 // Maximum results to return per page. 429 int32 page_size = 2; 430 431 // Continuation token for fetching the next page of results. 432 string page_token = 3; 433} 434 435// Response message for `Instances.ListInstances`. 436message ListInstancesResponse { 437 // The instances belonging to the requested version. 438 repeated Instance instances = 1; 439 440 // Continuation token for fetching the next page of results. 441 string next_page_token = 2; 442} 443 444// Request message for `Instances.GetInstance`. 445message GetInstanceRequest { 446 // Name of the resource requested. Example: 447 // `apps/myapp/services/default/versions/v1/instances/instance-1`. 448 string name = 1; 449} 450 451// Request message for `Instances.DeleteInstance`. 452message DeleteInstanceRequest { 453 // Name of the resource requested. Example: 454 // `apps/myapp/services/default/versions/v1/instances/instance-1`. 455 string name = 1; 456} 457 458// Request message for `Instances.DebugInstance`. 459message DebugInstanceRequest { 460 // Name of the resource requested. Example: 461 // `apps/myapp/services/default/versions/v1/instances/instance-1`. 462 string name = 1; 463 464 // Public SSH key to add to the instance. Examples: 465 // 466 // * `[USERNAME]:ssh-rsa [KEY_VALUE] [USERNAME]` 467 // * `[USERNAME]:ssh-rsa [KEY_VALUE] google-ssh {"userName":"[USERNAME]","expireOn":"[EXPIRE_TIME]"}` 468 // 469 // For more information, see 470 // [Adding and Removing SSH Keys](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys). 471 string ssh_key = 2; 472} 473 474// Request message for `Firewall.ListIngressRules`. 475message ListIngressRulesRequest { 476 // Name of the Firewall collection to retrieve. 477 // Example: `apps/myapp/firewall/ingressRules`. 478 string parent = 1; 479 480 // Maximum results to return per page. 481 int32 page_size = 2; 482 483 // Continuation token for fetching the next page of results. 484 string page_token = 3; 485 486 // A valid IP Address. If set, only rules matching this address will be 487 // returned. The first returned rule will be the rule that fires on requests 488 // from this IP. 489 string matching_address = 4; 490} 491 492// Manages instances of a version. 493service Instances { 494 option (google.api.default_host) = "appengine.googleapis.com"; 495 option (google.api.oauth_scopes) = 496 "https://www.googleapis.com/auth/appengine.admin," 497 "https://www.googleapis.com/auth/cloud-platform," 498 "https://www.googleapis.com/auth/cloud-platform.read-only"; 499 500 // Lists the instances of a version. 501 // 502 // Tip: To aggregate details about instances over time, see the 503 // [Stackdriver Monitoring API](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.timeSeries/list). 504 rpc ListInstances(ListInstancesRequest) returns (ListInstancesResponse) { 505 option (google.api.http) = { 506 get: "/v1beta/{parent=apps/*/services/*/versions/*}/instances" 507 }; 508 } 509 510 // Gets instance information. 511 rpc GetInstance(GetInstanceRequest) returns (Instance) { 512 option (google.api.http) = { 513 get: "/v1beta/{name=apps/*/services/*/versions/*/instances/*}" 514 }; 515 } 516 517 // Stops a running instance. 518 // 519 // The instance might be automatically recreated based on the scaling settings 520 // of the version. For more information, see "How Instances are Managed" 521 // ([standard environment](https://cloud.google.com/appengine/docs/standard/python/how-instances-are-managed) | 522 // [flexible environment](https://cloud.google.com/appengine/docs/flexible/python/how-instances-are-managed)). 523 // 524 // To ensure that instances are not re-created and avoid getting billed, you 525 // can stop all instances within the target version by changing the serving 526 // status of the version to `STOPPED` with the 527 // [`apps.services.versions.patch`](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions/patch) 528 // method. 529 rpc DeleteInstance(DeleteInstanceRequest) returns (google.longrunning.Operation) { 530 option (google.api.http) = { 531 delete: "/v1beta/{name=apps/*/services/*/versions/*/instances/*}" 532 }; 533 option (google.longrunning.operation_info) = { 534 response_type: "google.protobuf.Empty" 535 metadata_type: "OperationMetadataV1Beta" 536 }; 537 } 538 539 // Enables debugging on a VM instance. This allows you to use the SSH 540 // command to connect to the virtual machine where the instance lives. 541 // While in "debug mode", the instance continues to serve live traffic. 542 // You should delete the instance when you are done debugging and then 543 // allow the system to take over and determine if another instance 544 // should be started. 545 // 546 // Only applicable for instances in App Engine flexible environment. 547 rpc DebugInstance(DebugInstanceRequest) returns (google.longrunning.Operation) { 548 option (google.api.http) = { 549 post: "/v1beta/{name=apps/*/services/*/versions/*/instances/*}:debug" 550 body: "*" 551 }; 552 option (google.longrunning.operation_info) = { 553 response_type: "Instance" 554 metadata_type: "OperationMetadataV1Beta" 555 }; 556 } 557} 558 559// Response message for `Firewall.ListIngressRules`. 560message ListIngressRulesResponse { 561 // The ingress FirewallRules for this application. 562 repeated FirewallRule ingress_rules = 1; 563 564 // Continuation token for fetching the next page of results. 565 string next_page_token = 2; 566} 567 568// Request message for `Firewall.BatchUpdateIngressRules`. 569message BatchUpdateIngressRulesRequest { 570 // Name of the Firewall collection to set. 571 // Example: `apps/myapp/firewall/ingressRules`. 572 string name = 1; 573 574 // A list of FirewallRules to replace the existing set. 575 repeated FirewallRule ingress_rules = 2; 576} 577 578// Response message for `Firewall.UpdateAllIngressRules`. 579message BatchUpdateIngressRulesResponse { 580 // The full list of ingress FirewallRules for this application. 581 repeated FirewallRule ingress_rules = 1; 582} 583 584// Request message for `Firewall.CreateIngressRule`. 585message CreateIngressRuleRequest { 586 // Name of the parent Firewall collection in which to create a new rule. 587 // Example: `apps/myapp/firewall/ingressRules`. 588 string parent = 1; 589 590 // A FirewallRule containing the new resource. 591 // 592 // The user may optionally provide a position at which the new rule will be 593 // placed. The positions define a sequential list starting at 1. If a rule 594 // already exists at the given position, rules greater than the provided 595 // position will be moved forward by one. 596 // 597 // If no position is provided, the server will place the rule as the second to 598 // last rule in the sequence before the required default allow-all or deny-all 599 // rule. 600 FirewallRule rule = 2; 601} 602 603// Request message for `Firewall.GetIngressRule`. 604message GetIngressRuleRequest { 605 // Name of the Firewall resource to retrieve. 606 // Example: `apps/myapp/firewall/ingressRules/100`. 607 string name = 1; 608} 609 610// Request message for `Firewall.UpdateIngressRule`. 611message UpdateIngressRuleRequest { 612 // Name of the Firewall resource to update. 613 // Example: `apps/myapp/firewall/ingressRules/100`. 614 string name = 1; 615 616 // A FirewallRule containing the updated resource 617 FirewallRule rule = 2; 618 619 // Standard field mask for the set of fields to be updated. 620 google.protobuf.FieldMask update_mask = 3; 621} 622 623// Request message for `Firewall.DeleteIngressRule`. 624message DeleteIngressRuleRequest { 625 // Name of the Firewall resource to delete. 626 // Example: `apps/myapp/firewall/ingressRules/100`. 627 string name = 1; 628} 629 630// Request message for `AuthorizedDomains.ListAuthorizedDomains`. 631message ListAuthorizedDomainsRequest { 632 // Name of the parent Application resource. Example: `apps/myapp`. 633 string parent = 1; 634 635 // Maximum results to return per page. 636 int32 page_size = 2; 637 638 // Continuation token for fetching the next page of results. 639 string page_token = 3; 640} 641 642// Response message for `AuthorizedDomains.ListAuthorizedDomains`. 643message ListAuthorizedDomainsResponse { 644 // The authorized domains belonging to the user. 645 repeated AuthorizedDomain domains = 1; 646 647 // Continuation token for fetching the next page of results. 648 string next_page_token = 2; 649} 650 651// Request message for `AuthorizedCertificates.ListAuthorizedCertificates`. 652message ListAuthorizedCertificatesRequest { 653 // Name of the parent `Application` resource. Example: `apps/myapp`. 654 string parent = 1; 655 656 // Controls the set of fields returned in the `LIST` response. 657 AuthorizedCertificateView view = 4; 658 659 // Maximum results to return per page. 660 int32 page_size = 2; 661 662 // Continuation token for fetching the next page of results. 663 string page_token = 3; 664} 665 666// Response message for `AuthorizedCertificates.ListAuthorizedCertificates`. 667message ListAuthorizedCertificatesResponse { 668 // The SSL certificates the user is authorized to administer. 669 repeated AuthorizedCertificate certificates = 1; 670 671 // Continuation token for fetching the next page of results. 672 string next_page_token = 2; 673} 674 675// Firewall resources are used to define a collection of access control rules 676// for an Application. Each rule is defined with a position which specifies 677// the rule's order in the sequence of rules, an IP range to be matched against 678// requests, and an action to take upon matching requests. 679// 680// Every request is evaluated against the Firewall rules in priority order. 681// Processesing stops at the first rule which matches the request's IP address. 682// A final rule always specifies an action that applies to all remaining 683// IP addresses. The default final rule for a newly-created application will be 684// set to "allow" if not otherwise specified by the user. 685service Firewall { 686 option (google.api.default_host) = "appengine.googleapis.com"; 687 option (google.api.oauth_scopes) = 688 "https://www.googleapis.com/auth/appengine.admin," 689 "https://www.googleapis.com/auth/cloud-platform," 690 "https://www.googleapis.com/auth/cloud-platform.read-only"; 691 692 // Lists the firewall rules of an application. 693 rpc ListIngressRules(ListIngressRulesRequest) returns (ListIngressRulesResponse) { 694 option (google.api.http) = { 695 get: "/v1beta/{parent=apps/*}/firewall/ingressRules" 696 }; 697 } 698 699 // Replaces the entire firewall ruleset in one bulk operation. This overrides 700 // and replaces the rules of an existing firewall with the new rules. 701 // 702 // If the final rule does not match traffic with the '*' wildcard IP range, 703 // then an "allow all" rule is explicitly added to the end of the list. 704 rpc BatchUpdateIngressRules(BatchUpdateIngressRulesRequest) returns (BatchUpdateIngressRulesResponse) { 705 option (google.api.http) = { 706 post: "/v1beta/{name=apps/*/firewall/ingressRules}:batchUpdate" 707 body: "*" 708 }; 709 } 710 711 // Creates a firewall rule for the application. 712 rpc CreateIngressRule(CreateIngressRuleRequest) returns (FirewallRule) { 713 option (google.api.http) = { 714 post: "/v1beta/{parent=apps/*}/firewall/ingressRules" 715 body: "rule" 716 }; 717 } 718 719 // Gets the specified firewall rule. 720 rpc GetIngressRule(GetIngressRuleRequest) returns (FirewallRule) { 721 option (google.api.http) = { 722 get: "/v1beta/{name=apps/*/firewall/ingressRules/*}" 723 }; 724 } 725 726 // Updates the specified firewall rule. 727 rpc UpdateIngressRule(UpdateIngressRuleRequest) returns (FirewallRule) { 728 option (google.api.http) = { 729 patch: "/v1beta/{name=apps/*/firewall/ingressRules/*}" 730 body: "rule" 731 }; 732 } 733 734 // Deletes the specified firewall rule. 735 rpc DeleteIngressRule(DeleteIngressRuleRequest) returns (google.protobuf.Empty) { 736 option (google.api.http) = { 737 delete: "/v1beta/{name=apps/*/firewall/ingressRules/*}" 738 }; 739 } 740} 741 742// Request message for `AuthorizedCertificates.GetAuthorizedCertificate`. 743message GetAuthorizedCertificateRequest { 744 // Name of the resource requested. Example: 745 // `apps/myapp/authorizedCertificates/12345`. 746 string name = 1; 747 748 // Controls the set of fields returned in the `GET` response. 749 AuthorizedCertificateView view = 2; 750} 751 752// Request message for `AuthorizedCertificates.CreateAuthorizedCertificate`. 753message CreateAuthorizedCertificateRequest { 754 // Name of the parent `Application` resource. Example: `apps/myapp`. 755 string parent = 1; 756 757 // SSL certificate data. 758 AuthorizedCertificate certificate = 2; 759} 760 761// Request message for `AuthorizedCertificates.UpdateAuthorizedCertificate`. 762message UpdateAuthorizedCertificateRequest { 763 // Name of the resource to update. Example: 764 // `apps/myapp/authorizedCertificates/12345`. 765 string name = 1; 766 767 // An `AuthorizedCertificate` containing the updated resource. Only fields set 768 // in the field mask will be updated. 769 AuthorizedCertificate certificate = 2; 770 771 // Standard field mask for the set of fields to be updated. Updates are only 772 // supported on the `certificate_raw_data` and `display_name` fields. 773 google.protobuf.FieldMask update_mask = 3; 774} 775 776// Request message for `AuthorizedCertificates.DeleteAuthorizedCertificate`. 777message DeleteAuthorizedCertificateRequest { 778 // Name of the resource to delete. Example: 779 // `apps/myapp/authorizedCertificates/12345`. 780 string name = 1; 781} 782 783// Request message for `DomainMappings.ListDomainMappings`. 784message ListDomainMappingsRequest { 785 // Name of the parent Application resource. Example: `apps/myapp`. 786 string parent = 1; 787 788 // Maximum results to return per page. 789 int32 page_size = 2; 790 791 // Continuation token for fetching the next page of results. 792 string page_token = 3; 793} 794 795// Response message for `DomainMappings.ListDomainMappings`. 796message ListDomainMappingsResponse { 797 // The domain mappings for the application. 798 repeated DomainMapping domain_mappings = 1; 799 800 // Continuation token for fetching the next page of results. 801 string next_page_token = 2; 802} 803 804// Request message for `DomainMappings.GetDomainMapping`. 805message GetDomainMappingRequest { 806 // Name of the resource requested. Example: 807 // `apps/myapp/domainMappings/example.com`. 808 string name = 1; 809} 810 811// Request message for `DomainMappings.CreateDomainMapping`. 812message CreateDomainMappingRequest { 813 // Name of the parent Application resource. Example: `apps/myapp`. 814 string parent = 1; 815 816 // Domain mapping configuration. 817 DomainMapping domain_mapping = 2; 818 819 // Whether the domain creation should override any existing mappings for this 820 // domain. By default, overrides are rejected. 821 DomainOverrideStrategy override_strategy = 4; 822} 823 824// Manages domains a user is authorized to administer. To authorize use of a 825// domain, verify ownership via 826// [Webmaster Central](https://www.google.com/webmasters/verification/home). 827service AuthorizedDomains { 828 option (google.api.default_host) = "appengine.googleapis.com"; 829 option (google.api.oauth_scopes) = 830 "https://www.googleapis.com/auth/appengine.admin," 831 "https://www.googleapis.com/auth/cloud-platform," 832 "https://www.googleapis.com/auth/cloud-platform.read-only"; 833 834 // Lists all domains the user is authorized to administer. 835 rpc ListAuthorizedDomains(ListAuthorizedDomainsRequest) returns (ListAuthorizedDomainsResponse) { 836 option (google.api.http) = { 837 get: "/v1beta/{parent=apps/*}/authorizedDomains" 838 }; 839 } 840} 841 842// Request message for `DomainMappings.UpdateDomainMapping`. 843message UpdateDomainMappingRequest { 844 // Name of the resource to update. Example: 845 // `apps/myapp/domainMappings/example.com`. 846 string name = 1; 847 848 // A domain mapping containing the updated resource. Only fields set 849 // in the field mask will be updated. 850 DomainMapping domain_mapping = 2; 851 852 // Standard field mask for the set of fields to be updated. 853 google.protobuf.FieldMask update_mask = 3; 854} 855 856// Request message for `DomainMappings.DeleteDomainMapping`. 857message DeleteDomainMappingRequest { 858 // Name of the resource to delete. Example: 859 // `apps/myapp/domainMappings/example.com`. 860 string name = 1; 861} 862 863// Manages SSL certificates a user is authorized to administer. A user can 864// administer any SSL certificates applicable to their authorized domains. 865service AuthorizedCertificates { 866 option (google.api.default_host) = "appengine.googleapis.com"; 867 option (google.api.oauth_scopes) = 868 "https://www.googleapis.com/auth/appengine.admin," 869 "https://www.googleapis.com/auth/cloud-platform," 870 "https://www.googleapis.com/auth/cloud-platform.read-only"; 871 872 // Lists all SSL certificates the user is authorized to administer. 873 rpc ListAuthorizedCertificates(ListAuthorizedCertificatesRequest) returns (ListAuthorizedCertificatesResponse) { 874 option (google.api.http) = { 875 get: "/v1beta/{parent=apps/*}/authorizedCertificates" 876 }; 877 } 878 879 // Gets the specified SSL certificate. 880 rpc GetAuthorizedCertificate(GetAuthorizedCertificateRequest) returns (AuthorizedCertificate) { 881 option (google.api.http) = { 882 get: "/v1beta/{name=apps/*/authorizedCertificates/*}" 883 }; 884 } 885 886 // Uploads the specified SSL certificate. 887 rpc CreateAuthorizedCertificate(CreateAuthorizedCertificateRequest) returns (AuthorizedCertificate) { 888 option (google.api.http) = { 889 post: "/v1beta/{parent=apps/*}/authorizedCertificates" 890 body: "certificate" 891 }; 892 } 893 894 // Updates the specified SSL certificate. To renew a certificate and maintain 895 // its existing domain mappings, update `certificate_data` with a new 896 // certificate. The new certificate must be applicable to the same domains as 897 // the original certificate. The certificate `display_name` may also be 898 // updated. 899 rpc UpdateAuthorizedCertificate(UpdateAuthorizedCertificateRequest) returns (AuthorizedCertificate) { 900 option (google.api.http) = { 901 patch: "/v1beta/{name=apps/*/authorizedCertificates/*}" 902 body: "certificate" 903 }; 904 } 905 906 // Deletes the specified SSL certificate. 907 rpc DeleteAuthorizedCertificate(DeleteAuthorizedCertificateRequest) returns (google.protobuf.Empty) { 908 option (google.api.http) = { 909 delete: "/v1beta/{name=apps/*/authorizedCertificates/*}" 910 }; 911 } 912} 913 914// Fields that should be returned when an AuthorizedCertificate resource is 915// retrieved. 916enum AuthorizedCertificateView { 917 // Basic certificate information, including applicable domains and expiration 918 // date. 919 BASIC_CERTIFICATE = 0; 920 921 // The information from `BASIC_CERTIFICATE`, plus detailed information on the 922 // domain mappings that have this certificate mapped. 923 FULL_CERTIFICATE = 1; 924} 925 926// Override strategy for mutating an existing mapping. 927enum DomainOverrideStrategy { 928 // Strategy unspecified. Defaults to `STRICT`. 929 UNSPECIFIED_DOMAIN_OVERRIDE_STRATEGY = 0; 930 931 // Overrides not allowed. If a mapping already exists for the 932 // specified domain, the request will return an ALREADY_EXISTS (409). 933 STRICT = 1; 934 935 // Overrides allowed. If a mapping already exists for the specified domain, 936 // the request will overwrite it. Note that this might stop another 937 // Google product from serving. For example, if the domain is 938 // mapped to another App Engine application, that app will no 939 // longer serve from that domain. 940 OVERRIDE = 2; 941} 942 943// Manages domains serving an application. 944service DomainMappings { 945 option (google.api.default_host) = "appengine.googleapis.com"; 946 option (google.api.oauth_scopes) = 947 "https://www.googleapis.com/auth/appengine.admin," 948 "https://www.googleapis.com/auth/cloud-platform," 949 "https://www.googleapis.com/auth/cloud-platform.read-only"; 950 951 // Lists the domain mappings on an application. 952 rpc ListDomainMappings(ListDomainMappingsRequest) returns (ListDomainMappingsResponse) { 953 option (google.api.http) = { 954 get: "/v1beta/{parent=apps/*}/domainMappings" 955 }; 956 } 957 958 // Gets the specified domain mapping. 959 rpc GetDomainMapping(GetDomainMappingRequest) returns (DomainMapping) { 960 option (google.api.http) = { 961 get: "/v1beta/{name=apps/*/domainMappings/*}" 962 }; 963 } 964 965 // Maps a domain to an application. A user must be authorized to administer a 966 // domain in order to map it to an application. For a list of available 967 // authorized domains, see [`AuthorizedDomains.ListAuthorizedDomains`](). 968 rpc CreateDomainMapping(CreateDomainMappingRequest) returns (google.longrunning.Operation) { 969 option (google.api.http) = { 970 post: "/v1beta/{parent=apps/*}/domainMappings" 971 body: "domain_mapping" 972 }; 973 option (google.longrunning.operation_info) = { 974 response_type: "DomainMapping" 975 metadata_type: "OperationMetadataV1Beta" 976 }; 977 } 978 979 // Updates the specified domain mapping. To map an SSL certificate to a 980 // domain mapping, update `certificate_id` to point to an `AuthorizedCertificate` 981 // resource. A user must be authorized to administer the associated domain 982 // in order to update a `DomainMapping` resource. 983 rpc UpdateDomainMapping(UpdateDomainMappingRequest) returns (google.longrunning.Operation) { 984 option (google.api.http) = { 985 patch: "/v1beta/{name=apps/*/domainMappings/*}" 986 body: "domain_mapping" 987 }; 988 option (google.longrunning.operation_info) = { 989 response_type: "DomainMapping" 990 metadata_type: "OperationMetadataV1Beta" 991 }; 992 } 993 994 // Deletes the specified domain mapping. A user must be authorized to 995 // administer the associated domain in order to delete a `DomainMapping` 996 // resource. 997 rpc DeleteDomainMapping(DeleteDomainMappingRequest) returns (google.longrunning.Operation) { 998 option (google.api.http) = { 999 delete: "/v1beta/{name=apps/*/domainMappings/*}" 1000 }; 1001 option (google.longrunning.operation_info) = { 1002 response_type: "google.protobuf.Empty" 1003 metadata_type: "OperationMetadataV1Beta" 1004 }; 1005 } 1006} 1007