1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.shell.v1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/longrunning/operations.proto"; 24import "google/protobuf/timestamp.proto"; 25 26option go_package = "cloud.google.com/go/shell/apiv1/shellpb;shellpb"; 27option java_multiple_files = true; 28option java_outer_classname = "CloudShellProto"; 29option java_package = "com.google.cloud.shell.v1"; 30 31// API for interacting with Google Cloud Shell. Each user of Cloud Shell has at 32// least one environment, which has the ID "default". Environment consists of a 33// Docker image defining what is installed on the environment and a home 34// directory containing the user's data that will remain across sessions. 35// Clients use this API to start and fetch information about their environment, 36// which can then be used to connect to that environment via a separate SSH 37// client. 38service CloudShellService { 39 option (google.api.default_host) = "cloudshell.googleapis.com"; 40 option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; 41 42 // Gets an environment. Returns NOT_FOUND if the environment does not exist. 43 rpc GetEnvironment(GetEnvironmentRequest) returns (Environment) { 44 option (google.api.http) = { 45 get: "/v1/{name=users/*/environments/*}" 46 }; 47 option (google.api.method_signature) = "name"; 48 } 49 50 // Starts an existing environment, allowing clients to connect to it. The 51 // returned operation will contain an instance of StartEnvironmentMetadata in 52 // its metadata field. Users can wait for the environment to start by polling 53 // this operation via GetOperation. Once the environment has finished starting 54 // and is ready to accept connections, the operation will contain a 55 // StartEnvironmentResponse in its response field. 56 rpc StartEnvironment(StartEnvironmentRequest) returns (google.longrunning.Operation) { 57 option (google.api.http) = { 58 post: "/v1/{name=users/*/environments/*}:start" 59 body: "*" 60 }; 61 option (google.longrunning.operation_info) = { 62 response_type: "StartEnvironmentResponse" 63 metadata_type: "StartEnvironmentMetadata" 64 }; 65 } 66 67 // Sends OAuth credentials to a running environment on behalf of a user. When 68 // this completes, the environment will be authorized to run various Google 69 // Cloud command line tools without requiring the user to manually 70 // authenticate. 71 rpc AuthorizeEnvironment(AuthorizeEnvironmentRequest) returns (google.longrunning.Operation) { 72 option (google.api.http) = { 73 post: "/v1/{name=users/*/environments/*}:authorize" 74 body: "*" 75 }; 76 option (google.longrunning.operation_info) = { 77 response_type: "AuthorizeEnvironmentResponse" 78 metadata_type: "AuthorizeEnvironmentMetadata" 79 }; 80 } 81 82 // Adds a public SSH key to an environment, allowing clients with the 83 // corresponding private key to connect to that environment via SSH. If a key 84 // with the same content already exists, this will error with ALREADY_EXISTS. 85 rpc AddPublicKey(AddPublicKeyRequest) returns (google.longrunning.Operation) { 86 option (google.api.http) = { 87 post: "/v1/{environment=users/*/environments/*}:addPublicKey" 88 body: "*" 89 }; 90 option (google.longrunning.operation_info) = { 91 response_type: "AddPublicKeyResponse" 92 metadata_type: "AddPublicKeyMetadata" 93 }; 94 } 95 96 // Removes a public SSH key from an environment. Clients will no longer be 97 // able to connect to the environment using the corresponding private key. 98 // If a key with the same content is not present, this will error with 99 // NOT_FOUND. 100 rpc RemovePublicKey(RemovePublicKeyRequest) returns (google.longrunning.Operation) { 101 option (google.api.http) = { 102 post: "/v1/{environment=users/*/environments/*}:removePublicKey" 103 body: "*" 104 }; 105 option (google.longrunning.operation_info) = { 106 response_type: "RemovePublicKeyResponse" 107 metadata_type: "RemovePublicKeyMetadata" 108 }; 109 } 110} 111 112// A Cloud Shell environment, which is defined as the combination of a Docker 113// image specifying what is installed on the environment and a home directory 114// containing the user's data that will remain across sessions. Each user has 115// at least an environment with the ID "default". 116message Environment { 117 option (google.api.resource) = { 118 type: "cloudshell.googleapis.com/Environment" 119 pattern: "users/{user}/environments/{environment}" 120 }; 121 122 // Possible execution states for an environment. 123 enum State { 124 // The environment's states is unknown. 125 STATE_UNSPECIFIED = 0; 126 127 // The environment is not running and can't be connected to. Starting the 128 // environment will transition it to the PENDING state. 129 SUSPENDED = 1; 130 131 // The environment is being started but is not yet ready to accept 132 // connections. 133 PENDING = 2; 134 135 // The environment is running and ready to accept connections. It will 136 // automatically transition back to DISABLED after a period of inactivity or 137 // if another environment is started. 138 RUNNING = 3; 139 140 // The environment is being deleted and can't be connected to. 141 DELETING = 4; 142 } 143 144 // Immutable. Full name of this resource, in the format 145 // `users/{owner_email}/environments/{environment_id}`. `{owner_email}` is the 146 // email address of the user to whom this environment belongs, and 147 // `{environment_id}` is the identifier of this environment. For example, 148 // `users/someone@example.com/environments/default`. 149 string name = 1 [(google.api.field_behavior) = IMMUTABLE]; 150 151 // Output only. The environment's identifier, unique among the user's 152 // environments. 153 string id = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 154 155 // Required. Immutable. Full path to the Docker image used to run this environment, e.g. 156 // "gcr.io/dev-con/cloud-devshell:latest". 157 string docker_image = 3 [ 158 (google.api.field_behavior) = REQUIRED, 159 (google.api.field_behavior) = IMMUTABLE 160 ]; 161 162 // Output only. Current execution state of this environment. 163 State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 164 165 // Output only. Host to which clients can connect to initiate HTTPS or WSS 166 // connections with the environment. 167 string web_host = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; 168 169 // Output only. Username that clients should use when initiating SSH sessions 170 // with the environment. 171 string ssh_username = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; 172 173 // Output only. Host to which clients can connect to initiate SSH sessions 174 // with the environment. 175 string ssh_host = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 176 177 // Output only. Port to which clients can connect to initiate SSH sessions 178 // with the environment. 179 int32 ssh_port = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 180 181 // Output only. Public keys associated with the environment. Clients can 182 // connect to this environment via SSH only if they possess a private key 183 // corresponding to at least one of these public keys. Keys can be added to or 184 // removed from the environment using the AddPublicKey and RemovePublicKey 185 // methods. 186 repeated string public_keys = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; 187} 188 189// Request message for 190// [GetEnvironment][google.cloud.shell.v1.CloudShellService.GetEnvironment]. 191message GetEnvironmentRequest { 192 // Required. Name of the requested resource, for example `users/me/environments/default` 193 // or `users/someone@example.com/environments/default`. 194 string name = 1 [ 195 (google.api.field_behavior) = REQUIRED, 196 (google.api.resource_reference) = { 197 type: "cloudshell.googleapis.com/Environment" 198 } 199 ]; 200} 201 202// Message included in the metadata field of operations returned from 203// [CreateEnvironment][google.cloud.shell.v1.CloudShellService.CreateEnvironment]. 204message CreateEnvironmentMetadata { 205 206} 207 208// Message included in the metadata field of operations returned from 209// [DeleteEnvironment][google.cloud.shell.v1.CloudShellService.DeleteEnvironment]. 210message DeleteEnvironmentMetadata { 211 212} 213 214// Request message for 215// [StartEnvironment][google.cloud.shell.v1.CloudShellService.StartEnvironment]. 216message StartEnvironmentRequest { 217 // Name of the resource that should be started, for example 218 // `users/me/environments/default` or 219 // `users/someone@example.com/environments/default`. 220 string name = 1; 221 222 // The initial access token passed to the environment. If this is present and 223 // valid, the environment will be pre-authenticated with gcloud so that the 224 // user can run gcloud commands in Cloud Shell without having to log in. This 225 // code can be updated later by calling AuthorizeEnvironment. 226 string access_token = 2; 227 228 // Public keys that should be added to the environment before it is started. 229 repeated string public_keys = 3; 230} 231 232// Request message for 233// [AuthorizeEnvironment][google.cloud.shell.v1.CloudShellService.AuthorizeEnvironment]. 234message AuthorizeEnvironmentRequest { 235 // Name of the resource that should receive the credentials, for example 236 // `users/me/environments/default` or 237 // `users/someone@example.com/environments/default`. 238 string name = 1; 239 240 // The OAuth access token that should be sent to the environment. 241 string access_token = 2; 242 243 // The OAuth ID token that should be sent to the environment. 244 string id_token = 4; 245 246 // The time when the credentials expire. If not set, defaults to one hour from 247 // when the server received the request. 248 google.protobuf.Timestamp expire_time = 3; 249} 250 251// Response message for 252// [AuthorizeEnvironment][google.cloud.shell.v1.CloudShellService.AuthorizeEnvironment]. 253message AuthorizeEnvironmentResponse { 254 255} 256 257// Message included in the metadata field of operations returned from 258// [AuthorizeEnvironment][google.cloud.shell.v1.CloudShellService.AuthorizeEnvironment]. 259message AuthorizeEnvironmentMetadata { 260 261} 262 263// Message included in the metadata field of operations returned from 264// [StartEnvironment][google.cloud.shell.v1.CloudShellService.StartEnvironment]. 265message StartEnvironmentMetadata { 266 // Possible states an environment might transition between during startup. 267 // These states are not normally actionable by clients, but may be used to 268 // show a progress message to the user. An environment won't necessarily go 269 // through all of these states when starting. More states are likely to be 270 // added in the future. 271 enum State { 272 // The environment's start state is unknown. 273 STATE_UNSPECIFIED = 0; 274 275 // The environment is in the process of being started, but no additional 276 // details are available. 277 STARTING = 1; 278 279 // Startup is waiting for the user's disk to be unarchived. This can happen 280 // when the user returns to Cloud Shell after not having used it for a 281 // while, and suggests that startup will take longer than normal. 282 UNARCHIVING_DISK = 2; 283 284 // Startup is waiting for compute resources to be assigned to the 285 // environment. This should normally happen very quickly, but an environment 286 // might stay in this state for an extended period of time if the system is 287 // experiencing heavy load. 288 AWAITING_COMPUTE_RESOURCES = 4; 289 290 // Startup has completed. If the start operation was successful, the user 291 // should be able to establish an SSH connection to their environment. 292 // Otherwise, the operation will contain details of the failure. 293 FINISHED = 3; 294 } 295 296 // Current state of the environment being started. 297 State state = 1; 298} 299 300// Message included in the response field of operations returned from 301// [StartEnvironment][google.cloud.shell.v1.CloudShellService.StartEnvironment] 302// once the operation is complete. 303message StartEnvironmentResponse { 304 // Environment that was started. 305 Environment environment = 1; 306} 307 308// Request message for 309// [AddPublicKey][google.cloud.shell.v1.CloudShellService.AddPublicKey]. 310message AddPublicKeyRequest { 311 // Environment this key should be added to, e.g. 312 // `users/me/environments/default`. 313 string environment = 1; 314 315 // Key that should be added to the environment. Supported formats are 316 // `ssh-dss` (see RFC4253), `ssh-rsa` (see RFC4253), `ecdsa-sha2-nistp256` 317 // (see RFC5656), `ecdsa-sha2-nistp384` (see RFC5656) and 318 // `ecdsa-sha2-nistp521` (see RFC5656). It should be structured as 319 // <format> <content>, where <content> part is encoded with 320 // Base64. 321 string key = 2; 322} 323 324// Response message for 325// [AddPublicKey][google.cloud.shell.v1.CloudShellService.AddPublicKey]. 326message AddPublicKeyResponse { 327 // Key that was added to the environment. 328 string key = 1; 329} 330 331// Message included in the metadata field of operations returned from 332// [AddPublicKey][google.cloud.shell.v1.CloudShellService.AddPublicKey]. 333message AddPublicKeyMetadata { 334 335} 336 337// Request message for 338// [RemovePublicKey][google.cloud.shell.v1.CloudShellService.RemovePublicKey]. 339message RemovePublicKeyRequest { 340 // Environment this key should be removed from, e.g. 341 // `users/me/environments/default`. 342 string environment = 1; 343 344 // Key that should be removed from the environment. 345 string key = 2; 346} 347 348// Response message for 349// [RemovePublicKey][google.cloud.shell.v1.CloudShellService.RemovePublicKey]. 350message RemovePublicKeyResponse { 351 352} 353 354// Message included in the metadata field of operations returned from 355// [RemovePublicKey][google.cloud.shell.v1.CloudShellService.RemovePublicKey]. 356message RemovePublicKeyMetadata { 357 358} 359 360// Cloud-shell specific information that will be included as details in failure 361// responses. 362message CloudShellErrorDetails { 363 // Set of possible errors returned from API calls. 364 enum CloudShellErrorCode { 365 // An unknown error occurred. 366 CLOUD_SHELL_ERROR_CODE_UNSPECIFIED = 0; 367 368 // The image used by the Cloud Shell environment either does not exist or 369 // the user does not have access to it. 370 IMAGE_UNAVAILABLE = 1; 371 372 // Cloud Shell has been disabled by an administrator for the user making the 373 // request. 374 CLOUD_SHELL_DISABLED = 2; 375 376 // Cloud Shell has been permanently disabled due to a Terms of Service 377 // violation by the user. 378 TOS_VIOLATION = 4; 379 380 // The user has exhausted their weekly Cloud Shell quota, and Cloud Shell 381 // will be disabled until the quota resets. 382 QUOTA_EXCEEDED = 5; 383 384 // The Cloud Shell environment is unavailable and cannot be connected to at 385 // the moment. 386 ENVIRONMENT_UNAVAILABLE = 6; 387 } 388 389 // Code indicating the specific error the occurred. 390 CloudShellErrorCode code = 1; 391} 392