feat: added CreateSshPublicKey RPC

PiperOrigin-RevId: 488460648
googleapis · Nov 14, 2022 · 2360559 · 2360559
1 parent 376ff1e
commit 2360559
Show file tree

Hide file tree

Showing 5 changed files with 128 additions and 10 deletions.
diff --git a/google/cloud/oslogin/common/common.proto b/google/cloud/oslogin/common/common.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -26,8 +25,6 @@ option java_outer_classname = "OsLoginProto";
 option java_package = "com.google.cloud.oslogin.common";
 option php_namespace = "Google\\Cloud\\OsLogin\\Common";
 option ruby_package = "Google::Cloud::OsLogin::Common";
-
-// Define a "User" resource owned by OS Login.
 option (google.api.resource_definition) = {
   type: "oslogin.googleapis.com/User"
   pattern: "users/{user}"

diff --git a/google/cloud/oslogin/v1/oslogin.proto b/google/cloud/oslogin/v1/oslogin.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -41,7 +40,18 @@ service OsLoginService {
   option (google.api.default_host) = "oslogin.googleapis.com";
   option (google.api.oauth_scopes) =
       "https://www.googleapis.com/auth/cloud-platform,"
-      "https://www.googleapis.com/auth/compute";
+      "https://www.googleapis.com/auth/cloud-platform.read-only,"
+      "https://www.googleapis.com/auth/compute,"
+      "https://www.googleapis.com/auth/compute.readonly";
+
+  // Create an SSH public key
+  rpc CreateSshPublicKey(CreateSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) {
+    option (google.api.http) = {
+      post: "/v1/{parent=users/*}/sshPublicKeys"
+      body: "ssh_public_key"
+    };
+    option (google.api.method_signature) = "parent,ssh_public_key";
+  }
 
   // Deletes a POSIX account.
   rpc DeletePosixAccount(DeletePosixAccountRequest) returns (google.protobuf.Empty) {
@@ -113,6 +123,20 @@ message LoginProfile {
   map<string, google.cloud.oslogin.common.SshPublicKey> ssh_public_keys = 3;
 }
 
+// A request message for creating an SSH public key.
+message CreateSshPublicKeyRequest {
+  // Required. The unique ID for the user in format `users/{user}`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "oslogin.googleapis.com/SshPublicKey"
+    }
+  ];
+
+  // Required. The SSH public key and expiration time.
+  google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
 // A request message for deleting a POSIX account entry.
 message DeletePosixAccountRequest {
   // Required. A reference to the POSIX account to update. POSIX accounts are identified
@@ -190,6 +214,9 @@ message ImportSshPublicKeyRequest {
 message ImportSshPublicKeyResponse {
   // The login profile information for the user.
   LoginProfile login_profile = 1;
+
+  // Detailed information about import results.
+  string details = 2;
 }
 
 // A request message for updating an SSH public key.

diff --git a/google/cloud/oslogin/v1/oslogin_v1.yaml b/google/cloud/oslogin/v1/oslogin_v1.yaml
@@ -21,3 +21,10 @@ authentication:
       canonical_scopes: |-
         https://www.googleapis.com/auth/cloud-platform,
         https://www.googleapis.com/auth/compute
+  - selector: google.cloud.oslogin.v1.OsLoginService.GetLoginProfile
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform,
+        https://www.googleapis.com/auth/cloud-platform.read-only,
+        https://www.googleapis.com/auth/compute,
+        https://www.googleapis.com/auth/compute.readonly
diff --git a/google/cloud/oslogin/v1beta/oslogin.proto b/google/cloud/oslogin/v1beta/oslogin.proto
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,7 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
 
 syntax = "proto3";
 
@@ -45,6 +44,15 @@ service OsLoginService {
       "https://www.googleapis.com/auth/compute,"
       "https://www.googleapis.com/auth/compute.readonly";
 
+  // Create an SSH public key
+  rpc CreateSshPublicKey(CreateSshPublicKeyRequest) returns (google.cloud.oslogin.common.SshPublicKey) {
+    option (google.api.http) = {
+      post: "/v1beta/{parent=users/*}/sshPublicKeys"
+      body: "ssh_public_key"
+    };
+    option (google.api.method_signature) = "parent,ssh_public_key";
+  }
+
   // Deletes a POSIX account.
   rpc DeletePosixAccount(DeletePosixAccountRequest) returns (google.protobuf.Empty) {
     option (google.api.http) = {
@@ -113,6 +121,23 @@ message LoginProfile {
 
   // A map from SSH public key fingerprint to the associated key object.
   map<string, google.cloud.oslogin.common.SshPublicKey> ssh_public_keys = 3;
+
+  // The registered security key credentials for a user.
+  repeated SecurityKey security_keys = 5;
+}
+
+// A request message for creating an SSH public key.
+message CreateSshPublicKeyRequest {
+  // Required. The unique ID for the user in format `users/{user}`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "oslogin.googleapis.com/SshPublicKey"
+    }
+  ];
+
+  // Required. The SSH public key and expiration time.
+  google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
 // A request message for deleting a POSIX account entry.
@@ -146,13 +171,19 @@ message GetLoginProfileRequest {
   // Required. The unique ID for the user in format `users/{user}`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference).type = "oslogin.googleapis.com/User"];
+    (google.api.resource_reference) = {
+      type: "oslogin.googleapis.com/User"
+    }
+  ];
 
   // The project ID of the Google Cloud Platform project.
   string project_id = 2;
 
   // A system ID for filtering the results of the request.
   string system_id = 3;
+
+  // The view configures whether to retrieve security keys information.
+  LoginProfileView view = 4;
 }
 
 // A request message for retrieving an SSH public key.
@@ -180,12 +211,18 @@ message ImportSshPublicKeyRequest {
 
   // The project ID of the Google Cloud Platform project.
   string project_id = 3;
+
+  // The view configures whether to retrieve security keys information.
+  LoginProfileView view = 4;
 }
 
 // A response message for importing an SSH public key.
 message ImportSshPublicKeyResponse {
   // The login profile information for the user.
   LoginProfile login_profile = 1;
+
+  // Detailed information about import results.
+  string details = 2;
 }
 
 // A request message for updating an SSH public key.
@@ -206,3 +243,46 @@ message UpdateSshPublicKeyRequest {
   // Mask to control which fields get updated. Updates all if not present.
   google.protobuf.FieldMask update_mask = 3;
 }
+
+// The credential information for a Google registered security key.
+message SecurityKey {
+  // Public key text in SSH format, defined by
+  // [RFC4253]("https://www.ietf.org/rfc/rfc4253.txt") section 6.6.
+  string public_key = 1;
+
+  // Hardware-backed private key text in SSH format.
+  string private_key = 2;
+
+  // The FIDO protocol type used to register this credential.
+  oneof protocol_type {
+    // The U2F protocol type.
+    UniversalTwoFactor universal_two_factor = 3;
+
+    // The Web Authentication protocol type.
+    WebAuthn web_authn = 4;
+  }
+}
+
+// Security key information specific to the U2F protocol.
+message UniversalTwoFactor {
+  // Application ID for the U2F protocol.
+  string app_id = 1;
+}
+
+// Security key information specific to the Web Authentication protocol.
+message WebAuthn {
+  // Relying party ID for Web Authentication.
+  string rp_id = 1;
+}
+
+// The login profile view limits the user content retrieved.
+enum LoginProfileView {
+  // The default login profile view. The API defaults to the BASIC view.
+  LOGIN_PROFILE_VIEW_UNSPECIFIED = 0;
+
+  // Includes POSIX and SSH key information.
+  BASIC = 1;
+
+  // Include security key information for the user.
+  SECURITY_KEY = 2;
+}
diff --git a/google/cloud/oslogin/v1beta/oslogin_v1beta.yaml b/google/cloud/oslogin/v1beta/oslogin_v1beta.yaml
@@ -21,3 +21,10 @@ authentication:
       canonical_scopes: |-
         https://www.googleapis.com/auth/cloud-platform,
         https://www.googleapis.com/auth/compute
+  - selector: google.cloud.oslogin.v1beta.OsLoginService.GetLoginProfile
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform,
+        https://www.googleapis.com/auth/cloud-platform.read-only,
+        https://www.googleapis.com/auth/compute,
+        https://www.googleapis.com/auth/compute.readonly