feat: [alloydb] Add support to generate client certificate and get co…

…nnection info for auth proxy in AlloyDB v1 (#4717) * feat: Add support to generate client certificate and get connection info for auth proxy in AlloyDB v1 PiperOrigin-RevId: 568860878 Source-Link: googleapis/googleapis@5601ad3 Source-Link: googleapis/googleapis-gen@a1f1322 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWFsbG95ZGIvLk93bEJvdC55YW1sIiwiaCI6ImExZjEzMjI2MGFmMjhhMzM2ZjQzZDVhN2E1M2JmM2U2NmE0Yjc1ZTgifQ== * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
googleapis · Sep 28, 2023 · 68d3b87 · 68d3b87
1 parent b94abd9
commit 68d3b87
Show file tree

Hide file tree

Showing 14 changed files with 2,799 additions and 25 deletions.
diff --git a/packages/google-cloud-alloydb/README.md b/packages/google-cloud-alloydb/README.md
@@ -127,8 +127,10 @@ Samples are in the [`samples/`](https://github.com/googleapis/google-cloud-node/
 | Alloy_d_b_admin.delete_instance | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.delete_instance.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.delete_instance.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.delete_user | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.delete_user.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.delete_user.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.failover_instance | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.failover_instance.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.failover_instance.js,packages/google-cloud-alloydb/samples/README.md) |
+| Alloy_d_b_admin.generate_client_certificate | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.generate_client_certificate.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.generate_client_certificate.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.get_backup | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_backup.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_backup.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.get_cluster | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_cluster.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_cluster.js,packages/google-cloud-alloydb/samples/README.md) |
+| Alloy_d_b_admin.get_connection_info | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_connection_info.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_connection_info.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.get_instance | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_instance.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_instance.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.get_user | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_user.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.get_user.js,packages/google-cloud-alloydb/samples/README.md) |
 | Alloy_d_b_admin.inject_fault | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.inject_fault.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-alloydb/samples/generated/v1/alloy_d_b_admin.inject_fault.js,packages/google-cloud-alloydb/samples/README.md) |

diff --git a/packages/google-cloud-alloydb/protos/google/cloud/alloydb/v1/resources.proto b/packages/google-cloud-alloydb/protos/google/cloud/alloydb/v1/resources.proto
@@ -862,6 +862,28 @@ message Instance {
       [(google.api.field_behavior) = OPTIONAL];
 }
 
+// ConnectionInfo singleton resource.
+// https://google.aip.dev/156
+message ConnectionInfo {
+  option (google.api.resource) = {
+    type: "alloydb.googleapis.com/ConnectionInfo"
+    pattern: "projects/{project}/locations/{location}/clusters/{cluster}/instances/{instance}/connectionInfo"
+  };
+
+  // The name of the ConnectionInfo singleton resource, e.g.:
+  // projects/{project}/locations/{location}/clusters/*/instances/*/connectionInfo
+  // This field currently has no semantic meaning.
+  string name = 1;
+
+  // Output only. The private network IP address for the Instance. This is the
+  // default IP for the instance and is always created (even if enable_public_ip
+  // is set). This is the connection endpoint for an end-user application.
+  string ip_address = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The unique ID of the Instance.
+  string instance_uid = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
 // Message describing Backup object
 message Backup {
   option (google.api.resource) = {

diff --git a/packages/google-cloud-alloydb/protos/google/cloud/alloydb/v1/service.proto b/packages/google-cloud-alloydb/protos/google/cloud/alloydb/v1/service.proto
@@ -22,6 +22,7 @@ import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/alloydb/v1/resources.proto";
 import "google/longrunning/operations.proto";
+import "google/protobuf/duration.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
@@ -346,6 +347,28 @@ service AlloyDBAdmin {
     option (google.api.method_signature) = "parent";
   }
 
+  // Generate a client certificate signed by a Cluster CA.
+  // The sole purpose of this endpoint is to support AlloyDB connectors and the
+  // Auth Proxy client. The endpoint's behavior is subject to change without
+  // notice, so do not rely on its behavior remaining constant. Future changes
+  // will not break AlloyDB connectors or the Auth Proxy client.
+  rpc GenerateClientCertificate(GenerateClientCertificateRequest)
+      returns (GenerateClientCertificateResponse) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*/clusters/*}:generateClientCertificate"
+      body: "*"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Get instance metadata used for a connection.
+  rpc GetConnectionInfo(GetConnectionInfoRequest) returns (ConnectionInfo) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*/clusters/*/instances/*}/connectionInfo"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
   // Lists Users in a given project and location.
   rpc ListUsers(ListUsersRequest) returns (ListUsersResponse) {
     option (google.api.http) = {
@@ -1300,6 +1323,81 @@ message ListSupportedDatabaseFlagsResponse {
   string next_page_token = 2;
 }
 
+// Message for requests to generate a client certificate signed by the Cluster
+// CA.
+message GenerateClientCertificateRequest {
+  // Required. The name of the parent resource. The required format is:
+  //  * projects/{project}/locations/{location}/clusters/{cluster}
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = { type: "alloydb.googleapis.com/Cluster" }
+  ];
+
+  // Optional. An optional request ID to identify requests. Specify a unique
+  // request ID so that if you must retry your request, the server will know to
+  // ignore the request if it has already been completed. The server will
+  // guarantee that for at least 60 minutes after the first request.
+  //
+  // For example, consider a situation where you make an initial request and
+  // the request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. An optional hint to the endpoint to generate the client
+  // certificate with the requested duration. The duration can be from 1 hour to
+  // 24 hours. The endpoint may or may not honor the hint. If the hint is left
+  // unspecified or is not honored, then the endpoint will pick an appropriate
+  // default duration.
+  google.protobuf.Duration cert_duration = 4
+      [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The public key from the client.
+  string public_key = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Message returned by a GenerateClientCertificate operation.
+message GenerateClientCertificateResponse {
+  // Output only. The pem-encoded chain that may be used to verify the X.509
+  // certificate. Expected to be in issuer-to-root order according to RFC 5246.
+  repeated string pem_certificate_chain = 2
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. The pem-encoded cluster ca X.509 certificate.
+  string ca_cert = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for GetConnectionInfo.
+message GetConnectionInfoRequest {
+  // Required. The name of the parent resource. The required format is:
+  // projects/{project}/locations/{location}/clusters/{cluster}/instances/{instance}
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "alloydb.googleapis.com/Instance"
+    }
+  ];
+
+  // Optional. An optional request ID to identify requests. Specify a unique
+  // request ID so that if you must retry your request, the server will know to
+  // ignore the request if it has already been completed. The server will
+  // guarantee that for at least 60 minutes after the first request.
+  //
+  // For example, consider a situation where you make an initial request and
+  // the request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
 // Represents the metadata of the long-running operation.
 message OperationMetadata {
   // Request specific metadata, if any.