1- // Copyright 2019 Google LLC.
1+ // Copyright 2022 Google LLC
22//
33// Licensed under the Apache License, Version 2.0 (the "License");
44// you may not use this file except in compliance with the License.
1111// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1212// See the License for the specific language governing permissions and
1313// limitations under the License.
14- //
1514
1615syntax = "proto3" ;
1716
@@ -45,6 +44,15 @@ service OsLoginService {
4544 "https://www.googleapis.com/auth/compute,"
4645 "https://www.googleapis.com/auth/compute.readonly" ;
4746
47+ // Create an SSH public key
48+ rpc CreateSshPublicKey (CreateSshPublicKeyRequest ) returns (google.cloud.oslogin.common.SshPublicKey ) {
49+ option (google.api.http ) = {
50+ post : "/v1beta/{parent=users/*}/sshPublicKeys"
51+ body : "ssh_public_key"
52+ };
53+ option (google.api.method_signature ) = "parent,ssh_public_key" ;
54+ }
55+
4856 // Deletes a POSIX account.
4957 rpc DeletePosixAccount (DeletePosixAccountRequest ) returns (google.protobuf.Empty ) {
5058 option (google.api.http ) = {
@@ -113,6 +121,23 @@ message LoginProfile {
113121
114122 // A map from SSH public key fingerprint to the associated key object.
115123 map <string , google.cloud.oslogin.common.SshPublicKey > ssh_public_keys = 3 ;
124+
125+ // The registered security key credentials for a user.
126+ repeated SecurityKey security_keys = 5 ;
127+ }
128+
129+ // A request message for creating an SSH public key.
130+ message CreateSshPublicKeyRequest {
131+ // Required. The unique ID for the user in format `users/{user}`.
132+ string parent = 1 [
133+ (google.api.field_behavior ) = REQUIRED ,
134+ (google.api.resource_reference ) = {
135+ child_type : "oslogin.googleapis.com/SshPublicKey"
136+ }
137+ ];
138+
139+ // Required. The SSH public key and expiration time.
140+ google.cloud.oslogin.common.SshPublicKey ssh_public_key = 2 [(google.api.field_behavior ) = REQUIRED ];
116141}
117142
118143// A request message for deleting a POSIX account entry.
@@ -146,13 +171,19 @@ message GetLoginProfileRequest {
146171 // Required. The unique ID for the user in format `users/{user}`.
147172 string name = 1 [
148173 (google.api.field_behavior ) = REQUIRED ,
149- (google.api.resource_reference ).type = "oslogin.googleapis.com/User" ];
174+ (google.api.resource_reference ) = {
175+ type : "oslogin.googleapis.com/User"
176+ }
177+ ];
150178
151179 // The project ID of the Google Cloud Platform project.
152180 string project_id = 2 ;
153181
154182 // A system ID for filtering the results of the request.
155183 string system_id = 3 ;
184+
185+ // The view configures whether to retrieve security keys information.
186+ LoginProfileView view = 4 ;
156187}
157188
158189// A request message for retrieving an SSH public key.
@@ -180,12 +211,18 @@ message ImportSshPublicKeyRequest {
180211
181212 // The project ID of the Google Cloud Platform project.
182213 string project_id = 3 ;
214+
215+ // The view configures whether to retrieve security keys information.
216+ LoginProfileView view = 4 ;
183217}
184218
185219// A response message for importing an SSH public key.
186220message ImportSshPublicKeyResponse {
187221 // The login profile information for the user.
188222 LoginProfile login_profile = 1 ;
223+
224+ // Detailed information about import results.
225+ string details = 2 ;
189226}
190227
191228// A request message for updating an SSH public key.
@@ -206,3 +243,46 @@ message UpdateSshPublicKeyRequest {
206243 // Mask to control which fields get updated. Updates all if not present.
207244 google.protobuf.FieldMask update_mask = 3 ;
208245}
246+
247+ // The credential information for a Google registered security key.
248+ message SecurityKey {
249+ // Public key text in SSH format, defined by
250+ // [RFC4253]("https://www.ietf.org/rfc/rfc4253.txt") section 6.6.
251+ string public_key = 1 ;
252+
253+ // Hardware-backed private key text in SSH format.
254+ string private_key = 2 ;
255+
256+ // The FIDO protocol type used to register this credential.
257+ oneof protocol_type {
258+ // The U2F protocol type.
259+ UniversalTwoFactor universal_two_factor = 3 ;
260+
261+ // The Web Authentication protocol type.
262+ WebAuthn web_authn = 4 ;
263+ }
264+ }
265+
266+ // Security key information specific to the U2F protocol.
267+ message UniversalTwoFactor {
268+ // Application ID for the U2F protocol.
269+ string app_id = 1 ;
270+ }
271+
272+ // Security key information specific to the Web Authentication protocol.
273+ message WebAuthn {
274+ // Relying party ID for Web Authentication.
275+ string rp_id = 1 ;
276+ }
277+
278+ // The login profile view limits the user content retrieved.
279+ enum LoginProfileView {
280+ // The default login profile view. The API defaults to the BASIC view.
281+ LOGIN_PROFILE_VIEW_UNSPECIFIED = 0 ;
282+
283+ // Includes POSIX and SSH key information.
284+ BASIC = 1 ;
285+
286+ // Include security key information for the user.
287+ SECURITY_KEY = 2 ;
288+ }
0 commit comments