Skip to content

Commit 4f072bf

Browse files
Google APIscopybara-github
Google APIs
authored and
copybara-github
committed
feat: Add ListDatabaseRoles API to support role based access control
PiperOrigin-RevId: 462086058
1 parent 45e4f30 commit 4f072bf

3 files changed

Lines changed: 132 additions & 0 deletions

File tree

google/spanner/admin/database/v1/spanner.yaml

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
type: google.api.Service
2+
config_version: 3
3+
name: spanner.googleapis.com
4+
title: Cloud Spanner API
5+
6+
apis:
7+
- name: google.longrunning.Operations
8+
- name: google.spanner.admin.database.v1.DatabaseAdmin
9+
10+
types:
11+
- name: google.spanner.admin.database.v1.CopyBackupMetadata
12+
- name: google.spanner.admin.database.v1.CreateBackupMetadata
13+
- name: google.spanner.admin.database.v1.CreateDatabaseMetadata
14+
- name: google.spanner.admin.database.v1.OptimizeRestoredDatabaseMetadata
15+
- name: google.spanner.admin.database.v1.RestoreDatabaseMetadata
16+
- name: google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata
17+
18+
documentation:
19+
summary: |-
20+
Cloud Spanner is a managed, mission-critical, globally consistent and
21+
scalable relational database service.
22+
23+
backend:
24+
rules:
25+
- selector: 'google.longrunning.Operations.*'
26+
deadline: 3600.0
27+
- selector: 'google.spanner.admin.database.v1.DatabaseAdmin.*'
28+
deadline: 3600.0
29+
30+
http:
31+
rules:
32+
- selector: google.longrunning.Operations.CancelOperation
33+
post: '/v1/{name=projects/*/instances/*/databases/*/operations/*}:cancel'
34+
additional_bindings:
35+
- post: '/v1/{name=projects/*/instances/*/operations/*}:cancel'
36+
- post: '/v1/{name=projects/*/instances/*/backups/*/operations/*}:cancel'
37+
- post: '/v1/{name=projects/*/instanceConfigs/*/operations/*}:cancel'
38+
- selector: google.longrunning.Operations.DeleteOperation
39+
delete: '/v1/{name=projects/*/instances/*/databases/*/operations/*}'
40+
additional_bindings:
41+
- delete: '/v1/{name=projects/*/instances/*/operations/*}'
42+
- delete: '/v1/{name=projects/*/instances/*/backups/*/operations/*}'
43+
- delete: '/v1/{name=projects/*/instanceConfigs/*/operations/*}'
44+
- selector: google.longrunning.Operations.GetOperation
45+
get: '/v1/{name=projects/*/instances/*/databases/*/operations/*}'
46+
additional_bindings:
47+
- get: '/v1/{name=projects/*/instances/*/operations/*}'
48+
- get: '/v1/{name=projects/*/instances/*/backups/*/operations/*}'
49+
- get: '/v1/{name=projects/*/instanceConfigs/*/operations/*}'
50+
- selector: google.longrunning.Operations.ListOperations
51+
get: '/v1/{name=projects/*/instances/*/databases/*/operations}'
52+
additional_bindings:
53+
- get: '/v1/{name=projects/*/instances/*/operations}'
54+
- get: '/v1/{name=projects/*/instances/*/backups/*/operations}'
55+
- get: '/v1/{name=projects/*/instanceConfigs/*/operations}'
56+
57+
authentication:
58+
rules:
59+
- selector: 'google.longrunning.Operations.*'
60+
oauth:
61+
canonical_scopes: |-
62+
https://www.googleapis.com/auth/cloud-platform,
63+
https://www.googleapis.com/auth/spanner.admin
64+
- selector: 'google.spanner.admin.database.v1.DatabaseAdmin.*'
65+
oauth:
66+
canonical_scopes: |-
67+
https://www.googleapis.com/auth/cloud-platform,
68+
https://www.googleapis.com/auth/spanner.admin

google/spanner/admin/database/v1/spanner_admin_database_grpc_service_config.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,10 @@
4545
{
4646
"service": "google.spanner.admin.database.v1.DatabaseAdmin",
4747
"method": "ListBackupOperations"
48+
},
49+
{
50+
"service": "google.spanner.admin.database.v1.DatabaseAdmin",
51+
"method": "ListDatabaseRoles"
4852
}
4953
],
5054
"timeout": "3600s",

google/spanner/admin/database/v1/spanner_database_admin.proto

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,10 @@ service DatabaseAdmin {
187187
post: "/v1/{resource=projects/*/instances/*/backups/*}:testIamPermissions"
188188
body: "*"
189189
}
190+
additional_bindings {
191+
post: "/v1/{resource=projects/*/instances/*/databases/*/databaseRoles/*}:testIamPermissions"
192+
body: "*"
193+
}
190194
};
191195
option (google.api.method_signature) = "resource,permissions";
192196
}
@@ -334,6 +338,14 @@ service DatabaseAdmin {
334338
};
335339
option (google.api.method_signature) = "parent";
336340
}
341+
342+
// Lists Cloud Spanner database roles.
343+
rpc ListDatabaseRoles(ListDatabaseRolesRequest) returns (ListDatabaseRolesResponse) {
344+
option (google.api.http) = {
345+
get: "/v1/{parent=projects/*/instances/*/databases/*}/databaseRoles"
346+
};
347+
option (google.api.method_signature) = "parent";
348+
}
337349
}
338350

339351
// Information about the database restore.
@@ -868,3 +880,51 @@ enum RestoreSourceType {
868880
// A backup was used as the source of the restore.
869881
BACKUP = 1;
870882
}
883+
884+
// A Cloud Spanner database role.
885+
message DatabaseRole {
886+
option (google.api.resource) = {
887+
type: "spanner.googleapis.com/DatabaseRole"
888+
pattern: "projects/{project}/instances/{instance}/databases/{database}/databaseRoles/{role}"
889+
};
890+
891+
// Required. The name of the database role. Values are of the form
892+
// `projects/<project>/instances/<instance>/databases/<database>/databaseRoles/
893+
// {role}`, where `<role>` is as specified in the `CREATE ROLE`
894+
// DDL statement. This name can be passed to Get/Set IAMPolicy methods to
895+
// identify the database role.
896+
string name = 1 [(google.api.field_behavior) = REQUIRED];
897+
}
898+
899+
// The request for [ListDatabaseRoles][google.spanner.admin.database.v1.DatabaseAdmin.ListDatabaseRoles].
900+
message ListDatabaseRolesRequest {
901+
// Required. The database whose roles should be listed.
902+
// Values are of the form
903+
// `projects/<project>/instances/<instance>/databases/<database>/databaseRoles`.
904+
string parent = 1 [
905+
(google.api.field_behavior) = REQUIRED,
906+
(google.api.resource_reference) = {
907+
type: "spanner.googleapis.com/Database"
908+
}
909+
];
910+
911+
// Number of database roles to be returned in the response. If 0 or less,
912+
// defaults to the server's maximum allowed page size.
913+
int32 page_size = 2;
914+
915+
// If non-empty, `page_token` should contain a
916+
// [next_page_token][google.spanner.admin.database.v1.ListDatabaseRolesResponse.next_page_token] from a
917+
// previous [ListDatabaseRolesResponse][google.spanner.admin.database.v1.ListDatabaseRolesResponse].
918+
string page_token = 3;
919+
}
920+
921+
// The response for [ListDatabaseRoles][google.spanner.admin.database.v1.DatabaseAdmin.ListDatabaseRoles].
922+
message ListDatabaseRolesResponse {
923+
// Database roles that matched the request.
924+
repeated DatabaseRole database_roles = 1;
925+
926+
// `next_page_token` can be sent in a subsequent
927+
// [ListDatabaseRoles][google.spanner.admin.database.v1.DatabaseAdmin.ListDatabaseRoles]
928+
// call to fetch more of the matching roles.
929+
string next_page_token = 2;
930+
}

0 commit comments

Comments
 (0)