feat: Add branch rule APIs

Google APIs · copybara-github · commit b6a9d807da8f · 2024-10-21T09:48:32.000-07:00
feat: Add field `psc_allowed_projects` to message `.google.cloud.securesourcemanager.v1.Instance`
docs: A comment for field `instance` in message `.google.cloud.securesourcemanager.v1.Repository` is changed

PiperOrigin-RevId: 688170540
diff --git a/google/cloud/securesourcemanager/v1/BUILD.bazel b/google/cloud/securesourcemanager/v1/BUILD.bazel
@@ -35,6 +35,7 @@ proto_library(
         "//google/iam/v1:policy_proto",
         "//google/longrunning:operations_proto",
         "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:field_mask_proto",
         "@com_google_protobuf//:timestamp_proto",
     ],
 )
@@ -342,6 +343,7 @@ load(
 
 csharp_proto_library(
     name = "securesourcemanager_csharp_proto",
+    extra_opts = [],
     deps = [":securesourcemanager_proto"],
 )
 
diff --git a/google/cloud/securesourcemanager/v1/secure_source_manager.proto b/google/cloud/securesourcemanager/v1/secure_source_manager.proto
@@ -24,6 +24,7 @@ import "google/iam/v1/iam_policy.proto";
 import "google/iam/v1/policy.proto";
 import "google/longrunning/operations.proto";
 import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
 
 option csharp_namespace = "Google.Cloud.SecureSourceManager.V1";
@@ -195,6 +196,64 @@ service SecureSourceManager {
     };
     option (google.api.method_signature) = "resource";
   }
+
+  // CreateBranchRule creates a branch rule in a given repository.
+  rpc CreateBranchRule(CreateBranchRuleRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*/repositories/*}/branchRules"
+      body: "branch_rule"
+    };
+    option (google.api.method_signature) = "parent,branch_rule,branch_rule_id";
+    option (google.longrunning.operation_info) = {
+      response_type: "BranchRule"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // ListBranchRules lists branch rules in a given repository.
+  rpc ListBranchRules(ListBranchRulesRequest)
+      returns (ListBranchRulesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*/repositories/*}/branchRules"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // GetBranchRule gets a branch rule.
+  rpc GetBranchRule(GetBranchRuleRequest) returns (BranchRule) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/repositories/*/branchRules/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // UpdateBranchRule updates a branch rule.
+  rpc UpdateBranchRule(UpdateBranchRuleRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{branch_rule.name=projects/*/locations/*/repositories/*/branchRules/*}"
+      body: "branch_rule"
+    };
+    option (google.api.method_signature) = "branch_rule,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "BranchRule"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // DeleteBranchRule deletes a branch rule.
+  rpc DeleteBranchRule(DeleteBranchRuleRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/locations/*/repositories/*/branchRules/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "OperationMetadata"
+    };
+  }
 }
 
 // A resource that represents a Secure Source Manager instance.
@@ -290,6 +349,12 @@ message Instance {
         type: "compute.googleapis.com/ServiceAttachment"
       }
     ];
+
+    // Optional. Additional allowed projects for setting up PSC connections.
+    // Instance host project is automatically allowed and does not need to be
+    // included in this list.
+    repeated string psc_allowed_projects = 6
+        [(google.api.field_behavior) = OPTIONAL];
   }
 
   // Optional. A unique identifier for an instance. The name should be of the
@@ -513,9 +578,8 @@ message Repository {
   // `projects/{project_number}/locations/{location_id}/instances/{instance_id}`
   // When creating repository via
   // securesourcemanager.googleapis.com (Control Plane API), this field is used
-  // as input.
-  // When creating repository via *.sourcemanager.dev (Data Plane API), this
-  // field is output only.
+  // as input. When creating repository via *.sourcemanager.dev (Data Plane
+  // API), this field is output only.
   string instance = 3 [
     (google.api.field_behavior) = OPTIONAL,
     (google.api.resource_reference) = {
@@ -546,6 +610,83 @@ message Repository {
   InitialConfig initial_config = 10 [(google.api.field_behavior) = INPUT_ONLY];
 }
 
+// Metadata of a BranchRule. BranchRule is the protection rule to enforce
+// pre-defined rules on desginated branches within a repository.
+message BranchRule {
+  option (google.api.resource) = {
+    type: "securesourcemanager.googleapis.com/BranchRule"
+    pattern: "projects/{project}/locations/{location}/repositories/{repository}/branchRules/{branch_rule}"
+  };
+
+  // Check is a type for status check.
+  message Check {
+    // Required. The context of the check.
+    string context = 1 [(google.api.field_behavior) = REQUIRED];
+  }
+
+  // Optional. A unique identifier for a BranchRule. The name should be of the
+  // format:
+  // `projects/{project}/locations/{location}/repositories/{repository}/branchRules/{branch_rule}`
+  string name = 1 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. Unique identifier of the repository.
+  string uid = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Create timestamp.
+  google.protobuf.Timestamp create_time = 3
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Update timestamp.
+  google.protobuf.Timestamp update_time = 4
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. User annotations. These attributes can only be set and used by
+  // the user. See https://google.aip.dev/128#annotations for more details such
+  // as format and size limitations.
+  map<string, string> annotations = 5 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. This checksum is computed by the server based on the value of
+  // other fields, and may be sent on update and delete requests to ensure the
+  // client has an up-to-date value before proceeding.
+  string etag = 6 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The pattern of the branch that can match to this BranchRule.
+  // Specified as regex.
+  // .* for all branches. Examples: main, (main|release.*).
+  // Current MVP phase only support `.*` for wildcard.
+  string include_pattern = 7 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Determines if the branch rule is disabled or not.
+  bool disabled = 8 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Determines if the branch rule requires a pull request or not.
+  bool require_pull_request = 9 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The minimum number of reviews required for the branch rule to be
+  // matched.
+  int32 minimum_reviews_count = 10 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The minimum number of approvals required for the branch rule to
+  // be matched.
+  int32 minimum_approvals_count = 11 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Determines if require comments resolved before merging to the
+  // branch.
+  bool require_comments_resolved = 12 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Determines if allow stale reviews or approvals before merging to
+  // the branch.
+  bool allow_stale_reviews = 15 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Determines if require linear history before merging to the
+  // branch.
+  bool require_linear_history = 13 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. List of required status checks before merging to the branch.
+  repeated Check required_status_checks = 14
+      [(google.api.field_behavior) = OPTIONAL];
+}
+
 // ListInstancesRequest is the request to list instances.
 message ListInstancesRequest {
   // Required. Parent value for ListInstancesRequest.
@@ -772,3 +913,84 @@ message DeleteRepositoryRequest {
   // succeed but no action will be taken on the server.
   bool allow_missing = 2 [(google.api.field_behavior) = OPTIONAL];
 }
+
+// GetBranchRuleRequest is the request for getting a branch rule.
+message GetBranchRuleRequest {
+  // Required. Name of the repository to retrieve.
+  // The format is
+  // `projects/{project}/locations/{location}/repositories/{repository}/branchRules/{branch_rule}`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "securesourcemanager.googleapis.com/BranchRule"
+    }
+  ];
+}
+
+// CreateBranchRuleRequest is the request to create a branch rule.
+message CreateBranchRuleRequest {
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "securesourcemanager.googleapis.com/BranchRule"
+    }
+  ];
+
+  BranchRule branch_rule = 2 [(google.api.field_behavior) = REQUIRED];
+
+  string branch_rule_id = 3 [(google.api.field_behavior) = REQUIRED];
+}
+
+// ListBranchRulesRequest is the request to list branch rules.
+message ListBranchRulesRequest {
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      child_type: "securesourcemanager.googleapis.com/BranchRule"
+    }
+  ];
+
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// DeleteBranchRuleRequest is the request to delete a branch rule.
+message DeleteBranchRuleRequest {
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "securesourcemanager.googleapis.com/BranchRule"
+    }
+  ];
+
+  // Optional. If set to true, and the branch rule is not found, the request
+  // will succeed but no action will be taken on the server.
+  bool allow_missing = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// UpdateBranchRuleRequest is the request to update a branchRule.
+message UpdateBranchRuleRequest {
+  BranchRule branch_rule = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. If set, validate the request and preview the review, but do not
+  // actually post it.  (https://google.aip.dev/163, for declarative friendly)
+  bool validate_only = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Required. Field mask is used to specify the fields to be overwritten in the
+  // branchRule resource by the update.
+  // The fields specified in the update_mask are relative to the resource, not
+  // the full request. A field will be overwritten if it is in the mask.
+  // The special value "*" means full replacement.
+  google.protobuf.FieldMask update_mask = 3
+      [(google.api.field_behavior) = REQUIRED];
+}
+
+// ListBranchRulesResponse is the response to listing branchRules.
+message ListBranchRulesResponse {
+  // The list of branch rules.
+  repeated BranchRule branch_rules = 1;
+
+  // A token identifying a page of results the server should return.
+  string next_page_token = 2;
+}

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ proto_library(`
`35`	`35`	`"//google/iam/v1:policy_proto",`
`36`	`36`	`"//google/longrunning:operations_proto",`
`37`	`37`	`"@com_google_protobuf//:empty_proto",`
	`38`	`+ "@com_google_protobuf//:field_mask_proto",`
`38`	`39`	`"@com_google_protobuf//:timestamp_proto",`
`39`	`40`	`],`
`40`	`41`	`)`
`@@ -342,6 +343,7 @@ load(`
`342`	`343`
`343`	`344`	`csharp_proto_library(`
`344`	`345`	`name = "securesourcemanager_csharp_proto",`
	`346`	`+ extra_opts = [],`
`345`	`347`	`deps = [":securesourcemanager_proto"],`
`346`	`348`	`)`
`347`	`349`