blob: 1ab697f02bba475832ef4428722634de12df122d [file] [log] [blame]
// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.cloud.iot.v1;
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
import "google/rpc/status.proto";
option cc_enable_arenas = true;
option go_package = "google.golang.org/genproto/googleapis/cloud/iot/v1;iot";
option java_multiple_files = true;
option java_outer_classname = "ResourcesProto";
option java_package = "com.google.cloud.iot.v1";
// resource_definitons are defined at file level.
// May be referred to either locally: "location"; or fully-qualified: "google.cloud.iot.v1:location"
// Alternatively, these definitions may be placed on the field within the resource message.
// In this file, this means the "Device" and "Registry" messages.
option (google.api.resource_definition) = {
name: "location",
path: "projects/{project}/locations/{location}"
};
option (google.api.resource_definition) = {
name: "device",
path: "projects/{project}/locations/{location}/registries/{registry}/devices/{device}"
};
option (google.api.resource_definition) = {
name: "registry",
path: "projects/{project}/locations/{location}/registries/{registry}"
};
// Re-define pubsub topic here, so we don't need a pubsub dependency.
// This is a duplicate of the resource_definition in pubsub.
// This will create a distinct type, different from the Topic resource in pubsub.
// Alternatively, a dependency on pubsub could be added, then this entity would not be needed.
option (google.api.resource_definition) = {
name: "pubsub_topic",
base_name: "topic", // "base_name" only required when different from "name"
path: "projects/{project}/topics/{topic}"
};
// Resources on the imported iam messages.
option (google.api.resource_definition) = {
name: "group",
path: "resource=projects/{project}/locations/{location}/registries/{registry}/groups/{group}"
};
option (google.api.resource_set_definition) = {
name: "iam",
resource_names: ["registry", "group"]
};
// The device resource.
message Device {
// The user-defined device identifier. The device ID must be unique
// within a device registry.
string id = 1;
// The resource path name. For example,
// `projects/p1/locations/us-central1/registries/registry0/devices/dev0` or
// `projects/p1/locations/us-central1/registries/registry0/devices/{num_id}`.
// When `name` is populated as a response from the service, it always ends
// in the device numeric ID.
string name = 2 [(google.api.resource_reference) = "device"];
// Alternatively, if the resource is being defined within this message.
// An implied resource_reference is also specified on this field.
// "name" and "base_name" are both inferred to be the message name,
// "Device" in this case - decisions will be required about casing of generated classes.
string name = 2 [(google.api.resource_definition).path = "projects/{project}/locations/{location}/registries/{registry}/devices/{device}"];
// [Output only] A server-defined unique numeric ID for the device. This is a
// more compact way to identify devices, and it is globally unique.
uint64 num_id = 3;
// The credentials used to authenticate this device. To allow credential
// rotation without interruption, multiple device credentials can be bound to
// this device. No more than 3 credentials can be bound to a single device at
// a time. When new credentials are added to a device, they are verified
// against the registry credentials. For details, see the description of the
// `DeviceRegistry.credentials` field.
repeated DeviceCredential credentials = 12;
// [Output only] The last time an MQTT `PINGREQ` was received. This field
// applies only to devices connecting through MQTT. MQTT clients usually only
// send `PINGREQ` messages if the connection is idle, and no other messages
// have been sent. Timestamps are periodically collected and written to
// storage; they may be stale by a few minutes.
google.protobuf.Timestamp last_heartbeat_time = 7;
// [Output only] The last time a telemetry event was received. Timestamps are
// periodically collected and written to storage; they may be stale by a few
// minutes.
google.protobuf.Timestamp last_event_time = 8;
// [Output only] The last time a state event was received. Timestamps are
// periodically collected and written to storage; they may be stale by a few
// minutes.
google.protobuf.Timestamp last_state_time = 20;
// [Output only] The last time a cloud-to-device config version acknowledgment
// was received from the device. This field is only for configurations
// sent through MQTT.
google.protobuf.Timestamp last_config_ack_time = 14;
// [Output only] The last time a cloud-to-device config version was sent to
// the device.
google.protobuf.Timestamp last_config_send_time = 18;
// If a device is blocked, connections or requests from this device will fail.
// Can be used to temporarily prevent the device from connecting if, for
// example, the sensor is generating bad data and needs maintenance.
bool blocked = 19;
// [Output only] The time the most recent error occurred, such as a failure to
// publish to Cloud Pub/Sub. This field is the timestamp of
// 'last_error_status'.
google.protobuf.Timestamp last_error_time = 10;
// [Output only] The error message of the most recent error, such as a failure
// to publish to Cloud Pub/Sub. 'last_error_time' is the timestamp of this
// field. If no errors have occurred, this field has an empty message
// and the status code 0 == OK. Otherwise, this field is expected to have a
// status code other than OK.
google.rpc.Status last_error_status = 11;
// The most recent device configuration, which is eventually sent from
// Cloud IoT Core to the device. If not present on creation, the
// configuration will be initialized with an empty payload and version value
// of `1`. To update this field after creation, use the
// `DeviceManager.ModifyCloudToDeviceConfig` method.
DeviceConfig config = 13;
// [Output only] The state most recently received from the device. If no state
// has been reported, this field is not present.
DeviceState state = 16;
// The metadata key-value pairs assigned to the device. This metadata is not
// interpreted or indexed by Cloud IoT Core. It can be used to add contextual
// information for the device.
//
// Keys must conform to the regular expression [a-zA-Z][a-zA-Z0-9-_.+~%]+ and
// be less than 128 bytes in length.
//
// Values are free-form strings. Each value must be less than or equal to 32
// KB in size.
//
// The total size of all keys and values must be less than 256 KB, and the
// maximum number of key-value pairs is 500.
map<string, string> metadata = 17;
}
// A container for a group of devices.
message DeviceRegistry {
// The identifier of this device registry. For example, `myRegistry`.
string id = 1;
// The resource path name. For example,
// `projects/example-project/locations/us-central1/registries/my-registry`.
string name = 2 [(google.api.resource_reference) = "registry"];
// Alternatively, if the resource is being defined within this message.
// An implied resource_reference is also specified on this field.
// "name" and "base_name" are both inferred to be the message name,
// "DeviceRegistry" in this case - decisions will be required about casing of generated classes.
string name = 2 [(google.api.resource_definition).path = "projects/{project}/locations/{location}/registries/{registry}"];
// The configuration for notification of telemetry events received from the
// device. All telemetry events that were successfully published by the
// device and acknowledged by Cloud IoT Core are guaranteed to be
// delivered to Cloud Pub/Sub. If multiple configurations match a message,
// only the first matching configuration is used. If you try to publish a
// device telemetry event using MQTT without specifying a Cloud Pub/Sub topic
// for the device's registry, the connection closes automatically. If you try
// to do so using an HTTP connection, an error is returned. Up to 10
// configurations may be provided.
repeated EventNotificationConfig event_notification_configs = 10;
// The configuration for notification of new states received from the device.
// State updates are guaranteed to be stored in the state history, but
// notifications to Cloud Pub/Sub are not guaranteed. For example, if
// permissions are misconfigured or the specified topic doesn't exist, no
// notification will be published but the state will still be stored in Cloud
// IoT Core.
StateNotificationConfig state_notification_config = 7;
// The MQTT configuration for this device registry.
MqttConfig mqtt_config = 4;
// The DeviceService (HTTP) configuration for this device registry.
HttpConfig http_config = 9;
// The credentials used to verify the device credentials. No more than 10
// credentials can be bound to a single registry at a time. The verification
// process occurs at the time of device creation or update. If this field is
// empty, no verification is performed. Otherwise, the credentials of a newly
// created device or added credentials of an updated device should be signed
// with one of these registry credentials.
//
// Note, however, that existing devices will never be affected by
// modifications to this list of credentials: after a device has been
// successfully created in a registry, it should be able to connect even if
// its registry credentials are revoked, deleted, or modified.
repeated RegistryCredential credentials = 8;
}
// The configuration of MQTT for a device registry.
message MqttConfig {
// If enabled, allows connections using the MQTT protocol. Otherwise, MQTT
// connections to this registry will fail.
MqttState mqtt_enabled_state = 1;
}
// The configuration of the HTTP bridge for a device registry.
message HttpConfig {
// If enabled, allows devices to use DeviceService via the HTTP protocol.
// Otherwise, any requests to DeviceService will fail for this registry.
HttpState http_enabled_state = 1;
}
// The configuration for forwarding telemetry events.
message EventNotificationConfig {
// If the subfolder name matches this string exactly, this configuration will
// be used. The string must not include the leading '/' character. If empty,
// all strings are matched. This field is used only for telemetry events;
// subfolders are not supported for state changes.
string subfolder_matches = 2;
// A Cloud Pub/Sub topic name. For example,
// `projects/myProject/topics/deviceEvents`.
string pubsub_topic_name = 1 [(google.api.resource_reference) = "pubsub_topic"];
// NOTE: If there was a dependency on pubsub, this field would be:
string pubsub_topic_name = 1 [(google.api.resource_reference) = "google.api.pubsub.v1:topic"];
}
// The configuration for notification of new states received from the device.
message StateNotificationConfig {
// A Cloud Pub/Sub topic name. For example,
// `projects/myProject/topics/deviceEvents`.
string pubsub_topic_name = 1 [(google.api.resource_reference) = "pubsub_topic"];
// NOTE: If there was a dependency on pubsub, this field would be:
string pubsub_topic_name = 1 [(google.api.resource_reference) = "google.api.pubsub.v1:topic"];
}
// A server-stored registry credential used to validate device credentials.
message RegistryCredential {
// The credential data. Reserved for expansion in the future.
oneof credential {
// A public key certificate used to verify the device credentials.
PublicKeyCertificate public_key_certificate = 1;
}
}
// Details of an X.509 certificate. For informational purposes only.
message X509CertificateDetails {
// The entity that signed the certificate.
string issuer = 1;
// The entity the certificate and public key belong to.
string subject = 2;
// The time the certificate becomes valid.
google.protobuf.Timestamp start_time = 3;
// The time the certificate becomes invalid.
google.protobuf.Timestamp expiry_time = 4;
// The algorithm used to sign the certificate.
string signature_algorithm = 5;
// The type of public key in the certificate.
string public_key_type = 6;
}
// A public key certificate format and data.
message PublicKeyCertificate {
// The certificate format.
PublicKeyCertificateFormat format = 1;
// The certificate data.
string certificate = 2;
// [Output only] The certificate details. Used only for X.509 certificates.
X509CertificateDetails x509_details = 3;
}
// A server-stored device credential used for authentication.
message DeviceCredential {
// The credential data. Reserved for expansion in the future.
oneof credential {
// A public key used to verify the signature of JSON Web Tokens (JWTs).
// When adding a new device credential, either via device creation or via
// modifications, this public key credential may be required to be signed by
// one of the registry level certificates. More specifically, if the
// registry contains at least one certificate, any new device credential
// must be signed by one of the registry certificates. As a result,
// when the registry contains certificates, only X.509 certificates are
// accepted as device credentials. However, if the registry does
// not contain a certificate, self-signed certificates and public keys will
// be accepted. New device credentials must be different from every
// registry-level certificate.
PublicKeyCredential public_key = 2;
}
// [Optional] The time at which this credential becomes invalid. This
// credential will be ignored for new client authentication requests after
// this timestamp; however, it will not be automatically deleted.
google.protobuf.Timestamp expiration_time = 6;
}
// A public key format and data.
message PublicKeyCredential {
// The format of the key.
PublicKeyFormat format = 1;
// The key data.
string key = 2;
}
// The device configuration. Eventually delivered to devices.
message DeviceConfig {
// [Output only] The version of this update. The version number is assigned by
// the server, and is always greater than 0 after device creation. The
// version must be 0 on the `CreateDevice` request if a `config` is
// specified; the response of `CreateDevice` will always have a value of 1.
int64 version = 1;
// [Output only] The time at which this configuration version was updated in
// Cloud IoT Core. This timestamp is set by the server.
google.protobuf.Timestamp cloud_update_time = 2;
// [Output only] The time at which Cloud IoT Core received the
// acknowledgment from the device, indicating that the device has received
// this configuration version. If this field is not present, the device has
// not yet acknowledged that it received this version. Note that when
// the config was sent to the device, many config versions may have been
// available in Cloud IoT Core while the device was disconnected, and on
// connection, only the latest version is sent to the device. Some
// versions may never be sent to the device, and therefore are never
// acknowledged. This timestamp is set by Cloud IoT Core.
google.protobuf.Timestamp device_ack_time = 3;
// The device configuration data.
bytes binary_data = 4;
}
// The device state, as reported by the device.
message DeviceState {
// [Output only] The time at which this state version was updated in Cloud
// IoT Core.
google.protobuf.Timestamp update_time = 1;
// The device state data.
bytes binary_data = 2;
}
// Indicates whether an MQTT connection is enabled or disabled. See the field
// description for details.
enum MqttState {
// No MQTT state specified. If not specified, MQTT will be enabled by default.
MQTT_STATE_UNSPECIFIED = 0;
// Enables a MQTT connection.
MQTT_ENABLED = 1;
// Disables a MQTT connection.
MQTT_DISABLED = 2;
}
// Indicates whether DeviceService (HTTP) is enabled or disabled for the
// registry. See the field description for details.
enum HttpState {
// No HTTP state specified. If not specified, DeviceService will be
// enabled by default.
HTTP_STATE_UNSPECIFIED = 0;
// Enables DeviceService (HTTP) service for the registry.
HTTP_ENABLED = 1;
// Disables DeviceService (HTTP) service for the registry.
HTTP_DISABLED = 2;
}
// The supported formats for the public key.
enum PublicKeyCertificateFormat {
// The format has not been specified. This is an invalid default value and
// must not be used.
UNSPECIFIED_PUBLIC_KEY_CERTIFICATE_FORMAT = 0;
// An X.509v3 certificate ([RFC5280](https://www.ietf.org/rfc/rfc5280.txt)),
// encoded in base64, and wrapped by `-----BEGIN CERTIFICATE-----` and
// `-----END CERTIFICATE-----`.
X509_CERTIFICATE_PEM = 1;
}
// The supported formats for the public key.
enum PublicKeyFormat {
// The format has not been specified. This is an invalid default value and
// must not be used.
UNSPECIFIED_PUBLIC_KEY_FORMAT = 0;
// An RSA public key encoded in base64, and wrapped by
// `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----`. This can be
// used to verify `RS256` signatures in JWT tokens ([RFC7518](
// https://www.ietf.org/rfc/rfc7518.txt)).
RSA_PEM = 3;
// As RSA_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
// https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
RSA_X509_PEM = 1;
// Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in
// base64, and wrapped by `-----BEGIN PUBLIC KEY-----` and `-----END
// PUBLIC KEY-----`. This can be used to verify JWT tokens with the `ES256`
// algorithm ([RFC7518](https://www.ietf.org/rfc/rfc7518.txt)). This curve is
// defined in [OpenSSL](https://www.openssl.org/) as the `prime256v1` curve.
ES256_PEM = 2;
// As ES256_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
// https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
ES256_X509_PEM = 4;
}