-
Notifications
You must be signed in to change notification settings - Fork 22
/
data.proto
482 lines (397 loc) · 18.5 KB
/
data.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package google.events.cloud.iot.v1;
import "google/protobuf/timestamp.proto";
import "google/rpc/status.proto";
option csharp_namespace = "Google.Events.Protobuf.Cloud.Iot.V1";
option php_namespace = "Google\\Events\\Cloud\\Iot\\V1";
option ruby_package = "Google::Events::Cloud::Iot::V1";
// The device resource.
message Device {
// The user-defined device identifier. The device ID must be unique
// within a device registry.
string id = 1;
// The resource path name. For example,
// `projects/p1/locations/us-central1/registries/registry0/devices/dev0` or
// `projects/p1/locations/us-central1/registries/registry0/devices/{num_id}`.
// When `name` is populated as a response from the service, it always ends
// in the device numeric ID.
string name = 2;
// [Output only] A server-defined unique numeric ID for the device. This is a
// more compact way to identify devices, and it is globally unique.
uint64 num_id = 3;
// The credentials used to authenticate this device. To allow credential
// rotation without interruption, multiple device credentials can be bound to
// this device. No more than 3 credentials can be bound to a single device at
// a time. When new credentials are added to a device, they are verified
// against the registry credentials. For details, see the description of the
// `DeviceRegistry.credentials` field.
repeated DeviceCredential credentials = 12;
// [Output only] The last time an MQTT `PINGREQ` was received. This field
// applies only to devices connecting through MQTT. MQTT clients usually only
// send `PINGREQ` messages if the connection is idle, and no other messages
// have been sent. Timestamps are periodically collected and written to
// storage; they may be stale by a few minutes.
google.protobuf.Timestamp last_heartbeat_time = 7;
// [Output only] The last time a telemetry event was received. Timestamps are
// periodically collected and written to storage; they may be stale by a few
// minutes.
google.protobuf.Timestamp last_event_time = 8;
// [Output only] The last time a state event was received. Timestamps are
// periodically collected and written to storage; they may be stale by a few
// minutes.
google.protobuf.Timestamp last_state_time = 20;
// [Output only] The last time a cloud-to-device config version acknowledgment
// was received from the device. This field is only for configurations
// sent through MQTT.
google.protobuf.Timestamp last_config_ack_time = 14;
// [Output only] The last time a cloud-to-device config version was sent to
// the device.
google.protobuf.Timestamp last_config_send_time = 18;
// If a device is blocked, connections or requests from this device will fail.
// Can be used to temporarily prevent the device from connecting if, for
// example, the sensor is generating bad data and needs maintenance.
bool blocked = 19;
// [Output only] The time the most recent error occurred, such as a failure to
// publish to Cloud Pub/Sub. This field is the timestamp of
// 'last_error_status'.
google.protobuf.Timestamp last_error_time = 10;
// [Output only] The error message of the most recent error, such as a failure
// to publish to Cloud Pub/Sub. 'last_error_time' is the timestamp of this
// field. If no errors have occurred, this field has an empty message
// and the status code 0 == OK. Otherwise, this field is expected to have a
// status code other than OK.
google.rpc.Status last_error_status = 11;
// The most recent device configuration, which is eventually sent from
// Cloud IoT Core to the device. If not present on creation, the
// configuration will be initialized with an empty payload and version value
// of `1`. To update this field after creation, use the
// `DeviceManager.ModifyCloudToDeviceConfig` method.
DeviceConfig config = 13;
// [Output only] The state most recently received from the device. If no state
// has been reported, this field is not present.
DeviceState state = 16;
// **Beta Feature**
//
// The logging verbosity for device activity. If unspecified,
// DeviceRegistry.log_level will be used.
LogLevel log_level = 21;
// The metadata key-value pairs assigned to the device. This metadata is not
// interpreted or indexed by Cloud IoT Core. It can be used to add contextual
// information for the device.
//
// Keys must conform to the regular expression [a-zA-Z][a-zA-Z0-9-_.+~%]+ and
// be less than 128 bytes in length.
//
// Values are free-form strings. Each value must be less than or equal to 32
// KB in size.
//
// The total size of all keys and values must be less than 256 KB, and the
// maximum number of key-value pairs is 500.
map<string, string> metadata = 17;
// Gateway-related configuration and state.
GatewayConfig gateway_config = 24;
}
// Gateway-related configuration and state.
message GatewayConfig {
// Indicates whether the device is a gateway.
GatewayType gateway_type = 1;
// Indicates how to authorize and/or authenticate devices to access the
// gateway.
GatewayAuthMethod gateway_auth_method = 2;
// [Output only] The ID of the gateway the device accessed most recently.
string last_accessed_gateway_id = 3;
// [Output only] The most recent time at which the device accessed the gateway
// specified in `last_accessed_gateway`.
google.protobuf.Timestamp last_accessed_gateway_time = 4;
}
// A container for a group of devices.
message DeviceRegistry {
// The identifier of this device registry. For example, `myRegistry`.
string id = 1;
// The resource path name. For example,
// `projects/example-project/locations/us-central1/registries/my-registry`.
string name = 2;
// The configuration for notification of telemetry events received from the
// device. All telemetry events that were successfully published by the
// device and acknowledged by Cloud IoT Core are guaranteed to be
// delivered to Cloud Pub/Sub. If multiple configurations match a message,
// only the first matching configuration is used. If you try to publish a
// device telemetry event using MQTT without specifying a Cloud Pub/Sub topic
// for the device's registry, the connection closes automatically. If you try
// to do so using an HTTP connection, an error is returned. Up to 10
// configurations may be provided.
repeated EventNotificationConfig event_notification_configs = 10;
// The configuration for notification of new states received from the device.
// State updates are guaranteed to be stored in the state history, but
// notifications to Cloud Pub/Sub are not guaranteed. For example, if
// permissions are misconfigured or the specified topic doesn't exist, no
// notification will be published but the state will still be stored in Cloud
// IoT Core.
StateNotificationConfig state_notification_config = 7;
// The MQTT configuration for this device registry.
MqttConfig mqtt_config = 4;
// The DeviceService (HTTP) configuration for this device registry.
HttpConfig http_config = 9;
// **Beta Feature**
//
// The default logging verbosity for activity from devices in this registry.
// The verbosity level can be overridden by Device.log_level.
LogLevel log_level = 11;
// The credentials used to verify the device credentials. No more than 10
// credentials can be bound to a single registry at a time. The verification
// process occurs at the time of device creation or update. If this field is
// empty, no verification is performed. Otherwise, the credentials of a newly
// created device or added credentials of an updated device should be signed
// with one of these registry credentials.
//
// Note, however, that existing devices will never be affected by
// modifications to this list of credentials: after a device has been
// successfully created in a registry, it should be able to connect even if
// its registry credentials are revoked, deleted, or modified.
repeated RegistryCredential credentials = 8;
}
// The configuration of MQTT for a device registry.
message MqttConfig {
// If enabled, allows connections using the MQTT protocol. Otherwise, MQTT
// connections to this registry will fail.
MqttState mqtt_enabled_state = 1;
}
// Indicates whether an MQTT connection is enabled or disabled. See the field
// description for details.
enum MqttState {
// No MQTT state specified. If not specified, MQTT will be enabled by default.
MQTT_STATE_UNSPECIFIED = 0;
// Enables a MQTT connection.
MQTT_ENABLED = 1;
// Disables a MQTT connection.
MQTT_DISABLED = 2;
}
// The configuration of the HTTP bridge for a device registry.
message HttpConfig {
// If enabled, allows devices to use DeviceService via the HTTP protocol.
// Otherwise, any requests to DeviceService will fail for this registry.
HttpState http_enabled_state = 1;
}
// Indicates whether DeviceService (HTTP) is enabled or disabled for the
// registry. See the field description for details.
enum HttpState {
// No HTTP state specified. If not specified, DeviceService will be
// enabled by default.
HTTP_STATE_UNSPECIFIED = 0;
// Enables DeviceService (HTTP) service for the registry.
HTTP_ENABLED = 1;
// Disables DeviceService (HTTP) service for the registry.
HTTP_DISABLED = 2;
}
// **Beta Feature**
//
// The logging verbosity for device activity. Specifies which events should be
// written to logs. For example, if the LogLevel is ERROR, only events that
// terminate in errors will be logged. LogLevel is inclusive; enabling INFO
// logging will also enable ERROR logging.
enum LogLevel {
// No logging specified. If not specified, logging will be disabled.
LOG_LEVEL_UNSPECIFIED = 0;
// Disables logging.
NONE = 10;
// Error events will be logged.
ERROR = 20;
// Informational events will be logged, such as connections and
// disconnections.
INFO = 30;
// All events will be logged.
DEBUG = 40;
}
// Gateway type.
enum GatewayType {
// If unspecified, the device is considered a non-gateway device.
GATEWAY_TYPE_UNSPECIFIED = 0;
// The device is a gateway.
GATEWAY = 1;
// The device is not a gateway.
NON_GATEWAY = 2;
}
// The gateway authorization/authentication method. This setting determines how
// Cloud IoT Core authorizes/authenticate devices to access the gateway.
enum GatewayAuthMethod {
// No authentication/authorization method specified. No devices are allowed to
// access the gateway.
GATEWAY_AUTH_METHOD_UNSPECIFIED = 0;
// The device is authenticated through the gateway association only. Device
// credentials are ignored even if provided.
ASSOCIATION_ONLY = 1;
// The device is authenticated through its own credentials. Gateway
// association is not checked.
DEVICE_AUTH_TOKEN_ONLY = 2;
// The device is authenticated through both device credentials and gateway
// association. The device must be bound to the gateway and must provide its
// own credentials.
ASSOCIATION_AND_DEVICE_AUTH_TOKEN = 3;
}
// The configuration for forwarding telemetry events.
message EventNotificationConfig {
// If the subfolder name matches this string exactly, this configuration will
// be used. The string must not include the leading '/' character. If empty,
// all strings are matched. This field is used only for telemetry events;
// subfolders are not supported for state changes.
string subfolder_matches = 2;
// A Cloud Pub/Sub topic name. For example,
// `projects/myProject/topics/deviceEvents`.
string pubsub_topic_name = 1;
}
// The configuration for notification of new states received from the device.
message StateNotificationConfig {
// A Cloud Pub/Sub topic name. For example,
// `projects/myProject/topics/deviceEvents`.
string pubsub_topic_name = 1;
}
// A server-stored registry credential used to validate device credentials.
message RegistryCredential {
// The credential data. Reserved for expansion in the future.
oneof credential {
// A public key certificate used to verify the device credentials.
PublicKeyCertificate public_key_certificate = 1;
}
}
// Details of an X.509 certificate. For informational purposes only.
message X509CertificateDetails {
// The entity that signed the certificate.
string issuer = 1;
// The entity the certificate and public key belong to.
string subject = 2;
// The time the certificate becomes valid.
google.protobuf.Timestamp start_time = 3;
// The time the certificate becomes invalid.
google.protobuf.Timestamp expiry_time = 4;
// The algorithm used to sign the certificate.
string signature_algorithm = 5;
// The type of public key in the certificate.
string public_key_type = 6;
}
// A public key certificate format and data.
message PublicKeyCertificate {
// The certificate format.
PublicKeyCertificateFormat format = 1;
// The certificate data.
string certificate = 2;
// [Output only] The certificate details. Used only for X.509 certificates.
X509CertificateDetails x509_details = 3;
}
// The supported formats for the public key.
enum PublicKeyCertificateFormat {
// The format has not been specified. This is an invalid default value and
// must not be used.
UNSPECIFIED_PUBLIC_KEY_CERTIFICATE_FORMAT = 0;
// An X.509v3 certificate ([RFC5280](https://www.ietf.org/rfc/rfc5280.txt)),
// encoded in base64, and wrapped by `-----BEGIN CERTIFICATE-----` and
// `-----END CERTIFICATE-----`.
X509_CERTIFICATE_PEM = 1;
}
// A server-stored device credential used for authentication.
message DeviceCredential {
// The credential data. Reserved for expansion in the future.
oneof credential {
// A public key used to verify the signature of JSON Web Tokens (JWTs).
// When adding a new device credential, either via device creation or via
// modifications, this public key credential may be required to be signed by
// one of the registry level certificates. More specifically, if the
// registry contains at least one certificate, any new device credential
// must be signed by one of the registry certificates. As a result,
// when the registry contains certificates, only X.509 certificates are
// accepted as device credentials. However, if the registry does
// not contain a certificate, self-signed certificates and public keys will
// be accepted. New device credentials must be different from every
// registry-level certificate.
PublicKeyCredential public_key = 2;
}
// [Optional] The time at which this credential becomes invalid. This
// credential will be ignored for new client authentication requests after
// this timestamp; however, it will not be automatically deleted.
google.protobuf.Timestamp expiration_time = 6;
}
// A public key format and data.
message PublicKeyCredential {
// The format of the key.
PublicKeyFormat format = 1;
// The key data.
string key = 2;
}
// The supported formats for the public key.
enum PublicKeyFormat {
// The format has not been specified. This is an invalid default value and
// must not be used.
UNSPECIFIED_PUBLIC_KEY_FORMAT = 0;
// An RSA public key encoded in base64, and wrapped by
// `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----`. This can be
// used to verify `RS256` signatures in JWT tokens ([RFC7518](
// https://www.ietf.org/rfc/rfc7518.txt)).
RSA_PEM = 3;
// As RSA_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
// https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
RSA_X509_PEM = 1;
// Public key for the ECDSA algorithm using P-256 and SHA-256, encoded in
// base64, and wrapped by `-----BEGIN PUBLIC KEY-----` and `-----END
// PUBLIC KEY-----`. This can be used to verify JWT tokens with the `ES256`
// algorithm ([RFC7518](https://www.ietf.org/rfc/rfc7518.txt)). This curve is
// defined in [OpenSSL](https://www.openssl.org/) as the `prime256v1` curve.
ES256_PEM = 2;
// As ES256_PEM, but wrapped in an X.509v3 certificate ([RFC5280](
// https://www.ietf.org/rfc/rfc5280.txt)), encoded in base64, and wrapped by
// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
ES256_X509_PEM = 4;
}
// The device configuration. Eventually delivered to devices.
message DeviceConfig {
// [Output only] The version of this update. The version number is assigned by
// the server, and is always greater than 0 after device creation. The
// version must be 0 on the `CreateDevice` request if a `config` is
// specified; the response of `CreateDevice` will always have a value of 1.
int64 version = 1;
// [Output only] The time at which this configuration version was updated in
// Cloud IoT Core. This timestamp is set by the server.
google.protobuf.Timestamp cloud_update_time = 2;
// [Output only] The time at which Cloud IoT Core received the
// acknowledgment from the device, indicating that the device has received
// this configuration version. If this field is not present, the device has
// not yet acknowledged that it received this version. Note that when
// the config was sent to the device, many config versions may have been
// available in Cloud IoT Core while the device was disconnected, and on
// connection, only the latest version is sent to the device. Some
// versions may never be sent to the device, and therefore are never
// acknowledged. This timestamp is set by Cloud IoT Core.
google.protobuf.Timestamp device_ack_time = 3;
// The device configuration data.
bytes binary_data = 4;
}
// The device state, as reported by the device.
message DeviceState {
// [Output only] The time at which this state version was updated in Cloud
// IoT Core.
google.protobuf.Timestamp update_time = 1;
// The device state data.
bytes binary_data = 2;
}
// The data within all Cloud IoT Device events.
message DeviceEventData {
// Optional. The Device event payload. Unset for deletion events.
optional Device payload = 1;
}
// The data within all Cloud IoT Registry events.
message RegistryEventData {
// Optional. The Registry event payload. Unset for deletion events.
optional DeviceRegistry payload = 1;
}