@@ -174,6 +174,69 @@ service ManagedKafka {
174174 };
175175 option (google.api.method_signature ) = "name" ;
176176 }
177+
178+ // Lists the acls in a given cluster.
179+ rpc ListAcls (ListAclsRequest ) returns (ListAclsResponse ) {
180+ option (google.api.http ) = {
181+ get : "/v1/{parent=projects/*/locations/*/clusters/*}/acls"
182+ };
183+ option (google.api.method_signature ) = "parent" ;
184+ }
185+
186+ // Returns the properties of a single acl.
187+ rpc GetAcl (GetAclRequest ) returns (Acl ) {
188+ option (google.api.http ) = {
189+ get : "/v1/{name=projects/*/locations/*/clusters/*/acls/**}"
190+ };
191+ option (google.api.method_signature ) = "name" ;
192+ }
193+
194+ // Creates a new acl in the given project, location, and cluster.
195+ rpc CreateAcl (CreateAclRequest ) returns (Acl ) {
196+ option (google.api.http ) = {
197+ post : "/v1/{parent=projects/*/locations/*/clusters/*}/acls"
198+ body : "acl"
199+ };
200+ option (google.api.method_signature ) = "parent,acl,acl_id" ;
201+ }
202+
203+ // Updates the properties of a single acl.
204+ rpc UpdateAcl (UpdateAclRequest ) returns (Acl ) {
205+ option (google.api.http ) = {
206+ patch : "/v1/{acl.name=projects/*/locations/*/clusters/*/acls/**}"
207+ body : "acl"
208+ };
209+ option (google.api.method_signature ) = "acl,update_mask" ;
210+ }
211+
212+ // Deletes an acl.
213+ rpc DeleteAcl (DeleteAclRequest ) returns (google .protobuf .Empty ) {
214+ option (google.api.http ) = {
215+ delete : "/v1/{name=projects/*/locations/*/clusters/*/acls/**}"
216+ };
217+ option (google.api.method_signature ) = "name" ;
218+ }
219+
220+ // Incremental update: Adds an acl entry to an acl. Creates the acl if it does
221+ // not exist yet.
222+ rpc AddAclEntry (AddAclEntryRequest ) returns (AddAclEntryResponse ) {
223+ option (google.api.http ) = {
224+ post : "/v1/{acl=projects/*/locations/*/clusters/*/acls/**}:addAclEntry"
225+ body : "acl_entry"
226+ };
227+ option (google.api.method_signature ) = "acl,acl_entry" ;
228+ }
229+
230+ // Incremental update: Removes an acl entry from an acl. Deletes the acl if
231+ // its acl entries become empty (i.e. if the removed entry was the last one in
232+ // the acl).
233+ rpc RemoveAclEntry (RemoveAclEntryRequest ) returns (RemoveAclEntryResponse ) {
234+ option (google.api.http ) = {
235+ post : "/v1/{acl=projects/*/locations/*/clusters/*/acls/**}:removeAclEntry"
236+ body : "acl_entry"
237+ };
238+ option (google.api.method_signature ) = "acl,acl_entry" ;
239+ }
177240}
178241
179242// Request for ListClusters.
@@ -506,3 +569,191 @@ message DeleteConsumerGroupRequest {
506569 }
507570 ];
508571}
572+
573+ // Request for ListAcls.
574+ message ListAclsRequest {
575+ // Required. The parent cluster whose acls are to be listed.
576+ // Structured like
577+ // `projects/{project}/locations/{location}/clusters/{cluster}`.
578+ string parent = 1 [
579+ (google.api.field_behavior ) = REQUIRED ,
580+ (google.api.resource_reference ) = {
581+ child_type : "managedkafka.googleapis.com/Acl"
582+ }
583+ ];
584+
585+ // Optional. The maximum number of acls to return. The service may return
586+ // fewer than this value. If unset or zero, all acls for the parent is
587+ // returned.
588+ int32 page_size = 2 [(google.api.field_behavior ) = OPTIONAL ];
589+
590+ // Optional. A page token, received from a previous `ListAcls` call.
591+ // Provide this to retrieve the subsequent page.
592+ //
593+ // When paginating, all other parameters provided to `ListAcls` must match
594+ // the call that provided the page token.
595+ string page_token = 3 [(google.api.field_behavior ) = OPTIONAL ];
596+ }
597+
598+ // Response for ListAcls.
599+ message ListAclsResponse {
600+ // The list of acls in the requested parent. The order of the acls is
601+ // unspecified.
602+ repeated Acl acls = 1 ;
603+
604+ // A token that can be sent as `page_token` to retrieve the next page of
605+ // results. If this field is omitted, there are no more results.
606+ string next_page_token = 2 ;
607+ }
608+
609+ // Request for GetAcl.
610+ message GetAclRequest {
611+ // Required. The name of the acl to return.
612+ // Structured like:
613+ // `projects/{project}/locations/{location}/clusters/{cluster}/acls/{acl_id}`.
614+ //
615+ // The structure of `acl_id` defines the Resource Pattern (resource_type,
616+ // resource_name, pattern_type) of the acl. See `Acl.name` for
617+ // details.
618+ string name = 1 [
619+ (google.api.field_behavior ) = REQUIRED ,
620+ (google.api.resource_reference ) = {
621+ type : "managedkafka.googleapis.com/Acl"
622+ }
623+ ];
624+ }
625+
626+ // Request for CreateAcl.
627+ message CreateAclRequest {
628+ // Required. The parent cluster in which to create the acl.
629+ // Structured like
630+ // `projects/{project}/locations/{location}/clusters/{cluster}`.
631+ string parent = 1 [
632+ (google.api.field_behavior ) = REQUIRED ,
633+ (google.api.resource_reference ) = {
634+ child_type : "managedkafka.googleapis.com/Acl"
635+ }
636+ ];
637+
638+ // Required. The ID to use for the acl, which will become the final component
639+ // of the acl's name. The structure of `acl_id` defines the Resource Pattern
640+ // (resource_type, resource_name, pattern_type) of the acl. `acl_id` is
641+ // structured like one of the following:
642+ //
643+ // For acls on the cluster:
644+ // `cluster`
645+ //
646+ // For acls on a single resource within the cluster:
647+ // `topic/{resource_name}`
648+ // `consumerGroup/{resource_name}`
649+ // `transactionalId/{resource_name}`
650+ //
651+ // For acls on all resources that match a prefix:
652+ // `topicPrefixed/{resource_name}`
653+ // `consumerGroupPrefixed/{resource_name}`
654+ // `transactionalIdPrefixed/{resource_name}`
655+ //
656+ // For acls on all resources of a given type (i.e. the wildcard literal "*"):
657+ // `allTopics` (represents `topic/*`)
658+ // `allConsumerGroups` (represents `consumerGroup/*`)
659+ // `allTransactionalIds` (represents `transactionalId/*`)
660+ string acl_id = 2 [(google.api.field_behavior ) = REQUIRED ];
661+
662+ // Required. Configuration of the acl to create. Its `name` field is ignored.
663+ Acl acl = 3 [(google.api.field_behavior ) = REQUIRED ];
664+ }
665+
666+ // Request for UpdateAcl.
667+ message UpdateAclRequest {
668+ // Required. The updated acl. Its `name` and `etag` fields must be populated.
669+ // `acl_entries` must not be empty in the updated acl; to remove all acl
670+ // entries for an acl, use DeleteAcl.
671+ Acl acl = 1 [(google.api.field_behavior ) = REQUIRED ];
672+
673+ // Optional. Field mask is used to specify the fields to be overwritten in the
674+ // Acl resource by the update. The fields specified in the update_mask are
675+ // relative to the resource, not the full request. A field will be overwritten
676+ // if it is in the mask.
677+ google.protobuf.FieldMask update_mask = 2
678+ [(google.api.field_behavior ) = OPTIONAL ];
679+ }
680+
681+ // Request for DeleteAcl.
682+ message DeleteAclRequest {
683+ // Required. The name of the acl to delete.
684+ // Structured like:
685+ // `projects/{project}/locations/{location}/clusters/{cluster}/acls/{acl_id}`.
686+ //
687+ // The structure of `acl_id` defines the Resource Pattern (resource_type,
688+ // resource_name, pattern_type) of the acl. See `Acl.name` for details.
689+ string name = 1 [
690+ (google.api.field_behavior ) = REQUIRED ,
691+ (google.api.resource_reference ) = {
692+ type : "managedkafka.googleapis.com/Acl"
693+ }
694+ ];
695+ }
696+
697+ // Request for AddAclEntry.
698+ message AddAclEntryRequest {
699+ // Required. The name of the acl to add the acl entry to.
700+ // Structured like:
701+ // `projects/{project}/locations/{location}/clusters/{cluster}/acls/{acl_id}`.
702+ //
703+ // The structure of `acl_id` defines the Resource Pattern (resource_type,
704+ // resource_name, pattern_type) of the acl. See `Acl.name` for
705+ // details.
706+ string acl = 1 [
707+ (google.api.field_behavior ) = REQUIRED ,
708+ (google.api.resource_reference ) = {
709+ type : "managedkafka.googleapis.com/Acl"
710+ }
711+ ];
712+
713+ // Required. The acl entry to add.
714+ AclEntry acl_entry = 2 [(google.api.field_behavior ) = REQUIRED ];
715+ }
716+
717+ // Response for AddAclEntry.
718+ message AddAclEntryResponse {
719+ // The updated acl.
720+ Acl acl = 1 ;
721+
722+ // Whether the acl was created as a result of adding the acl entry.
723+ bool acl_created = 2 ;
724+ }
725+
726+ // Request for RemoveAclEntry.
727+ message RemoveAclEntryRequest {
728+ // Required. The name of the acl to remove the acl entry from.
729+ // Structured like:
730+ // `projects/{project}/locations/{location}/clusters/{cluster}/acls/{acl_id}`.
731+ //
732+ // The structure of `acl_id` defines the Resource Pattern (resource_type,
733+ // resource_name, pattern_type) of the acl. See `Acl.name` for
734+ // details.
735+ string acl = 1 [
736+ (google.api.field_behavior ) = REQUIRED ,
737+ (google.api.resource_reference ) = {
738+ type : "managedkafka.googleapis.com/Acl"
739+ }
740+ ];
741+
742+ // Required. The acl entry to remove.
743+ AclEntry acl_entry = 2 [(google.api.field_behavior ) = REQUIRED ];
744+ }
745+
746+ // Response for RemoveAclEntry.
747+ message RemoveAclEntryResponse {
748+ // The result of removing the acl entry, depending on whether the acl was
749+ // deleted as a result of removing the acl entry.
750+ oneof result {
751+ // The updated acl. Returned if the removed acl entry was not the last entry
752+ // in the acl.
753+ Acl acl = 1 ;
754+
755+ // Returned with value true if the removed acl entry was the last entry in
756+ // the acl, resulting in acl deletion.
757+ bool acl_deleted = 2 ;
758+ }
759+ }
0 commit comments