// Copyright 2025 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.discoveryengine.v1; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/discoveryengine/v1/cmek_config_service.proto"; option csharp_namespace = "Google.Cloud.DiscoveryEngine.V1"; option go_package = "cloud.google.com/go/discoveryengine/apiv1/discoveryenginepb;discoveryenginepb"; option java_multiple_files = true; option java_outer_classname = "IdentityMappingStoreProto"; option java_package = "com.google.cloud.discoveryengine.v1"; option objc_class_prefix = "DISCOVERYENGINE"; option php_namespace = "Google\\Cloud\\DiscoveryEngine\\V1"; option ruby_package = "Google::Cloud::DiscoveryEngine::V1"; // Identity Mapping Store which contains Identity Mapping Entries. message IdentityMappingStore { option (google.api.resource) = { type: "discoveryengine.googleapis.com/IdentityMappingStore" pattern: "projects/{project}/locations/{location}/identityMappingStores/{identity_mapping_store}" }; // Immutable. The full resource name of the identity mapping store. // Format: // `projects/{project}/locations/{location}/identityMappingStores/{identity_mapping_store}`. // This field must be a UTF-8 encoded string with a length limit of 1024 // characters. string name = 1 [(google.api.field_behavior) = IMMUTABLE]; // Input only. The KMS key to be used to protect this Identity Mapping Store // at creation time. // // Must be set for requests that need to comply with CMEK Org Policy // protections. // // If this field is set and processed successfully, the Identity Mapping Store // will be protected by the KMS key, as indicated in the cmek_config field. string kms_key_name = 3 [(google.api.field_behavior) = INPUT_ONLY]; // Output only. CMEK-related information for the Identity Mapping Store. CmekConfig cmek_config = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; } // Identity Mapping Entry that maps an external identity to an internal // identity. message IdentityMappingEntry { // Union field identity_provider_id. Identity Provider id can be a user or a // group. oneof identity_provider_id { // User identifier. // For Google Workspace user account, user_id should be the google workspace // user email. // For non-google identity provider, user_id is the mapped user identifier // configured during the workforcepool config. string user_id = 2; // Group identifier. // For Google Workspace user account, group_id should be the google // workspace group email. // For non-google identity provider, group_id is the mapped group identifier // configured during the workforcepool config. string group_id = 3; } // Required. Identity outside the customer identity provider. // The length limit of external identity will be of 100 characters. string external_identity = 1 [(google.api.field_behavior) = REQUIRED]; }