// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.gkebackup.v1;

import "google/api/field_behavior.proto";
import "google/api/field_info.proto";
import "google/api/resource.proto";
import "google/cloud/gkebackup/v1/common.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.GkeBackup.V1";
option go_package = "cloud.google.com/go/gkebackup/apiv1/gkebackuppb;gkebackuppb";
option java_multiple_files = true;
option java_outer_classname = "BackupPlanBindingProto";
option java_package = "com.google.cloud.gkebackup.v1";
option php_namespace = "Google\\Cloud\\GkeBackup\\V1";
option ruby_package = "Google::Cloud::GkeBackup::V1";

// A BackupPlanBinding binds a BackupPlan with a BackupChannel.
// This resource is created automatically when a BackupPlan is created using a
// BackupChannel. This also serves as a holder for cross-project fields
// that need to be displayed in the current project.
message BackupPlanBinding {
  option (google.api.resource) = {
    type: "gkebackup.googleapis.com/BackupPlanBinding"
    pattern: "projects/{project}/locations/{location}/backupChannels/{backup_channel}/backupPlanBindings/{backup_plan_binding}"
    plural: "backupPlanBindings"
    singular: "backupPlanBinding"
  };

  // Contains metadata about the backup plan/backup.
  message BackupPlanDetails {
    // State
    enum State {
      // Default first value for Enums.
      STATE_UNSPECIFIED = 0;

      // Waiting for cluster state to be RUNNING.
      CLUSTER_PENDING = 1;

      // The BackupPlan is in the process of being created.
      PROVISIONING = 2;

      // The BackupPlan has successfully been created and is ready for Backups.
      READY = 3;

      // BackupPlan creation has failed.
      FAILED = 4;

      // The BackupPlan has been deactivated.
      DEACTIVATED = 5;

      // The BackupPlan is in the process of being deleted.
      DELETING = 6;
    }

    // BackupConfigDetails defines the configuration of Backups created via this
    // BackupPlan.
    message BackupConfigDetails {
      // This defines the "scope" of the Backup - which namespaced
      // resources in the cluster will be included in a Backup.
      // Exactly one of the fields of backup_scope MUST be specified.
      oneof backup_scope {
        // Output only. If True, include all namespaced resources
        bool all_namespaces = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

        // Output only. If set, include just the resources in the listed
        // namespaces.
        Namespaces selected_namespaces = 2
            [(google.api.field_behavior) = OUTPUT_ONLY];

        // Output only. If set, include just the resources referenced by the
        // listed ProtectedApplications.
        NamespacedNames selected_applications = 3
            [(google.api.field_behavior) = OUTPUT_ONLY];
      }

      // Output only. This flag specifies whether volume data should be backed
      // up when PVCs are included in the scope of a Backup.
      //
      // Default: False
      bool include_volume_data = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

      // Output only. This flag specifies whether Kubernetes Secret resources
      // should be included when they fall into the scope of Backups.
      //
      // Default: False
      bool include_secrets = 6 [(google.api.field_behavior) = OUTPUT_ONLY];

      // Output only. This defines a customer managed encryption key that will
      // be used to encrypt the "config" portion (the Kubernetes resources) of
      // Backups created via this plan.
      //
      // Default (empty): Config backup artifacts will not be encrypted.
      EncryptionKey encryption_key = 7
          [(google.api.field_behavior) = OUTPUT_ONLY];
    }

    // RetentionPolicyDetails defines a Backup retention policy for a
    // BackupPlan.
    message RetentionPolicyDetails {
      // Optional. Minimum age for Backups created via this BackupPlan (in
      // days). This field MUST be an integer value between 0-90 (inclusive). A
      // Backup created under this BackupPlan will NOT be deletable until it
      // reaches Backup's (create_time + backup_delete_lock_days).
      // Updating this field of a BackupPlan does NOT affect existing Backups
      // under it. Backups created AFTER a successful update will inherit
      // the new value.
      //
      // Default: 0 (no delete blocking)
      int32 backup_delete_lock_days = 1
          [(google.api.field_behavior) = OPTIONAL];

      // Optional. The default maximum age of a Backup created via this
      // BackupPlan. This field MUST be an integer value >= 0 and <= 365. If
      // specified, a Backup created under this BackupPlan will be automatically
      // deleted after its age reaches (create_time + backup_retain_days). If
      // not specified, Backups created under this BackupPlan will NOT be
      // subject to automatic deletion.
      // Default: 0 (no automatic deletion)
      int32 backup_retain_days = 2 [(google.api.field_behavior) = OPTIONAL];
    }

    // Output only. The number of Kubernetes Pods backed up in the
    // last successful Backup created via this BackupPlan.
    int32 protected_pod_count = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. State of the BackupPlan.
    State state = 2 [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. Completion time of the last successful Backup. This is
    // sourced from a successful Backup's complete_time field.
    google.protobuf.Timestamp last_successful_backup_time = 3
        [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. Start time of next scheduled backup under this BackupPlan by
    // either cron_schedule or rpo config. This is sourced from BackupPlan.
    google.protobuf.Timestamp next_scheduled_backup_time = 4
        [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. A number that represents the current risk level of this
    // BackupPlan from RPO perspective with 1 being no risk and 5 being highest
    // risk.
    int32 rpo_risk_level = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. The fully qualified name of the last successful Backup
    // created under this BackupPlan.
    // `projects/*/locations/*/backupPlans/*/backups/*`
    string last_successful_backup = 6
        [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. Contains details about the BackupConfig of Backups created
    // via this BackupPlan.
    BackupConfigDetails backup_config_details = 7
        [(google.api.field_behavior) = OUTPUT_ONLY];

    // Output only. Contains details about the RetentionPolicy of Backups
    // created via this BackupPlan.
    RetentionPolicyDetails retention_policy_details = 8
        [(google.api.field_behavior) = OUTPUT_ONLY];
  }

  // Identifier. The fully qualified name of the BackupPlanBinding.
  // `projects/*/locations/*/backupChannels/*/backupPlanBindings/*`
  string name = 1 [(google.api.field_behavior) = IDENTIFIER];

  // Output only. Server generated global unique identifier of
  // [UUID4](https://en.wikipedia.org/wiki/Universally_unique_identifier)
  string uid = 2 [
    (google.api.field_info).format = UUID4,
    (google.api.field_behavior) = OUTPUT_ONLY
  ];

  // Output only. The timestamp when this binding was created.
  google.protobuf.Timestamp create_time = 3
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The timestamp when this binding was created.
  google.protobuf.Timestamp update_time = 4
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Immutable. The fully qualified name of the BackupPlan bound
  // with the parent BackupChannel.
  // `projects/*/locations/*/backupPlans/{backup_plan}`
  string backup_plan = 5 [
    (google.api.field_behavior) = IMMUTABLE,
    (google.api.field_behavior) = OUTPUT_ONLY,
    (google.api.resource_reference) = {
      type: "gkebackup.googleapis.com/BackupPlan"
    }
  ];

  // Output only. Immutable. The fully qualified name of the cluster that is
  // being backed up Valid formats:
  //
  // - `projects/*/locations/*/clusters/*`
  // - `projects/*/zones/*/clusters/*`
  string cluster = 6 [
    (google.api.field_behavior) = IMMUTABLE,
    (google.api.field_behavior) = OUTPUT_ONLY,
    (google.api.resource_reference) = {
      type: "container.googleapis.com/Cluster"
    }
  ];

  // Output only. Contains details about the backup plan/backup.
  BackupPlanDetails backup_plan_details = 7
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. `etag` is used for optimistic concurrency control as a way to
  // help prevent simultaneous updates of a BackupPlanBinding from overwriting
  // each other. It is strongly suggested that systems make use of the 'etag' in
  // the read-modify-write cycle to perform BackupPlanBinding updates in
  // order to avoid race conditions: An `etag` is returned in the response to
  // `GetBackupPlanBinding`, and systems are expected to put that etag in
  // the request to `UpdateBackupPlanBinding` or
  // `DeleteBackupPlanBinding` to ensure that their change will be applied
  // to the same version of the resource.
  string etag = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
}