// Copyright 2025 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//    http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package grafeas.v1;

import "google/api/field_behavior.proto";
import "google/protobuf/timestamp.proto";
import "grafeas/v1/common.proto";

option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";

// The note representing a secret.
message SecretNote {}

// The occurrence provides details of a secret.
message SecretOccurrence {
  // Type of secret.
  SecretKind kind = 1 [(google.api.field_behavior) = REQUIRED];

  // Locations where the secret is detected.
  repeated SecretLocation locations = 2
      [(google.api.field_behavior) = OPTIONAL];

  // Status of the secret.
  repeated SecretStatus statuses = 3 [(google.api.field_behavior) = OPTIONAL];
}

// The location of the secret.
message SecretLocation {
  // The detailed location of the secret.
  oneof location {
    // The secret is found from a file.
    FileLocation file_location = 1;
  }
}

// The status of the secret with a timestamp.
message SecretStatus {
  // The status of the secret.
  enum Status {
    // Unspecified
    STATUS_UNSPECIFIED = 0;

    // The status of the secret is unknown.
    UNKNOWN = 1;

    // The secret is valid.
    VALID = 2;

    // The secret is invalid.
    INVALID = 3;
  }

  // The status of the secret.
  Status status = 1 [(google.api.field_behavior) = OPTIONAL];

  // The time the secret status was last updated.
  google.protobuf.Timestamp update_time = 2
      [(google.api.field_behavior) = OPTIONAL];

  // Optional message about the status code.
  string message = 3 [(google.api.field_behavior) = OPTIONAL];
}

// Kind of secret.
enum SecretKind {
  // Unspecified
  SECRET_KIND_UNSPECIFIED = 0;
  // The secret kind is unknown.
  SECRET_KIND_UNKNOWN = 1;
  // A GCP service account key per:
  // https://cloud.google.com/iam/docs/creating-managing-service-account-keys
  SECRET_KIND_GCP_SERVICE_ACCOUNT_KEY = 2;
}