// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.internal.federatedcompute.v1; import "google/protobuf/duration.proto"; option java_package = "com.google.internal.federatedcompute.v1"; option java_multiple_files = true; option java_outer_classname = "FederatedComputeApi"; // Information that tells the client where to send the request for the next // protocol phase (the immediately following phase only, not any additional // subsequent phases). For example, this may point to the frontend to which // a StartTaskAssignmentRequest should be sent, but it should not then be used // for uploading aggregation results. A ForwardingInfo will always be returned // to the client unless the client was not selected to continue with the // protocol. message ForwardingInfo { // A URI prefix for the next service to send the request for the next protocol // phase to. // // The URI prefix must always start with "https://". // // The URI prefix may end with a trailing '/', but is not required to. During // the construction of the next protocol request, a slash will always be // inserted by the client between this prefix and the request's URI suffix. // // For example, if some protocol response's ForwardingInfo contains the prefix // "https://foo.bar.com" or "https://foo.bar.com/", and if the subsequent // protocol request's URI suffix is "/baz", then the subsequent request's full // URI would be "https://foo.bar.com/baz". string target_uri_prefix = 1; // Request headers that should be included with the next request for the next // protocol phase. Note that these headers should only be applied to protocol // requests (incl. requests to the long running `Operations` service), but not // to any `Resource` fetch requests. map extra_request_headers = 2; } // The attestation measurement providing evidence of integrity for a client. message AttestationMeasurement { string value = 1; } message ClientVersion { // Version code identifying the client release. string version_code = 1; } message Resource { // A resource can either be downloaded via a URI, or has its data inlined in // in this message itself. oneof resource { // The URI the resource can be downloaded from. Note that // `ForwardingInfo.target_uri_prefix` field generally don't apply to these // URIs. string uri = 1; // The inlined data for the resource. This will eventually replace `data`. InlineResource inline_resource = 3; } message InlineResource { // The inlined data for the resource. bytes data = 1; // The compression used for the inlined data, or unset if the data is // uncompressed. optional ResourceCompressionFormat compression_format = 2; } // Stable identifier for this resource, used by the client cache // implementation. If this field is not set, the client should not attempt to // cache the resource referenced by `uri`. Not set for inline_resources. string client_cache_id = 4; // The maximum duration for how long the resource should be cached by the // client. Not set if `client_cache_id` is not set. google.protobuf.Duration max_age = 5; // The compression used for resource, or unset if the data is // uncompressed. optional ResourceCompressionFormat compression_format = 999; reserved 2; } // The client's capabilities for processing Resource messages, such as the // compressed file formats supported. message ResourceCapabilities { // Compression formats supported for resources downloaded via `Resource.uri`. // All clients are assumed to support uncompressed payloads. repeated ResourceCompressionFormat supported_compression_formats = 1; } // Different file formats that may be used to compress resources. enum ResourceCompressionFormat { RESOURCE_COMPRESSION_FORMAT_UNSPECIFIED = 0; // Gzip-compressed data. If data is compressed in this way, then the // "Content-Type" HTTP response header will have a "+gzip" suffix. RESOURCE_COMPRESSION_FORMAT_GZIP = 1; } // Currently empty message which is sent when client (device) is rejected for // participation and is not assigned a task. // Next id: 1004 message RejectionInfo { RejectionReason.Enum reason = 1001; // Metadata for client to take next action. oneof metadata { // Retry after a period of time. RetryWindow retry_window = 1002; // The field is used when the RejectionReason is UNAUTHENTICATED. AuthenticationMetadata auth_metadata = 1003; } } // The metadata used to authenticate a device. // Next Id: 2 message AuthenticationMetadata { KeyAttestationAuthMetadata key_attestation_metadata = 1; } // The metadata to authenticate with key attestation. // Next Id: 2 message KeyAttestationAuthMetadata { // The challenge to generate hardware-backed key pairs on device. bytes challenge = 1; } // Next id: 4 message RejectionReason { enum Enum { // Unknown status. UNKNOWN = 0; // There is no available task to join. NO_TASK_AVAILABLE = 1; // No permission to do the operation. UNAUTHORIZED = 2; // The device is not authenticated to the server. UNAUTHENTICATED = 3; } } // A suggestion to the client when to retry the connection to the service next // time message RetryWindow { // The suggested minimal duration after which the client should // retry. If the client retries earlier, it is likely it will be rejected // again. google.protobuf.Duration delay_min = 1; // Required. The suggested maximal duration after which the client should // retry, provided scheduling conditions allow. The client is supposed to make // a best effort to callback in the min..max window, and should avoid // calling before min. If the client calls after max, the likelihood to be // rejected again is higher. google.protobuf.Duration delay_max = 2; } // Information about where to upload data (e.g. aggregation results, client // stats). message ByteStreamResource { // Information to construct the URI to use for uploading the data. ForwardingInfo data_upload_forwarding_info = 1; // Resource name to which the data should be uploaded. // Clients should use this field as well as the // `ForwardingInfo.target_uri_prefix` to create the upload URL: // {target_uri_prefix}/upload/v1/media/{resource_name} (where // `{resource_name}` should be encoded as a multipath segment, as described // in // https://github.com/googleapis/googleapis/blob/master/google/api/http.proto). string resource_name = 2; } // Copied from //google/rpc/status.proto. message Status { // The status code, which should be an enum value of [google.rpc.Code][]. int32 code = 1; string message = 2; } enum Code { // Not an error; returned on success. // // HTTP Mapping: 200 OK OK = 0; // The operation was cancelled, typically by the caller. // // HTTP Mapping: 499 Client Closed Request CANCELLED = 1; // Unknown error. For example, this error may be returned when // a `Status` value received from another address space belongs to // an error space that is not known in this address space. Also // errors raised by APIs that do not return enough error information // may be converted to this error. // // HTTP Mapping: 500 Internal Server Error UNKNOWN = 2; // The client specified an invalid argument. Note that this differs // from `FAILED_PRECONDITION`. `INVALID_ARGUMENT` indicates arguments // that are problematic regardless of the state of the system // (e.g., a malformed file name). // // HTTP Mapping: 400 Bad Request INVALID_ARGUMENT = 3; // The deadline expired before the operation could complete. For operations // that change the state of the system, this error may be returned // even if the operation has completed successfully. For example, a // successful response from a server could have been delayed long // enough for the deadline to expire. // // HTTP Mapping: 504 Gateway Timeout DEADLINE_EXCEEDED = 4; // Some requested entity (e.g., file or directory) was not found. // // Note to server developers: if a request is denied for an entire class // of users, such as gradual feature rollout or undocumented allowlist, // `NOT_FOUND` may be used. If a request is denied for some users within // a class of users, such as user-based access control, `PERMISSION_DENIED` // must be used. // // HTTP Mapping: 404 Not Found NOT_FOUND = 5; // The entity that a client attempted to create (e.g., file or directory) // already exists. // // HTTP Mapping: 409 Conflict ALREADY_EXISTS = 6; // The caller does not have permission to execute the specified // operation. `PERMISSION_DENIED` must not be used for rejections // caused by exhausting some resource (use `RESOURCE_EXHAUSTED` // instead for those errors). `PERMISSION_DENIED` must not be // used if the caller can not be identified (use `UNAUTHENTICATED` // instead for those errors). This error code does not imply the // request is valid or the requested entity exists or satisfies // other pre-conditions. // // HTTP Mapping: 403 Forbidden PERMISSION_DENIED = 7; // The request does not have valid authentication credentials for the // operation. // // HTTP Mapping: 401 Unauthorized UNAUTHENTICATED = 16; // Some resource has been exhausted, perhaps a per-user quota, or // perhaps the entire file system is out of space. // // HTTP Mapping: 429 Too Many Requests RESOURCE_EXHAUSTED = 8; // The operation was rejected because the system is not in a state // required for the operation's execution. For example, the directory // to be deleted is non-empty, an rmdir operation is applied to // a non-directory, etc. // // Service implementors can use the following guidelines to decide // between `FAILED_PRECONDITION`, `ABORTED`, and `UNAVAILABLE`: // (a) Use `UNAVAILABLE` if the client can retry just the failing call. // (b) Use `ABORTED` if the client should retry at a higher level. For // example, when a client-specified test-and-set fails, indicating the // client should restart a read-modify-write sequence. // (c) Use `FAILED_PRECONDITION` if the client should not retry until // the system state has been explicitly fixed. For example, if an "rmdir" // fails because the directory is non-empty, `FAILED_PRECONDITION` // should be returned since the client should not retry unless // the files are deleted from the directory. // // HTTP Mapping: 400 Bad Request FAILED_PRECONDITION = 9; // The operation was aborted, typically due to a concurrency issue such as // a sequencer check failure or transaction abort. // // See the guidelines above for deciding between `FAILED_PRECONDITION`, // `ABORTED`, and `UNAVAILABLE`. // // HTTP Mapping: 409 Conflict ABORTED = 10; // The operation was attempted past the valid range. E.g., seeking or // reading past end-of-file. // // Unlike `INVALID_ARGUMENT`, this error indicates a problem that may // be fixed if the system state changes. For example, a 32-bit file // system will generate `INVALID_ARGUMENT` if asked to read at an // offset that is not in the range [0,2^32-1], but it will generate // `OUT_OF_RANGE` if asked to read from an offset past the current // file size. // // There is a fair bit of overlap between `FAILED_PRECONDITION` and // `OUT_OF_RANGE`. We recommend using `OUT_OF_RANGE` (the more specific // error) when it applies so that callers who are iterating through // a space can easily look for an `OUT_OF_RANGE` error to detect when // they are done. // // HTTP Mapping: 400 Bad Request OUT_OF_RANGE = 11; // The operation is not implemented or is not supported/enabled in this // service. // // HTTP Mapping: 501 Not Implemented UNIMPLEMENTED = 12; // Internal errors. This means that some invariants expected by the // underlying system have been broken. This error code is reserved // for serious errors. // // HTTP Mapping: 500 Internal Server Error INTERNAL = 13; // The service is currently unavailable. This is most likely a // transient condition, which can be corrected by retrying with // a backoff. Note that it is not always safe to retry // non-idempotent operations. // // See the guidelines above for deciding between `FAILED_PRECONDITION`, // `ABORTED`, and `UNAVAILABLE`. // // HTTP Mapping: 503 Service Unavailable UNAVAILABLE = 14; // Unrecoverable data loss or corruption. // // HTTP Mapping: 500 Internal Server Error DATA_LOSS = 15; }