// Copyright 2026 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.firestore.admin.v1;

import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.Firestore.Admin.V1";
option go_package = "cloud.google.com/go/firestore/apiv1/admin/adminpb;adminpb";
option java_multiple_files = true;
option java_outer_classname = "UserCredsProto";
option java_package = "com.google.firestore.admin.v1";
option objc_class_prefix = "GCFS";
option php_namespace = "Google\\Cloud\\Firestore\\Admin\\V1";
option ruby_package = "Google::Cloud::Firestore::Admin::V1";

// A Cloud Firestore User Creds.
message UserCreds {
  option (google.api.resource) = {
    type: "firestore.googleapis.com/UserCreds"
    pattern: "projects/{project}/databases/{database}/userCreds/{user_creds}"
    plural: "userCreds"
    singular: "userCreds"
  };

  // The state of the user creds (ENABLED or DISABLED).
  enum State {
    // The default value. Should not be used.
    STATE_UNSPECIFIED = 0;

    // The user creds are enabled.
    ENABLED = 1;

    // The user creds are disabled.
    DISABLED = 2;
  }

  // Describes a Resource Identity principal.
  message ResourceIdentity {
    // Output only. Principal identifier string.
    // See: https://cloud.google.com/iam/docs/principal-identifiers
    string principal = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
  }

  // Identifier. The resource name of the UserCreds.
  // Format:
  // `projects/{project}/databases/{database}/userCreds/{user_creds}`
  string name = 1 [(google.api.field_behavior) = IDENTIFIER];

  // Output only. The time the user creds were created.
  google.protobuf.Timestamp create_time = 2
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The time the user creds were last updated.
  google.protobuf.Timestamp update_time = 3
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Whether the user creds are enabled or disabled. Defaults to
  // ENABLED on creation.
  State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The plaintext server-generated password for the user creds.
  // Only populated in responses for CreateUserCreds and ResetUserPassword.
  string secure_password = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Identity associated with this User Creds.
  oneof UserCredsIdentity {
    // Resource Identity descriptor.
    ResourceIdentity resource_identity = 6;
  }
}