cloud_sql_resources.proto

// Copyright 2026 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.sql.v1;

import "google/api/field_behavior.proto";
import "google/api/field_info.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";

option go_package = "cloud.google.com/go/sql/apiv1/sqlpb;sqlpb";
option java_multiple_files = true;
option java_outer_classname = "CloudSqlResourcesProto";
option java_package = "com.google.cloud.sql.v1";

// An entry for an Access Control list.
message AclEntry {
  // The allowlisted value for the access control list.
  string value = 1;

  // The time when this access control entry expires in
  // [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`.
  google.protobuf.Timestamp expiration_time = 2;

  // Optional. A label to identify this entry.
  string name = 3 [(google.api.field_behavior) = OPTIONAL];

  // This is always `sql#aclEntry`.
  string kind = 4;
}

// An Admin API warning message.
message ApiWarning {
  enum SqlApiWarningCode {
    // An unknown or unset warning type from Cloud SQL API.
    SQL_API_WARNING_CODE_UNSPECIFIED = 0;

    // Warning when one or more regions are not reachable.  The returned result
    // set may be incomplete.
    REGION_UNREACHABLE = 1;

    // Warning when user provided maxResults parameter exceeds the limit.  The
    // returned result set may be incomplete.
    MAX_RESULTS_EXCEEDS_LIMIT = 2;

    // Warning when user tries to create/update a user with credentials that
    // have previously been compromised by a public data breach.
    COMPROMISED_CREDENTIALS = 3;

    // Warning when the operation succeeds but some non-critical workflow state
    // failed.
    INTERNAL_STATE_FAILURE = 4;
  }

  // Code to uniquely identify the warning type.
  SqlApiWarningCode code = 1;

  // The warning message.
  string message = 2;

  // The region name for REGION_UNREACHABLE warning.
  string region = 3;
}

// We currently only support backup retention by specifying the number
// of backups we will retain.
message BackupRetentionSettings {
  // The units that retained_backups specifies, we only support COUNT.
  enum RetentionUnit {
    // Backup retention unit is unspecified, will be treated as COUNT.
    RETENTION_UNIT_UNSPECIFIED = 0;

    // Retention will be by count, eg. "retain the most recent 7 backups".
    COUNT = 1;
  }

  // The unit that 'retained_backups' represents.
  RetentionUnit retention_unit = 1;

  // Depending on the value of retention_unit, this is used to determine
  // if a backup needs to be deleted.  If retention_unit is 'COUNT', we will
  // retain this many backups.
  google.protobuf.Int32Value retained_backups = 2;
}

// Database instance backup configuration.
message BackupConfiguration {
  // This value contains the storage location of the transactional logs
  // used to perform point-in-time recovery (PITR) for the database.
  enum TransactionalLogStorageState {
    // Unspecified.
    TRANSACTIONAL_LOG_STORAGE_STATE_UNSPECIFIED = 0;

    // The transaction logs used for PITR for the instance are stored
    // on a data disk.
    DISK = 1;

    // The transaction logs used for PITR for the instance are switching from
    // being stored on a data disk to being stored in Cloud Storage.
    // Only applicable to MySQL.
    SWITCHING_TO_CLOUD_STORAGE = 2;

    // The transaction logs used for PITR for the instance are now stored
    // in Cloud Storage. Previously, they were stored on a data disk.
    // Only applicable to MySQL.
    SWITCHED_TO_CLOUD_STORAGE = 3;

    // The transaction logs used for PITR for the instance are stored in
    // Cloud Storage. Only applicable to MySQL and PostgreSQL.
    CLOUD_STORAGE = 4;
  }

  // Backup tier that manages the backups for the instance.
  enum BackupTier {
    // Unspecified.
    BACKUP_TIER_UNSPECIFIED = 0;

    // Instance is managed by Cloud SQL.
    STANDARD = 1;

    // Deprecated: ADVANCED is deprecated. Please use ENHANCED instead.
    ADVANCED = 2 [deprecated = true];

    // Instance is managed by Google Cloud Backup and DR Service.
    ENHANCED = 3;
  }

  // Start time for the daily backup configuration in UTC timezone in the 24
  // hour format - `HH:MM`.
  string start_time = 1;

  // Whether this configuration is enabled.
  google.protobuf.BoolValue enabled = 2;

  // This is always `sql#backupConfiguration`.
  string kind = 3;

  // (MySQL only) Whether binary log is enabled. If backup configuration is
  // disabled, binarylog must be disabled as well.
  google.protobuf.BoolValue binary_log_enabled = 4;

  // Reserved for future use.
  google.protobuf.BoolValue replication_log_archiving_enabled = 5;

  // Location of the backup
  string location = 6;

  // Whether point in time recovery is enabled.
  google.protobuf.BoolValue point_in_time_recovery_enabled = 7;

  // Backup retention settings.
  BackupRetentionSettings backup_retention_settings = 8;

  // The number of days of transaction logs we retain for point in time
  // restore, from 1-7.
  google.protobuf.Int32Value transaction_log_retention_days = 9;

  // Output only. This value contains the storage location of transactional logs
  // used to perform point-in-time recovery (PITR) for the database.
  optional TransactionalLogStorageState transactional_log_storage_state = 10
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Backup tier that manages the backups for the instance.
  optional BackupTier backup_tier = 11
      [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Perform disk shrink context.
message PerformDiskShrinkContext {
  // The target disk shrink size in GigaBytes.
  int64 target_size_gb = 1;
}

// Structured PreCheckResponse containing message, type, and required
// actions.
message PreCheckResponse {
  // The type of message which can be an info, a warning, or an error that
  // requires user intervention.
  enum MessageType {
    // Default unspecified value to prevent unintended behavior changes.
    MESSAGE_TYPE_UNSPECIFIED = 0;

    // General informational messages that don't require action.
    INFO = 1;

    // Warnings that might impact the upgrade but don't block it.
    WARNING = 2;

    // Errors that a user must resolve before proceeding with the upgrade.
    ERROR = 3;
  }

  // The message to be displayed to the user.
  optional string message = 2;

  // The type of message whether it is an info, warning, or error.
  optional MessageType message_type = 3;

  // The actions that the user needs to take. Use repeated for multiple
  // actions.
  repeated string actions_required = 4;
}

// Pre-check major version upgrade context.
message PreCheckMajorVersionUpgradeContext {
  // Required. The target database version to upgrade to.
  SqlDatabaseVersion target_database_version = 1
      [(google.api.field_behavior) = REQUIRED];

  // Output only. The responses from the precheck operation.
  repeated PreCheckResponse pre_check_response = 2
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Optional. This is always `sql#preCheckMajorVersionUpgradeContext`.
  string kind = 3 [(google.api.field_behavior) = OPTIONAL];
}

// Backup context.
message BackupContext {
  // The identifier of the backup.
  int64 backup_id = 1;

  // This is always `sql#backupContext`.
  string kind = 2;

  // The name of the backup.
  // Format: projects/{project}/backups/{backup}
  string name = 3;
}

// Represents a SQL database on the Cloud SQL instance.
message Database {
  // This is always `sql#database`.
  string kind = 1;

  // The Cloud SQL charset value.
  string charset = 2;

  // The Cloud SQL collation value.
  string collation = 3;

  // This field is deprecated and will be removed from a future version of the
  // API.
  string etag = 4;

  // The name of the database in the Cloud SQL instance. This does not include
  // the project ID or instance name.
  string name = 5;

  // The name of the Cloud SQL instance. This does not include the project ID.
  string instance = 6;

  // The URI of this resource.
  string self_link = 7;

  // The project ID of the project containing the Cloud SQL database. The Google
  // apps domain is prefixed if applicable.
  string project = 8;

  oneof database_details {
    SqlServerDatabaseDetails sqlserver_database_details = 9;
  }
}

// Represents a Sql Server database on the Cloud SQL instance.
message SqlServerDatabaseDetails {
  // The version of SQL Server with which the database is to be made compatible
  int32 compatibility_level = 1;

  // The recovery model of a SQL Server database
  string recovery_model = 2;
}

// Database flags for Cloud SQL instances.
message DatabaseFlags {
  // The name of the flag. These flags are passed at instance startup, so
  // include both server options and system variables. Flags are
  // specified with underscores, not hyphens. For more information, see
  // [Configuring Database Flags](https://cloud.google.com/sql/docs/mysql/flags)
  // in the Cloud SQL documentation.
  string name = 1;

  // The value of the flag. Boolean flags are set to `on` for true
  // and `off` for false. This field must be omitted if the flag
  // doesn't take a value.
  string value = 2;
}

// MySQL-specific external server sync settings.
message MySqlSyncConfig {
  // Flags to use for the initial dump.
  repeated SyncFlags initial_sync_flags = 1;
}

// Initial sync flags for certain Cloud SQL APIs.
// Currently used for the MySQL external server initial dump.
message SyncFlags {
  // The name of the flag.
  string name = 1;

  // The value of the flag. This field must be omitted if the flag
  // doesn't take a value.
  string value = 2;
}

// Reference to another Cloud SQL instance.
message InstanceReference {
  // The name of the Cloud SQL instance being referenced.
  // This does not include the project ID.
  string name = 1;

  // The region of the Cloud SQL instance being referenced.
  string region = 2;

  // The project ID of the Cloud SQL instance being referenced.
  // The default is the same project ID as the instance references it.
  string project = 3;
}

// Read-replica configuration for connecting to the on-premises primary
// instance.
message DemoteMasterConfiguration {
  // This is always `sql#demoteMasterConfiguration`.
  string kind = 1;

  // MySQL specific configuration when replicating from a MySQL on-premises
  // primary instance. Replication configuration information such as the
  // username, password, certificates, and keys are not stored in the instance
  // metadata. The configuration information is used only to set up the
  // replication connection and is stored by MySQL in a file named
  // `master.info` in the data directory.
  DemoteMasterMySqlReplicaConfiguration mysql_replica_configuration = 2;
}

// Read-replica configuration specific to MySQL databases.
message DemoteMasterMySqlReplicaConfiguration {
  // This is always `sql#demoteMasterMysqlReplicaConfiguration`.
  string kind = 1;

  // The username for the replication connection.
  string username = 2;

  // The password for the replication connection.
  string password = 3;

  // PEM representation of the replica's private key. The corresponding public
  // key is encoded in the client's certificate. The format of the replica's
  // private key can be either PKCS #1 or PKCS #8.
  string client_key = 4;

  // PEM representation of the replica's x509 certificate.
  string client_certificate = 5;

  // PEM representation of the trusted CA's x509 certificate.
  string ca_certificate = 6;
}

enum SqlFileType {
  // Unknown file type.
  SQL_FILE_TYPE_UNSPECIFIED = 0;

  // File containing SQL statements.
  SQL = 1;

  // File in CSV format.
  CSV = 2;

  BAK = 4;

  // TDE certificate.
  TDE = 8;
}

// Database instance export context.
message ExportContext {
  message SqlCsvExportOptions {
    // The select query used to extract the data.
    string select_query = 1;

    // Specifies the character that should appear before a data character that
    // needs to be escaped.
    string escape_character = 2;

    // Specifies the quoting character to be used when a data value is quoted.
    string quote_character = 3;

    // Specifies the character that separates columns within each row (line) of
    // the file.
    string fields_terminated_by = 4;

    // This is used to separate lines. If a line does not contain all fields,
    // the rest of the columns are set to their default values.
    string lines_terminated_by = 6;
  }

  message SqlExportOptions {
    // Options for exporting from MySQL.
    message MysqlExportOptions {
      // Option to include SQL statement required to set up replication. If set
      // to `1`, the dump file includes a CHANGE MASTER TO statement with the
      // binary log coordinates, and --set-gtid-purged is set to ON. If set to
      // `2`, the CHANGE MASTER TO statement is written as a SQL comment and
      // has no effect. If set to any value other than `1`, --set-gtid-purged
      // is set to OFF.
      google.protobuf.Int32Value master_data = 1;
    }

    // Options for exporting from a Cloud SQL for PostgreSQL instance.
    message PostgresExportOptions {
      // Optional. Use this option to include DROP <code>&lt;object&gt;</code>
      // SQL statements. Use these statements to delete database objects before
      // running the import operation.
      google.protobuf.BoolValue clean = 1
          [(google.api.field_behavior) = OPTIONAL];

      // Optional. Option to include an IF EXISTS SQL statement with each DROP
      // statement produced by clean.
      google.protobuf.BoolValue if_exists = 2
          [(google.api.field_behavior) = OPTIONAL];
    }

    // Tables to export, or that were exported, from the specified database. If
    // you specify tables, specify one and only one database. For PostgreSQL
    // instances, you can specify only one table.
    repeated string tables = 1;

    // Export only schemas.
    google.protobuf.BoolValue schema_only = 2;

    MysqlExportOptions mysql_export_options = 3;

    // Optional. The number of threads to use for parallel export.
    google.protobuf.Int32Value threads = 4
        [(google.api.field_behavior) = OPTIONAL];

    // Optional. Whether or not the export should be parallel.
    google.protobuf.BoolValue parallel = 5
        [(google.api.field_behavior) = OPTIONAL];

    // Optional. Options for exporting from a Cloud SQL for PostgreSQL instance.
    PostgresExportOptions postgres_export_options = 6
        [(google.api.field_behavior) = OPTIONAL];
  }

  // Options for exporting BAK files (SQL Server-only)
  message SqlBakExportOptions {
    // Whether or not the export should be striped.
    google.protobuf.BoolValue striped = 1;

    // Option for specifying how many stripes to use for the export.
    // If blank, and the value of the striped field is true,
    // the number of stripes is automatically chosen.
    google.protobuf.Int32Value stripe_count = 2;

    // Type of this bak file will be export, FULL or DIFF, SQL Server only
    BakType bak_type = 4;

    // Deprecated: copy_only is deprecated. Use differential_base instead
    google.protobuf.BoolValue copy_only = 5 [deprecated = true];

    // Whether or not the backup can be used as a differential base
    // copy_only backup can not be served as differential base
    google.protobuf.BoolValue differential_base = 6;

    // Optional. The begin timestamp when transaction log will be included in
    // the export operation. [RFC 3339](https://tools.ietf.org/html/rfc3339)
    // format (for example, `2023-10-01T16:19:00.094`) in UTC. When omitted, all
    // available logs from the beginning of retention period will be included.
    // Only applied to Cloud SQL for SQL Server.
    google.protobuf.Timestamp export_log_start_time = 7
        [(google.api.field_behavior) = OPTIONAL];

    // Optional. The end timestamp when transaction log will be included in the
    // export operation. [RFC 3339](https://tools.ietf.org/html/rfc3339) format
    // (for example, `2023-10-01T16:19:00.094`) in UTC. When omitted, all
    // available logs until current time will be included. Only applied to Cloud
    // SQL for SQL Server.
    google.protobuf.Timestamp export_log_end_time = 8
        [(google.api.field_behavior) = OPTIONAL];
  }

  message SqlTdeExportOptions {
    // Required. Path to the TDE certificate public key
    // in the form gs://bucketName/fileName.
    // The instance must have write access to the bucket.
    // Applicable only for SQL Server instances.
    string certificate_path = 1 [(google.api.field_behavior) = REQUIRED];

    // Required. Path to the TDE certificate private key
    // in the form gs://bucketName/fileName.
    // The instance must have write access to the location.
    // Applicable only for SQL Server instances.
    string private_key_path = 2 [(google.api.field_behavior) = REQUIRED];

    // Required. Password that encrypts the private key.
    string private_key_password = 3 [(google.api.field_behavior) = REQUIRED];

    // Required. Certificate name.
    // Applicable only for SQL Server instances.
    string name = 5 [(google.api.field_behavior) = REQUIRED];
  }

  // The path to the file in Google Cloud Storage where the export will be
  // stored. The URI is in the form `gs://bucketName/fileName`. If the file
  // already exists, the request succeeds, but the operation fails. If
  // `fileType` is `SQL` and the filename ends with .gz,
  // the contents are compressed.
  string uri = 1;

  // Databases to be exported. <br /> `MySQL instances:` If
  // `fileType` is `SQL` and no database is specified, all
  // databases are exported, except for the `mysql` system database.
  // If `fileType` is `CSV`, you can specify one database,
  // either by using this property or by using the
  // `csvExportOptions.selectQuery` property, which takes precedence
  // over this property. <br /> `PostgreSQL instances:` If you don't specify a
  // database by name, all user databases in the instance are exported.
  // This excludes system databases and Cloud SQL databases used to manage
  // internal operations. Exporting all user databases is only available for
  // directory-formatted parallel export. If `fileType` is `CSV`,
  // this database must match the one specified in the
  // `csvExportOptions.selectQuery` property. <br /> `SQL Server
  // instances:` You must specify one database to be exported, and the
  // `fileType` must be `BAK`.
  repeated string databases = 2;

  // This is always `sql#exportContext`.
  string kind = 3;

  // Options for exporting data as SQL statements.
  SqlExportOptions sql_export_options = 4;

  // Options for exporting data as CSV. `MySQL` and `PostgreSQL`
  // instances only.
  SqlCsvExportOptions csv_export_options = 5;

  // The file type for the specified uri.
  SqlFileType file_type = 6;

  // Whether to perform a serverless export.
  google.protobuf.BoolValue offload = 8;

  // Options for exporting data as BAK files.
  SqlBakExportOptions bak_export_options = 9;

  // Optional. Export parameters specific to SQL Server TDE certificates
  SqlTdeExportOptions tde_export_options = 10
      [(google.api.field_behavior) = OPTIONAL];
}

// Database instance import context.
message ImportContext {
  message SqlImportOptions {
    message PostgresImportOptions {
      // Optional. The --clean flag for the pg_restore utility. This flag
      // applies only if you enabled Cloud SQL to import files in parallel.
      google.protobuf.BoolValue clean = 1
          [(google.api.field_behavior) = OPTIONAL];

      // Optional. The --if-exists flag for the pg_restore utility. This flag
      // applies only if you enabled Cloud SQL to import files in parallel.
      google.protobuf.BoolValue if_exists = 2
          [(google.api.field_behavior) = OPTIONAL];
    }

    // Optional. The number of threads to use for parallel import.
    google.protobuf.Int32Value threads = 1
        [(google.api.field_behavior) = OPTIONAL];

    // Optional. Whether or not the import should be parallel.
    google.protobuf.BoolValue parallel = 2
        [(google.api.field_behavior) = OPTIONAL];

    // Optional. Options for importing from a Cloud SQL for PostgreSQL instance.
    PostgresImportOptions postgres_import_options = 3
        [(google.api.field_behavior) = OPTIONAL];
  }

  message SqlCsvImportOptions {
    // The table to which CSV data is imported.
    string table = 1;

    // The columns to which CSV data is imported. If not specified, all columns
    // of the database table are loaded with CSV data.
    repeated string columns = 2;

    // Specifies the character that should appear before a data character that
    // needs to be escaped.
    string escape_character = 4;

    // Specifies the quoting character to be used when a data value is quoted.
    string quote_character = 5;

    // Specifies the character that separates columns within each row (line) of
    // the file.
    string fields_terminated_by = 6;

    // This is used to separate lines. If a line does not contain all fields,
    // the rest of the columns are set to their default values.
    string lines_terminated_by = 8;
  }

  message SqlBakImportOptions {
    message EncryptionOptions {
      // Path to the Certificate (.cer) in Cloud Storage, in the form
      // `gs://bucketName/fileName`. The instance must have
      // write permissions to the bucket and read access to the file.
      string cert_path = 1;

      // Path to the Certificate Private Key (.pvk)  in Cloud Storage, in the
      // form `gs://bucketName/fileName`. The instance must have
      // write permissions to the bucket and read access to the file.
      string pvk_path = 2;

      // Password that encrypts the private key
      string pvk_password = 3;

      // Optional. Whether the imported file remains encrypted.
      google.protobuf.BoolValue keep_encrypted = 5
          [(google.api.field_behavior) = OPTIONAL];
    }

    EncryptionOptions encryption_options = 1;

    // Whether or not the backup set being restored is striped.
    // Applies only to Cloud SQL for SQL Server.
    google.protobuf.BoolValue striped = 2;

    // Whether or not the backup importing will restore database
    // with NORECOVERY option.
    // Applies only to Cloud SQL for SQL Server.
    google.protobuf.BoolValue no_recovery = 4;

    // Whether or not the backup importing request will just bring database
    // online without downloading Bak content only one of "no_recovery" and
    // "recovery_only" can be true otherwise error will return. Applies only to
    // Cloud SQL for SQL Server.
    google.protobuf.BoolValue recovery_only = 5;

    // Type of the bak content, FULL or DIFF
    BakType bak_type = 6;

    // Optional. The timestamp when the import should stop. This timestamp is in
    // the [RFC 3339](https://tools.ietf.org/html/rfc3339) format (for example,
    // `2023-10-01T16:19:00.094`). This field is equivalent to the STOPAT
    // keyword and applies to Cloud SQL for SQL Server only.
    google.protobuf.Timestamp stop_at = 7
        [(google.api.field_behavior) = OPTIONAL];

    // Optional. The marked transaction where the import should stop. This field
    // is equivalent to the STOPATMARK keyword and applies to Cloud SQL for SQL
    // Server only.
    string stop_at_mark = 8 [(google.api.field_behavior) = OPTIONAL];
  }

  message SqlTdeImportOptions {
    // Required. Path to the TDE certificate public key
    // in the form gs://bucketName/fileName.
    // The instance must have read access to the file.
    // Applicable only for SQL Server instances.
    string certificate_path = 1 [(google.api.field_behavior) = REQUIRED];

    // Required. Path to the TDE certificate private key
    // in the form gs://bucketName/fileName.
    // The instance must have read access to the file.
    // Applicable only for SQL Server instances.
    string private_key_path = 2 [(google.api.field_behavior) = REQUIRED];

    // Required. Password that encrypts the private key.
    string private_key_password = 3 [(google.api.field_behavior) = REQUIRED];

    // Required. Certificate name.
    // Applicable only for SQL Server instances.
    string name = 5 [(google.api.field_behavior) = REQUIRED];
  }

  // Path to the import file in Cloud Storage, in the form
  // `gs://bucketName/fileName`. Compressed gzip files (.gz) are supported
  // when `fileType` is `SQL`. The instance must have
  // write permissions to the bucket and read access to the file.
  string uri = 1;

  // The target database for the import. If `fileType` is `SQL`, this field
  // is required only if the import file does not specify a database, and is
  // overridden by any database specification in the import file. For entire
  // instance parallel import operations, the database is overridden by the
  // database name stored in subdirectory name. If
  // `fileType` is `CSV`, one database must be specified.
  string database = 2;

  // This is always `sql#importContext`.
  string kind = 3;

  // The file type for the specified uri.\`SQL`: The file
  // contains SQL statements. \`CSV`: The file contains CSV data.
  SqlFileType file_type = 4;

  // Options for importing data as CSV.
  SqlCsvImportOptions csv_import_options = 5;

  // The PostgreSQL user for this import operation. PostgreSQL instances only.
  string import_user = 6;

  // Import parameters specific to SQL Server .BAK files
  SqlBakImportOptions bak_import_options = 7;

  // Optional. Options for importing data from SQL statements.
  SqlImportOptions sql_import_options = 8
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. Import parameters specific to SQL Server TDE certificates
  SqlTdeImportOptions tde_import_options = 9
      [(google.api.field_behavior) = OPTIONAL];
}

enum BakType {
  // Default type.
  BAK_TYPE_UNSPECIFIED = 0;

  // Full backup.
  FULL = 1;

  // Differential backup.
  DIFF = 2;

  // Transaction Log backup
  TLOG = 3;
}

// IP Management configuration.
message IpConfiguration {
  // The SSL options for database connections.
  enum SslMode {
    // The SSL mode is unknown.
    SSL_MODE_UNSPECIFIED = 0;

    // Allow non-SSL/non-TLS and SSL/TLS connections.
    // For SSL connections to MySQL and PostgreSQL, the client certificate
    // isn't verified.
    //
    // When this value is used, the legacy `require_ssl` flag must be false or
    // cleared to avoid a conflict between the values of the two flags.
    ALLOW_UNENCRYPTED_AND_ENCRYPTED = 1;

    // Only allow connections encrypted with SSL/TLS.
    // For SSL connections to MySQL and PostgreSQL, the client certificate
    // isn't verified.
    //
    // When this value is used, the legacy `require_ssl` flag must be false or
    // cleared to avoid a conflict between the values of the two flags.
    ENCRYPTED_ONLY = 2;

    // Only allow connections encrypted with SSL/TLS and with valid
    // client certificates.
    //
    // When this value is used, the legacy `require_ssl` flag must be true or
    // cleared to avoid the conflict between values of two flags.
    // PostgreSQL clients or users that connect using IAM database
    // authentication must use either the
    // [Cloud SQL Auth
    // Proxy](https://cloud.google.com/sql/docs/postgres/connect-auth-proxy) or
    // [Cloud SQL
    // Connectors](https://cloud.google.com/sql/docs/postgres/connect-connectors)
    // to enforce client identity verification.
    //
    // Only applicable to MySQL and PostgreSQL. Not applicable to SQL Server.
    TRUSTED_CLIENT_CERTIFICATE_REQUIRED = 3;
  }

  // Various Certificate Authority (CA) modes for certificate signing.
  enum CaMode {
    // CA mode is unspecified. It is effectively the same as
    // `GOOGLE_MANAGED_INTERNAL_CA`.
    CA_MODE_UNSPECIFIED = 0;

    // Google-managed self-signed internal CA.
    GOOGLE_MANAGED_INTERNAL_CA = 1;

    // Google-managed regional CA part of root CA hierarchy hosted on Google
    // Cloud's Certificate Authority Service (CAS).
    GOOGLE_MANAGED_CAS_CA = 2;

    // Customer-managed CA hosted on Google Cloud's Certificate Authority
    // Service (CAS).
    CUSTOMER_MANAGED_CAS_CA = 3;
  }

  // Settings for automatic server certificate rotation.
  enum ServerCertificateRotationMode {
    // Unspecified: no automatic server certificate rotation.
    SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED = 0;

    // No automatic server certificate rotation. The user must [manage server
    // certificate
    // rotation](/sql/docs/mysql/manage-ssl-instance#rotate-server-certificate-cas)
    // on their side.
    NO_AUTOMATIC_ROTATION = 1;

    // Automatic server certificate rotation during Cloud SQL scheduled
    // maintenance or self-service maintenance updates. Requires
    // `server_ca_mode` to be `GOOGLE_MANAGED_CAS_CA` or
    // `CUSTOMER_MANAGED_CAS_CA`.
    AUTOMATIC_ROTATION_DURING_MAINTENANCE = 2;
  }

  // Whether the instance is assigned a public IP address or not.
  google.protobuf.BoolValue ipv4_enabled = 1;

  // The resource link for the VPC network from which the Cloud SQL instance is
  // accessible for private IP. For example,
  // `/projects/myProject/global/networks/default`. This setting can
  // be updated, but it cannot be removed after it is set.
  string private_network = 2;

  // Use `ssl_mode` instead.
  //
  // Whether SSL/TLS connections over IP are enforced.
  // If set to false, then allow both non-SSL/non-TLS and SSL/TLS connections.
  // For SSL/TLS connections, the client certificate won't be verified. If
  // set to true, then only allow connections encrypted with SSL/TLS and with
  // valid client certificates. If you want to enforce SSL/TLS without enforcing
  // the requirement for valid client certificates, then use the `ssl_mode` flag
  // instead of the `require_ssl` flag.
  google.protobuf.BoolValue require_ssl = 3;

  // The list of external networks that are allowed to connect to the instance
  // using the IP. In 'CIDR' notation, also known as 'slash' notation (for
  // example: `157.197.200.0/24`).
  repeated AclEntry authorized_networks = 4;

  // The name of the allocated ip range for the private ip Cloud SQL instance.
  // For example: "google-managed-services-default". If set, the instance ip
  // will be created in the allocated range. The range name must comply with
  // [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name
  // must be 1-63 characters long and match the regular expression
  // `[a-z]([-a-z0-9]*[a-z0-9])?.`
  string allocated_ip_range = 6;

  // Controls connectivity to private IP instances from Google services,
  // such as BigQuery.
  google.protobuf.BoolValue enable_private_path_for_google_cloud_services = 7;

  // Specify how SSL/TLS is enforced in database connections. If you must use
  // the `require_ssl` flag for backward compatibility, then only the following
  // value pairs are valid:
  //
  // For PostgreSQL and MySQL:
  //
  // * `ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED` and `require_ssl=false`
  // * `ssl_mode=ENCRYPTED_ONLY` and `require_ssl=false`
  // * `ssl_mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED` and `require_ssl=true`
  //
  // For SQL Server:
  //
  // * `ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED` and `require_ssl=false`
  // * `ssl_mode=ENCRYPTED_ONLY` and `require_ssl=true`
  //
  // The value of `ssl_mode` has priority over the value of `require_ssl`.
  //
  // For example, for the pair `ssl_mode=ENCRYPTED_ONLY` and
  // `require_ssl=false`, `ssl_mode=ENCRYPTED_ONLY` means accept only SSL
  // connections, while `require_ssl=false` means accept both non-SSL
  // and SSL connections. In this case, MySQL and PostgreSQL databases respect
  // `ssl_mode` and accepts only SSL connections.
  SslMode ssl_mode = 8;

  // PSC settings for this instance.
  optional PscConfig psc_config = 9;

  // Specify what type of CA is used for the server certificate.
  optional CaMode server_ca_mode = 10;

  // Optional. Custom Subject Alternative Name(SAN)s for a Cloud SQL instance.
  repeated string custom_subject_alternative_names = 11
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The resource name of the server CA pool for an instance with
  // `CUSTOMER_MANAGED_CAS_CA` as the `server_ca_mode`.
  // Format: projects/{PROJECT}/locations/{REGION}/caPools/{CA_POOL_ID}
  optional string server_ca_pool = 12 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Controls the automatic server certificate rotation feature. This
  // feature is disabled by default. When enabled, the server certificate will
  // be automatically rotated during Cloud SQL scheduled maintenance or
  // self-service maintenance updates up to six months before it expires. This
  // setting can only be set if server_ca_mode is either GOOGLE_MANAGED_CAS_CA
  // or CUSTOMER_MANAGED_CAS_CA.
  optional ServerCertificateRotationMode server_certificate_rotation_mode = 16
      [(google.api.field_behavior) = OPTIONAL];
}

// PSC settings for a Cloud SQL instance.
message PscConfig {
  // Whether PSC connectivity is enabled for this instance.
  optional bool psc_enabled = 1;

  // Optional. The list of consumer projects that are allow-listed for PSC
  // connections to this instance. This instance can be connected to with PSC
  // from any network in these projects.
  //
  // Each consumer project in this list may be represented by a project number
  // (numeric) or by a project id (alphanumeric).
  repeated string allowed_consumer_projects = 2
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The list of settings for requested Private Service Connect
  // consumer endpoints that can be used to connect to this Cloud SQL instance.
  repeated PscAutoConnectionConfig psc_auto_connections = 3
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The network attachment of the consumer network that the
  // Private Service Connect enabled Cloud SQL instance is
  // authorized to connect via PSC interface.
  // format: projects/PROJECT/regions/REGION/networkAttachments/ID
  string network_attachment_uri = 4 [(google.api.field_behavior) = OPTIONAL];
}

// Settings for an automatically-setup Private Service Connect consumer endpoint
// that is used to connect to a Cloud SQL instance.
message PscAutoConnectionConfig {
  // Optional. This is the project ID of consumer service project of this
  // consumer endpoint.
  //
  // Optional. This is only applicable if consumer_network is a shared vpc
  // network.
  string consumer_project = 1 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The consumer network of this consumer endpoint. This must be a
  // resource path that includes both the host project and the network name.
  //
  // For example, `projects/project1/global/networks/network1`.
  //
  // The consumer host project of this network might be different from the
  // consumer service project.
  string consumer_network = 2 [(google.api.field_behavior) = OPTIONAL];

  // The IP address of the consumer endpoint.
  optional string ip_address = 3
      [(google.api.field_info).format = IPV4_OR_IPV6];

  // The connection status of the consumer endpoint.
  optional string status = 4;

  // The connection policy status of the consumer network.
  optional string consumer_network_status = 5;
}

// Preferred location. This specifies where a Cloud SQL instance is located.
// Note that if the preferred location is not available, the instance will be
// located as close as possible within the region. Only one location may be
// specified.
message LocationPreference {
  // The App Engine application to follow, it must be in the same region as the
  // Cloud SQL instance. WARNING: Changing this might restart the instance.
  string follow_gae_application = 1 [deprecated = true];

  // The preferred Compute Engine zone (for example: us-central1-a,
  // us-central1-b, etc.). WARNING: Changing this might restart the instance.
  string zone = 2;

  // The preferred Compute Engine zone for the secondary/failover
  // (for example: us-central1-a, us-central1-b, etc.).
  // To disable this field, set it to 'no_secondary_zone'.
  string secondary_zone = 4;

  // This is always `sql#locationPreference`.
  string kind = 3;
}

// Maintenance window. This specifies when a Cloud SQL instance is
// restarted for system maintenance purposes.
message MaintenanceWindow {
  // Hour of day - 0 to 23. Specify in the UTC time zone.
  google.protobuf.Int32Value hour = 1;

  // Day of week - `MONDAY`, `TUESDAY`, `WEDNESDAY`, `THURSDAY`, `FRIDAY`,
  // `SATURDAY`, or `SUNDAY`. Specify in the UTC time zone.
  // Returned in output as an integer, 1 to 7, where `1` equals Monday.
  google.protobuf.Int32Value day = 2;

  // Maintenance timing settings: `canary`, `stable`, or `week5`.
  // For more information, see [About maintenance on Cloud SQL
  // instances](https://cloud.google.com/sql/docs/mysql/maintenance).
  SqlUpdateTrack update_track = 3;

  // This is always `sql#maintenanceWindow`.
  string kind = 4;
}

// Deny maintenance Periods. This specifies a date range during when all CSA
// rollout will be denied.
message DenyMaintenancePeriod {
  // "deny maintenance period" start date. If the year of the start date is
  // empty, the year of the end date also must be empty. In this case, it means
  // the deny maintenance period recurs every year. The date is in format
  // yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01
  string start_date = 1;

  // "deny maintenance period" end date. If the year of the end date is empty,
  // the year of the start date also must be empty. In this case, it means the
  // no maintenance interval recurs every year. The date is in format yyyy-mm-dd
  // i.e., 2020-11-01, or mm-dd, i.e., 11-01
  string end_date = 2;

  // Time in UTC when the "deny maintenance period" starts on start_date and
  // ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00
  string time = 3;
}

// Insights configuration. This specifies when Cloud SQL Insights feature is
// enabled and optional configuration.
message InsightsConfig {
  // Whether Query Insights feature is enabled.
  bool query_insights_enabled = 1;

  // Whether Query Insights will record client address when enabled.
  bool record_client_address = 2;

  // Whether Query Insights will record application tags from query when
  // enabled.
  bool record_application_tags = 3;

  // Maximum query length stored in bytes. Default value: 1024 bytes.
  // Range: 256-4500 bytes. Query lengths greater than this field value will be
  // truncated to this value. When unset, query length will be the default
  // value. Changing query length will restart the database.
  google.protobuf.Int32Value query_string_length = 4;

  // Number of query execution plans captured by Insights per minute
  // for all queries combined. Default is 5.
  google.protobuf.Int32Value query_plans_per_minute = 5;

  // Optional. Whether enhanced query insights feature is enabled.
  google.protobuf.BoolValue enhanced_query_insights_enabled = 8
      [(google.api.field_behavior) = OPTIONAL];
}

// Read-replica configuration specific to MySQL databases.
message MySqlReplicaConfiguration {
  // Path to a SQL dump file in Google Cloud Storage from which the replica
  // instance is to be created. The URI is in the form gs://bucketName/fileName.
  // Compressed gzip files (.gz) are also supported.
  // Dumps have the binlog co-ordinates from which replication
  // begins. This can be accomplished by setting --master-data to 1 when using
  // mysqldump.
  string dump_file_path = 1;

  // The username for the replication connection.
  string username = 2;

  // The password for the replication connection.
  string password = 3;

  // Seconds to wait between connect retries. MySQL's default is 60 seconds.
  google.protobuf.Int32Value connect_retry_interval = 4;

  // Interval in milliseconds between replication heartbeats.
  google.protobuf.Int64Value master_heartbeat_period = 5;

  // PEM representation of the trusted CA's x509 certificate.
  string ca_certificate = 6;

  // PEM representation of the replica's x509 certificate.
  string client_certificate = 7;

  // PEM representation of the replica's private key. The corresponding public
  // key is encoded in the client's certificate.
  string client_key = 8;

  // A list of permissible ciphers to use for SSL encryption.
  string ssl_cipher = 9;

  // Whether or not to check the primary instance's Common Name value in the
  // certificate that it sends during the SSL handshake.
  google.protobuf.BoolValue verify_server_certificate = 10;

  // This is always `sql#mysqlReplicaConfiguration`.
  string kind = 11;
}

// Disk encryption configuration for an instance.
message DiskEncryptionConfiguration {
  // Resource name of KMS key for disk encryption
  string kms_key_name = 1;

  // This is always `sql#diskEncryptionConfiguration`.
  string kind = 2;
}

// Disk encryption status for an instance.
message DiskEncryptionStatus {
  // KMS key version used to encrypt the Cloud SQL instance resource
  string kms_key_version_name = 1;

  // This is always `sql#diskEncryptionStatus`.
  string kind = 2;
}

// Database instance IP mapping
message IpMapping {
  // The type of this IP address. A `PRIMARY` address is a public address that
  // can accept incoming connections. A `PRIVATE` address is a private address
  // that can accept incoming connections. An `OUTGOING` address is the source
  // address of connections originating from the instance, if supported.
  SqlIpAddressType type = 1;

  // The IP address assigned.
  string ip_address = 2;

  // The due time for this IP to be retired in
  // [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`. This field is only available when
  // the IP is scheduled to be retired.
  google.protobuf.Timestamp time_to_retire = 3;
}

// The type of maintenance to be performed on the instance.
enum SqlMaintenanceType {
  // Maintenance type is unspecified.
  SQL_MAINTENANCE_TYPE_UNSPECIFIED = 0;

  // Indicates that a standalone instance is undergoing maintenance. The
  // instance can be either a primary instance or a replica.
  INSTANCE_MAINTENANCE = 1;

  // Indicates that the primary instance and all of its replicas, including
  // cascading replicas, are undergoing maintenance. Maintenance is performed on
  // groups of replicas first, followed by the primary instance.
  REPLICA_INCLUDED_MAINTENANCE = 2;

  // Indicates that the standalone instance is undergoing maintenance, initiated
  // by self-service. The instance can be either a primary instance or a
  // replica.
  INSTANCE_SELF_SERVICE_MAINTENANCE = 3;

  // Indicates that the primary instance and all of its replicas are undergoing
  // maintenance, initiated by self-service. Maintenance is performed on groups
  // of replicas first, followed by the primary instance.
  REPLICA_INCLUDED_SELF_SERVICE_MAINTENANCE = 4;
}

// The sub operation type based on the operation type.
message SqlSubOperationType {
  // Sub operation details corresponding to the operation type.
  oneof sub_operation_details {
    // The type of maintenance to be performed on the instance.
    SqlMaintenanceType maintenance_type = 1;
  }
}

// An Operation resource.&nbsp;For successful operations that return an
// Operation resource, only the fields relevant to the operation are populated
// in the resource.
message Operation {
  // The type of Cloud SQL operation.
  enum SqlOperationType {
    // Unknown operation type.
    SQL_OPERATION_TYPE_UNSPECIFIED = 0;

    // Imports data into a Cloud SQL instance.
    IMPORT = 1;

    // Exports data from a Cloud SQL instance to a Cloud Storage
    // bucket.
    EXPORT = 2;

    // Creates a new Cloud SQL instance.
    CREATE = 3;

    // Updates the settings of a Cloud SQL instance.
    UPDATE = 4;

    // Deletes a Cloud SQL instance.
    DELETE = 5;

    // Restarts the Cloud SQL instance.
    RESTART = 6;

    BACKUP = 7 [deprecated = true];

    SNAPSHOT = 8 [deprecated = true];

    // Performs instance backup.
    BACKUP_VOLUME = 9;

    // Deletes an instance backup.
    DELETE_VOLUME = 10;

    // Restores an instance backup.
    RESTORE_VOLUME = 11;

    // Injects a privileged user in mysql for MOB instances.
    INJECT_USER = 12;

    // Clones a Cloud SQL instance.
    CLONE = 14;

    // Stops replication on a Cloud SQL read replica instance.
    STOP_REPLICA = 15;

    // Starts replication on a Cloud SQL read replica instance.
    START_REPLICA = 16;

    // Promotes a Cloud SQL replica instance.
    PROMOTE_REPLICA = 17;

    // Creates a Cloud SQL replica instance.
    CREATE_REPLICA = 18;

    // Creates a new user in a Cloud SQL instance.
    CREATE_USER = 19;

    // Deletes a user from a Cloud SQL instance.
    DELETE_USER = 20;

    // Updates an existing user in a Cloud SQL instance. If a user with the
    // specified username doesn't exist, a new user is created.
    UPDATE_USER = 21;

    // Creates a database in the Cloud SQL instance.
    CREATE_DATABASE = 22;

    // Deletes a database in the Cloud SQL instance.
    DELETE_DATABASE = 23;

    // Updates a database in the Cloud SQL instance.
    UPDATE_DATABASE = 24;

    // Performs failover of an HA-enabled Cloud SQL
    // failover replica.
    FAILOVER = 25;

    // Deletes the backup taken by a backup run.
    DELETE_BACKUP = 26;

    RECREATE_REPLICA = 27;

    // Truncates a general or slow log table in MySQL.
    TRUNCATE_LOG = 28;

    // Demotes the stand-alone instance to be a Cloud SQL
    // read replica for an external database server.
    DEMOTE_MASTER = 29;

    // Indicates that the instance is currently in maintenance. Maintenance
    // typically causes the instance to be unavailable for 1-3 minutes.
    MAINTENANCE = 30;

    // This field is deprecated, and will be removed in future version of API.
    ENABLE_PRIVATE_IP = 31 [deprecated = true];

    DEFER_MAINTENANCE = 32 [deprecated = true];

    // Creates clone instance.
    CREATE_CLONE = 33 [deprecated = true];

    // Reschedule maintenance to another time.
    RESCHEDULE_MAINTENANCE = 34;

    // Starts external sync of a Cloud SQL EM replica to an external primary
    // instance.
    START_EXTERNAL_SYNC = 35;

    // Recovers logs from an instance's old data disk.
    LOG_CLEANUP = 36;

    // Performs auto-restart of an HA-enabled Cloud SQL database for auto
    // recovery.
    AUTO_RESTART = 37;

    // Re-encrypts CMEK instances with latest key version.
    REENCRYPT = 38;

    // Switches the roles of the primary and replica pair. The target instance
    // should be the replica.
    SWITCHOVER = 39;

    // Update a backup.
    UPDATE_BACKUP = 40;

    // Acquire a lease for the setup of SQL Server Reporting Services (SSRS).
    ACQUIRE_SSRS_LEASE = 42;

    // Release a lease for the setup of SQL Server Reporting Services (SSRS).
    RELEASE_SSRS_LEASE = 43;

    // Reconfigures old primary after a promote replica operation. Effect of a
    // promote operation to the old primary is executed in this operation,
    // asynchronously from the promote replica operation executed to the
    // replica.
    RECONFIGURE_OLD_PRIMARY = 44;

    // Indicates that the instance, its read replicas, and its cascading
    // replicas are in maintenance. Maintenance typically gets initiated on
    // groups of replicas first, followed by the primary instance. For each
    // instance, maintenance typically causes the instance to be unavailable for
    // 1-3 minutes.
    CLUSTER_MAINTENANCE = 45 [deprecated = true];

    // Indicates that the instance (and any of its replicas) are currently in
    // maintenance. This is initiated as a self-service request by using SSM.
    // Maintenance typically causes the instance to be unavailable for 1-3
    // minutes.
    SELF_SERVICE_MAINTENANCE = 46 [deprecated = true];

    // Switches a primary instance to a replica. This operation runs as part of
    // a switchover operation to the original primary instance.
    SWITCHOVER_TO_REPLICA = 47;

    // Updates the major version of a Cloud SQL instance.
    MAJOR_VERSION_UPGRADE = 48;

    // Deprecated: ADVANCED_BACKUP is deprecated. Use ENHANCED_BACKUP instead.
    ADVANCED_BACKUP = 49 [deprecated = true];

    // Changes the BackupTier of a Cloud SQL instance.
    MANAGE_BACKUP = 50;

    // Creates a backup for an Enhanced BackupTier Cloud SQL instance.
    ENHANCED_BACKUP = 51;

    // Repairs entire read pool or specified read pool nodes in the read pool.
    REPAIR_READ_POOL = 52;

    // Creates a Cloud SQL read pool instance.
    CREATE_READ_POOL = 53;
  }

  // The status of an operation.
  enum SqlOperationStatus {
    // The state of the operation is unknown.
    SQL_OPERATION_STATUS_UNSPECIFIED = 0;

    // The operation has been queued, but has not started yet.
    PENDING = 1;

    // The operation is running.
    RUNNING = 2;

    // The operation completed.
    DONE = 3;
  }

  // This is always `sql#operation`.
  string kind = 1;

  string target_link = 2;

  // The status of an operation.
  SqlOperationStatus status = 3;

  // The email address of the user who initiated this operation.
  string user = 4;

  // The time this operation was enqueued in UTC timezone in [RFC
  // 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`.
  google.protobuf.Timestamp insert_time = 5;

  // The time this operation actually started in UTC timezone in [RFC
  // 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`.
  google.protobuf.Timestamp start_time = 6;

  // The time this operation finished in UTC timezone in [RFC
  // 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`.
  google.protobuf.Timestamp end_time = 7;

  // If errors occurred during processing of this operation, this field will be
  // populated.
  OperationErrors error = 8;

  // An Admin API warning message.
  ApiWarning api_warning = 19;

  // The type of the operation. Valid values are:
  // *  `CREATE`
  // *  `DELETE`
  // *  `UPDATE`
  // *  `RESTART`
  // *  `IMPORT`
  // *  `EXPORT`
  // *  `BACKUP_VOLUME`
  // *  `RESTORE_VOLUME`
  // *  `CREATE_USER`
  // *  `DELETE_USER`
  // *  `CREATE_DATABASE`
  // *  `DELETE_DATABASE`
  SqlOperationType operation_type = 9;

  // The context for import operation, if applicable.
  ImportContext import_context = 10;

  // The context for export operation, if applicable.
  ExportContext export_context = 11;

  // The context for backup operation, if applicable.
  BackupContext backup_context = 17;

  // This field is only populated when the operation_type is
  // PRE_CHECK_MAJOR_VERSION_UPGRADE.
  // The PreCheckMajorVersionUpgradeContext message itself contains the details
  // for that pre-check, such as the target database version for the upgrade
  // and the results of the check (including any warnings or errors found).
  PreCheckMajorVersionUpgradeContext pre_check_major_version_upgrade_context =
      50;

  // An identifier that uniquely identifies the operation. You can use this
  // identifier to retrieve the Operations resource that has information about
  // the operation.
  string name = 12;

  // Name of the resource on which this operation runs.
  string target_id = 13;

  // The URI of this resource.
  string self_link = 14;

  // The project ID of the target instance related to this operation.
  string target_project = 15;

  // The context for acquire SSRS lease operation, if applicable.
  AcquireSsrsLeaseContext acquire_ssrs_lease_context = 20;

  // Optional. The sub operation based on the operation type.
  SqlSubOperationType sub_operation_type = 48
      [(google.api.field_behavior) = OPTIONAL];
}

// Database instance operation error.
message OperationError {
  // This is always `sql#operationError`.
  string kind = 1;

  // Identifies the specific error that occurred.
  string code = 2;

  // Additional information about the error encountered.
  string message = 3;
}

// Database instance operation errors list wrapper.
message OperationErrors {
  // This is always `sql#operationErrors`.
  string kind = 1;

  // The list of errors encountered while processing this operation.
  repeated OperationError errors = 2;
}

// Database instance local user password validation policy.
// This message defines the password policy for local database users.
// When enabled, it enforces constraints on password complexity, length,
// and reuse. Keep this policy enabled to help prevent unauthorized access.
message PasswordValidationPolicy {
  // The complexity choices of the password.
  enum Complexity {
    // Complexity check is not specified.
    COMPLEXITY_UNSPECIFIED = 0;

    // A combination of lowercase, uppercase, numeric, and non-alphanumeric
    // characters.
    COMPLEXITY_DEFAULT = 1;
  }

  // Minimum number of characters allowed.
  google.protobuf.Int32Value min_length = 1;

  // The complexity of the password.
  Complexity complexity = 2;

  // Number of previous passwords that cannot be reused.
  google.protobuf.Int32Value reuse_interval = 3;

  // Disallow username as a part of the password.
  google.protobuf.BoolValue disallow_username_substring = 4;

  // Minimum interval after which the password can be changed. This flag is only
  // supported for PostgreSQL.
  google.protobuf.Duration password_change_interval = 5;

  // Whether to enable the password policy or not. When enabled, passwords must
  // meet complexity requirements. Keep this policy enabled to help prevent
  // unauthorized access. Disabling this policy allows weak passwords.
  google.protobuf.BoolValue enable_password_policy = 6;

  // This field is deprecated and will be removed in a future version of the
  // API.
  google.protobuf.BoolValue disallow_compromised_credentials = 7
      [deprecated = true];
}

// Data cache configurations.
message DataCacheConfig {
  // Whether data cache is enabled for the instance.
  bool data_cache_enabled = 1;
}

// Config used to determine the final backup settings for the instance.
message FinalBackupConfig {
  // Whether the final backup is enabled for the instance.
  optional bool enabled = 1;

  // The number of days to retain the final backup after the instance deletion.
  // The final backup will be purged at (time_of_instance_deletion +
  // retention_days).
  optional int32 retention_days = 3;
}

// Database instance settings.
message Settings {
  // Specifies when the instance is activated.
  enum SqlActivationPolicy {
    // Unknown activation plan.
    SQL_ACTIVATION_POLICY_UNSPECIFIED = 0;

    // The instance is always up and running.
    ALWAYS = 1;

    // The instance never starts.
    NEVER = 2;

    // The instance starts upon receiving requests.
    ON_DEMAND = 3 [deprecated = true];
  }

  // The edition of the instance.
  enum Edition {
    // The instance did not specify the edition.
    EDITION_UNSPECIFIED = 0;

    // The instance is an enterprise edition.
    ENTERPRISE = 2;

    // The instance is an Enterprise Plus edition.
    ENTERPRISE_PLUS = 3;
  }

  // The options for enforcing Cloud SQL connectors in the instance.
  enum ConnectorEnforcement {
    // The requirement for Cloud SQL connectors is unknown.
    CONNECTOR_ENFORCEMENT_UNSPECIFIED = 0;

    // Do not require Cloud SQL connectors.
    NOT_REQUIRED = 1;

    // Require all connections to use Cloud SQL connectors, including the
    // Cloud SQL Auth Proxy and Cloud SQL Java, Python, and Go connectors.
    // Note: This disables all existing authorized networks.
    REQUIRED = 2;
  }

  // ExecuteSql API's access to the instance.
  enum DataApiAccess {
    // Unspecified, effectively the same as `DISALLOW_DATA_API`.
    DATA_API_ACCESS_UNSPECIFIED = 0;

    // Disallow using ExecuteSql API to connect to the instance.
    DISALLOW_DATA_API = 1;

    // Allow using ExecuteSql API to connect to the instance. For private IP
    // instances, this allows authorized users to access the instance from
    // the public internet using ExecuteSql API.
    ALLOW_DATA_API = 2;
  }

  // The version of instance settings. This is a required field for update
  // method to make sure concurrent updates are handled properly. During update,
  // use the most recent settingsVersion value for this instance and do not try
  // to update this value.
  google.protobuf.Int64Value settings_version = 1;

  // The App Engine app IDs that can access this instance.
  // (Deprecated) Applied to First Generation instances only.
  repeated string authorized_gae_applications = 2 [deprecated = true];

  // The tier (or machine type) for this instance, for example
  // `db-custom-1-3840`. WARNING: Changing this restarts the instance.
  string tier = 3;

  // This is always `sql#settings`.
  string kind = 4;

  // User-provided labels, represented as a dictionary where each label is a
  // single key value pair.
  map<string, string> user_labels = 5;

  // Availability type. Potential values:
  // *  `ZONAL`: The instance serves data from only one zone. Outages in that
  // zone affect data accessibility.
  // *  `REGIONAL`: The instance can serve data from more than one zone in a
  // region (it is highly available)./
  //
  // For more information, see [Overview of the High Availability
  // Configuration](https://cloud.google.com/sql/docs/mysql/high-availability).
  SqlAvailabilityType availability_type = 6;

  // The pricing plan for this instance. This can be either `PER_USE` or
  // `PACKAGE`. Only `PER_USE` is supported for Second Generation instances.
  SqlPricingPlan pricing_plan = 7;

  // The type of replication this instance uses. This can be either
  // `ASYNCHRONOUS` or `SYNCHRONOUS`. (Deprecated) This property was only
  // applicable to First Generation instances.
  SqlReplicationType replication_type = 8 [deprecated = true];

  // The maximum size to which storage capacity can be automatically increased.
  // The default value is 0, which specifies that there is no limit.
  google.protobuf.Int64Value storage_auto_resize_limit = 9;

  // The activation policy specifies when the instance is activated; it is
  // applicable only when the instance state is RUNNABLE. Valid values:
  // *  `ALWAYS`: The instance is on, and remains so even in the absence of
  // connection requests.
  // *  `NEVER`: The instance is off; it is not activated, even if a
  // connection request arrives.
  SqlActivationPolicy activation_policy = 10;

  // The settings for IP Management. This allows to enable or disable the
  // instance IP and manage which external networks can connect to the instance.
  // The IPv4 address cannot be disabled for Second Generation instances.
  IpConfiguration ip_configuration = 11;

  // Configuration to increase storage size automatically. The default value is
  // true.
  google.protobuf.BoolValue storage_auto_resize = 12;

  // The location preference settings. This allows the instance to be located as
  // near as possible to either an App Engine app or Compute Engine zone for
  // better performance. App Engine co-location was only applicable to First
  // Generation instances.
  LocationPreference location_preference = 13;

  // The database flags passed to the instance at startup.
  repeated DatabaseFlags database_flags = 14;

  // The type of data disk: `PD_SSD` (default) or `PD_HDD`. Not used for
  // First Generation instances.
  SqlDataDiskType data_disk_type = 15;

  // The maintenance window for this instance. This specifies when the instance
  // can be restarted for maintenance purposes.
  MaintenanceWindow maintenance_window = 16;

  // The daily backup configuration for the instance.
  BackupConfiguration backup_configuration = 17;

  // Configuration specific to read replica instances. Indicates whether
  // replication is enabled or not. WARNING: Changing this restarts the
  // instance.
  google.protobuf.BoolValue database_replication_enabled = 18;

  // Configuration specific to read replica instances. Indicates whether
  // database flags for crash-safe replication are enabled. This property was
  // only applicable to First Generation instances.
  google.protobuf.BoolValue crash_safe_replication_enabled = 19
      [deprecated = true];

  // The size of data disk, in GB. The data disk size minimum is 10GB.
  google.protobuf.Int64Value data_disk_size_gb = 20;

  // Active Directory configuration, relevant only for Cloud SQL for SQL Server.
  SqlActiveDirectoryConfig active_directory_config = 22;

  // The name of server Instance collation.
  string collation = 23;

  // Deny maintenance periods
  repeated DenyMaintenancePeriod deny_maintenance_periods = 24;

  // Insights configuration, for now relevant only for Postgres.
  InsightsConfig insights_config = 25;

  // The local user password validation policy of the instance.
  PasswordValidationPolicy password_validation_policy = 27;

  // SQL Server specific audit configuration.
  SqlServerAuditConfig sql_server_audit_config = 29;

  // Optional. The edition of the instance.
  Edition edition = 38 [(google.api.field_behavior) = OPTIONAL];

  // Specifies if connections must use Cloud SQL connectors.
  // Option values include the following: `NOT_REQUIRED` (Cloud SQL instances
  // can be connected without Cloud SQL
  // Connectors) and `REQUIRED` (Only allow connections that use Cloud SQL
  // Connectors).
  //
  // Note that using REQUIRED disables all existing authorized networks. If
  // this field is not specified when creating a new instance, NOT_REQUIRED is
  // used. If this field is not specified when patching or updating an existing
  // instance, it is left unchanged in the instance.
  ConnectorEnforcement connector_enforcement = 32;

  // Configuration to protect against accidental instance deletion.
  google.protobuf.BoolValue deletion_protection_enabled = 33;

  // Server timezone, relevant only for Cloud SQL for SQL Server.
  string time_zone = 34;

  // Specifies advanced machine configuration for the instances relevant only
  // for SQL Server.
  AdvancedMachineFeatures advanced_machine_features = 35;

  // Configuration for data cache.
  DataCacheConfig data_cache_config = 37;

  // Optional. Configuration value for recreation of replica after certain
  // replication lag
  google.protobuf.Int32Value replication_lag_max_seconds = 39
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. When this parameter is set to true, Cloud SQL instances can
  // connect to Vertex AI to pass requests for real-time predictions and
  // insights to the AI. The default value is false. This applies only to Cloud
  // SQL for MySQL and Cloud SQL for PostgreSQL instances.
  google.protobuf.BoolValue enable_google_ml_integration = 40
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. By default, Cloud SQL instances have schema extraction disabled
  // for Dataplex. When this parameter is set to true, schema extraction for
  // Dataplex on Cloud SQL instances is activated.
  google.protobuf.BoolValue enable_dataplex_integration = 41
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. When this parameter is set to true, Cloud SQL retains backups of
  // the instance even after the instance is deleted. The ON_DEMAND backup will
  // be retained until customer deletes the backup or the project. The AUTOMATED
  // backup will be retained based on the backups retention setting.
  google.protobuf.BoolValue retain_backups_on_delete = 42
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. Provisioned number of I/O operations per second for the data
  // disk. This field is only used for hyperdisk-balanced disk types.
  optional int64 data_disk_provisioned_iops = 43
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. Provisioned throughput measured in MiB per second for the data
  // disk. This field is only used for hyperdisk-balanced disk types.
  optional int64 data_disk_provisioned_throughput = 44
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The managed connection pooling configuration for the instance.
  optional ConnectionPoolConfig connection_pool_config = 45
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The final backup configuration for the instance.
  optional FinalBackupConfig final_backup_config = 47
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The read pool auto-scale configuration for the instance.
  optional ReadPoolAutoScaleConfig read_pool_auto_scale_config = 48
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. Cloud SQL for MySQL auto-upgrade configuration. When this
  // parameter is set to true, auto-upgrade is enabled for MySQL 8.0 minor
  // versions. The MySQL version must be 8.0.35 or higher.
  optional bool auto_upgrade_enabled = 50
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The Microsoft Entra ID configuration for the SQL Server instance.
  SqlServerEntraIdConfig entraid_config = 52
      [(google.api.field_behavior) = OPTIONAL];

  // This parameter controls whether to allow using ExecuteSql API to connect to
  // the instance. Not allowed by default.
  optional DataApiAccess data_api_access = 53;

  // Optional. Configuration for Performance Capture, provides diagnostic
  // metrics during high load situations.
  PerformanceCaptureConfig performance_capture_config = 54
      [(google.api.field_behavior) = OPTIONAL];
}

// Performance Capture configuration.
message PerformanceCaptureConfig {
  // Optional. Enable or disable the Performance Capture feature.
  optional bool enabled = 1 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The time interval in seconds between any two probes.
  optional int32 probing_interval_seconds = 2
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The minimum number of consecutive readings above threshold that
  // triggers instance state capture.
  optional int32 probe_threshold = 3 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The minimum number of server threads running to trigger the
  // capture on primary.
  optional int32 running_threads_threshold = 4
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The minimum number of seconds replica must be lagging behind
  // primary to trigger capture on replica.
  optional int32 seconds_behind_source_threshold = 5
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The amount of time in seconds that a transaction needs to have
  // been open before the watcher starts recording it.
  optional int32 transaction_duration_threshold = 8
      [(google.api.field_behavior) = OPTIONAL];
}

// Connection pool flags for Cloud SQL instances managed connection pool
// configuration.
message ConnectionPoolFlags {
  // Required. The name of the flag.
  string name = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. The value of the flag. Boolean flags are set to `on` for true
  // and `off` for false. This field must be omitted if the flag
  // doesn't take a value.
  string value = 2 [(google.api.field_behavior) = REQUIRED];
}

// The managed connection pooling configuration.
message ConnectionPoolConfig {
  // Whether managed connection pooling is enabled.
  optional bool connection_pooling_enabled = 1;

  // Optional. List of connection pool configuration flags.
  repeated ConnectionPoolFlags flags = 8
      [(google.api.field_behavior) = OPTIONAL];

  // Output only. Number of connection poolers.
  optional int32 pooler_count = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// The read pool auto-scale configuration.
message ReadPoolAutoScaleConfig {
  // Target metric for read pool auto scaling.
  message TargetMetric {
    // The metric name to be used for auto scaling.
    optional string metric = 1;

    // The target value for the metric.
    optional float target_value = 2;
  }

  // Indicates whether read pool auto scaling is enabled.
  optional bool enabled = 1;

  // Minimum number of read pool nodes to be maintained.
  optional int32 min_node_count = 2;

  // Maximum number of read pool nodes to be maintained.
  optional int32 max_node_count = 3;

  // Optional. Target metrics for read pool auto scaling.
  repeated TargetMetric target_metrics = 4
      [(google.api.field_behavior) = OPTIONAL];

  // Indicates whether read pool auto scaling supports scale in operations
  // (removing nodes).
  optional bool disable_scale_in = 5;

  // The cooldown period for scale-in operations.
  optional int32 scale_in_cooldown_seconds = 6;

  // The cooldown period for scale-out operations.
  optional int32 scale_out_cooldown_seconds = 7;
}

// Specifies options for controlling advanced machine features.
message AdvancedMachineFeatures {
  // The number of threads per physical core.
  int32 threads_per_core = 1;
}

// SslCerts Resource
message SslCert {
  // This is always `sql#sslCert`.
  string kind = 1;

  // Serial number, as extracted from the certificate.
  string cert_serial_number = 2;

  // PEM representation.
  string cert = 3;

  // The time when the certificate was created in [RFC
  // 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`
  google.protobuf.Timestamp create_time = 4;

  // User supplied name.  Constrained to [a-zA-Z.-_ ]+.
  string common_name = 5;

  // The time when the certificate expires in [RFC
  // 3339](https://tools.ietf.org/html/rfc3339) format, for example
  // `2012-11-15T16:19:00.094Z`.
  google.protobuf.Timestamp expiration_time = 6;

  // Sha1 Fingerprint.
  string sha1_fingerprint = 7;

  // Name of the database instance.
  string instance = 8;

  // The URI of this resource.
  string self_link = 9;
}

// SslCertDetail.
message SslCertDetail {
  // The public information about the cert.
  SslCert cert_info = 1;

  // The private key for the client cert, in pem format.  Keep private in order
  // to protect your security.
  string cert_private_key = 2;
}

// Active Directory configuration, relevant only for Cloud SQL for SQL Server.
message SqlActiveDirectoryConfig {
  // The modes of Active Directory configuration.
  enum ActiveDirectoryMode {
    // Unspecified mode. Will default to MANAGED_ACTIVE_DIRECTORY if the mode is
    // not specified to maintain backward compatibility.
    ACTIVE_DIRECTORY_MODE_UNSPECIFIED = 0;

    // Managed Active Directory mode.
    MANAGED_ACTIVE_DIRECTORY = 1;

    // Deprecated: Use CUSTOMER_MANAGED_ACTIVE_DIRECTORY instead.
    SELF_MANAGED_ACTIVE_DIRECTORY = 2 [deprecated = true];

    // Customer-managed Active Directory mode.
    CUSTOMER_MANAGED_ACTIVE_DIRECTORY = 3;
  }

  // This is always sql#activeDirectoryConfig.
  string kind = 1;

  // The name of the domain (e.g., mydomain.com).
  string domain = 2;

  // Optional. The mode of the Active Directory configuration.
  ActiveDirectoryMode mode = 3 [(google.api.field_behavior) = OPTIONAL];

  // Optional. Domain controller IPv4 addresses used to bootstrap Active
  // Directory.
  repeated string dns_servers = 4 [
    (google.api.field_info).format = IPV4,
    (google.api.field_behavior) = OPTIONAL
  ];

  // Optional. The secret manager key storing the administrator credential.
  // (e.g., projects/{project}/secrets/{secret}).
  string admin_credential_secret_name = 5
      [(google.api.field_behavior) = OPTIONAL];

  // Optional. The organizational unit distinguished name. This is the full
  // hierarchical path to the organizational unit.
  string organizational_unit = 6 [(google.api.field_behavior) = OPTIONAL];
}

// SQL Server specific audit configuration.
message SqlServerAuditConfig {
  // This is always sql#sqlServerAuditConfig
  string kind = 1;

  // The name of the destination bucket (e.g., gs://mybucket).
  string bucket = 2;

  // How long to keep generated audit files.
  google.protobuf.Duration retention_interval = 3;

  // How often to upload generated audit files.
  google.protobuf.Duration upload_interval = 4;
}

// SQL Server Entra ID configuration.
message SqlServerEntraIdConfig {
  // Output only. This is always sql#sqlServerEntraIdConfig
  string kind = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Optional. The tenant ID for the Entra ID configuration.
  string tenant_id = 2 [(google.api.field_behavior) = OPTIONAL];

  // Optional. The application ID for the Entra ID configuration.
  string application_id = 3 [(google.api.field_behavior) = OPTIONAL];
}

enum SqlBackendType {
  // This is an unknown backend type for instance.
  SQL_BACKEND_TYPE_UNSPECIFIED = 0;

  // V1 speckle instance.
  FIRST_GEN = 1 [deprecated = true];

  // V2 speckle instance.
  SECOND_GEN = 2;

  // On premises instance.
  EXTERNAL = 3;
}

enum SqlIpAddressType {
  // This is an unknown IP address type.
  SQL_IP_ADDRESS_TYPE_UNSPECIFIED = 0;

  // IP address the customer is supposed to connect to. Usually this is the
  // load balancer's IP address
  PRIMARY = 1;

  // Source IP address of the connection a read replica establishes to its
  // external primary instance. This IP address can be allowlisted by the
  // customer in case it has a firewall that filters incoming connection to its
  // on premises primary instance.
  OUTGOING = 2;

  // Private IP used when using private IPs and network peering.
  PRIVATE = 3;

  // V1 IP of a migrated instance. We want the user to
  // decommission this IP as soon as the migration is complete.
  // Note: V1 instances with V1 ip addresses will be counted as PRIMARY.
  MIGRATED_1ST_GEN = 4;
}

// The database engine type and version.
enum SqlDatabaseVersion {
  // This is an unknown database version.
  SQL_DATABASE_VERSION_UNSPECIFIED = 0;

  // The database version is MySQL 5.1.
  MYSQL_5_1 = 2 [deprecated = true];

  // The database version is MySQL 5.5.
  MYSQL_5_5 = 3 [deprecated = true];

  // The database version is MySQL 5.6.
  MYSQL_5_6 = 5;

  // The database version is MySQL 5.7.
  MYSQL_5_7 = 6;

  // The database version is MySQL 8.
  MYSQL_8_0 = 20;

  // The database major version is MySQL 8.0 and the minor version is 18.
  MYSQL_8_0_18 = 41;

  // The database major version is MySQL 8.0 and the minor version is 26.
  MYSQL_8_0_26 = 85;

  // The database major version is MySQL 8.0 and the minor version is 27.
  MYSQL_8_0_27 = 111;

  // The database major version is MySQL 8.0 and the minor version is 28.
  MYSQL_8_0_28 = 132;

  // The database major version is MySQL 8.0 and the minor version is 29.
  MYSQL_8_0_29 = 148 [deprecated = true];

  // The database major version is MySQL 8.0 and the minor version is 30.
  MYSQL_8_0_30 = 174;

  // The database major version is MySQL 8.0 and the minor version is 31.
  MYSQL_8_0_31 = 197;

  // The database major version is MySQL 8.0 and the minor version is 32.
  MYSQL_8_0_32 = 213;

  // The database major version is MySQL 8.0 and the minor version is 33.
  MYSQL_8_0_33 = 238;

  // The database major version is MySQL 8.0 and the minor version is 34.
  MYSQL_8_0_34 = 239;

  // The database major version is MySQL 8.0 and the minor version is 35.
  MYSQL_8_0_35 = 240;

  // The database major version is MySQL 8.0 and the minor version is 36.
  MYSQL_8_0_36 = 241;

  // The database major version is MySQL 8.0 and the minor version is 37.
  MYSQL_8_0_37 = 355;

  // The database major version is MySQL 8.0 and the minor version is 39.
  MYSQL_8_0_39 = 357;

  // The database major version is MySQL 8.0 and the minor version is 40.
  MYSQL_8_0_40 = 358;

  // The database major version is MySQL 8.0 and the minor version is 41.
  MYSQL_8_0_41 = 488;

  // The database major version is MySQL 8.0 and the minor version is 42.
  MYSQL_8_0_42 = 489;

  // The database major version is MySQL 8.0 and the minor version is 43.
  MYSQL_8_0_43 = 553;

  // The database major version is MySQL 8.0 and the minor version is 44.
  MYSQL_8_0_44 = 554;

  // The database major version is MySQL 8.0 and the minor version is 45.
  MYSQL_8_0_45 = 555;

  // The database major version is MySQL 8.0 and the minor version is 46.
  MYSQL_8_0_46 = 556;

  // The database version is MySQL 8.4.
  MYSQL_8_4 = 398;

  // The database version is MySQL 9.7.
  MYSQL_9_7 = 654;

  // The database version is SQL Server 2017 Standard.
  SQLSERVER_2017_STANDARD = 11;

  // The database version is SQL Server 2017 Enterprise.
  SQLSERVER_2017_ENTERPRISE = 14;

  // The database version is SQL Server 2017 Express.
  SQLSERVER_2017_EXPRESS = 15;

  // The database version is SQL Server 2017 Web.
  SQLSERVER_2017_WEB = 16;

  // The database version is PostgreSQL 9.6.
  POSTGRES_9_6 = 9;

  // The database version is PostgreSQL 10.
  POSTGRES_10 = 18;

  // The database version is PostgreSQL 11.
  POSTGRES_11 = 10;

  // The database version is PostgreSQL 12.
  POSTGRES_12 = 19;

  // The database version is PostgreSQL 13.
  POSTGRES_13 = 23;

  // The database version is PostgreSQL 14.
  POSTGRES_14 = 110;

  // The database version is PostgreSQL 15.
  POSTGRES_15 = 172;

  // The database version is PostgreSQL 16.
  POSTGRES_16 = 272;

  // The database version is PostgreSQL 17.
  POSTGRES_17 = 408;

  // The database version is PostgreSQL 18.
  POSTGRES_18 = 557;

  // The database version is SQL Server 2019 Standard.
  SQLSERVER_2019_STANDARD = 26;

  // The database version is SQL Server 2019 Enterprise.
  SQLSERVER_2019_ENTERPRISE = 27;

  // The database version is SQL Server 2019 Express.
  SQLSERVER_2019_EXPRESS = 28;

  // The database version is SQL Server 2019 Web.
  SQLSERVER_2019_WEB = 29;

  // The database version is SQL Server 2022 Standard.
  SQLSERVER_2022_STANDARD = 199;

  // The database version is SQL Server 2022 Enterprise.
  SQLSERVER_2022_ENTERPRISE = 200;

  // The database version is SQL Server 2022 Express.
  SQLSERVER_2022_EXPRESS = 201;

  // The database version is SQL Server 2022 Web.
  SQLSERVER_2022_WEB = 202;
}

// The pricing plan for this instance.
enum SqlPricingPlan {
  // This is an unknown pricing plan for this instance.
  SQL_PRICING_PLAN_UNSPECIFIED = 0;

  // The instance is billed at a monthly flat rate.
  PACKAGE = 1;

  // The instance is billed per usage.
  PER_USE = 2;
}

enum SqlReplicationType {
  // This is an unknown replication type for a Cloud SQL instance.
  SQL_REPLICATION_TYPE_UNSPECIFIED = 0;

  // The synchronous replication mode for First Generation instances. It is the
  // default value.
  SYNCHRONOUS = 1;

  // The asynchronous replication mode for First Generation instances. It
  // provides a slight performance gain, but if an outage occurs while this
  // option is set to asynchronous, you can lose up to a few seconds of updates
  // to your data.
  ASYNCHRONOUS = 2;
}

// The type of disk that is used for a v2 instance to use.
enum SqlDataDiskType {
  // This is an unknown data disk type.
  SQL_DATA_DISK_TYPE_UNSPECIFIED = 0;

  // An SSD data disk.
  PD_SSD = 1;

  // An HDD data disk.
  PD_HDD = 2;

  // This field is deprecated and will be removed from a future version of the
  // API.
  OBSOLETE_LOCAL_SSD = 3 [deprecated = true];

  // A Hyperdisk Balanced data disk.
  HYPERDISK_BALANCED = 4;
}

// The availability type of the given Cloud SQL instance.
enum SqlAvailabilityType {
  // This is an unknown Availability type.
  SQL_AVAILABILITY_TYPE_UNSPECIFIED = 0;

  // Zonal available instance.
  ZONAL = 1;

  // Regional available instance.
  REGIONAL = 2;
}

enum SqlUpdateTrack {
  // This is an unknown maintenance timing preference.
  SQL_UPDATE_TRACK_UNSPECIFIED = 0;

  // For an instance with a scheduled maintenance window, this maintenance
  // timing indicates that the maintenance update is scheduled 7 to 14 days
  // after the notification is sent out. Also referred to as `Week 1` (Console)
  // and `preview` (gcloud CLI).
  canary = 1;

  // For an instance with a scheduled maintenance window, this maintenance
  // timing indicates that the maintenance update is scheduled 15 to 21 days
  // after the notification is sent out. Also referred to as `Week 2` (Console)
  // and `production` (gcloud CLI).
  stable = 2;

  // For instance with a scheduled maintenance window, this maintenance
  // timing indicates that the maintenance update is scheduled 35 to 42 days
  // after the notification is sent out.
  week5 = 3;
}

// Acquire SSRS lease context.
message AcquireSsrsLeaseContext {
  // The username to be used as the setup login to connect to the database
  // server for SSRS setup.
  optional string setup_login = 1;

  // The username to be used as the service login to connect to the report
  // database for SSRS setup.
  optional string service_login = 2;

  // The report database to be used for SSRS setup.
  optional string report_database = 3;

  // Lease duration needed for SSRS setup.
  optional google.protobuf.Duration duration = 4;
}

// DNS metadata.
message DnsNameMapping {
  // The connection type of the DNS name.
  // This enum is not frozen, and new values may be added in the future.
  enum ConnectionType {
    // Unknown connection type.
    CONNECTION_TYPE_UNSPECIFIED = 0;

    // Public IP.
    PUBLIC = 1;

    // Private services access (private IP).
    PRIVATE_SERVICES_ACCESS = 2;

    // Private Service Connect.
    PRIVATE_SERVICE_CONNECT = 3;
  }

  // The scope that the DNS name applies to.
  enum DnsScope {
    // DNS scope not set. This value should not be used.
    DNS_SCOPE_UNSPECIFIED = 0;

    // Indicates an instance-level DNS name.
    INSTANCE = 1;

    // Indicates a cluster-level DNS name.
    CLUSTER = 2;
  }

  // The system responsible for managing the DNS record.
  enum RecordManager {
    // Record manager not set. This value should not be used.
    RECORD_MANAGER_UNSPECIFIED = 0;

    // The record may be managed by the customer. It is not automatically
    // managed by Cloud SQL automation.
    CUSTOMER = 1;

    // The record is managed by Cloud SQL, which will create, update,
    // and delete the DNS records for the zone automatically when
    // the Cloud SQL database instance is created or updated.
    CLOUD_SQL_AUTOMATION = 2;
  }

  // Output only. The DNS name.
  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The connection type of the DNS name.
  ConnectionType connection_type = 2
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The scope that the DNS name applies to.
  DnsScope dns_scope = 3 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The manager for this DNS record.
  RecordManager record_manager = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
}