Package google.spanner.admin.database.v1

Index

DatabaseAdmin

Cloud Spanner Database Admin API

The Cloud Spanner Database Admin API can be used to: * create, drop, and list databases * update the schema of pre-existing databases * create, delete, copy and list backups for a database * restore a database from an existing backup

CopyBackup

rpc CopyBackup(CopyBackupRequest) returns (Operation)

Starts copying a Cloud Spanner Backup. The returned backup long-running operation will have a name of the format projects/<project>/instances/<instance>/backups/<backup>/operations/<operation_id> and can be used to track copying of the backup. The operation is associated with the destination backup. The metadata field type is CopyBackupMetadata. The response field type is Backup, if successful. Cancelling the returned operation will stop the copying and delete the destination backup. Concurrent CopyBackup requests can run on the same source backup.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • spanner.backups.create

Requires the following IAM permission on the sourceBackup resource:

  • spanner.backups.copy

For more information, see the IAM documentation.

CreateBackup

rpc CreateBackup(CreateBackupRequest) returns (Operation)

Starts creating a new Cloud Spanner Backup. The returned backup long-running operation will have a name of the format projects/<project>/instances/<instance>/backups/<backup>/operations/<operation_id> and can be used to track creation of the backup. The metadata field type is CreateBackupMetadata. The response field type is Backup, if successful. Cancelling the returned operation will stop the creation and delete the backup. There can be only one pending backup creation per database. Backup creation of different databases can run concurrently.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the database resource:

  • spanner.databases.createBackup

Requires the following IAM permission on the parent resource:

  • spanner.backups.create

For more information, see the IAM documentation.

CreateDatabase

rpc CreateDatabase(CreateDatabaseRequest) returns (Operation)

Creates a new Cloud Spanner database and starts to prepare it for serving. The returned long-running operation will have a name of the format <database_name>/operations/<operation_id> and can be used to track preparation of the database. The metadata field type is CreateDatabaseMetadata. The response field type is Database, if successful.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteBackup

rpc DeleteBackup(DeleteBackupRequest) returns (Empty)

Deletes a pending or completed Backup.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DropDatabase

rpc DropDatabase(DropDatabaseRequest) returns (Empty)

Drops (aka deletes) a Cloud Spanner database. Completed backups for the database will be retained according to their expire_time. Note: Cloud Spanner might continue to accept requests for a few seconds after the database has been deleted.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetBackup

rpc GetBackup(GetBackupRequest) returns (Backup)

Gets metadata on a pending or completed Backup.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetDatabase

rpc GetDatabase(GetDatabaseRequest) returns (Database)

Gets the state of a Cloud Spanner database.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetDatabaseDdl

rpc GetDatabaseDdl(GetDatabaseDdlRequest) returns (GetDatabaseDdlResponse)

Returns the schema of a Cloud Spanner database as a list of formatted DDL statements. This method does not show pending schema updates, those may be queried using the Operations API.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetIamPolicy

rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy)

Gets the access control policy for a database or backup resource. Returns an empty policy if a database or backup exists but does not have a policy set.

Authorization requires spanner.databases.getIamPolicy permission on resource. For backups, authorization requires spanner.backups.getIamPolicy permission on resource.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListBackupOperations

rpc ListBackupOperations(ListBackupOperationsRequest) returns (ListBackupOperationsResponse)

Lists the backup long-running operations in the given instance. A backup operation has a name of the form projects/<project>/instances/<instance>/backups/<backup>/operations/<operation>. The long-running operation metadata field type metadata.type_url describes the type of the metadata. Operations returned include those that have completed/failed/canceled within the last 7 days, and pending operations. Operations returned are ordered by operation.metadata.value.progress.start_time in descending order starting from the most recently started operation.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListBackups

rpc ListBackups(ListBackupsRequest) returns (ListBackupsResponse)

Lists completed and pending backups. Backups returned are ordered by create_time in descending order, starting from the most recent create_time.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListDatabaseOperations

rpc ListDatabaseOperations(ListDatabaseOperationsRequest) returns (ListDatabaseOperationsResponse)

Lists database longrunning-operations. A database operation has a name of the form projects/<project>/instances/<instance>/databases/<database>/operations/<operation>. The long-running operation metadata field type metadata.type_url describes the type of the metadata. Operations returned include those that have completed/failed/canceled within the last 7 days, and pending operations.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListDatabaseRoles

rpc ListDatabaseRoles(ListDatabaseRolesRequest) returns (ListDatabaseRolesResponse)

Lists Cloud Spanner database roles.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListDatabases

rpc ListDatabases(ListDatabasesRequest) returns (ListDatabasesResponse)

Lists Cloud Spanner databases.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

RestoreDatabase

rpc RestoreDatabase(RestoreDatabaseRequest) returns (Operation)

Create a new database by restoring from a completed backup. The new database must be in the same project and in an instance with the same instance configuration as the instance containing the backup. The returned database long-running operation has a name of the format projects/<project>/instances/<instance>/databases/<database>/operations/<operation_id>, and can be used to track the progress of the operation, and to cancel it. The metadata field type is RestoreDatabaseMetadata. The response type is Database, if successful. Cancelling the returned operation will stop the restore and delete the database. There can be only one database being restored into an instance at a time. Once the restore operation completes, a new restore operation can be initiated, without waiting for the optimize operation associated with the first restore to complete.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

SetIamPolicy

rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy)

Sets the access control policy on a database or backup resource. Replaces any existing policy.

Authorization requires spanner.databases.setIamPolicy permission on resource. For backups, authorization requires spanner.backups.setIamPolicy permission on resource.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

TestIamPermissions

rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse)

Returns permissions that the caller has on the specified database or backup resource.

Attempting this RPC on a non-existent Cloud Spanner database will result in a NOT_FOUND error if the user has spanner.databases.list permission on the containing Cloud Spanner instance. Otherwise returns an empty set of permissions. Calling this method on a backup that does not exist will result in a NOT_FOUND error if the user has spanner.backups.list permission on the containing instance.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateBackup

rpc UpdateBackup(UpdateBackupRequest) returns (Backup)

Updates a pending or completed Backup.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • spanner.backups.update

For more information, see the IAM documentation.

UpdateDatabase

rpc UpdateDatabase(UpdateDatabaseRequest) returns (Operation)

Updates a Cloud Spanner database. The returned long-running operation can be used to track the progress of updating the database. If the named database does not exist, returns NOT_FOUND.

While the operation is pending:

  • The database's reconciling field is set to true.
  • Cancelling the operation is best-effort. If the cancellation succeeds, the operation metadata's cancel_time is set, the updates are reverted, and the operation terminates with a CANCELLED status.
  • New UpdateDatabase requests will return a FAILED_PRECONDITION error until the pending operation is done (returns successfully or with error).
  • Reading the database via the API continues to give the pre-request values.

Upon completion of the returned operation:

  • The new values are in effect and readable via the API.
  • The database's reconciling field becomes false.

The returned long-running operation will have a name of the format projects/<project>/instances/<instance>/databases/<database>/operations/<operation_id> and can be used to track the database modification. The metadata field type is UpdateDatabaseMetadata. The response field type is Database, if successful.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateDatabaseDdl

rpc UpdateDatabaseDdl(UpdateDatabaseDdlRequest) returns (Operation)

Updates the schema of a Cloud Spanner database by creating/altering/dropping tables, columns, indexes, etc. The returned long-running operation will have a name of the format <database_name>/operations/<operation_id> and can be used to track execution of the schema change(s). The metadata field type is UpdateDatabaseDdlMetadata. The operation has no response.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Backup

A backup of a Cloud Spanner database.

Fields
database

string

Required for the CreateBackup operation. Name of the database from which this backup was created. This needs to be in the same instance as the backup. Values are of the form projects/<project>/instances/<instance>/databases/<database>.

version_time

Timestamp

The backup will contain an externally consistent copy of the database at the timestamp specified by version_time. If version_time is not specified, the system will set version_time to the create_time of the backup.

expire_time

Timestamp

Required for the CreateBackup operation. The expiration time of the backup, with microseconds granularity that must be at least 6 hours and at most 366 days from the time the CreateBackup request is processed. Once the expire_time has passed, the backup is eligible to be automatically deleted by Cloud Spanner to free the resources used by the backup.

name

string

Output only for the CreateBackup operation. Required for the UpdateBackup operation.

A globally unique identifier for the backup which cannot be changed. Values are of the form projects/<project>/instances/<instance>/backups/[a-z][a-z0-9_\-]*[a-z0-9] The final segment of the name must be between 2 and 60 characters in length.

The backup is stored in the location(s) specified in the instance configuration of the instance containing the backup, identified by the prefix of the backup name of the form projects/<project>/instances/<instance>.

create_time

Timestamp

Output only. The time the CreateBackup request is received. If the request does not specify version_time, the version_time of the backup will be equivalent to the create_time.

size_bytes

int64

Output only. Size of the backup in bytes.

state

State

Output only. The current state of the backup.

referencing_databases[]

string

Output only. The names of the restored databases that reference the backup. The database names are of the form projects/<project>/instances/<instance>/databases/<database>. Referencing databases may exist in different instances. The existence of any referencing database prevents the backup from being deleted. When a restored database from the backup enters the READY state, the reference to the backup is removed.

encryption_info

EncryptionInfo

Output only. The encryption information for the backup.

database_dialect

DatabaseDialect

Output only. The database dialect information for the backup.

referencing_backups[]

string

Output only. The names of the destination backups being created by copying this source backup. The backup names are of the form projects/<project>/instances/<instance>/backups/<backup>. Referencing backups may exist in different instances. The existence of any referencing backup prevents the backup from being deleted. When the copy operation is done (either successfully completed or cancelled or the destination backup is deleted), the reference to the backup is removed.

max_expire_time

Timestamp

Output only. The max allowed expiration time of the backup, with microseconds granularity. A backup's expiration time can be configured in multiple APIs: CreateBackup, UpdateBackup, CopyBackup. When updating or copying an existing backup, the expiration time specified must be less than Backup.max_expire_time.

State

Indicates the current state of the backup.

Enums
STATE_UNSPECIFIED Not specified.
CREATING The pending backup is still being created. Operations on the backup may fail with FAILED_PRECONDITION in this state.
READY The backup is complete and ready for use.

BackupInfo

Information about a backup.

Fields
backup

string

Name of the backup.

version_time

Timestamp

The backup contains an externally consistent copy of source_database at the timestamp specified by version_time. If the CreateBackup request did not specify version_time, the version_time of the backup is equivalent to the create_time.

create_time

Timestamp

The time the CreateBackup request was received.

source_database

string

Name of the database the backup was created from.

CopyBackupEncryptionConfig

Encryption configuration for the copied backup.

Fields
encryption_type

EncryptionType

Required. The encryption type of the backup.

kms_key_name

string

Optional. The Cloud KMS key that will be used to protect the backup. This field should be set only when encryption_type is CUSTOMER_MANAGED_ENCRYPTION. Values are of the form projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>.

EncryptionType

Encryption types for the backup.

Enums
ENCRYPTION_TYPE_UNSPECIFIED Unspecified. Do not use.
USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION This is the default option for CopyBackup when encryption_config is not specified. For example, if the source backup is using Customer_Managed_Encryption, the backup will be using the same Cloud KMS key as the source backup.
GOOGLE_DEFAULT_ENCRYPTION Use Google default encryption.
CUSTOMER_MANAGED_ENCRYPTION Use customer managed encryption. If specified, either kms_key_name or kms_key_names must contain valid Cloud KMS key(s).

CopyBackupMetadata

Metadata type for the operation returned by CopyBackup.

Fields
name

string

The name of the backup being created through the copy operation. Values are of the form projects/<project>/instances/<instance>/backups/<backup>.

source_backup

string

The name of the source backup that is being copied. Values are of the form projects/<project>/instances/<instance>/backups/<backup>.

progress

OperationProgress

The progress of the CopyBackup operation.

cancel_time

Timestamp

The time at which cancellation of CopyBackup operation was received. Operations.CancelOperation starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.

CopyBackupRequest

The request for CopyBackup.

Fields
parent

string

Required. The name of the destination instance that will contain the backup copy. Values are of the form: projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.backups.create
backup_id

string

Required. The id of the backup copy. The backup_id appended to parent forms the full backup_uri of the form projects/<project>/instances/<instance>/backups/<backup>.

source_backup

string

Required. The source backup to be copied. The source backup needs to be in READY state for it to be copied. Once CopyBackup is in progress, the source backup cannot be deleted or cleaned up on expiration until CopyBackup is finished. Values are of the form: projects/<project>/instances/<instance>/backups/<backup>.

Authorization requires the following IAM permission on the specified resource sourceBackup:

  • spanner.backups.copy
expire_time

Timestamp

Required. The expiration time of the backup in microsecond granularity. The expiration time must be at least 6 hours and at most 366 days from the create_time of the source backup. Once the expire_time has passed, the backup is eligible to be automatically deleted by Cloud Spanner to free the resources used by the backup.

encryption_config

CopyBackupEncryptionConfig

Optional. The encryption configuration used to encrypt the backup. If this field is not specified, the backup will use the same encryption configuration as the source backup by default, namely encryption_type = USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION.

CreateBackupEncryptionConfig

Encryption configuration for the backup to create.

Fields
encryption_type

EncryptionType

Required. The encryption type of the backup.

kms_key_name

string

Optional. The Cloud KMS key that will be used to protect the backup. This field should be set only when encryption_type is CUSTOMER_MANAGED_ENCRYPTION. Values are of the form projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>.

EncryptionType

Encryption types for the backup.

Enums
ENCRYPTION_TYPE_UNSPECIFIED Unspecified. Do not use.
USE_DATABASE_ENCRYPTION Use the same encryption configuration as the database. This is the default option when encryption_config is empty. For example, if the database is using Customer_Managed_Encryption, the backup will be using the same Cloud KMS key as the database.
GOOGLE_DEFAULT_ENCRYPTION Use Google default encryption.
CUSTOMER_MANAGED_ENCRYPTION Use customer managed encryption. If specified, kms_key_name must contain a valid Cloud KMS key.

CreateBackupMetadata

Metadata type for the operation returned by CreateBackup.

Fields
name

string

The name of the backup being created.

database

string

The name of the database the backup is created from.

progress

OperationProgress

The progress of the CreateBackup operation.

cancel_time

Timestamp

The time at which cancellation of this operation was received. Operations.CancelOperation starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.

CreateBackupRequest

The request for CreateBackup.

Fields
parent

string

Required. The name of the instance in which the backup will be created. This must be the same instance that contains the database the backup will be created from. The backup will be stored in the location(s) specified in the instance configuration of this instance. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.backups.create
backup_id

string

Required. The id of the backup to be created. The backup_id appended to parent forms the full backup name of the form projects/<project>/instances/<instance>/backups/<backup_id>.

backup

Backup

Required. The backup to create.

encryption_config

CreateBackupEncryptionConfig

Optional. The encryption configuration used to encrypt the backup. If this field is not specified, the backup will use the same encryption configuration as the database by default, namely encryption_type = USE_DATABASE_ENCRYPTION.

CreateDatabaseMetadata

Metadata type for the operation returned by CreateDatabase.

Fields
database

string

The database being created.

CreateDatabaseRequest

The request for CreateDatabase.

Fields
parent

string

Required. The name of the instance that will serve the new database. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.databases.create
create_statement

string

Required. A CREATE DATABASE statement, which specifies the ID of the new database. The database ID must conform to the regular expression [a-z][a-z0-9_\-]*[a-z0-9] and be between 2 and 30 characters in length. If the database ID is a reserved word or if it contains a hyphen, the database ID must be enclosed in backticks (`).

extra_statements[]

string

Optional. A list of DDL statements to run inside the newly created database. Statements can create tables, indexes, etc. These statements execute atomically with the creation of the database: if there is an error in any statement, the database is not created.

encryption_config

EncryptionConfig

Optional. The encryption configuration for the database. If this field is not specified, Cloud Spanner will encrypt/decrypt all data at rest using Google default encryption.

database_dialect

DatabaseDialect

Optional. The dialect of the Cloud Spanner Database.

Database

A Cloud Spanner database.

Fields
name

string

Required. The name of the database. Values are of the form projects/<project>/instances/<instance>/databases/<database>, where <database> is as specified in the CREATE DATABASE statement. This name can be passed to other API methods to identify the database.

state

State

Output only. The current database state.

create_time

Timestamp

Output only. If exists, the time at which the database creation started.

restore_info

RestoreInfo

Output only. Applicable only for restored databases. Contains information about the restore source.

encryption_config

EncryptionConfig

Output only. For databases that are using customer managed encryption, this field contains the encryption configuration for the database. For databases that are using Google default or other types of encryption, this field is empty.

encryption_info[]

EncryptionInfo

Output only. For databases that are using customer managed encryption, this field contains the encryption information for the database, such as all Cloud KMS key versions that are in use. The encryption_status' field inside of eachEncryptionInfo` is not populated.

For databases that are using Google default or other types of encryption, this field is empty.

This field is propagated lazily from the backend. There might be a delay from when a key version is being used and when it appears in this field.

version_retention_period

string

Output only. The period in which Cloud Spanner retains all versions of data for the database. This is the same as the value of version_retention_period database option set using UpdateDatabaseDdl. Defaults to 1 hour, if not set.

earliest_version_time

Timestamp

Output only. Earliest timestamp at which older versions of the data can be read. This value is continuously updated by Cloud Spanner and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery.

default_leader

string

Output only. The read-write region which contains the database's leader replicas.

This is the same as the value of default_leader database option set using DatabaseAdmin.CreateDatabase or DatabaseAdmin.UpdateDatabaseDdl. If not explicitly set, this is empty.

database_dialect

DatabaseDialect

Output only. The dialect of the Cloud Spanner Database.

enable_drop_protection

bool

Whether drop protection is enabled for this database. Defaults to false, if not set. For more details, please see how to prevent accidental database deletion.

reconciling

bool

Output only. If true, the database is being updated. If false, there are no ongoing update operations for the database.

State

Indicates the current state of the database.

Enums
STATE_UNSPECIFIED Not specified.
CREATING The database is still being created. Operations on the database may fail with FAILED_PRECONDITION in this state.
READY The database is fully created and ready for use.
READY_OPTIMIZING

The database is fully created and ready for use, but is still being optimized for performance and cannot handle full load.

In this state, the database still references the backup it was restore from, preventing the backup from being deleted. When optimizations are complete, the full performance of the database will be restored, and the database will transition to READY state.

DatabaseDialect

Indicates the dialect type of a database.

Enums
DATABASE_DIALECT_UNSPECIFIED Default value. This value will create a database with the GOOGLE_STANDARD_SQL dialect.
GOOGLE_STANDARD_SQL GoogleSQL supported SQL.
POSTGRESQL PostgreSQL supported SQL.

DatabaseRole

A Cloud Spanner database role.

Fields
name

string

Required. The name of the database role. Values are of the form projects/<project>/instances/<instance>/databases/<database>/databaseRoles/<role> where <role> is as specified in the CREATE ROLE DDL statement.

DdlStatementActionInfo

Action information extracted from a DDL statement. This proto is used to display the brief info of the DDL statement for the operation UpdateDatabaseDdl.

Fields
action

string

The action for the DDL statement, e.g. CREATE, ALTER, DROP, GRANT, etc. This field is a non-empty string.

entity_type

string

The entity type for the DDL statement, e.g. TABLE, INDEX, VIEW, etc. This field can be empty string for some DDL statement, e.g. for statement "ANALYZE", entity_type = "".

entity_names[]

string

The entity name(s) being operated on the DDL statement. E.g. 1. For statement "CREATE TABLE t1(...)", entity_names = ["t1"]. 2. For statement "GRANT ROLE r1, r2 ...", entity_names = ["r1", "r2"]. 3. For statement "ANALYZE", entity_names = [].

DeleteBackupRequest

The request for DeleteBackup.

Fields
name

string

Required. Name of the backup to delete. Values are of the form projects/<project>/instances/<instance>/backups/<backup>.

Authorization requires the following IAM permission on the specified resource name:

  • spanner.backups.delete

DropDatabaseRequest

The request for DropDatabase.

Fields
database

string

Required. The database to be dropped.

Authorization requires the following IAM permission on the specified resource database:

  • spanner.databases.drop

EncryptionConfig

Encryption configuration for a Cloud Spanner database.

Fields
kms_key_name

string

The Cloud KMS key to be used for encrypting and decrypting the database. Values are of the form projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>.

EncryptionInfo

Encryption information for a Cloud Spanner database or backup.

Fields
encryption_type

Type

Output only. The type of encryption.

encryption_status

Status

Output only. If present, the status of a recent encrypt/decrypt call on underlying data for this database or backup. Regardless of status, data is always encrypted at rest.

kms_key_version

string

Output only. A Cloud KMS key version that is being used to protect the database or backup.

Type

Possible encryption types.

Enums
TYPE_UNSPECIFIED Encryption type was not specified, though data at rest remains encrypted.
GOOGLE_DEFAULT_ENCRYPTION The data is encrypted at rest with a key that is fully managed by Google. No key version or status will be populated. This is the default state.
CUSTOMER_MANAGED_ENCRYPTION The data is encrypted at rest with a key that is managed by the customer. The active version of the key. kms_key_version will be populated, and encryption_status may be populated.

GetBackupRequest

The request for GetBackup.

Fields
name

string

Required. Name of the backup. Values are of the form projects/<project>/instances/<instance>/backups/<backup>.

Authorization requires the following IAM permission on the specified resource name:

  • spanner.backups.get

GetDatabaseDdlRequest

The request for GetDatabaseDdl.

Fields
database

string

Required. The database whose schema we wish to get. Values are of the form projects/<project>/instances/<instance>/databases/<database>

Authorization requires the following IAM permission on the specified resource database:

  • spanner.databases.getDdl

GetDatabaseDdlResponse

The response for GetDatabaseDdl.

Fields
statements[]

string

A list of formatted DDL statements defining the schema of the database specified in the request.

GetDatabaseRequest

The request for GetDatabase.

Fields
name

string

Required. The name of the requested database. Values are of the form projects/<project>/instances/<instance>/databases/<database>.

Authorization requires the following IAM permission on the specified resource name:

  • spanner.databases.get

ListBackupOperationsRequest

The request for ListBackupOperations.

Fields
parent

string

Required. The instance of the backup operations. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.backupOperations.list
filter

string

An expression that filters the list of returned backup operations.

A filter expression consists of a field name, a comparison operator, and a value for filtering. The value must be a string, a number, or a boolean. The comparison operator must be one of: <, >, <=, >=, !=, =, or :. Colon : is the contains operator. Filter rules are not case sensitive.

The following fields in the operation are eligible for filtering:

  • name - The name of the long-running operation
  • done - False if the operation is in progress, else true.
  • metadata.@type - the type of metadata. For example, the type string for CreateBackupMetadata is type.googleapis.com/google.spanner.admin.database.v1.CreateBackupMetadata.
  • metadata.<field_name> - any field in metadata.value. metadata.@type must be specified first if filtering on metadata fields.
  • error - Error associated with the long-running operation.
  • response.@type - the type of response.
  • response.<field_name> - any field in response.value.

You can combine multiple expressions by enclosing each expression in parentheses. By default, expressions are combined with AND logic, but you can specify AND, OR, and NOT logic explicitly.

Here are a few examples:

  • done:true - The operation is complete.
  • (metadata.@type=type.googleapis.com/google.spanner.admin.database.v1.CreateBackupMetadata) AND \ metadata.database:prod - Returns operations where:
    • The operation's metadata type is CreateBackupMetadata.
    • The source database name of backup contains the string "prod".
  • (metadata.@type=type.googleapis.com/google.spanner.admin.database.v1.CreateBackupMetadata) AND \ (metadata.name:howl) AND \ (metadata.progress.start_time < \"2018-03-28T14:50:00Z\") AND \ (error:*) - Returns operations where:
    • The operation's metadata type is CreateBackupMetadata.
    • The backup name contains the string "howl".
    • The operation started before 2018-03-28T14:50:00Z.
    • The operation resulted in an error.
  • (metadata.@type=type.googleapis.com/google.spanner.admin.database.v1.CopyBackupMetadata) AND \ (metadata.source_backup:test) AND \ (metadata.progress.start_time < \"2022-01-18T14:50:00Z\") AND \ (error:*) - Returns operations where:
    • The operation's metadata type is CopyBackupMetadata.
    • The source backup name contains the string "test".
    • The operation started before 2022-01-18T14:50:00Z.
    • The operation resulted in an error.
  • ((metadata.@type=type.googleapis.com/google.spanner.admin.database.v1.CreateBackupMetadata) AND \ (metadata.database:test_db)) OR \ ((metadata.@type=type.googleapis.com/google.spanner.admin.database.v1.CopyBackupMetadata) AND \ (metadata.source_backup:test_bkp)) AND \ (error:*) - Returns operations where:
    • The operation's metadata matches either of criteria:
    • The operation's metadata type is CreateBackupMetadata AND the source database name of the backup contains the string "test_db"
    • The operation's metadata type is CopyBackupMetadata AND the source backup name contains the string "test_bkp"
    • The operation resulted in an error.
page_size

int32

Number of operations to be returned in the response. If 0 or less, defaults to the server's maximum allowed page size.

page_token

string

If non-empty, page_token should contain a next_page_token from a previous ListBackupOperationsResponse to the same parent and with the same filter.

ListBackupOperationsResponse

The response for ListBackupOperations.

Fields
operations[]

Operation

The list of matching backup long-running operations. Each operation's name will be prefixed by the backup's name. The operation's metadata field type metadata.type_url describes the type of the metadata. Operations returned include those that are pending or have completed/failed/canceled within the last 7 days. Operations returned are ordered by operation.metadata.value.progress.start_time in descending order starting from the most recently started operation.

next_page_token

string

next_page_token can be sent in a subsequent ListBackupOperations call to fetch more of the matching metadata.

ListBackupsRequest

The request for ListBackups.

Fields
parent

string

Required. The instance to list backups from. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.backups.list
filter

string

An expression that filters the list of returned backups.

A filter expression consists of a field name, a comparison operator, and a value for filtering. The value must be a string, a number, or a boolean. The comparison operator must be one of: <, >, <=, >=, !=, =, or :. Colon : is the contains operator. Filter rules are not case sensitive.

The following fields in the Backup are eligible for filtering:

  • name
  • database
  • state
  • create_time (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
  • expire_time (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
  • version_time (and values are of the format YYYY-MM-DDTHH:MM:SSZ)
  • size_bytes

You can combine multiple expressions by enclosing each expression in parentheses. By default, expressions are combined with AND logic, but you can specify AND, OR, and NOT logic explicitly.

Here are a few examples:

  • name:Howl - The backup's name contains the string "howl".
  • database:prod - The database's name contains the string "prod".
  • state:CREATING - The backup is pending creation.
  • state:READY - The backup is fully created and ready for use.
  • (name:howl) AND (create_time < \"2018-03-28T14:50:00Z\") - The backup name contains the string "howl" and create_time of the backup is before 2018-03-28T14:50:00Z.
  • expire_time < \"2018-03-28T14:50:00Z\" - The backup expire_time is before 2018-03-28T14:50:00Z.
  • size_bytes > 10000000000 - The backup's size is greater than 10GB
page_size

int32

Number of backups to be returned in the response. If 0 or less, defaults to the server's maximum allowed page size.

page_token

string

If non-empty, page_token should contain a next_page_token from a previous ListBackupsResponse to the same parent and with the same filter.

ListBackupsResponse

The response for ListBackups.

Fields
backups[]

Backup

The list of matching backups. Backups returned are ordered by create_time in descending order, starting from the most recent create_time.

next_page_token

string

next_page_token can be sent in a subsequent ListBackups call to fetch more of the matching backups.

ListDatabaseOperationsRequest

The request for ListDatabaseOperations.

Fields
parent

string

Required. The instance of the database operations. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.databaseOperations.list
filter

string

An expression that filters the list of returned operations.

A filter expression consists of a field name, a comparison operator, and a value for filtering. The value must be a string, a number, or a boolean. The comparison operator must be one of: <, >, <=, >=, !=, =, or :. Colon : is the contains operator. Filter rules are not case sensitive.

The following fields in the Operation are eligible for filtering:

  • name - The name of the long-running operation
  • done - False if the operation is in progress, else true.
  • metadata.@type - the type of metadata. For example, the type string for RestoreDatabaseMetadata is type.googleapis.com/google.spanner.admin.database.v1.RestoreDatabaseMetadata.
  • metadata.<field_name> - any field in metadata.value. metadata.@type must be specified first, if filtering on metadata fields.
  • error - Error associated with the long-running operation.
  • response.@type - the type of response.
  • response.<field_name> - any field in response.value.

You can combine multiple expressions by enclosing each expression in parentheses. By default, expressions are combined with AND logic. However, you can specify AND, OR, and NOT logic explicitly.

Here are a few examples:

  • done:true - The operation is complete.
  • (metadata.@type=type.googleapis.com/google.spanner.admin.database.v1.RestoreDatabaseMetadata) AND \ (metadata.source_type:BACKUP) AND \ (metadata.backup_info.backup:backup_howl) AND \ (metadata.name:restored_howl) AND \ (metadata.progress.start_time < \"2018-03-28T14:50:00Z\") AND \ (error:*) - Return operations where:
    • The operation's metadata type is RestoreDatabaseMetadata.
    • The database is restored from a backup.
    • The backup name contains "backup_howl".
    • The restored database's name contains "restored_howl".
    • The operation started before 2018-03-28T14:50:00Z.
    • The operation resulted in an error.
page_size

int32

Number of operations to be returned in the response. If 0 or less, defaults to the server's maximum allowed page size.

page_token

string

If non-empty, page_token should contain a next_page_token from a previous ListDatabaseOperationsResponse to the same parent and with the same filter.

ListDatabaseOperationsResponse

The response for ListDatabaseOperations.

Fields
operations[]

Operation

The list of matching database long-running operations. Each operation's name will be prefixed by the database's name. The operation's metadata field type metadata.type_url describes the type of the metadata.

next_page_token

string

next_page_token can be sent in a subsequent ListDatabaseOperations call to fetch more of the matching metadata.

ListDatabaseRolesRequest

The request for ListDatabaseRoles.

Fields
parent

string

Required. The database whose roles should be listed. Values are of the form projects/<project>/instances/<instance>/databases/<database>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.databasesRoles.list
page_size

int32

Number of database roles to be returned in the response. If 0 or less, defaults to the server's maximum allowed page size.

page_token

string

If non-empty, page_token should contain a next_page_token from a previous ListDatabaseRolesResponse.

ListDatabaseRolesResponse

The response for ListDatabaseRoles.

Fields
database_roles[]

DatabaseRole

Database roles that matched the request.

next_page_token

string

next_page_token can be sent in a subsequent ListDatabaseRoles call to fetch more of the matching roles.

ListDatabasesRequest

The request for ListDatabases.

Fields
parent

string

Required. The instance whose databases should be listed. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.databases.list
page_size

int32

Number of databases to be returned in the response. If 0 or less, defaults to the server's maximum allowed page size.

page_token

string

If non-empty, page_token should contain a next_page_token from a previous ListDatabasesResponse.

ListDatabasesResponse

The response for ListDatabases.

Fields
databases[]

Database

Databases that matched the request.

next_page_token

string

next_page_token can be sent in a subsequent ListDatabases call to fetch more of the matching databases.

OperationProgress

Encapsulates progress related information for a Cloud Spanner long running operation.

Fields
progress_percent

int32

Percent completion of the operation. Values are between 0 and 100 inclusive.

start_time

Timestamp

Time the request was received.

end_time

Timestamp

If set, the time at which this operation failed or was completed successfully.

OptimizeRestoredDatabaseMetadata

Metadata type for the long-running operation used to track the progress of optimizations performed on a newly restored database. This long-running operation is automatically created by the system after the successful completion of a database restore, and cannot be cancelled.

Fields
name

string

Name of the restored database being optimized.

progress

OperationProgress

The progress of the post-restore optimizations.

RestoreDatabaseEncryptionConfig

Encryption configuration for the restored database.

Fields
encryption_type

EncryptionType

Required. The encryption type of the restored database.

kms_key_name

string

Optional. The Cloud KMS key that will be used to encrypt/decrypt the restored database. This field should be set only when encryption_type is CUSTOMER_MANAGED_ENCRYPTION. Values are of the form projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>.

EncryptionType

Encryption types for the database to be restored.

Enums
ENCRYPTION_TYPE_UNSPECIFIED Unspecified. Do not use.
USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION This is the default option when encryption_config is not specified.
GOOGLE_DEFAULT_ENCRYPTION Use Google default encryption.
CUSTOMER_MANAGED_ENCRYPTION Use customer managed encryption. If specified, kms_key_name must must contain a valid Cloud KMS key.

RestoreDatabaseMetadata

Metadata type for the long-running operation returned by RestoreDatabase.

Fields
name

string

Name of the database being created and restored to.

source_type

RestoreSourceType

The type of the restore source.

progress

OperationProgress

The progress of the RestoreDatabase operation.

cancel_time

Timestamp

The time at which cancellation of this operation was received. Operations.CancelOperation starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.

optimize_database_operation_name

string

If exists, the name of the long-running operation that will be used to track the post-restore optimization process to optimize the performance of the restored database, and remove the dependency on the restore source. The name is of the form projects/<project>/instances/<instance>/databases/<database>/operations/<operation> where the is the name of database being created and restored to. The metadata type of the long-running operation is OptimizeRestoredDatabaseMetadata. This long-running operation will be automatically created by the system after the RestoreDatabase long-running operation completes successfully. This operation will not be created if the restore was not successful.

Union field source_info. Information about the source used to restore the database, as specified by source in RestoreDatabaseRequest. source_info can be only one of the following:
backup_info

BackupInfo

Information about the backup used to restore the database.

RestoreDatabaseRequest

The request for RestoreDatabase.

Fields
parent

string

Required. The name of the instance in which to create the restored database. This instance must be in the same project and have the same instance configuration as the instance containing the source backup. Values are of the form projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

  • spanner.databases.create
database_id

string

Required. The id of the database to create and restore to. This database must not already exist. The database_id appended to parent forms the full database name of the form projects/<project>/instances/<instance>/databases/<database_id>.

encryption_config

RestoreDatabaseEncryptionConfig

Optional. An encryption configuration describing the encryption type and key resources in Cloud KMS used to encrypt/decrypt the database to restore to. If this field is not specified, the restored database will use the same encryption configuration as the backup by default, namely encryption_type = USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION.

Union field source. Required. The source from which to restore. source can be only one of the following:
backup

string

Name of the backup from which to restore. Values are of the form projects/<project>/instances/<instance>/backups/<backup>.

Authorization requires the following IAM permission on the specified resource backup:

  • spanner.backups.restoreDatabase

RestoreInfo

Information about the database restore.

Fields
source_type

RestoreSourceType

The type of the restore source.

Union field source_info. Information about the source used to restore the database. source_info can be only one of the following:
backup_info

BackupInfo

Information about the backup used to restore the database. The backup may no longer exist.

RestoreSourceType

Indicates the type of the restore source.

Enums
TYPE_UNSPECIFIED No restore associated.
BACKUP A backup was used as the source of the restore.

UpdateBackupRequest

The request for UpdateBackup.

Fields
backup

Backup

Required. The backup to update. backup.name, and the fields to be updated as specified by update_mask are required. Other fields are ignored. Update is only supported for the following fields: * backup.expire_time.

Authorization requires the following IAM permission on the specified resource backup:

  • spanner.backups.update
update_mask

FieldMask

Required. A mask specifying which fields (e.g. expire_time) in the Backup resource should be updated. This mask is relative to the Backup resource, not to the request message. The field mask must always be specified; this prevents any future fields from being erased accidentally by clients that do not know about them.

UpdateDatabaseDdlMetadata

Metadata type for the operation returned by UpdateDatabaseDdl.

Fields
database

string

The database being modified.

statements[]

string

For an update this list contains all the statements. For an individual statement, this list contains only that statement.

commit_timestamps[]

Timestamp

Reports the commit timestamps of all statements that have succeeded so far, where commit_timestamps[i] is the commit timestamp for the statement statements[i].

throttled

bool

Output only. When true, indicates that the operation is throttled e.g. due to resource constraints. When resources become available the operation will resume and this field will be false again.

progress[]

OperationProgress

The progress of the UpdateDatabaseDdl operations. All DDL statements will have continuously updating progress, and progress[i] is the operation progress for statements[i]. Also, progress[i] will have start time and end time populated with commit timestamp of operation, as well as a progress of 100% once the operation has completed.

actions[]

DdlStatementActionInfo

The brief action info for the DDL statements. actions[i] is the brief info for statements[i].

UpdateDatabaseDdlRequest

Enqueues the given DDL statements to be applied, in order but not necessarily all at once, to the database schema at some point (or points) in the future. The server checks that the statements are executable (syntactically valid, name tables that exist, etc.) before enqueueing them, but they may still fail upon later execution (e.g., if a statement from another batch of statements is applied first and it conflicts in some way, or if there is some data-related problem like a NULL value in a column to which NOT NULL would be added). If a statement fails, all subsequent statements in the batch are automatically cancelled.

Each batch of statements is assigned a name which can be used with the Operations API to monitor progress. See the operation_id field for more details.

Fields
database

string

Required. The database to update.

Authorization requires the following IAM permission on the specified resource database:

  • spanner.databases.updateDdl
statements[]

string

Required. DDL statements to be applied to the database.

operation_id

string

If empty, the new update request is assigned an automatically-generated operation ID. Otherwise, operation_id is used to construct the name of the resulting Operation.

Specifying an explicit operation ID simplifies determining whether the statements were executed in the event that the UpdateDatabaseDdl call is replayed, or the return value is otherwise lost: the database and operation_id fields can be combined to form the name of the resulting longrunning.Operation: <database>/operations/<operation_id>.

operation_id should be unique within the database, and must be a valid identifier: [a-z][a-z0-9_]*. Note that automatically-generated operation IDs always begin with an underscore. If the named operation already exists, UpdateDatabaseDdl returns ALREADY_EXISTS.

UpdateDatabaseMetadata

Metadata type for the operation returned by UpdateDatabase.

Fields
request

UpdateDatabaseRequest

The request for UpdateDatabase.

progress

OperationProgress

The progress of the UpdateDatabase operation.

cancel_time

Timestamp

The time at which this operation was cancelled. If set, this operation is in the process of undoing itself (which is best-effort).

UpdateDatabaseRequest

The request for UpdateDatabase.

Fields
database

Database

Required. The database to update. The name field of the database is of the form projects/<project>/instances/<instance>/databases/<database>.

Authorization requires the following IAM permission on the specified resource database:

  • spanner.databases.update
update_mask

FieldMask

Required. The list of fields to update. Currently, only enable_drop_protection field can be updated.