Sync: sync/c41082c0d

endpoints.md

@@ -106,6 +106,8 @@
   * [nebius.vpc.v1.PoolService](nebius/vpc/v1/pool_service.proto)
   * [nebius.vpc.v1.RouteService](nebius/vpc/v1/route_service.proto)
   * [nebius.vpc.v1.RouteTableService](nebius/vpc/v1/route_table_service.proto)
+  * [nebius.vpc.v1.SecurityGroupService](nebius/vpc/v1/security_group_service.proto)
+  * [nebius.vpc.v1.SecurityRuleService](nebius/vpc/v1/security_rule_service.proto)
   * [nebius.vpc.v1.SubnetService](nebius/vpc/v1/subnet_service.proto)
   * [nebius.vpc.v1.TargetGroupService](nebius/vpc/v1/target_group_service.proto)
   * [nebius.vpc.v1alpha1.AllocationService](nebius/vpc/v1alpha1/allocation_service.proto)

nebius/compute/v1/network_interface.proto

@@ -45,6 +45,11 @@ message NetworkInterfaceSpec {
 
   // Assign ranges of IP addresses as aliases
   repeated IPAlias aliases = 6;
+
+  // Security groups associated with the network interface.
+  // If an empty list is provided, the default security group for the network will be used.
+  // Effective security groups can be seen in the status.
+  repeated SecurityGroup security_groups = 7;
 }
 
 // Describes an IPv4 address.
@@ -121,3 +126,8 @@ message PublicIPAddressStatus {
 message IPAliasesStatus {
   repeated string cidrs = 2;
 }
+
+message SecurityGroup {
+  // Security group identifier
+  string id = 1;
+}

nebius/vpc/v1/security_group.proto

@@ -0,0 +1,51 @@
+syntax = "proto3";
+
+package nebius.vpc.v1;
+
+import "buf/validate/validate.proto";
+import "nebius/annotations.proto";
+import "nebius/common/v1/metadata.proto";
+
+option go_package = "github.com/nebius/gosdk/proto/nebius/vpc/v1";
+option java_multiple_files = true;
+option java_outer_classname = "SecurityGroupProto";
+option java_package = "ai.nebius.pub.vpc.v1";
+
+// SecurityGroup is a logical grouping of resources
+// used to manage and apply network security policies collectively.
+// Security group applies implicit deny at the end (traffic not matched by any rule will be denied).
+message SecurityGroup {
+  // `metadata.parent_id` represents the Project.
+  common.v1.ResourceMetadata metadata = 1;
+
+  // Specification of the security group's configuration.
+  SecurityGroupSpec spec = 2;
+
+  // Current status of the security group.
+  SecurityGroupStatus status = 3;
+}
+
+message SecurityGroupSpec {
+  // ID of the VPC network this security group belongs to.
+  string network_id = 1 [
+    (buf.validate.field).required = true,
+    (field_behavior) = IMMUTABLE
+  ];
+}
+
+message SecurityGroupStatus {
+  // Enumeration of possible states of the security group.
+  enum State {
+    STATE_UNSPECIFIED = 0; // Default state, unspecified.
+
+    READY = 2; // Security group is ready for use.
+  }
+
+  // Current state of the security group.
+  State state = 1;
+
+  // Indicates if this is the default security group for the network.
+  // Only one security group can be default per network.
+  // Will be used on the interface if no other is specified.
+  bool default = 2;
+}

nebius/vpc/v1/security_group_service.proto

@@ -0,0 +1,107 @@
+syntax = "proto3";
+
+package nebius.vpc.v1;
+
+import "buf/validate/validate.proto";
+import "nebius/annotations.proto";
+import "nebius/common/v1/metadata.proto";
+import "nebius/common/v1/operation.proto";
+import "nebius/vpc/v1/security_group.proto";
+
+option go_package = "github.com/nebius/gosdk/proto/nebius/vpc/v1";
+option java_multiple_files = true;
+option java_outer_classname = "SecurityGroupServiceProto";
+option java_package = "ai.nebius.pub.vpc.v1";
+
+// SecurityGroupService provides operations for managing security groups.
+service SecurityGroupService {
+  option (api_service_name) = "vpc";
+
+  rpc Get(GetSecurityGroupRequest) returns (SecurityGroup);
+
+  rpc GetByName(GetSecurityGroupByNameRequest) returns (SecurityGroup);
+
+  rpc List(ListSecurityGroupsRequest) returns (ListSecurityGroupsResponse);
+
+  // Lists security groups in a specific network.
+  rpc ListByNetwork(ListSecurityGroupsByNetworkRequest) returns (ListSecurityGroupsResponse);
+
+  rpc Create(CreateSecurityGroupRequest) returns (common.v1.Operation);
+
+  rpc Update(UpdateSecurityGroupRequest) returns (common.v1.Operation);
+
+  rpc Delete(DeleteSecurityGroupRequest) returns (common.v1.Operation);
+}
+
+message GetSecurityGroupRequest {
+  string id = 1 [(buf.validate.field).required = true];
+}
+
+message GetSecurityGroupByNameRequest {
+  // ID of the Project.
+  string parent_id = 1 [(buf.validate.field).required = true];
+
+  string name = 2 [(buf.validate.field).required = true];
+}
+
+message ListSecurityGroupsRequest {
+  // ID of the Project.
+  string parent_id = 1 [(buf.validate.field).required = true];
+
+  int64 page_size = 2;
+
+  string page_token = 3;
+}
+
+message ListSecurityGroupsByNetworkRequest {
+  // ID of the Network.
+  string network_id = 1 [
+    (buf.validate.field).required = true,
+    (nid) = {
+      resource: ["vpcnetwork"]
+    }
+  ];
+
+  int64 page_size = 2;
+
+  string page_token = 3;
+}
+
+message ListSecurityGroupsResponse {
+  repeated SecurityGroup items = 1;
+
+  string next_page_token = 2;
+}
+
+message CreateSecurityGroupRequest {
+  common.v1.ResourceMetadata metadata = 1 [(buf.validate.field) = {
+    cel: [
+      {
+        id: "metadata_name"
+        message: "'name' must start with a letter or digit, allow '-', '_', '.', '/', and have a length between 2 and 255 characters."
+        expression: "this.name.matches('^[a-zA-Z0-9][-_./a-zA-Z0-9]{1,254}$')"
+      }
+    ]
+    required: true
+  }];
+
+  SecurityGroupSpec spec = 2 [(buf.validate.field).required = true];
+}
+
+message UpdateSecurityGroupRequest {
+  common.v1.ResourceMetadata metadata = 1 [(buf.validate.field) = {
+    cel: [
+      {
+        id: "metadata_name"
+        message: "'name' must start with a letter or digit, allow '-', '_', '.', '/', and have a length between 2 and 255 characters."
+        expression: "this.name.matches('^[a-zA-Z0-9][-_./a-zA-Z0-9]{1,254}$')"
+      }
+    ]
+  }];
+
+  SecurityGroupSpec spec = 2;
+}
+
+message DeleteSecurityGroupRequest {
+  string id = 1 [(buf.validate.field).required = true];
+}