- Resource: ConnectionProfile
- OracleProfile
- OracleSslConfig
- OracleAsmConfig
- GcsProfile
- MysqlProfile
- MysqlSslConfig
- BigQueryProfile
- PostgresqlProfile
- PostgresqlSslConfig
- ServerVerification
- ServerAndClientVerification
- SqlServerProfile
- SqlServerSslConfig
- EncryptionNotEnforced
- BasicEncryption
- EncryptionAndServerValidation
- SalesforceProfile
- UserCredentials
- Oauth2ClientCredentials
- MongodbProfile
- HostAddress
- MongodbSslConfig
- SrvConnectionFormat
- StandardConnectionFormat
- StaticServiceIpConnectivity
- ForwardSshTunnelConnectivity
- PrivateConnectivity
- Methods
Resource: ConnectionProfile
A set of reusable connection configurations to be used as a source or destination for a stream.
| JSON representation | 
|---|
| { "name": string, "createTime": string, "updateTime": string, "labels": { string: string, ... }, "displayName": string, "satisfiesPzs": boolean, "satisfiesPzi": boolean, // Union field | 
| Fields | |
|---|---|
| name | 
 Output only. Identifier. The resource's name. | 
| createTime | 
 Output only. The create time of the resource. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| updateTime | 
 Output only. The update time of the resource. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| labels | 
 Labels. An object containing a list of  | 
| displayName | 
 Required. Display name. | 
| satisfiesPzs | 
 Output only. Reserved for future use. | 
| satisfiesPzi | 
 Output only. Reserved for future use. | 
| Union field profile. Connection configuration for the ConnectionProfile.profilecan be only one of the following: | |
| oracleProfile | 
 Oracle ConnectionProfile configuration. | 
| gcsProfile | 
 Cloud Storage ConnectionProfile configuration. | 
| mysqlProfile | 
 MySQL ConnectionProfile configuration. | 
| bigqueryProfile | 
 BigQuery Connection Profile configuration. | 
| postgresqlProfile | 
 PostgreSQL Connection Profile configuration. | 
| sqlServerProfile | 
 SQLServer Connection Profile configuration. | 
| salesforceProfile | 
 Salesforce Connection Profile configuration. | 
| mongodbProfile | 
 MongoDB Connection Profile configuration. | 
| Union field connectivity. Connectivity options used to establish a connection to the profile.connectivitycan be only one of the following: | |
| staticServiceIpConnectivity | 
 Static Service IP connectivity. | 
| forwardSshConnectivity | 
 Forward SSH tunnel connectivity. | 
| privateConnectivity | 
 Private connectivity. | 
OracleProfile
Oracle database profile.
| JSON representation | 
|---|
| { "hostname": string, "port": integer, "username": string, "password": string, "databaseService": string, "connectionAttributes": { string: string, ... }, "oracleSslConfig": { object ( | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the Oracle connection. | 
| port | 
 Port for the Oracle connection, default value is 1521. | 
| username | 
 Required. Username for the Oracle connection. | 
| password | 
 Optional. Password for the Oracle connection. Mutually exclusive with the  | 
| databaseService | 
 Required. Database for the Oracle connection. | 
| connectionAttributes | 
 Connection string attributes An object containing a list of  | 
| oracleSslConfig | 
 Optional. SSL configuration for the Oracle connection. | 
| oracleAsmConfig | 
 Optional. Configuration for Oracle ASM connection. | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the Oracle connection password. Mutually exclusive with the  | 
OracleSslConfig
Oracle SSL configuration information.
| JSON representation | 
|---|
| { "caCertificate": string, "caCertificateSet": boolean, "serverCertificateDistinguishedName": string } | 
| Fields | |
|---|---|
| caCertificate | 
 Input only. PEM-encoded certificate of the CA that signed the source database server's certificate. | 
| caCertificateSet | 
 Output only. Indicates whether the caCertificate field has been set for this Connection-Profile. | 
| serverCertificateDistinguishedName | 
 Optional. The distinguished name (DN) mentioned in the server certificate. This corresponds to SSL_SERVER_CERT_DN sqlnet parameter. Refer https://docs.oracle.com/en/database/oracle/oracle-database/19/netrf/local-naming-parameters-in-tns-ora-file.html#GUID-70AB0695-A9AA-4A94-B141-4C605236EEB7 If this field is not provided, the DN matching is not enforced. | 
OracleAsmConfig
Configuration for Oracle Automatic Storage Management (ASM) connection.
| JSON representation | 
|---|
| {
  "hostname": string,
  "port": integer,
  "username": string,
  "password": string,
  "asmService": string,
  "connectionAttributes": {
    string: string,
    ...
  },
  "oracleSslConfig": {
    object ( | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the Oracle ASM connection. | 
| port | 
 Required. Port for the Oracle ASM connection. | 
| username | 
 Required. Username for the Oracle ASM connection. | 
| password | 
 Optional. Password for the Oracle ASM connection. Mutually exclusive with the  | 
| asmService | 
 Required. ASM service name for the Oracle ASM connection. | 
| connectionAttributes | 
 Optional. Connection string attributes An object containing a list of  | 
| oracleSslConfig | 
 Optional. SSL configuration for the Oracle connection. | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the Oracle ASM connection password. Mutually exclusive with the  | 
GcsProfile
Cloud Storage bucket profile.
| JSON representation | 
|---|
| { "bucket": string, "rootPath": string } | 
| Fields | |
|---|---|
| bucket | 
 Required. The Cloud Storage bucket name. | 
| rootPath | 
 The root path inside the Cloud Storage bucket. | 
MysqlProfile
MySQL database profile.
| JSON representation | 
|---|
| {
  "hostname": string,
  "port": integer,
  "username": string,
  "password": string,
  "sslConfig": {
    object ( | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the MySQL connection. | 
| port | 
 Port for the MySQL connection, default value is 3306. | 
| username | 
 Required. Username for the MySQL connection. | 
| password | 
 Optional. Input only. Password for the MySQL connection. Mutually exclusive with the  | 
| sslConfig | 
 SSL configuration for the MySQL connection. | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the MySQL connection password. Mutually exclusive with the  | 
MysqlSslConfig
MySQL SSL configuration information.
| JSON representation | 
|---|
| { "clientKey": string, "clientKeySet": boolean, "clientCertificate": string, "clientCertificateSet": boolean, "caCertificate": string, "caCertificateSet": boolean } | 
| Fields | |
|---|---|
| clientKey | 
 Optional. Input only. PEM-encoded private key associated with the Client Certificate. If this field is used then the 'clientCertificate' and the 'caCertificate' fields are mandatory. | 
| clientKeySet | 
 Output only. Indicates whether the clientKey field is set. | 
| clientCertificate | 
 Optional. Input only. PEM-encoded certificate that will be used by the replica to authenticate against the source database server. If this field is used then the 'clientKey' and the 'caCertificate' fields are mandatory. | 
| clientCertificateSet | 
 Output only. Indicates whether the clientCertificate field is set. | 
| caCertificate | 
 Input only. PEM-encoded certificate of the CA that signed the source database server's certificate. | 
| caCertificateSet | 
 Output only. Indicates whether the caCertificate field is set. | 
BigQueryProfile
This type has no fields.
BigQuery warehouse profile.
PostgresqlProfile
PostgreSQL database profile.
| JSON representation | 
|---|
| {
  "hostname": string,
  "port": integer,
  "username": string,
  "password": string,
  "database": string,
  "secretManagerStoredPassword": string,
  "sslConfig": {
    object ( | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the PostgreSQL connection. | 
| port | 
 Port for the PostgreSQL connection, default value is 5432. | 
| username | 
 Required. Username for the PostgreSQL connection. | 
| password | 
 Optional. Password for the PostgreSQL connection. Mutually exclusive with the  | 
| database | 
 Required. Database for the PostgreSQL connection. | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the PostgreSQL connection password. Mutually exclusive with the  | 
| sslConfig | 
 Optional. SSL configuration for the PostgreSQL connection. In case PostgresqlSslConfig is not set, the connection will use the default SSL mode, which is  | 
PostgresqlSslConfig
PostgreSQL SSL configuration information.
| JSON representation | 
|---|
| { // Union field | 
| Fields | |
|---|---|
| Union field encryption_setting. The encryption settings available for PostgreSQL connection profiles. This captures various SSL mode supported by PostgreSQL, which includes TLS encryption with server verification, TLS encryption with both server and client verification and no TLS encryption.encryption_settingcan be only one of the following: | |
| serverVerification | 
 If this field is set, the communication will be encrypted with TLS encryption and the server identity will be authenticated. | 
| serverAndClientVerification | 
 If this field is set, the communication will be encrypted with TLS encryption and both the server identity and the client identity will be authenticated. | 
ServerVerification
Message represents the option where Datastream will enforce the encryption and authenticate the server identity. caCertificate must be set if user selects this option.
| JSON representation | 
|---|
| { "caCertificate": string, "serverCertificateHostname": string } | 
| Fields | |
|---|---|
| caCertificate | 
 Required. Input only. PEM-encoded server root CA certificate. | 
| serverCertificateHostname | 
 Optional. The hostname mentioned in the Subject or SAN extension of the server certificate. If this field is not provided, the hostname in the server certificate is not validated. | 
ServerAndClientVerification
Message represents the option where Datastream will enforce the encryption and authenticate the server identity as well as the client identity. caCertificate, clientCertificate and clientKey must be set if user selects this option.
| JSON representation | 
|---|
| { "clientCertificate": string, "clientKey": string, "caCertificate": string, "serverCertificateHostname": string } | 
| Fields | |
|---|---|
| clientCertificate | 
 Required. Input only. PEM-encoded certificate used by the source database to authenticate the client identity (i.e., the Datastream's identity). This certificate is signed by either a root certificate trusted by the server or one or more intermediate certificates (which is stored with the leaf certificate) to link the this certificate to the trusted root certificate. | 
| clientKey | 
 Optional. Input only. PEM-encoded private key associated with the client certificate. This value will be used during the SSL/TLS handshake, allowing the PostgreSQL server to authenticate the client's identity, i.e. identity of the Datastream. | 
| caCertificate | 
 Required. Input only. PEM-encoded server root CA certificate. | 
| serverCertificateHostname | 
 Optional. The hostname mentioned in the Subject or SAN extension of the server certificate. If this field is not provided, the hostname in the server certificate is not validated. | 
SqlServerProfile
SQLServer database profile.
| JSON representation | 
|---|
| {
  "hostname": string,
  "port": integer,
  "username": string,
  "password": string,
  "database": string,
  "sslConfig": {
    object ( | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the SQLServer connection. | 
| port | 
 Port for the SQLServer connection, default value is 1433. | 
| username | 
 Required. Username for the SQLServer connection. | 
| password | 
 Optional. Password for the SQLServer connection. Mutually exclusive with the  | 
| database | 
 Required. Database for the SQLServer connection. | 
| sslConfig | 
 Optional. SSL configuration for the SQLServer connection. | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the SQLServer connection password. Mutually exclusive with the  | 
SqlServerSslConfig
SQL Server SSL configuration information.
| JSON representation | 
|---|
| { // Union field | 
| Fields | |
|---|---|
| Union field encryption_setting. The encryption settings available for SQL Server connection profiles. This captures various options like no TLS encryption from client if server doesn't ask for it, only encryption without validation and both encryption as well as validation of server certificate.encryption_settingcan be only one of the following: | |
| encryptionNotEnforced | 
 If set, Datastream will not enforce encryption. If the DB server mandates encryption, then connection will be encrypted but server identity will not be authenticated. | 
| basicEncryption | 
 If set, Datastream will enforce encryption without authenticating server identity. Server certificates will be trusted by default. | 
| encryptionAndServerValidation | 
 If set, Datastream will enforce encryption and authenticate server identity. | 
EncryptionNotEnforced
This type has no fields.
Message to represent the option where encryption is not enforced. An empty message right now to allow future extensibility.
BasicEncryption
This type has no fields.
Message to represent the option where Datastream will enforce encryption without authenticating server identity. Server certificates will be trusted by default.
EncryptionAndServerValidation
Message to represent the option where Datastream will enforce encryption and authenticate server identity. caCertificate must be set if user selects this option.
| JSON representation | 
|---|
| { "caCertificate": string, "serverCertificateHostname": string } | 
| Fields | |
|---|---|
| caCertificate | 
 Optional. Input only. PEM-encoded certificate of the CA that signed the source database server's certificate. | 
| serverCertificateHostname | 
 Optional. The hostname mentioned in the Subject or SAN extension of the server certificate. This field is used for bypassing the hostname validation while verifying server certificate. This is required for scenarios where the host name that datastream connects to is different from the certificate's subject. This specifically happens for private connectivity. It could also happen when the customer provides a public IP in connection profile but the same is not present in the server certificate. | 
SalesforceProfile
Salesforce profile
| JSON representation | 
|---|
| { "domain": string, // Union field | 
| Fields | |
|---|---|
| domain | 
 Required. Domain endpoint for the Salesforce connection. | 
| Union field credentials. Credentials for Salesforce connection.credentialscan be only one of the following: | |
| userCredentials | 
 User-password authentication. | 
| oauth2ClientCredentials | 
 Connected app authentication. | 
UserCredentials
Username-password credentials.
| JSON representation | 
|---|
| { "username": string, "password": string, "securityToken": string, "secretManagerStoredPassword": string, "secretManagerStoredSecurityToken": string } | 
| Fields | |
|---|---|
| username | 
 Required. Username for the Salesforce connection. | 
| password | 
 Optional. Password for the Salesforce connection. Mutually exclusive with the  | 
| securityToken | 
 Optional. Security token for the Salesforce connection. Mutually exclusive with the  | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the Salesforce connection's password. Mutually exclusive with the  | 
| secretManagerStoredSecurityToken | 
 Optional. A reference to a Secret Manager resource name storing the Salesforce connection's security token. Mutually exclusive with the  | 
Oauth2ClientCredentials
OAuth2 Client Credentials.
| JSON representation | 
|---|
| { "clientId": string, "clientSecret": string, "secretManagerStoredClientSecret": string } | 
| Fields | |
|---|---|
| clientId | 
 Required. Client ID for Salesforce OAuth2 Client Credentials. | 
| clientSecret | 
 Optional. Client secret for Salesforce OAuth2 Client Credentials. Mutually exclusive with the  | 
| secretManagerStoredClientSecret | 
 Optional. A reference to a Secret Manager resource name storing the Salesforce OAuth2 clientSecret. Mutually exclusive with the  | 
MongodbProfile
MongoDB profile.
| JSON representation | 
|---|
| { "hostAddresses": [ { object ( | 
| Fields | |
|---|---|
| hostAddresses[] | 
 Required. List of host addresses for a MongoDB cluster. For SRV connection format, this list must contain exactly one DNS host without a port. For Standard connection format, this list must contain all the required hosts in the cluster with their respective ports. | 
| replicaSet | 
 Optional. Name of the replica set. Only needed for self hosted replica set type MongoDB cluster. For SRV connection format, this field must be empty. For Standard connection format, this field must be specified. | 
| username | 
 Required. Username for the MongoDB connection. | 
| password | 
 Optional. Password for the MongoDB connection. Mutually exclusive with the  | 
| secretManagerStoredPassword | 
 Optional. A reference to a Secret Manager resource name storing the SQLServer connection password. Mutually exclusive with the  | 
| sslConfig | 
 Optional. SSL configuration for the MongoDB connection. | 
| Union field mongodb_connection_format. MongoDB connection format. Must specify either srv_connection_format or standard_connection_format.mongodb_connection_formatcan be only one of the following: | |
| srvConnectionFormat | 
 Srv connection format. | 
| standardConnectionFormat | 
 Standard connection format. | 
HostAddress
A HostAddress represents a transport end point, which is the combination of an IP address or hostname and a port number.
| JSON representation | 
|---|
| { "hostname": string, "port": integer } | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the connection. | 
| port | 
 Optional. Port for the connection. | 
MongodbSslConfig
MongoDB SSL configuration information.
| JSON representation | 
|---|
| { "clientKey": string, "clientKeySet": boolean, "clientCertificate": string, "clientCertificateSet": boolean, "caCertificate": string, "caCertificateSet": boolean, "secretManagerStoredClientKey": string } | 
| Fields | |
|---|---|
| clientKey | 
 Optional. Input only. PEM-encoded private key associated with the Client Certificate. If this field is used then the 'clientCertificate' and the 'caCertificate' fields are mandatory. | 
| clientKeySet | 
 Output only. Indicates whether the clientKey field is set. | 
| clientCertificate | 
 Optional. Input only. PEM-encoded certificate that will be used by the replica to authenticate against the source database server. If this field is used then the 'clientKey' and the 'caCertificate' fields are mandatory. | 
| clientCertificateSet | 
 Output only. Indicates whether the clientCertificate field is set. | 
| caCertificate | 
 Optional. Input only. PEM-encoded certificate of the CA that signed the source database server's certificate. | 
| caCertificateSet | 
 Output only. Indicates whether the caCertificate field is set. | 
| secretManagerStoredClientKey | 
 Optional. Input only. A reference to a Secret Manager resource name storing the PEM-encoded private key associated with the Client Certificate. If this field is used then the 'clientCertificate' and the 'caCertificate' fields are mandatory. Mutually exclusive with the  | 
SrvConnectionFormat
This type has no fields.
Srv connection format.
StandardConnectionFormat
Standard connection format.
| JSON representation | 
|---|
| { "directConnection": boolean } | 
| Fields | |
|---|---|
| directConnection | 
 Optional. Specifies whether the client connects directly to the host[:port] in the connection URI. | 
StaticServiceIpConnectivity
This type has no fields.
Static IP address connectivity. Used when the source database is configured to allow incoming connections from the Datastream public IP addresses for the region specified in the connection profile.
ForwardSshTunnelConnectivity
Forward SSH Tunnel connectivity.
| JSON representation | 
|---|
| { "hostname": string, "username": string, "port": integer, // Union field | 
| Fields | |
|---|---|
| hostname | 
 Required. Hostname for the SSH tunnel. | 
| username | 
 Required. Username for the SSH tunnel. | 
| port | 
 Port for the SSH tunnel, default value is 22. | 
| Union field  
 | |
| password | 
 Input only. SSH password. | 
| privateKey | 
 Input only. SSH private key. | 
PrivateConnectivity
Private Connectivity
| JSON representation | 
|---|
| { "privateConnection": string } | 
| Fields | |
|---|---|
| privateConnection | 
 Required. A reference to a private connection resource. Format:  | 
| Methods | |
|---|---|
| 
 | Use this method to create a connection profile in a project and location. | 
| 
 | Use this method to delete a connection profile. | 
| 
 | Use this method to discover a connection profile. | 
| 
 | Use this method to get details about a connection profile. | 
| 
 | Use this method to list connection profiles created in a project and location. | 
| 
 | Use this method to update the parameters of a connection profile. |