feat(tasks): add HTTP tasks, OAuth tokens, and OIDC tokens (via synth) (#9588)

Author: yoshi-automation

google/cloud/tasks_v2/proto/queue.proto

@@ -99,6 +99,7 @@ message Queue {
   // [task-level app_engine_routing][google.cloud.tasks.v2.AppEngineHttpRequest.app_engine_routing].
   // These settings apply only to
   // [App Engine tasks][google.cloud.tasks.v2.AppEngineHttpRequest] in this queue.
+  // [Http tasks][google.cloud.tasks.v2.HttpRequest] are not affected.
   //
   // If set, `app_engine_routing_override` is used for all
   // [App Engine tasks][google.cloud.tasks.v2.AppEngineHttpRequest] in the queue, no matter what the

google/cloud/tasks_v2/proto/queue_pb2.py

@@ -17,13 +17,120 @@ syntax = "proto3";
 
 package google.cloud.tasks.v2;
 
+import "google/api/field_behavior.proto";
 import "google/api/annotations.proto";
 
 option go_package = "google.golang.org/genproto/googleapis/cloud/tasks/v2;tasks";
 option java_multiple_files = true;
 option java_outer_classname = "TargetProto";
 option java_package = "com.google.cloud.tasks.v2";
 
+// HTTP request.
+//
+// The task will be pushed to the worker as an HTTP request. If the worker
+// or the redirected worker acknowledges the task by returning a successful HTTP
+// response code ([`200` - `299`]), the task will removed from the queue. If
+// any other HTTP response code is returned or no response is received, the
+// task will be retried according to the following:
+//
+// * User-specified throttling: [retry configuration][google.cloud.tasks.v2.Queue.retry_config],
+//   [rate limits][google.cloud.tasks.v2.Queue.rate_limits], and the [queue's state][google.cloud.tasks.v2.Queue.state].
+//
+// * System throttling: To prevent the worker from overloading, Cloud Tasks may
+//   temporarily reduce the queue's effective rate. User-specified settings
+//   will not be changed.
+//
+//  System throttling happens because:
+//
+//   * Cloud Tasks backs off on all errors. Normally the backoff specified in
+//     [rate limits][google.cloud.tasks.v2.Queue.rate_limits] will be used. But if the worker returns
+//     `429` (Too Many Requests), `503` (Service Unavailable), or the rate of
+//     errors is high, Cloud Tasks will use a higher backoff rate. The retry
+//     specified in the `Retry-After` HTTP response header is considered.
+//
+//   * To prevent traffic spikes and to smooth sudden large traffic spikes,
+//     dispatches ramp up slowly when the queue is newly created or idle and
+//     if large numbers of tasks suddenly become available to dispatch (due to
+//     spikes in create task rates, the queue being unpaused, or many tasks
+//     that are scheduled at the same time).
+message HttpRequest {
+  // Required. The full url path that the request will be sent to.
+  //
+  // This string must begin with either "http://" or "https://". Some examples
+  // are: `http://acme.com` and `https://acme.com/sales:8080`. Cloud Tasks will
+  // encode some characters for safety and compatibility. The maximum allowed
+  // URL length is 2083 characters after encoding.
+  //
+  // The `Location` header response from a redirect response [`300` - `399`]
+  // may be followed. The redirect is not counted as a separate attempt.
+  string url = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // The HTTP method to use for the request. The default is POST.
+  HttpMethod http_method = 2;
+
+  // HTTP request headers.
+  //
+  // This map contains the header field names and values.
+  // Headers can be set when the
+  // [task is created][google.cloud.tasks.v2beta3.CloudTasks.CreateTask].
+  //
+  // These headers represent a subset of the headers that will accompany the
+  // task's HTTP request. Some HTTP request headers will be ignored or replaced.
+  //
+  // A partial list of headers that will be ignored or replaced is:
+  //
+  // * Host: This will be computed by Cloud Tasks and derived from
+  //   [HttpRequest.url][google.cloud.tasks.v2.HttpRequest.url].
+  // * Content-Length: This will be computed by Cloud Tasks.
+  // * User-Agent: This will be set to `"Google-Cloud-Tasks"`.
+  // * X-Google-*: Google use only.
+  // * X-AppEngine-*: Google use only.
+  //
+  // `Content-Type` won't be set by Cloud Tasks. You can explicitly set
+  // `Content-Type` to a media type when the
+  //  [task is created][google.cloud.tasks.v2beta3.CloudTasks.CreateTask].
+  //  For example, `Content-Type` can be set to `"application/octet-stream"` or
+  //  `"application/json"`.
+  //
+  // Headers which can have multiple values (according to RFC2616) can be
+  // specified using comma-separated values.
+  //
+  // The size of the headers must be less than 80KB.
+  map<string, string> headers = 3;
+
+  // HTTP request body.
+  //
+  // A request body is allowed only if the
+  // [HTTP method][google.cloud.tasks.v2.HttpRequest.http_method] is POST, PUT, or PATCH. It is an
+  // error to set body on a task with an incompatible [HttpMethod][google.cloud.tasks.v2.HttpMethod].
+  bytes body = 4;
+
+  // The mode for generating an `Authorization` header for HTTP requests.
+  //
+  // If specified, all `Authorization` headers in the [HttpRequest.headers][google.cloud.tasks.v2.HttpRequest.headers]
+  // field will be overridden.
+  oneof authorization_header {
+    // If specified, an
+    // [OAuth token](https://developers.google.com/identity/protocols/OAuth2)
+    // will be generated and attached as an `Authorization` header in the HTTP
+    // request.
+    //
+    // This type of authorization should generally only be used when calling
+    // Google APIs hosted on *.googleapis.com.
+    OAuthToken oauth_token = 5;
+
+    // If specified, an
+    // [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect)
+    // token will be generated and attached as an `Authorization` header in the
+    // HTTP request.
+    //
+    // This type of authorization can be used for many scenarios, including
+    // calling Cloud Run, or endpoints where you intend to validate the token
+    // yourself.
+    OidcToken oidc_token = 6;
+  }
+}
+
 // App Engine HTTP request.
 //
 // The message defines the HTTP request that is sent to an App Engine app when
@@ -278,3 +385,40 @@ enum HttpMethod {
   // HTTP OPTIONS
   OPTIONS = 7;
 }
+
+// Contains information needed for generating an
+// [OAuth token](https://developers.google.com/identity/protocols/OAuth2).
+// This type of authorization should generally only be used when calling Google
+// APIs hosted on *.googleapis.com.
+message OAuthToken {
+  // [Service account email](https://cloud.google.com/iam/docs/service-accounts)
+  // to be used for generating OAuth token.
+  // The service account must be within the same project as the queue. The
+  // caller must have iam.serviceAccounts.actAs permission for the service
+  // account.
+  string service_account_email = 1;
+
+  // OAuth scope to be used for generating OAuth access token.
+  // If not specified, "https://www.googleapis.com/auth/cloud-platform"
+  // will be used.
+  string scope = 2;
+}
+
+// Contains information needed for generating an
+// [OpenID Connect
+// token](https://developers.google.com/identity/protocols/OpenIDConnect).
+// This type of authorization can be used for many scenarios, including
+// calling Cloud Run, or endpoints where you intend to validate the token
+// yourself.
+message OidcToken {
+  // [Service account email](https://cloud.google.com/iam/docs/service-accounts)
+  // to be used for generating OIDC token.
+  // The service account must be within the same project as the queue. The
+  // caller must have iam.serviceAccounts.actAs permission for the service
+  // account.
+  string service_account_email = 1;
+
+  // Audience to be used when generating OIDC token. If not specified, the URI
+  // specified in target will be used.
+  string audience = 2;
+}