feat(datastream): update the API

#### datastream:v1

The following keys were added:
- schemas.BasicEncryption.description
- schemas.BasicEncryption.id
- schemas.BasicEncryption.type
- schemas.EncryptionAndServerValidation.description
- schemas.EncryptionAndServerValidation.id
- schemas.EncryptionAndServerValidation.properties.caCertificate.description
- schemas.EncryptionAndServerValidation.properties.caCertificate.type
- schemas.EncryptionAndServerValidation.properties.serverCertificateHostname.description
- schemas.EncryptionAndServerValidation.properties.serverCertificateHostname.type
- schemas.EncryptionAndServerValidation.type
- schemas.EncryptionNotEnforced.description
- schemas.EncryptionNotEnforced.id
- schemas.EncryptionNotEnforced.type
- schemas.SqlServerProfile.properties.sslConfig.$ref
- schemas.SqlServerProfile.properties.sslConfig.description
- schemas.SqlServerSslConfig.description
- schemas.SqlServerSslConfig.id
- schemas.SqlServerSslConfig.properties.basicEncryption.$ref
- schemas.SqlServerSslConfig.properties.basicEncryption.description
- schemas.SqlServerSslConfig.properties.encryptionAndServerValidation.$ref
- schemas.SqlServerSslConfig.properties.encryptionAndServerValidation.description
- schemas.SqlServerSslConfig.properties.encryptionNotEnforced.$ref
- schemas.SqlServerSslConfig.properties.encryptionNotEnforced.description
- schemas.SqlServerSslConfig.type

Author: yoshi-automation

discovery/datastream-v1.json

@@ -1261,7 +1261,7 @@
       }
     }
   },
-  "revision": "20250714",
+  "revision": "20250722",
   "rootUrl": "https://datastream.googleapis.com/",
   "schemas": {
     "AppendOnly": {
@@ -1379,6 +1379,12 @@
       "properties": {},
       "type": "object"
     },
+    "BasicEncryption": {
+      "description": "Message to represent the option where Datastream will enforce encryption without authenticating server identity. Server certificates will be trusted by default.",
+      "id": "BasicEncryption",
+      "properties": {},
+      "type": "object"
+    },
     "BigQueryDestinationConfig": {
       "description": "BigQuery destination configuration",
       "id": "BigQueryDestinationConfig",
@@ -1724,6 +1730,27 @@
       "properties": {},
       "type": "object"
     },
+    "EncryptionAndServerValidation": {
+      "description": "Message to represent the option where Datastream will enforce encryption and authenticate server identity. ca_certificate must be set if user selects this option.",
+      "id": "EncryptionAndServerValidation",
+      "properties": {
+        "caCertificate": {
+          "description": "Optional. Input only. PEM-encoded certificate of the CA that signed the source database server's certificate.",
+          "type": "string"
+        },
+        "serverCertificateHostname": {
+          "description": "Optional. The hostname mentioned in the Subject or SAN extension of the server certificate. This field is used for bypassing the hostname validation while verifying server certificate. This is required for scenarios where the host name that datastream connects to is different from the certificate's subject. This specifically happens for private connectivity. It could also happen when the customer provides a public IP in connection profile but the same is not present in the server certificate.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "EncryptionNotEnforced": {
+      "description": "Message to represent the option where encryption is not enforced. An empty message right now to allow future extensibility.",
+      "id": "EncryptionNotEnforced",
+      "properties": {},
+      "type": "object"
+    },
     "Error": {
       "description": "Represent a user-facing Error.",
       "id": "Error",
@@ -3639,6 +3666,10 @@
           "description": "Optional. A reference to a Secret Manager resource name storing the SQLServer connection password. Mutually exclusive with the `password` field.",
           "type": "string"
         },
+        "sslConfig": {
+          "$ref": "SqlServerSslConfig",
+          "description": "Optional. SSL configuration for the SQLServer connection."
+        },
         "username": {
           "description": "Required. Username for the SQLServer connection.",
           "type": "string"
@@ -3711,6 +3742,25 @@
       },
       "type": "object"
     },
+    "SqlServerSslConfig": {
+      "description": "SQL Server SSL configuration information.",
+      "id": "SqlServerSslConfig",
+      "properties": {
+        "basicEncryption": {
+          "$ref": "BasicEncryption",
+          "description": "If set, Datastream will enforce encryption without authenticating server identity. Server certificates will be trusted by default."
+        },
+        "encryptionAndServerValidation": {
+          "$ref": "EncryptionAndServerValidation",
+          "description": "If set, Datastream will enforce encryption and authenticate server identity."
+        },
+        "encryptionNotEnforced": {
+          "$ref": "EncryptionNotEnforced",
+          "description": "If set, Datastream will not enforce encryption. If the DB server mandates encryption, then connection will be encrypted but server identity will not be authenticated."
+        }
+      },
+      "type": "object"
+    },
     "SqlServerTable": {
       "description": "SQLServer table.",
       "id": "SqlServerTable",

src/apis/datastream/v1.ts

@@ -190,6 +190,10 @@ export namespace datastream_v1 {
    * Backfill strategy to disable automatic backfill for the Stream's objects.
    */
   export interface Schema$BackfillNoneStrategy {}
+  /**
+   * Message to represent the option where Datastream will enforce encryption without authenticating server identity. Server certificates will be trusted by default.
+   */
+  export interface Schema$BasicEncryption {}
   /**
    * BigQuery destination configuration
    */
@@ -479,6 +483,23 @@ export namespace datastream_v1 {
    * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \}
    */
   export interface Schema$Empty {}
+  /**
+   * Message to represent the option where Datastream will enforce encryption and authenticate server identity. ca_certificate must be set if user selects this option.
+   */
+  export interface Schema$EncryptionAndServerValidation {
+    /**
+     * Optional. Input only. PEM-encoded certificate of the CA that signed the source database server's certificate.
+     */
+    caCertificate?: string | null;
+    /**
+     * Optional. The hostname mentioned in the Subject or SAN extension of the server certificate. This field is used for bypassing the hostname validation while verifying server certificate. This is required for scenarios where the host name that datastream connects to is different from the certificate's subject. This specifically happens for private connectivity. It could also happen when the customer provides a public IP in connection profile but the same is not present in the server certificate.
+     */
+    serverCertificateHostname?: string | null;
+  }
+  /**
+   * Message to represent the option where encryption is not enforced. An empty message right now to allow future extensibility.
+   */
+  export interface Schema$EncryptionNotEnforced {}
   /**
    * Represent a user-facing Error.
    */
@@ -2012,6 +2033,10 @@ export namespace datastream_v1 {
      * Optional. A reference to a Secret Manager resource name storing the SQLServer connection password. Mutually exclusive with the `password` field.
      */
     secretManagerStoredPassword?: string | null;
+    /**
+     * Optional. SSL configuration for the SQLServer connection.
+     */
+    sslConfig?: Schema$SqlServerSslConfig;
     /**
      * Required. Username for the SQLServer connection.
      */
@@ -2068,6 +2093,23 @@ export namespace datastream_v1 {
      */
     transactionLogs?: Schema$SqlServerTransactionLogs;
   }
+  /**
+   * SQL Server SSL configuration information.
+   */
+  export interface Schema$SqlServerSslConfig {
+    /**
+     * If set, Datastream will enforce encryption without authenticating server identity. Server certificates will be trusted by default.
+     */
+    basicEncryption?: Schema$BasicEncryption;
+    /**
+     * If set, Datastream will enforce encryption and authenticate server identity.
+     */
+    encryptionAndServerValidation?: Schema$EncryptionAndServerValidation;
+    /**
+     * If set, Datastream will not enforce encryption. If the DB server mandates encryption, then connection will be encrypted but server identity will not be authenticated.
+     */
+    encryptionNotEnforced?: Schema$EncryptionNotEnforced;
+  }
   /**
    * SQLServer table.
    */