Method: projects.instances.backups.copy

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization scopes
IAM Permissions
CopyBackupEncryptionConfig
- JSON representation
EncryptionType
Try it!

Starts copying a Cloud Spanner Backup. The returned backup long-running operation will have a name of the format projects/<project>/instances/<instance>/backups/<backup>/operations/<operationId> and can be used to track copying of the backup. The operation is associated with the destination backup. The metadata field type is CopyBackupMetadata. The response field type is Backup, if successful. Cancelling the returned operation will stop the copying and delete the destination backup. Concurrent backups.copy requests can run on the same source backup.

HTTP request

POST https://spanner.googleapis.com/v1/{parent=projects/*/instances/*}/backups:copy

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`parent`	`string` Required. The name of the destination instance that will contain the backup copy. Values are of the form: `projects/<project>/instances/<instance>`. Authorization requires the following IAM permission on the specified resource `parent`: `spanner.backups.create`

parent

string

Required. The name of the destination instance that will contain the backup copy. Values are of the form: projects/<project>/instances/<instance>.

Authorization requires the following IAM permission on the specified resource parent:

spanner.backups.create

Request body

The request body contains data with the following structure:

JSON representation
{ "backupId": string, "sourceBackup": string, "expireTime": string, "encryptionConfig": { object (`CopyBackupEncryptionConfig`) } }

Fields
`backupId`	`string` Required. The id of the backup copy. The `backupId` appended to `parent` forms the full backup_uri of the form `projects/<project>/instances/<instance>/backups/<backup>`.
`sourceBackup`	`string` Required. The source backup to be copied. The source backup needs to be in READY state for it to be copied. Once backups.copy is in progress, the source backup cannot be deleted or cleaned up on expiration until backups.copy is finished. Values are of the form: `projects/<project>/instances/<instance>/backups/<backup>`. Authorization requires the following IAM permission on the specified resource `sourceBackup`: `spanner.backups.copy`
`expireTime`	`string (Timestamp format)` Required. The expiration time of the backup in microsecond granularity. The expiration time must be at least 6 hours and at most 366 days from the `createTime` of the source backup. Once the `expireTime` has passed, the backup is eligible to be automatically deleted by Cloud Spanner to free the resources used by the backup. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`encryptionConfig`	`object (CopyBackupEncryptionConfig)` Optional. The encryption configuration used to encrypt the backup. If this field is not specified, the backup will use the same encryption configuration as the source backup by default, namely `encryptionType` = `USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION`.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/spanner.admin
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

spanner.backups.create

Requires the following IAM permission on the sourceBackup resource:

spanner.backups.copy

For more information, see the IAM documentation.

CopyBackupEncryptionConfig

Encryption configuration for the copied backup.

JSON representation
{ "encryptionType": enum (`EncryptionType`), "kmsKeyName": string, "kmsKeyNames": [ string ] }

Fields

Fields
`encryptionType`	`enum (EncryptionType)` Required. The encryption type of the backup.
`kmsKeyName`	`string` Optional. The Cloud KMS key that will be used to protect the backup. This field should be set only when `encryptionType` is `CUSTOMER_MANAGED_ENCRYPTION`. Values are of the form `projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kmsKeyName>`.
`kmsKeyNames[]`	`string` Optional. Specifies the KMS configuration for the one or more keys used to protect the backup. Values are of the form `projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kmsKeyName>`. KMS keys specified can be in any order. The keys referenced by `kmsKeyNames` must fully cover all regions of the backup's instance configuration. Some examples: For regional (single-region) instance configurations, specify a regional location KMS key. For multi-region instance configurations of type `GOOGLE_MANAGED`, either specify a multi-region location KMS key or multiple regional location KMS keys that cover all regions in the instance configuration. For an instance configuration of type `USER_MANAGED`, specify only regional location KMS keys to cover each region in the instance configuration. Multi-region location KMS keys aren't supported for `USER_MANAGED` type instance configurations.

encryptionType

enum (EncryptionType)

Required. The encryption type of the backup.

kmsKeyName

string

Optional. The Cloud KMS key that will be used to protect the backup. This field should be set only when encryptionType is CUSTOMER_MANAGED_ENCRYPTION. Values are of the form projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kmsKeyName>.

kmsKeyNames[]

string

Optional. Specifies the KMS configuration for the one or more keys used to protect the backup. Values are of the form projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kmsKeyName>. KMS keys specified can be in any order.

The keys referenced by kmsKeyNames must fully cover all regions of the backup's instance configuration. Some examples:

For regional (single-region) instance configurations, specify a regional location KMS key.
For multi-region instance configurations of type GOOGLE_MANAGED, either specify a multi-region location KMS key or multiple regional location KMS keys that cover all regions in the instance configuration.
For an instance configuration of type USER_MANAGED, specify only regional location KMS keys to cover each region in the instance configuration. Multi-region location KMS keys aren't supported for USER_MANAGED type instance configurations.

EncryptionType

Encryption types for the backup.

Enums
`ENCRYPTION_TYPE_UNSPECIFIED`	Unspecified. Do not use.
`USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION`	This is the default option for `backups.copy` when `encryptionConfig` is not specified. For example, if the source backup is using `Customer_Managed_Encryption`, the backup will be using the same Cloud KMS key as the source backup.
`GOOGLE_DEFAULT_ENCRYPTION`	Use Google default encryption.
`CUSTOMER_MANAGED_ENCRYPTION`	Use customer managed encryption. If specified, either `kmsKeyName` or `kmsKeyNames` must contain valid Cloud KMS key(s).