Api key crud operations (#25)

temporalio · May 22, 2024 · 6ddaddd · 6ddaddd
1 parent f2e3fde
commit 6ddaddd
Show file tree

Hide file tree

Showing 3 changed files with 160 additions and 0 deletions.
diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto
@@ -267,6 +267,88 @@ message GetRegionResponse {
     temporal.api.cloud.region.v1.Region region = 1;
 }
 
+
+message GetApiKeysRequest {
+    // The requested size of the page to retrieve - optional.
+    // Cannot exceed 1000. Defaults to 100.
+    int32 page_size = 1;
+    // The page token if this is continuing from another response - optional.
+    string page_token = 2;
+    // Filter api keys by owner id - optional.
+    string owner_id = 3;
+    // Filter api keys by owner type - optional.
+    // Possible values: user, service-account
+    string owner_type = 4;
+}
+
+message GetApiKeysResponse {
+    // The list of api keys in ascending id order.
+    repeated temporal.api.cloud.identity.v1.ApiKey api_keys = 1;
+    // The next page's token.
+    string next_page_token = 2;
+}
+
+message GetApiKeyRequest {
+    // The id of the api key to get.
+    string key_id = 1;
+}
+
+message GetApiKeyResponse {
+    // The api key.
+    temporal.api.cloud.identity.v1.ApiKey api_key = 1;
+}
+
+message CreateApiKeyRequest {
+    // The spec for the api key to create.
+    // Create api key only supports service-account owner type for now.
+    temporal.api.cloud.identity.v1.ApiKeySpec spec = 1;
+    // The id to use for this async operation - optional.
+    string async_operation_id = 2;
+}
+
+message CreateApiKeyResponse {
+    // The id of the api key created.
+    string key_id = 1;
+    // The token of the api key created. 
+    // This is a secret and should be stored securely.
+    // It will not be retrievable after this response.
+    string token = 2;
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 3;
+}
+
+message UpdateApiKeyRequest {
+    // The id of the api key to update.
+    string key_id = 1;
+    // The new api key specification.
+    temporal.api.cloud.identity.v1.ApiKeySpec spec = 2;
+    // The version of the api key for which this update is intended for.
+    // The latest version can be found in the GetApiKey operation response.
+    string resource_version = 3;
+    // The id to use for this async operation - optional.
+    string async_operation_id = 4;
+}
+
+message UpdateApiKeyResponse {
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}
+
+message DeleteApiKeyRequest {
+    // The id of the api key to delete.
+    string key_id = 1;
+    // The version of the api key for which this delete is intended for.
+    // The latest version can be found in the GetApiKey operation response.
+    string resource_version = 2;
+    // The id to use for this async operation - optional.
+    string async_operation_id = 3;
+}
+
+message DeleteApiKeyResponse {
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}
+
 message GetUserGroupsRequest {
     // The requested size of the page to retrieve - optional.
     // Cannot exceed 1000. Defaults to 100.

diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -142,6 +142,43 @@ service CloudService {
         };
     }
 
+    // Get all known API keys
+    rpc GetApiKeys (GetApiKeysRequest) returns (GetApiKeysResponse) {
+        option (google.api.http) = {
+            get: "/api/v1/cloud/api-keys",
+        };
+    }
+
+    // Get an API key
+    rpc GetApiKey (GetApiKeyRequest) returns (GetApiKeyResponse) {
+        option (google.api.http) = {
+            get: "/api/v1/cloud/api-keys/{key_id}",
+        };
+    }
+
+    // Create an API key
+    rpc CreateApiKey (CreateApiKeyRequest) returns (CreateApiKeyResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/api-keys",
+            body: "*"
+        };
+    }
+
+    // Update an API key
+    rpc UpdateApiKey (UpdateApiKeyRequest) returns (UpdateApiKeyResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/api-keys/{key_id}",
+            body: "*"
+        };
+    }
+
+    // Delete an API key
+    rpc DeleteApiKey (DeleteApiKeyRequest) returns (DeleteApiKeyResponse) {
+        option (google.api.http) = {
+            delete: "/api/v1/cloud/api-keys/{key_id}",
+        };
+    }
+
     // Get all user groups
     rpc GetUserGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) {
         option (google.api.http) = {

diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto
@@ -130,3 +130,44 @@ message ServiceAccountSpec {
     string description = 3;
 }
 
+
+message ApiKey {
+    // The id of the API Key.
+    string id = 1;
+    // The current version of the API key specification.
+    // The next update operation will have to include this version.
+    string resource_version = 2;
+    // The API key specification.
+    ApiKeySpec spec = 3;
+    // The current state of the API key.
+    // Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted, suspending, suspendfailed, suspended.
+    // For any failed state, reach out to Temporal Cloud support for remediation.
+    string state = 4;
+    // The id of the async operation that is creating/updating/deleting the API key, if any.
+    string async_operation_id = 5;
+    // The date and time when the API key was created.
+    google.protobuf.Timestamp created_time = 6;
+    // The date and time when the API key was last modified.
+    // Will not be set if the API key has never been modified.
+    google.protobuf.Timestamp last_modified_time = 7;
+}
+
+message ApiKeySpec {
+    // The id of the owner to create the API key for.
+    // The owner id is immutable. Once set during creation, it cannot be changed.
+    // The owner id is the id of the user when the owner type is 'user'.
+    // The owner id is the id of the service account when the owner type is 'service-account'.
+    string owner_id = 1;
+    // The type of the owner to create the API key for.
+    // The owner type is immutable. Once set during creation, it cannot be changed.
+    // Possible values: user, service-account.
+    string owner_type = 2;
+    // The display name of the API key.
+    string display_name = 3;
+    // The description of the API key.
+    string description = 4;
+    // The expiry time of the API key.
+    google.protobuf.Timestamp expiry_time = 5;
+    // True if the API key is disabled.
+    bool disabled = 6;
+}