diff --git a/README.md b/README.md index 3b308f2..e5e39c1 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Copy over the protobuf files under [temporal](temporal) directory to the project ### API Version -The client is expected to pass in a `temporal-cloud-api-version` header with the api version identifier with every request it makes to the apis. The backend will use the version to safely mutate resources. +The client is expected to pass in a `temporal-cloud-api-version` header with the api version identifier with every request it makes to the apis. The backend will use the version to safely mutate resources. The `temporal:versioning:min_version` label indicates the minimun version of the API required to use the field. Current Version: diff --git a/VERSION b/VERSION index f69cc61..b54cee0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2023-10-01-00 +2024-05-13-00 diff --git a/buf.yaml b/buf.yaml index 69baf0f..3edc46e 100644 --- a/buf.yaml +++ b/buf.yaml @@ -3,7 +3,7 @@ deps: - buf.build/googleapis/googleapis breaking: use: - - FILE + - WIRE lint: use: - DEFAULT diff --git a/temporal/api/cloud/namespace/v1/message.proto b/temporal/api/cloud/namespace/v1/message.proto index 74edd29..10df250 100644 --- a/temporal/api/cloud/namespace/v1/message.proto +++ b/temporal/api/cloud/namespace/v1/message.proto @@ -36,6 +36,16 @@ message MtlsAuthSpec { // This allows limiting access to specific end-entity certificates. // Optional, default is empty. repeated CertificateFilterSpec certificate_filters = 2; + // Flag to enable mTLS auth (default: disabled). + // Note: disabling mTLS auth will cause existing mTLS connections to fail. + // temporal:versioning:min_version=2024-05-13-00 + bool enabled = 3; +} + +message ApiKeyAuthSpec { + // Flag to enable API key auth (default: disabled). + // Note: disabling API key auth will cause existing API key connections to fail. + bool enabled = 1; } message CodecServerSpec { @@ -56,15 +66,20 @@ message NamespaceSpec { // Specifying more than one region makes the namespace "global", which is currently a preview only feature with restricted access. // Please reach out to Temporal support for more information on global namespaces. // When provisioned the global namespace will be active on the first region in the list and passive on the rest. - // Number of supported regions is 2. + // Number of supported regions is 2. // The regions is immutable. Once set, it cannot be changed. repeated string regions = 2; // The number of days the workflows data will be retained for. // Changes to the retention period may impact your storage costs. // Any changes to the retention period will be applied to all new running workflows. int32 retention_days = 3; - // The mtls authentication and authorization to enforce on the namespace. + // The mTLS auth configuration for the namespace. + // If unspecified, mTLS will be disabled. MtlsAuthSpec mtls_auth = 4; + // The API key auth configuration for the namespace. + // If unspecified, API keys will be disabled. + // temporal:versioning:min_version=2024-05-13-00 + ApiKeyAuthSpec api_key_auth = 7; // The custom search attributes to use for the namespace. // The name of the attribute is the key and the type is the value. // Supported attribute types: text, keyword, int, double, bool, datetime, keyword_list. @@ -77,10 +92,12 @@ message NamespaceSpec { } message Endpoints { - // The web ui address. + // The web UI address. string web_address = 1; - // The grpc hostport address that the temporal workers, clients and tctl connect to. - string grpc_address = 2; + // The gRPC address for mTLS client connections (may be empty if mTLS is disabled). + string mtls_grpc_address = 2; + // The gRPC address for API key client connections (may be empty if API keys are disabled). + string grpc_address = 3; } message Limits {