From a91d840374009a989a1b3dcf0561eeacf319c0e2 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 09:02:24 -0700 Subject: [PATCH 01/20] Introduce group management APIs --- .../cloudservice/v1/request_response.proto | 99 +++++++++++++++++++ .../api/cloud/cloudservice/v1/service.proto | 45 +++++++++ temporal/api/cloud/identity/v1/message.proto | 24 +++++ 3 files changed, 168 insertions(+) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 8b78a25..511b566 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -234,3 +234,102 @@ message GetRegionResponse { // The temporal cloud region. temporal.api.cloud.region.v1.Region region = 1; } + +message GetGroupsRequest { + // The requested size of the page to retrieve - optional. + // Cannot exceed 1000. Defaults to 100. + int32 page_size = 1; + // The page token if this is continuing from another response - optional. + string page_token = 2; + // Only return groups that grant access to the specified namespace - optional. + string namespace = 3; + // Filter groups by their name - optional + string name = 4; +} + +message GetGroupsResponse { + // The list of groups in ascending name order. + repeated temporal.api.cloud.identity.v1.Group groups = 1; + // The next page's token. + string next_page_token = 2; +} + +message GetGroupRequest { + // The id of the group to get. + string group_id = 1; +} + +message GetGroupResponse { + // The group. + temporal.api.cloud.identity.v1.Group group = 1; +} + +message CreateGroupRequest { + // The id of the group + string group_id = 1; + // The spec for the group to create + temporal.api.cloud.identity.v1.GroupSpec spec = 2; + // The id to use for this async operation + // Optional, if not provided a random id will be generated + string async_operation_id = 3; +} + +message CreateGroupResponse { + // The id of the group that was created + string group_id = 1; + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 2; +} + +message UpdateGroupRequest { + // The id of the group to update + string group_id = 1; + // The new group specification + temporal.api.cloud.identity.v1.GroupSpec spec = 2; + // The version of the group for which this update is intended for + // The latest version can be found in the GetGroup operation response + string resource_version = 3; + // The id to use for this async operation + // Optional, if not provided a random id will be generated + string async_operation_id = 4; +} + +message UpdateGroupResponse { + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + +message DeleteGroupRequest { + // The id of the group to delete + string group_id = 1; + // The version of the group for which this delete is intended for + // The latest version can be found in the GetGroup operation response + string resource_version = 2; + // The id to use for this async operation + // Optional, if not provided a random id will be generated + string async_operation_id = 3; +} + +message DeleteGroupResponse { + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + +message SetGroupNamespaceAccessRequest { + // The namespace to set permissions for + string namespace = 1; + // The id of the group to set permissions for + string group_id = 2; + // The namespace access to assign the group. If left empty, the group will be removed from the namespace access + temporal.api.cloud.identity.v1.NamespaceAccess access = 3; + // The version of the group for which this update is intended for + // The latest version can be found in the GetGroup operation response + string resource_version = 4; + // The id to use for this async operation - optional + string async_operation_id = 5; +} + +message SetGroupNamespaceAccessResponse { + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 2fa3adf..709da1a 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -125,4 +125,49 @@ service CloudService { get: "/api/v1/cloud/regions/{region}", }; } + + // Get all groups + rpc GetGroups (GetGroupsRequest) returns (GetGroupsResponse) { + option (google.api.http) = { + get: "/api/v1/groups", + }; + } + + // Get a group + rpc GetGroup (GetGroupRequest) returns (GetGroupResponse) { + option (google.api.http) = { + get: "/api/v1/groups/{group_id}", + }; + } + + // Create new a group + rpc CreateGroup (CreateGroupRequest) returns (CreateGroupResponse) { + option (google.api.http) = { + post: "/api/v1/groups", + body: "*" + }; + } + + // Update a group + rpc UpdateGroup (UpdateGroupRequest) returns (UpdateGroupResponse) { + option (google.api.http) = { + post: "/api/v1/groups/{group_id}", + body: "*" + }; + } + + // Delete a group + rpc DeleteGroup (DeleteGroupRequest) returns (DeleteGroupResponse) { + option (google.api.http) = { + delete: "/api/v1/groups/{group_id}", + }; + } + + // Set a group's access to a namespace + rpc SetGroupNamespaceAccess (SetGroupNamespaceAccessRequest) returns (SetGroupNamespaceAccessResponse) { + option (google.api.http) = { + post: "/api/v1/namespaces/{namespace}/groups/{group_id}/access", + body: "*" + }; + } } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 65adc2e..559c087 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -69,3 +69,27 @@ message User { // Will not be set if the user has never been modified. google.protobuf.Timestamp last_modified_time = 8; } + +message GroupSpec { + // The human-readable name of the group + string name = 1; + // The type of the group. e.g. "googleworkspace" + string type = 2; + // The access assigned to the group + temporal.api.cloud.identity.v1.Access access = 3; +} + +message Group { + // The id of the group + string id = 1; + // The current version of the group specification + // The next update operation will have to include this version + string resource_version = 2; + // The group specification + GroupSpec spec = 3; + // The date and time when the group was created + google.protobuf.Timestamp created_time = 4; + // The date and time when the group was last modified + // Will not be set if the group has never been modified. + google.protobuf.Timestamp last_modified_time = 5; +} From d4d254ddd5853e52b1162b72e7677b4f0f845818 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 13:53:47 -0700 Subject: [PATCH 02/20] . --- .../cloudservice/v1/request_response.proto | 54 +++++++++---------- temporal/api/cloud/identity/v1/message.proto | 4 +- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 511b566..f02a207 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -243,7 +243,7 @@ message GetGroupsRequest { string page_token = 2; // Only return groups that grant access to the specified namespace - optional. string namespace = 3; - // Filter groups by their name - optional + // Filter groups by their name - optional. string name = 4; } @@ -265,71 +265,71 @@ message GetGroupResponse { } message CreateGroupRequest { - // The id of the group + // The id of the group. string group_id = 1; - // The spec for the group to create + // The spec for the group to create. temporal.api.cloud.identity.v1.GroupSpec spec = 2; - // The id to use for this async operation - // Optional, if not provided a random id will be generated + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. string async_operation_id = 3; } message CreateGroupResponse { - // The id of the group that was created + // The id of the group that was created. string group_id = 1; - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 2; } message UpdateGroupRequest { - // The id of the group to update + // The id of the group to update. string group_id = 1; - // The new group specification + // The new group specification. temporal.api.cloud.identity.v1.GroupSpec spec = 2; - // The version of the group for which this update is intended for - // The latest version can be found in the GetGroup operation response + // The version of the group for which this update is intended for. + // The latest version can be found in the GetGroup operation response. string resource_version = 3; - // The id to use for this async operation - // Optional, if not provided a random id will be generated + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. string async_operation_id = 4; } message UpdateGroupResponse { - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } message DeleteGroupRequest { - // The id of the group to delete + // The id of the group to delete. string group_id = 1; - // The version of the group for which this delete is intended for - // The latest version can be found in the GetGroup operation response + // The version of the group for which this delete is intended for. + // The latest version can be found in the GetGroup operation response. string resource_version = 2; - // The id to use for this async operation - // Optional, if not provided a random id will be generated + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. string async_operation_id = 3; } message DeleteGroupResponse { - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } message SetGroupNamespaceAccessRequest { - // The namespace to set permissions for + // The namespace to set permissions for. string namespace = 1; - // The id of the group to set permissions for + // The id of the group to set permissions for. string group_id = 2; - // The namespace access to assign the group. If left empty, the group will be removed from the namespace access + // The namespace access to assign the group. If left empty, the group will be removed from the namespace access. temporal.api.cloud.identity.v1.NamespaceAccess access = 3; - // The version of the group for which this update is intended for - // The latest version can be found in the GetGroup operation response + // The version of the group for which this update is intended for. + // The latest version can be found in the GetGroup operation response. string resource_version = 4; - // The id to use for this async operation - optional + // The id to use for this async operation - optional. string async_operation_id = 5; } message SetGroupNamespaceAccessResponse { - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 559c087..e16afff 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -66,7 +66,7 @@ message User { // The date and time when the user was created google.protobuf.Timestamp created_time = 7; // The date and time when the user was last modified - // Will not be set if the user has never been modified. + // Will not be set if the user has never been modified google.protobuf.Timestamp last_modified_time = 8; } @@ -90,6 +90,6 @@ message Group { // The date and time when the group was created google.protobuf.Timestamp created_time = 4; // The date and time when the group was last modified - // Will not be set if the group has never been modified. + // Will not be set if the group has never been modified google.protobuf.Timestamp last_modified_time = 5; } From 18103b8923d2f5fcdbac83edce338c92438014ca Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 14:10:06 -0700 Subject: [PATCH 03/20] update http path --- temporal/api/cloud/cloudservice/v1/service.proto | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 709da1a..8e6fe5f 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -129,21 +129,21 @@ service CloudService { // Get all groups rpc GetGroups (GetGroupsRequest) returns (GetGroupsResponse) { option (google.api.http) = { - get: "/api/v1/groups", + get: "/api/v1/cloud/groups", }; } // Get a group rpc GetGroup (GetGroupRequest) returns (GetGroupResponse) { option (google.api.http) = { - get: "/api/v1/groups/{group_id}", + get: "/api/v1/cloud/groups/{group_id}", }; } // Create new a group rpc CreateGroup (CreateGroupRequest) returns (CreateGroupResponse) { option (google.api.http) = { - post: "/api/v1/groups", + post: "/api/v1/cloud/groups", body: "*" }; } @@ -151,7 +151,7 @@ service CloudService { // Update a group rpc UpdateGroup (UpdateGroupRequest) returns (UpdateGroupResponse) { option (google.api.http) = { - post: "/api/v1/groups/{group_id}", + post: "/api/v1/cloud/groups/{group_id}", body: "*" }; } @@ -159,14 +159,14 @@ service CloudService { // Delete a group rpc DeleteGroup (DeleteGroupRequest) returns (DeleteGroupResponse) { option (google.api.http) = { - delete: "/api/v1/groups/{group_id}", + delete: "/api/v1/cloud/groups/{group_id}", }; } // Set a group's access to a namespace rpc SetGroupNamespaceAccess (SetGroupNamespaceAccessRequest) returns (SetGroupNamespaceAccessResponse) { option (google.api.http) = { - post: "/api/v1/namespaces/{namespace}/groups/{group_id}/access", + post: "/api/v1/cloud/namespaces/{namespace}/groups/{group_id}/access", body: "*" }; } From ef1fa99695940fbf176fb50966731ec6bf2f8d9f Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 14:14:09 -0700 Subject: [PATCH 04/20] add state and async op id --- temporal/api/cloud/identity/v1/message.proto | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index e16afff..12a2fba 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -87,9 +87,13 @@ message Group { string resource_version = 2; // The group specification GroupSpec spec = 3; + // The current state of the group + string state = 4; + // The id of the async operation that is creating/updating/deleting the group, if any + string async_operation_id = 5; // The date and time when the group was created - google.protobuf.Timestamp created_time = 4; + google.protobuf.Timestamp created_time = 6; // The date and time when the group was last modified // Will not be set if the group has never been modified - google.protobuf.Timestamp last_modified_time = 5; + google.protobuf.Timestamp last_modified_time = 7; } From c8cb84d711a4807f449083ae99b2a6716de88d65 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 14:20:05 -0700 Subject: [PATCH 05/20] mutability --- temporal/api/cloud/identity/v1/message.proto | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 12a2fba..d90e44b 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -71,9 +71,11 @@ message User { } message GroupSpec { - // The human-readable name of the group + // The name of the group defined in the customer's IdP (e.g. Google group name in Google Workspace). + // The name is immutable. Once set, it cannot be changed. string name = 1; // The type of the group. e.g. "googleworkspace" + // This field is immutable. Once set, it cannot be changed. string type = 2; // The access assigned to the group temporal.api.cloud.identity.v1.Access access = 3; From d0036c92dfb9d147ac66065af2843e00f586a22e Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 14:20:40 -0700 Subject: [PATCH 06/20] wording --- temporal/api/cloud/identity/v1/message.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index d90e44b..be3de71 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -71,7 +71,7 @@ message User { } message GroupSpec { - // The name of the group defined in the customer's IdP (e.g. Google group name in Google Workspace). + // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace). // The name is immutable. Once set, it cannot be changed. string name = 1; // The type of the group. e.g. "googleworkspace" From 3023eed08bf417bcd0e210fbafc17247854639cc Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 14:29:02 -0700 Subject: [PATCH 07/20] rename to user group --- .../cloudservice/v1/request_response.proto | 32 +++++++++---------- .../api/cloud/cloudservice/v1/service.proto | 24 +++++++------- temporal/api/cloud/identity/v1/message.proto | 6 ++-- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index f02a207..0025512 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -235,7 +235,7 @@ message GetRegionResponse { temporal.api.cloud.region.v1.Region region = 1; } -message GetGroupsRequest { +message GetUserGroupsRequest { // The requested size of the page to retrieve - optional. // Cannot exceed 1000. Defaults to 100. int32 page_size = 1; @@ -247,45 +247,45 @@ message GetGroupsRequest { string name = 4; } -message GetGroupsResponse { +message GetUserGroupsResponse { // The list of groups in ascending name order. - repeated temporal.api.cloud.identity.v1.Group groups = 1; + repeated temporal.api.cloud.identity.v1.UserGroup groups = 1; // The next page's token. string next_page_token = 2; } -message GetGroupRequest { +message GetUserGroupRequest { // The id of the group to get. string group_id = 1; } -message GetGroupResponse { +message GetUserGroupResponse { // The group. - temporal.api.cloud.identity.v1.Group group = 1; + temporal.api.cloud.identity.v1.UserGroup group = 1; } -message CreateGroupRequest { +message CreateUserGroupRequest { // The id of the group. string group_id = 1; // The spec for the group to create. - temporal.api.cloud.identity.v1.GroupSpec spec = 2; + temporal.api.cloud.identity.v1.UserGroupSpec spec = 2; // The id to use for this async operation. // Optional, if not provided a random id will be generated. string async_operation_id = 3; } -message CreateGroupResponse { +message CreateUserGroupResponse { // The id of the group that was created. string group_id = 1; // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 2; } -message UpdateGroupRequest { +message UpdateUserGroupRequest { // The id of the group to update. string group_id = 1; // The new group specification. - temporal.api.cloud.identity.v1.GroupSpec spec = 2; + temporal.api.cloud.identity.v1.UserGroupSpec spec = 2; // The version of the group for which this update is intended for. // The latest version can be found in the GetGroup operation response. string resource_version = 3; @@ -294,12 +294,12 @@ message UpdateGroupRequest { string async_operation_id = 4; } -message UpdateGroupResponse { +message UpdateUserGroupResponse { // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } -message DeleteGroupRequest { +message DeleteUserGroupRequest { // The id of the group to delete. string group_id = 1; // The version of the group for which this delete is intended for. @@ -310,12 +310,12 @@ message DeleteGroupRequest { string async_operation_id = 3; } -message DeleteGroupResponse { +message DeleteUserGroupResponse { // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } -message SetGroupNamespaceAccessRequest { +message SetUserGroupNamespaceAccessRequest { // The namespace to set permissions for. string namespace = 1; // The id of the group to set permissions for. @@ -329,7 +329,7 @@ message SetGroupNamespaceAccessRequest { string async_operation_id = 5; } -message SetGroupNamespaceAccessResponse { +message SetUserGroupNamespaceAccessResponse { // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 8e6fe5f..8412eb8 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -127,46 +127,46 @@ service CloudService { } // Get all groups - rpc GetGroups (GetGroupsRequest) returns (GetGroupsResponse) { + rpc GetGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) { option (google.api.http) = { - get: "/api/v1/cloud/groups", + get: "/api/v1/cloud/user-groups", }; } // Get a group - rpc GetGroup (GetGroupRequest) returns (GetGroupResponse) { + rpc GetGroup (GetUserGroupRequest) returns (GetUserGroupResponse) { option (google.api.http) = { - get: "/api/v1/cloud/groups/{group_id}", + get: "/api/v1/cloud/user-groups/{group_id}", }; } // Create new a group - rpc CreateGroup (CreateGroupRequest) returns (CreateGroupResponse) { + rpc CreateGroup (CreateUserGroupRequest) returns (CreateUserGroupResponse) { option (google.api.http) = { - post: "/api/v1/cloud/groups", + post: "/api/v1/cloud/user-groups", body: "*" }; } // Update a group - rpc UpdateGroup (UpdateGroupRequest) returns (UpdateGroupResponse) { + rpc UpdateGroup (UpdateUserGroupRequest) returns (UpdateUserGroupResponse) { option (google.api.http) = { - post: "/api/v1/cloud/groups/{group_id}", + post: "/api/v1/cloud/user-groups/{group_id}", body: "*" }; } // Delete a group - rpc DeleteGroup (DeleteGroupRequest) returns (DeleteGroupResponse) { + rpc DeleteGroup (DeleteUserGroupRequest) returns (DeleteUserGroupResponse) { option (google.api.http) = { - delete: "/api/v1/cloud/groups/{group_id}", + delete: "/api/v1/cloud/user-groups/{group_id}", }; } // Set a group's access to a namespace - rpc SetGroupNamespaceAccess (SetGroupNamespaceAccessRequest) returns (SetGroupNamespaceAccessResponse) { + rpc SetGroupNamespaceAccess (SetUserGroupNamespaceAccessRequest) returns (SetUserGroupNamespaceAccessResponse) { option (google.api.http) = { - post: "/api/v1/cloud/namespaces/{namespace}/groups/{group_id}/access", + post: "/api/v1/cloud/namespaces/{namespace}/user-groups/{group_id}/access", body: "*" }; } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index be3de71..cbf6e74 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -70,7 +70,7 @@ message User { google.protobuf.Timestamp last_modified_time = 8; } -message GroupSpec { +message UserGroupSpec { // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace). // The name is immutable. Once set, it cannot be changed. string name = 1; @@ -81,14 +81,14 @@ message GroupSpec { temporal.api.cloud.identity.v1.Access access = 3; } -message Group { +message UserGroup { // The id of the group string id = 1; // The current version of the group specification // The next update operation will have to include this version string resource_version = 2; // The group specification - GroupSpec spec = 3; + UserGroupSpec spec = 3; // The current state of the group string state = 4; // The id of the async operation that is creating/updating/deleting the group, if any From 66dbd895c24b7f2484c355a30809f161e2567095 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Tue, 16 Apr 2024 14:34:14 -0700 Subject: [PATCH 08/20] fix CreateUserGroupRequest --- temporal/api/cloud/cloudservice/v1/request_response.proto | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 0025512..5a84a8a 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -265,13 +265,11 @@ message GetUserGroupResponse { } message CreateUserGroupRequest { - // The id of the group. - string group_id = 1; // The spec for the group to create. - temporal.api.cloud.identity.v1.UserGroupSpec spec = 2; + temporal.api.cloud.identity.v1.UserGroupSpec spec = 1; // The id to use for this async operation. // Optional, if not provided a random id will be generated. - string async_operation_id = 3; + string async_operation_id = 2; } message CreateUserGroupResponse { From 0a735b1987f0a1c3cdbc1a68a7bb90e702b26436 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 17 Apr 2024 09:28:23 -0700 Subject: [PATCH 09/20] -> user group --- temporal/api/cloud/cloudservice/v1/service.proto | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 8412eb8..f714b20 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -127,21 +127,21 @@ service CloudService { } // Get all groups - rpc GetGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) { + rpc GetUserGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) { option (google.api.http) = { get: "/api/v1/cloud/user-groups", }; } // Get a group - rpc GetGroup (GetUserGroupRequest) returns (GetUserGroupResponse) { + rpc GetUserGroup (GetUserGroupRequest) returns (GetUserGroupResponse) { option (google.api.http) = { get: "/api/v1/cloud/user-groups/{group_id}", }; } // Create new a group - rpc CreateGroup (CreateUserGroupRequest) returns (CreateUserGroupResponse) { + rpc CreateUserGroup (CreateUserGroupRequest) returns (CreateUserGroupResponse) { option (google.api.http) = { post: "/api/v1/cloud/user-groups", body: "*" @@ -149,7 +149,7 @@ service CloudService { } // Update a group - rpc UpdateGroup (UpdateUserGroupRequest) returns (UpdateUserGroupResponse) { + rpc UpdateUserGroup (UpdateUserGroupRequest) returns (UpdateUserGroupResponse) { option (google.api.http) = { post: "/api/v1/cloud/user-groups/{group_id}", body: "*" @@ -157,14 +157,14 @@ service CloudService { } // Delete a group - rpc DeleteGroup (DeleteUserGroupRequest) returns (DeleteUserGroupResponse) { + rpc DeleteUserGroup (DeleteUserGroupRequest) returns (DeleteUserGroupResponse) { option (google.api.http) = { delete: "/api/v1/cloud/user-groups/{group_id}", }; } // Set a group's access to a namespace - rpc SetGroupNamespaceAccess (SetUserGroupNamespaceAccessRequest) returns (SetUserGroupNamespaceAccessResponse) { + rpc SetUserGroupNamespaceAccess (SetUserGroupNamespaceAccessRequest) returns (SetUserGroupNamespaceAccessResponse) { option (google.api.http) = { post: "/api/v1/cloud/namespaces/{namespace}/user-groups/{group_id}/access", body: "*" From 1c7fa20564f3a5c502f4d5c8d3bdff9037612b87 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 17 Apr 2024 09:34:34 -0700 Subject: [PATCH 10/20] update comments --- temporal/api/cloud/cloudservice/v1/service.proto | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index f714b20..57e9f18 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -126,21 +126,21 @@ service CloudService { }; } - // Get all groups + // Get all user groups rpc GetUserGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) { option (google.api.http) = { get: "/api/v1/cloud/user-groups", }; } - // Get a group + // Get a user group rpc GetUserGroup (GetUserGroupRequest) returns (GetUserGroupResponse) { option (google.api.http) = { get: "/api/v1/cloud/user-groups/{group_id}", }; } - // Create new a group + // Create new a user group rpc CreateUserGroup (CreateUserGroupRequest) returns (CreateUserGroupResponse) { option (google.api.http) = { post: "/api/v1/cloud/user-groups", @@ -148,7 +148,7 @@ service CloudService { }; } - // Update a group + // Update a user group rpc UpdateUserGroup (UpdateUserGroupRequest) returns (UpdateUserGroupResponse) { option (google.api.http) = { post: "/api/v1/cloud/user-groups/{group_id}", @@ -156,14 +156,14 @@ service CloudService { }; } - // Delete a group + // Delete a user group rpc DeleteUserGroup (DeleteUserGroupRequest) returns (DeleteUserGroupResponse) { option (google.api.http) = { delete: "/api/v1/cloud/user-groups/{group_id}", }; } - // Set a group's access to a namespace + // Set a user group's access to a namespace rpc SetUserGroupNamespaceAccess (SetUserGroupNamespaceAccessRequest) returns (SetUserGroupNamespaceAccessResponse) { option (google.api.http) = { post: "/api/v1/cloud/namespaces/{namespace}/user-groups/{group_id}/access", From 0ceb7822c6cde6fe885fec0fdbc9a81e4a63cb51 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 17 Apr 2024 09:40:21 -0700 Subject: [PATCH 11/20] consistency --- temporal/api/cloud/identity/v1/message.proto | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index cbf6e74..be89304 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -71,11 +71,11 @@ message User { } message UserGroupSpec { - // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace). - // The name is immutable. Once set, it cannot be changed. + // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace) + // The name is immutable. Once set, it cannot be changed string name = 1; // The type of the group. e.g. "googleworkspace" - // This field is immutable. Once set, it cannot be changed. + // This field is immutable. Once set, it cannot be changed string type = 2; // The access assigned to the group temporal.api.cloud.identity.v1.Access access = 3; From fc2f6e18a0ea4c52c3c170a13eae3a894660f744 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 17 Apr 2024 09:48:32 -0700 Subject: [PATCH 12/20] fix reference --- temporal/api/cloud/identity/v1/message.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index be89304..83956a2 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -78,7 +78,7 @@ message UserGroupSpec { // This field is immutable. Once set, it cannot be changed string type = 2; // The access assigned to the group - temporal.api.cloud.identity.v1.Access access = 3; + Access access = 3; } message UserGroup { From a50075deaa9c0f154faf2a330c6323386523de7a Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Mon, 22 Apr 2024 14:44:21 -0700 Subject: [PATCH 13/20] Add filter and update comment --- .../api/cloud/cloudservice/v1/request_response.proto | 9 ++++++--- temporal/api/cloud/identity/v1/message.proto | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 5a84a8a..b23c8d3 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -241,14 +241,17 @@ message GetUserGroupsRequest { int32 page_size = 1; // The page token if this is continuing from another response - optional. string page_token = 2; + // Filter groups by their connection type - optional. + // Allowed values ["google-workspace"]. + string connection_type = 3; // Only return groups that grant access to the specified namespace - optional. - string namespace = 3; + string namespace = 4; // Filter groups by their name - optional. - string name = 4; + string name = 5; } message GetUserGroupsResponse { - // The list of groups in ascending name order. + // The list of groups in ascending ids order. repeated temporal.api.cloud.identity.v1.UserGroup groups = 1; // The next page's token. string next_page_token = 2; diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 83956a2..f212ec8 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -76,6 +76,7 @@ message UserGroupSpec { string name = 1; // The type of the group. e.g. "googleworkspace" // This field is immutable. Once set, it cannot be changed + // Allowed values ["google-workspace"]. string type = 2; // The access assigned to the group Access access = 3; From f6da1b5e21c31aac956bc217964a3c19814a9c59 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Mon, 22 Apr 2024 14:54:52 -0700 Subject: [PATCH 14/20] update comment --- temporal/api/cloud/identity/v1/message.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index f212ec8..41bb237 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -74,7 +74,7 @@ message UserGroupSpec { // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace) // The name is immutable. Once set, it cannot be changed string name = 1; - // The type of the group. e.g. "googleworkspace" + // The type of the group. // This field is immutable. Once set, it cannot be changed // Allowed values ["google-workspace"]. string type = 2; From 395bd0e8f5c1c2360c8111205da9f8dbd1c2f404 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 24 Apr 2024 09:04:15 -0700 Subject: [PATCH 15/20] change type to host_type --- temporal/api/cloud/cloudservice/v1/request_response.proto | 8 ++++---- temporal/api/cloud/identity/v1/message.proto | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index b23c8d3..9cf3ea8 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -241,11 +241,11 @@ message GetUserGroupsRequest { int32 page_size = 1; // The page token if this is continuing from another response - optional. string page_token = 2; - // Filter groups by their connection type - optional. - // Allowed values ["google-workspace"]. - string connection_type = 3; // Only return groups that grant access to the specified namespace - optional. - string namespace = 4; + string namespace = 3; + // Filter groups by their host type - optional. + // Allowed values ["google-workspace"]. + string host_type = 4; // Filter groups by their name - optional. string name = 5; } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 41bb237..8bd45e7 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -74,10 +74,10 @@ message UserGroupSpec { // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace) // The name is immutable. Once set, it cannot be changed string name = 1; - // The type of the group. + // The type of the service that hosts the group. // This field is immutable. Once set, it cannot be changed // Allowed values ["google-workspace"]. - string type = 2; + string host_type = 2; // The access assigned to the group Access access = 3; } From 00383b0492249d5c9ca051f47714ce9f873ee699 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 24 Apr 2024 13:18:09 -0700 Subject: [PATCH 16/20] rename to type --- temporal/api/cloud/cloudservice/v1/request_response.proto | 6 +++--- temporal/api/cloud/identity/v1/message.proto | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 9cf3ea8..f25fd80 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -243,11 +243,11 @@ message GetUserGroupsRequest { string page_token = 2; // Only return groups that grant access to the specified namespace - optional. string namespace = 3; - // Filter groups by their host type - optional. + // Filter groups by their type - optional. // Allowed values ["google-workspace"]. - string host_type = 4; + string group_type = 4; // Filter groups by their name - optional. - string name = 5; + string group_name = 5; } message GetUserGroupsResponse { diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 8bd45e7..41bb237 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -74,10 +74,10 @@ message UserGroupSpec { // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace) // The name is immutable. Once set, it cannot be changed string name = 1; - // The type of the service that hosts the group. + // The type of the group. // This field is immutable. Once set, it cannot be changed // Allowed values ["google-workspace"]. - string host_type = 2; + string type = 2; // The access assigned to the group Access access = 3; } From 6449153f6cb1d99180e9b99667130e797bba4817 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Wed, 24 Apr 2024 14:51:07 -0700 Subject: [PATCH 17/20] update const --- temporal/api/cloud/cloudservice/v1/request_response.proto | 2 +- temporal/api/cloud/identity/v1/message.proto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index f25fd80..d7a64d0 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -244,7 +244,7 @@ message GetUserGroupsRequest { // Only return groups that grant access to the specified namespace - optional. string namespace = 3; // Filter groups by their type - optional. - // Allowed values ["google-workspace"]. + // Allowed values ["google_workspace"]. string group_type = 4; // Filter groups by their name - optional. string group_name = 5; diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 41bb237..acf02b7 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -76,7 +76,7 @@ message UserGroupSpec { string name = 1; // The type of the group. // This field is immutable. Once set, it cannot be changed - // Allowed values ["google-workspace"]. + // Allowed values ["google_workspace"]. string type = 2; // The access assigned to the group Access access = 3; From 9316ca7231a4e01243a21331b5b645d729e55076 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Fri, 3 May 2024 12:21:18 -0700 Subject: [PATCH 18/20] update comment --- temporal/api/cloud/cloudservice/v1/request_response.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index d7a64d0..39a3e07 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -241,7 +241,7 @@ message GetUserGroupsRequest { int32 page_size = 1; // The page token if this is continuing from another response - optional. string page_token = 2; - // Only return groups that grant access to the specified namespace - optional. + // Filter groups by the namespace they have access to - optional. string namespace = 3; // Filter groups by their type - optional. // Allowed values ["google_workspace"]. From 47830503c2b3ec59eed0769d6d9363aa94e02d87 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Thu, 9 May 2024 15:49:33 -0700 Subject: [PATCH 19/20] address comments --- temporal/api/cloud/cloudservice/v1/request_response.proto | 5 +---- temporal/api/cloud/identity/v1/message.proto | 6 +----- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 39a3e07..eaaad41 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -243,11 +243,8 @@ message GetUserGroupsRequest { string page_token = 2; // Filter groups by the namespace they have access to - optional. string namespace = 3; - // Filter groups by their type - optional. - // Allowed values ["google_workspace"]. - string group_type = 4; // Filter groups by their name - optional. - string group_name = 5; + string group_name = 4; } message GetUserGroupsResponse { diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index acf02b7..5ee7349 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -74,12 +74,8 @@ message UserGroupSpec { // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace) // The name is immutable. Once set, it cannot be changed string name = 1; - // The type of the group. - // This field is immutable. Once set, it cannot be changed - // Allowed values ["google_workspace"]. - string type = 2; // The access assigned to the group - Access access = 3; + Access access = 2; } message UserGroup { From f7a4bd690d10aeb5b36e95529cc9070739ed20f2 Mon Sep 17 00:00:00 2001 From: Xinyi Chen Date: Thu, 9 May 2024 16:28:07 -0700 Subject: [PATCH 20/20] update comment --- temporal/api/cloud/cloudservice/v1/request_response.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index eaaad41..6b691ff 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -248,7 +248,7 @@ message GetUserGroupsRequest { } message GetUserGroupsResponse { - // The list of groups in ascending ids order. + // The list of groups in ascending name order. repeated temporal.api.cloud.identity.v1.UserGroup groups = 1; // The next page's token. string next_page_token = 2;