temporalio · codemonkeycxy · May 9, 2024 · Apr 16, 2024 · Apr 16, 2024 · Apr 16, 2024
diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto
@@ -234,3 +234,100 @@ message GetRegionResponse {
     // The temporal cloud region.
     temporal.api.cloud.region.v1.Region region = 1;
 }
+
+message GetUserGroupsRequest {
+    // The requested size of the page to retrieve - optional.
+    // Cannot exceed 1000. Defaults to 100.
+    int32 page_size = 1;
+    // The page token if this is continuing from another response - optional.
+    string page_token = 2;
+    // Only return groups that grant access to the specified namespace - optional.
+    string namespace = 3;
+    // Filter groups by their name - optional.
+    string name = 4;
+}
+
+message GetUserGroupsResponse {
+    // The list of groups in ascending name order.
+    repeated temporal.api.cloud.identity.v1.UserGroup groups = 1;
+    // The next page's token.
+    string next_page_token = 2;
+}
+
+message GetUserGroupRequest {
+    // The id of the group to get.
+    string group_id = 1;
+}
+
+message GetUserGroupResponse {
+    // The group.
+    temporal.api.cloud.identity.v1.UserGroup group = 1;
+}
+
+message CreateUserGroupRequest {
+    // The spec for the group to create.
+    temporal.api.cloud.identity.v1.UserGroupSpec spec = 1;
+    // The id to use for this async operation.
+    // Optional, if not provided a random id will be generated.
+    string async_operation_id = 2;
+}
+
+message CreateUserGroupResponse {
+    // The id of the group that was created.
+    string group_id = 1;
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 2;
+}
+
+message UpdateUserGroupRequest {
+    // The id of the group to update.
+    string group_id = 1;
+    // The new group specification.
+    temporal.api.cloud.identity.v1.UserGroupSpec spec = 2;
+    // The version of the group for which this update is intended for.
+    // The latest version can be found in the GetGroup operation response.
+    string resource_version = 3;
+    // The id to use for this async operation.
+    // Optional, if not provided a random id will be generated.
+    string async_operation_id = 4;
+}
+
+message UpdateUserGroupResponse {
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}
+
+message DeleteUserGroupRequest {
+    // The id of the group to delete.
+    string group_id = 1;
+    // The version of the group for which this delete is intended for.
+    // The latest version can be found in the GetGroup operation response.
+    string resource_version = 2;
+    // The id to use for this async operation.
+    // Optional, if not provided a random id will be generated.
+    string async_operation_id = 3;
+}
+
+message DeleteUserGroupResponse {
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}
+
+message SetUserGroupNamespaceAccessRequest {
+    // The namespace to set permissions for.
+    string namespace = 1;
+    // The id of the group to set permissions for.
+    string group_id = 2;
+    // The namespace access to assign the group. If left empty, the group will be removed from the namespace access.
+    temporal.api.cloud.identity.v1.NamespaceAccess access = 3;
+    // The version of the group for which this update is intended for.
+    // The latest version can be found in the GetGroup operation response.
+    string resource_version = 4;
+    // The id to use for this async operation - optional.
+    string async_operation_id = 5;
+}
+
+message SetUserGroupNamespaceAccessResponse {
+    // The async operation.
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}
diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -125,4 +125,49 @@ service CloudService {
             get: "/api/v1/cloud/regions/{region}",
         };
     }
+
+    // Get all groups
+    rpc GetUserGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) {
+        option (google.api.http) = {
+            get: "/api/v1/cloud/user-groups",
+        };
+    }
+
+    // Get a group
+    rpc GetUserGroup (GetUserGroupRequest) returns (GetUserGroupResponse) {
+        option (google.api.http) = {
+            get: "/api/v1/cloud/user-groups/{group_id}",
+        };
+    }
+
+    // Create new a group
+    rpc CreateUserGroup (CreateUserGroupRequest) returns (CreateUserGroupResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/user-groups",
+            body: "*"
+        };
+    }
+
+    // Update a group
+    rpc UpdateUserGroup (UpdateUserGroupRequest) returns (UpdateUserGroupResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/user-groups/{group_id}",
+            body: "*"
+        };
+    }
+
+    // Delete a group
+    rpc DeleteUserGroup (DeleteUserGroupRequest) returns (DeleteUserGroupResponse) {
+        option (google.api.http) = {
+            delete: "/api/v1/cloud/user-groups/{group_id}",
+        };
+    }
+
+    // Set a group's access to a namespace
+    rpc SetUserGroupNamespaceAccess (SetUserGroupNamespaceAccessRequest) returns (SetUserGroupNamespaceAccessResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/namespaces/{namespace}/user-groups/{group_id}/access",
+            body: "*"
+        };
+    }
 }
diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto
@@ -66,6 +66,36 @@ message User {
     // The date and time when the user was created
     google.protobuf.Timestamp created_time = 7;
     // The date and time when the user was last modified
-    // Will not be set if the user has never been modified.
+    // Will not be set if the user has never been modified
     google.protobuf.Timestamp last_modified_time = 8;
 }
+
+message UserGroupSpec {
+    // The name of the group as defined in the customer's IdP (e.g. Google group name in Google Workspace).
+    // The name is immutable. Once set, it cannot be changed.
+    string name = 1;
+    // The type of the group. e.g. "googleworkspace"
+    // This field is immutable. Once set, it cannot be changed.
+    string type = 2;
+    // The access assigned to the group
+    temporal.api.cloud.identity.v1.Access access = 3;
+}
+
+message UserGroup {
+    // The id of the group
+    string id = 1;
+    // The current version of the group specification
+    // The next update operation will have to include this version
+    string resource_version = 2;
+    // The group specification
+    UserGroupSpec spec = 3;
+    // The current state of the group
+    string state = 4;
+    // The id of the async operation that is creating/updating/deleting the group, if any
+    string async_operation_id = 5;
+    // The date and time when the group was created
+    google.protobuf.Timestamp created_time = 6;
+    // The date and time when the group was last modified
+    // Will not be set if the group has never been modified
+    google.protobuf.Timestamp last_modified_time = 7;
+}