From a3babdd4ae6ecf7a637a32c2d94a4f1437049c2e Mon Sep 17 00:00:00 2001 From: Matt Kim Date: Thu, 9 May 2024 15:31:00 -0700 Subject: [PATCH 1/5] fist pass on api key crud operations --- .../cloudservice/v1/request_response.proto | 81 +++++++++++++++++++ .../api/cloud/cloudservice/v1/service.proto | 37 +++++++++ temporal/api/cloud/identity/v1/message.proto | 30 +++++++ 3 files changed, 148 insertions(+) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 8b78a25..5dad6b1 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -234,3 +234,84 @@ message GetRegionResponse { // The temporal cloud region. temporal.api.cloud.region.v1.Region region = 1; } + +message GetAPIKeysRequest { + // The requested size of the page to retrieve - optional. + // Cannot exceed 1000. Defaults to 100. + int32 page_size = 1; + // The page token if this is continuing from another response - optional. + string page_token = 2; + // Filter api keys by principal id - optional. + string principal_id = 3; + // Filter api keys by principal type - optional. + string principal_type = 4; +} + +message GetAPIKeysResponse { + // The list of API keys in ascending ids order + repeated temporal.api.cloud.identity.v1.APIKey api_keys = 1; + // The next page's token + string next_page_token = 2; +} + +message GetAPIKeyRequest { + // The id of the API key to get + string key_id = 1; +} + +message GetAPIKeyResponse { + // The API key + temporal.api.cloud.identity.v1.APIKey api_key = 1; +} + +message CreateAPIKeyRequest { + // The id of the principal to create the API key for + string principal_id = 1; + // The type of the principal to create the API key for + string principal_type = 2; + // The spec for the API key to invite + temporal.api.cloud.identity.v1.APIKeySpec spec = 3; + // The id to use for this async operation - optional + string async_operation_id = 4; +} + +message CreateAPIKeyResponse { + // The id of the API Key created + string key_id = 1; + // The secret of the API Key created + string secret = 2; + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 3; +} + +message UpdateAPIKeyRequest { + // The id of the API key to update + string key_id = 1; + // The new API key specification + temporal.api.cloud.identity.v1.APIKeySpec spec = 2; + // The version of the API key for which this update is intended for + // The latest version can be found in the GetAPIKey operation response + string resource_version = 3; + // The id to use for this async operation - optional + string async_operation_id = 4; +} + +message UpdateAPIKeyResponse { + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + +message DeleteAPIKeyRequest { + // The id of the API key to delete + string key_id = 1; + // The version of the API key for which this delete is intended for + // The latest version can be found in the GetAPIKey operation response + string resource_version = 2; + // The id to use for this async operation - optional + string async_operation_id = 3; +} + +message DeleteAPIKeyResponse { + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 2fa3adf..942c435 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -125,4 +125,41 @@ service CloudService { get: "/api/v1/cloud/regions/{region}", }; } + + // Get all known API keys + rpc GetAPIKeys (GetAPIKeysRequest) returns (GetAPIKeysResponse) { + option (google.api.http) = { + get: "/api/v1/cloud/api-keys", + }; + } + + // Get an API key + rpc GetAPIKey (GetAPIKeyRequest) returns (GetAPIKeyResponse) { + option (google.api.http) = { + get: "/api/v1/cloud/api-keys/{api_key_id}", + }; + } + + // Create an API key + rpc CreateAPIKey (CreateAPIKeyRequest) returns (CreateAPIKeyResponse) { + option (google.api.http) = { + post: "/api/v1/cloud/api-keys", + body: "*" + }; + } + + // Update an API key + rpc UpdateAPIKey (UpdateAPIKeyRequest) returns (UpdateAPIKeyResponse) { + option (google.api.http) = { + post: "/api/v1/cloud/api-keys/{api_key_id}", + body: "*" + }; + } + + // Delete an API key + rpc DeleteAPIKey (DeleteAPIKeyRequest) returns (DeleteAPIKeyResponse) { + option (google.api.http) = { + delete: "/api/v1/cloud/api-keys/{api_key_id}", + }; + } } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 65adc2e..9850bd3 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -69,3 +69,33 @@ message User { // Will not be set if the user has never been modified. google.protobuf.Timestamp last_modified_time = 8; } + +message APIKey { + // The id of the API Key + string key_id = 1; + // The current version of the API key specification + // The next update operation will have to include this version + string resource_version = 2; + // The API key specification + APIKeySpec spec = 3; + // The current state of the API key + string state = 4; + // The id of the async operation that is creating/updating/deleting the API key, if any + string async_operation_id = 5; + // The date and time when the API key was created + google.protobuf.Timestamp created_time = 6; + // The date and time when the API key was last modified + // Will not be set if the API key has never been modified. + google.protobuf.Timestamp last_modified_time = 7; +} + +message APIKeySpec { + // The name of the API key + string name = 1; + // The description of the API key + string description = 2; + // The expiry time of the API key + google.protobuf.Timestamp expiry_time = 3; + // True if the API key is disabled + bool disabled = 4; +} From 8355aa8b456b00cc45ccd13d18f0aa841eee8822 Mon Sep 17 00:00:00 2001 From: Matt Kim Date: Fri, 10 May 2024 11:20:13 -0700 Subject: [PATCH 2/5] rename principal to identity --- .../cloud/cloudservice/v1/request_response.proto | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 5dad6b1..731cc1c 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -241,10 +241,10 @@ message GetAPIKeysRequest { int32 page_size = 1; // The page token if this is continuing from another response - optional. string page_token = 2; - // Filter api keys by principal id - optional. - string principal_id = 3; - // Filter api keys by principal type - optional. - string principal_type = 4; + // Filter api keys by identity id - optional. + string identity_id = 3; + // Filter api keys by identity type - optional. + string identity_type = 4; } message GetAPIKeysResponse { @@ -265,10 +265,10 @@ message GetAPIKeyResponse { } message CreateAPIKeyRequest { - // The id of the principal to create the API key for - string principal_id = 1; - // The type of the principal to create the API key for - string principal_type = 2; + // The id of the identity to create the API key for + string identity_id = 1; + // The type of the identity to create the API key for + string identity_type = 2; // The spec for the API key to invite temporal.api.cloud.identity.v1.APIKeySpec spec = 3; // The id to use for this async operation - optional From 553b152576a5a619bffc85fe7b210971d793640e Mon Sep 17 00:00:00 2001 From: Matt Kim Date: Mon, 13 May 2024 10:35:28 -0700 Subject: [PATCH 3/5] change name to owner and move to api key spec --- .../cloud/cloudservice/v1/request_response.proto | 16 ++++++---------- temporal/api/cloud/cloudservice/v1/service.proto | 6 +++--- temporal/api/cloud/identity/v1/message.proto | 14 +++++++++----- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 731cc1c..ea9ddbe 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -241,10 +241,10 @@ message GetAPIKeysRequest { int32 page_size = 1; // The page token if this is continuing from another response - optional. string page_token = 2; - // Filter api keys by identity id - optional. - string identity_id = 3; - // Filter api keys by identity type - optional. - string identity_type = 4; + // Filter api keys by owner id - optional. + string owner_id = 3; + // Filter api keys by owner type - optional. + string owner_type = 4; } message GetAPIKeysResponse { @@ -265,14 +265,10 @@ message GetAPIKeyResponse { } message CreateAPIKeyRequest { - // The id of the identity to create the API key for - string identity_id = 1; - // The type of the identity to create the API key for - string identity_type = 2; // The spec for the API key to invite - temporal.api.cloud.identity.v1.APIKeySpec spec = 3; + temporal.api.cloud.identity.v1.APIKeySpec spec = 1; // The id to use for this async operation - optional - string async_operation_id = 4; + string async_operation_id = 2; } message CreateAPIKeyResponse { diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 942c435..3ee3bd0 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -136,7 +136,7 @@ service CloudService { // Get an API key rpc GetAPIKey (GetAPIKeyRequest) returns (GetAPIKeyResponse) { option (google.api.http) = { - get: "/api/v1/cloud/api-keys/{api_key_id}", + get: "/api/v1/cloud/api-keys/{key_id}", }; } @@ -151,7 +151,7 @@ service CloudService { // Update an API key rpc UpdateAPIKey (UpdateAPIKeyRequest) returns (UpdateAPIKeyResponse) { option (google.api.http) = { - post: "/api/v1/cloud/api-keys/{api_key_id}", + post: "/api/v1/cloud/api-keys/{key_id}", body: "*" }; } @@ -159,7 +159,7 @@ service CloudService { // Delete an API key rpc DeleteAPIKey (DeleteAPIKeyRequest) returns (DeleteAPIKeyResponse) { option (google.api.http) = { - delete: "/api/v1/cloud/api-keys/{api_key_id}", + delete: "/api/v1/cloud/api-keys/{key_id}", }; } } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 9850bd3..0206e7e 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -90,12 +90,16 @@ message APIKey { } message APIKeySpec { - // The name of the API key - string name = 1; + // The id of the owner the api key belongs to + string owner_id = 1; + // The type of the owner the api key belongs to + string owner_type = 2; + // The display name of the API key + string display_name = 3; // The description of the API key - string description = 2; + string description = 4; // The expiry time of the API key - google.protobuf.Timestamp expiry_time = 3; + google.protobuf.Timestamp expiry_time = 5; // True if the API key is disabled - bool disabled = 4; + bool disabled = 6; } From 5422e5ebc2661022a7f04e598a6404bfaeed31f2 Mon Sep 17 00:00:00 2001 From: Matt Kim Date: Fri, 17 May 2024 10:06:31 -0700 Subject: [PATCH 4/5] update changes --- .../cloudservice/v1/request_response.proto | 35 ++++++++++--------- .../api/cloud/cloudservice/v1/service.proto | 10 +++--- temporal/api/cloud/identity/v1/message.proto | 15 ++++---- 3 files changed, 33 insertions(+), 27 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index ea9ddbe..d079392 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -235,7 +235,8 @@ message GetRegionResponse { temporal.api.cloud.region.v1.Region region = 1; } -message GetAPIKeysRequest { + +message GetApiKeysRequest { // The requested size of the page to retrieve - optional. // Cannot exceed 1000. Defaults to 100. int32 page_size = 1; @@ -244,47 +245,49 @@ message GetAPIKeysRequest { // Filter api keys by owner id - optional. string owner_id = 3; // Filter api keys by owner type - optional. + // Possible values: user, service-account string owner_type = 4; } -message GetAPIKeysResponse { +message GetApiKeysResponse { // The list of API keys in ascending ids order - repeated temporal.api.cloud.identity.v1.APIKey api_keys = 1; + repeated temporal.api.cloud.identity.v1.ApiKey api_keys = 1; // The next page's token string next_page_token = 2; } -message GetAPIKeyRequest { +message GetApiKeyRequest { // The id of the API key to get string key_id = 1; } -message GetAPIKeyResponse { +message GetApiKeyResponse { // The API key - temporal.api.cloud.identity.v1.APIKey api_key = 1; + temporal.api.cloud.identity.v1.ApiKey api_key = 1; } -message CreateAPIKeyRequest { +message CreateApiKeyRequest { // The spec for the API key to invite - temporal.api.cloud.identity.v1.APIKeySpec spec = 1; + // Create api key only supports service-account owner type + temporal.api.cloud.identity.v1.ApiKeySpec spec = 1; // The id to use for this async operation - optional string async_operation_id = 2; } -message CreateAPIKeyResponse { +message CreateApiKeyResponse { // The id of the API Key created string key_id = 1; - // The secret of the API Key created - string secret = 2; + // The token of the API Key created + string token = 2; // The async operation temporal.api.cloud.operation.v1.AsyncOperation async_operation = 3; } -message UpdateAPIKeyRequest { +message UpdateApiKeyRequest { // The id of the API key to update string key_id = 1; // The new API key specification - temporal.api.cloud.identity.v1.APIKeySpec spec = 2; + temporal.api.cloud.identity.v1.ApiKeySpec spec = 2; // The version of the API key for which this update is intended for // The latest version can be found in the GetAPIKey operation response string resource_version = 3; @@ -292,12 +295,12 @@ message UpdateAPIKeyRequest { string async_operation_id = 4; } -message UpdateAPIKeyResponse { +message UpdateApiKeyResponse { // The async operation temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } -message DeleteAPIKeyRequest { +message DeleteApiKeyRequest { // The id of the API key to delete string key_id = 1; // The version of the API key for which this delete is intended for @@ -307,7 +310,7 @@ message DeleteAPIKeyRequest { string async_operation_id = 3; } -message DeleteAPIKeyResponse { +message DeleteApiKeyResponse { // The async operation temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto index 3ee3bd0..3b243f7 100644 --- a/temporal/api/cloud/cloudservice/v1/service.proto +++ b/temporal/api/cloud/cloudservice/v1/service.proto @@ -127,21 +127,21 @@ service CloudService { } // Get all known API keys - rpc GetAPIKeys (GetAPIKeysRequest) returns (GetAPIKeysResponse) { + rpc GetApiKeys (GetApiKeysRequest) returns (GetApiKeysResponse) { option (google.api.http) = { get: "/api/v1/cloud/api-keys", }; } // Get an API key - rpc GetAPIKey (GetAPIKeyRequest) returns (GetAPIKeyResponse) { + rpc GetApiKey (GetApiKeyRequest) returns (GetApiKeyResponse) { option (google.api.http) = { get: "/api/v1/cloud/api-keys/{key_id}", }; } // Create an API key - rpc CreateAPIKey (CreateAPIKeyRequest) returns (CreateAPIKeyResponse) { + rpc CreateApiKey (CreateApiKeyRequest) returns (CreateApiKeyResponse) { option (google.api.http) = { post: "/api/v1/cloud/api-keys", body: "*" @@ -149,7 +149,7 @@ service CloudService { } // Update an API key - rpc UpdateAPIKey (UpdateAPIKeyRequest) returns (UpdateAPIKeyResponse) { + rpc UpdateApiKey (UpdateApiKeyRequest) returns (UpdateApiKeyResponse) { option (google.api.http) = { post: "/api/v1/cloud/api-keys/{key_id}", body: "*" @@ -157,7 +157,7 @@ service CloudService { } // Delete an API key - rpc DeleteAPIKey (DeleteAPIKeyRequest) returns (DeleteAPIKeyResponse) { + rpc DeleteApiKey (DeleteApiKeyRequest) returns (DeleteApiKeyResponse) { option (google.api.http) = { delete: "/api/v1/cloud/api-keys/{key_id}", }; diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 0206e7e..a5c11ab 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -70,15 +70,17 @@ message User { google.protobuf.Timestamp last_modified_time = 8; } -message APIKey { +message ApiKey { // The id of the API Key - string key_id = 1; + string id = 1; // The current version of the API key specification // The next update operation will have to include this version string resource_version = 2; // The API key specification - APIKeySpec spec = 3; + ApiKeySpec spec = 3; // The current state of the API key + // Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted, suspending, suspendfailed, suspended. + // For any failed state, reach out to Temporal Cloud support for remediation. string state = 4; // The id of the async operation that is creating/updating/deleting the API key, if any string async_operation_id = 5; @@ -89,10 +91,11 @@ message APIKey { google.protobuf.Timestamp last_modified_time = 7; } -message APIKeySpec { - // The id of the owner the api key belongs to +message ApiKeySpec { + // The id of the owner to create the API key for string owner_id = 1; - // The type of the owner the api key belongs to + // The type of the owner to create the API key for + // Possible values: user, service-account string owner_type = 2; // The display name of the API key string display_name = 3; From 346498c26c0c4603cf854d262eb6cba714374e74 Mon Sep 17 00:00:00 2001 From: Abhinav Nekkanti <10552725+anekkanti@users.noreply.github.com> Date: Wed, 22 May 2024 11:40:12 -0700 Subject: [PATCH 5/5] address review comments --- .../cloudservice/v1/request_response.proto | 44 ++++++++++--------- temporal/api/cloud/identity/v1/message.proto | 34 +++++++------- 2 files changed, 42 insertions(+), 36 deletions(-) diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto index 5f7e553..c0ff66b 100644 --- a/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -282,68 +282,70 @@ message GetApiKeysRequest { } message GetApiKeysResponse { - // The list of API keys in ascending ids order + // The list of api keys in ascending id order. repeated temporal.api.cloud.identity.v1.ApiKey api_keys = 1; - // The next page's token + // The next page's token. string next_page_token = 2; } message GetApiKeyRequest { - // The id of the API key to get + // The id of the api key to get. string key_id = 1; } message GetApiKeyResponse { - // The API key + // The api key. temporal.api.cloud.identity.v1.ApiKey api_key = 1; } message CreateApiKeyRequest { - // The spec for the API key to invite - // Create api key only supports service-account owner type + // The spec for the api key to create. + // Create api key only supports service-account owner type for now. temporal.api.cloud.identity.v1.ApiKeySpec spec = 1; - // The id to use for this async operation - optional + // The id to use for this async operation - optional. string async_operation_id = 2; } message CreateApiKeyResponse { - // The id of the API Key created + // The id of the api key created. string key_id = 1; - // The token of the API Key created + // The token of the api key created. + // This is a secret and should be stored securely. + // It will not be retrievable after this response. string token = 2; - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 3; } message UpdateApiKeyRequest { - // The id of the API key to update + // The id of the api key to update. string key_id = 1; - // The new API key specification + // The new api key specification. temporal.api.cloud.identity.v1.ApiKeySpec spec = 2; - // The version of the API key for which this update is intended for - // The latest version can be found in the GetAPIKey operation response + // The version of the api key for which this update is intended for. + // The latest version can be found in the GetApiKey operation response. string resource_version = 3; - // The id to use for this async operation - optional + // The id to use for this async operation - optional. string async_operation_id = 4; } message UpdateApiKeyResponse { - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } message DeleteApiKeyRequest { - // The id of the API key to delete + // The id of the api key to delete. string key_id = 1; - // The version of the API key for which this delete is intended for - // The latest version can be found in the GetAPIKey operation response + // The version of the api key for which this delete is intended for. + // The latest version can be found in the GetApiKey operation response. string resource_version = 2; - // The id to use for this async operation - optional + // The id to use for this async operation - optional. string async_operation_id = 3; } message DeleteApiKeyResponse { - // The async operation + // The async operation. temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } diff --git a/temporal/api/cloud/identity/v1/message.proto b/temporal/api/cloud/identity/v1/message.proto index 8e8ab5a..5fb6179 100644 --- a/temporal/api/cloud/identity/v1/message.proto +++ b/temporal/api/cloud/identity/v1/message.proto @@ -132,38 +132,42 @@ message ServiceAccountSpec { message ApiKey { - // The id of the API Key + // The id of the API Key. string id = 1; - // The current version of the API key specification - // The next update operation will have to include this version + // The current version of the API key specification. + // The next update operation will have to include this version. string resource_version = 2; - // The API key specification + // The API key specification. ApiKeySpec spec = 3; - // The current state of the API key + // The current state of the API key. // Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted, suspending, suspendfailed, suspended. // For any failed state, reach out to Temporal Cloud support for remediation. string state = 4; - // The id of the async operation that is creating/updating/deleting the API key, if any + // The id of the async operation that is creating/updating/deleting the API key, if any. string async_operation_id = 5; - // The date and time when the API key was created + // The date and time when the API key was created. google.protobuf.Timestamp created_time = 6; - // The date and time when the API key was last modified + // The date and time when the API key was last modified. // Will not be set if the API key has never been modified. google.protobuf.Timestamp last_modified_time = 7; } message ApiKeySpec { - // The id of the owner to create the API key for + // The id of the owner to create the API key for. + // The owner id is immutable. Once set during creation, it cannot be changed. + // The owner id is the id of the user when the owner type is 'user'. + // The owner id is the id of the service account when the owner type is 'service-account'. string owner_id = 1; - // The type of the owner to create the API key for - // Possible values: user, service-account + // The type of the owner to create the API key for. + // The owner type is immutable. Once set during creation, it cannot be changed. + // Possible values: user, service-account. string owner_type = 2; - // The display name of the API key + // The display name of the API key. string display_name = 3; - // The description of the API key + // The description of the API key. string description = 4; - // The expiry time of the API key + // The expiry time of the API key. google.protobuf.Timestamp expiry_time = 5; - // True if the API key is disabled + // True if the API key is disabled. bool disabled = 6; }