Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fist pass on api key crud operations #25

Merged
merged 6 commits into from
May 22, 2024
Merged

fist pass on api key crud operations #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a3babdd
fist pass on api key crud operations
mattkim May 9, 2024
8355aa8
rename principal to identity
mattkim May 10, 2024
553b152
change name to owner and move to api key spec
mattkim May 13, 2024
5422e5e
update changes
mattkim May 17, 2024
96e43e4
merge main
mattkim May 17, 2024
346498c
address review comments
anekkanti May 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions temporal/api/cloud/cloudservice/v1/request_response.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,88 @@ message GetRegionResponse {
temporal.api.cloud.region.v1.Region region = 1;
}


message GetApiKeysRequest {
// The requested size of the page to retrieve - optional.
// Cannot exceed 1000. Defaults to 100.
int32 page_size = 1;
// The page token if this is continuing from another response - optional.
string page_token = 2;
// Filter api keys by owner id - optional.
string owner_id = 3;
// Filter api keys by owner type - optional.
// Possible values: user, service-account
string owner_type = 4;
}

message GetApiKeysResponse {
// The list of api keys in ascending id order.
repeated temporal.api.cloud.identity.v1.ApiKey api_keys = 1;
// The next page's token.
string next_page_token = 2;
}

message GetApiKeyRequest {
// The id of the api key to get.
string key_id = 1;
}

message GetApiKeyResponse {
// The api key.
temporal.api.cloud.identity.v1.ApiKey api_key = 1;
}

message CreateApiKeyRequest {
// The spec for the api key to create.
// Create api key only supports service-account owner type for now.
temporal.api.cloud.identity.v1.ApiKeySpec spec = 1;
// The id to use for this async operation - optional.
string async_operation_id = 2;
}

message CreateApiKeyResponse {
// The id of the api key created.
string key_id = 1;
// The token of the api key created.
// This is a secret and should be stored securely.
// It will not be retrievable after this response.
string token = 2;
// The async operation.
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 3;
}

message UpdateApiKeyRequest {
// The id of the api key to update.
string key_id = 1;
// The new api key specification.
temporal.api.cloud.identity.v1.ApiKeySpec spec = 2;
// The version of the api key for which this update is intended for.
// The latest version can be found in the GetApiKey operation response.
string resource_version = 3;
// The id to use for this async operation - optional.
string async_operation_id = 4;
}

message UpdateApiKeyResponse {
// The async operation.
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
}

message DeleteApiKeyRequest {
// The id of the api key to delete.
string key_id = 1;
// The version of the api key for which this delete is intended for.
// The latest version can be found in the GetApiKey operation response.
string resource_version = 2;
// The id to use for this async operation - optional.
string async_operation_id = 3;
}

message DeleteApiKeyResponse {
// The async operation.
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
}

message GetUserGroupsRequest {
// The requested size of the page to retrieve - optional.
// Cannot exceed 1000. Defaults to 100.
Expand Down
37 changes: 37 additions & 0 deletions temporal/api/cloud/cloudservice/v1/service.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,43 @@ service CloudService {
};
}

// Get all known API keys
rpc GetApiKeys (GetApiKeysRequest) returns (GetApiKeysResponse) {
option (google.api.http) = {
get: "/api/v1/cloud/api-keys",
};
}

// Get an API key
rpc GetApiKey (GetApiKeyRequest) returns (GetApiKeyResponse) {
option (google.api.http) = {
get: "/api/v1/cloud/api-keys/{key_id}",
};
}

// Create an API key
rpc CreateApiKey (CreateApiKeyRequest) returns (CreateApiKeyResponse) {
option (google.api.http) = {
post: "/api/v1/cloud/api-keys",
body: "*"
};
}

// Update an API key
rpc UpdateApiKey (UpdateApiKeyRequest) returns (UpdateApiKeyResponse) {
option (google.api.http) = {
post: "/api/v1/cloud/api-keys/{key_id}",
body: "*"
};
}

// Delete an API key
rpc DeleteApiKey (DeleteApiKeyRequest) returns (DeleteApiKeyResponse) {
option (google.api.http) = {
delete: "/api/v1/cloud/api-keys/{key_id}",
};
}

// Get all user groups
rpc GetUserGroups (GetUserGroupsRequest) returns (GetUserGroupsResponse) {
option (google.api.http) = {
Expand Down
41 changes: 41 additions & 0 deletions temporal/api/cloud/identity/v1/message.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,3 +130,44 @@ message ServiceAccountSpec {
string description = 3;
}


message ApiKey {
// The id of the API Key.
string id = 1;
// The current version of the API key specification.
// The next update operation will have to include this version.
string resource_version = 2;
// The API key specification.
ApiKeySpec spec = 3;
// The current state of the API key.
// Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted, suspending, suspendfailed, suspended.
// For any failed state, reach out to Temporal Cloud support for remediation.
string state = 4;
// The id of the async operation that is creating/updating/deleting the API key, if any.
string async_operation_id = 5;
// The date and time when the API key was created.
google.protobuf.Timestamp created_time = 6;
// The date and time when the API key was last modified.
// Will not be set if the API key has never been modified.
google.protobuf.Timestamp last_modified_time = 7;
}

message ApiKeySpec {
// The id of the owner to create the API key for.
// The owner id is immutable. Once set during creation, it cannot be changed.
// The owner id is the id of the user when the owner type is 'user'.
// The owner id is the id of the service account when the owner type is 'service-account'.
string owner_id = 1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should mark the owner_id, owner_type and expiry as immutable in the comments.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also we should mention that the id here will be the id of the service account when the type is service account.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added comments.

// The type of the owner to create the API key for.
// The owner type is immutable. Once set during creation, it cannot be changed.
// Possible values: user, service-account.
string owner_type = 2;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since owner is not update-able, I think we should put the owner_id and owner_type into the APIKey message and then allow it as optional parameters into CreateAPIKey.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked about this offline, we will keep the owner_id and owner_type in the Spec to keep consistent with the the other apis, where all user provided info is in the spec, irrespective of their mutability.

// The display name of the API key.
string display_name = 3;
// The description of the API key.
string description = 4;
// The expiry time of the API key.
google.protobuf.Timestamp expiry_time = 5;
// True if the API key is disabled.
bool disabled = 6;
}
Loading