fist pass on api key crud operations

temporal/api/cloud/cloudservice/v1/request_response.proto

@@ -234,3 +234,80 @@ message GetRegionResponse {
     // The temporal cloud region.
     temporal.api.cloud.region.v1.Region region = 1;
 }
+
+message GetAPIKeysRequest {
+    // The requested size of the page to retrieve - optional.
+    // Cannot exceed 1000. Defaults to 100.
+    int32 page_size = 1;
+    // The page token if this is continuing from another response - optional.
+    string page_token = 2;
+    // Filter api keys by owner id - optional.
+    string owner_id = 3;
+    // Filter api keys by owner type - optional.
+    string owner_type = 4;
+}
+
+message GetAPIKeysResponse {
+    // The list of API keys in ascending ids order
+    repeated temporal.api.cloud.identity.v1.APIKey api_keys = 1;
+    // The next page's token
+    string next_page_token = 2;
+}
+
+message GetAPIKeyRequest {
+    // The id of the API key to get
+    string key_id = 1;
+}
+
+message GetAPIKeyResponse {
+    // The API key
+    temporal.api.cloud.identity.v1.APIKey api_key = 1;
+}
+
+message CreateAPIKeyRequest {
+    // The spec for the API key to invite
+    temporal.api.cloud.identity.v1.APIKeySpec spec = 1;
+    // The id to use for this async operation - optional
+    string async_operation_id = 2;
+}
+
+message CreateAPIKeyResponse {
+    // The id of the API Key created
+    string key_id = 1;
+    // The secret of the API Key created
+    string secret = 2;
+    // The async operation
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 3;
+}
+
+message UpdateAPIKeyRequest {
+    // The id of the API key to update
+    string key_id = 1;
+    // The new API key specification
+    temporal.api.cloud.identity.v1.APIKeySpec spec = 2;
+    // The version of the API key for which this update is intended for
+    // The latest version can be found in the GetAPIKey operation response
+    string resource_version = 3;
+    // The id to use for this async operation - optional
+    string async_operation_id = 4;
+}
+
+message UpdateAPIKeyResponse {
+    // The async operation
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}
+
+message DeleteAPIKeyRequest {
+    // The id of the API key to delete
+    string key_id = 1;
+    // The version of the API key for which this delete is intended for
+    // The latest version can be found in the GetAPIKey operation response
+    string resource_version = 2;
+    // The id to use for this async operation - optional
+    string async_operation_id = 3;
+}
+
+message DeleteAPIKeyResponse {
+    // The async operation
+    temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
+}

temporal/api/cloud/cloudservice/v1/service.proto

@@ -125,4 +125,41 @@ service CloudService {
             get: "/api/v1/cloud/regions/{region}",
         };
     }
+
+    // Get all known API keys
+    rpc GetAPIKeys (GetAPIKeysRequest) returns (GetAPIKeysResponse) {
+        option (google.api.http) = {
+            get: "/api/v1/cloud/api-keys",
+        };
+    }
+
+    // Get an API key
+    rpc GetAPIKey (GetAPIKeyRequest) returns (GetAPIKeyResponse) {
+        option (google.api.http) = {
+            get: "/api/v1/cloud/api-keys/{key_id}",
+        };
+    }
+
+    // Create an API key
+    rpc CreateAPIKey (CreateAPIKeyRequest) returns (CreateAPIKeyResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/api-keys",
+            body: "*"
+        };
+    }
+
+    // Update an API key
+    rpc UpdateAPIKey (UpdateAPIKeyRequest) returns (UpdateAPIKeyResponse) {
+        option (google.api.http) = {
+            post: "/api/v1/cloud/api-keys/{key_id}",
+            body: "*"
+        };
+    }
+
+    // Delete an API key
+    rpc DeleteAPIKey (DeleteAPIKeyRequest) returns (DeleteAPIKeyResponse) {
+        option (google.api.http) = {
+            delete: "/api/v1/cloud/api-keys/{key_id}",
+        };
+    }
 }

temporal/api/cloud/identity/v1/message.proto

@@ -69,3 +69,37 @@ message User {
     // Will not be set if the user has never been modified.
     google.protobuf.Timestamp last_modified_time = 8;
 }
+
+message APIKey {
+    // The id of the API Key
+    string key_id = 1;
+    // The current version of the API key specification
+    // The next update operation will have to include this version
+    string resource_version = 2;
+    // The API key specification
+    APIKeySpec spec = 3;
+    // The current state of the API key
+    string state = 4;
+    // The id of the async operation that is creating/updating/deleting the API key, if any
+    string async_operation_id = 5;
+    // The date and time when the API key was created
+    google.protobuf.Timestamp created_time = 6;
+    // The date and time when the API key was last modified
+    // Will not be set if the API key has never been modified.
+    google.protobuf.Timestamp last_modified_time = 7;
+}
+
+message APIKeySpec {
+    // The id of the owner the api key belongs to
+    string owner_id = 1;
+    // The type of the owner the api key belongs to
+    string owner_type = 2;
+    // The display name of the API key
+    string display_name = 3;
+    // The description of the API key
+    string description = 4;
+    // The expiry time of the API key
+    google.protobuf.Timestamp expiry_time = 5;
+    // True if the API key is disabled
+    bool disabled = 6;
+}