-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Namespace Management APIs #8
Changes from 4 commits
c0103df
2d886cb
e7b54cf
bc0cbf9
b6ef658
1fa0fe8
0c3660e
463ece7
0c26c6d
69f56e8
dd1f37b
5bc4314
f0d94b0
a5cee4a
cb158d8
95c5431
3a42b37
a4b3651
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -6,13 +6,14 @@ option go_package = "go.temporal.io/api/cloud/cloudservice/v1;cloudservice"; | |||||
|
||||||
import "temporal/api/cloud/operation/v1/message.proto"; | ||||||
import "temporal/api/cloud/identity/v1/message.proto"; | ||||||
import "temporal/api/cloud/namespace/v1/message.proto"; | ||||||
|
||||||
message GetUsersRequest { | ||||||
// The requested size of the page to retrieve | ||||||
int32 page_size = 1; | ||||||
// The page token | ||||||
string page_token = 2; | ||||||
// Optional field to filter users by email address | ||||||
// Filter users by email address - optional | ||||||
string email = 3; | ||||||
} | ||||||
|
||||||
|
@@ -94,7 +95,7 @@ message SetUserNamespaceAccessRequest { | |||||
} | ||||||
|
||||||
message SetUserNamespaceAccessResponse { | ||||||
// The request status of the update operation | ||||||
// The async operation | ||||||
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; | ||||||
} | ||||||
|
||||||
|
@@ -107,3 +108,95 @@ message GetAsyncOperationResponse { | |||||
// The async operation | ||||||
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; | ||||||
} | ||||||
|
||||||
message CreateNamespaceRequest { | ||||||
// The prefix to use for the namespace | ||||||
// will create a namespace that's available at '<namespace_prefix>.<account>.tmprl.cloud:7233' | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You are inconsistent with capitalization of comments. Is |
||||||
string namespace_prefix = 1; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why is the namespace_prefix not a part of the namespace spec? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes makes sense to have the |
||||||
// The namespace specification | ||||||
temporal.api.cloud.namespace.v1.NamespaceSpec spec = 2; | ||||||
// The id to use for this async operation - optional | ||||||
string async_operation_id = 3; | ||||||
} | ||||||
|
||||||
message CreateNamespaceResponse { | ||||||
anekkanti marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The namespace that was created | ||||||
string namespace = 1; | ||||||
// The async operation | ||||||
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; | ||||||
} | ||||||
|
||||||
message GetNamespacesRequest { | ||||||
// The requested size of the page to retrieve | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. May want to clarify the default (but don't have to) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added a default and a max to the comment. |
||||||
int32 page_size = 1; | ||||||
// The page token | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Not obvious to users that this is not required There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. added as suggested. |
||||||
string page_token = 2; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Will we add more filters in a follow-up? Things like region (or regions) etc. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Absolutely with time. |
||||||
} | ||||||
|
||||||
message GetNamespacesResponse { | ||||||
// The list of namespaces | ||||||
repeated temporal.api.cloud.namespace.v1.Namespace namespaces = 1; | ||||||
anekkanti marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The next page's token | ||||||
string next_page_token = 2; | ||||||
} | ||||||
|
||||||
message GetNamespaceRequest { | ||||||
// The namespace to get | ||||||
string namespace = 1; | ||||||
} | ||||||
|
||||||
message GetNamespaceResponse { | ||||||
// The namespace | ||||||
temporal.api.cloud.namespace.v1.Namespace namespace = 1; | ||||||
} | ||||||
|
||||||
message UpdateNamespaceRequest { | ||||||
// The namespace to update | ||||||
string namespace = 1; | ||||||
// The new namespace specification | ||||||
temporal.api.cloud.namespace.v1.NamespaceSpec spec = 2; | ||||||
anekkanti marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The version of the namespace for which this update is intended for | ||||||
// The latest version can be found in the namespace status | ||||||
string resource_version = 3; | ||||||
// The id to use for this async operation - optional | ||||||
string async_operation_id = 4; | ||||||
} | ||||||
|
||||||
message UpdateNamespaceResponse { | ||||||
// The async operation | ||||||
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; | ||||||
} | ||||||
|
||||||
message RenameCustomSearchAttributeRequest { | ||||||
anekkanti marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The namespace to rename the custom search attribute for | ||||||
string namespace = 1; | ||||||
// The existing name of the custom search attribute to be renamed | ||||||
string existing_custom_search_attribute_name = 2; | ||||||
// The new name of the custom search attribute | ||||||
string new_custom_search_attribute_name = 3; | ||||||
// The version of the namespace for which this update is intended for | ||||||
// The latest version can be found in the namespace status | ||||||
string resource_version = 4; | ||||||
// The id to use for this async operation - optional | ||||||
string async_operation_id = 5; | ||||||
} | ||||||
|
||||||
message RenameCustomSearchAttributeResponse { | ||||||
// The async operation | ||||||
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; | ||||||
} | ||||||
|
||||||
message DeleteNamespaceRequest { | ||||||
// The namespace to delete | ||||||
string namespace = 1; | ||||||
// The version of the namespace for which this delete is intended for | ||||||
// The latest version can be found in the namespace status | ||||||
string resource_version = 2; | ||||||
// The id to use for this async operation - optional | ||||||
string async_operation_id = 3; | ||||||
} | ||||||
|
||||||
message DeleteNamespaceResponse { | ||||||
// The async operation | ||||||
temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; | ||||||
} |
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,93 @@ | ||||||
syntax = "proto3"; | ||||||
|
||||||
package temporal.api.cloud.namespace.v1; | ||||||
|
||||||
option go_package = "go.temporal.io/api/cloud/namespace/v1;namespace"; | ||||||
|
||||||
import "temporal/api/cloud/sink/v1/message.proto"; | ||||||
|
||||||
import "google/protobuf/timestamp.proto"; | ||||||
|
||||||
message CertificateFilterSpec { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Clarify whether fields are optional and how the filter works (exact string match for all present fields?) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Bump, unsure if this does exact string matches or partial string matches, and unsure whether any field must match or all fields must match.
jlacefie marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The common_name in the certificate | ||||||
string common_name = 1; | ||||||
// The organization in the certificate | ||||||
string organization = 2; | ||||||
// The organizational_unit in the certificate | ||||||
string organizational_unit = 3; | ||||||
// The subject_alternative_name in the certificate | ||||||
string subject_alternative_name = 4; | ||||||
} | ||||||
|
||||||
message CodecServerPropertySpec { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Not sure what the "property" word means with regards to codec servers. Also, consider setting this as There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. +1 for removing property Enter a codec server endpoing to decode payloads for all users interacting with this Namespace in the UI. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Changed to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Updated comment. Please review. |
||||||
// Server endpoints | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit - codec server endpoint Also, does this take in 1 endpoint or many? the plural endpoints in the comment is ambiguous There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Its just one, fixed the comments. |
||||||
string endpoint = 1; | ||||||
// Whether to pass access token, i.e. jwt | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit - comment should align to the UI to indicate where the JWT ends up. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ack fixed, as mentioned in the UI. |
||||||
bool pass_access_token = 2; | ||||||
// Whether to include credentials | ||||||
bool include_credentials = 3; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Is that correct, this is for some kind of CORS credentials? I tried to read https://docs.temporal.io/dataconversion#cors but it was unclear. Can you explain (can do here, don't have to update proto) what these "credentials" are? EDIT: Looks like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials explains it, should still change the name There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. +1 ^ CORS should be explicit. Pls update the comment as well. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fixed. |
||||||
} | ||||||
|
||||||
message NamespaceSpec { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is unclear what is and isn't required here on every field. Do I have to provide a region for my namespace? What about an accepted client CA? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Marked each field if they are optional or immutable. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do I assume if it doesn't say optional then it's required? Arguably also saying something is required is simpler than me having to infer it by a lack of "optional". There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit. indicate the number of regions supported in the comment with the understanding that the comment can change as we open up the possibility of more regions. For context, the plural name indicates more than 1 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jlacefie we don't support all regions for all accounts. We plan on adding a GetRegions account endpoint that the developer can use to list all supported regions for their account.
jlacefie marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The region where the namespace is (or will be) active | ||||||
string region = 1; | ||||||
// The base64 encoded ca cert(s) that the clients can use for authentication and authorization | ||||||
string accepted_client_ca = 2; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Auth needs to be broken off of this message because I don't believe we will always require MTLS forever so it'll become optional (not to mention other auth we may configure at this level such as UI SSO, cross-signing keys for API keys (though unlikely), etc). For example: MtlsAuth mtls_auth = 2; and message MtlsAuth {
// Accepted CAs, PEM formatted. Currently this can/must only be one value, but the
// CA can have a chain.
repeated string accepted_client_ca = 1;
// Filters that must match for auth to succeed. If unset, all client certificates match that
// are issued from one of the CAs.
repeated CertificateFilterSpec certificate_filters = 2;
} There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ack, like the restructuring. Fixed. |
||||||
// The number of days the workflows data will be retained for | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. comment nit - align with the UI comment to indicate the impact of changing retention period There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ack fixed as suggested. |
||||||
int32 retention_days = 3; | ||||||
jlacefie marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
// The custom search attributes to use for the namespace | ||||||
// The name of the attribute is the key and the type is the value | ||||||
// Supported attribute types: text, keyword, int, double, bool, datetime, keyword_list | ||||||
map<string, string> search_attributes = 4; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If/when combined with regular API, one might expect this value to be There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. recommend custom_search_attributes to align with the UI and docs. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes they will be mapped to the |
||||||
// Certificate filters which, if specified, only allow connections from client certificates | ||||||
// whose distinguished name properties match at least one of the filters | ||||||
repeated CertificateFilterSpec certificate_filters = 5; | ||||||
// Environment of the namespace. - optional | ||||||
// NOTE: currently there is no additional SLA or functional guarantee implied by the value of this field. | ||||||
// supported environments: dev, test, prod | ||||||
string environment = 6; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you help me understand what "environment" means? Just a link to some docs would work. I am trying to understand why we have 3 fixed values instead of any arbitrary string and where these 3 values are used. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. May we not include environment yet please? This seems premature and something that can be added later after we are aligned with the way we will expose hierarchy containers and metadata to users. |
||||||
// Codec server property spec needed for user to set and retrieve - optional | ||||||
CodecServerPropertySpec codec_spec = 7; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You are inconsistent with your field and message naming. Sometimes when you have There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Changed to |
||||||
// The regions where the namespace is (or will be) located - optional | ||||||
repeated string passive_regions = 8; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fields are a bit scattered here. You have something about a region at the top then more down here, you have some CA stuff at the top then more CA stuff a few fields later. Try to combine like fields at least adjacent (if not off in their own message) just so users can at least understand all options for a feature/component. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. is this for Global Namespace? If so, is passive_region the right term here? This feels like a one-way door. Also, will we offer multiple regions in the future? If so, passive seems restricting as it implies one option. |
||||||
// The export sink specifications keyed on the sink name - optional | ||||||
map<string, temporal.api.cloud.sink.v1.ExportSinkSpec> export_sinks = 9; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we want to make the export sinks a sub resource? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. For my particular use case, it would be nice to be able to reference a common export sink config since we use the same config globally across all namespaces (as history export is a platform-managed feature here). I don't feel particularly strongly here, however. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @robzienert thanks for this feedback. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. TY - Rob. We released the first Export per Namespace with the understanding that some Namespace owners would like isolation at the S3 bucket. In a subsequent release we can provide Account level affordances for a default. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Are sink specs expected to be referenced/used outside of namespace spec? Meaning, do they deserve their own package if this is their only use? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Arguably "export" is too generic of a word for this. Is this just history export? Or is this also log export, audit export, user export, and all other exports we may support henceforth? |
||||||
} | ||||||
|
||||||
message NamespaceURI { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This isn't a URI, this is a message that only some of the fields happen to be URIs. Consider either just inlining these fields into the namespace or changing this to "Endpoints" or something. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. renamed to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. what is the purpose of this message? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Its the information that the customer will needs to locate the namespace's UI and the URL that the temporal client should connect to. |
||||||
// The web ui address | ||||||
string web = 1; | ||||||
// The grpc address | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Just so people don't think it's a real URL with a scheme like |
||||||
string grpc = 2; | ||||||
// The list of private links | ||||||
repeated string vpc_endpoint_service_names = 3; | ||||||
} | ||||||
|
||||||
message NamespaceEnvelope { | ||||||
// The namespace may be throttled if its APS exceeds the limit | ||||||
int32 actions_per_second_limit = 1; | ||||||
} | ||||||
|
||||||
message Namespace { | ||||||
// The namespace name | ||||||
string namespace = 1; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. One might appreciate the different pieces of the namespace broken out (i.e. in addition to this, also the namespace prefix, account ID). But I'm ok leaving like this if we promise it's always a single There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Don't think we plan on having any other format. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wonder if calling That said, I understand that this aligns with what we call it in the OSS APIs. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's much less clear to try to use |
||||||
// The current version of the namespace specification | ||||||
// The next update operation will have to include this version | ||||||
string resource_version = 2; | ||||||
// The namespace specification | ||||||
NamespaceSpec spec = 3; | ||||||
// The current state of the namespace | ||||||
string state = 4; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. While I disagree with not using enums for enums, every place you use these "stringly-typed enums" you should at least document all enumerate possibilities There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @anekkanti is there a reason for not using enums as described here ^ is that an explicit decision? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is an explicit decision that we took based on our experience with the existing internal APIs. |
||||||
// The id of the async operation that is creating/updating/deleting the namespace, if any | ||||||
string async_operation_id = 5; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Just a bit clearer to me, but not required |
||||||
// The web uri for the namespace | ||||||
NamespaceURI uri = 6; | ||||||
// The envelope is a list of service level agreements (SLAs) that can be provided around a given namespace | ||||||
NamespaceEnvelope envelope = 7; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Awesome. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @robzienert TY for the comment here. What is exciting about this one for you? Also, do you have an opinion on the term Envelope in this context? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think "Envelope" is a good word here (that term has many meanings in the API/RPC world), can we think of another? Maybe "Limits"? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it probably wasn't necessarily a good choice of words there either (in code, an envelope is often a "wrapper" or container something is in when making calls), but if this is general SaaS nomenclature for limits, ok (we are the first I see on sla envelope Google search). I was just confused as a dev and I fear we made up a term here. Maybe at least make it |
||||||
// Allowed principals is a list of principals that allowed to access the private links on the namespace | ||||||
repeated string allowed_principals = 8; | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
The field name was as if you were limiting principal across the namespace and not specific for private link. Also, consider colocating common fields (e.g. ones about private links). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This field is confusing for 2 reasons:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It looks like main includes Identity. Could we use Identity here if that's the intent of this field, please? |
||||||
// The export sink status keyed on the sink name | ||||||
map<string, temporal.api.cloud.sink.v1.ExportSink> export_sinks = 9; | ||||||
// The date and time when the namespace was last modified | ||||||
google.protobuf.Timestamp last_modified_time = 10; | ||||||
} |
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,45 @@ | ||||||
syntax = "proto3"; | ||||||
|
||||||
package temporal.api.cloud.sink.v1; | ||||||
|
||||||
option go_package = "go.temporal.io/api/cloud/sink/v1;sink"; | ||||||
|
||||||
import "google/protobuf/timestamp.proto"; | ||||||
|
||||||
message ExportSinkSpec { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Consider a unique, user-provided identifier for a sink (e.g. a name) if you want to support updating of these inside a list. Not required of course, but can be easier on you, the UI, and the user. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Where do users apply the sink message to a Namespace? It doesn't appear to be used in either the service or namespace protos? Please make sink an option when creating a namespace and provide users the ability to add a sink to a namespace at a later time. |
||||||
// Whether the sink is enabled | ||||||
bool enabled = 1; | ||||||
// The destination of the sink | ||||||
oneof destination { | ||||||
// The AWS S3 destination spec | ||||||
S3Spec s3_spec = 2; | ||||||
} | ||||||
} | ||||||
|
||||||
message ExportSink { | ||||||
// The state of the sink | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Mentioned before (so will stop mentioning), but please provide all possible string enumerate values if we're set on not using properly defined enums |
||||||
string state = 1; | ||||||
// The health of the sink | ||||||
string health = 2; | ||||||
// The error message of the sink if any | ||||||
string error_message = 3; | ||||||
// The latest data export time | ||||||
google.protobuf.Timestamp latest_data_export_time = 4; | ||||||
// The latest health check time | ||||||
google.protobuf.Timestamp last_health_check_time = 5; | ||||||
} | ||||||
|
||||||
message S3Spec{ | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
// The role to be created that Temporal Cloud assumes for writing records to customer's S3 bucket | ||||||
string role_name = 1; | ||||||
// Destination S3 bucket name for us to send data to. | ||||||
string bucket_name = 2; | ||||||
// The region of the S3 bucket | ||||||
string region = 3; | ||||||
// The kms key ARN used for encryption | ||||||
string kms_arn = 4; | ||||||
// The aws account id of s3 bucket and assumed role | ||||||
string aws_account_id = 5; | ||||||
} | ||||||
|
||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Completely unrelated, feel free to punt this comment for another day.
Should we have allowed a list of emails? Then this can operate as a batch Get operation (as opposed to just single email). Ditto for IDs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 At the very least this should clarify whether it's exact match or partial match