// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 syntax = "proto3"; package controller.api.services.v1; import "controller/api/resources/users/v1/user.proto"; import "google/api/annotations.proto"; import "google/protobuf/field_mask.proto"; import "protoc-gen-openapiv2/options/annotations.proto"; option go_package = "github.com/hashicorp/boundary/internal/gen/controller/api/services;services"; service UserService { // GetUser returns a stored User if present. The provided request // must include the User ID for the User being retrieved. If // that ID is missing, malformed or reference a non existing // resource an error is returned. rpc GetUser(GetUserRequest) returns (GetUserResponse) { option (google.api.http) = { get: "/v1/users/{id}" response_body: "item" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Gets a single User."}; } // ListUsers returns a list of stored Users which exist inside the provided // scope. The request must include the scope ID for the Users being listed. // If the scope ID is missing, malformed, or reference a non existing scope, // an error is returned. rpc ListUsers(ListUsersRequest) returns (ListUsersResponse) { option (google.api.http) = {get: "/v1/users"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Lists all Users."}; } // CreateUser creates and stores a User in boundary. The provided // request must include the Scope id in which the User will be created. // If the Scope id is missing, malformed or references a non existing // resource, an error is returned. If a name is provided that is in // use in another User in the same scope, an error is returned. rpc CreateUser(CreateUserRequest) returns (CreateUserResponse) { option (google.api.http) = { post: "/v1/users" body: "item" response_body: "item" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Creates a single User."}; } // UpdateUser updates an existing User in boundary. The provided // User must not have any read only fields set. The update mask must be // included in the request and contain at least 1 mutable field. To unset // a field's value, include the field in the update mask and don't set it // in the provided User. An error is returned if either the User id is // missing or reference a non existing resource. An error is also returned // if the request attempts to update the name to one that is already in use // in this Scope. rpc UpdateUser(UpdateUserRequest) returns (UpdateUserResponse) { option (google.api.http) = { patch: "/v1/users/{id}" body: "item" response_body: "item" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Updates a User."}; } // DeleteUser removes a User from Boundary. If the provided User ID // is malformed or not provided an error is returned. rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse) { option (google.api.http) = {delete: "/v1/users/{id}"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Deletes a User."}; } // AddUserAccounts adds Users as members to a group. The provided request // must include the User id which the Account will be added to. If that id is // missing, malformed or references a non existing resource, an error is // returned. If any of the Accounts are associated with another User an // error is returned. rpc AddUserAccounts(AddUserAccountsRequest) returns (AddUserAccountsResponse) { option (google.api.http) = { post: "/v1/users/{id}:add-accounts" body: "*" response_body: "item" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Associates an Account to a User."}; } // SetUserAccounts sets the Accounts associated with this User. // Any existing Accounts are removed if they are not included in this request. // The provided request must include the User ID which the Accounts will be // associated with. Any Accounts not included in this request but previously // associated with this user will be disassociated. // If the User ID is missing, malformed or references a non existing resource, // an error is returned. // If any of the Accounts are associated with another User an error is returned. rpc SetUserAccounts(SetUserAccountsRequest) returns (SetUserAccountsResponse) { option (google.api.http) = { post: "/v1/users/{id}:set-accounts" body: "*" response_body: "item" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Set the Accounts associated to the User to exactly the list of provided in the request, removing any Accounts that are not specified."}; } // RemoveUserAccounts removes Accounts from the specified User. // The provided request must include the User id which the Accounts // will be removed from. If the provided Account ids is not associated with the // provided User, an error is returned. rpc RemoveUserAccounts(RemoveUserAccountsRequest) returns (RemoveUserAccountsResponse) { option (google.api.http) = { post: "/v1/users/{id}:remove-accounts" body: "*" response_body: "item" }; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Removes the specified Accounts from being associated with the provided User."}; } } message GetUserRequest { string id = 1; // @gotags: `class:"public" eventstream:"observation"` } message GetUserResponse { resources.users.v1.User item = 1; } message ListUsersRequest { string scope_id = 1; // @gotags: `class:"public" eventstream:"observation"` bool recursive = 20 [json_name = "recursive"]; // @gotags: `class:"public" eventstream:"observation"` string filter = 30 [json_name = "filter"]; // @gotags: `class:"sensitive"` } message ListUsersResponse { repeated resources.users.v1.User items = 1; } message CreateUserRequest { resources.users.v1.User item = 1; } message CreateUserResponse { string uri = 1; // @gotags: `class:"public" eventstream:"observation"` resources.users.v1.User item = 2; } message UpdateUserRequest { string id = 1; // @gotags: `class:"public" eventstream:"observation"` resources.users.v1.User item = 2; google.protobuf.FieldMask update_mask = 3 [json_name = "update_mask"]; } message UpdateUserResponse { resources.users.v1.User item = 1; } message DeleteUserRequest { string id = 1; // @gotags: `class:"public" eventstream:"observation"` } message DeleteUserResponse {} message AddUserAccountsRequest { string id = 1; // @gotags: `class:"public" eventstream:"observation"` // The version ensures the User hasn't changed since it was last retrieved and if it has the request will fail. uint32 version = 2; // @gotags: `class:"public"` repeated string account_ids = 3 [json_name = "account_ids"]; // @gotags: `class:"public" eventstream:"observation"` } message AddUserAccountsResponse { resources.users.v1.User item = 1; } message SetUserAccountsRequest { string id = 1; // @gotags: `class:"public" eventstream:"observation"` // The version ensures the User hasn't changed since it was last retrieved and if it has the request will fail. uint32 version = 2; // @gotags: `class:"public"` repeated string account_ids = 3 [json_name = "account_ids"]; // @gotags: `class:"public" eventstream:"observation"` } message SetUserAccountsResponse { resources.users.v1.User item = 1; } message RemoveUserAccountsRequest { string id = 1; // @gotags: `class:"public" eventstream:"observation"` // The version ensures the User hasn't changed since it was last retrieved and if it has the request will fail. uint32 version = 2; // @gotags: `class:"public"` repeated string account_ids = 3 [json_name = "account_ids"]; // @gotags: `class:"public" eventstream:"observation"` } message RemoveUserAccountsResponse { resources.users.v1.User item = 1; }