mirror of https://github.com/hashicorp/boundary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
245 lines
10 KiB
245 lines
10 KiB
// Copyright IBM Corp. 2020, 2025
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
syntax = "proto3";
|
|
|
|
package controller.api.services.v1;
|
|
|
|
import "controller/api/resources/groups/v1/group.proto";
|
|
import "google/api/annotations.proto";
|
|
import "google/protobuf/field_mask.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
option go_package = "github.com/hashicorp/boundary/internal/gen/controller/api/services;services";
|
|
|
|
service GroupService {
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_tag) = {
|
|
name: "Group service"
|
|
description:
|
|
"A group is a resource that represents a collection of users that can be "
|
|
"treated equally for the purposes of access control. "
|
|
"The group service provides endpoints for managing groups in Boundary. "
|
|
external_docs: {
|
|
url: "https://developer.hashicorp.com/boundary/docs/concepts/domain-model/groups";
|
|
description: "Read about groups in the Boundary domain model";
|
|
}
|
|
};
|
|
|
|
// GetGroup returns a stored Group if present. The provided request must
|
|
// include the Group id and if it is missing, malformed or referencing a
|
|
// non existing resource an error is returned.
|
|
rpc GetGroup(GetGroupRequest) returns (GetGroupResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1/groups/{id}"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Gets a single Group."};
|
|
}
|
|
|
|
// ListGroups returns a list of stored Groups which exist inside the
|
|
// provided scope id. If that id is missing, malformed, or
|
|
// references a non-existing scope, an error is returned.
|
|
rpc ListGroups(ListGroupsRequest) returns (ListGroupsResponse) {
|
|
option (google.api.http) = {get: "/v1/groups"};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Lists all Groups."};
|
|
}
|
|
|
|
// CreateGroup creates and stores a Group in boundary. The provided
|
|
// request must include the scope ID in which the Group will be created.
|
|
// If the scope ID is missing, malformed or references a non existing
|
|
// resource, an error is returned. If a name is provided that is in
|
|
// use in another Group in the same scope, an error is returned.
|
|
rpc CreateGroup(CreateGroupRequest) returns (CreateGroupResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/groups"
|
|
body: "item"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Creates a single Group."};
|
|
}
|
|
|
|
// UpdateGroup updates an existing Group in boundary. The provided Group
|
|
// must not have any read only fields set. The update mask must be included in
|
|
// the request and contain at least 1 mutable field. To unset a field's value,
|
|
// include the field in the update mask and don't set it in the provided
|
|
// Group. An error is returned if the Group id is missing or reference a
|
|
// non-existing resource. An error is also returned if the request attempts
|
|
// to update the name to one that is already used by another Group in the
|
|
// same scope.
|
|
rpc UpdateGroup(UpdateGroupRequest) returns (UpdateGroupResponse) {
|
|
option (google.api.http) = {
|
|
patch: "/v1/groups/{id}"
|
|
body: "item"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Updates a Group."};
|
|
}
|
|
|
|
// DeleteGroup removes a Group from Boundary. If the provided Group
|
|
// ID is malformed or not provided an error is returned.
|
|
rpc DeleteGroup(DeleteGroupRequest) returns (DeleteGroupResponse) {
|
|
option (google.api.http) = {delete: "/v1/groups/{id}"};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Deletes a Group."};
|
|
}
|
|
|
|
// AddGroupMembers adds members to a Group. The provided request must include
|
|
// the scope id and the Group id which the members will be added to.
|
|
// An error is returned if any provided id is missing, malformed or
|
|
// references a non-existing resource.
|
|
rpc AddGroupMembers(AddGroupMembersRequest) returns (AddGroupMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/groups/{id}:add-members"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Adds members to a Group."};
|
|
}
|
|
|
|
// SetGroupMembers sets the Group's members. Any existing members on
|
|
// the Group are deleted if they are not included in this request. The provided
|
|
// request must include the Group id which the members will be set to.
|
|
// An error is returned if any provided id is missing, malformed or
|
|
// references a non-existing resource.
|
|
rpc SetGroupMembers(SetGroupMembersRequest) returns (SetGroupMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/groups/{id}:set-members"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Set a Group's members to exactly the list of provided in the request, removing any members that are not specified."};
|
|
}
|
|
|
|
// RemoveGroupMembers removes members from the specified Group.
|
|
// The provided request must include the the Group id to which the members
|
|
// will be set.
|
|
// An error is returned if any provided id is missing, malformed or
|
|
// references a non-existing resource.
|
|
rpc RemoveGroupMembers(RemoveGroupMembersRequest) returns (RemoveGroupMembersResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/groups/{id}:remove-members"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Removes the specified members from a Group."};
|
|
}
|
|
}
|
|
|
|
message GetGroupRequest {
|
|
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
}
|
|
|
|
message GetGroupResponse {
|
|
resources.groups.v1.Group item = 1;
|
|
}
|
|
|
|
message ListGroupsRequest {
|
|
string scope_id = 1 [json_name = "scope_id"]; // @gotags: `class:"public" eventstream:"observation"`
|
|
bool recursive = 20 [json_name = "recursive"]; // @gotags: `class:"public" eventstream:"observation"`
|
|
// You can specify that the filter should only return items that match.
|
|
// Refer to [filter expressions](https://developer.hashicorp.com/boundary/docs/concepts/filtering) for more information.
|
|
string filter = 30 [json_name = "filter"]; // @gotags: `class:"public"`
|
|
|
|
// An opaque token that Boundary uses to continue an existing iteration or
|
|
// request updated items. If you do not specify a token, pagination
|
|
// starts from the beginning. To learn more about list pagination
|
|
// in Boundary, refer to [list pagination](https://developer.hashicorp.com/boundary/docs/api-clients/api/pagination).
|
|
string list_token = 40 [json_name = "list_token"]; // @gotags: `class:"public"`
|
|
|
|
// The maximum size of a page in this iteration.
|
|
// If unset, the default page size configured will be used.
|
|
// If the page_size is greater than the default page configured,
|
|
// the page size will be truncated to this number.
|
|
uint32 page_size = 50 [json_name = "page_size"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message ListGroupsResponse {
|
|
repeated resources.groups.v1.Group items = 1;
|
|
|
|
// The type of response, either "delta" or "complete".
|
|
// Delta signifies that this is part of a paginated result
|
|
// or an update to a previously completed pagination.
|
|
// Complete signifies that it is the last page.
|
|
string response_type = 2 [json_name = "response_type"]; // @gotags: `class:"public"`
|
|
|
|
// An opaque token used to continue an existing pagination or
|
|
// request updated items. Use this token in the next list request
|
|
// to request the next page.
|
|
string list_token = 3 [json_name = "list_token"]; // @gotags: `class:"public"`
|
|
|
|
// The name of the field which the items are sorted by.
|
|
string sort_by = 4 [json_name = "sort_by"]; // @gotags: `class:"public"`
|
|
|
|
// The direction of the sort, either "asc" or "desc".
|
|
string sort_dir = 5 [json_name = "sort_dir"]; // @gotags: `class:"public"`
|
|
|
|
// A list of item IDs that have been removed since they were returned
|
|
// as part of a pagination. They should be dropped from any client cache.
|
|
// This may contain items that are not known to the cache, if they were
|
|
// created and deleted between listings.
|
|
repeated string removed_ids = 6 [json_name = "removed_ids"]; // @gotags: `class:"public"`
|
|
|
|
// An estimate at the total items available. This may change during pagination.
|
|
uint32 est_item_count = 7 [json_name = "est_item_count"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message CreateGroupRequest {
|
|
resources.groups.v1.Group item = 1;
|
|
}
|
|
|
|
message CreateGroupResponse {
|
|
string uri = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
resources.groups.v1.Group item = 2;
|
|
}
|
|
|
|
message UpdateGroupRequest {
|
|
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
resources.groups.v1.Group item = 2;
|
|
google.protobuf.FieldMask update_mask = 3 [json_name = "update_mask"];
|
|
}
|
|
|
|
message UpdateGroupResponse {
|
|
resources.groups.v1.Group item = 1;
|
|
}
|
|
|
|
message DeleteGroupRequest {
|
|
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
}
|
|
|
|
message DeleteGroupResponse {}
|
|
|
|
message AddGroupMembersRequest {
|
|
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string member_ids = 3 [json_name = "member_ids"]; // @gotags: `class:"public" eventstream:"observation"`
|
|
}
|
|
|
|
message AddGroupMembersResponse {
|
|
resources.groups.v1.Group item = 1;
|
|
}
|
|
|
|
message SetGroupMembersRequest {
|
|
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string member_ids = 3 [json_name = "member_ids"]; // @gotags: `class:"public" eventstream:"observation"`
|
|
}
|
|
|
|
message SetGroupMembersResponse {
|
|
resources.groups.v1.Group item = 1;
|
|
}
|
|
|
|
message RemoveGroupMembersRequest {
|
|
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string member_ids = 3 [json_name = "member_ids"]; // @gotags: `class:"public" eventstream:"observation"`
|
|
}
|
|
|
|
message RemoveGroupMembersResponse {
|
|
resources.groups.v1.Group item = 1;
|
|
}
|