aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '088564c385'
${ noResults }
boundary/internal/proto/controller/api/services/v1/account_service.proto

222 lines
9.9 KiB
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
syntax = "proto3";
package controller.api.services.v1;
import "controller/api/resources/accounts/v1/account.proto";
import "controller/custom_options/v1/options.proto";
import "google/api/annotations.proto";
import "google/protobuf/field_mask.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
option go_package = "github.com/hashicorp/boundary/internal/gen/controller/api/services;services";
option (custom_options.v1.domain) = "auth";
service AccountService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_tag) = {
name: "Account service"
description:
"The account service exposes endpoints for interacting with accounts in Boundary. "
"Accounts belong to an auth method and are associated with users."
external_docs: {
url: "https://developer.hashicorp.com/boundary/docs/concepts/domain-model/accounts";
description: "Read about accounts in the Boundary domain model";
}
};
// GetAccount returns a stored account if present. The provided request must
// include the id for the account be retrieved. If missing, malformed or
// referencing a non existing account an error is returned.
rpc GetAccount(GetAccountRequest) returns (GetAccountResponse) {
option (google.api.http) = {
get: "/v1/accounts/{id}"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Gets a single account based on the input ID"};
}
// ListAccounts returns a list of stored accounts which exist inside the
// provided auth method. The request must include the auth method id which
// contains the accounts being listed. If missing or malformed, an error
// is returned.
rpc ListAccounts(ListAccountsRequest) returns (ListAccountsResponse) {
option (google.api.http) = {get: "/v1/accounts"};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Lists all accounts in a specific auth method."};
}
// CreateAccount creates and stores an account in boundary. The provided
// request must include the auth method ID in which the account will be
// created. If the auth method ID is missing, malformed, or references a non
// existing resource an error is returned. If a name or login_name is
// provided that is in use in another account in the same auth method an
// error is returned.
rpc CreateAccount(CreateAccountRequest) returns (CreateAccountResponse) {
option (google.api.http) = {
post: "/v1/accounts"
body: "item"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Creates a single account in the provided auth method."};
}
// UpdateAccount updates an existing account in boundary. The provided account
// must not have any read only fields set. The update mask must be included in
// the request and contain at least 1 mutable field. To unset a field's value,
// include the field in the update mask and don't set it in the provided
// account. An error is returned if the account id is missing or references a
// non-existing resource. An error is also returned if the request attempts
// to update the name or login_name to one that is already in use in the
// containing auth method.
rpc UpdateAccount(UpdateAccountRequest) returns (UpdateAccountResponse) {
option (google.api.http) = {
patch: "/v1/accounts/{id}"
body: "item"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Updates an account."};
}
// DeleteAccount removes an account from Boundary. If the provided account Id
// is malformed or not provided an error is returned.
rpc DeleteAccount(DeleteAccountRequest) returns (DeleteAccountResponse) {
option (google.api.http) = {delete: "/v1/accounts/{id}"};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Deletes an account."};
}
// SetPassword sets the account's password to the one provided in the
// request. This method is intended for administration purpose and as such
// does not require the old password.
rpc SetPassword(SetPasswordRequest) returns (SetPasswordResponse) {
option (google.api.http) = {
post: "/v1/accounts/{id}:set-password"
body: "*"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Sets the password for the provided account."};
}
// ChangePassword changes the account's password to the one provided in the
// request. This method is intended for end users and requires the existing
// password to be provided for authentication purposes.
rpc ChangePassword(ChangePasswordRequest) returns (ChangePasswordResponse) {
option (google.api.http) = {
post: "/v1/accounts/{id}:change-password"
body: "*"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Sets the password for the provided account."};
}
}
message GetAccountRequest {
// The ID of the account that should be retrieved.
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
}
message GetAccountResponse {
resources.accounts.v1.Account item = 1;
}
message ListAccountsRequest {
// The ID of the auth method whose accounts should be listed.
string auth_method_id = 1 [json_name = "auth_method_id"]; // @gotags: `class:"public" eventstream:"observation"`
// You can specify that the filter should only return items that match.
// Refer to [filter expressions](https://developer.hashicorp.com/boundary/docs/concepts/filtering) for more information.
string filter = 30 [json_name = "filter"]; // @gotags: `class:"sensitive"`
// An opaque token that Boundary uses to continue an existing iteration or
// request updated items. If you do not specify a token, pagination
// starts from the beginning. To learn more about list pagination
// in Boundary, refer to [list pagination](https://developer.hashicorp.com/boundary/docs/api-clients/api/pagination).
string list_token = 40 [json_name = "list_token"]; // @gotags: `class:"public"`
// The maximum size of a page in this iteration.
// If you do not set a page size, Boundary uses the configured default page size.
// If the page_size is greater than the default page size configured,
// Boundary truncates the page size to this number.
uint32 page_size = 50 [json_name = "page_size"]; // @gotags: `class:"public"`
}
message ListAccountsResponse {
// The list of accounts.
repeated resources.accounts.v1.Account items = 1;
// The type of response, either "delta" or "complete".
// Delta signifies that this is part of a paginated result
// or an update to a previously completed pagination.
// Complete signifies that it is the last page.
string response_type = 2 [json_name = "response_type"]; // @gotags: `class:"public"`
// An opaque token used to continue an existing pagination or
// request updated items. Use this token in the next list request
// to request the next page.
string list_token = 3 [json_name = "list_token"]; // @gotags: `class:"public"`
// The name of the field which the items are sorted by.
string sort_by = 4 [json_name = "sort_by"]; // @gotags: `class:"public"`
// The direction of the sort, either "asc" or "desc".
string sort_dir = 5 [json_name = "sort_dir"]; // @gotags: `class:"public"`
// A list of item IDs that have been removed since they were returned
// as part of a pagination. They should be dropped from any client cache.
// This may contain items that are not known to the cache, if they were
// created and deleted between listings.
repeated string removed_ids = 6 [json_name = "removed_ids"]; // @gotags: `class:"public"`
// An estimate at the total items available. This may change during pagination.
uint32 est_item_count = 7 [json_name = "est_item_count"]; // @gotags: `class:"public"`
}
message CreateAccountRequest {
resources.accounts.v1.Account item = 2;
}
message CreateAccountResponse {
string uri = 1; // @gotags: `class:"public" eventstream:"observation"`
resources.accounts.v1.Account item = 2;
}
message UpdateAccountRequest {
// The ID of the account that should be updated.
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
// A subset of the account that contains the fields to update.
resources.accounts.v1.Account item = 2;
google.protobuf.FieldMask update_mask = 3 [json_name = "update_mask"];
}
message UpdateAccountResponse {
resources.accounts.v1.Account item = 1;
}
message DeleteAccountRequest {
// The ID of the account to delete.
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
}
message DeleteAccountResponse {}
message SetPasswordRequest {
// The ID of the account for which the password should be set.
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2; // @gotags: `class:"public"`
// The password that should be set.
string password = 3; // @gotags: `class:"secret"`
}
message SetPasswordResponse {
resources.accounts.v1.Account item = 1;
}
message ChangePasswordRequest {
// The ID of the account for which the password should be changed.
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2; // @gotags: `class:"public"`
// The current password for the account.
string current_password = 3 [json_name = "current_password"]; // @gotags: `class:"secret"`
// The new password that should be set.
string new_password = 4 [json_name = "new_password"]; // @gotags: `class:"secret"`
}
message ChangePasswordResponse {
resources.accounts.v1.Account item = 1;
}
Reference in new issue View Git Blame Copy Permalink