mirror of https://github.com/hashicorp/boundary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
294 lines
11 KiB
294 lines
11 KiB
syntax = "proto3";
|
|
|
|
package controller.api.services.v1;
|
|
|
|
import "controller/api/resources/roles/v1/role.proto";
|
|
import "google/api/annotations.proto";
|
|
import "google/protobuf/field_mask.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
option go_package = "github.com/hashicorp/boundary/internal/gen/controller/api/services;services";
|
|
|
|
service RoleService {
|
|
// GetRole returns a stored Role if present. The provided request must include
|
|
// the Role ID for the Role being retrieved. If the ID is missing, malformed
|
|
// or reference a non-existing resource an error is returned.
|
|
rpc GetRole(GetRoleRequest) returns (GetRoleResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1/roles/{id}"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Gets a single Role."
|
|
};
|
|
}
|
|
|
|
// ListRoles returns a list of stored Roles which exist inside the scope
|
|
// referenced inside the request. The request must include the scope ID for
|
|
// the Roles being retrieved. If the scope ID is missing, malformed, or
|
|
// reference a non-existing scope, an error is returned.
|
|
rpc ListRoles(ListRolesRequest) returns (ListRolesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1/roles"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Lists all Roles."
|
|
};
|
|
}
|
|
|
|
// CreateRole creates and stores a Role. The provided request must include the
|
|
// scope ID in which the Role will be created. If the scope ID is missing,
|
|
// malformed, or references a non-existing scope, an error is returned. If a
|
|
// name is provided that is in use in another Role in the same scope, an error
|
|
// is returned.
|
|
rpc CreateRole(CreateRoleRequest) returns (CreateRoleResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles"
|
|
body: "item"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Creates a single Role."
|
|
};
|
|
}
|
|
|
|
// UpdateRole updates an existing Role in boundary. The provided
|
|
// Role must not have any read-only fields set. The update mask must be
|
|
// included in the request and contain at least 1 mutable field. To unset
|
|
// a field's value, include the field in the update mask and don't set it
|
|
// in the provided Role. An error is returned if either the scope
|
|
// or Role IDs are missing or reference a non-existing resource. An error
|
|
// is also returned if the request attempts to update the name to one that is
|
|
// already in use in the same scope.
|
|
rpc UpdateRole(UpdateRoleRequest) returns (UpdateRoleResponse) {
|
|
option (google.api.http) = {
|
|
patch: "/v1/roles/{id}"
|
|
body: "item"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Updates a Role."
|
|
};
|
|
}
|
|
|
|
// DeleteRole removes a Role from Boundary. If the provided scope or Role IDs
|
|
// are malformed, or not provided an error is returned.
|
|
rpc DeleteRole(DeleteRoleRequest) returns (DeleteRoleResponse) {
|
|
option (google.api.http) = {
|
|
delete: "/v1/roles/{id}"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Deletes a Role."
|
|
};
|
|
}
|
|
|
|
// AddRolePrincipals adds users and/or groups to a Role. The provided request
|
|
// must include the Role ID to which the users and/or groups will be added.
|
|
// If the Role ID is missing, malformed, or reference non-existing resources,
|
|
// an error is returned. An error is also returned if the request attempts to
|
|
// add a principal that is already part of the role.
|
|
rpc AddRolePrincipals(AddRolePrincipalsRequest) returns (AddRolePrincipalsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles/{id}:add-principals"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Adds Users and/or Groups to a Role."
|
|
};
|
|
}
|
|
|
|
// SetRolePrincipals sets the Role's users and/or groups. Any existing
|
|
// principals on the Role are deleted if they are not included in this
|
|
// request. The provided request must include the Role ID on
|
|
// which the users and/or groups will be set. If the Role ID is
|
|
// missing, malformed, or referencing a non-existing resource, an error is
|
|
// returned.
|
|
rpc SetRolePrincipals(SetRolePrincipalsRequest) returns (SetRolePrincipalsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles/{id}:set-principals"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Set Users and/or Groups to a Role, removing any principals that are not specified in the request."
|
|
};
|
|
}
|
|
|
|
// RemoveRolePrincipals removes the users and/or groups from the specified
|
|
// Role. The provided request must include the Role ID from
|
|
// which the users and/or groups will be removed. If that ID is missing,
|
|
// malformed, or reference a non-existing resource, an error is returned.
|
|
// An error is returned if a remove is called for a principal that is not
|
|
// part of the role.
|
|
rpc RemoveRolePrincipals(RemoveRolePrincipalsRequest) returns (RemoveRolePrincipalsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles/{id}:remove-principals"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Removes the specified Users and/or Groups from a Role."
|
|
};
|
|
}
|
|
|
|
// AddRoleGrants adds grants to a Role. The provided request must include
|
|
// the Role id which the grants will be added to. An error is returned
|
|
// if the provided id is malformed or references a non-existing resource.
|
|
rpc AddRoleGrants(AddRoleGrantsRequest) returns (AddRoleGrantsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles/{id}:add-grants"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Adds grants to a Role"
|
|
};
|
|
}
|
|
|
|
// SetRoleGrants sets the Role's grants. Any existing grants on the Role are
|
|
// deleted if they are not included in this request. The provided request must
|
|
// include the Role ID on which the grants will be set. If missing, malformed,
|
|
// or referencing a non-existing resource, an error is returned.
|
|
rpc SetRoleGrants(SetRoleGrantsRequest) returns (SetRoleGrantsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles/{id}:set-grants"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Set grants for a Role, removing any grants that are not specified in the request."
|
|
};
|
|
}
|
|
|
|
// RemoveRoleGrants removes the grants from the specified Role.
|
|
// The provided request must include the Role IDs from which the
|
|
// grants will be removed. If missing, malformed, or references a non-existing
|
|
// resource, an error is returned.
|
|
rpc RemoveRoleGrants(RemoveRoleGrantsRequest) returns (RemoveRoleGrantsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/roles/{id}:remove-grants"
|
|
body: "*"
|
|
response_body: "item"
|
|
};
|
|
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
|
|
summary: "Removes grants from a Role."
|
|
};
|
|
}
|
|
}
|
|
|
|
message GetRoleRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message GetRoleResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message ListRolesRequest {
|
|
string scope_id = 1 [json_name = "scope_id"]; // @gotags: `class:"public"`
|
|
bool recursive = 20 [json_name = "recursive"]; // @gotags: `class:"public"`
|
|
string filter = 30 [json_name = "filter"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message ListRolesResponse {
|
|
repeated resources.roles.v1.Role items = 1;
|
|
}
|
|
|
|
message CreateRoleRequest {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message CreateRoleResponse {
|
|
string uri = 1;
|
|
resources.roles.v1.Role item = 2;
|
|
}
|
|
|
|
message UpdateRoleRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
resources.roles.v1.Role item = 2;
|
|
google.protobuf.FieldMask update_mask = 3 [json_name = "update_mask"];
|
|
}
|
|
|
|
message UpdateRoleResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message DeleteRoleRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message DeleteRoleResponse {}
|
|
|
|
message AddRolePrincipalsRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string principal_ids = 3 [json_name = "principal_ids"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message AddRolePrincipalsResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message SetRolePrincipalsRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string principal_ids = 3 [json_name = "principal_ids"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message SetRolePrincipalsResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message RemoveRolePrincipalsRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string principal_ids = 3 [json_name = "principal_ids"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message RemoveRolePrincipalsResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message AddRoleGrantsRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string grant_strings = 3 [json_name = "grant_strings"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message AddRoleGrantsResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message SetRoleGrantsRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string grant_strings = 3 [json_name = "grant_strings"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message SetRoleGrantsResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|
|
|
|
message RemoveRoleGrantsRequest {
|
|
string id = 1; // @gotags: `class:"public"`
|
|
// Version is used to ensure this resource has not changed.
|
|
// The mutation will fail if the version does not match the latest known good version.
|
|
uint32 version = 2; // @gotags: `class:"public"`
|
|
repeated string grant_strings = 3 [json_name = "grant_strings"]; // @gotags: `class:"public"`
|
|
}
|
|
|
|
message RemoveRoleGrantsResponse {
|
|
resources.roles.v1.Role item = 1;
|
|
}
|