aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf3900a906'
${ noResults }
boundary/internal/proto/controller/api/services/v1/scope_service.proto

193 lines
7.6 KiB
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
syntax = "proto3";
package controller.api.services.v1;
import "controller/api/resources/scopes/v1/scope.proto";
import "google/api/annotations.proto";
import "google/protobuf/field_mask.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
option go_package = "github.com/hashicorp/boundary/internal/gen/controller/api/services;services";
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
info: {title: "Boundary Controller HTTP API"}
schemes: HTTPS
schemes: HTTP
};
service ScopeService {
// GetScope returns a stored Scope if present. The provided request
// must include the scope ID for the scope being retrieved. If
// that ID is missing, malformed or references a non existing
// resource an error is returned.
rpc GetScope(GetScopeRequest) returns (GetScopeResponse) {
option (google.api.http) = {
get: "/v1/scopes/{id}"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Gets a single Scope."};
}
// ListScopes returns a list of stored Scopes which exist inside the provided
// parent Scope id.
rpc ListScopes(ListScopesRequest) returns (ListScopesResponse) {
option (google.api.http) = {get: "/v1/scopes"};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Lists all Scopes within the Scope provided in the request."};
}
// CreateScope creates and stores a Scope in boundary. The provided request
// must include the Scope ID in which the new scope will be created. If the Scope
// ID is missing, malformed or references a non existing scope, an error is
// returned. If a name is provided that is in use in another Scope in the same
// parent scope, an error is returned.
rpc CreateScope(CreateScopeRequest) returns (CreateScopeResponse) {
option (google.api.http) = {
post: "/v1/scopes"
body: "item"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Creates a single Scope."};
}
// UpdateScope updates an existing Scope in boundary. The provided
// Scope must not have any read only fields set. The update mask must be
// included in the request and contain at least 1 mutable field. To unset
// a field's value, include the field in the update mask and don't set it
// in the provided scope. An error is returned if the Scope Id is
// missing or reference a non-existing resource. An error
// is also returned if the request attempts to update the name to one that is
// already in use by another scope in the parent scope.
rpc UpdateScope(UpdateScopeRequest) returns (UpdateScopeResponse) {
option (google.api.http) = {
patch: "/v1/scopes/{id}"
body: "item"
response_body: "item"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Updates a Scope."};
}
// DeleteScope remotes a Scope and all child resources from Boundary. If the
// provided Scope IDs are malformed or not provided an error is returned.
rpc DeleteScope(DeleteScopeRequest) returns (DeleteScopeResponse) {
option (google.api.http) = {delete: "/v1/scopes/{id}"};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Deletes a Scope."};
}
// ListKeys lists all the keys found in the scope specified. If the scope
// is not found an error is returned.
rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) {
option (google.api.http) = {get: "/v1/scopes/{id}:list-keys"};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "List all keys in a Scope."};
}
// RotateKeys rotates and optionally rewraps all the keys found in the
// scope specified. If the scope is not found an error is returned. If
// the scope is empty, the global scope is used.
rpc RotateKeys(RotateKeysRequest) returns (RotateKeysResponse) {
option (google.api.http) = {
post: "/v1/scopes:rotate-keys"
body: "*"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Rotate all keys in a Scope."};
}
// ListKeyVersionDestructionJobs lists any pending key version destruction jobs in the scope.
rpc ListKeyVersionDestructionJobs(ListKeyVersionDestructionJobsRequest) returns (ListKeyVersionDestructionJobsResponse) {
option (google.api.http) = {get: "/v1/scopes/{scope_id}:list-key-version-destruction-jobs"};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Lists all pending key version destruction jobs in a Scope."};
}
// DestroyKeyVersion destroys the specified key version. If this requires re-encrypting
// existing data, it will start an asynchronous process to complete this operation
// before destroying the key. Use ListKeyVersionDestructionJobs to monitor pending destruction jobs.
rpc DestroyKeyVersion(DestroyKeyVersionRequest) returns (DestroyKeyVersionResponse) {
option (google.api.http) = {
post: "/v1/scopes:destroy-key-version"
body: "*"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {summary: "Destroy the specified key version in a Scope. This may start an asynchronous job that re-encrypts all data encrypted by the specified key version. Use GET /v1/scopes/{scope_id}:list-key-version-destruction-jobs to monitor pending destruction jobs."};
}
}
message GetScopeRequest {
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
}
message GetScopeResponse {
resources.scopes.v1.Scope item = 1;
}
message ListScopesRequest {
string scope_id = 1; // @gotags: `class:"public" eventstream:"observation"`
bool recursive = 20 [json_name = "recursive"]; // @gotags: `class:"public" eventstream:"observation"`
string filter = 30 [json_name = "filter"]; // @gotags: `class:"public"`
}
message ListScopesResponse {
repeated resources.scopes.v1.Scope items = 1;
}
message CreateScopeRequest {
bool skip_admin_role_creation = 1; // @gotags: `class:"public"`
bool skip_default_role_creation = 2; // @gotags: `class:"public"`
resources.scopes.v1.Scope item = 3;
}
message CreateScopeResponse {
string uri = 1; // @gotags: `class:"public" eventstream:"observation"`
resources.scopes.v1.Scope item = 2;
}
message UpdateScopeRequest {
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
resources.scopes.v1.Scope item = 2;
google.protobuf.FieldMask update_mask = 3 [json_name = "update_mask"];
}
message UpdateScopeResponse {
resources.scopes.v1.Scope item = 1;
}
message DeleteScopeRequest {
string id = 1; // @gotags: `class:"public" eventstream:"observation"`
}
message DeleteScopeResponse {}
message ListKeysRequest {
string id = 1; // @gotags: `class:"public"`
}
message ListKeysResponse {
repeated resources.scopes.v1.Key items = 1;
}
message RotateKeysRequest {
string scope_id = 1; // @gotags: `class:"public"`
bool rewrap = 2; // @gotags: `class:"public"`
}
message RotateKeysResponse {}
message ListKeyVersionDestructionJobsRequest {
string scope_id = 1; // @gotags: `class:"public"`
}
message ListKeyVersionDestructionJobsResponse {
repeated resources.scopes.v1.KeyVersionDestructionJob items = 1;
}
message DestroyKeyVersionRequest {
string scope_id = 1; // @gotags: `class:"public"`
string key_version_id = 2; // @gotags: `class:"public"`
}
message DestroyKeyVersionResponse {
// Destruction state. One of "pending" or "completed".
// Use GET /v1/scopes/{scope_id}:list-key-version-destruction-jobs
// to monitor pending destruction jobs.
string state = 1; // @gotags: `class:"public"`
}
Reference in new issue View Git Blame Copy Permalink