-
Notifications
You must be signed in to change notification settings - Fork 0
feat(api): add private networks contracts #150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package agynio.api.gateway.v1; | ||
|
|
||
| import "agynio/api/groups/v1/groups.proto"; | ||
|
|
||
| option go_package = "github.com/agynio/api/gen/agynio/api/gateway/v1;gatewayv1"; | ||
|
|
||
| service GroupsGateway { | ||
| // --- Groups --- | ||
| rpc CreateGroup(agynio.api.groups.v1.CreateGroupRequest) returns (agynio.api.groups.v1.CreateGroupResponse); | ||
| rpc GetGroup(agynio.api.groups.v1.GetGroupRequest) returns (agynio.api.groups.v1.GetGroupResponse); | ||
| rpc ListGroups(agynio.api.groups.v1.ListGroupsRequest) returns (agynio.api.groups.v1.ListGroupsResponse); | ||
| rpc UpdateGroup(agynio.api.groups.v1.UpdateGroupRequest) returns (agynio.api.groups.v1.UpdateGroupResponse); | ||
| rpc DeleteGroup(agynio.api.groups.v1.DeleteGroupRequest) returns (agynio.api.groups.v1.DeleteGroupResponse); | ||
|
|
||
| // --- Memberships --- | ||
| rpc AddMember(agynio.api.groups.v1.AddMemberRequest) returns (agynio.api.groups.v1.AddMemberResponse); | ||
| rpc RemoveMember(agynio.api.groups.v1.RemoveMemberRequest) returns (agynio.api.groups.v1.RemoveMemberResponse); | ||
| rpc ListMembers(agynio.api.groups.v1.ListMembersRequest) returns (agynio.api.groups.v1.ListMembersResponse); | ||
| rpc ListMemberGroups(agynio.api.groups.v1.ListMemberGroupsRequest) returns (agynio.api.groups.v1.ListMemberGroupsResponse); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package agynio.api.gateway.v1; | ||
|
|
||
| import "agynio/api/networks/v1/networks.proto"; | ||
|
|
||
| option go_package = "github.com/agynio/api/gen/agynio/api/gateway/v1;gatewayv1"; | ||
|
|
||
| service NetworksGateway { | ||
| // --- Networks --- | ||
| rpc CreateNetwork(agynio.api.networks.v1.CreateNetworkRequest) returns (agynio.api.networks.v1.CreateNetworkResponse); | ||
| rpc GetNetwork(agynio.api.networks.v1.GetNetworkRequest) returns (agynio.api.networks.v1.GetNetworkResponse); | ||
| rpc ListNetworks(agynio.api.networks.v1.ListNetworksRequest) returns (agynio.api.networks.v1.ListNetworksResponse); | ||
| rpc UpdateNetwork(agynio.api.networks.v1.UpdateNetworkRequest) returns (agynio.api.networks.v1.UpdateNetworkResponse); | ||
| rpc DeleteNetwork(agynio.api.networks.v1.DeleteNetworkRequest) returns (agynio.api.networks.v1.DeleteNetworkResponse); | ||
|
|
||
| // --- Tunnel Credentials --- | ||
| rpc CreateTunnelCredential(agynio.api.networks.v1.CreateTunnelCredentialRequest) returns (agynio.api.networks.v1.CreateTunnelCredentialResponse); | ||
| rpc GetTunnelCredential(agynio.api.networks.v1.GetTunnelCredentialRequest) returns (agynio.api.networks.v1.GetTunnelCredentialResponse); | ||
| rpc ListTunnelCredentials(agynio.api.networks.v1.ListTunnelCredentialsRequest) returns (agynio.api.networks.v1.ListTunnelCredentialsResponse); | ||
| rpc DeleteTunnelCredential(agynio.api.networks.v1.DeleteTunnelCredentialRequest) returns (agynio.api.networks.v1.DeleteTunnelCredentialResponse); | ||
|
|
||
| // --- Private Resources --- | ||
| rpc CreatePrivateResource(agynio.api.networks.v1.CreatePrivateResourceRequest) returns (agynio.api.networks.v1.CreatePrivateResourceResponse); | ||
| rpc GetPrivateResource(agynio.api.networks.v1.GetPrivateResourceRequest) returns (agynio.api.networks.v1.GetPrivateResourceResponse); | ||
| rpc ListPrivateResources(agynio.api.networks.v1.ListPrivateResourcesRequest) returns (agynio.api.networks.v1.ListPrivateResourcesResponse); | ||
| rpc UpdatePrivateResource(agynio.api.networks.v1.UpdatePrivateResourceRequest) returns (agynio.api.networks.v1.UpdatePrivateResourceResponse); | ||
| rpc DeletePrivateResource(agynio.api.networks.v1.DeletePrivateResourceRequest) returns (agynio.api.networks.v1.DeletePrivateResourceResponse); | ||
|
|
||
| // --- Private Resource Access --- | ||
| rpc CreatePrivateResourceAccess(agynio.api.networks.v1.CreatePrivateResourceAccessRequest) returns (agynio.api.networks.v1.CreatePrivateResourceAccessResponse); | ||
| rpc DeletePrivateResourceAccess(agynio.api.networks.v1.DeletePrivateResourceAccessRequest) returns (agynio.api.networks.v1.DeletePrivateResourceAccessResponse); | ||
| rpc ListPrivateResourceAccess(agynio.api.networks.v1.ListPrivateResourceAccessRequest) returns (agynio.api.networks.v1.ListPrivateResourceAccessResponse); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package agynio.api.groups.v1; | ||
|
|
||
| import "agynio/api/groups/v1/groups.proto"; | ||
|
|
||
| option go_package = "github.com/agynio/api/gen/agynio/api/groups/v1;groupsv1"; | ||
|
|
||
| message GroupMembershipAddedEvent { | ||
| string group_id = 1; | ||
| GroupMemberType member_type = 2; | ||
| string member_id = 3; | ||
| } | ||
|
|
||
| message GroupMembershipRemovedEvent { | ||
| string group_id = 1; | ||
| GroupMemberType member_type = 2; | ||
| string member_id = 3; | ||
| } | ||
|
|
||
| message GroupDeletedEvent { | ||
| string group_id = 1; | ||
| string organization_id = 2; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,171 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package agynio.api.groups.v1; | ||
|
|
||
| import "google/protobuf/timestamp.proto"; | ||
|
|
||
| option go_package = "github.com/agynio/api/gen/agynio/api/groups/v1;groupsv1"; | ||
|
|
||
| // GroupsService manages organization-scoped groups and memberships. | ||
| service GroupsService { | ||
| // --- Groups --- | ||
| rpc CreateGroup(CreateGroupRequest) returns (CreateGroupResponse); | ||
| rpc GetGroup(GetGroupRequest) returns (GetGroupResponse); | ||
| rpc ListGroups(ListGroupsRequest) returns (ListGroupsResponse); | ||
| rpc UpdateGroup(UpdateGroupRequest) returns (UpdateGroupResponse); | ||
| rpc DeleteGroup(DeleteGroupRequest) returns (DeleteGroupResponse); | ||
|
|
||
| // --- Memberships --- | ||
| rpc AddMember(AddMemberRequest) returns (AddMemberResponse); | ||
| rpc RemoveMember(RemoveMemberRequest) returns (RemoveMemberResponse); | ||
| rpc ListMembers(ListMembersRequest) returns (ListMembersResponse); | ||
| rpc ListMemberGroups(ListMemberGroupsRequest) returns (ListMemberGroupsResponse); | ||
|
|
||
| // --- Internal --- | ||
| rpc ListMemberGroupsBatch(ListMemberGroupsBatchRequest) returns (ListMemberGroupsBatchResponse); | ||
| } | ||
|
|
||
| // Metadata shared by groups resources. | ||
| message EntityMeta { | ||
| string id = 1; | ||
| google.protobuf.Timestamp created_at = 2; | ||
| google.protobuf.Timestamp updated_at = 3; | ||
| } | ||
|
|
||
| // Source of a group or group membership. | ||
| enum GroupSource { | ||
| GROUP_SOURCE_UNSPECIFIED = 0; | ||
| GROUP_SOURCE_PLATFORM = 1; | ||
| GROUP_SOURCE_SCIM = 2; | ||
| } | ||
|
|
||
| // Identity types eligible for group membership. | ||
| enum GroupMemberType { | ||
| GROUP_MEMBER_TYPE_UNSPECIFIED = 0; | ||
| GROUP_MEMBER_TYPE_USER = 1; | ||
| GROUP_MEMBER_TYPE_AGENT = 2; | ||
| GROUP_MEMBER_TYPE_APP = 3; | ||
| } | ||
|
|
||
| // Organization-scoped group. | ||
| message Group { | ||
| EntityMeta meta = 1; | ||
| string organization_id = 2; | ||
| string name = 3; | ||
| string description = 4; | ||
| GroupSource source = 5; | ||
| optional string external_id = 6; | ||
| } | ||
|
|
||
| // Membership binding an identity to a group. | ||
| message GroupMembership { | ||
| EntityMeta meta = 1; | ||
| string group_id = 2; | ||
| GroupMemberType member_type = 3; | ||
| string member_id = 4; | ||
| GroupSource source = 5; | ||
| } | ||
|
|
||
| message CreateGroupRequest { | ||
| string organization_id = 1; | ||
| string name = 2; | ||
| string description = 3; | ||
| GroupSource source = 4; | ||
| optional string external_id = 5; | ||
| } | ||
|
|
||
| message CreateGroupResponse { | ||
| Group group = 1; | ||
| } | ||
|
|
||
| message GetGroupRequest { | ||
| string id = 1; | ||
| } | ||
|
|
||
| message GetGroupResponse { | ||
| Group group = 1; | ||
| } | ||
|
|
||
| message ListGroupsRequest { | ||
| string organization_id = 1; | ||
| optional GroupSource source = 2; | ||
| int32 page_size = 3; | ||
| string page_token = 4; | ||
| } | ||
|
|
||
| message ListGroupsResponse { | ||
| repeated Group groups = 1; | ||
| string next_page_token = 2; | ||
| } | ||
|
|
||
| message UpdateGroupRequest { | ||
| string id = 1; | ||
| optional string name = 2; | ||
| optional string description = 3; | ||
| } | ||
|
|
||
| message UpdateGroupResponse { | ||
| Group group = 1; | ||
| } | ||
|
|
||
| message DeleteGroupRequest { | ||
| string id = 1; | ||
| } | ||
|
|
||
| message DeleteGroupResponse {} | ||
|
|
||
| message AddMemberRequest { | ||
| string group_id = 1; | ||
| GroupMemberType member_type = 2; | ||
| string member_id = 3; | ||
| GroupSource source = 4; | ||
| } | ||
|
|
||
| message AddMemberResponse { | ||
| GroupMembership membership = 1; | ||
| } | ||
|
|
||
| message RemoveMemberRequest { | ||
| string group_id = 1; | ||
| string member_id = 2; | ||
| } | ||
|
|
||
| message RemoveMemberResponse {} | ||
|
|
||
| message ListMembersRequest { | ||
| string group_id = 1; | ||
| optional GroupMemberType member_type = 2; | ||
| int32 page_size = 3; | ||
| string page_token = 4; | ||
| } | ||
|
|
||
| message ListMembersResponse { | ||
| repeated GroupMembership memberships = 1; | ||
| string next_page_token = 2; | ||
| } | ||
|
|
||
| message ListMemberGroupsRequest { | ||
| GroupMemberType member_type = 1; | ||
| string member_id = 2; | ||
| int32 page_size = 3; | ||
| string page_token = 4; | ||
| } | ||
|
|
||
| message ListMemberGroupsResponse { | ||
| repeated Group groups = 1; | ||
| string next_page_token = 2; | ||
| } | ||
|
|
||
| message ListMemberGroupsBatchRequest { | ||
| repeated ListMemberGroupsRequest members = 1; | ||
| } | ||
|
|
||
| message ListMemberGroupsBatchEntry { | ||
| GroupMemberType member_type = 1; | ||
| string member_id = 2; | ||
| repeated Group groups = 3; | ||
| } | ||
|
|
||
| message ListMemberGroupsBatchResponse { | ||
| repeated ListMemberGroupsBatchEntry entries = 1; | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package agynio.api.networks.v1; | ||
|
|
||
| import "agynio/api/networks/v1/networks.proto"; | ||
|
|
||
| option go_package = "github.com/agynio/api/gen/agynio/api/networks/v1;networksv1"; | ||
|
|
||
| message TunnelOnlineEvent { | ||
| string tunnel_credential_id = 1; | ||
| string network_id = 2; | ||
| } | ||
|
|
||
| message TunnelOfflineEvent { | ||
| string tunnel_credential_id = 1; | ||
| string network_id = 2; | ||
| } | ||
|
|
||
| message PrivateResourceAccessGrantedEvent { | ||
| string private_resource_access_id = 1; | ||
| string private_resource_id = 2; | ||
| PrivateResourceAccessPrincipalType principal_type = 3; | ||
| string principal_id = 4; | ||
| } | ||
|
|
||
| message PrivateResourceAccessRevokedEvent { | ||
| string private_resource_access_id = 1; | ||
| string private_resource_id = 2; | ||
| PrivateResourceAccessPrincipalType principal_type = 3; | ||
| string principal_id = 4; | ||
| } |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[major]
ListMemberGroupsneeds anorganization_id(or equivalent org-scoping input). The linked architecture authorizes this RPC differently for self vs. other-identity lookups, and downstream consumers such as Networks need to resolve group memberships within the relevant organization. With onlymember_typeandmember_id, the service cannot enforce the “member on organization” check or disambiguate memberships for identities that can participate in multiple organizations. Please add the org scope to this request (and consider whether the batch entry/request should carry the same scope).