-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
accesslist_service.proto
262 lines (216 loc) · 10.5 KB
/
accesslist_service.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
// Copyright 2023 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package teleport.accesslist.v1;
import "google/protobuf/empty.proto";
import "google/protobuf/timestamp.proto";
import "teleport/accesslist/v1/accesslist.proto";
import "teleport/legacy/types/types.proto";
option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1;accesslistv1";
// AccessListService provides CRUD methods for Access List resources.
service AccessListService {
// GetAccessLists returns a list of all access lists.
rpc GetAccessLists(GetAccessListsRequest) returns (GetAccessListsResponse);
// ListAccessLists returns a paginated list of all access lists.
rpc ListAccessLists(ListAccessListsRequest) returns (ListAccessListsResponse);
// GetAccessList returns the specified access list resource.
rpc GetAccessList(GetAccessListRequest) returns (AccessList);
// UpsertAccessList creates or updates an access list resource.
rpc UpsertAccessList(UpsertAccessListRequest) returns (AccessList);
// DeleteAccessList hard deletes the specified access list resource.
rpc DeleteAccessList(DeleteAccessListRequest) returns (google.protobuf.Empty);
// DeleteAllAccessLists hard deletes all access lists.
rpc DeleteAllAccessLists(DeleteAllAccessListsRequest) returns (google.protobuf.Empty);
// GetAccessListsToReview will return access lists that need to be reviewed by the current user.
rpc GetAccessListsToReview(GetAccessListsToReviewRequest) returns (GetAccessListsToReviewResponse);
// ListAccessListMembers returns a paginated list of all access list members.
rpc ListAccessListMembers(ListAccessListMembersRequest) returns (ListAccessListMembersResponse);
// GetAccessListMember returns the specified access list member resource.
rpc GetAccessListMember(GetAccessListMemberRequest) returns (Member);
// UpsertAccessListMember creates or updates an access list member resource.
rpc UpsertAccessListMember(UpsertAccessListMemberRequest) returns (Member);
// DeleteAccessListMember hard deletes the specified access list member resource.
rpc DeleteAccessListMember(DeleteAccessListMemberRequest) returns (google.protobuf.Empty);
// DeleteAllAccessListMembers hard deletes all access list members for an access list.
rpc DeleteAllAccessListMembersForAccessList(DeleteAllAccessListMembersForAccessListRequest) returns (google.protobuf.Empty);
// DeleteAllAccessListMembers hard deletes all access list members for an access list.
rpc DeleteAllAccessListMembers(DeleteAllAccessListMembersRequest) returns (google.protobuf.Empty);
// UpsertAccessListWithMembers creates or updates an access list with members.
rpc UpsertAccessListWithMembers(UpsertAccessListWithMembersRequest) returns (UpsertAccessListWithMembersResponse);
// ListAccessListReviews will list access list reviews for a particular access list.
rpc ListAccessListReviews(ListAccessListReviewsRequest) returns (ListAccessListReviewsResponse);
// CreateAccessListReview will create a new review for an access list. It will also modify the original access list
// and its members depending on the details of the review.
rpc CreateAccessListReview(CreateAccessListReviewRequest) returns (CreateAccessListReviewResponse);
// DeleteAccessListReview will delete an access list review from the backend.
rpc DeleteAccessListReview(DeleteAccessListReviewRequest) returns (google.protobuf.Empty);
// AccessRequestPromote promotes an access request to an access list.
rpc AccessRequestPromote(AccessRequestPromoteRequest) returns (AccessRequestPromoteResponse);
}
// GetAccessListsRequest is the request for getting all access lists.
message GetAccessListsRequest {}
// GetAccessListsResponse is the response for getting all access lists.
message GetAccessListsResponse {
// access_lists is the list of access lists.
repeated AccessList access_lists = 1;
}
// ListAccessListsRequest is the request for getting paginated access lists.
message ListAccessListsRequest {
// page_size is the size of the page to request.
int32 page_size = 1;
// next_token is the page token.
string next_token = 2;
}
// ListAccessListsResponse is the response for getting paginated access lists.
message ListAccessListsResponse {
// access_lists is the list of access lists.
repeated AccessList access_lists = 1;
// next_token is the next page token.
string next_token = 2;
}
// GetAccessListRequest is the request for retrieving an access list.
message GetAccessListRequest {
// name is the name of the access list to retrieve.
string name = 1;
}
// UpsertAccessListRequest is the request for upserting an access list.
message UpsertAccessListRequest {
// access_list is the access list to upsert.
AccessList access_list = 1;
}
// DeleteAccessListRequest is the request for deleting an access list.
message DeleteAccessListRequest {
// name is the name of the access list to delete.
string name = 1;
}
// DeleteAllAccessListsRequest is the request for deleting all access lists.
message DeleteAllAccessListsRequest {}
// GetAccessListsToReviewRequest is the request for getting access lists that the current user needs to review.
message GetAccessListsToReviewRequest {}
// GetAccessListsToReviewResponse is the response for getting access lists that the current user needs to review.
message GetAccessListsToReviewResponse {
repeated AccessList access_lists = 1;
}
// ListAccessListMembersRequest is the request for getting paginated access list members.
message ListAccessListMembersRequest {
// page_size is the size of the page to request.
int32 page_size = 1;
// page_token is the page token.
string page_token = 2;
// access_list is the name of the access list that the member belongs to.
string access_list = 3;
}
// ListAccessListMembersResponse is the response for getting paginated access list members.
message ListAccessListMembersResponse {
// members is the list of access list members.
repeated Member members = 1;
// next_page_token is the next page token.
string next_page_token = 2;
}
// UpsertAccessListWithMembers is the request for upserting an access list with members.
message UpsertAccessListWithMembersRequest {
// access_list is the access list to upsert.
AccessList access_list = 1;
// members is the list of access list members.
repeated Member members = 2;
}
// UpsertAccessListWithMembersResponse is the response for upserting an access list with members.
message UpsertAccessListWithMembersResponse {
// access_list is the access list that was upserted.
AccessList access_list = 1;
// members is the list of access list members that were upserted.
repeated Member members = 2;
}
// GetAccessListMemberRequest is the request for retrieving an access list member.
message GetAccessListMemberRequest {
// access_list is the name of the access list that the member belongs to.
string access_list = 1;
// member_name is the name of the user that belongs to the access list.
string member_name = 2;
}
// UpsertAccessListMemberRequest is the request for upserting an access list member.
message UpsertAccessListMemberRequest {
reserved 1, 2, 3;
reserved "access_list", "name", "reason";
// member is the access list member to upsert.
Member member = 4;
}
// DeleteAccessListMemberRequest is the request for deleting a member from an access list.
message DeleteAccessListMemberRequest {
reserved 2;
reserved "name";
// access_list is the name of access list.
string access_list = 1;
// member_name is the name of the user to delete.
string member_name = 3;
}
// DeleteAllAccessListMembersForAccessListRequest is the request for deleting all members from an access list.
message DeleteAllAccessListMembersForAccessListRequest {
// access_list is the name of access list.
string access_list = 1;
}
// DeleteAllAccessListMembersRequest is the request for all access list members in the backend.
message DeleteAllAccessListMembersRequest {
reserved 1;
reserved "access_list";
}
// ListAccessListReviewsRequest is the request for getting paginated access list reviews for a particular access list.
message ListAccessListReviewsRequest {
// access_list is the name of the access list that we're listing reviews for.
string access_list = 1;
// page_size is the size of the page to request.
int32 page_size = 2;
// next_token is the page token.
string next_token = 3;
}
// ListAccessListReviewsResponse is the response for getting paginated access list rviews for a particular access list.
message ListAccessListReviewsResponse {
// reviews is the list of access list reviews.
repeated Review reviews = 1;
// next_token is the next page token.
string next_token = 2;
}
// CreateAccessListReviewRequest is the request for creating an access list review.
message CreateAccessListReviewRequest {
// review is the actual review to create.
Review review = 1;
}
// CreateAccessListReviewResponse is the response for creating an access list review.
message CreateAccessListReviewResponse {
// review_name is the name of the review that was just created.
string review_name = 1;
// next_audit_date is when the next audit should be done by.
google.protobuf.Timestamp next_audit_date = 2;
}
// DeleteAccessListReviewRequest is the request for deleting an access list review.
message DeleteAccessListReviewRequest {
// review_name is the name of the review to delete.
string review_name = 1;
// access_list_name is the name of the access list to delete the review from.
string access_list_name = 2;
}
// AccessRequestPromoteRequest is the request for promoting an access request to an access list.
message AccessRequestPromoteRequest {
// RequestID is the unique ID of the request to be promoted.
string request_id = 1;
// AccessListName is the name of the access list to promote the request to.
string access_list_name = 2;
// Reason is the access request review reason.
string reason = 3;
}
// AccessRequestPromoteResponse is the response for promoting an access request to an access list.
message AccessRequestPromoteResponse {
// AccessRequest is the updated access request.
types.AccessRequestV3 access_request = 1;
}