diff --git a/client/src/raw.rs b/client/src/raw.rs index 2432ce3c0..e4cdc187b 100644 --- a/client/src/raw.rs +++ b/client/src/raw.rs @@ -1445,6 +1445,11 @@ proxier! { (update_namespace_export_sink, cloudreq::UpdateNamespaceExportSinkRequest, cloudreq::UpdateNamespaceExportSinkResponse); (delete_namespace_export_sink, cloudreq::DeleteNamespaceExportSinkRequest, cloudreq::DeleteNamespaceExportSinkResponse); (validate_namespace_export_sink, cloudreq::ValidateNamespaceExportSinkRequest, cloudreq::ValidateNamespaceExportSinkResponse); + (update_namespace_tags, cloudreq::UpdateNamespaceTagsRequest, cloudreq::UpdateNamespaceTagsResponse); + (create_connectivity_rule, cloudreq::CreateConnectivityRuleRequest, cloudreq::CreateConnectivityRuleResponse); + (get_connectivity_rule, cloudreq::GetConnectivityRuleRequest, cloudreq::GetConnectivityRuleResponse); + (get_connectivity_rules, cloudreq::GetConnectivityRulesRequest, cloudreq::GetConnectivityRulesResponse); + (delete_connectivity_rule, cloudreq::DeleteConnectivityRuleRequest, cloudreq::DeleteConnectivityRuleResponse); } proxier! { diff --git a/core-c-bridge/src/client.rs b/core-c-bridge/src/client.rs index c6038e4ec..c84e30634 100644 --- a/core-c-bridge/src/client.rs +++ b/core-c-bridge/src/client.rs @@ -525,6 +525,11 @@ async fn call_cloud_service(client: &CoreClient, call: &RpcCallOptions) -> anyho "UpdateUserGroup" => rpc_call!(client, call, update_user_group), "UpdateUser" => rpc_call!(client, call, update_user), "ValidateNamespaceExportSink" => rpc_call!(client, call, validate_namespace_export_sink), + "UpdateNamespaceTags" => rpc_call!(client, call, update_namespace_tags), + "CreateConnectivityRule" => rpc_call!(client, call, create_connectivity_rule), + "GetConnectivityRule" => rpc_call!(client, call, get_connectivity_rule), + "GetConnectivityRules" => rpc_call!(client, call, get_connectivity_rules), + "DeleteConnectivityRule" => rpc_call!(client, call, delete_connectivity_rule), rpc => Err(anyhow::anyhow!("Unknown RPC call {}", rpc)), } } diff --git a/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS b/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS index 34ebd80f2..224ef3fc4 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS +++ b/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS @@ -3,4 +3,4 @@ # @temporalio/saas will be requested for review when # someone opens a pull request. -* @temporalio/saas +* @temporalio/crew-iam-plus diff --git a/sdk-core-protos/protos/api_cloud_upstream/README.md b/sdk-core-protos/protos/api_cloud_upstream/README.md index fc7d6a782..0cd039806 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/README.md +++ b/sdk-core-protos/protos/api_cloud_upstream/README.md @@ -15,7 +15,7 @@ To use the Cloud Ops API in your project, preform the following 4 steps: The client is expected to pass in a `temporal-cloud-api-version` header with the api version identifier with every request it makes to the apis. The backend will use the version to safely mutate resources. The `temporal:versioning:min_version` label specifies the minimum version of the API that supports the field. -Current Version `v0.4.0` +Current Version `v0.7.1` ### URL diff --git a/sdk-core-protos/protos/api_cloud_upstream/VERSION b/sdk-core-protos/protos/api_cloud_upstream/VERSION index 992ac75e2..63f2359f6 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/VERSION +++ b/sdk-core-protos/protos/api_cloud_upstream/VERSION @@ -1 +1 @@ -v0.5.1 +v0.7.1 diff --git a/sdk-core-protos/protos/api_cloud_upstream/buf.yaml b/sdk-core-protos/protos/api_cloud_upstream/buf.yaml index 0a22e2d17..90bbf2240 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/buf.yaml +++ b/sdk-core-protos/protos/api_cloud_upstream/buf.yaml @@ -3,6 +3,7 @@ name: buf.build/temporalio/cloud-api deps: - buf.build/googleapis/googleapis - buf.build/temporalio/api:v1.43.0 + breaking: use: - FILE diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto index 5c1766e00..f55c68ae1 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -18,6 +18,7 @@ import "temporal/api/cloud/nexus/v1/message.proto"; import "temporal/api/cloud/region/v1/message.proto"; import "temporal/api/cloud/account/v1/message.proto"; import "temporal/api/cloud/usage/v1/message.proto"; +import "temporal/api/cloud/connectivityrule/v1/message.proto"; message GetUsersRequest { // The requested size of the page to retrieve - optional. @@ -129,6 +130,9 @@ message CreateNamespaceRequest { // The id to use for this async operation. // Optional, if not provided a random id will be generated. string async_operation_id = 3; + // The tags to add to the namespace. + // Note: This field can be set by global admins or account owners only. + map tags = 4; } message CreateNamespaceResponse { @@ -845,3 +849,82 @@ message ValidateNamespaceExportSinkRequest { message ValidateNamespaceExportSinkResponse { } + +message UpdateNamespaceTagsRequest { + // The namespace to set tags for. + string namespace = 1; + // A list of tags to add or update. + // If a key of an existing tag is added, the tag's value is updated. + // At least one of tags_to_upsert or tags_to_remove must be specified. + map tags_to_upsert = 2; + // A list of tag keys to remove. + // If a tag key doesn't exist, it is silently ignored. + // At least one of tags_to_upsert or tags_to_remove must be specified. + repeated string tags_to_remove = 3; + // The id to use for this async operation - optional. + string async_operation_id = 4; +} + +message UpdateNamespaceTagsResponse { + // The async operation. + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + +message CreateConnectivityRuleRequest { + // The connectivity rule specification. + temporal.api.cloud.connectivityrule.v1.ConnectivityRuleSpec spec = 1; + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. + string async_operation_id = 2; +} + +message CreateConnectivityRuleResponse { + // The id of the connectivity rule that was created. + string connectivity_rule_id = 1; + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 2; +} + +message GetConnectivityRuleRequest { + // The id of the connectivity rule to get. + string connectivity_rule_id = 1; +} + +message GetConnectivityRuleResponse { + temporal.api.cloud.connectivityrule.v1.ConnectivityRule connectivity_rule = 1; +} + +message GetConnectivityRulesRequest { + // The requested size of the page to retrieve. + // Optional, defaults to 100. + int32 page_size = 1; + // The page token if this is continuing from another response. + // Optional, defaults to empty. + string page_token = 2; + // Filter connectivity rule by the namespace id. + string namespace = 3; +} + +message GetConnectivityRulesResponse { + // connectivity_rules returned + repeated temporal.api.cloud.connectivityrule.v1.ConnectivityRule connectivity_rules = 1; + // The next page token + string next_page_token = 2; +} + +message DeleteConnectivityRuleRequest { + // The ID of the connectivity rule that need be deleted, required. + string connectivity_rule_id = 1; + + // The resource version which should be the same from the the db, required + // The latest version can be found in the GetConnectivityRule operation response + string resource_version = 2; + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. + string async_operation_id = 3; +} + +message DeleteConnectivityRuleResponse { + // The async operation + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto index aa06c44a8..6fa2a2985 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto @@ -395,4 +395,41 @@ service CloudService { body: "*" }; } + + // Update the tags for a namespace + rpc UpdateNamespaceTags(UpdateNamespaceTagsRequest) returns (UpdateNamespaceTagsResponse) { + option (google.api.http) = { + post: "/cloud/namespaces/{namespace}/update-tags" + body: "*" + }; + } + + // Creates a connectivity rule + rpc CreateConnectivityRule(CreateConnectivityRuleRequest) returns (CreateConnectivityRuleResponse) { + option (google.api.http) = { + post: "/cloud/connectivity-rules" + body: "*" + }; + } + + // Gets a connectivity rule by id + rpc GetConnectivityRule(GetConnectivityRuleRequest) returns (GetConnectivityRuleResponse) { + option (google.api.http) = { + get: "/cloud/connectivity-rules/{connectivity_rule_id}" + }; + } + + // Lists connectivity rules by account + rpc GetConnectivityRules(GetConnectivityRulesRequest) returns (GetConnectivityRulesResponse) { + option (google.api.http) = { + get: "/cloud/connectivity-rules" + }; + } + + // Deletes a connectivity rule by id + rpc DeleteConnectivityRule(DeleteConnectivityRuleRequest) returns (DeleteConnectivityRuleResponse) { + option (google.api.http) = { + delete: "/cloud/connectivity-rules/{connectivity_rule_id}" + }; + } } \ No newline at end of file diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/connectivityrule/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/connectivityrule/v1/message.proto new file mode 100644 index 000000000..e04294ef7 --- /dev/null +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/connectivityrule/v1/message.proto @@ -0,0 +1,64 @@ +syntax = "proto3"; + +package temporal.api.cloud.connectivityrule.v1; + +option go_package = "go.temporal.io/api/cloud/connectivityrule/v1;connectivityrule"; +option java_package = "io.temporal.api.cloud.connectivityrule.v1"; +option java_multiple_files = true; +option java_outer_classname = "MessageProto"; +option ruby_package = "Temporalio::Api::Cloud::ConnectivityRule::V1"; +option csharp_namespace = "Temporalio.Api.Cloud.ConnectivityRule.V1"; + +import "temporal/api/cloud/resource/v1/message.proto"; +import "google/protobuf/timestamp.proto"; + +message ConnectivityRule { + reserved 3; // Removed endpoint field + + // The id of the private connectivity rule. + string id = 1; + + // The connectivity rule specification. + ConnectivityRuleSpec spec = 2; + + // The current version of the connectivity rule specification. + // The next update operation will have to include this version. + string resource_version = 4; + + temporal.api.cloud.resource.v1.ResourceState state = 5; + + // The id of the async operation that is creating/updating/deleting the connectivity rule, if any. + string async_operation_id = 6; + + // The date and time when the connectivity rule was created. + google.protobuf.Timestamp created_time = 7; +} + +// The connectivity rule specification passed in on create/update operations. +message ConnectivityRuleSpec { + oneof connection_type { + // This allows access via public internet. + PublicConnectivityRule public_rule = 1; + // This allows access via specific private vpc. + PrivateConnectivityRule private_rule = 2; + } +} + +// A public connectivity rule allows access to the namespace via the public internet. +message PublicConnectivityRule {} + +// A private connectivity rule allows connections from a specific private vpc only. +message PrivateConnectivityRule { + // Connection id provided to enforce the private connectivity. This is required both by AWS and GCP. + string connection_id = 1; + + // For GCP private connectivity service, GCP needs both GCP project id and the Private Service Connect Connection IDs + // AWS only needs the connection_id + string gcp_project_id = 2; + + // The region of the connectivity rule. This should align with the namespace. + // Example: "aws-us-west-2" + string region = 3; + + reserved 4; +} \ No newline at end of file diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto index 6d13b4908..5d79ddf20 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto @@ -13,12 +13,13 @@ import "temporal/api/cloud/resource/v1/message.proto"; import "google/protobuf/timestamp.proto"; message AccountAccess { - // The role on the account, should be one of [owner, admin, developer, financeadmin, read] + // The role on the account, should be one of [owner, admin, developer, financeadmin, read, metricsread] // owner - gives full access to the account, including users, namespaces, and billing // admin - gives full access the account, including users and namespaces // developer - gives access to create namespaces on the account // financeadmin - gives read only access and write access for billing // read - gives read only access to the account + // metricsread - gives read only access to all namespace metrics // Deprecated: Not supported after v0.3.0 api version. Use role instead. // temporal:versioning:max_version=v0.3.0 string role_deprecated = 1 [deprecated = true]; @@ -34,6 +35,7 @@ message AccountAccess { ROLE_DEVELOPER = 3; // Gives access to create namespaces on the account. ROLE_FINANCE_ADMIN = 4; // Gives read only access and write access for billing. ROLE_READ = 5; // Gives read only access to the account. + ROLE_METRICS_READ = 6; // Gives read only access to the account metrics. } } diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto index 040a69f75..e441bdb1f 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto @@ -12,6 +12,7 @@ option csharp_namespace = "Temporalio.Api.Cloud.Namespace.V1"; import "temporal/api/cloud/resource/v1/message.proto"; import "google/protobuf/timestamp.proto"; import "temporal/api/cloud/sink/v1/message.proto"; +import "temporal/api/cloud/connectivityrule/v1/message.proto"; message CertificateFilterSpec { // The common_name in the certificate. @@ -139,6 +140,11 @@ message NamespaceSpec { // The high availability configuration for the namespace. // temporal:versioning:min_version=v0.4.0 HighAvailabilitySpec high_availability = 10; + // The private connectivity configuration for the namespace. + // This will apply the connectivity rules specified to the namespace. + // temporal:versioning:min_version=v0.6.0 + repeated string connectivity_rule_ids = 11; + enum SearchAttributeType { SEARCH_ATTRIBUTE_TYPE_UNSPECIFIED = 0; @@ -218,6 +224,10 @@ message Namespace { // The status of each region where the namespace is available. // The id of the region is the key and the status is the value of the map. map region_status = 12; + // The connectivity rules that are set on this namespace. + repeated temporal.api.cloud.connectivityrule.v1.ConnectivityRule connectivity_rules = 14; + // The tags for the namespace. + map tags = 15; } message NamespaceRegionStatus { diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto index e6ca30aec..89226e198 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto @@ -47,5 +47,6 @@ message AsyncOperation { STATE_FAILED = 3; // The operation failed, check failure_reason for more details. STATE_CANCELLED = 4; // The operation was cancelled. STATE_FULFILLED = 5; // The operation was fulfilled. + STATE_REJECTED = 6; // The operation was rejected. } } diff --git a/sdk-core-protos/src/lib.rs b/sdk-core-protos/src/lib.rs index 34034dffc..36a4db6d6 100644 --- a/sdk-core-protos/src/lib.rs +++ b/sdk-core-protos/src/lib.rs @@ -1930,6 +1930,11 @@ pub mod temporal { tonic::include_proto!("temporal.api.cloud.cloudservice.v1"); } } + pub mod connectivityrule { + pub mod v1 { + tonic::include_proto!("temporal.api.cloud.connectivityrule.v1"); + } + } pub mod identity { pub mod v1 { tonic::include_proto!("temporal.api.cloud.identity.v1");