// Copyright 2019 Make.TV Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package tv.make.api; import "rbac/role.proto"; import "rbac/policy.proto"; import "google/api/annotations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/field_mask.proto"; option go_package = "git.ltnglobal.com/make.tv/genproto/api;api"; service Rbac { // Role APIs // --------- // Lists roles in a team. rpc ListRoles(ListRolesRequest) returns (ListRolesResponse) { option (google.api.http) = { get: "/v1/teams/{team_id}/rbac/roles" }; } // Gets a role. rpc GetRole(GetRoleRequest) returns (Role) { option (google.api.http) = { get: "/v1/teams/{team_id}/rbac/roles/{role_id}" }; } // Creates a role. rpc CreateRole(CreateRoleRequest) returns (Role) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles" body: "role" }; } // Updates a role. rpc UpdateRole(UpdateRoleRequest) returns (Role) { option (google.api.http) = { patch: "/v1/teams/{role.team_id}/rbac/roles/{role.id}" body: "role" }; } // Deletes a role. rpc DeleteRole(DeleteRoleRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/teams/{team_id}/rbac/roles/{role_id}" }; } // Gets a batch of roles. rpc BatchGetRoles(BatchGetRolesRequest) returns (BatchGetRolesResponse) { option (google.api.http) = { get: "/v1/teams/-/rbac/roles:batchGet" }; } // Add a policy to a role. rpc AddPolicyToRole (AddPolicyToRoleRequest) returns (AddPolicyToRoleResponse) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles/{role_id}:addPolicy" body: "*" }; } // Remove a policy from a role. rpc RemovePolicyFromRole (RemovePolicyFromRoleRequest) returns (RemovePolicyFromRoleResponse) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles/{role_id}:removePolicy" body: "*" }; } // Add a user to a role. rpc AddUserToRole (AddUserToRoleRequest) returns (AddUserToRoleResponse) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles/{role_id}:addUser" body: "*" }; } // Remove a user from a role. rpc RemoveUserFromRole (RemoveUserFromRoleRequest) returns (RemoveUserFromRoleResponse) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles/{role_id}:removeUser" body: "*" }; } // Add a client to a role. rpc AddClientToRole (AddClientToRoleRequest) returns (AddClientToRoleResponse) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles/{role_id}:addClient" body: "*" }; } // Remove a client from a role. rpc RemoveClientFromRole (RemoveClientFromRoleRequest) returns (RemoveClientFromRoleResponse) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/roles/{role_id}:removeClient" body: "*" }; } // Policy APIs // ----------- // Lists policies in a team. rpc ListPolicies(ListPoliciesRequest) returns (ListPoliciesResponse) { option (google.api.http) = { get: "/v1/teams/{team_id}/rbac/policies" }; } // Gets a policy. rpc GetPolicy(GetPolicyRequest) returns (Policy) { option (google.api.http) = { get: "/v1/teams/{team_id}/rbac/policies/{policy_id}" }; } // Creates a policy. rpc CreatePolicy(CreatePolicyRequest) returns (Policy) { option (google.api.http) = { post: "/v1/teams/{team_id}/rbac/policies" body: "policy" }; } // Updates a policy. rpc UpdatePolicy(UpdatePolicyRequest) returns (Policy) { option (google.api.http) = { patch: "/v1/teams/{policy.team_id}/rbac/policies/{policy.id}" body: "policy" }; } // Deletes a policy. rpc DeletePolicy(DeletePolicyRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/v1/teams/{team_id}/rbac/policies/{policy_id}" }; } // Gets a batch of policies. rpc BatchGetPolicies(BatchGetPoliciesRequest) returns (BatchGetPoliciesResponse) { option (google.api.http) = { get: "/v1/teams/-/rbac/policies:batchGet" }; } } // CRUD for Role // ------------- // Request message for [ListRoles][tv.make.api.RBACService.ListRoles]. message ListRolesRequest { // The unique identifier of the team owning the roles. string team_id = 1; // The maximum number of items to return. int32 page_size = 2; // The next_page_token value returned from a previous List request, if any. string page_token = 3; // Specifies the result ordering for List requests. string order_by = 4; } // Response message for [ListRoles][tv.make.api.RBACService.ListRoles]. message ListRolesResponse { // The list of roles. repeated Role roles = 1; // Token to retrieve the next page of results, or empty if there are no // more results in the list. string next_page_token = 2; } // Request message for [GetRoleRequest][tv.make.api.RBACService.GetRoleRequest]. message GetRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the team owning the role. string team_id = 2; } // Request message for [CreateRole][tv.make.api.RBACService.CreateRole]. message CreateRoleRequest { // The unique identifier of the team owning the role. string team_id = 1; // The role to create. Role role = 2; } // Request message for [UpdateRole][tv.make.api.RBACService.UpdateRole]. message UpdateRoleRequest { // The role resource which replaces the resource on the server. Role role = 1; // The update mask applies to the resource. For the `FieldMask` definition, // see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask google.protobuf.FieldMask update_mask = 2; } // Request message for [DeleteRole][tv.make.api.RBACService.DeleteRole]. message DeleteRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the team owning the role. string team_id = 2; } // Request message for [BatchGetRoles][tv.make.api.RBACService.BatchGetRoles]. message BatchGetRolesRequest { // The unique identifier of the roles to retrieve. repeated string role_ids = 1; // The unique identifier of the teams owning the roles. repeated string team_ids = 2; } // Response message for [BatchGetRoles][tv.make.api.OutputService.BatchGetRoles]. message BatchGetRolesResponse { // The list of roles. repeated Role roles = 1; } // Custom Role Messages // -------------------- message AddPolicyToRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the policy. string policy_id = 2; // The unique identifier of the team owning both the role and the policy. string team_id = 3; } message AddPolicyToRoleResponse {} message RemovePolicyFromRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the policy. string policy_id = 2; // The unique identifier of the team owning both the role and the policy. string team_id = 3; } message RemovePolicyFromRoleResponse {} message AddUserToRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the user. string user_id = 2; // The unique identifier of the team owning the role. string team_id = 3; } message AddUserToRoleResponse {} message RemoveUserFromRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the user. string user_id = 2; // The unique identifier of the team owning the role. string team_id = 3; } message RemoveUserFromRoleResponse {} message AddClientToRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the client. string client_id = 2; // The unique identifier of the team owning the role. string team_id = 3; } message AddClientToRoleResponse {} message RemoveClientFromRoleRequest { // The unique identifier of the role. string role_id = 1; // The unique identifier of the client. string client_id = 2; // The unique identifier of the team owning the role. string team_id = 3; } message RemoveClientFromRoleResponse {} // CRUD for Policy // --------------- // Request message for [ListPolicies][tv.make.api.RBACService.ListPolicies]. message ListPoliciesRequest { // The unique identifier of the team owning the policies. string team_id = 1; // The maximum number of items to return. int32 page_size = 2; // The next_page_token value returned from a previous List request, if any. string page_token = 3; // Specifies the result ordering for List requests. string order_by = 4; } // Response message for [ListPolicies][tv.make.api.RBACService.ListPolicies]. message ListPoliciesResponse { // The list of policies. repeated Policy policies = 1; // Token to retrieve the next page of results, or empty if there are no // more results in the list. string next_page_token = 2; } // Request message for [GetPolicyRequest][tv.make.api.RBACService.GetPolicyRequest]. message GetPolicyRequest { // The unique identifier of the policy. string policy_id = 1; // The unique identifier of the team owning the policy. string team_id = 2; } // Request message for [CreatePolicy][tv.make.api.RBACService.CreatePolicy]. message CreatePolicyRequest { // The unique identifier of the team owning the policy. string team_id = 1; // The policy to create. Policy policy = 2; } // Request message for [UpdatePolicy][tv.make.api.RBACService.UpdatePolicy]. message UpdatePolicyRequest { // The policy resource which replaces the resource on the server. Policy policy = 1; // The update mask applies to the resource. For the `FieldMask` definition, // see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask google.protobuf.FieldMask update_mask = 2; } // Request message for [DeletePolicy][tv.make.api.RBACService.DeletePolicy]. message DeletePolicyRequest { // The unique identifier of the policy. string policy_id = 1; // The unique identifier of the team owning the role. string team_id = 2; } // Request message for [BatchGetPolicies][tv.make.api.RBACService.BatchGetPolicies]. message BatchGetPoliciesRequest { // The unique identifier of the policies to retrieve. repeated string policy_ids = 1; // The unique identifier of the teams owning the polices. repeated string team_ids = 2; } // Response message for [BatchGetPolicies][tv.make.api.OutputService.BatchGetPolicies]. message BatchGetPoliciesResponse { // The list of policies. repeated Policy policies = 1; }