yamcs.protobuf.iam.iam.proto Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of yamcs-api Show documentation
Show all versions of yamcs-api Show documentation
Used by external clients to communicate with Yamcs
syntax = "proto2";
package yamcs.protobuf.iam;
option java_package = "org.yamcs.protobuf";
option java_outer_classname = "IamProto";
option java_multiple_files = true;
import "yamcs/api/annotations.proto";
import "yamcs/protobuf/mdb/mdb.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/empty.proto";
// Handles incoming requests related to Identity and Access Management (IAM)
service IamApi {
option (yamcs.api.label) = "IAM";
// List privileges
rpc ListPrivileges(google.protobuf.Empty) returns (ListPrivilegesResponse) {
option (yamcs.api.route) = {
get: "/api/privileges"
};
}
// List roles
rpc ListRoles(google.protobuf.Empty) returns (ListRolesResponse) {
option (yamcs.api.route) = {
get: "/api/roles"
};
}
// Get a role
rpc GetRole(GetRoleRequest) returns (RoleInfo) {
option (yamcs.api.route) = {
get: "/api/roles/{name}"
};
}
// Delete a role assignment
rpc DeleteRoleAssignment(DeleteRoleAssignmentRequest) returns (google.protobuf.Empty) {
option (yamcs.api.route) = {
delete: "/api/users/{name}/roles/{role}"
log: "Role '{role}' deleted from user {name}"
};
}
// List users
rpc ListUsers(google.protobuf.Empty) returns (ListUsersResponse) {
option (yamcs.api.route) = {
get: "/api/users"
};
}
// Get a user
rpc GetUser(GetUserRequest) returns (UserInfo) {
option (yamcs.api.route) = {
get: "/api/users/{name}"
};
}
// Create a user
rpc CreateUser(CreateUserRequest) returns (UserInfo) {
option (yamcs.api.route) = {
post: "/api/users"
body: "*"
log: "User '{name}' created"
};
}
// Update a user
rpc UpdateUser(UpdateUserRequest) returns (UserInfo) {
option (yamcs.api.route) = {
patch: "/api/users/{name}"
body: "*"
log: "User '{name}' was changed"
};
}
// Get own user
rpc GetOwnUser(google.protobuf.Empty) returns (UserInfo) {
option (yamcs.api.route) = {
get: "/api/user"
};
}
// Delete a user
rpc DeleteUser(DeleteUserRequest) returns (google.protobuf.Empty) {
option (yamcs.api.route) = {
delete: "/api/users/{name}"
log: "User '{name}' deleted"
};
}
// Delete an external identity
rpc DeleteIdentity(DeleteIdentityRequest) returns (google.protobuf.Empty) {
option (yamcs.api.route) = {
delete: "/api/users/{name}/identities/{provider}"
log: "Identity '{provider}' deleted from user '{name}'"
};
}
// List groups
rpc ListGroups(google.protobuf.Empty) returns (ListGroupsResponse) {
option (yamcs.api.route) = {
get: "/api/groups"
};
}
// Get a group
rpc GetGroup(GetGroupRequest) returns (GroupInfo) {
option (yamcs.api.route) = {
get: "/api/groups/{name}"
};
}
// Create a group
rpc CreateGroup(CreateGroupRequest) returns (GroupInfo) {
option (yamcs.api.route) = {
post: "/api/groups"
body: "*"
log: "Group '{name}' created"
};
}
// Update a group
rpc UpdateGroup(UpdateGroupRequest) returns (GroupInfo) {
option (yamcs.api.route) = {
patch: "/api/groups/{name}"
body: "*"
log: "Group '{name}' was changed"
};
}
// Delete a group
rpc DeleteGroup(DeleteGroupRequest) returns (GroupInfo) {
option (yamcs.api.route) = {
delete: "/api/groups/{name}"
log: "Group '{name}' deleted"
};
}
// List service accounts
rpc ListServiceAccounts(google.protobuf.Empty) returns (ListServiceAccountsResponse) {
option (yamcs.api.route) = {
get: "/api/service-accounts"
};
}
// Get a service account
rpc GetServiceAccount(GetServiceAccountRequest) returns (ServiceAccountInfo) {
option (yamcs.api.route) = {
get: "/api/service-accounts/{name}"
};
}
// Delete a service account
rpc DeleteServiceAccount(DeleteServiceAccountRequest) returns (google.protobuf.Empty) {
option (yamcs.api.route) = {
delete: "/api/service-accounts/{name}"
log: "Service account '{name}' deleted"
};
}
// Create a service account
rpc CreateServiceAccount(CreateServiceAccountRequest) returns (CreateServiceAccountResponse) {
option (yamcs.api.route) = {
post: "/api/service-accounts"
body: "*"
log: "Service account '{name}' created"
};
}
}
message ListUsersResponse {
repeated UserInfo users = 1;
}
message ListGroupsResponse {
repeated GroupInfo groups = 1;
}
message CreateGroupRequest {
// Group name
optional string name = 1;
// Group description
optional string description = 2;
// Usernames of users that should be added as member
repeated string users = 3;
// Names of service accounts that should be added as member
repeated string serviceAccounts = 4;
}
message GetGroupRequest {
// Group name
optional string name = 1;
}
message DeleteGroupRequest {
// Group name
optional string name = 1;
}
message UpdateGroupRequest {
message MemberInfo {
repeated string users = 1;
repeated string serviceAccounts = 2;
}
// Group name
optional string name = 1;
// New group name
optional string newName = 2;
// Group description
optional string description = 3;
// Group members
optional MemberInfo memberInfo = 4;
}
message ListServiceAccountsResponse {
repeated ServiceAccountInfo serviceAccounts = 1;
}
message GetServiceAccountRequest {
// Service account name
optional string name = 1;
}
message CreateServiceAccountRequest {
// Service account name
optional string name = 1;
}
message CreateServiceAccountResponse {
// Service account name
optional string name = 1;
optional string applicationId = 2;
optional string applicationSecret = 3;
}
message DeleteServiceAccountRequest {
// Service account name
optional string name = 1;
}
message GetUserRequest {
// Username
optional string name = 1;
}
message DeleteUserRequest {
// Username
optional string name = 1;
}
message CreateUserRequest {
// Username
optional string name = 1;
// Display name
optional string displayName = 2;
// Email address
optional string email = 3;
// User password
optional string password = 4 [(yamcs.api.field_behavior) = SECRET];
}
message UpdateUserRequest {
// Username
optional string name = 1;
// Display name
optional string displayName = 2;
// Email address
optional string email = 3;
// Whether the user may login
optional bool active = 4;
// Whether the user has all privileges
optional bool superuser = 5;
// User password
optional string password = 6 [(yamcs.api.field_behavior) = SECRET];
// Assigned roles
optional RoleAssignment roleAssignment = 7;
}
message RoleAssignment {
repeated string roles = 1;
}
message UserInfo {
// Username
optional string name = 17;
// Displayed name
optional string displayName = 18;
// Email address
optional string email = 19;
// Whether the user may login
optional bool active = 16;
// Whether the user has all privileges
optional bool superuser = 13;
// User that created this user account
optional UserInfo createdBy = 20;
// When this user was created
optional google.protobuf.Timestamp creationTime = 14;
// When this user was first activated
optional google.protobuf.Timestamp confirmationTime = 21;
// When this user last logged in
optional google.protobuf.Timestamp lastLoginTime = 15;
// System privileges
repeated string systemPrivileges = 26;
// Object privileges
repeated ObjectPrivilegeInfo objectPrivileges = 27;
// Groups that this user is member of
repeated GroupInfo groups = 22;
// External identities
repeated ExternalIdentityInfo identities = 23;
// Assigned roles
repeated RoleInfo roles = 24;
// Clearance level. If the command clearance feature is enabled,
// then this user attribute is used as an additional check whether
// the user may send certain commands.
//
// The command clearance feature is disabled by default.
optional mdb.SignificanceInfo.SignificanceLevelType clearance = 25;
}
message DeleteIdentityRequest {
// Username
optional string name = 1;
// Name of an identity provider
optional string provider = 2;
}
message ExternalIdentityInfo {
// External identity
optional string identity = 1;
// Name of the identity provider
optional string provider = 2;
}
message DeleteRoleAssignmentRequest {
// Username
optional string name = 1;
// Role name
optional string role = 2;
}
message GroupInfo {
// Group name
optional string name = 1;
// Group description
optional string description = 2;
// Users that are member of this group
repeated UserInfo users = 3;
// Service accounts that are member of this group
repeated ServiceAccountInfo serviceAccounts = 4;
}
message ServiceAccountInfo {
// Service account name
optional string name = 1;
// Displayed name
optional string displayName = 2;
// Whether the account may login
optional bool active = 3;
// User that created this user account
optional UserInfo createdBy = 4;
// When this user was created
optional google.protobuf.Timestamp creationTime = 5;
// When this account was first activated
optional google.protobuf.Timestamp confirmationTime = 6;
// When this account last logged in
optional google.protobuf.Timestamp lastLoginTime = 7;
}
message ObjectPrivilegeInfo {
// Privilege type
optional string type = 1;
// Objects of this type
repeated string objects = 3;
}
message ListPrivilegesResponse {
repeated string systemPrivileges = 1;
}
message GetRoleRequest {
// Role name
optional string name = 1;
}
message ListRolesResponse {
repeated RoleInfo roles = 1;
}
message RoleInfo {
// Role name
optional string name = 1;
// Role description
optional string description = 2;
// System privileges
repeated string systemPrivileges = 3;
// Object privileges
repeated ObjectPrivilegeInfo objectPrivileges = 4;
// Whether this role is assigned by default
optional bool default = 5;
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy