Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12590 Commits
82 Branches
323 Tags
335 MiB
 
 
 
 
 
 
Tree: 5ba0db7af4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5ba0db7af4'
${ noResults }
seaweedfs/weed/pb/iam.proto

254 lines
6.4 KiB
Raw Blame History

syntax = "proto3";
package iam_pb;
option go_package = "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb";
option java_package = "seaweedfs.client";
option java_outer_classname = "IamProto";
//////////////////////////////////////////////////
service SeaweedIdentityAccessManagement {
// Configuration Management
rpc GetConfiguration (GetConfigurationRequest) returns (GetConfigurationResponse);
rpc PutConfiguration (PutConfigurationRequest) returns (PutConfigurationResponse);
// User Management
rpc CreateUser (CreateUserRequest) returns (CreateUserResponse);
rpc GetUser (GetUserRequest) returns (GetUserResponse);
rpc UpdateUser (UpdateUserRequest) returns (UpdateUserResponse);
rpc DeleteUser (DeleteUserRequest) returns (DeleteUserResponse);
rpc ListUsers (ListUsersRequest) returns (ListUsersResponse);
// Access Key Management
rpc CreateAccessKey (CreateAccessKeyRequest) returns (CreateAccessKeyResponse);
rpc DeleteAccessKey (DeleteAccessKeyRequest) returns (DeleteAccessKeyResponse);
rpc GetUserByAccessKey (GetUserByAccessKeyRequest) returns (GetUserByAccessKeyResponse);
// Policy Management
rpc PutPolicy (PutPolicyRequest) returns (PutPolicyResponse);
rpc GetPolicy (GetPolicyRequest) returns (GetPolicyResponse);
rpc ListPolicies (ListPoliciesRequest) returns (ListPoliciesResponse);
rpc DeletePolicy (DeletePolicyRequest) returns (DeletePolicyResponse);
// Service Account Management
rpc CreateServiceAccount (CreateServiceAccountRequest) returns (CreateServiceAccountResponse);
rpc UpdateServiceAccount (UpdateServiceAccountRequest) returns (UpdateServiceAccountResponse);
rpc DeleteServiceAccount (DeleteServiceAccountRequest) returns (DeleteServiceAccountResponse);
rpc GetServiceAccount (GetServiceAccountRequest) returns (GetServiceAccountResponse);
rpc ListServiceAccounts (ListServiceAccountsRequest) returns (ListServiceAccountsResponse);
rpc GetServiceAccountByAccessKey (GetServiceAccountByAccessKeyRequest) returns (GetServiceAccountByAccessKeyResponse);
}
//////////////////////////////////////////////////
// Configuration Management Messages
message GetConfigurationRequest {
}
message GetConfigurationResponse {
S3ApiConfiguration configuration = 1;
}
message PutConfigurationRequest {
S3ApiConfiguration configuration = 1;
}
message PutConfigurationResponse {
}
//////////////////////////////////////////////////
// User Management Messages
message CreateUserRequest {
Identity identity = 1;
}
message CreateUserResponse {
}
message GetUserRequest {
string username = 1;
}
message GetUserResponse {
Identity identity = 1;
}
message UpdateUserRequest {
string username = 1;
Identity identity = 2;
}
message UpdateUserResponse {
}
message DeleteUserRequest {
string username = 1;
}
message DeleteUserResponse {
}
message ListUsersRequest {
}
message ListUsersResponse {
repeated string usernames = 1;
}
//////////////////////////////////////////////////
// Access Key Management Messages
message CreateAccessKeyRequest {
string username = 1;
Credential credential = 2;
}
message CreateAccessKeyResponse {
}
message DeleteAccessKeyRequest {
string username = 1;
string access_key = 2;
}
message DeleteAccessKeyResponse {
}
message GetUserByAccessKeyRequest {
string access_key = 1;
}
message GetUserByAccessKeyResponse {
Identity identity = 1;
}
//////////////////////////////////////////////////
message S3ApiConfiguration {
repeated Identity identities = 1;
repeated Account accounts = 2;
repeated ServiceAccount service_accounts = 3;
repeated Policy policies = 4;
}
message Identity {
string name = 1;
repeated Credential credentials = 2;
repeated string actions = 3;
Account account = 4;
bool disabled = 5; // User status: false = enabled (default), true = disabled
repeated string service_account_ids = 6; // IDs of service accounts owned by this user
repeated string policy_names = 7;
}
message Credential {
string access_key = 1;
string secret_key = 2;
string status = 3; // Access key status: "Active" or "Inactive"
}
message Account {
string id = 1;
string display_name = 2;
string email_address = 3;
}
// ServiceAccount represents a service account - special credentials for applications.
// Service accounts are linked to a parent user and can have restricted permissions.
message ServiceAccount {
string id = 1; // Unique identifier (e.g., "sa-xxxxx")
string parent_user = 2; // Parent identity name
string description = 3; // Optional description
Credential credential = 4; // Access key/secret for this service account
repeated string actions = 5; // Allowed actions (subset of parent)
int64 expiration = 6; // Unix timestamp, 0 = no expiration
bool disabled = 7; // Status: false = enabled (default)
int64 created_at = 8; // Creation timestamp
string created_by = 9; // Who created this service account
}
message PutPolicyRequest {
string name = 1;
string content = 2;
}
message PutPolicyResponse {
}
message GetPolicyRequest {
string name = 1;
}
message GetPolicyResponse {
string name = 1;
string content = 2;
}
message ListPoliciesRequest {
}
message ListPoliciesResponse {
repeated Policy policies = 1;
}
message DeletePolicyRequest {
string name = 1;
}
message DeletePolicyResponse {
}
message Policy {
string name = 1;
string content = 2; // JSON content of the policy
}
//////////////////////////////////////////////////
// Service Account Messages
message CreateServiceAccountRequest {
ServiceAccount service_account = 1;
}
message CreateServiceAccountResponse {
}
message UpdateServiceAccountRequest {
string id = 1;
ServiceAccount service_account = 2;
}
message UpdateServiceAccountResponse {
}
message DeleteServiceAccountRequest {
string id = 1;
}
message DeleteServiceAccountResponse {
}
message GetServiceAccountRequest {
string id = 1;
}
message GetServiceAccountResponse {
ServiceAccount service_account = 1;
}
message ListServiceAccountsRequest {
}
message ListServiceAccountsResponse {
repeated ServiceAccount service_accounts = 1;
}
message GetServiceAccountByAccessKeyRequest {
string access_key = 1;
}
message GetServiceAccountByAccessKeyResponse {
ServiceAccount service_account = 1;
}