-
Notifications
You must be signed in to change notification settings - Fork 0
/
database.proto
235 lines (197 loc) · 8.18 KB
/
database.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
// Code generated by make; DO NOT EDIT.
syntax = "proto3";
package database.v1alpha1;
import "google/protobuf/descriptor.proto";
option go_package = "pluralsh/database-interface-spec;database";
extend google.protobuf.EnumOptions {
// Indicates that this enum is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_enum = 1116;
}
extend google.protobuf.EnumValueOptions {
// Indicates that this enum value is OPTIONAL and part of an
// experimental API that may be deprecated and eventually removed
// between minor releases.
bool alpha_enum_value = 1116;
}
extend google.protobuf.FieldOptions {
// Indicates that a field MAY contain information that is sensitive
// and MUST be treated as such (e.g. not logged).
bool database_secret = 1115;
// Indicates that this field is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_field = 1116;
}
extend google.protobuf.MessageOptions {
// Indicates that this message is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_message = 1116;
}
extend google.protobuf.MethodOptions {
// Indicates that this method is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_method = 1116;
}
extend google.protobuf.ServiceOptions {
// Indicates that this service is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_service = 1116;
}
service Identity {
// This call is meant to retrieve the unique provisioner Identity.
// This identity will have to be set in DatabaseClaim.DriverName field in order to invoke this specific provisioner.
rpc DriverGetInfo (DriverGetInfoRequest) returns (DriverGetInfoResponse) {}
}
service Provisioner {
// This call is made to create the database in the backend.
// This call is idempotent
// 1. If a database that matches both name and parameters already exists, then OK (success) must be returned.
// 2. If a database by same name, but different parameters is provided, then the appropriate error code ALREADY_EXISTS must be returned.
rpc DriverCreateDatabase (DriverCreateDatabaseRequest) returns (DriverCreateDatabaseResponse) {}
// This call is made to delete the database in the backend.
// If the database has already been deleted, then no error should be returned.
rpc DriverDeleteDatabase (DriverDeleteDatabaseRequest) returns (DriverDeleteDatabaseResponse) {}
// This call grants access to an account. The account_name in the request shall be used as a unique identifier to create credentials.
// The account_id returned in the response will be used as the unique identifier for deleting this access when calling DriverRevokeDatabaseAccess.
rpc DriverGrantDatabaseAccess (DriverGrantDatabaseAccessRequest) returns (DriverGrantDatabaseAccessResponse);
// This call revokes all access to a particular database from a principal.
rpc DriverRevokeDatabaseAccess (DriverRevokeDatabaseAccessRequest) returns (DriverRevokeDatabaseAccessResponse);
}
// S3SignatureVersion is the version of the signing algorithm for all s3 requests
enum S3SignatureVersion {
UnknownSignature = 0;
// S3V2, Signature version v2
S3V2 = 1;
// S3V4, Signature version v4
S3V4 = 2;
}
enum AnonymousDatabaseAccessMode {
UnknownDatabaseAccessMode = 0;
// Default, disallow uncredentialed access to the backend storage.
Private = 1;
// Read only, uncredentialed users can call ListDatabase and GetObject.
ReadOnly = 2;
// Write only, uncredentialed users can only call PutObject.
WriteOnly = 3;
// Read/Write, uncredentialed users can read objects as well as PutObject.
ReadWrite = 4;
}
enum AuthenticationType {
UnknownAuthenticationType = 0;
// Default, KEY based authentication.
Key = 1;
// Storageaccount based authentication.
IAM = 2;
}
message S3 {
// region denotes the geographical region where the S3 server is running
string region = 1;
// signature_version denotes the signature version for signing all s3 requests
S3SignatureVersion signature_version = 2;
}
message AzureBlob {
// storage_account is the id of the azure storage account
string storage_account = 1;
}
message GCS {
// private_key_name denotes the name of the private key in the storage backend
string private_key_name = 1;
// project_id denotes the name of the project id in the storage backend
string project_id = 2;
// service_account denotes the name of the service account in the storage backend
string service_account = 3;
}
message Protocol {
oneof type {
S3 s3 = 1;
AzureBlob azureBlob = 2;
GCS gcs = 3;
}
}
message CredentialDetails {
// map of the details in the secrets for the protocol string
map<string, string> secrets = 1;
}
message DriverGetInfoRequest {
// Intentionally left blank
}
message DriverGetInfoResponse {
// This field is REQUIRED
// The name MUST follow domain name notation format
// (https://tools.ietf.org/html/rfc1035#section-2.3.1). It SHOULD
// include the plugin's host company name and the plugin name,
// to minimize the possibility of collisions. It MUST be 63
// characters or less, beginning and ending with an alphanumeric
// character ([a-z0-9A-Z]) with dashes (-), dots (.), and
// alphanumerics between.
string name = 1;
}
message DriverCreateDatabaseRequest {
// This field is REQUIRED
// name specifies the name of the database that should be created.
string name = 1;
// This field is OPTIONAL
// The caller should treat the values in parameters as opaque.
// The receiver is responsible for parsing and validating the values.
map<string,string> parameters = 2;
}
message DriverCreateDatabaseResponse {
// database_id returned here is expected to be the globally unique
// identifier for the database in the object storage provider.
string database_id = 1;
// database_info returned here stores the data specific to the
// database required by the object storage provider to connect to the database.
Protocol database_info = 2;
}
message DriverDeleteDatabaseRequest {
// This field is REQUIRED
// database_id is a globally unique identifier for the database
// in the object storage provider
string database_id = 1;
}
message DriverDeleteDatabaseResponse {
// Intentionally left blank
}
message DriverGrantDatabaseAccessRequest {
// This field is REQUIRED
// database_id is a globally unique identifier for the database
// in the object storage provider
string database_id = 1;
// This field is REQUIRED
// name field is used to define the name of the database access object.
string name = 2;
// This field is REQUIRED
// Requested authentication type for the database access.
// Supported authentication types are KEY or IAM.
AuthenticationType authentication_type = 3;
// This field is OPTIONAL
// The caller should treat the values in parameters as opaque.
// The receiver is responsible for parsing and validating the values.
map<string,string> parameters = 4;
}
message DriverGrantDatabaseAccessResponse {
// This field is REQUIRED
// This is the account_id that is being provided access. This will
// be required later to revoke access.
string account_id = 1;
// This field is REQUIRED
// Credentials supplied for accessing the database ex: aws access key id and secret, etc.
map<string, CredentialDetails> credentials = 2;
}
message DriverRevokeDatabaseAccessRequest {
// This field is REQUIRED
// database_id is a globally unique identifier for the database
// in the object storage provider.
string database_id = 1;
// This field is REQUIRED
// This is the account_id that is having its access revoked.
string account_id = 2;
}
message DriverRevokeDatabaseAccessResponse {
// Intentionally left blank
}