scalekit-inc · ujjawal-sk · Dec 13, 2024 · Dec 13, 2024 · Dec 13, 2024 · Dec 13, 2024
diff --git a/proto/buf.lock b/proto/buf.lock
@@ -0,0 +1,18 @@
+# Generated by buf. DO NOT EDIT.
+version: v1
+deps:
+  - remote: buf.build
+    owner: bufbuild
+    repository: protovalidate
+    commit: b983156c5e994cc9892e0ce3e64e17e0
+    digest: shake256:fb47a62989d38c2529bcc5cd86ded43d800eb84cee82b42b9e8a9e815d4ee8134a0fb9d0ce8299b27c2d2bbb7d6ade0c4ad5a8a4d467e1e2c7ca619ae9f634e2
+  - remote: buf.build
+    owner: googleapis
+    repository: googleapis
+    commit: 7a6bc1e3207144b38e9066861e1de0ff
+    digest: shake256:d646836485c34192401253703c4e7ce899c826fceec060bf4b2a62c4749bd9976dc960833e134a1f814725e1ffd60b1bb3cf0335a7e99ef0e8cec34b070ffb66
+  - remote: buf.build
+    owner: grpc-ecosystem
+    repository: grpc-gateway
+    commit: 3f42134f4c564983838425bc43c7a65f
+    digest: shake256:3d11d4c0fe5e05fda0131afefbce233940e27f0c31c5d4e385686aea58ccd30f72053f61af432fa83f1fc11cda57f5f18ca3da26a29064f73c5a0d076bba8d92
diff --git a/proto/buf.yaml b/proto/buf.yaml
@@ -0,0 +1,13 @@
+version: v1
+name: buf.build/scalekit/scalekit
+deps:
+  - buf.build/grpc-ecosystem/grpc-gateway
+  - buf.build/bufbuild/protovalidate
+  - buf.build/googleapis/googleapis
+breaking:
+  use:
+    - FILE
+  ignore_unstable_packages: true
+lint:
+  use:
+    - MINIMAL
diff --git a/proto/scalekit/v1/clients/clients.proto b/proto/scalekit/v1/clients/clients.proto
@@ -0,0 +1,192 @@
+syntax = "proto3";
+
+package scalekit.v1.clients;
+
+import "buf/validate/validate.proto";
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+import "scalekit/v1/commons/commons.proto";
+import "scalekit/v1/options/options.proto";
+
+option go_package = "github.com/scalekit-inc/scalekit/pkg/grpc/clients";
+
+service ClientService {
+  rpc ListClient(ListClientsRequest) returns (ListClientsResponse) {
+    // FIXME how will we test this using API
+    option (scalekit.v1.options.auth_option) = {authentication_type: SESSION};
+    option (google.api.http) = {get: "/api/v1/clients"};
+  }
+
+  rpc GetClient(GetClientRequest) returns (GetClientResponse) {
+    option (scalekit.v1.options.auth_option) = {authentication_type: WORKSPACE_SESSION_CLIENT};
+    option (google.api.http) = {get: "/api/v1/clients/{client_id}"};
+  }
+
+  rpc UpdateClient(UpdateClientRequest) returns (UpdateClientResponse) {
+    option (scalekit.v1.options.auth_option) = {authentication_type: WORKSPACE_SESSION_CLIENT};
+    option (google.api.http) = {
+      put: "/api/v1/clients/{client_id}"
+      body: "client"
+      additional_bindings: {
+        patch: "/api/v1/clients/{client_id}"
+        body: "client"
+      }
+    };
+  }
+
+  rpc CreateClientSecret(CreateClientSecretRequest) returns (CreateClientSecretResponse) {
+    option (scalekit.v1.options.auth_option) = {authentication_type: WORKSPACE_SESSION_CLIENT};
+    option (google.api.http) = {post: "/api/v1/clients/{client_id}/secrets"};
+  }
+
+  rpc UpdateClientSecret(UpdateClientSecretRequest) returns (UpdateClientSecretResponse) {
+    option (scalekit.v1.options.auth_option) = {authentication_type: WORKSPACE_SESSION_CLIENT};
+    option (google.api.http) = {
+      put: "/api/v1/clients/{client_id}/secrets/{secret_id}"
+      body: "secret"
+      additional_bindings: {
+        patch: "/api/v1/clients/{client_id}/secrets/{secret_id}"
+        body: "secret"
+      }
+    };
+  }
+
+  rpc DeleteClientSecret(DeleteClientSecretRequest) returns (google.protobuf.Empty) {
+    option (scalekit.v1.options.auth_option) = {authentication_type: WORKSPACE_SESSION_CLIENT};
+    option (google.api.http) = {delete: "/api/v1/clients/{client_id}/secrets/{secret_id}"};
+  }
+}
+
+message GetClientRequest {
+  string client_id = 1 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+}
+
+message GetClientResponse {
+  Client client = 1;
+}
+
+message ListClientsRequest {}
+
+message ListClientsResponse {
+  uint32 total_size = 1;
+  repeated Client clients = 2;
+}
+
+message UpdateClientRequest {
+  string client_id = 1 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+  UpdateClient client = 2 [(buf.validate.field).required = true];
+  google.protobuf.FieldMask mask = 3;
+}
+
+message UpdateClient {
+  repeated string redirect_uris = 2 [(buf.validate.field).repeated = {
+    unique: true
+    items: {
+      string: {uri: true}
+    }
+  }];
+  optional string default_redirect_uri = 3 [(buf.validate.field).cel = {
+    id: "valid_uri"
+    message: "uri must be a valid URI"
+    expression: "this.isUri()"
+  }];
+  optional string back_channel_logout_uri = 4 [(buf.validate.field).cel = {
+    id: "valid_uri"
+    message: "uri must be a valid URI"
+    expression: "this.isUri()"
+  }];
+
+  repeated string post_logout_redirect_uris = 5 [(buf.validate.field).repeated = {
+    unique: true
+    items: {
+      string: {uri: true}
+    }
+  }];
+}
+
+message UpdateClientResponse {
+  Client client = 1;
+}
+
+message CreateClientSecretRequest {
+  string client_id = 1 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+}
+
+message CreateClientSecretResponse {
+  string plain_secret = 1;
+  ClientSecret secret = 2;
+}
+
+message UpdateClientSecretRequest {
+  string client_id = 1 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+  string secret_id = 2 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+  UpdateClientSecret secret = 3 [(buf.validate.field).required = true];
+  google.protobuf.FieldMask mask = 4;
+}
+
+message UpdateClientSecret {
+  ClientSecretStatus status = 1;
+}
+
+message UpdateClientSecretResponse {
+  ClientSecret secret = 1;
+}
+
+message DeleteClientSecretRequest {
+  string client_id = 1 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+  string secret_id = 2 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 32
+  }];
+}
+
+message Client {
+  string id = 1;
+  string keyId = 2;
+  google.protobuf.Timestamp create_time = 3;
+  google.protobuf.Timestamp update_time = 4;
+  repeated string redirect_uris = 5;
+  string default_redirect_uri = 6;
+  repeated ClientSecret secrets = 7;
+  repeated string post_logout_redirect_uris = 8;
+  optional string back_channel_logout_uri = 9;
+}
+
+message ClientSecret {
+  string id = 1;
+  google.protobuf.Timestamp create_time = 2;
+  google.protobuf.Timestamp update_time = 3;
+  string secret_suffix = 4;
+  optional string created_by = 5;
+  ClientSecretStatus status = 6;
+  google.protobuf.Timestamp expire_time = 7;
+  google.protobuf.Timestamp last_used_time = 8;
+}
+
+enum ClientSecretStatus {
+  ACTIVE = 0;
+  INACTIVE = 1;
+}
diff --git a/proto/scalekit/v1/commons/commons.proto b/proto/scalekit/v1/commons/commons.proto
@@ -0,0 +1,106 @@
+syntax = "proto3";
+
+package scalekit.v1.commons;
+
+import "buf/validate/validate.proto";
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/scalekit-inc/scalekit/pkg/grpc/commons";
+
+enum RegionCode {
+  /*
+     If the region code is unspecified the selected region will automatically be decided based on the origin of the call.
+  */
+  REGION_CODE_UNSPECIFIED = 0;
+  US = 1;
+  EU = 2;
+}
+
+enum EnvironmentType {
+  ENVIRONMENT_TYPE_UNSPECIFIED = 0;
+  PRD = 1;
+  DEV = 2;
+}
+
+message OrganizationMembership {
+  string id = 1;
+  UserStatus membership_status = 2;
+  MembershipRole role = 3;
+  optional string name = 4;
+  IdentityProviderType primary_identity_provider = 5;
+}
+
+enum UserStatus {
+  USER_STATUS_UNSPECIFIED = 0;
+  ACTIVE = 1;
+  INACTIVE = 2;
+}
+
+enum MembershipRole {
+  MEMBERSHIP_ROLE_UNSPECIFIED = 0;
+  ADMIN = 1;
+  USER = 2;
+}
+
+message UserProfile {
+  string id = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+  string first_name = 2 [(buf.validate.field).string = {max_len: 200}];
+  string last_name = 3 [(buf.validate.field).string = {max_len: 200}];
+  string name = 4;
+  string locale = 5;
+  bool email_verified = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+  map<string, string> metadata = 7 [(buf.validate.field).map = {
+    max_pairs: 30
+    keys: {
+      string: {
+        min_len: 3
+        max_len: 25
+      }
+    }
+    values: {
+      string: {
+        min_len: 1
+        max_len: 256
+      }
+    }
+  }];
+  map<string, string> custom_attributes = 8 [(buf.validate.field).map = {
+    max_pairs: 100
+    keys: {
+      string: {
+        min_len: 3
+        max_len: 25
+      }
+    }
+    values: {
+      string: {
+        min_len: 1
+        max_len: 256
+      }
+    }
+  }];
+}
+
+enum IdentityProviderType {
+  IDENTITY_PROVIDER_UNSPECIFIED = 0;
+  OKTA = 1;
+  GOOGLE = 2;
+  MICROSOFT_AD = 3;
+  AUTH0 = 4;
+  ONELOGIN = 5;
+  PING_IDENTITY = 6;
+  JUMPCLOUD = 7;
+  CUSTOM = 8;
+  GITHUB = 9;
+  GITLAB = 10;
+  LINKEDIN = 11;
+  SALESFORCE = 12;
+  MICROSOFT = 13;
+  IDP_SIMULATOR = 14;
+  SCALEKIT = 15;
+}
diff --git a/proto/scalekit/v1/connections/connection_details.md b/proto/scalekit/v1/connections/connection_details.md
@@ -0,0 +1,17 @@
+ Connection represents a unique Single Sign-on instance for an Organization. Connection has the configuration needed to establish an SSO and exchange user information securely between Scalekit and your customer's Identity Provider. Depending on the connection type parameter, the corresponding configuration details are found in `oidc_config` or `saml_config` parameter.
+
+**Connection Attributes**
+
+| Attribute Name | Attribute Description |
+|---|---|
+| `id`<br>_string_ | Unique ID of an SSO Connection. This attribute is required for all API operations to be performed against this connection.  |
+| `provider`<br>_ENUM_ | Name of the Identity Provider. Possible Values are: `OKTA`, `GOOGLE`, `MICROSOFT_AD`, `AUTH0`, `ONELOGIN`, `PING_IDENTITY`, `JUMPCLOUD`, `CUSTOM` |
+| `type`<br>_ENUM_ | Protocol type that is used for this connection. Possible values are `SAML` or `OIDC` |
+| `status`<br>_ENUM_ | Indicates the configuration progress status of the SSO Connection. Possible Values are `DRAFT`, `INPROGRESS`, `COMPLETED`. <br>_Note_: This doesn't indicate whether this connection is active or not. |
+| `enabled`<br>_boolean_ | Indicates whether this connection is active or not. Users can only login via active SSO connections. |
+| `organization_id`<br>_string_ | Organization ID to which this SSO connection belongs to. |
+| `saml_config`<br>_Object_ | If this connection is of type `SAML`, the configuration details are found in this object. |
+| `oidc_config`<br>_Object_ | If this connection is of type `OIDC`, the configuration details are found in this object. |
+| `attribute_mapping`<br>_Object_ | Array of attribute mappings using which the user information received from the Identity Provider is normalized. Example: <code> <br/>{ <br/>&nbsp;&nbsp; "email": "email",<br/>&nbsp;&nbsp; "family_name": "lastName", <br/>&nbsp;&nbsp; "given_name": "firstName",<br/>&nbsp;&nbsp;&nbsp;"sub": "nameid" <br/>} </code> |
+| `create_time` | Timestamp at which this connection record was created in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format. For Example: `2021-10-05T14:48:00.000Z` |
+| `update_time`<br>_string_ | Timestamp at which this connection record was last updated in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format. For Example: `2021-10-10T14:48:00.000Z` |