From 691d116a8f6acbef0775b5695315d814c2d54722 Mon Sep 17 00:00:00 2001 From: Manu Srivastava Date: Mon, 2 Jun 2025 22:05:47 -0400 Subject: [PATCH] init checkin --- .../.github/workflows/push-to-buf.yml | 20 ++++ .../protos/api_cloud_upstream/CODEOWNERS | 6 + .../protos/api_cloud_upstream/README.md | 23 +++- .../protos/api_cloud_upstream/VERSION | 2 +- .../protos/api_cloud_upstream/buf.lock | 9 +- .../protos/api_cloud_upstream/buf.yaml | 2 + .../cloudservice/v1/request_response.proto | 78 +++++++++++++ .../api/cloud/cloudservice/v1/service.proto | 29 +++++ .../api/cloud/identity/v1/message.proto | 110 ++++++++++++------ .../api/cloud/namespace/v1/message.proto | 60 +++++++--- .../temporal/api/cloud/nexus/v1/message.proto | 8 +- .../api/cloud/operation/v1/message.proto | 6 +- .../api/cloud/region/v1/message.proto | 6 +- 13 files changed, 295 insertions(+), 64 deletions(-) create mode 100644 sdk-core-protos/protos/api_cloud_upstream/.github/workflows/push-to-buf.yml create mode 100644 sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS diff --git a/sdk-core-protos/protos/api_cloud_upstream/.github/workflows/push-to-buf.yml b/sdk-core-protos/protos/api_cloud_upstream/.github/workflows/push-to-buf.yml new file mode 100644 index 000000000..6bc3d4c25 --- /dev/null +++ b/sdk-core-protos/protos/api_cloud_upstream/.github/workflows/push-to-buf.yml @@ -0,0 +1,20 @@ +name: Push to Buf Registry + +on: + push: + tags: + - 'v**' + branches: + - main +permissions: + contents: read +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - uses: bufbuild/buf-action@v1 + with: + version: 1.49.0 + token: ${{ secrets.BUF_TEMPORALIO_TOKEN }} diff --git a/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS b/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS new file mode 100644 index 000000000..34ebd80f2 --- /dev/null +++ b/sdk-core-protos/protos/api_cloud_upstream/CODEOWNERS @@ -0,0 +1,6 @@ +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# @temporalio/saas will be requested for review when +# someone opens a pull request. + +* @temporalio/saas diff --git a/sdk-core-protos/protos/api_cloud_upstream/README.md b/sdk-core-protos/protos/api_cloud_upstream/README.md index fd7c9ed92..fc7d6a782 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/README.md +++ b/sdk-core-protos/protos/api_cloud_upstream/README.md @@ -1,17 +1,21 @@ -# Temporal cloud api proto files (Preview) +# Temporal Cloud Operations API (Public Preview) -> These apis are currently preview only and access is restricted. They are not meant for production use and could change. Please reach out to Temporal support to request preview access. +> aka the Cloud Ops API +> These apis (proto files) are currently offered as a Public Preview. While they are production worthy, they are subject to change. Please reach out to Temporal Support if you have questions. ## How to use -Copy over the protobuf files under [temporal](temporal) directory to the project directory and then use [grpc](https://grpc.io/docs/) to compile and generate code in the desired programming language. +To use the Cloud Ops API in your project, preform the following 4 steps: +1. Copy over the protobuf files under [temporal](temporal) directory to your desired project directory +2. Use [gRPC](https://grpc.io/docs/) to compile and generate code in your desired programming language, typically handled as a part of your code build process +3. Create a client connection in your code using a Temporal Cloud API Key (see [Samples](#samples) below) +4. Use the Cloud Operations API services to automate Cloud Operations, such as creating users or namespaces ### API Version The client is expected to pass in a `temporal-cloud-api-version` header with the api version identifier with every request it makes to the apis. The backend will use the version to safely mutate resources. The `temporal:versioning:min_version` label specifies the minimum version of the API that supports the field. -Current Version: -https://github.com/temporalio/api-cloud/blob/main/VERSION#L1C1-L1C14 +Current Version `v0.4.0` ### URL @@ -22,4 +26,11 @@ saas-api.tmprl.cloud:443 ## Samples -Refer [cloud-samples-go](https://github.com/temporalio/cloud-samples-go) repository for demonstration on how a project can copy and build Go clients. +Refer to the [cloud-samples-go](https://github.com/temporalio/cloud-samples-go/blob/main/cmd/worker/README.md) sample repository for how to use the cloud ops api in Go. +> This sample demonstrates how to automate Temporal Cloud operations using Temporal Workflows that make Cloud Ops API requests within Workflow Activities ([Worker Sample README](https://github.com/temporalio/cloud-samples-go/tree/main/cmd/worker)). +> See [here](https://github.com/temporalio/cloud-samples-go/blob/60d5cbca8696c87fb184efc56f5ae117561213d2/client/api/client.go#L16) for a quick reference showing you how to connect to Temporal Cloud with an API Key for the Cloud Ops API in Go. + +Refer to the [temporal-cloud-api-client-typescript](https://github.com/steveandroulakis/temporal-cloud-api-client-typescript) sample repository for how to use the cloud ops api in Typescript. +Refer to the [temporal-cloud-api-client-java](https://github.com/steveandroulakis/temporal-cloud-api-client-java) sample repository for how to use the cloud ops api in Java. +Refer to the [temporal-cloud-api-client-kotlin](https://github.com/steveandroulakis/temporal-cloud-api-client-kotlin) sample repository for how to use the cloud ops api in Kotlin. +> The Java, Typescript, and Kotlin sample apps all provide a simple HTML UI that demonstrates how to use the Cloud Ops API to CRUD Namespaces and Users. diff --git a/sdk-core-protos/protos/api_cloud_upstream/VERSION b/sdk-core-protos/protos/api_cloud_upstream/VERSION index 22520b51d..992ac75e2 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/VERSION +++ b/sdk-core-protos/protos/api_cloud_upstream/VERSION @@ -1 +1 @@ -2024-10-01-00 +v0.5.1 diff --git a/sdk-core-protos/protos/api_cloud_upstream/buf.lock b/sdk-core-protos/protos/api_cloud_upstream/buf.lock index 3435191d3..2fdf3c98c 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/buf.lock +++ b/sdk-core-protos/protos/api_cloud_upstream/buf.lock @@ -4,5 +4,10 @@ deps: - remote: buf.build owner: googleapis repository: googleapis - commit: 711e289f6a384c4caeebaff7c6931ade - digest: shake256:e08fb55dad7469f69df00304eed31427d2d1576e9aab31e6bf86642688e04caaf0372f15fe6974cf79432779a635b3ea401ca69c943976dc42749524e4c25d94 + commit: e93e34f48be043dab55be31b4b47f458 + digest: shake256:93dbe51c27606999eef918360df509485a4d272e79aaed6d0016940379a9b06d316fc5228b7b50cca94bb310f34c5fc5955ce7474f655f0d0a224c4121dda3c1 + - remote: buf.build + owner: temporalio + repository: api + commit: 95c35fbcc7f647cbb0facec6fb60aca8 + digest: shake256:f40de31043fe8dbf433395ebd2c7fef6a395582a856da1476cf5bb8ec32c7091a2c21208590effa59715bcceceec8ab2a6331919eb260d72b1091d9c76fd535b diff --git a/sdk-core-protos/protos/api_cloud_upstream/buf.yaml b/sdk-core-protos/protos/api_cloud_upstream/buf.yaml index 69baf0fd4..0a22e2d17 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/buf.yaml +++ b/sdk-core-protos/protos/api_cloud_upstream/buf.yaml @@ -1,6 +1,8 @@ version: v1 +name: buf.build/temporalio/cloud-api deps: - buf.build/googleapis/googleapis + - buf.build/temporalio/api:v1.43.0 breaking: use: - FILE diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto index 07c024822..5c1766e00 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/request_response.proto @@ -256,6 +256,25 @@ message AddNamespaceRegionResponse { temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } +message DeleteNamespaceRegionRequest { + // The namespace to delete a region. + string namespace = 1; + // The id of the standby region to be deleted. + // The GetRegions API can be used to get the list of valid region ids. + // Example: "aws-us-west-2". + string region = 2; + // The version of the namespace for which this delete region operation is intended for. + // The latest version can be found in the GetNamespace operation response. + string resource_version = 3; + // The id to use for this async operation - optional. + string async_operation_id = 4; +} + +message DeleteNamespaceRegionResponse { + // The async operation. + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + message GetRegionsRequest { } @@ -463,11 +482,18 @@ message GetUserGroupsRequest { string display_name = 4; // Filter groups by the google group specification - optional. GoogleGroupFilter google_group = 5; + // Filter groups by the SCIM group specification - optional. + SCIMGroupFilter scim_group = 6; + message GoogleGroupFilter { // Filter groups by the google group email - optional. string email_address = 1; } + message SCIMGroupFilter { + // Filter groups by the SCIM IDP id - optional. + string idp_id = 1; + } } message GetUserGroupsResponse { @@ -556,6 +582,58 @@ message SetUserGroupNamespaceAccessResponse { temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; } +message AddUserGroupMemberRequest { + // The id of the group to add the member for. + string group_id = 1; + + // The member id to add to the group. + temporal.api.cloud.identity.v1.UserGroupMemberId member_id = 2; + + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. + string async_operation_id = 3; +} + +message AddUserGroupMemberResponse { + // The async operation. + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + +message RemoveUserGroupMemberRequest { + // The id of the group to add the member for. + string group_id = 1; + + // The member id to add to the group. + temporal.api.cloud.identity.v1.UserGroupMemberId member_id = 2; + + // The id to use for this async operation. + // Optional, if not provided a random id will be generated. + string async_operation_id = 3; +} + +message RemoveUserGroupMemberResponse { + // The async operation. + temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1; +} + +message GetUserGroupMembersRequest { + // The requested size of the page to retrieve - optional. + // Cannot exceed 1000. Defaults to 100. + int32 page_size = 1; + // The page token if this is continuing from another response - optional. + string page_token = 2; + + // The group id to list members of. + string group_id = 3; +} + +message GetUserGroupMembersResponse { + // The list of group members + repeated temporal.api.cloud.identity.v1.UserGroupMember members = 1; + // The next page's token. + string next_page_token = 2; +} + message CreateServiceAccountRequest { // The spec of the service account to create. temporal.api.cloud.identity.v1.ServiceAccountSpec spec = 1; diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto index a3e86071b..aa06c44a8 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/cloudservice/v1/service.proto @@ -128,6 +128,13 @@ service CloudService { }; } + // Delete a region from a namespace + rpc DeleteNamespaceRegion (DeleteNamespaceRegionRequest) returns (DeleteNamespaceRegionResponse) { + option (google.api.http) = { + delete: "/cloud/namespaces/{namespace}/regions/{region}", + }; + } + // Get all regions rpc GetRegions (GetRegionsRequest) returns (GetRegionsResponse) { option (google.api.http) = { @@ -261,6 +268,28 @@ service CloudService { }; } + // Add a member to the group, can only be used with Cloud group types. + rpc AddUserGroupMember(AddUserGroupMemberRequest) returns (AddUserGroupMemberResponse) { + option (google.api.http) = { + post: "/cloud/user-groups/{group_id}/members", + body: "*" + }; + } + + // Remove a member from the group, can only be used with Cloud group types. + rpc RemoveUserGroupMember(RemoveUserGroupMemberRequest) returns (RemoveUserGroupMemberResponse) { + option (google.api.http) = { + post: "/cloud/user-groups/{group_id}/remove-member", + body: "*" + }; + } + + rpc GetUserGroupMembers(GetUserGroupMembersRequest) returns (GetUserGroupMembersResponse) { + option (google.api.http) = { + get: "/cloud/user-groups/{group_id}/members", + }; + } + // Create a service account. rpc CreateServiceAccount(CreateServiceAccountRequest) returns (CreateServiceAccountResponse) { option (google.api.http) = { diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto index dbb749016..5d79ddf20 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/identity/v1/message.proto @@ -13,27 +13,29 @@ import "temporal/api/cloud/resource/v1/message.proto"; import "google/protobuf/timestamp.proto"; message AccountAccess { - // The role on the account, should be one of [owner, admin, developer, financeadmin, read] + // The role on the account, should be one of [owner, admin, developer, financeadmin, read, metricsread] // owner - gives full access to the account, including users, namespaces, and billing // admin - gives full access the account, including users and namespaces // developer - gives access to create namespaces on the account // financeadmin - gives read only access and write access for billing // read - gives read only access to the account - // Deprecated: Not supported after 2024-10-01-00 api version. Use role instead. - // temporal:versioning:max_version=2024-10-01-00 + // metricsread - gives read only access to all namespace metrics + // Deprecated: Not supported after v0.3.0 api version. Use role instead. + // temporal:versioning:max_version=v0.3.0 string role_deprecated = 1 [deprecated = true]; // The role on the account. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=role_deprecated Role role = 2; enum Role { ROLE_UNSPECIFIED = 0; - ROLE_OWNER = 1; // Gives full access to the account, including users, namespaces, and billing. - ROLE_ADMIN = 2; // Gives full access to the account, including users and namespaces. - ROLE_DEVELOPER = 3; // Gives access to create namespaces on the account. - ROLE_FINANCE_ADMIN = 4; // Gives read only access and write access for billing. - ROLE_READ = 5; // Gives read only access to the account. + ROLE_OWNER = 1; // Gives full access to the account, including users, namespaces, and billing. + ROLE_ADMIN = 2; // Gives full access to the account, including users and namespaces. + ROLE_DEVELOPER = 3; // Gives access to create namespaces on the account. + ROLE_FINANCE_ADMIN = 4; // Gives read only access and write access for billing. + ROLE_READ = 5; // Gives read only access to the account. + ROLE_METRICS_READ = 6; // Gives read only access to the account metrics. } } @@ -42,20 +44,20 @@ message NamespaceAccess { // admin - gives full access to the namespace, including assigning namespace access to other users // write - gives write access to the namespace configuration and workflows within the namespace // read - gives read only access to the namespace configuration and workflows within the namespace - // Deprecated: Not supported after 2024-10-01-00 api version. Use permission instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use permission instead. + // temporal:versioning:max_version=v0.3.0 string permission_deprecated = 1 [deprecated = true]; // The permission to the namespace. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=permission_deprecated Permission permission = 2; enum Permission { PERMISSION_UNSPECIFIED = 0; - PERMISSION_ADMIN = 1; // Gives full access to the namespace, including assigning namespace access to other users. - PERMISSION_WRITE = 2; // Gives write access to the namespace configuration and workflows within the namespace. - PERMISSION_READ = 3; // Gives read only access to the namespace configuration and workflows within the namespace. + PERMISSION_ADMIN = 1; // Gives full access to the namespace, including assigning namespace access to other users. + PERMISSION_WRITE = 2; // Gives write access to the namespace configuration and workflows within the namespace. + PERMISSION_READ = 3; // Gives read only access to the namespace configuration and workflows within the namespace. } } @@ -73,6 +75,13 @@ message Access { map namespace_accesses = 2; } +message NamespaceScopedAccess { + // The namespace the service account is assigned to - immutable. + string namespace = 1; + // The namespace access assigned to the service account - mutable. + NamespaceAccess access = 2; +} + message UserSpec { // The email address associated to the user string email = 1; @@ -96,12 +105,12 @@ message User { // The user specification UserSpec spec = 3; // The current state of the user - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 4 [deprecated = true]; // The current state of the user. // For any failed state, reach out to Temporal Cloud support for remediation. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated temporal.api.cloud.resource.v1.ResourceState state = 9; // The id of the async operation that is creating/updating/deleting the user, if any @@ -121,14 +130,29 @@ message GoogleGroupSpec { string email_address = 1; } +message SCIMGroupSpec { + // The id used in the upstream identity provider. + string idp_id = 1; +} + +message CloudGroupSpec { +} + message UserGroupSpec { // The display name of the group. string display_name = 1; // The access assigned to the group. Access access = 2; - // The specification of the google group that this group is associated with. - // For now only google groups are supported, and this field is required. - GoogleGroupSpec google_group = 3; + oneof group_type { + // The specification of the google group that this group is associated with. + GoogleGroupSpec google_group = 3; + // The specification of the SCIM group that this group is associated with. + // SCIM groups cannot be created or deleted directly, but their access can be managed. + SCIMGroupSpec scim_group = 4; + // The specification for a Cloud group. Cloud groups can manage members using + // the add and remove member APIs. + CloudGroupSpec cloud_group = 5; + } } message UserGroup { @@ -140,12 +164,12 @@ message UserGroup { // The group specification UserGroupSpec spec = 3; // The current state of the group. - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 4 [deprecated = true]; // The current state of the group. // For any failed state, reach out to Temporal Cloud support for remediation. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated temporal.api.cloud.resource.v1.ResourceState state = 8; // The id of the async operation that is creating/updating/deleting the group, if any @@ -157,6 +181,17 @@ message UserGroup { google.protobuf.Timestamp last_modified_time = 7; } +message UserGroupMemberId { + oneof member_type { + string user_id = 1; + } +} + +message UserGroupMember { + UserGroupMemberId member_id = 1; + google.protobuf.Timestamp created_time = 2; +} + message ServiceAccount { // The id of the service account. string id = 1; @@ -168,12 +203,12 @@ message ServiceAccount { // The current state of the service account. // Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted, suspending, suspendfailed, suspended. // For any failed state, reach out to Temporal Cloud support for remediation. - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 4 [deprecated = true]; // The current state of the service account. // For any failed state, reach out to Temporal Cloud support for remediation. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated temporal.api.cloud.resource.v1.ResourceState state = 8; // The id of the async operation that is creating/updating/deleting the service account, if any. @@ -189,9 +224,18 @@ message ServiceAccountSpec { // The name associated with the service account. // The name is mutable, but must be unique across all your active service accounts. string name = 1; + + // Note: one of `Access` or `NamespaceScopedAccess` must be provided, but not both. // The access assigned to the service account. + // If set, creates an account scoped service account. // The access is mutable. Access access = 2; + // The namespace scoped access assigned to the service account. + // If set, creates a namespace scoped service account (limited to a single namespace). + // The namespace scoped access is partially mutable. + // Refer to `NamespaceScopedAccess` for details. + NamespaceScopedAccess namespace_scoped_access = 4; + // The description associated with the service account - optional. // The description is mutable. string description = 3; @@ -209,11 +253,11 @@ message ApiKey { // The current state of the API key. // Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted, suspending, suspendfailed, suspended. // For any failed state, reach out to Temporal Cloud support for remediation. - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 4 [deprecated = true]; // The current state of the API key. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated temporal.api.cloud.resource.v1.ResourceState state = 8; // The id of the async operation that is creating/updating/deleting the API key, if any. @@ -234,11 +278,11 @@ message ApiKeySpec { // The type of the owner to create the API key for. // The owner type is immutable. Once set during creation, it cannot be changed. // Possible values: user, service-account. - // Deprecated: Not supported after 2024-10-01-00 api version. Use owner_type instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use owner_type instead. + // temporal:versioning:max_version=v0.3.0 string owner_type_deprecated = 2 [deprecated = true]; // The type of the owner to create the API key for. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=owner_type_deprecated OwnerType owner_type = 7; // The display name of the API key. diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto index c82ee260c..040a69f75 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/namespace/v1/message.proto @@ -33,12 +33,12 @@ message MtlsAuthSpec { // This must only be one value, but the CA can have a chain. // // (-- api-linter: core::0140::base64=disabled --) - // Deprecated: Not supported after 2024-05-13-00 api version. Use accepted_client_ca instead. - // temporal:versioning:max_version=2024-05-13-00 + // Deprecated: Not supported after v0.2.0 api version. Use accepted_client_ca instead. + // temporal:versioning:max_version=v0.2.0 string accepted_client_ca_deprecated = 1; // The ca cert(s) in PEM format that the clients can use for authentication and authorization. // This must only be one value, but the CA can have a chain. - // temporal:versioning:min_version=2024-05-13-00 + // temporal:versioning:min_version=v0.2.0 bytes accepted_client_ca = 4; // Certificate filters which, if specified, only allow connections from client certificates whose distinguished name properties match at least one of the filters. // This allows limiting access to specific end-entity certificates. @@ -46,7 +46,7 @@ message MtlsAuthSpec { repeated CertificateFilterSpec certificate_filters = 2; // Flag to enable mTLS auth (default: disabled). // Note: disabling mTLS auth will cause existing mTLS connections to fail. - // temporal:versioning:min_version=2024-05-13-00 + // temporal:versioning:min_version=v0.2.0 bool enabled = 3; } @@ -63,6 +63,31 @@ message CodecServerSpec { bool pass_access_token = 2; // Whether to include cross-origin credentials. bool include_cross_origin_credentials = 3; + // A custom error message to display for remote codec server errors. + // temporal:versioning:min_version=v0.5.1 + CustomErrorMessage custom_error_message = 4; + + message CustomErrorMessage { + // The error message to display by default for any remote codec server errors. + ErrorMessage default = 1; + + message ErrorMessage { + // A message to display. + string message = 1; + // A link that is displayed along side the configured message. + string link = 2; + } + } +} + +message LifecycleSpec { + // Flag to enable delete protection for the namespace. + bool enable_delete_protection = 1; +} + +message HighAvailabilitySpec { + // Flag to disable managed failover for the namespace. + bool disable_managed_failover = 1; } message NamespaceSpec { @@ -88,26 +113,32 @@ message NamespaceSpec { MtlsAuthSpec mtls_auth = 4; // The API key auth configuration for the namespace. // If unspecified, API keys will be disabled. - // temporal:versioning:min_version=2024-05-13-00 + // temporal:versioning:min_version=v0.2.0 ApiKeyAuthSpec api_key_auth = 7; // The custom search attributes to use for the namespace. // The name of the attribute is the key and the type is the value. // Supported attribute types: text, keyword, int, double, bool, datetime, keyword_list. // NOTE: currently deleting a search attribute is not supported. // Optional, default is empty. - // Deprecated: Not supported after 2024-10-01-00 api version. Use search_attributes instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use search_attributes instead. + // temporal:versioning:max_version=v0.3.0 map custom_search_attributes = 5 [deprecated = true]; // The custom search attributes to use for the namespace. // The name of the attribute is the key and the type is the value. // Note: currently deleting a search attribute is not supported. // Optional, default is empty. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=custom_search_attributes map search_attributes = 8; // Codec server spec used by UI to decode payloads for all users interacting with this namespace. // Optional, default is unset. CodecServerSpec codec_server = 6; + // The lifecycle configuration for the namespace. + // temporal:versioning:min_version=v0.4.0 + LifecycleSpec lifecycle = 9; + // The high availability configuration for the namespace. + // temporal:versioning:min_version=v0.4.0 + HighAvailabilitySpec high_availability = 10; enum SearchAttributeType { SEARCH_ATTRIBUTE_TYPE_UNSPECIFIED = 0; @@ -161,12 +192,12 @@ message Namespace { // The namespace specification. NamespaceSpec spec = 3; // The current state of the namespace. - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 4 [deprecated = true]; // The current state of the namespace. // For any failed state, reach out to Temporal Cloud support for remediation. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated temporal.api.cloud.resource.v1.ResourceState state = 13; // The id of the async operation that is creating/updating/deleting the namespace, if any. @@ -193,11 +224,11 @@ message NamespaceRegionStatus { // The current state of the namespace region. // Possible values: adding, active, passive, removing, failed. // For any failed state, reach out to Temporal Cloud support for remediation. - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 1 [deprecated = true]; // The current state of the namespace region. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated State state = 3; // The id of the async operation that is making changes to where the namespace is available, if any. @@ -223,7 +254,6 @@ message ExportSinkSpec { // The S3 configuration details when destination_type is S3. temporal.api.cloud.sink.v1.S3Spec s3 = 3; - // This is a feature under development. We will allow GCS sink support for GCP Namespaces. // The GCS configuration details when destination_type is GCS. temporal.api.cloud.sink.v1.GCSSpec gcs = 4; } diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/nexus/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/nexus/v1/message.proto index 358fb2068..861283a49 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/nexus/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/nexus/v1/message.proto @@ -9,6 +9,7 @@ option java_outer_classname = "MessageProto"; option ruby_package = "Temporalio::Api::Cloud::Nexus::V1"; option csharp_namespace = "Temporalio.Api.Cloud.Nexus.V1"; +import "temporal/api/common/v1/message.proto"; import "temporal/api/cloud/resource/v1/message.proto"; import "google/protobuf/timestamp.proto"; @@ -26,8 +27,13 @@ message EndpointSpec { // This field is mutable. repeated EndpointPolicySpec policy_specs = 3; + // Deprecated: Not supported after v0.4.0 api version. Use description instead. + // temporal:versioning:max_version=v0.4.0 + string description_deprecated = 4 [deprecated = true]; + // The markdown description of the endpoint - optional. - string description = 4; + // temporal:versioning:min_version=v0.4.0 + temporal.api.common.v1.Payload description = 5; } message EndpointTargetSpec { diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto index 7cd79fd02..e6ca30aec 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/operation/v1/message.proto @@ -18,11 +18,11 @@ message AsyncOperation { string id = 1; // The current state of this operation. // Possible values are: pending, in_progress, failed, cancelled, fulfilled. - // Deprecated: Not supported after 2024-10-01-00 api version. Use state instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use state instead. + // temporal:versioning:max_version=v0.3.0 string state_deprecated = 2 [deprecated = true]; // The current state of this operation. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=state_deprecated State state = 9; // The recommended duration to check back for an update in the operation's state. diff --git a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/region/v1/message.proto b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/region/v1/message.proto index 7a7be52fb..dc913fe1e 100644 --- a/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/region/v1/message.proto +++ b/sdk-core-protos/protos/api_cloud_upstream/temporal/api/cloud/region/v1/message.proto @@ -14,11 +14,11 @@ message Region { string id = 1; // The name of the cloud provider that's hosting the region. // Currently only "aws" is supported. - // Deprecated: Not supported after 2024-10-01-00 api version. Use cloud_provider instead. - // temporal:versioning:max_version=2024-10-01-00 + // Deprecated: Not supported after v0.3.0 api version. Use cloud_provider instead. + // temporal:versioning:max_version=v0.3.0 string cloud_provider_deprecated = 2 [deprecated = true]; // The cloud provider that's hosting the region. - // temporal:versioning:min_version=2024-10-01-00 + // temporal:versioning:min_version=v0.3.0 // temporal:enums:replaces=cloud_provider_deprecated CloudProvider cloud_provider = 5; // The region identifier as defined by the cloud provider.